public function addToExternalSettingsForm($a_form_id)
{
switch ($a_form_id) {
case ilAdministrationSettingsFormHandler::FORM_SECURITY:
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
$fields = array();
$subitems = array('ps_password_change_on_first_login_enabled' => array($security->isPasswordChangeOnFirstLoginEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL), 'ps_password_must_not_contain_loginame' => array((bool) $security->getPasswordMustNotContainLoginnameStatus(), ilAdministrationSettingsFormHandler::VALUE_BOOL), 'ps_password_chars_and_numbers_enabled' => array($security->isPasswordCharsAndNumbersEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL), 'ps_password_special_chars_enabled' => array($security->isPasswordSpecialCharsEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL), 'ps_password_min_length' => (int) $security->getPasswordMinLength(), 'ps_password_max_length' => (int) $security->getPasswordMaxLength(), 'ps_password_uppercase_chars_num' => (int) $security->getPasswordNumberOfUppercaseChars(), 'ps_password_lowercase_chars_num' => (int) $security->getPasswordNumberOfLowercaseChars(), 'ps_password_max_age' => (int) $security->getPasswordMaxAge());
$fields['ps_password_settings'] = array(null, null, $subitems);
$subitems = array('ps_login_max_attempts' => (int) $security->getLoginMaxAttempts(), 'ps_prevent_simultaneous_logins' => array($security->isPreventionOfSimultaneousLoginsEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL));
$fields['ps_security_protection'] = array(null, null, $subitems);
return array(array("generalSettings", $fields));
}
}
/**
* Save security settings
*
* @access public
*
*/
public function save_security()
{
global $ilErr, $ilAccess, $ilSetting, $rbacreview, $ilUser;
if (!$ilAccess->checkAccess('write', '', $this->object->getRefId())) {
$ilErr->raiseError($this->lng->txt('no_permission'), $ilErr->WARNING);
}
$security = ilSecuritySettings::_getInstance();
// auto https detection settings
$security->setAutomaticHTTPSEnabled((int) $_POST["auto_https_detect_enabled"]);
$security->setAutomaticHTTPSHeaderName(ilUtil::stripSlashes($_POST["auto_https_detect_header_name"]));
$security->setAutomaticHTTPSHeaderValue(ilUtil::stripSlashes($_POST["auto_https_detect_header_value"]));
// prevention of simultaneous logins with the same account
$security->setPreventionOfSimultaneousLogins((bool) $_POST['ps_prevent_simultaneous_logins']);
// ilias https handling settings
$security->setHTTPSEnabled($_POST["https_enabled"]);
// account security settings
$security->setAccountSecurityMode((int) $_POST["account_security_mode"]);
$security->setPasswordCharsAndNumbersEnabled((bool) $_POST["password_chars_and_numbers_enabled"]);
$security->setPasswordSpecialCharsEnabled((bool) $_POST["password_special_chars_enabled"]);
$security->setPasswordMinLength((int) $_POST["password_min_length"]);
$security->setPasswordMaxLength((int) $_POST["password_max_length"]);
$security->setPasswordMaxAge((int) $_POST["password_max_age"]);
$security->setLoginMaxAttempts((int) $_POST["login_max_attempts"]);
// change password on first login settings
$security->setPasswordChangeOnFirstLoginEnabled((bool) $_POST['password_change_on_first_login_enabled']);
// file suffic replacements
$ilSetting->set("suffix_repl_additional", $_POST["suffix_repl_additional"]);
// validate settings
if ($rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)) {
$security->protectedAdminRole((int) $_POST['admin_role']);
}
$code = $security->validate();
// if error code != 0, display error and do not save
if ($code != 0) {
$msg = $this->getErrorMessage($code);
ilUtil::sendFailure($msg);
} else {
$security->save();
ilUtil::sendSuccess($this->lng->txt('settings_saved'));
}
$this->showSecurity();
}
public function addToExternalSettingsForm($a_form_id)
{
