protected function getItems($a_ref_id, array $a_current_filter = NULL)
 {
     global $rbacreview;
     $this->determineOffsetAndOrder();
     foreach ($rbacreview->getOperations() as $op) {
         $this->operations[$op["ops_id"]] = $op["operation"];
     }
     // special case: role folder should display root folder entries
     if ($a_ref_id == ROLE_FOLDER_ID) {
         $a_ref_id = ROOT_FOLDER_ID;
     }
     $data = ilRbacLog::getLogItems($a_ref_id, $this->getLimit(), $this->getOffset(), $a_current_filter);
     $this->setData($data["set"]);
     $this->setMaxCount($data["cnt"]);
 }
Example #2
0
 public function cloneObject($a_target_id, $a_copy_id = 0, $a_omit_tree = false)
 {
     global $rbacreview;
     require_once 'Modules/Chatroom/classes/class.ilChatroom.php';
     $original_room = ilChatroom::byObjectId($this->getId());
     $newObj = parent::cloneObject($a_target_id, $a_copy_id, $a_omit_tree);
     $objId = $newObj->getId();
     $original_settings = $original_room->getSettings();
     $room = new ilChatroom();
     $original_settings['object_id'] = $objId;
     $room->saveSettings($original_settings);
     // rbac log
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_roles = $rbacreview->getParentRoleIds($newObj->getRefId(), false);
     $rbac_log = ilRbacLog::gatherFaPa($newObj->getRefId(), array_keys($rbac_log_roles), true);
     ilRbacLog::add(ilRbacLog::CREATE_OBJECT, $newObj->getRefId(), $rbac_log);
     return $newObj;
 }
Example #3
0
 /**
  * Add object to tree at given position
  *
  * @param ilObject $a_obj
  * @param int $a_parent_node_id
  */
 protected function putObjectInTree(ilObject $a_obj, $a_parent_node_id = null)
 {
     global $rbacreview, $ilUser, $objDefinition;
     $this->object_id = $a_obj->getId();
     if (!$a_parent_node_id) {
         $a_parent_node_id = $this->parent_id;
     }
     // add new object to custom parent container
     if ((int) $_REQUEST["crtptrefid"]) {
         $a_parent_node_id = (int) $_REQUEST["crtptrefid"];
     }
     switch ($this->id_type) {
         case self::REPOSITORY_NODE_ID:
         case self::REPOSITORY_OBJECT_ID:
             if (!$this->node_id) {
                 $a_obj->createReference();
                 $this->node_id = $a_obj->getRefId();
             }
             $a_obj->putInTree($a_parent_node_id);
             $a_obj->setPermissions($a_parent_node_id);
             // rbac log
             include_once "Services/AccessControl/classes/class.ilRbacLog.php";
             $rbac_log_roles = $rbacreview->getParentRoleIds($this->node_id, false);
             $rbac_log = ilRbacLog::gatherFaPa($this->node_id, array_keys($rbac_log_roles), true);
             ilRbacLog::add(ilRbacLog::CREATE_OBJECT, $this->node_id, $rbac_log);
             $this->ctrl->setParameter($this, "ref_id", $this->node_id);
             break;
         case self::WORKSPACE_NODE_ID:
         case self::WORKSPACE_OBJECT_ID:
             if (!$this->node_id) {
                 $this->node_id = $this->tree->insertObject($a_parent_node_id, $this->object_id);
             }
             $this->getAccessHandler()->setPermissions($a_parent_node_id, $this->node_id);
             $this->ctrl->setParameter($this, "wsp_id", $this->node_id);
             break;
         case self::OBJECT_ID:
         case self::PORTFOLIO_OBJECT_ID:
             // do nothing
             break;
     }
     // BEGIN ChangeEvent: Record save object.
     require_once 'Services/Tracking/classes/class.ilChangeEvent.php';
     ilChangeEvent::_recordWriteEvent($this->object_id, $ilUser->getId(), 'create');
     // END ChangeEvent: Record save object.
     // use forced callback after object creation
     self::handleAfterSaveCallback($a_obj, $_REQUEST["crtcb"]);
 }
 /**
  * delete object or referenced object
  * (in the case of a referenced object, object data is only deleted
  * if last reference is deleted)
  * This function removes an object entirely from system!!
  *
  * @access	public
  * @return	boolean	true if object was removed completely; false if only a references was removed
  */
 function delete()
 {
     global $rbacadmin, $log, $ilDB;
     $remove = false;
     // delete object_data entry
     if (!$this->referenced || $this->countReferences() == 1) {
         // check type match
         $db_type = ilObject::_lookupType($this->getId());
         if ($this->type != $db_type) {
             $message = "ilObject::delete(): Type mismatch. Object with obj_id: " . $this->id . " " . "was instantiated by type '" . $this->type . "'. DB type is: " . $db_type;
             // write log entry
             $log->write($message);
             // raise error
             $this->ilias->raiseError("ilObject::delete(): Type mismatch. (" . $this->type . "/" . $this->id . ")", $this->ilias->error_obj->WARNING);
         }
         // delete entry in object_data
         $q = "DELETE FROM object_data " . "WHERE obj_id = " . $ilDB->quote($this->getId(), "integer");
         $ilDB->manipulate($q);
         // delete long description
         $query = "DELETE FROM object_description WHERE obj_id = " . $ilDB->quote($this->getId(), "integer");
         $ilDB->manipulate($query);
         // write log entry
         $log->write("ilObject::delete(), deleted object, obj_id: " . $this->getId() . ", type: " . $this->getType() . ", title: " . $this->getTitle());
         // remove news
         include_once "./Services/News/classes/class.ilNewsItem.php";
         $news_item = new ilNewsItem();
         $news_item->deleteNewsOfContext($this->getId(), $this->getType());
         include_once "./Services/Block/classes/class.ilBlockSetting.php";
         ilBlockSetting::_deleteSettingsOfBlock($this->getId(), "news");
         include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
         ilDidacticTemplateObjSettings::deleteByObjId($this->getId());
         /* remove notes (see infoscreen gui)
         			   as they can be seen as personal data we are keeping them for now
         			include_once("Services/Notes/classes/class.ilNote.php");
         			foreach(array(IL_NOTE_PRIVATE, IL_NOTE_PUBLIC) as $note_type)
         			{
         				foreach(ilNote::_getNotesOfObject($this->id, 0, $this->type, $note_type) as $note)
         				{
         					$note->delete();
         				}
         			}
         		    */
         // BEGIN WebDAV: Delete WebDAV properties
         $query = "DELETE FROM dav_property " . "WHERE obj_id = " . $ilDB->quote($this->getId(), 'integer');
         $res = $ilDB->manipulate($query);
         // END WebDAV: Delete WebDAV properties
