protected function getItems($a_ref_id, array $a_current_filter = NULL) { global $rbacreview; $this->determineOffsetAndOrder(); foreach ($rbacreview->getOperations() as $op) { $this->operations[$op["ops_id"]] = $op["operation"]; } // special case: role folder should display root folder entries if ($a_ref_id == ROLE_FOLDER_ID) { $a_ref_id = ROOT_FOLDER_ID; } $data = ilRbacLog::getLogItems($a_ref_id, $this->getLimit(), $this->getOffset(), $a_current_filter); $this->setData($data["set"]); $this->setMaxCount($data["cnt"]); }
public function cloneObject($a_target_id, $a_copy_id = 0, $a_omit_tree = false) { global $rbacreview; require_once 'Modules/Chatroom/classes/class.ilChatroom.php'; $original_room = ilChatroom::byObjectId($this->getId()); $newObj = parent::cloneObject($a_target_id, $a_copy_id, $a_omit_tree); $objId = $newObj->getId(); $original_settings = $original_room->getSettings(); $room = new ilChatroom(); $original_settings['object_id'] = $objId; $room->saveSettings($original_settings); // rbac log include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_roles = $rbacreview->getParentRoleIds($newObj->getRefId(), false); $rbac_log = ilRbacLog::gatherFaPa($newObj->getRefId(), array_keys($rbac_log_roles), true); ilRbacLog::add(ilRbacLog::CREATE_OBJECT, $newObj->getRefId(), $rbac_log); return $newObj; }
/** * Add object to tree at given position * * @param ilObject $a_obj * @param int $a_parent_node_id */ protected function putObjectInTree(ilObject $a_obj, $a_parent_node_id = null) { global $rbacreview, $ilUser, $objDefinition; $this->object_id = $a_obj->getId(); if (!$a_parent_node_id) { $a_parent_node_id = $this->parent_id; } // add new object to custom parent container if ((int) $_REQUEST["crtptrefid"]) { $a_parent_node_id = (int) $_REQUEST["crtptrefid"]; } switch ($this->id_type) { case self::REPOSITORY_NODE_ID: case self::REPOSITORY_OBJECT_ID: if (!$this->node_id) { $a_obj->createReference(); $this->node_id = $a_obj->getRefId(); } $a_obj->putInTree($a_parent_node_id); $a_obj->setPermissions($a_parent_node_id); // rbac log include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_roles = $rbacreview->getParentRoleIds($this->node_id, false); $rbac_log = ilRbacLog::gatherFaPa($this->node_id, array_keys($rbac_log_roles), true); ilRbacLog::add(ilRbacLog::CREATE_OBJECT, $this->node_id, $rbac_log); $this->ctrl->setParameter($this, "ref_id", $this->node_id); break; case self::WORKSPACE_NODE_ID: case self::WORKSPACE_OBJECT_ID: if (!$this->node_id) { $this->node_id = $this->tree->insertObject($a_parent_node_id, $this->object_id); } $this->getAccessHandler()->setPermissions($a_parent_node_id, $this->node_id); $this->ctrl->setParameter($this, "wsp_id", $this->node_id); break; case self::OBJECT_ID: case self::PORTFOLIO_OBJECT_ID: // do nothing break; } // BEGIN ChangeEvent: Record save object. require_once 'Services/Tracking/classes/class.ilChangeEvent.php'; ilChangeEvent::_recordWriteEvent($this->object_id, $ilUser->getId(), 'create'); // END ChangeEvent: Record save object. // use forced callback after object creation self::handleAfterSaveCallback($a_obj, $_REQUEST["crtcb"]); }
/** * delete object or referenced object * (in the case of a referenced object, object data is only deleted * if last reference is deleted) * This function removes an object entirely from system!! * * @access public * @return boolean true if object was removed completely; false if only a references was removed */ function delete() { global $rbacadmin, $log, $ilDB; $remove = false; // delete object_data entry if (!$this->referenced || $this->countReferences() == 1) { // check type match $db_type = ilObject::_lookupType($this->getId()); if ($this->type != $db_type) { $message = "ilObject::delete(): Type mismatch. Object with obj_id: " . $this->id . " " . "was instantiated by type '" . $this->type . "'. DB type is: " . $db_type; // write log entry $log->write($message); // raise error $this->ilias->raiseError("ilObject::delete(): Type mismatch. (" . $this->type . "/" . $this->id . ")", $this->ilias->error_obj->WARNING); } // delete entry in object_data $q = "DELETE FROM object_data " . "WHERE obj_id = " . $ilDB->quote($this->getId(), "integer"); $ilDB->manipulate($q); // delete long description $query = "DELETE FROM object_description WHERE obj_id = " . $ilDB->quote($this->getId(), "integer"); $ilDB->manipulate($query); // write log entry $log->write("ilObject::delete(), deleted object, obj_id: " . $this->getId() . ", type: " . $this->getType() . ", title: " . $this->getTitle()); // remove news include_once "./Services/News/classes/class.ilNewsItem.php"; $news_item = new ilNewsItem(); $news_item->deleteNewsOfContext($this->getId(), $this->getType()); include_once "./Services/Block/classes/class.ilBlockSetting.php"; ilBlockSetting::_deleteSettingsOfBlock($this->getId(), "news"); include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php'; ilDidacticTemplateObjSettings::deleteByObjId($this->getId()); /* remove notes (see infoscreen gui) as they can be seen as personal data we are keeping them for now include_once("Services/Notes/classes/class.ilNote.php"); foreach(array(IL_NOTE_PRIVATE, IL_NOTE_PUBLIC) as $note_type) { foreach(ilNote::_getNotesOfObject($this->id, 0, $this->type, $note_type) as $note) { $note->delete(); } } */ // BEGIN WebDAV: Delete WebDAV properties $query = "DELETE FROM dav_property " . "WHERE obj_id = " . $ilDB->quote($this->getId(), 'integer'); $res = $ilDB->manipulate($query); // END WebDAV: Delete WebDAV properties include_once './Services/Tracking/classes/class.ilChangeEvent.php'; ilChangeEvent::_delete($this->getId()); include_once './Services/Tracking/classes/class.ilLPCollections.php'; ilLPCollections::_deleteAll($this->getId()); include_once './Services/WebServices/ECS/classes/class.ilECSImport.php'; ilECSImport::_deleteByObjId($this->getId()); $remove = true; } else { // write log entry $log->write("ilObject::delete(), object not deleted, number of references: " . $this->countReferences() . ", obj_id: " . $this->getId() . ", type: " . $this->getType() . ", title: " . $this->getTitle()); } // delete object_reference entry if ($this->referenced) { include_once "Services/Object/classes/class.ilObjectActivation.php"; ilObjectActivation::deleteAllEntries($this->getRefId()); // delete entry in object_reference $query = "DELETE FROM object_reference " . "WHERE ref_id = " . $ilDB->quote($this->getRefId(), 'integer'); $res = $ilDB->manipulate($query); // write log entry $log->write("ilObject::delete(), reference deleted, ref_id: " . $this->getRefId() . ", obj_id: " . $this->getId() . ", type: " . $this->getType() . ", title: " . $this->getTitle()); // DELETE PERMISSION ENTRIES IN RBAC_PA // DONE: method overwritten in ilObjRole & ilObjUser. // this call only applies for objects in rbac (not usr,role,rolt) // TODO: Do this for role templates too $rbacadmin->revokePermission($this->getRefId(), 0, false); include_once "Services/AccessControl/classes/class.ilRbacLog.php"; ilRbacLog::delete($this->getRefId()); // Remove applied didactic template setting include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php'; ilDidacticTemplateObjSettings::deleteByRefId($this->getRefId()); // Remove desktop items ilUtil::removeItemFromDesktops($this->getRefId()); } // remove conditions if ($this->referenced) { $ch =& new ilConditionHandler(); $ch->delete($this->getRefId()); unset($ch); } return $remove; }
/** * save permissions * * @access public */ function permSaveObject($a_show_admin_permissions = false) { global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree; // for role administration check write of global role folder /* if ($this->rolf_ref_id == ROLE_FOLDER_ID) { $access = $rbacsystem->checkAccess('write',$this->rolf_ref_id); } else // for local roles check 'edit permission' of parent object of the local role folder { $access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id)); } */ $access = $this->checkAccess('visible,write', 'edit_permission'); if (!$access) { $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE); } // rbac log include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_active = ilRbacLog::isActive(); if ($rbac_log_active) { $rbac_log_old = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId()); } // delete all template entries of enabled types if ($this->rolf_ref_id == ROLE_FOLDER_ID) { if ($a_show_admin_permissions) { $subs = $objDefinition->getSubObjectsRecursively('adm', true, true); } else { $subs = $objDefinition->getSubObjectsRecursively('root', true, false); } } else { $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(), true, false); } foreach ($subs as $subtype => $def) { // Delete per object type $rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id, $subtype); } if (empty($_POST["template_perm"])) { $_POST["template_perm"] = array(); } foreach ($_POST["template_perm"] as $key => $ops_array) { // sets new template permissions $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->rolf_ref_id); } if ($rbac_log_active) { $rbac_log_new = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId()); $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new); ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff); } // update object data entry (to update last modification date) $this->object->update(); // set protected flag if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(), $this->rolf_ref_id)) { $rbacadmin->setProtected($this->rolf_ref_id, $this->object->getId(), ilUtil::tf2yn($_POST['protected'])); } if ($a_show_admin_permissions) { $_POST['recursive'] = true; } // Redirect if Change existing objects is not chosen if (!$_POST['recursive'] and !is_array($_POST['recursive_list'])) { ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true); if ($a_show_admin_permissions) { $this->ctrl->redirect($this, 'adminPerm'); } else { $this->ctrl->redirect($this, 'perm'); } } // New implementation if ($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions) { $this->showChangeExistingObjectsConfirmation(); return true; } $start = $this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id); if ($a_show_admin_permissions) { $start = $tree->getParentId($this->rolf_ref_id); } if ($_POST['protected']) { $this->object->changeExistingObjects($start, ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'), array()); } else { $this->object->changeExistingObjects($start, ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'), array()); } ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true); if ($a_show_admin_permissions) { $this->ctrl->redirect($this, 'adminPerm'); } else { $this->ctrl->redirect($this, 'perm'); } return true; }
public function performPasteIntoMultipleObjectsObject() { global $rbacsystem, $rbacadmin, $rbacreview, $log, $tree, $ilObjDataCache, $ilUser; $command = $_SESSION['clipboard']['cmd']; if (!in_array($command, array('cut', 'link', 'copy'))) { $message = __METHOD__ . ": cmd was neither 'cut', 'link' nor 'copy'; may be a hack attempt!"; $this->ilias->raiseError($message, $this->ilias->error_obj->WARNING); } if ($command == 'cut') { if (isset($_POST['node']) && (int) $_POST['node']) { $_POST['nodes'] = array($_POST['node']); } } if (!is_array($_POST['nodes']) || !count($_POST['nodes'])) { ilUtil::sendFailure($this->lng->txt('select_at_least_one_object')); switch ($command) { case 'cut': $this->showPasteTreeObject(); break; case 'copy': $this->showPasteTreeObject(); break; case 'link': $this->showPasteTreeObject(); break; } return; } // this loop does all checks $folder_objects_cache = array(); foreach ($_SESSION['clipboard']['ref_ids'] as $ref_id) { $obj_data = ilObjectFactory::getInstanceByRefId($ref_id); $current_parent_id = $tree->getParentId($obj_data->getRefId()); foreach ($_POST['nodes'] as $folder_ref_id) { if (!array_key_exists($folder_ref_id, $folder_objects_cache)) { $folder_objects_cache[$folder_ref_id] = ilObjectFactory::getInstanceByRefId($folder_ref_id); } // CHECK ACCESS if (!