switch ($a_form_id) {
case ilAdministrationSettingsFormHandler::FORM_SECURITY:
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
$subitems = null;
$fields['activate_https'] = array($security->isHTTPSEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL);
return array("general_settings" => array("showHTTPS", $fields));
}
}
function initIlias($context = "web")
{
global $ilDB, $ilUser, $ilLog, $ilErr, $ilClientIniFile, $ilIliasIniFile, $ilSetting, $ilias, $https, $ilObjDataCache, $ilLog, $objDefinition, $lng, $ilCtrl, $ilBrowser, $ilHelp, $ilTabs, $ilMainMenu, $rbacsystem, $ilNavigationHistory;
// remove unsafe characters
$this->removeUnsafeCharacters();
// error reporting
// remove notices from error reporting
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
error_reporting(ini_get("error_reporting") & ~E_NOTICE & ~E_DEPRECATED);
} else {
error_reporting(ini_get('error_reporting') & ~E_NOTICE);
}
// include common code files
$this->requireCommonIncludes();
global $ilBench;
// set error handler (to do: check preconditions for error handler to work)
$ilBench->start("Core", "HeaderInclude_GetErrorHandler");
$ilErr = new ilErrorHandling();
$GLOBALS['ilErr'] =& $ilErr;
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, 'errorHandler'));
$ilBench->stop("Core", "HeaderInclude_GetErrorHandler");
// prepare file access to work with safe mode (has been done in class ilias before)
umask(0117);
// set cookie params
$this->setCookieParams();
// $ilIliasIniFile initialisation
$this->initIliasIniFile();
// CLIENT_ID determination
$this->determineClient();
// $ilAppEventHandler initialisation
$this->initEventHandling();
// $ilClientIniFile initialisation
$this->initClientIniFile();
// removed redirection madness the service should respond with SERVICE UNAVAILABLE
// $ilDB initialisation
$this->initDatabase();
// init plugin admin class
include_once "Services/Component/classes/class.ilPluginAdmin.php";
$ilPluginAdmin = new ilPluginAdmin();
$GLOBALS['ilPluginAdmin'] = $ilPluginAdmin;
// set session handler
$this->setSessionHandler();
// $ilSetting initialisation
$this->initSettings();
// $ilLog initialisation
$this->initLog();
// $https initialisation
require_once 'classes/class.ilHTTPS.php';
$https = new ilHTTPS();
$GLOBALS['https'] =& $https;
$https->enableSecureCookies();
$https->checkPort();
if ($this->returnBeforeAuth()) {
return;
}
$ilCtrl = new ilCtrl2();
$GLOBALS['ilCtrl'] =& $ilCtrl;
// $ilAuth initialisation
include_once "Services/Authentication/classes/class.ilAuthUtils.php";
ilAuthUtils::_initAuth();
global $ilAuth;
$this->includePhp5Compliance();
// Do not accept external session ids
if (!ilSession::_exists(session_id())) {
// $_GET["PHPSESSID"] = "";
session_regenerate_id();
}
// $ilias initialisation
global $ilias, $ilBench;
$ilBench->start("Core", "HeaderInclude_GetILIASObject");
$ilias = new ILIAS();
$GLOBALS['ilias'] =& $ilias;
$ilBench->stop("Core", "HeaderInclude_GetILIASObject");
// $ilObjDataCache initialisation
$ilObjDataCache = new ilObjectDataCache();
$GLOBALS['ilObjDataCache'] =& $ilObjDataCache;
// workaround: load old post variables if error handler 'message' was called
if (isset($_SESSION["message"]) && $_SESSION["message"]) {
$_POST = $_SESSION["post_vars"];
}
// put debugging functions here
require_once "include/inc.debug.php";
// $objDefinition initialisation
$ilBench->start("Core", "HeaderInclude_getObjectDefinitions");
$objDefinition = new ilObjectDefinition();
$GLOBALS['objDefinition'] =& $objDefinition;
// $objDefinition->startParsing();
$ilBench->stop("Core", "HeaderInclude_getObjectDefinitions");
// init tree
$tree = new ilTree(ROOT_FOLDER_ID);
$GLOBALS['tree'] =& $tree;
// $ilAccess and $rbac... initialisation
$this->initAccessHandling();
// authenticate & start session
PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, "errorHandler"));