         include_once './Services/Tracking/classes/class.ilChangeEvent.php';
         ilChangeEvent::_delete($this->getId());
         include_once './Services/Tracking/classes/class.ilLPCollections.php';
         ilLPCollections::_deleteAll($this->getId());
         include_once './Services/WebServices/ECS/classes/class.ilECSImport.php';
         ilECSImport::_deleteByObjId($this->getId());
         $remove = true;
     } else {
         // write log entry
         $log->write("ilObject::delete(), object not deleted, number of references: " . $this->countReferences() . ", obj_id: " . $this->getId() . ", type: " . $this->getType() . ", title: " . $this->getTitle());
     }
     // delete object_reference entry
     if ($this->referenced) {
         include_once "Services/Object/classes/class.ilObjectActivation.php";
         ilObjectActivation::deleteAllEntries($this->getRefId());
         // delete entry in object_reference
         $query = "DELETE FROM object_reference " . "WHERE ref_id = " . $ilDB->quote($this->getRefId(), 'integer');
         $res = $ilDB->manipulate($query);
         // write log entry
         $log->write("ilObject::delete(), reference deleted, ref_id: " . $this->getRefId() . ", obj_id: " . $this->getId() . ", type: " . $this->getType() . ", title: " . $this->getTitle());
         // DELETE PERMISSION ENTRIES IN RBAC_PA
         // DONE: method overwritten in ilObjRole & ilObjUser.
         // this call only applies for objects in rbac (not usr,role,rolt)
         // TODO: Do this for role templates too
         $rbacadmin->revokePermission($this->getRefId(), 0, false);
         include_once "Services/AccessControl/classes/class.ilRbacLog.php";
         ilRbacLog::delete($this->getRefId());
         // Remove applied didactic template setting
         include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
         ilDidacticTemplateObjSettings::deleteByRefId($this->getRefId());
         // Remove desktop items
         ilUtil::removeItemFromDesktops($this->getRefId());
     }
     // remove conditions
     if ($this->referenced) {
         $ch =& new ilConditionHandler();
         $ch->delete($this->getRefId());
         unset($ch);
     }
     return $remove;
 }
 /**
  * save permissions
  * 
  * @access	public
  */
 function permSaveObject($a_show_admin_permissions = false)
 {
     global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
     // for role administration check write of global role folder
     /*
     if ($this->rolf_ref_id == ROLE_FOLDER_ID)
     {
     	$access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
     }
     else	// for local roles check 'edit permission' of parent object of the local role folder
     {
     	$access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
     }
     */
     $access = $this->checkAccess('visible,write', 'edit_permission');
     if (!$access) {
         $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
     }
     // rbac log
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_active = ilRbacLog::isActive();
     if ($rbac_log_active) {
         $rbac_log_old = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
     }
     // delete all template entries of enabled types
     if ($this->rolf_ref_id == ROLE_FOLDER_ID) {
         if ($a_show_admin_permissions) {
             $subs = $objDefinition->getSubObjectsRecursively('adm', true, true);
         } else {
             $subs = $objDefinition->getSubObjectsRecursively('root', true, false);
         }
     } else {
         $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(), true, false);
     }
     foreach ($subs as $subtype => $def) {
         // Delete per object type
         $rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id, $subtype);
     }
     if (empty($_POST["template_perm"])) {
         $_POST["template_perm"] = array();
     }
     foreach ($_POST["template_perm"] as $key => $ops_array) {
         // sets new template permissions
         $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->rolf_ref_id);
     }
     if ($rbac_log_active) {
         $rbac_log_new = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
         $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
         ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
     }
     // update object data entry (to update last modification date)
     $this->object->update();
     // set protected flag
     if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(), $this->rolf_ref_id)) {
         $rbacadmin->setProtected($this->rolf_ref_id, $this->object->getId(), ilUtil::tf2yn($_POST['protected']));
     }
     if ($a_show_admin_permissions) {
         $_POST['recursive'] = true;
     }
     // Redirect if Change existing objects is not chosen
     if (!$_POST['recursive'] and !is_array($_POST['recursive_list'])) {
         ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
         if ($a_show_admin_permissions) {
             $this->ctrl->redirect($this, 'adminPerm');
         } else {
             $this->ctrl->redirect($this, 'perm');
         }
     }
     // New implementation
     if ($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions) {
         $this->showChangeExistingObjectsConfirmation();
         return true;
     }
     $start = $this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id);
     if ($a_show_admin_permissions) {
         $start = $tree->getParentId($this->rolf_ref_id);
     }
     if ($_POST['protected']) {
         $this->object->changeExistingObjects($start, ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'), array());
     } else {
         $this->object->changeExistingObjects($start, ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'), array());
     }
     ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
     if ($a_show_admin_permissions) {
         $this->ctrl->redirect($this, 'adminPerm');
     } else {
         $this->ctrl->redirect($this, 'perm');
     }
     return true;
 }
Example #6
0
 public function performPasteIntoMultipleObjectsObject()
 {
     global $rbacsystem, $rbacadmin, $rbacreview, $log, $tree, $ilObjDataCache, $ilUser;
     $command = $_SESSION['clipboard']['cmd'];
     if (!in_array($command, array('cut', 'link', 'copy'))) {
         $message = __METHOD__ . ": cmd was neither 'cut', 'link' nor 'copy'; may be a hack attempt!";
         $this->ilias->raiseError($message, $this->ilias->error_obj->WARNING);
     }
     if ($command == 'cut') {
         if (isset($_POST['node']) && (int) $_POST['node']) {
             $_POST['nodes'] = array($_POST['node']);
         }
     }
