/**
  * save permissions
  * 
  * @access	public
  */
 function permSaveObject($a_show_admin_permissions = false)
 {
     global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
     // for role administration check write of global role folder
     /*
     if ($this->rolf_ref_id == ROLE_FOLDER_ID)
     {
     	$access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
     }
     else	// for local roles check 'edit permission' of parent object of the local role folder
     {
     	$access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
     }
     */
     $access = $this->checkAccess('visible,write', 'edit_permission');
     if (!$access) {
         $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
     }
     // rbac log
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $rbac_log_active = ilRbacLog::isActive();
     if ($rbac_log_active) {
         $rbac_log_old = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
     }
     // delete all template entries of enabled types
     if ($this->rolf_ref_id == ROLE_FOLDER_ID) {
         if ($a_show_admin_permissions) {
             $subs = $objDefinition->getSubObjectsRecursively('adm', true, true);
         } else {
             $subs = $objDefinition->getSubObjectsRecursively('root', true, false);
         }
     } else {
         $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(), true, false);
     }
     foreach ($subs as $subtype => $def) {
         // Delete per object type
         $rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id, $subtype);
     }
     if (empty($_POST["template_perm"])) {
         $_POST["template_perm"] = array();
     }
     foreach ($_POST["template_perm"] as $key => $ops_array) {
         // sets new template permissions
         $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->rolf_ref_id);
     }
     if ($rbac_log_active) {
         $rbac_log_new = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
         $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
         ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
     }
     // update object data entry (to update last modification date)
     $this->object->update();
     // set protected flag
     if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(), $this->rolf_ref_id)) {
         $rbacadmin->setProtected($this->rolf_ref_id, $this->object->getId(), ilUtil::tf2yn($_POST['protected']));
     }
     if ($a_show_admin_permissions) {
         $_POST['recursive'] = true;
     }
     // Redirect if Change existing objects is not chosen
     if (!$_POST['recursive'] and !is_array($_POST['recursive_list'])) {
         ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
         if ($a_show_admin_permissions) {
             $this->ctrl->redirect($this, 'adminPerm');
         } else {
             $this->ctrl->redirect($this, 'perm');
         }
     }
     // New implementation
     if ($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions) {
         $this->showChangeExistingObjectsConfirmation();
         return true;
     }
     $start = $this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id);
     if ($a_show_admin_permissions) {
         $start = $tree->getParentId($this->rolf_ref_id);
     }
     if ($_POST['protected']) {
         $this->object->changeExistingObjects($start, ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'), array());
     } else {
         $this->object->changeExistingObjects($start, ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'), array());
     }
     ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
     if ($a_show_admin_permissions) {
         $this->ctrl->redirect($this, 'adminPerm');
     } else {
         $this->ctrl->redirect($this, 'perm');
     }
     return true;
 }