$ilBench->start("Core", "HeaderInclude_Authentication");
//var_dump($_SESSION);
////require_once('Log.php');
////$ilAuth->logger = Log::singleton('error_log',PEAR_LOG_TYPE_SYSTEM,'TEST');
////$ilAuth->enableLogging = true;
if (!defined("IL_PHPUNIT_TEST")) {
$oldSid = session_id();
$ilAuth->start();
$newSid = session_id();
include_once 'Services/Payment/classes/class.ilPaymentShoppingCart.php';
ilPaymentShoppingCart::_migrateShoppingCart($oldSid, $newSid);
}
//var_dump($_SESSION);
$ilias->setAuthError($ilErr->getLastError());
$ilBench->stop("Core", "HeaderInclude_Authentication");
// workaround: force login
if (!empty($_GET["cmd"]) && $_GET["cmd"] == "force_login" || $this->script == "login.php") {
$ilAuth->logout();
if (!isset($_GET['forceShoppingCartRedirect'])) {
$_SESSION = array();
}
$_SESSION["AccountId"] = "";
$ilAuth->start();
$ilias->setAuthError($ilErr->getLastError());
}
// check correct setup
if (!$ilias->getSetting("setup_ok")) {
die("Setup is not completed. Please run setup routine again.");
}
// $ilUser initialisation (1)
$ilBench->start("Core", "HeaderInclude_getCurrentUser");
$ilUser = new ilObjUser();
$ilias->account =& $ilUser;
$GLOBALS['ilUser'] =& $ilUser;
$ilBench->stop("Core", "HeaderInclude_getCurrentUser");
// $ilCtrl initialisation
//$ilCtrl = new ilCtrl();
// determin current script and up-path to main directory
// (sets $this->script and $this->updir)
$this->determineScriptAndUpDir();
// $styleDefinition initialisation and style handling for login and co.
$this->initStyle();
if (in_array($this->script, array("login.php", "register.php", "view_usr_agreement.php")) || $_GET["baseClass"] == "ilStartUpGUI") {
$this->handleStyle();
}
// init locale
$this->initLocale();
// handle ILIAS 2 imported users:
// check ilias 2 password, if authentication failed
// only if AUTH_LOCAL
//echo "A";
if (AUTH_CURRENT == AUTH_LOCAL && !$ilAuth->getAuth() && $this->script == "login.php" && $_POST["username"] != "") {
if (ilObjUser::_lookupHasIlias2Password(ilUtil::stripSlashes($_POST["username"]))) {
if (ilObjUser::_switchToIlias3Password(ilUtil::stripSlashes($_POST["username"]), ilUtil::stripSlashes($_POST["password"]))) {
$ilAuth->start();
$ilias->setAuthError($ilErr->getLastError());
ilUtil::redirect("index.php");
}
}
}
//
// SUCCESSFUL AUTHENTICATION
//
if ($ilAuth->getStatus() == '' && $ilias->account->isCurrentUserActive() || defined("IL_PHPUNIT_TEST") && DEVMODE) {
//echo "C"; exit;
$ilBench->start("Core", "HeaderInclude_getCurrentUserAccountData");
//var_dump($_SESSION);
// get user data
$this->initUserAccount();
//var_dump($_SESSION);
// differentiate account security mode
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security_settings = ilSecuritySettings::_getInstance();
if ($security_settings->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
// reset counter for failed logins
ilObjUser::_resetLoginAttempts($ilUser->getId());
}
$ilBench->stop("Core", "HeaderInclude_getCurrentUserAccountData");
} else {
if (!$ilAuth->getAuth()) {
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
// differentiate account security mode
$security = ilSecuritySettings::_getInstance();
if ($security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
if (isset($_POST['username']) && $_POST['username'] && $ilUser->getId() == 0) {
$username = ilUtil::stripSlashes($_POST['username']);
$usr_id = ilObjUser::_lookupId($username);
if ($usr_id != ANONYMOUS_USER_ID) {
ilObjUser::_incrementLoginAttempts($usr_id);
$login_attempts = ilObjUser::_getLoginAttempts($usr_id);
$max_attempts = $security->getLoginMaxAttempts();
if ($login_attempts >= $max_attempts && $usr_id != SYSTEM_USER_ID && $max_attempts > 0) {
ilObjUser::_setUserInactive($usr_id);
}
}
}
}
}
}
//
// SUCCESSFUL AUTHENTICATED or NON-AUTH-AREA (Login, Registration, ...)