     if (!is_array($_POST['nodes']) || !count($_POST['nodes'])) {
         ilUtil::sendFailure($this->lng->txt('select_at_least_one_object'));
         switch ($command) {
             case 'cut':
                 $this->showPasteTreeObject();
                 break;
             case 'copy':
                 $this->showPasteTreeObject();
                 break;
             case 'link':
                 $this->showPasteTreeObject();
                 break;
         }
         return;
     }
     // this loop does all checks
     $folder_objects_cache = array();
     foreach ($_SESSION['clipboard']['ref_ids'] as $ref_id) {
         $obj_data = ilObjectFactory::getInstanceByRefId($ref_id);
         $current_parent_id = $tree->getParentId($obj_data->getRefId());
         foreach ($_POST['nodes'] as $folder_ref_id) {
             if (!array_key_exists($folder_ref_id, $folder_objects_cache)) {
                 $folder_objects_cache[$folder_ref_id] = ilObjectFactory::getInstanceByRefId($folder_ref_id);
             }
             // CHECK ACCESS
             if (!$rbacsystem->checkAccess('create', $folder_ref_id, $obj_data->getType())) {
                 $no_paste[] = sprintf($this->lng->txt('msg_no_perm_paste_object_in_folder'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']', $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']');
             }
             // CHECK IF REFERENCE ALREADY EXISTS
             if ($folder_ref_id == $current_parent_id) {
                 $exists[] = sprintf($this->lng->txt('msg_obj_exists_in_folder'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']', $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']');
             }
             // CHECK IF PASTE OBJECT SHALL BE CHILD OF ITSELF
             if ($tree->isGrandChild($ref_id, $folder_ref_id) || $ref_id == $folder_ref_id) {
                 $is_child[] = sprintf($this->lng->txt('msg_paste_object_not_in_itself'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']');
             }
             // CHECK IF OBJECT IS ALLOWED TO CONTAIN PASTED OBJECT AS SUBOBJECT
             if (!in_array($obj_data->getType(), array_keys($this->objDefinition->getSubObjects($folder_objects_cache[$folder_ref_id]->getType())))) {
                 $not_allowed_subobject[] = sprintf($this->lng->txt('msg_obj_may_not_contain_objects_of_type'), $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']', $GLOBALS['lng']->txt('obj_' . $obj_data->getType()));
             }
         }
     }
     ////////////////////////////
     // process checking results
     if (count($exists) && $command != "copy") {
         $error .= implode('<br />', $exists);
     }
     if (count($is_child)) {
         $error .= $error != '' ? '<br />' : '';
         $error .= implode('<br />', $is_child);
     }
     if (count($not_allowed_subobject)) {
         $error .= $error != '' ? '<br />' : '';
         $error .= implode('<br />', $not_allowed_subobject);
     }
     if (count($no_paste)) {
         $error .= $error != '' ? '<br />' : '';
         $error .= implode('<br />', $no_paste);
     }
     if ($error != '') {
         ilUtil::sendFailure($error);
         switch ($command) {
             case 'cut':
                 $this->showPasteTreeObject();
                 break;
             case 'copy':
                 $this->showPasteTreeObject();
                 break;
             case 'link':
                 $this->showPasteTreeObject();
                 break;
         }
         return;
     }
     // log pasteObject call
     $log->write(__METHOD__ . ", cmd: " . $command);
     ////////////////////////////////////////////////////////
     // everything ok: now paste the objects to new location
     // to prevent multiple actions via back/reload button
     $ref_ids = $_SESSION['clipboard']['ref_ids'];
     unset($_SESSION['clipboard']['ref_ids']);
     // BEGIN ChangeEvent: Record paste event.
     require_once 'Services/Tracking/classes/class.ilChangeEvent.php';
     // END ChangeEvent: Record paste event.
     // process COPY command
     if ($command == 'copy') {
         foreach ($_POST['nodes'] as $folder_ref_id) {
             foreach ($ref_ids as $ref_id) {
                 $revIdMapping = array();
                 $oldNode_data = $tree->getNodeData($ref_id);
                 if ($oldNode_data['parent'] == $folder_ref_id) {
                     require_once 'Modules/File/classes/class.ilObjFileAccess.php';
                     $newTitle = ilObjFileAccess::_appendNumberOfCopyToFilename($oldNode_data['title'], null);
                     $newRef = $this->cloneNodes($ref_id, $folder_ref_id, $refIdMapping, $newTitle);
                 } else {
                     $newRef = $this->cloneNodes($ref_id, $folder_ref_id, $refIdMapping, null);
                 }
                 // BEGIN ChangeEvent: Record copy event.
                 $old_parent_data = $tree->getParentNodeData($ref_id);
                 $newNode_data = $tree->getNodeData($newRef);
                 ilChangeEvent::_recordReadEvent($oldNode_data['type'], $ref_id, $oldNode_data['obj_id'], $ilUser->getId());
                 ilChangeEvent::_recordWriteEvent($newNode_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id));
                 ilChangeEvent::_catchupWriteEvents($newNode_data['obj_id'], $ilUser->getId());
                 // END PATCH ChangeEvent: Record cut event.
             }
         }
         ilUtil::sendSuccess($this->lng->txt('msg_cloned'), true);
     }
     // END COPY
     // process CUT command
     if ($command == 'cut') {
         foreach ($_POST['nodes'] as $folder_ref_id) {
             foreach ($ref_ids as $ref_id) {
                 // Store old parent
                 $old_parent = $tree->getParentId($ref_id);
                 $tree->moveTree($ref_id, $folder_ref_id);
                 $rbacadmin->adjustMovedObjectPermissions($ref_id, $old_parent);
                 include_once './Services/AccessControl/classes/class.ilConditionHandler.php';
                 ilConditionHandler::_adjustMovedObjectConditions($ref_id);
                 // BEGIN ChangeEvent: Record cut event.
                 $node_data = $tree->getNodeData($ref_id);
                 $old_parent_data = $tree->getNodeData($old_parent);
                 ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'remove', $old_parent_data['obj_id']);
                 ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id));
                 ilChangeEvent::_catchupWriteEvents($node_data['obj_id'], $ilUser->getId());
                 // END PATCH ChangeEvent: Record cut event.