$rbacsystem->checkAccess('create', $folder_ref_id, $obj_data->getType())) { $no_paste[] = sprintf($this->lng->txt('msg_no_perm_paste_object_in_folder'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']', $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']'); } // CHECK IF REFERENCE ALREADY EXISTS if ($folder_ref_id == $current_parent_id) { $exists[] = sprintf($this->lng->txt('msg_obj_exists_in_folder'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']', $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']'); } // CHECK IF PASTE OBJECT SHALL BE CHILD OF ITSELF if ($tree->isGrandChild($ref_id, $folder_ref_id) || $ref_id == $folder_ref_id) { $is_child[] = sprintf($this->lng->txt('msg_paste_object_not_in_itself'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']'); } // CHECK IF OBJECT IS ALLOWED TO CONTAIN PASTED OBJECT AS SUBOBJECT if (!in_array($obj_data->getType(), array_keys($this->objDefinition->getSubObjects($folder_objects_cache[$folder_ref_id]->getType())))) { $not_allowed_subobject[] = sprintf($this->lng->txt('msg_obj_may_not_contain_objects_of_type'), $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']', $GLOBALS['lng']->txt('obj_' . $obj_data->getType())); } } } //////////////////////////// // process checking results if (count($exists) && $command != "copy") { $error .= implode('<br />', $exists); } if (count($is_child)) { $error .= $error != '' ? '<br />' : ''; $error .= implode('<br />', $is_child); } if (count($not_allowed_subobject)) { $error .= $error != '' ? '<br />' : ''; $error .= implode('<br />', $not_allowed_subobject); } if (count($no_paste)) { $error .= $error != '' ? '<br />' : ''; $error .= implode('<br />', $no_paste); } if ($error != '') { ilUtil::sendFailure($error); switch ($command) { case 'cut': $this->showPasteTreeObject(); break; case 'copy': $this->showPasteTreeObject(); break; case 'link': $this->showPasteTreeObject(); break; } return; } // log pasteObject call $log->write(__METHOD__ . ", cmd: " . $command); //////////////////////////////////////////////////////// // everything ok: now paste the objects to new location // to prevent multiple actions via back/reload button $ref_ids = $_SESSION['clipboard']['ref_ids']; unset($_SESSION['clipboard']['ref_ids']); // BEGIN ChangeEvent: Record paste event. require_once 'Services/Tracking/classes/class.ilChangeEvent.php'; // END ChangeEvent: Record paste event. // process COPY command if ($command == 'copy') { foreach ($_POST['nodes'] as $folder_ref_id) { foreach ($ref_ids as $ref_id) { $revIdMapping = array(); $oldNode_data = $tree->getNodeData($ref_id); if ($oldNode_data['parent'] == $folder_ref_id) { require_once 'Modules/File/classes/class.ilObjFileAccess.php'; $newTitle = ilObjFileAccess::_appendNumberOfCopyToFilename($oldNode_data['title'], null); $newRef = $this->cloneNodes($ref_id, $folder_ref_id, $refIdMapping, $newTitle); } else { $newRef = $this->cloneNodes($ref_id, $folder_ref_id, $refIdMapping, null); } // BEGIN ChangeEvent: Record copy event. $old_parent_data = $tree->getParentNodeData($ref_id); $newNode_data = $tree->getNodeData($newRef); ilChangeEvent::_recordReadEvent($oldNode_data['type'], $ref_id, $oldNode_data['obj_id'], $ilUser->getId()); ilChangeEvent::_recordWriteEvent($newNode_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id)); ilChangeEvent::_catchupWriteEvents($newNode_data['obj_id'], $ilUser->getId()); // END PATCH ChangeEvent: Record cut event. } } ilUtil::sendSuccess($this->lng->txt('msg_cloned'), true); } // END COPY // process CUT command if ($command == 'cut') { foreach ($_POST['nodes'] as $folder_ref_id) { foreach ($ref_ids as $ref_id) { // Store old parent $old_parent = $tree->getParentId($ref_id); $tree->moveTree($ref_id, $folder_ref_id); $rbacadmin->adjustMovedObjectPermissions($ref_id, $old_parent); include_once './Services/AccessControl/classes/class.ilConditionHandler.php'; ilConditionHandler::_adjustMovedObjectConditions($ref_id); // BEGIN ChangeEvent: Record cut event. $node_data = $tree->getNodeData($ref_id); $old_parent_data = $tree->getNodeData($old_parent); ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'remove', $old_parent_data['obj_id']); ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id)); ilChangeEvent::_catchupWriteEvents($node_data['obj_id'], $ilUser->getId()); // END PATCH ChangeEvent: Record cut event. } // prevent multiple iterations for cut cmommand break; } ilUtil::sendSuccess($this->lng->txt('msg_cut_copied'), true); } // END CUT // process LINK command if ($command == 'link') { $linked_to_folders = array(); include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_active = ilRbacLog::isActive(); foreach ($_POST['nodes'] as $folder_ref_id) { $linked_to_folders[] = $ilObjDataCache->lookupTitle($ilObjDataCache->lookupObjId($folder_ref_id)); foreach ($ref_ids as $ref_id) { // get node data $top_node = $tree->getNodeData($ref_id); // get subnodes of top nodes $subnodes[$ref_id] = $tree->getSubtree($top_node); } // now move all subtrees to new location foreach ($subnodes as $key => $subnode) { // first paste top_node.... $obj_data = ilObjectFactory::getInstanceByRefId($key); $new_ref_id = $obj_data->createReference(); $obj_data->putInTree($folder_ref_id); $obj_data->setPermissions($folder_ref_id); // rbac log if ($rbac_log_active) { $rbac_log_roles = $rbacreview->getParentRoleIds($new_ref_id, false); $rbac_log = ilRbacLog::gatherFaPa($new_ref_id, array_keys($rbac_log_roles), true); ilRbacLog::add(ilRbacLog::LINK_OBJECT, $new_ref_id, $rbac_log, $key); } // BEGIN ChangeEvent: Record link event. $node_data = $tree->getNodeData($new_ref_id); ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id)); ilChangeEvent::_catchupWriteEvents($node_data['obj_id'], $ilUser->getId()); // END PATCH ChangeEvent: Record link event. } $log->write(__METHOD__ . ', link finished'); } ilUtil::sendSuccess(sprintf($this->lng->txt('mgs_objects_linked_to_the_following_folders'), implode(', ', $linked_to_folders)), true); } // END LINK // clear clipboard $this->clearObject(); $this->ctrl->returnToParent($this); }