//
// $lng initialisation
$this->initLanguage();
// store user language in tree
$GLOBALS['tree']->initLangCode();
// ### AA 03.10.29 added new LocatorGUI class ###
// when locator data array does not exist, initialise
if (!isset($_SESSION["locator_level"])) {
$_SESSION["locator_data"] = array();
$_SESSION["locator_level"] = -1;
}
// initialise global ilias_locator object
// ECS Tasks
include_once 'Services/WebServices/ECS/classes/class.ilECSTaskScheduler.php';
$scheduler = ilECSTaskScheduler::start();
$ilBench->stop("Core", "HeaderInclude");
}
/**
* Generate a number of passwords
*
* @static
*
*/
public static function generatePasswords($a_number)
{
$ret = array();
srand((double) microtime() * 1000000);
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
for ($i = 1; $i <= $a_number; $i++) {
$min = $security->getPasswordMinLength() > 0 ? $security->getPasswordMinLength() : 6;
$max = $security->getPasswordMaxLength() > 0 ? $security->getPasswordMaxLength() : 10;
if ($min > $max) {
$max = $max + 1;
}
$length = rand($min, $max);
$next = rand(1, 2);
$vowels = "aeiou";
$consonants = "bcdfghjklmnpqrstvwxyz";
$numbers = "1234567890";
$special = "_.+?#-*@!\$%~";
$pw = "";
// position for number
if ($security->isPasswordCharsAndNumbersEnabled()) {
$num_pos = rand(0, $length - 1);
}
// position for special character
if ($security->isPasswordSpecialCharsEnabled()) {
$spec_pos = rand(0, $length - 1);
if ($security->isPasswordCharsAndNumbersEnabled()) {
if ($num_pos == $spec_pos) {
if ($spec_pos > 0) {
$spec_pos -= 1;
} else {
$spec_pos += 1;
}
}
}
}
for ($j = 0; $j < $length; $j++) {
if ($security->isPasswordCharsAndNumbersEnabled() && $num_pos == $j) {
$pw .= $numbers[rand(0, strlen($numbers) - 1)];
} else {
if ($security->isPasswordSpecialCharsEnabled() && $spec_pos == $j) {
$pw .= $special[rand(0, strlen($special) - 1)];
} else {
switch ($next) {
case 1:
$pw .= $consonants[rand(0, strlen($consonants) - 1)];
$next = 2;
break;
case 2:
$pw .= $vowels[rand(0, strlen($vowels) - 1)];
$next = 1;
break;
}
}
}
}
$ret[] = $pw;
}
return $ret;
}
/**
* display user assignment panel
*/
function userassignmentObject()
{
global $rbacreview, $rbacsystem, $lng, $ilUser;
//if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
}
$this->tabs_gui->setTabActive('user_assignment');
$this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'Services/AccessControl');
include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
$tb = new ilToolbarGUI();
// protected admin role
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
if ($this->object->getId() != SYSTEM_ROLE_ID || (!$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID) or !ilSecuritySettings::_getInstance()->isAdminRoleProtected())) {
// add member
include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
ilRepositorySearchGUI::fillAutoCompleteToolbar($this, $tb, array('auto_complete_name' => $lng->txt('user'), 'submit_name' => $lng->txt('add')));
/*
// add button
$tb->addFormButton($lng->txt("add"), "assignUser");
*/
$tb->addSpacer();
$tb->addButton($this->lng->txt('search_user'), $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start'));
$tb->addSpacer();
}
$tb->addButton($this->lng->txt('role_mailto'), $this->ctrl->getLinkTarget($this, 'mailToRole'));
$this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$role_assignment_editable = true;
if ($this->object->getId() == SYSTEM_ROLE_ID && !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId())) {
$role_assignment_editable = false;
}