             }
             // prevent multiple iterations for cut cmommand
             break;
         }
         ilUtil::sendSuccess($this->lng->txt('msg_cut_copied'), true);
     }
     // END CUT
     // process LINK command
     if ($command == 'link') {
         $linked_to_folders = array();
         include_once "Services/AccessControl/classes/class.ilRbacLog.php";
         $rbac_log_active = ilRbacLog::isActive();
         foreach ($_POST['nodes'] as $folder_ref_id) {
             $linked_to_folders[] = $ilObjDataCache->lookupTitle($ilObjDataCache->lookupObjId($folder_ref_id));
             foreach ($ref_ids as $ref_id) {
                 // get node data
                 $top_node = $tree->getNodeData($ref_id);
                 // get subnodes of top nodes
                 $subnodes[$ref_id] = $tree->getSubtree($top_node);
             }
             // now move all subtrees to new location
             foreach ($subnodes as $key => $subnode) {
                 // first paste top_node....
                 $obj_data = ilObjectFactory::getInstanceByRefId($key);
                 $new_ref_id = $obj_data->createReference();
                 $obj_data->putInTree($folder_ref_id);
                 $obj_data->setPermissions($folder_ref_id);
                 // rbac log
                 if ($rbac_log_active) {
                     $rbac_log_roles = $rbacreview->getParentRoleIds($new_ref_id, false);
                     $rbac_log = ilRbacLog::gatherFaPa($new_ref_id, array_keys($rbac_log_roles), true);
                     ilRbacLog::add(ilRbacLog::LINK_OBJECT, $new_ref_id, $rbac_log, $key);
                 }
                 // BEGIN ChangeEvent: Record link event.
                 $node_data = $tree->getNodeData($new_ref_id);
                 ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id));
                 ilChangeEvent::_catchupWriteEvents($node_data['obj_id'], $ilUser->getId());
                 // END PATCH ChangeEvent: Record link event.
             }
             $log->write(__METHOD__ . ', link finished');
         }
         ilUtil::sendSuccess(sprintf($this->lng->txt('mgs_objects_linked_to_the_following_folders'), implode(', ', $linked_to_folders)), true);
     }
     // END LINK
     // clear clipboard
     $this->clearObject();
     $this->ctrl->returnToParent($this);
 }
Example #7
0
 /**
  * Adjust permissions
  * @param int $a_mode
  * @param array $a_nodes array of nodes
  * @param array $a_policies array of object ref ids 
  * @param array $a_exclusion_filter of object types.
  * @return 
  */
 protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
 {
     global $rbacadmin, $rbacreview, $tree;
     $operation_stack = array();
     $policy_stack = array();
     #$left_stack = array();
     #$right_stack = array();
     $node_stack = array();
     $start_node = current($a_nodes);
     #array_push($left_stack, $start_node['lft']);
     #array_push($right_stack, $start_node['rgt']);
     array_push($node_stack, $start_node);
     $this->updatePolicyStack($policy_stack, $start_node['child']);
     $this->updateOperationStack($operation_stack, $start_node['child'], true);
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_active = ilRbacLog::isActive();
     $local_policy = false;
     foreach ($a_nodes as $node) {
         #$lft = end($left_stack);
         #$rgt = end($right_stack);
         $cmp_node = end($node_stack);
         while ($relation = $tree->getRelationOfNodes($node, $cmp_node)) {
             #$GLOBALS['ilLog']->write(__METHOD__.': New relation '. $relation);
             switch ($relation) {
                 case ilTree::RELATION_NONE:
                 case ilTree::RELATION_SIBLING:
                     #$GLOBALS['ilLog']->write(__METHOD__.': Handling sibling/none '. $relation);
                     #$GLOBALS['ilLog']->write(__METHOD__.': Node a '.print_r($node,true).' '.print_r($cmp_node,true));
                     break;
                 case ilTree::RELATION_CHILD:
                 case ilTree::RELATION_EQUALS:
                 case ilTree::RELATION_PARENT:
                 default:
                     #$GLOBALS['ilLog']->write(__METHOD__.': Handling child/equals/parent '. $relation);
                     break 2;
             }
             #$GLOBALS['ilLog']->write(__METHOD__.': end switch ');
             #$GLOBALS['ilLog']->write(__METHOD__.': Comparing '. print_r($node,true).' with '. print_r($cmp_node,true).' with result '. $tree->getRelationOfnodes($node,$cmp_node));
             array_pop($operation_stack);
             array_pop($policy_stack);
             array_pop($node_stack);
             #array_pop($left_stack);
             #array_pop($right_stack);
             $cmp_node = end($node_stack);
             $local_policy = false;
         }
         #$GLOBALS['ilLog']->write(__METHOD__.': End while');
         /*
         while(($node['lft'] < $lft) or ($node['rgt'] > $rgt))
         {
         	#echo "LEFT ".$node['child'].'<br>';
         	array_pop($operation_stack);
         	array_pop($policy_stack);
         	array_pop($left_stack);
         	array_pop($right_stack);
         
         	$lft = end($left_stack);
         	$rgt = end($right_stack);
         
         	$local_policy = false;
         }
         */
         if ($local_policy) {
             #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
             // Continue if inside of local policy
             continue;
         }
         // Start node => set permissions and continue
         if ($node['child'] == $start_node['child']) {
             if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
                 if ($rbac_log_active) {
                     $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
                     $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
                 }
                 // Set permissions
                 $perms = end($operation_stack);
                 $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
                 if ($rbac_log_active) {
                     $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
                     $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
                     ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
                 }
             }
             continue;
         }
         // Node has local policies => update permission stack and continue
         if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) {
             #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
             $local_policy = true;
             $this->updatePolicyStack($policy_stack, $node['child']);
             $this->updateOperationStack($operation_stack, $node['child']);
             #array_push($left_stack,$node['lft']);
             #array_push($right_stack, $node['rgt']);
             array_push($node_stack, $node);
             continue;
         }
         // Continue if this object type is in filter
         if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
             continue;
         }
         if ($rbac_log_active) {
             $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
             $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
         }
         #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
         // Node is course => create course permission intersection
         if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') {
             #echo "CRS ".$node['child'].'<br>';
             // Copy role permission intersection
             $perms = end($operation_stack);
             $this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']);
             if ($this->updateOperationStack($operation_stack, $node['child'])) {
                 #echo "CRS SUCCESS ".$node['child'].'<br>';
                 $this->updatePolicyStack($policy_stack, $node['child']);
                 #array_push($left_stack, $node['lft']);
                 #array_push($right_stack, $node['rgt']);
                 array_push($node_stack, $node);
             }
         }
         // Node is group => create group permission intersection
         if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') {
             #echo "GRP ".$node['child'].'<br>';
             // Copy role permission intersection
             $perms = end($operation_stack);
             $this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']);
