/**
* Apply action
*/
public function apply()
{
global $rbacreview, $rbacadmin;
$source = $this->initSourceObject();
// Check if role folder already exists
// Create role
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole();
$role->setTitle(ilObject::_lookupTitle($this->getRoleTemplateId()));
$role->setDescription(ilObject::_lookupDescription($this->getRoleTemplateId()));
$role->create();
$rbacadmin->assignRoleToFolder($role->getId(), $source->getRefId(), "y");
$GLOBALS['ilLog']->write(__METHOD__ . ': Using rolt: ' . $this->getRoleTemplateId() . ' with title "' . ilObject::_lookupTitle($this->getRoleTemplateId() . '". '));
// Copy template permissions
$rbacadmin->copyRoleTemplatePermissions($this->getRoleTemplateId(), ROLE_FOLDER_ID, $source->getRefId(), $role->getId(), true);
// Set permissions
$ops = $rbacreview->getOperationsOfRole($role->getId(), $source->getType(), $source->getRefId());
$rbacadmin->grantPermission($role->getId(), $ops, $source->getRefId());
return true;
}
/**
*
* @param type $a_title
* @param type $a_description
* @param type $a_tpl_name
* @param type $a_ref_id
* @return ilObjRole
*/
public static function createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
{
global $ilDB;
// SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
$res = $ilDB->query("SELECT obj_id FROM object_data " . " WHERE type=" . $ilDB->quote("rolt", "text") . " AND title=" . $ilDB->quote($a_tpl_name, "text"));
while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
$tpl_id = $row->obj_id;
}
if (!$tpl_id) {
return null;
}
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole();
$role->setTitle($a_title);
$role->setDescription($a_description);
$role->create();
$GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 'y');
$GLOBALS['rbacadmin']->copyRoleTemplatePermissions($tpl_id, ROLE_FOLDER_ID, $a_ref_id, $role->getId());
$ops = $GLOBALS['rbacreview']->getOperationsOfRole($role->getId(), ilObject::_lookupType($a_ref_id, TRUE), $a_ref_id);
$GLOBALS['rbacadmin']->grantPermission($role->getId(), $ops, $a_ref_id);
return $role;
}
/**
* Copy local roles
* This method creates a copy of all local role.
* Note: auto generated roles are excluded
*
* @access public
* @param int source id of object (not role folder)
* @param int target id of object
*
*/
public function copyLocalRoles($a_source_id, $a_target_id)
{
global $rbacreview, $ilLog, $ilObjDataCache;
$real_local = array();
foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) {
$title = $ilObjDataCache->lookupTitle($role_data);
if (substr($title, 0, 3) == 'il_') {
continue;
}
$real_local[] = $role_data;
}
if (!count($real_local)) {
return true;
}
// Create role folder
foreach ($real_local as $role) {
include_once "./Services/AccessControl/classes/class.ilObjRole.php";
$orig = new ilObjRole($role);
$orig->read();
$ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle());
$roleObj = new ilObjRole();
$roleObj->setTitle($orig->getTitle());
$roleObj->setDescription($orig->getDescription());
$roleObj->setImportId($orig->getImportId());
$roleObj->create();
$this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y");
$this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true);
$ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId());
}
}
/**
* creates a local role in current rolefolder (this object)
*
* @access public
* @param string title
* @param string description
* @return object role object
*/
function createRole($a_title, $a_desc, $a_import_id = 0)
{
global $rbacadmin, $rbacreview;
include_once "./Services/AccessControl/classes/class.ilObjRole.php";
$roleObj = new ilObjRole();
$roleObj->setTitle($a_title);
$roleObj->setDescription($a_desc);
//echo "aaa-1-";
if ($a_import_id != "") {
//echo "aaa-2-".$a_import_id."-";
$roleObj->setImportId($a_import_id);
}
$roleObj->create();
// ...and put the role into local role folder...
