/**
  * Apply action
  */
 public function apply()
 {
     global $rbacreview, $rbacadmin;
     $source = $this->initSourceObject();
     // Check if role folder already exists
     // Create role
     include_once './Services/AccessControl/classes/class.ilObjRole.php';
     $role = new ilObjRole();
     $role->setTitle(ilObject::_lookupTitle($this->getRoleTemplateId()));
     $role->setDescription(ilObject::_lookupDescription($this->getRoleTemplateId()));
     $role->create();
     $rbacadmin->assignRoleToFolder($role->getId(), $source->getRefId(), "y");
     $GLOBALS['ilLog']->write(__METHOD__ . ': Using rolt: ' . $this->getRoleTemplateId() . ' with title "' . ilObject::_lookupTitle($this->getRoleTemplateId() . '". '));
     // Copy template permissions
     $rbacadmin->copyRoleTemplatePermissions($this->getRoleTemplateId(), ROLE_FOLDER_ID, $source->getRefId(), $role->getId(), true);
     // Set permissions
     $ops = $rbacreview->getOperationsOfRole($role->getId(), $source->getType(), $source->getRefId());
     $rbacadmin->grantPermission($role->getId(), $ops, $source->getRefId());
     return true;
 }
Example #2
0
 /**
  * 
  * @param type $a_title
  * @param type $a_description
  * @param type $a_tpl_name
  * @param type $a_ref_id
  * @return ilObjRole
  */
 public static function createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
 {
     global $ilDB;
     // SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
     $res = $ilDB->query("SELECT obj_id FROM object_data " . " WHERE type=" . $ilDB->quote("rolt", "text") . " AND title=" . $ilDB->quote($a_tpl_name, "text"));
     while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
         $tpl_id = $row->obj_id;
     }
     if (!$tpl_id) {
         return null;
     }
     include_once './Services/AccessControl/classes/class.ilObjRole.php';
     $role = new ilObjRole();
     $role->setTitle($a_title);
     $role->setDescription($a_description);
     $role->create();
     $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 'y');
     $GLOBALS['rbacadmin']->copyRoleTemplatePermissions($tpl_id, ROLE_FOLDER_ID, $a_ref_id, $role->getId());
     $ops = $GLOBALS['rbacreview']->getOperationsOfRole($role->getId(), ilObject::_lookupType($a_ref_id, TRUE), $a_ref_id);
     $GLOBALS['rbacadmin']->grantPermission($role->getId(), $ops, $a_ref_id);
     return $role;
 }
Example #3
0
 /**
  * Copy local roles
  * This method creates a copy of all local role.
  * Note: auto generated roles are excluded
  *
  * @access public
  * @param int source id of object (not role folder)
  * @param int target id of object
  * 
  */
 public function copyLocalRoles($a_source_id, $a_target_id)
 {
     global $rbacreview, $ilLog, $ilObjDataCache;
     $real_local = array();
     foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) {
         $title = $ilObjDataCache->lookupTitle($role_data);
         if (substr($title, 0, 3) == 'il_') {
             continue;
         }
         $real_local[] = $role_data;
     }
     if (!count($real_local)) {
         return true;
     }
     // Create role folder
     foreach ($real_local as $role) {
         include_once "./Services/AccessControl/classes/class.ilObjRole.php";
         $orig = new ilObjRole($role);
         $orig->read();
         $ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle());
         $roleObj = new ilObjRole();
         $roleObj->setTitle($orig->getTitle());
         $roleObj->setDescription($orig->getDescription());
         $roleObj->setImportId($orig->getImportId());
         $roleObj->create();
         $this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y");
         $this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true);
         $ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId());
     }
 }
 /**
  * creates a local role in current rolefolder (this object)
  * 
  * @access	public
  * @param	string	title
  * @param	string	description
  * @return	object	role object
  */
 function createRole($a_title, $a_desc, $a_import_id = 0)
 {
     global $rbacadmin, $rbacreview;
     include_once "./Services/AccessControl/classes/class.ilObjRole.php";
     $roleObj = new ilObjRole();
     $roleObj->setTitle($a_title);
     $roleObj->setDescription($a_desc);
     //echo "aaa-1-";
     if ($a_import_id != "") {
         //echo "aaa-2-".$a_import_id."-";
         $roleObj->setImportId($a_import_id);
     }
     $roleObj->create();
     // ...and put the role into local role folder...
