/** * Delete local policy * * @param int $a_role_id * @param ilObject $source */ protected function deleteLocalPolicy($a_role_id, $source) { global $rbacreview, $rbacadmin; // Create role folder if it does not exist //$rolf = $rbacreview->getRoleFolderIdOfObject($source->getRefId()); if ($rbacreview->getRoleFolderOfRole($a_role_id) == $source->getRefId()) { $GLOBALS['ilLog']->write(__METHOD__ . ': Ignoring local role: ' . ilObject::_lookupTitle($a_role_id)); return false; } $rbacadmin->deleteLocalRole($a_role_id, $source->getRefId()); // Change existing object include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role = new ilObjRole($a_role_id); $role->changeExistingObjects($source->getRefId(), ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES, array('all')); return true; }
/** * adds a local role * This method is only called when choose the option 'you may add local roles'. This option * is displayed in the permission settings dialogue for an object * TODO: this will be changed * @access public * */ protected function addRole() { global $rbacadmin, $rbacreview, $rbacsystem, $ilErr, $ilCtrl; $form = $this->initRoleForm(); if ($form->checkInput()) { $new_title = $form->getInput("title"); include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role = new ilObjRole(); $role->setTitle($new_title); $role->setDescription($form->getInput('desc')); $role->create(); $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId()); // protect $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role->getId(), $form->getInput('pro') ? 'y' : 'n'); // copy rights $right_id_to_copy = $form->getInput("rights"); if ($right_id_to_copy) { $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true); $rbacadmin->copyRoleTemplatePermissions($right_id_to_copy, $parentRoles[$right_id_to_copy]["parent"], $this->getCurrentObject()->getRefId(), $role->getId(), false); if ($form->getInput('existing')) { if ($form->getInput('pro')) { $role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all')); } else { $role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all')); } } } // add to desktop items if ($form->getInput("desktop")) { include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php'; $role_desk_item_obj = new ilRoleDesktopItem($role->getId()); $role_desk_item_obj->add($this->getCurrentObject()->getRefId(), ilObject::_lookupType($this->getCurrentObject()->getRefId(), true)); } ilUtil::sendSuccess($this->lng->txt("role_added"), true); $this->ctrl->redirect($this, 'perm'); } else { $form->setValuesByPost(); $this->tpl->setContent($form->getHTML()); } }
protected function revertLocalPolicy(ilObject $source, $role) { global $rbacadmin, $rbacreview, $ilDB; $GLOBALS['ilLog']->write(__METHOD__ . ': Reverting policy for role: ' . print_r($role, true)); // Local policies can only be reverted for auto generated roles. Otherwise the // original role settings are unknown if (substr($role['title'], 0, 3) != 'il_') { $GLOBALS['ilLog']->write(__METHOD__ . ': Cannot revert local policy for role ' . $role['title']); return false; } $role_folder_id = $rbacreview->getRoleFolderIdOfObject($source->getRefId()); // No role folder found if (!$role_folder_id) { return false; } $exploded_title = explode('_', $role['title']); $rolt_title = $exploded_title[0] . '_' . $exploded_title[1] . '_' . $exploded_title[2]; // Lookup role template $query = 'SELECT obj_id FROM object_data ' . 'WHERE title = ' . $ilDB->quote($rolt_title, 'text') . ' ' . 'AND type = ' . $ilDB->quote('rolt', 'text'); $res = $ilDB->query($query); while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) { $rolt_id = $row->obj_id; } // No template found if (!$rolt_id) { return false; } $rbacadmin->copyRoleTemplatePermissions($rolt_id, ROLE_FOLDER_ID, $role_folder_id, $role['obj_id'], true); // Change existing object include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role_obj = new ilObjRole($role['obj_id']); $role_obj->changeExistingObjects($source->getRefId(), $role['protected'] ? ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES : ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES, array('all')); }
/** * Perform copy of role * @global ilTree $tree * @global <type> $rbacadmin * @global <type> $rbacreview * @param <type> $source * @param <type> $target * @param <type> $change_existing * @return <type> */ protected function doCopyRole($source, $target, $change_existing) { global $tree, $rbacadmin, $rbacreview; $target_obj = $rbacreview->getRoleFolderOfRole($target); // Copy role template permissions $rbacadmin->copyRoleTemplatePermissions($source, $this->object->getRefId(), $target_obj, $target); if (!$change_existing || !$target_obj) { return true; } $start = $target_obj; include_once './Services/AccessControl/classes/class.ilObjRole.php'; if ($rbacreview->isProtected($this->object->getRefId(), $source)) { $mode = ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES; } else { $mode = ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES; } if ($start) { $role = new ilObjRole($target); $role->changeExistingObjects($start, $mode, array('all')); } }