/** * Adjust permissions * @param int $a_mode * @param array $a_nodes array of nodes * @param array $a_policies array of object ref ids * @param array $a_exclusion_filter of object types. * @return */ protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array()) { global $rbacadmin, $rbacreview, $tree; $operation_stack = array(); $policy_stack = array(); #$left_stack = array(); #$right_stack = array(); $node_stack = array(); $start_node = current($a_nodes); #array_push($left_stack, $start_node['lft']); #array_push($right_stack, $start_node['rgt']); array_push($node_stack, $start_node); $this->updatePolicyStack($policy_stack, $start_node['child']); $this->updateOperationStack($operation_stack, $start_node['child'], true); include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_active = ilRbacLog::isActive(); $local_policy = false; foreach ($a_nodes as $node) { #$lft = end($left_stack); #$rgt = end($right_stack); $cmp_node = end($node_stack); while ($relation = $tree->getRelationOfNodes($node, $cmp_node)) { #$GLOBALS['ilLog']->write(__METHOD__.': New relation '. $relation); switch ($relation) { case ilTree::RELATION_NONE: case ilTree::RELATION_SIBLING: #$GLOBALS['ilLog']->write(__METHOD__.': Handling sibling/none '. $relation); #$GLOBALS['ilLog']->write(__METHOD__.': Node a '.print_r($node,true).' '.print_r($cmp_node,true)); break; case ilTree::RELATION_CHILD: case ilTree::RELATION_EQUALS: case ilTree::RELATION_PARENT: default: #$GLOBALS['ilLog']->write(__METHOD__.': Handling child/equals/parent '. $relation); break 2; } #$GLOBALS['ilLog']->write(__METHOD__.': end switch '); #$GLOBALS['ilLog']->write(__METHOD__.': Comparing '. print_r($node,true).' with '. print_r($cmp_node,true).' with result '. $tree->getRelationOfnodes($node,$cmp_node)); array_pop($operation_stack); array_pop($policy_stack); array_pop($node_stack); #array_pop($left_stack); #array_pop($right_stack); $cmp_node = end($node_stack); $local_policy = false; } #$GLOBALS['ilLog']->write(__METHOD__.': End while'); /* while(($node['lft'] < $lft) or ($node['rgt'] > $rgt)) { #echo "LEFT ".$node['child'].'<br>'; array_pop($operation_stack); array_pop($policy_stack); array_pop($left_stack); array_pop($right_stack); $lft = end($left_stack); $rgt = end($right_stack); $local_policy = false; } */ if ($local_policy) { #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>'; // Continue if inside of local policy continue; } // Start node => set permissions and continue if ($node['child'] == $start_node['child']) { if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) { if ($rbac_log_active) { $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false); $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); } // Set permissions $perms = end($operation_stack); $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']); if ($rbac_log_active) { $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new); ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log); } } continue; } // Node has local policies => update permission stack and continue if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) { #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>'; $local_policy = true; $this->updatePolicyStack($policy_stack, $node['child']); $this->updateOperationStack($operation_stack, $node['child']); #array_push($left_stack,$node['lft']); #array_push($right_stack, $node['rgt']); array_push($node_stack, $node); continue; } // Continue if this object type is in filter if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) { continue; } if ($rbac_log_active) { $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false); $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); } #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>'; // Node is course => create course permission intersection if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') { #echo "CRS ".$node['child'].'<br>'; // Copy role permission intersection $perms = end($operation_stack); $this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']); if ($this->updateOperationStack($operation_stack, $node['child'])) { #echo "CRS SUCCESS ".$node['child'].'<br>'; $this->updatePolicyStack($policy_stack, $node['child']); #array_push($left_stack, $node['lft']); #array_push($right_stack, $node['rgt']); array_push($node_stack, $node); } } // Node is group => create group permission intersection if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') { #echo "GRP ".$node['child'].'<br>'; // Copy role permission intersection $perms = end($operation_stack); $this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']); if ($this->updateOperationStack($operation_stack, $node['child'])) { #echo "GRP SUCCESS ".$node['child'].'<br>'; $this->updatePolicyStack($policy_stack, $node['child']); #array_push($left_stack, $node['lft']); #array_push($right_stack, $node['rgt']); array_push($node_stack, $node); } } #echo "GRANTED ".$node['child'].'<br>'; // Set permission $perms = end($operation_stack); $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']); #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]); if ($rbac_log_active) { $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new); ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log); } } }