     $rbacadmin->assignRoleToFolder($roleObj->getId(), $this->getRefId(), "y");
     return $roleObj;
 }
 /**
  * Store form input in role object
  * @return 
  * @param object $role
  */
 protected function loadRoleProperties(ilObjRole $role)
 {
     $role->setTitle($this->form->getInput('title'));
     $role->setDescription($this->form->getInput('desc'));
     $role->setAllowRegister($this->form->getInput('reg'));
     $role->toggleAssignUsersStatus($this->form->getInput('la'));
     $role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(), 2));
     $role->setPersonalWorkspaceDiskQuota($this->form->getInput('wsp_disk_quota') * pow(ilFormat::_getSizeMagnitude(), 2));
     return true;
 }
Example #6
0
 public function initDefaultRoles()
 {
     global $rbacadmin, $rbacreview, $ilAppEventHandler;
     include_once './Services/AccessControl/classes/class.ilObjRole.php';
     $role = new ilObjRole();
     $role->setTitle("il_orgu_employee_" . $this->getRefId());
     $role->setDescription("Emplyee of org unit obj_no." . $this->getId());
     $role->create();
     $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getRefId(), 'y');
     include_once './Services/AccessControl/classes/class.ilObjRole.php';
     $role_sup = ilObjRole::createDefaultRole('il_orgu_superior_' . $this->getRefId(), "Superior of org unit obj_no." . $this->getId(), 'il_orgu_superior', $this->getRefId());
     $ilAppEventHandler->raise('Modules/OrgUnit', 'initDefaultRoles', array('object' => $this, 'obj_id' => $this->getId(), 'ref_id' => $this->getRefId(), 'role_superior_id' => $role->getId(), 'role_employee_id' => $role_sup->getId()));
 }
 /**
  * adds a local role
  * This method is only called when choose the option 'you may add local roles'. This option
  * is displayed in the permission settings dialogue for an object
  * TODO: this will be changed
  * @access	public
  * 
  */
 protected function addRole()
 {
     global $rbacadmin, $rbacreview, $rbacsystem, $ilErr, $ilCtrl;
     $form = $this->initRoleForm();
     if ($form->checkInput()) {
         $new_title = $form->getInput("title");
         include_once './Services/AccessControl/classes/class.ilObjRole.php';
         $role = new ilObjRole();
         $role->setTitle($new_title);
         $role->setDescription($form->getInput('desc'));
         $role->create();
         $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
         // protect
         $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role->getId(), $form->getInput('pro') ? 'y' : 'n');
         // copy rights
         $right_id_to_copy = $form->getInput("rights");
         if ($right_id_to_copy) {
             $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
             $rbacadmin->copyRoleTemplatePermissions($right_id_to_copy, $parentRoles[$right_id_to_copy]["parent"], $this->getCurrentObject()->getRefId(), $role->getId(), false);
             if ($form->getInput('existing')) {
                 if ($form->getInput('pro')) {
                     $role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'));
                 } else {
                     $role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'));
                 }
             }
         }
         // add to desktop items
         if ($form->getInput("desktop")) {
             include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
             $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
             $role_desk_item_obj->add($this->getCurrentObject()->getRefId(), ilObject::_lookupType($this->getCurrentObject()->getRefId(), true));
         }
         ilUtil::sendSuccess($this->lng->txt("role_added"), true);
         $this->ctrl->redirect($this, 'perm');
     } else {
         $form->setValuesByPost();
         $this->tpl->setContent($form->getHTML());
     }
 }
 function addRoleFromTemplate($sid, $target_id, $role_xml, $template_id)
 {
     $this->initAuth($sid);
     $this->initIlias();
     if (!$this->__checkSession($sid)) {
         return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
     }
     global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin, $ilAccess;
     if (!($tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id, false))) {
         return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object', 'Client');
     }
     if (ilObject::_lookupType($template_id) != 'rolt') {
         return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template', 'Client');
     }
     if (ilObject::_isInTrash($target_id)) {
         return $this->__raiseError("Parent with ID {$target_id} has been deleted.", 'CLIENT_TARGET_DELETED');
     }
     if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
         return $this->__raiseError('Check access failed. No permission to create roles', 'Server');
     }
     include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
     $xml_parser =& new ilObjectXMLParser($role_xml);
     $xml_parser->startParsing();
     foreach ($xml_parser->getObjectData() as $object_data) {
         // check if role title has il_ prefix
         if (substr($object_data['title'], 0, 3) == "il_") {
             return $this->__raiseError('Rolenames are not allowed to start with "il_" ', 'Client');
         }
         include_once './Services/AccessControl/classes/class.ilObjRole.php';
         $role = new ilObjRole();
         $role->setTitle($object_data['title']);
         $role->setDescription($object_data['description']);
         $role->setImportId($object_data['import_id']);
         $role->create();
         $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
         // Copy permssions
         $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
         // Set object permissions according to role template
         $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
         $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
         $new_roles[] = $role->getId();
     }
     // CREATE ADMIN ROLE
     return $new_roles ? $new_roles : array();
 }
Example #9
0
 /**
  * Store form input in role object
  * @return 
  * @param object $role
  */
 protected function loadRoleProperties(ilObjRole $role)
 {
     //Don't set if fields are disabled to prevent html manipulation.
     if (!$this->form->getItemByPostVar('title')->getDisabled()) {
         $role->setTitle($this->form->getInput('title'));
     }
     if (!$this->form->getItemByPostVar('desc')->getDisabled()) {
         $role->setDescription($this->form->getInput('desc'));
     }
     $role->setAllowRegister($this->form->getInput('reg'));
     $role->toggleAssignUsersStatus($this->form->getInput('la'));
     $role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(), 2));
     $role->setPersonalWorkspaceDiskQuota($this->form->getInput('wsp_disk_quota') * pow(ilFormat::_getSizeMagnitude(), 2));
     return true;
 }