include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
$ut = new ilAssignedUsersTableGUI($this, 'userassignment', $this->object->getId(), $role_assignment_editable);
$this->tpl->setVariable('TABLE_UA', $ut->getHTML());
return true;
}
/**
* Called after failed login
* @return
* @param array $a_username
* @param object $a_auth
*/
protected function failedLoginObserver($a_username, $a_auth)
{
global $ilLog;
$ilLog->write(__METHOD__ . ': login failed for user ' . $a_username . ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] . ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']);
if ($a_username) {
$usr_id = ilObjUser::_lookupId($a_username);
if (!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID))) {
ilObjUser::_incrementLoginAttempts($usr_id);
$login_attempts = ilObjUser::_getLoginAttempts($usr_id);
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
$max_attempts = $security->getLoginMaxAttempts();
if ((int) $max_attempts && $login_attempts >= $max_attempts) {
ilObjUser::_setUserInactive($usr_id);
}
}
}
return $this->getContainer()->failedLoginObserver($a_username, $a_auth);
}
public function isPasswordExpired()
{
//error_reporting(E_ALL);
if ($this->id == ANONYMOUS_USER_ID) {
return false;
}
require_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
if ($this->getLastPasswordChangeTS() > 0) {
$max_pass_age = $security->getPasswordMaxAge();
if ($max_pass_age > 0) {
$max_pass_age_ts = $max_pass_age * 86400;
$pass_change_ts = $this->getLastPasswordChangeTS();
$current_ts = time();
if ($current_ts - $pass_change_ts > $max_pass_age_ts) {
return true;
}
}
}
return false;
}
public function addToExternalSettingsForm($a_form_id)
{
switch ($a_form_id) {
case ilAdministrationSettingsFormHandler::FORM_SECURITY:
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
$subitems = null;
if ($security->isAutomaticHTTPSEnabled()) {
$subitems = array('ps_auto_https_header_name' => $security->getAutomaticHTTPSHeaderName(), 'ps_auto_https_header_value' => $security->getAutomaticHTTPSHeaderValue());
}
$fields = array('ps_auto_https' => array($security->isAutomaticHTTPSEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL, $subitems));
$fields['activate_https'] = array($security->isHTTPSEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL);
return array("general_settings" => array("showHTTPS", $fields));
}
}
/**
* Generate a number of passwords
*
* @static
*
*/
public static function generatePasswords($a_number)
{
$ret = array();
srand((double) microtime() * 1000000);
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
for ($i = 1; $i <= $a_number; $i++) {
$min = $security->getPasswordMinLength() > 0 ? $security->getPasswordMinLength() : 6;
$max = $security->getPasswordMaxLength() > 0 ? $security->getPasswordMaxLength() : 10;
if ($min > $max) {
$max = $max + 1;
}
$length = rand($min, $max);
$next = rand(1, 2);
$vowels = "aeiou";
$vowels_uc = strtoupper($vowels);
$consonants = "bcdfghjklmnpqrstvwxyz";
$consonants_uc = strtoupper($consonants);
$numbers = "1234567890";
$special = "_.+?#-*@!\$%~";
$pw = "";
if ($security->getPasswordNumberOfUppercaseChars() > 0) {
for ($j = 0; $j < $security->getPasswordNumberOfUppercaseChars(); $j++) {
switch ($next) {
case 1:
$pw .= $consonants_uc[rand(0, strlen($consonants_uc) - 1)];
$next = 2;
break;
case 2:
$pw .= $vowels_uc[rand(0, strlen($vowels_uc) - 1)];
$next = 1;
break;
}
}
}
if ($security->isPasswordCharsAndNumbersEnabled()) {
$pw .= $numbers[rand(0, strlen($numbers) - 1)];
}