/** * Link node * * @access private * @param * */ private function linkNode($node, $cp_options) { global $ilLog, $ilAccess, $rbacreview; $source_id = $node['child']; $parent_id = $node['parent']; $options = $cp_options->getOptions($node['child']); $mappings = $cp_options->getMappings(); if (!$ilAccess->checkAccess('delete', '', $node['child'])) { $ilLog->write(__METHOD__ . ': No delete permission granted: ' . $source_id . ', ' . $node['title'] . ', ' . $node['type']); return false; } if (!isset($mappings[$parent_id])) { $ilLog->write(__METHOD__ . ': Omitting node ' . $source_id . ', ' . $node['title'] . ', ' . $node['type'] . '. No target found.'); return true; } $target_id = $mappings[$parent_id]; $orig = ilObjectFactory::getInstanceByRefId((int) $source_id); $new_ref_id = $orig->createReference(); $orig->putInTree($target_id); $orig->setPermissions($target_id); if (!$new_ref_id) { $ilLog->write(__METHOD__ . ': Error linking ' . $source_id . ', ' . $node['title'] . ', ' . $node['type'] . '. No target found.'); return false; } // rbac log include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_roles = $rbacreview->getParentRoleIds($new_ref_id, false); $rbac_log = ilRbacLog::gatherFaPa($new_ref_id, array_keys($rbac_log_roles), true); ilRbacLog::add(ilRbacLog::LINK_OBJECT, $new_ref_id, $rbac_log, (int) $source_id); // Finally add new mapping entry $cp_options->appendMapping($source_id, $new_ref_id); return $new_ref_id; }
/** * Adjust permissions * @param int $a_mode * @param array $a_nodes array of nodes * @param array $a_policies array of object ref ids * @param array $a_exclusion_filter of object types. * @return */ protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array()) { global $rbacadmin, $rbacreview; $operation_stack = array(); $policy_stack = array(); $left_stack = array(); $right_stack = array(); $start_node = current($a_nodes); array_push($left_stack, $start_node['lft']); array_push($right_stack, $start_node['rgt']); $this->updatePolicyStack($policy_stack, $start_node['child']); $this->updateOperationStack($operation_stack, $start_node['child']); include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_active = ilRbacLog::isActive(); $local_policy = false; foreach ($a_nodes as $node) { $lft = end($left_stack); $rgt = end($right_stack); #echo "----STACK---- ".$lft.' - '.$rgt.'<br/>'; while ($node['lft'] < $lft or $node['rgt'] > $rgt) { #echo "LEFT ".$node['child'].'<br>'; array_pop($operation_stack); array_pop($policy_stack); array_pop($left_stack); array_pop($right_stack); $lft = end($left_stack); $rgt = end($right_stack); $local_policy = false; } if ($local_policy) { #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>'; // Continue if inside of local policy continue; } // Start node => set permissions and continue if ($node['child'] == $start_node['child']) { if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) { if ($rbac_log_active) { $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false); $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); } // Set permissions $perms = end($operation_stack); $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']); if ($rbac_log_active) { $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new); ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log); } } continue; } // Node has local policies => update permission stack and continue if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) { #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>'; $local_policy = true; $this->updatePolicyStack($policy_stack, $node['child']); $this->updateOperationStack($operation_stack, $node['child']); array_push($left_stack, $node['lft']); array_push($right_stack, $node['rgt']); continue; } // Continue if this object type is in filter if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) { continue; } if ($rbac_log_active) { $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false); $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); } #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>'; // Node is course => create course permission intersection if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') { #echo "CRS ".$node['child'].'<br>'; // Copy role permission intersection $perms = end($operation_stack); $this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']); if ($this->updateOperationStack($operation_stack, $node['child'])) { #echo "CRS SUCCESS ".$node['child'].'<br>'; $this->updatePolicyStack($policy_stack, $node['child']); array_push($left_stack, $node['lft']); array_push($right_stack, $node['rgt']); } } // Node is group => create group permission intersection if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') { #echo "GRP ".$node['child'].'<br>'; // Copy role permission intersection $perms = end($operation_stack); $this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']); if ($this->updateOperationStack($operation_stack, $node['child'])) { #echo "GRP SUCCESS ".$node['child'].'<br>'; $this->updatePolicyStack($policy_stack, $node['child']); array_push($left_stack, $node['lft']); array_push($right_stack, $node['rgt']); } } #echo "GRANTED ".$node['child'].'<br>'; // Set permission $perms = end($operation_stack); $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']); #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]); if ($rbac_log_active) { $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new); ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log); } } }
function log() { include_once "Services/AccessControl/classes/class.ilRbacLog.php"; if (!ilRbacLog::isActive()) { $this->ctrl->redirect($this, "perm"); } $this->__initSubTabs("log"); include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php"; $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId()); $this->tpl->setContent($table->getHTML()); }