             if ($this->updateOperationStack($operation_stack, $node['child'])) {
                 #echo "GRP SUCCESS ".$node['child'].'<br>';
                 $this->updatePolicyStack($policy_stack, $node['child']);
                 #array_push($left_stack, $node['lft']);
                 #array_push($right_stack, $node['rgt']);
                 array_push($node_stack, $node);
             }
         }
         #echo "GRANTED ".$node['child'].'<br>';
         // Set permission
         $perms = end($operation_stack);
         $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
         #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
         if ($rbac_log_active) {
             $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
             $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
             ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
         }
     }
 }
 /**
  * Link node
  *
  * @access private
  * @param
  * 
  */
 private function linkNode($node, $cp_options)
 {
     global $ilLog, $ilAccess, $rbacreview;
     $source_id = $node['child'];
     $parent_id = $node['parent'];
     $options = $cp_options->getOptions($node['child']);
     $mappings = $cp_options->getMappings();
     if (!$ilAccess->checkAccess('delete', '', $node['child'])) {
         $ilLog->write(__METHOD__ . ': No delete permission granted: ' . $source_id . ', ' . $node['title'] . ', ' . $node['type']);
         return false;
     }
     if (!isset($mappings[$parent_id])) {
         $ilLog->write(__METHOD__ . ': Omitting node ' . $source_id . ', ' . $node['title'] . ', ' . $node['type'] . '. No target found.');
         return true;
     }
     $target_id = $mappings[$parent_id];
     $orig = ilObjectFactory::getInstanceByRefId((int) $source_id);
     $new_ref_id = $orig->createReference();
     $orig->putInTree($target_id);
     $orig->setPermissions($target_id);
     if (!$new_ref_id) {
         $ilLog->write(__METHOD__ . ': Error linking ' . $source_id . ', ' . $node['title'] . ', ' . $node['type'] . '. No target found.');
         return false;
     }
     // rbac log
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_roles = $rbacreview->getParentRoleIds($new_ref_id, false);
     $rbac_log = ilRbacLog::gatherFaPa($new_ref_id, array_keys($rbac_log_roles), true);
     ilRbacLog::add(ilRbacLog::LINK_OBJECT, $new_ref_id, $rbac_log, (int) $source_id);
     // Finally add new mapping entry
     $cp_options->appendMapping($source_id, $new_ref_id);
     return $new_ref_id;
 }
 /**
  * Adjust permissions
  * @param int $a_mode
  * @param array $a_nodes array of nodes
  * @param array $a_policies array of object ref ids 
  * @param array $a_exclusion_filter of object types.
  * @return 
  */
 protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
 {
     global $rbacadmin, $rbacreview;
     $operation_stack = array();
     $policy_stack = array();
     $left_stack = array();
     $right_stack = array();
     $start_node = current($a_nodes);
     array_push($left_stack, $start_node['lft']);
     array_push($right_stack, $start_node['rgt']);
     $this->updatePolicyStack($policy_stack, $start_node['child']);
     $this->updateOperationStack($operation_stack, $start_node['child']);
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_active = ilRbacLog::isActive();
     $local_policy = false;
     foreach ($a_nodes as $node) {
         $lft = end($left_stack);
         $rgt = end($right_stack);
         #echo "----STACK---- ".$lft.' - '.$rgt.'<br/>';
         while ($node['lft'] < $lft or $node['rgt'] > $rgt) {
             #echo "LEFT ".$node['child'].'<br>';
             array_pop($operation_stack);
             array_pop($policy_stack);
             array_pop($left_stack);
             array_pop($right_stack);
             $lft = end($left_stack);
             $rgt = end($right_stack);
             $local_policy = false;
         }
         if ($local_policy) {
             #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
             // Continue if inside of local policy
             continue;
         }
         // Start node => set permissions and continue
         if ($node['child'] == $start_node['child']) {
             if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
                 if ($rbac_log_active) {
                     $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
                     $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
                 }
                 // Set permissions
                 $perms = end($operation_stack);
                 $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
                 if ($rbac_log_active) {
                     $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
                     $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
                     ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
                 }
             }
             continue;
         }
         // Node has local policies => update permission stack and continue
         if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) {
             #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
             $local_policy = true;
             $this->updatePolicyStack($policy_stack, $node['child']);
             $this->updateOperationStack($operation_stack, $node['child']);
             array_push($left_stack, $node['lft']);
             array_push($right_stack, $node['rgt']);
             continue;
         }
         // Continue if this object type is in filter
         if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
             continue;
         }
         if ($rbac_log_active) {
             $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
             $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
         }
         #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
         // Node is course => create course permission intersection
         if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') {
             #echo "CRS ".$node['child'].'<br>';
             // Copy role permission intersection
             $perms = end($operation_stack);
             $this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']);
             if ($this->updateOperationStack($operation_stack, $node['child'])) {
                 #echo "CRS SUCCESS ".$node['child'].'<br>';
                 $this->updatePolicyStack($policy_stack, $node['child']);
                 array_push($left_stack, $node['lft']);
                 array_push($right_stack, $node['rgt']);
             }
         }
         // Node is group => create group permission intersection
         if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') {
             #echo "GRP ".$node['child'].'<br>';
             // Copy role permission intersection
             $perms = end($operation_stack);
             $this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']);
             if ($this->updateOperationStack($operation_stack, $node['child'])) {
                 #echo "GRP SUCCESS ".$node['child'].'<br>';
                 $this->updatePolicyStack($policy_stack, $node['child']);
                 array_push($left_stack, $node['lft']);
                 array_push($right_stack, $node['rgt']);
             }
         }
         #echo "GRANTED ".$node['child'].'<br>';
         // Set permission
         $perms = end($operation_stack);
         $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
         #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
         if ($rbac_log_active) {
             $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
             $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
             ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
         }
     }
 }
 function log()
 {
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     if (!ilRbacLog::isActive()) {
         $this->ctrl->redirect($this, "perm");
     }
     $this->__initSubTabs("log");
     include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
     $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
     $this->tpl->setContent($table->getHTML());
 }
Example #11
0
 /**
  * Adjust permissions
  * @param int $a_mode
  * @param array $a_nodes array of nodes
  * @param array $a_policies array of object ref ids 
  * @param array $a_exclusion_filter of object types.