if ($security->isPasswordSpecialCharsEnabled()) {
$pw .= $special[rand(0, strlen($special) - 1)];
}
$num_lcase_chars = max($security->getPasswordNumberOfLowercaseChars(), $length - strlen($pw));
for ($j = 0; $j < $num_lcase_chars; $j++) {
switch ($next) {
case 1:
$pw .= $consonants[rand(0, strlen($consonants) - 1)];
$next = 2;
break;
case 2:
$pw .= $vowels[rand(0, strlen($vowels) - 1)];
$next = 1;
break;
}
}
$pw = str_shuffle($pw);
$ret[] = $pw;
}
return $ret;
}
/**
* Get instance of ilSecuritySettings
*
* @return ilSecuritySettings instance
* @access public
*
*/
public static function _getInstance()
{
if (is_object(self::$instance)) {
return self::$instance;
}
return self::$instance = new ilSecuritySettings();
}
/**
* Show Privacy settings
*
* @access public
*/
public function showSecurity()
{
global $ilSetting, $ilUser, $rbacreview;
include_once "./Services/Form/classes/class.ilPropertyFormGUI.php";
$security = ilSecuritySettings::_getInstance();
$this->tabs_gui->setTabActive('show_security');
$form = new ilPropertyFormGUI();
$form->setFormAction($this->ctrl->getFormAction($this));
$form->setTitle($this->lng->txt('ps_security_protection'));
include_once "Services/Administration/classes/class.ilAdministrationSettingsFormHandler.php";
ilAdministrationSettingsFormHandler::addFieldsToForm(ilAdministrationSettingsFormHandler::FORM_SECURITY, $form, $this);
// $form->addCommandButton('save_security',$this->lng->txt('save'));
$this->tpl->setContent($form->getHTML());
}
/**
* display roleassignment panel
*
* @access public
*/
function roleassignmentObject()
{
global $rbacreview, $rbacsystem, $ilUser, $ilTabs;
$ilTabs->activateTab("role_assignment");
if (!$rbacsystem->checkAccess("edit_roleassignment", $this->usrf_ref_id)) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_role_to_user"), $this->ilias->error_obj->MESSAGE);
}
$_SESSION['filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['filtered_roles'];
if ($_SESSION['filtered_roles'] > 5) {
$_SESSION['filtered_roles'] = 0;
}
$this->tpl->addBlockfile('ADM_CONTENT', 'adm_content', 'tpl.usr_role_assignment.html', 'Services/User');
if (false) {
$this->tpl->setCurrentBlock("filter");
$this->tpl->setVariable("FILTER_TXT_FILTER", $this->lng->txt('filter'));
$this->tpl->setVariable("SELECT_FILTER", $this->__buildFilterSelect());
$this->tpl->setVariable("FILTER_ACTION", $this->ctrl->getFormAction($this));
$this->tpl->setVariable("FILTER_NAME", 'roleassignment');
$this->tpl->setVariable("FILTER_VALUE", $this->lng->txt('apply_filter'));
$this->tpl->parseCurrentBlock();
}
// init table
include_once "./Services/User/classes/class.ilRoleAssignmentTableGUI.php";
$tab = new ilRoleAssignmentTableGUI($this, "roleassignment");
// now get roles depending on filter settings
$role_list = $rbacreview->getRolesByFilter($tab->filter["role_filter"], $this->object->getId());
$assigned_roles = $rbacreview->assignedRoles($this->object->getId());
$counter = 0;
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$records = array();
foreach ($role_list as $role) {
// fetch context path of role
$rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
// only list roles that are not set to status "deleted"
if ($rbacreview->isDeleted($rolf[0])) {
continue;
}
// build context path
$path = "";
if ($this->tree->isInTree($rolf[0])) {
if ($rolf[0] == ROLE_FOLDER_ID) {
$path = $this->lng->txt("global");
} else {
$tmpPath = $this->tree->getPathFull($rolf[0]);
// count -1, to exclude the role folder itself
/*for ($i = 1; $i < (count($tmpPath)-1); $i++)