/** * Adjust permissions * @param int $a_mode * @param array $a_nodes array of nodes * @param array $a_policies array of object ref ids * @param array $a_exclusion_filter of object types. * @return */ protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array()) { global $rbacadmin, $rbacreview, $tree; $operation_stack = array(); $policy_stack = array(); $node_stack = array(); $start_node = current($a_nodes); array_push($node_stack, $start_node); $this->updatePolicyStack($policy_stack, $start_node['child']); $this->updateOperationStack($operation_stack, $start_node['child'], true); include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_active = ilRbacLog::isActive(); $local_policy = false; foreach ($a_nodes as $node) { $cmp_node = end($node_stack); while ($relation = $tree->getRelationOfNodes($node, $cmp_node)) { switch ($relation) { case ilTree::RELATION_NONE: case ilTree::RELATION_SIBLING: $GLOBALS['ilLog']->write(__METHOD__ . ': Handling sibling/none relation.'); array_pop($operation_stack); array_pop($policy_stack); array_pop($node_stack); $cmp_node = end($node_stack); $local_policy = false; break; case ilTree::RELATION_CHILD: case ilTree::RELATION_EQUALS: case ilTree::RELATION_PARENT: default: $GLOBALS['ilLog']->write(__METHOD__ . ': Handling child/equals/parent ' . $relation); break 2; } } if ($local_policy) { continue; } // Start node => set permissions and continue if ($node['child'] == $start_node['child']) { if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) { if ($rbac_log_active) { $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false); $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); } // Set permissions $perms = end($operation_stack); $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']); if ($rbac_log_active) { $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new); ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log); } } continue; } // Node has local policies => update permission stack and continue if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) { $local_policy = true; $this->updatePolicyStack($policy_stack, $node['child']); $this->updateOperationStack($operation_stack, $node['child']); array_push($node_stack, $node); continue; } // Continue if this object type is not in filter if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) { continue; } if ($rbac_log_active) { $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false); $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); } // Node is course => create course permission intersection if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') { // Copy role permission intersection $perms = end($operation_stack); $this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']); if ($this->updateOperationStack($operation_stack, $node['child'])) { $this->updatePolicyStack($policy_stack, $node['child']); array_push($node_stack, $node); } } // Node is group => create group permission intersection if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') { // Copy role permission intersection $perms = end($operation_stack); $this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']); if ($this->updateOperationStack($operation_stack, $node['child'])) { $this->updatePolicyStack($policy_stack, $node['child']); array_push($node_stack, $node); } } // Set permission $perms = end($operation_stack); $rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']); if ($rbac_log_active) { $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles)); $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new); ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log); } } }
/** * Instantiates, prepares and returns object. * $class_name = 'ilObj' . $objDefinition->getClassName( $new_type ). * Fetches title from $_POST['title'], description from $_POST['desc'] * and RefID from $_GET['ref_id']. * @return ilObject */ public function insertObject() { /** * @var $rbacsystem ilRbacSystem * @var $objDefinition ilObjectDefinition * @var $rbacreview ilRbacReview */ global $rbacsystem, $objDefinition, $rbacreview; $new_type = $this->type; // create permission is already checked in createObject. // This check here is done to prevent hacking attempts if (!$rbacsystem->checkAccess('create', $_GET['ref_id'], $new_type)) { $this->ilias->raiseError($this->lng->txt('no_create_permission'), $this->ilias->error_obj->MESSAGE); } $location = $objDefinition->getLocation($new_type); // create and insert object in objecttree $class_name = 'ilObj' . $objDefinition->getClassName($new_type); include_once $location . '/class.' . $class_name . '.php'; /** * @var $newObj ilObjChatroom */ $newObj = new $class_name(); $newObj->setType($new_type); $newObj->setTitle(ilUtil::stripSlashes($_POST['title'])); $newObj->setDescription(ilUtil::stripSlashes($_POST['desc'])); $newObj->create(); $newObj->createReference(); $newObj->putInTree($_GET['ref_id']); $newObj->setPermissions($_GET['ref_id']); $objId = $newObj->getId(); $room = new ilChatroom(); $room->saveSettings(array('object_id' => $objId, 'autogen_usernames' => 'Autogen #', 'display_past_msgs' => 20, 'private_rooms_enabled' => 0)); // rbac log include_once 'Services/AccessControl/classes/class.ilRbacLog.php'; $rbac_log_roles = $rbacreview->getParentRoleIds($newObj->getRefId(), false); $rbac_log = ilRbacLog::gatherFaPa($newObj->getRefId(), array_keys($rbac_log_roles), true); ilRbacLog::add(ilRbacLog::CREATE_OBJECT, $newObj->getRefId(), $rbac_log); $this->object = $newObj; return $newObj; }