  * @return 
  */
 protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
 {
     global $rbacadmin, $rbacreview, $tree;
     $operation_stack = array();
     $policy_stack = array();
     $node_stack = array();
     $start_node = current($a_nodes);
     array_push($node_stack, $start_node);
     $this->updatePolicyStack($policy_stack, $start_node['child']);
     $this->updateOperationStack($operation_stack, $start_node['child'], true);
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_active = ilRbacLog::isActive();
     $local_policy = false;
     foreach ($a_nodes as $node) {
         $cmp_node = end($node_stack);
         while ($relation = $tree->getRelationOfNodes($node, $cmp_node)) {
             switch ($relation) {
                 case ilTree::RELATION_NONE:
                 case ilTree::RELATION_SIBLING:
                     $GLOBALS['ilLog']->write(__METHOD__ . ': Handling sibling/none relation.');
                     array_pop($operation_stack);
                     array_pop($policy_stack);
                     array_pop($node_stack);
                     $cmp_node = end($node_stack);
                     $local_policy = false;
                     break;
                 case ilTree::RELATION_CHILD:
                 case ilTree::RELATION_EQUALS:
                 case ilTree::RELATION_PARENT:
                 default:
                     $GLOBALS['ilLog']->write(__METHOD__ . ': Handling child/equals/parent ' . $relation);
                     break 2;
             }
         }
         if ($local_policy) {
             continue;
         }
         // Start node => set permissions and continue
         if ($node['child'] == $start_node['child']) {
             if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
                 if ($rbac_log_active) {
                     $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
                     $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
                 }
                 // Set permissions
                 $perms = end($operation_stack);
                 $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
                 if ($rbac_log_active) {
                     $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
                     $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
                     ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
                 }
             }
             continue;
         }
         // Node has local policies => update permission stack and continue
         if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) {
             $local_policy = true;
             $this->updatePolicyStack($policy_stack, $node['child']);
             $this->updateOperationStack($operation_stack, $node['child']);
             array_push($node_stack, $node);
             continue;
         }
         // Continue if this object type is not in filter
         if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
             continue;
         }
         if ($rbac_log_active) {
             $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
             $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
         }
         // Node is course => create course permission intersection
         if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') {
             // Copy role permission intersection
             $perms = end($operation_stack);
             $this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']);
             if ($this->updateOperationStack($operation_stack, $node['child'])) {
                 $this->updatePolicyStack($policy_stack, $node['child']);
                 array_push($node_stack, $node);
             }
         }
         // Node is group => create group permission intersection
         if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') {
             // Copy role permission intersection
             $perms = end($operation_stack);
             $this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']);
             if ($this->updateOperationStack($operation_stack, $node['child'])) {
                 $this->updatePolicyStack($policy_stack, $node['child']);
                 array_push($node_stack, $node);
             }
         }
         // Set permission
         $perms = end($operation_stack);
         $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
         if ($rbac_log_active) {
             $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
             $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
             ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
         }
     }
 }
 /**
  * Instantiates, prepares and returns object.
  * $class_name = 'ilObj' . $objDefinition->getClassName( $new_type ).
  * Fetches title from $_POST['title'], description from $_POST['desc']
  * and RefID from $_GET['ref_id'].
  * @return ilObject
  */
 public function insertObject()
 {
     /**
      * @var $rbacsystem    ilRbacSystem
      * @var $objDefinition ilObjectDefinition
      * @var $rbacreview    ilRbacReview
      */
     global $rbacsystem, $objDefinition, $rbacreview;
     $new_type = $this->type;
     // create permission is already checked in createObject.
     // This check here is done to prevent hacking attempts
     if (!$rbacsystem->checkAccess('create', $_GET['ref_id'], $new_type)) {
         $this->ilias->raiseError($this->lng->txt('no_create_permission'), $this->ilias->error_obj->MESSAGE);
     }
     $location = $objDefinition->getLocation($new_type);
     // create and insert object in objecttree
     $class_name = 'ilObj' . $objDefinition->getClassName($new_type);
     include_once $location . '/class.' . $class_name . '.php';
     /**
      * @var $newObj ilObjChatroom
      */
     $newObj = new $class_name();
     $newObj->setType($new_type);
     $newObj->setTitle(ilUtil::stripSlashes($_POST['title']));
     $newObj->setDescription(ilUtil::stripSlashes($_POST['desc']));
     $newObj->create();
     $newObj->createReference();
     $newObj->putInTree($_GET['ref_id']);
     $newObj->setPermissions($_GET['ref_id']);
     $objId = $newObj->getId();
     $room = new ilChatroom();
     $room->saveSettings(array('object_id' => $objId, 'autogen_usernames' => 'Autogen #', 'display_past_msgs' => 20, 'private_rooms_enabled' => 0));