$rbacadmin->assignRoleToFolder($roleObj->getId(), $this->getRefId(), "y");
return $roleObj;
}
/**
* Store form input in role object
* @return
* @param object $role
*/
protected function loadRoleProperties(ilObjRole $role)
{
$role->setTitle($this->form->getInput('title'));
$role->setDescription($this->form->getInput('desc'));
$role->setAllowRegister($this->form->getInput('reg'));
$role->toggleAssignUsersStatus($this->form->getInput('la'));
$role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(), 2));
$role->setPersonalWorkspaceDiskQuota($this->form->getInput('wsp_disk_quota') * pow(ilFormat::_getSizeMagnitude(), 2));
return true;
}
public function initDefaultRoles()
{
global $rbacadmin, $rbacreview, $ilAppEventHandler;
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole();
$role->setTitle("il_orgu_employee_" . $this->getRefId());
$role->setDescription("Emplyee of org unit obj_no." . $this->getId());
$role->create();
$GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getRefId(), 'y');
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role_sup = ilObjRole::createDefaultRole('il_orgu_superior_' . $this->getRefId(), "Superior of org unit obj_no." . $this->getId(), 'il_orgu_superior', $this->getRefId());
$ilAppEventHandler->raise('Modules/OrgUnit', 'initDefaultRoles', array('object' => $this, 'obj_id' => $this->getId(), 'ref_id' => $this->getRefId(), 'role_superior_id' => $role->getId(), 'role_employee_id' => $role_sup->getId()));
}
/**
* adds a local role
* This method is only called when choose the option 'you may add local roles'. This option
* is displayed in the permission settings dialogue for an object
* TODO: this will be changed
* @access public
*
*/
protected function addRole()
{
global $rbacadmin, $rbacreview, $rbacsystem, $ilErr, $ilCtrl;
$form = $this->initRoleForm();
if ($form->checkInput()) {
$new_title = $form->getInput("title");
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole();
$role->setTitle($new_title);
$role->setDescription($form->getInput('desc'));
$role->create();
$GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
// protect
$rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role->getId(), $form->getInput('pro') ? 'y' : 'n');
// copy rights
$right_id_to_copy = $form->getInput("rights");
if ($right_id_to_copy) {
$parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
$rbacadmin->copyRoleTemplatePermissions($right_id_to_copy, $parentRoles[$right_id_to_copy]["parent"], $this->getCurrentObject()->getRefId(), $role->getId(), false);
if ($form->getInput('existing')) {
if ($form->getInput('pro')) {
$role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'));
} else {
$role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'));
}
}
}
// add to desktop items
if ($form->getInput("desktop")) {
include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
$role_desk_item_obj = new ilRoleDesktopItem($role->getId());
$role_desk_item_obj->add($this->getCurrentObject()->getRefId(), ilObject::_lookupType($this->getCurrentObject()->getRefId(), true));
}
ilUtil::sendSuccess($this->lng->txt("role_added"), true);
$this->ctrl->redirect($this, 'perm');
} else {
$form->setValuesByPost();
$this->tpl->setContent($form->getHTML());
}
}
function addRoleFromTemplate($sid, $target_id, $role_xml, $template_id)
{
$this->initAuth($sid);
$this->initIlias();
if (!$this->__checkSession($sid)) {
return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
}
global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin, $ilAccess;
if (!($tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id, false))) {
return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object', 'Client');
}
if (ilObject::_lookupType($template_id) != 'rolt') {
return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template', 'Client');
}
if (ilObject::_isInTrash($target_id)) {
return $this->__raiseError("Parent with ID {$target_id} has been deleted.", 'CLIENT_TARGET_DELETED');
}
if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
return $this->__raiseError('Check access failed. No permission to create roles', 'Server');
}
include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
$xml_parser =& new ilObjectXMLParser($role_xml);
$xml_parser->startParsing();
foreach ($xml_parser->getObjectData() as $object_data) {
// check if role title has il_ prefix
if (substr($object_data['title'], 0, 3) == "il_") {
return $this->__raiseError('Rolenames are not allowed to start with "il_" ', 'Client');
}
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole();
$role->setTitle($object_data['title']);
$role->setDescription($object_data['description']);
$role->setImportId($object_data['import_id']);
$role->create();
$GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
// Copy permssions
$rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
// Set object permissions according to role template
$ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
$rbacadmin->grantPermission($role->getId(), $ops, $target_id);
$new_roles[] = $role->getId();
}
// CREATE ADMIN ROLE
return $new_roles ? $new_roles : array();
}
/**
* Store form input in role object
* @return
* @param object $role
*/
protected function loadRoleProperties(ilObjRole $role)
{
//Don't set if fields are disabled to prevent html manipulation.
if (!$this->form->getItemByPostVar('title')->getDisabled()) {
$role->setTitle($this->form->getInput('title'));
}
if (!$this->form->getItemByPostVar('desc')->getDisabled()) {
$role->setDescription($this->form->getInput('desc'));
}
$role->setAllowRegister($this->form->getInput('reg'));
$role->toggleAssignUsersStatus($this->form->getInput('la'));
$role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(), 2));
$role->setPersonalWorkspaceDiskQuota($this->form->getInput('wsp_disk_quota') * pow(ilFormat::_getSizeMagnitude(), 2));
return true;
}