/** * Start cloning a single (not container) object * @return */ protected function copySingleObject() { include_once './Services/Link/classes/class.ilLink.php'; include_once 'Services/CopyWizard/classes/class.ilCopyWizardOptions.php'; global $ilAccess, $ilErr, $rbacsystem, $ilUser, $ilCtrl, $rbacreview; // Create permission if (!$rbacsystem->checkAccess('create', $this->getTarget(), $this->getType())) { ilUtil::sendFailure($this->lng->txt('permission_denied'), true); $ilCtrl->returnToParent($this); } // Source defined if (!$this->getSource()) { ilUtil::sendFailure($this->lng->txt('select_one'), true); $ilCtrl->returnToParent($this); } // Copy permission if (!$ilAccess->checkAccess('copy', '', $this->getSource())) { ilUtil::sendFailure($this->lng->txt('permission_denied'), true); $ilCtrl->returnToParent($this); } // Save wizard options $copy_id = ilCopyWizardOptions::_allocateCopyId(); $wizard_options = ilCopyWizardOptions::_getInstance($copy_id); $wizard_options->saveOwner($ilUser->getId()); $wizard_options->saveRoot((int) $this->getSource()); /* $options = $_POST['cp_options'] ? $_POST['cp_options'] : array(); foreach($options as $source_id => $option) { $wizard_options->addEntry($source_id,$option); } */ $wizard_options->read(); $orig = ilObjectFactory::getInstanceByRefId((int) $this->getSource()); $new_obj = $orig->cloneObject($this->getTarget(), $copy_id); // Delete wizard options $wizard_options->deleteAll(); // rbac log include_once "Services/AccessControl/classes/class.ilRbacLog.php"; if (ilRbacLog::isActive()) { $rbac_log_roles = $rbacreview->getParentRoleIds($new_obj->getRefId(), false); $rbac_log = ilRbacLog::gatherFaPa($new_obj->getRefId(), array_keys($rbac_log_roles), true); ilRbacLog::add(ilRbacLog::COPY_OBJECT, $new_obj->getRefId(), $rbac_log, (int) $this->getSource()); } ilUtil::sendSuccess($this->lng->txt("object_duplicated"), true); ilUtil::redirect(ilLink::_getLink($new_obj->getRefId())); }
/** * Add object to tree at given position * * @param ilObject $a_obj * @param int $a_parent_node_id */ protected function putObjectInTree(ilObject $a_obj, $a_parent_node_id = null) { global $rbacreview, $ilUser, $objDefinition; if (!$a_parent_node_id) { $a_parent_node_id = $_GET["ref_id"]; } // add new object to custom parent container if ((int) $_REQUEST["crtptrefid"]) { $a_parent_node_id = (int) $_REQUEST["crtptrefid"]; } $a_obj->createReference(); $a_obj->putInTree($a_parent_node_id); $a_obj->setPermissions($a_parent_node_id); $this->obj_id = $a_obj->getId(); $this->ref_id = $a_obj->getRefId(); // BEGIN ChangeEvent: Record save object. require_once 'Services/Tracking/classes/class.ilChangeEvent.php'; ilChangeEvent::_recordWriteEvent($this->obj_id, $ilUser->getId(), 'create'); // END ChangeEvent: Record save object. // rbac log include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_roles = $rbacreview->getParentRoleIds($this->ref_id, false); $rbac_log = ilRbacLog::gatherFaPa($this->ref_id, array_keys($rbac_log_roles), true); ilRbacLog::add(ilRbacLog::CREATE_OBJECT, $this->ref_id, $rbac_log); // use forced callback after object creation if ($_REQUEST["crtcb"]) { $callback_type = ilObject::_lookupType((int) $_REQUEST["crtcb"], true); $class_name = "ilObj" . $objDefinition->getClassName($callback_type) . "GUI"; $location = $objDefinition->getLocation($callback_type); include_once $location . "/class." . $class_name . ".php"; if (in_array(strtolower($class_name), array("ilobjitemgroupgui"))) { $callback_obj = new $class_name((int) $_REQUEST["crtcb"]); } else { // #10368 $callback_obj = new $class_name(null, (int) $_REQUEST["crtcb"], true, false); } $callback_obj->afterSaveCallback($a_obj); } }
/** * Save permissions * @return */ protected function savePermissions() { global $rbacreview, $objDefinition, $rbacadmin; include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php'; $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId()); $roles = $this->applyRoleFilter($rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()), $table->getFilterItemByPostVar('role')->getValue()); // Log history include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles)); # all possible create permissions $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass($this->getCurrentObject()->getType(), 'create'); # createable (activated) create permissions $create_types = $objDefinition->getCreatableSubObjects($this->getCurrentObject()->getType()); $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types)); foreach ((array) $roles as $role => $role_data) { if ($role_data['protected']) { continue; } $new_ops = array_keys((array) $_POST['perm'][$role]); $old_ops = $rbacreview->getRoleOperationsOnObject($role, $this->getCurrentObject()->getRefId()); // Add operations which were enabled and are not activated. foreach ($possible_ops_ids as $create_ops_id) { if (in_array($create_ops_id, $createable_ops_ids)) { continue; } if (in_array($create_ops_id, $old_ops)) { $new_ops[] = $create_ops_id; } } $rbacadmin->revokePermission($this->getCurrentObject()->getRefId(), $role); $rbacadmin->grantPermission($role, array_unique($new_ops), $this->getCurrentObject()->getRefId()); } // Handle local policies. $rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false); $relevant_roles = array_intersect($rbacreview->getRolesOfRoleFolder($rolf_id), array_keys($roles)); if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) { foreach ($roles as $role) { // No action for local roles if ($role['parent'] == $rolf_id and $role['assign'] == 'y') { continue; } // Nothing for protected roles if ($role['protected']) { continue; } // Stop local policy if ($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']])) { $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']); $role_obj->setParent($rolf_id); $role_obj->delete(); continue; } // Add local policy if ($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']])) { $rbacadmin->copyRoleTemplatePermissions($role['obj_id'], $role['parent'], $rolf_id, $role['obj_id']); $rbacadmin->assignRoleToFolder($role['obj_id'], $rolf_id, 'n'); } } } // Protect permissions if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) { foreach ($roles as $role) { if ($rbacreview->isAssignable($role['obj_id'], $rolf_id)) { if (isset($_POST['protect'][$role['obj_id']]) and !