     // rbac log
     include_once 'Services/AccessControl/classes/class.ilRbacLog.php';
     $rbac_log_roles = $rbacreview->getParentRoleIds($newObj->getRefId(), false);
     $rbac_log = ilRbacLog::gatherFaPa($newObj->getRefId(), array_keys($rbac_log_roles), true);
     ilRbacLog::add(ilRbacLog::CREATE_OBJECT, $newObj->getRefId(), $rbac_log);
     $this->object = $newObj;
     return $newObj;
 }
 /**
  * Start cloning a single (not container) object
  * @return 
  */
 protected function copySingleObject()
 {
     include_once './Services/Link/classes/class.ilLink.php';
     include_once 'Services/CopyWizard/classes/class.ilCopyWizardOptions.php';
     global $ilAccess, $ilErr, $rbacsystem, $ilUser, $ilCtrl, $rbacreview;
     // Create permission
     if (!$rbacsystem->checkAccess('create', $this->getTarget(), $this->getType())) {
         ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
         $ilCtrl->returnToParent($this);
     }
     // Source defined
     if (!$this->getSource()) {
         ilUtil::sendFailure($this->lng->txt('select_one'), true);
         $ilCtrl->returnToParent($this);
     }
     // Copy permission
     if (!$ilAccess->checkAccess('copy', '', $this->getSource())) {
         ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
         $ilCtrl->returnToParent($this);
     }
     // Save wizard options
     $copy_id = ilCopyWizardOptions::_allocateCopyId();
     $wizard_options = ilCopyWizardOptions::_getInstance($copy_id);
     $wizard_options->saveOwner($ilUser->getId());
     $wizard_options->saveRoot((int) $this->getSource());
     /*
     $options = $_POST['cp_options'] ? $_POST['cp_options'] : array();
     foreach($options as $source_id => $option)
     {
     	$wizard_options->addEntry($source_id,$option);
     }
     */
     $wizard_options->read();
     $orig = ilObjectFactory::getInstanceByRefId((int) $this->getSource());
     $new_obj = $orig->cloneObject($this->getTarget(), $copy_id);
     // Delete wizard options
     $wizard_options->deleteAll();
     // rbac log
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     if (ilRbacLog::isActive()) {
         $rbac_log_roles = $rbacreview->getParentRoleIds($new_obj->getRefId(), false);
         $rbac_log = ilRbacLog::gatherFaPa($new_obj->getRefId(), array_keys($rbac_log_roles), true);
         ilRbacLog::add(ilRbacLog::COPY_OBJECT, $new_obj->getRefId(), $rbac_log, (int) $this->getSource());
     }
     ilUtil::sendSuccess($this->lng->txt("object_duplicated"), true);
     ilUtil::redirect(ilLink::_getLink($new_obj->getRefId()));
 }
Example #14
0
 /**
  * Add object to tree at given position
  *
  * @param ilObject $a_obj
  * @param int $a_parent_node_id
  */
 protected function putObjectInTree(ilObject $a_obj, $a_parent_node_id = null)
 {
     global $rbacreview, $ilUser, $objDefinition;
     if (!$a_parent_node_id) {
         $a_parent_node_id = $_GET["ref_id"];
     }
     // add new object to custom parent container
     if ((int) $_REQUEST["crtptrefid"]) {
         $a_parent_node_id = (int) $_REQUEST["crtptrefid"];
     }
     $a_obj->createReference();
     $a_obj->putInTree($a_parent_node_id);
     $a_obj->setPermissions($a_parent_node_id);
     $this->obj_id = $a_obj->getId();
     $this->ref_id = $a_obj->getRefId();
     // BEGIN ChangeEvent: Record save object.
     require_once 'Services/Tracking/classes/class.ilChangeEvent.php';
     ilChangeEvent::_recordWriteEvent($this->obj_id, $ilUser->getId(), 'create');
     // END ChangeEvent: Record save object.
     // rbac log
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_roles = $rbacreview->getParentRoleIds($this->ref_id, false);
     $rbac_log = ilRbacLog::gatherFaPa($this->ref_id, array_keys($rbac_log_roles), true);
     ilRbacLog::add(ilRbacLog::CREATE_OBJECT, $this->ref_id, $rbac_log);
     // use forced callback after object creation
     if ($_REQUEST["crtcb"]) {
         $callback_type = ilObject::_lookupType((int) $_REQUEST["crtcb"], true);
         $class_name = "ilObj" . $objDefinition->getClassName($callback_type) . "GUI";
         $location = $objDefinition->getLocation($callback_type);
         include_once $location . "/class." . $class_name . ".php";
         if (in_array(strtolower($class_name), array("ilobjitemgroupgui"))) {
             $callback_obj = new $class_name((int) $_REQUEST["crtcb"]);
         } else {
             // #10368
             $callback_obj = new $class_name(null, (int) $_REQUEST["crtcb"], true, false);
         }
         $callback_obj->afterSaveCallback($a_obj);
     }
 }
 /**
  * Save permissions
  * @return 
  */
 protected function savePermissions()
 {
     global $rbacreview, $objDefinition, $rbacadmin;
     include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
     $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
     $roles = $this->applyRoleFilter($rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()), $table->getFilterItemByPostVar('role')->getValue());
     // Log history
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
     # all possible create permissions
     $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass($this->getCurrentObject()->getType(), 'create');
     # createable (activated) create permissions
     $create_types = $objDefinition->getCreatableSubObjects($this->getCurrentObject()->getType());
     $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
     foreach ((array) $roles as $role => $role_data) {
         if ($role_data['protected']) {
             continue;
         }
         $new_ops = array_keys((array) $_POST['perm'][$role]);
         $old_ops = $rbacreview->getRoleOperationsOnObject($role, $this->getCurrentObject()->getRefId());
         // Add operations which were enabled and are not activated.
         foreach ($possible_ops_ids as $create_ops_id) {
             if (in_array($create_ops_id, $createable_ops_ids)) {
                 continue;
             }
             if (in_array($create_ops_id, $old_ops)) {
                 $new_ops[] = $create_ops_id;
             }
         }
         $rbacadmin->revokePermission($this->getCurrentObject()->getRefId(), $role);
         $rbacadmin->grantPermission($role, array_unique($new_ops), $this->getCurrentObject()->getRefId());
     }
     // Handle local policies.
