/**
* save permissions
*
* @access public
*/
function permSaveObject($a_show_admin_permissions = false)
{
global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
// for role administration check write of global role folder
/*
if ($this->rolf_ref_id == ROLE_FOLDER_ID)
{
$access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
}
else // for local roles check 'edit permission' of parent object of the local role folder
{
$access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
}
*/
$access = $this->checkAccess('visible,write', 'edit_permission');
if (!$access) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
}
// rbac log
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$rbac_log_active = ilRbacLog::isActive();
if ($rbac_log_active) {
$rbac_log_old = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
}
// delete all template entries of enabled types
if ($this->rolf_ref_id == ROLE_FOLDER_ID) {
if ($a_show_admin_permissions) {
$subs = $objDefinition->getSubObjectsRecursively('adm', true, true);
} else {
$subs = $objDefinition->getSubObjectsRecursively('root', true, false);
}
} else {
$subs = $objDefinition->getSubObjectsRecursively($this->getParentType(), true, false);
}
foreach ($subs as $subtype => $def) {
// Delete per object type
$rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id, $subtype);
}
if (empty($_POST["template_perm"])) {
$_POST["template_perm"] = array();
}
foreach ($_POST["template_perm"] as $key => $ops_array) {
// sets new template permissions
$rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->rolf_ref_id);
}
if ($rbac_log_active) {
$rbac_log_new = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
$rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
}
// update object data entry (to update last modification date)
$this->object->update();
// set protected flag
if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(), $this->rolf_ref_id)) {
$rbacadmin->setProtected($this->rolf_ref_id, $this->object->getId(), ilUtil::tf2yn($_POST['protected']));
}
if ($a_show_admin_permissions) {
$_POST['recursive'] = true;
}
// Redirect if Change existing objects is not chosen
if (!$_POST['recursive'] and !is_array($_POST['recursive_list'])) {
ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
if ($a_show_admin_permissions) {
$this->ctrl->redirect($this, 'adminPerm');
} else {
$this->ctrl->redirect($this, 'perm');
}
}
// New implementation
if ($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions) {
$this->showChangeExistingObjectsConfirmation();
return true;
}
$start = $this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id);
if ($a_show_admin_permissions) {
$start = $tree->getParentId($this->rolf_ref_id);
}
if ($_POST['protected']) {
$this->object->changeExistingObjects($start, ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'), array());
} else {
$this->object->changeExistingObjects($start, ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'), array());
}
ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
if ($a_show_admin_permissions) {
$this->ctrl->redirect($this, 'adminPerm');
} else {
$this->ctrl->redirect($this, 'perm');
}
return true;
}