$rbacreview->isProtected($rolf_id, $role['obj_id'])) { $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y'); } elseif (!isset($_POST['protect'][$role['obj_id']]) and $rbacreview->isProtected($rolf_id, $role['obj_id'])) { $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n'); } } } } $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles)); $log = ilRbacLog::diffFaPa($log_old, $log_new); ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log); if (count((array) $_POST['block'])) { return $this->showConfirmBlockRole(array_keys($_POST['block'])); } ilUtil::sendSuccess($this->lng->txt('settings_saved'), true); #$this->ctrl->redirect($this,'perm'); $this->perm(); }
/** * Adjust permissions of moved objects * - Delete permissions of parent roles that do not exist in new context * - Delete role templates of parent roles that do not exist in new context * - Add permissions for parent roles that did not exist in old context * * @access public * @param int ref id of moved object * @param int ref_id of old parent * */ public function adjustMovedObjectPermissions($a_ref_id, $a_old_parent) { global $rbacreview, $tree, $ilLog; $new_parent = $tree->getParentId($a_ref_id); $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent, false); $new_context_roles = $rbacreview->getParentRoleIds($new_parent, false); $for_addition = $for_deletion = array(); foreach ($new_context_roles as $new_role_id => $new_role) { if (!isset($old_context_roles[$new_role_id])) { $for_addition[$new_role_id] = $new_role; } elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) { // handle stopped inheritance $for_deletion[$new_role_id] = $new_role; $for_addition[$new_role_id] = $new_role; } } foreach ($old_context_roles as $old_role_id => $old_role) { if (!isset($new_context_roles[$old_role_id])) { $for_deletion[$old_role_id] = $old_role; } } if (!count($for_deletion) and !count($for_addition)) { return true; } include_once "Services/AccessControl/classes/class.ilRbacLog.php"; $rbac_log_active = ilRbacLog::isActive(); if ($rbac_log_active) { $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition))); } foreach ($nodes = $tree->getSubTree($node_data = $tree->getNodeData($a_ref_id), true) as $node_data) { $node_id = $node_data['child']; if ($rbac_log_active) { $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids); } // If $node_data['type'] is not set, this means there is a tree entry without // object_reference and/or object_data entry // Continue in this case if (!$node_data['type']) { $ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.'); continue; } if (!$node_id) { $ilLog->write(__METHOD__ . ': Missing subtree node_id'); continue; } foreach ($for_deletion as $role_id => $role_data) { $this->deleteLocalRole($role_id, $node_id); $this->revokePermission($node_id, $role_id, false); //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>"); } foreach ($for_addition as $role_id => $role_data) { $this->grantPermission($role_id, $ops = $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_data['parent']), $node_id); //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>"); } if ($rbac_log_active) { $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids); $log = ilRbacLog::diffFaPa($log_old, $log_new); ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log); } } }
/** * Copy multiple non container * * @param array $a_sources array of source ref ids */ function copyMultipleNonContainer($a_sources) { global $ilAccess, $objDefinition, $rbacsystem, $ilUser, $ilCtrl, $rbacreview; include_once './Services/Link/classes/class.ilLink.php'; include_once 'Services/CopyWizard/classes/class.ilCopyWizardOptions.php'; // check permissions foreach ($a_sources as $source_ref_id) { $source_type = ilObject::_lookupType($source_ref_id, true); // Create permission if (!$rbacsystem->checkAccess('create', $this->getTarget(), $source_type)) { ilUtil::sendFailure($this->lng->txt('permission_denied'), true); $ilCtrl->returnToParent($this); } // Copy permission if (!$ilAccess->checkAccess('copy', '', $source_ref_id)) { ilUtil::sendFailure($this->lng->txt('permission_denied'), true); $ilCtrl->returnToParent($this); } // check that these objects are really not containers if ($objDefinition->isContainer($source_type)) { ilUtil::sendFailure($this->lng->txt('cntr_container_only_on_their_own'), true); $ilCtrl->returnToParent($this); } } reset($a_sources); // clone foreach ($a_sources as $source_ref_id) { // Save wizard options $copy_id = ilCopyWizardOptions::_allocateCopyId(); $wizard_options = ilCopyWizardOptions::_getInstance($copy_id); $wizard_options->saveOwner($ilUser->getId()); $wizard_options->saveRoot((int) $source_ref_id); $wizard_options->read(); $orig = ilObjectFactory::getInstanceByRefId((int) $source_ref_id); $new_obj = $orig->cloneObject($this->getTarget(), $copy_id); // Delete wizard options $wizard_options->deleteAll(); // rbac log include_once "Services/AccessControl/classes/class.ilRbacLog.php"; if (ilRbacLog::isActive()) { $rbac_log_roles = $rbacreview->getParentRoleIds($new_obj->getRefId(), false); $rbac_log = ilRbacLog::gatherFaPa($new_obj->getRefId(), array_keys($rbac_log_roles), true); ilRbacLog::add(ilRbacLog::COPY_OBJECT, $new_obj->getRefId(), $rbac_log, (int) $source_ref_id); } } unset($_SESSION["clipboard"]["ref_ids"]); unset($_SESSION["clipboard"]["cmd"]); if (count($a_sources) == 1) { ilUtil::sendSuccess($this->lng->txt("object_duplicated"), true); ilUtil::redirect(ilLink::_getLink($new_obj->getRefId())); } else { ilUtil::sendSuccess($this->lng->txt("objects_duplicated"), true); ilUtil::redirect(ilLink::_getLink($this->getTarget())); } }