     $rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
     $relevant_roles = array_intersect($rbacreview->getRolesOfRoleFolder($rolf_id), array_keys($roles));
     if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
         foreach ($roles as $role) {
             // No action for local roles
             if ($role['parent'] == $rolf_id and $role['assign'] == 'y') {
                 continue;
             }
             // Nothing for protected roles
             if ($role['protected']) {
                 continue;
             }
             // Stop local policy
             if ($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']])) {
                 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
                 $role_obj->setParent($rolf_id);
                 $role_obj->delete();
                 continue;
             }
             // Add local policy
             if ($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']])) {
                 $rbacadmin->copyRoleTemplatePermissions($role['obj_id'], $role['parent'], $rolf_id, $role['obj_id']);
                 $rbacadmin->assignRoleToFolder($role['obj_id'], $rolf_id, 'n');
             }
         }
     }
     // Protect permissions
     if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
         foreach ($roles as $role) {
             if ($rbacreview->isAssignable($role['obj_id'], $rolf_id)) {
                 if (isset($_POST['protect'][$role['obj_id']]) and !$rbacreview->isProtected($rolf_id, $role['obj_id'])) {
                     $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
                 } elseif (!isset($_POST['protect'][$role['obj_id']]) and $rbacreview->isProtected($rolf_id, $role['obj_id'])) {
                     $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
                 }
             }
         }
     }
     $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
     $log = ilRbacLog::diffFaPa($log_old, $log_new);
     ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
     if (count((array) $_POST['block'])) {
         return $this->showConfirmBlockRole(array_keys($_POST['block']));
     }
     ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
     #$this->ctrl->redirect($this,'perm');
     $this->perm();
 }
Example #16
0
 /**
  * Adjust permissions of moved objects
  * - Delete permissions of parent roles that do not exist in new context
  * - Delete role templates of parent roles that do not exist in new context
  * - Add permissions for parent roles that did not exist in old context
  *
  * @access public
  * @param int ref id of moved object
  * @param int ref_id of old parent
  * 
  */
 public function adjustMovedObjectPermissions($a_ref_id, $a_old_parent)
 {
     global $rbacreview, $tree, $ilLog;
     $new_parent = $tree->getParentId($a_ref_id);
     $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent, false);
     $new_context_roles = $rbacreview->getParentRoleIds($new_parent, false);
     $for_addition = $for_deletion = array();
     foreach ($new_context_roles as $new_role_id => $new_role) {
         if (!isset($old_context_roles[$new_role_id])) {
             $for_addition[$new_role_id] = $new_role;
         } elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) {
             // handle stopped inheritance
             $for_deletion[$new_role_id] = $new_role;
             $for_addition[$new_role_id] = $new_role;
         }
     }
     foreach ($old_context_roles as $old_role_id => $old_role) {
         if (!isset($new_context_roles[$old_role_id])) {
             $for_deletion[$old_role_id] = $old_role;
         }
     }
     if (!count($for_deletion) and !count($for_addition)) {
         return true;
     }
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_active = ilRbacLog::isActive();
     if ($rbac_log_active) {
         $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
     }
     foreach ($nodes = $tree->getSubTree($node_data = $tree->getNodeData($a_ref_id), true) as $node_data) {
         $node_id = $node_data['child'];
         if ($rbac_log_active) {
             $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
         }
         // If $node_data['type'] is not set, this means there is a tree entry without
         // object_reference and/or object_data entry
         // Continue in this case
         if (!$node_data['type']) {
             $ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.');
             continue;
         }
         if (!$node_id) {
             $ilLog->write(__METHOD__ . ': Missing subtree node_id');
             continue;
         }
         foreach ($for_deletion as $role_id => $role_data) {
             $this->deleteLocalRole($role_id, $node_id);
             $this->revokePermission($node_id, $role_id, false);
             //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
         }
         foreach ($for_addition as $role_id => $role_data) {
             $this->grantPermission($role_id, $ops = $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_data['parent']), $node_id);
             //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
         }
         if ($rbac_log_active) {
             $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
             $log = ilRbacLog::diffFaPa($log_old, $log_new);
             ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
         }
     }
 }
 /**
  * Copy multiple non container
  *
  * @param array $a_sources array of source ref ids
  */
 function copyMultipleNonContainer($a_sources)
 {
     global $ilAccess, $objDefinition, $rbacsystem, $ilUser, $ilCtrl, $rbacreview;
     include_once './Services/Link/classes/class.ilLink.php';
     include_once 'Services/CopyWizard/classes/class.ilCopyWizardOptions.php';
     // check permissions
     foreach ($a_sources as $source_ref_id) {
         $source_type = ilObject::_lookupType($source_ref_id, true);
         // Create permission
         if (!$rbacsystem->checkAccess('create', $this->getTarget(), $source_type)) {
             ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
             $ilCtrl->returnToParent($this);
         }
         // Copy permission
         if (!$ilAccess->checkAccess('copy', '', $source_ref_id)) {
             ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
             $ilCtrl->returnToParent($this);
         }
         // check that these objects are really not containers
         if ($objDefinition->isContainer($source_type)) {
             ilUtil::sendFailure($this->lng->txt('cntr_container_only_on_their_own'), true);
             $ilCtrl->returnToParent($this);
         }
     }
     reset($a_sources);
     // clone
     foreach ($a_sources as $source_ref_id) {
         // Save wizard options
         $copy_id = ilCopyWizardOptions::_allocateCopyId();
         $wizard_options = ilCopyWizardOptions::_getInstance($copy_id);
         $wizard_options->saveOwner($ilUser->getId());
         $wizard_options->saveRoot((int) $source_ref_id);
         $wizard_options->read();
         $orig = ilObjectFactory::getInstanceByRefId((int) $source_ref_id);
         $new_obj = $orig->cloneObject($this->getTarget(), $copy_id);
         // Delete wizard options
         $wizard_options->deleteAll();
         // rbac log
         include_once "Services/AccessControl/classes/class.ilRbacLog.php";
         if (ilRbacLog::isActive()) {
             $rbac_log_roles = $rbacreview->getParentRoleIds($new_obj->getRefId(), false);
             $rbac_log = ilRbacLog::gatherFaPa($new_obj->getRefId(), array_keys($rbac_log_roles), true);
             ilRbacLog::add(ilRbacLog::COPY_OBJECT, $new_obj->getRefId(), $rbac_log, (int) $source_ref_id);
         }
     }
     unset($_SESSION["clipboard"]["ref_ids"]);
     unset($_SESSION["clipboard"]["cmd"]);
     if (count($a_sources) == 1) {
         ilUtil::sendSuccess($this->lng->txt("object_duplicated"), true);
         ilUtil::redirect(ilLink::_getLink($new_obj->getRefId()));
     } else {
         ilUtil::sendSuccess($this->lng->txt("objects_duplicated"), true);
         ilUtil::redirect(ilLink::_getLink($this->getTarget()));
     }
 }