{
if ($path != "")
{
$path .= " > ";
}
$path .= $tmpPath[$i]["title"];
}*/
$path = $tmpPath[count($tmpPath) - 1]["title"];
}
} else {
$path = "<b>Rolefolder " . $rolf[0] . " not found in tree! (Role " . $role["obj_id"] . ")</b>";
}
$disabled = false;
// disable checkbox for system role for the system user
if ($this->object->getId() == SYSTEM_USER_ID and $role["obj_id"] == SYSTEM_ROLE_ID or !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId())) and $role["obj_id"] == SYSTEM_ROLE_ID) {
$disabled = true;
}
// protected admin role
if ($role['obj_id'] == SYSTEM_ROLE_ID && !$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)) {
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
if (ilSecuritySettings::_getInstance()->isAdminRoleProtected()) {
$disabled = true;
}
}
if (substr($role["title"], 0, 3) == "il_") {
if (!$assignable) {
$rolf_arr = $rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
$rolf2 = $rolf_arr[0];
} else {
$rolf2 = $rolf;
}
$parent_node = $this->tree->getNodeData($rolf2);
$role["description"] = $this->lng->txt("obj_" . $parent_node["type"]) . " (#" . $parent_node["obj_id"] . ")";
}
$role_ids[$counter] = $role["obj_id"];
$result_set[$counter][] = $checkbox = ilUtil::formCheckBox(in_array($role["obj_id"], $assigned_roles), "role_id[]", $role["obj_id"], $disabled) . "<input type=\"hidden\" name=\"role_id_ctrl[]\" value=\"" . $role["obj_id"] . "\"/>";
$this->ctrl->setParameterByClass("ilobjrolegui", "ref_id", $rolf[0]);
$this->ctrl->setParameterByClass("ilobjrolegui", "obj_id", $role["obj_id"]);
$result_set[$counter][] = $link = "<a href=\"" . $this->ctrl->getLinkTargetByClass("ilobjrolegui", "perm") . "\">" . ilObjRole::_getTranslation($role["title"]) . "</a>";
$title = ilObjRole::_getTranslation($role["title"]);
$result_set[$counter][] = $role["description"];
// Add link to objector local Rores
if ($role["role_type"] == "local") {
// Get Object to the role
$obj_id = ilRbacReview::getObjectOfRole($role["rol_id"]);
$obj_type = ilObject::_lookupType($obj_id);
$ref_ids = ilObject::_getAllReferences($obj_id);
foreach ($ref_ids as $ref_id) {
}
require_once "./Services/Link/classes/class.ilLink.php";
$result_set[$counter][] = $context = "<a href='" . ilLink::_getLink($ref_id, ilObject::_lookupType($obj_id)) . "' target='_top'>" . $path . "</a>";
} else {
$result_set[$counter][] = $path;
$context = $path;
}
$records[] = array("path" => $path, "description" => $role["description"], "context" => $context, "checkbox" => $checkbox, "role" => $link, "title" => $title);
++$counter;
}
if (true) {
$tab->setData($records);
$this->tpl->setVariable("ROLES_TABLE", $tab->getHTML());
return;
}
}
public function addToExternalSettingsForm($a_form_id)
{
switch ($a_form_id) {
case ilAdministrationSettingsFormHandler::FORM_SECURITY:
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
$fields = array('adm_adm_role_protect' => array($security->isAdminRoleProtected(), ilAdministrationSettingsFormHandler::VALUE_BOOL));
return array(array("editSettings", $fields));
case ilAdministrationSettingsFormHandler::FORM_PRIVACY:
include_once './Services/PrivacySecurity/classes/class.ilPrivacySettings.php';
$privacy = ilPrivacySettings::_getInstance();
$subitems = null;
if ((bool) $privacy->enabledRbacLog()) {
$subitems = array('rbac_log_age' => $privacy->getRbacLogAge());
}
$fields = array('rbac_log' => array($privacy->enabledRbacLog(), ilAdministrationSettingsFormHandler::VALUE_BOOL, $subitems));
return array(array("editSettings", $fields));
}
}
