/**
* Delete local policy
*
* @param int $a_role_id
* @param ilObject $source
*/
protected function deleteLocalPolicy($a_role_id, $source)
{
global $rbacreview, $rbacadmin;
// Create role folder if it does not exist
//$rolf = $rbacreview->getRoleFolderIdOfObject($source->getRefId());
if ($rbacreview->getRoleFolderOfRole($a_role_id) == $source->getRefId()) {
$GLOBALS['ilLog']->write(__METHOD__ . ': Ignoring local role: ' . ilObject::_lookupTitle($a_role_id));
return false;
}
$rbacadmin->deleteLocalRole($a_role_id, $source->getRefId());
// Change existing object
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole($a_role_id);
$role->changeExistingObjects($source->getRefId(), ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES, array('all'));
return true;
}
/**
* adds a local role
* This method is only called when choose the option 'you may add local roles'. This option
* is displayed in the permission settings dialogue for an object
* TODO: this will be changed
* @access public
*
*/
protected function addRole()
{
global $rbacadmin, $rbacreview, $rbacsystem, $ilErr, $ilCtrl;
$form = $this->initRoleForm();
if ($form->checkInput()) {
$new_title = $form->getInput("title");
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole();
$role->setTitle($new_title);
$role->setDescription($form->getInput('desc'));
$role->create();
$GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
// protect
$rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role->getId(), $form->getInput('pro') ? 'y' : 'n');
// copy rights
$right_id_to_copy = $form->getInput("rights");
if ($right_id_to_copy) {
$parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
$rbacadmin->copyRoleTemplatePermissions($right_id_to_copy, $parentRoles[$right_id_to_copy]["parent"], $this->getCurrentObject()->getRefId(), $role->getId(), false);
if ($form->getInput('existing')) {
if ($form->getInput('pro')) {
$role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'));
} else {
$role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'));
}
}
}
// add to desktop items
if ($form->getInput("desktop")) {
include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
$role_desk_item_obj = new ilRoleDesktopItem($role->getId());
$role_desk_item_obj->add($this->getCurrentObject()->getRefId(), ilObject::_lookupType($this->getCurrentObject()->getRefId(), true));
}
ilUtil::sendSuccess($this->lng->txt("role_added"), true);
$this->ctrl->redirect($this, 'perm');
} else {
$form->setValuesByPost();
$this->tpl->setContent($form->getHTML());
}
}
protected function revertLocalPolicy(ilObject $source, $role)
{
global $rbacadmin, $rbacreview, $ilDB;
$GLOBALS['ilLog']->write(__METHOD__ . ': Reverting policy for role: ' . print_r($role, true));
// Local policies can only be reverted for auto generated roles. Otherwise the
// original role settings are unknown
if (substr($role['title'], 0, 3) != 'il_') {
$GLOBALS['ilLog']->write(__METHOD__ . ': Cannot revert local policy for role ' . $role['title']);
return false;
}
$role_folder_id = $rbacreview->getRoleFolderIdOfObject($source->getRefId());
// No role folder found
if (!$role_folder_id) {
return false;
}
$exploded_title = explode('_', $role['title']);
$rolt_title = $exploded_title[0] . '_' . $exploded_title[1] . '_' . $exploded_title[2];
// Lookup role template
$query = 'SELECT obj_id FROM object_data ' . 'WHERE title = ' . $ilDB->quote($rolt_title, 'text') . ' ' . 'AND type = ' . $ilDB->quote('rolt', 'text');
$res = $ilDB->query($query);
while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
$rolt_id = $row->obj_id;
}
// No template found
if (!$rolt_id) {
return false;
}
$rbacadmin->copyRoleTemplatePermissions($rolt_id, ROLE_FOLDER_ID, $role_folder_id, $role['obj_id'], true);
// Change existing object
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role_obj = new ilObjRole($role['obj_id']);
$role_obj->changeExistingObjects($source->getRefId(), $role['protected'] ? ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES : ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES, array('all'));
}
/**
* Perform copy of role
* @global ilTree $tree
* @global <type> $rbacadmin
* @global <type> $rbacreview
* @param <type> $source
* @param <type> $target
* @param <type> $change_existing
* @return <type>
*/
protected function doCopyRole($source, $target, $change_existing)
{
global $tree, $rbacadmin, $rbacreview;
$target_obj = $rbacreview->getRoleFolderOfRole($target);
// Copy role template permissions
$rbacadmin->copyRoleTemplatePermissions($source, $this->object->getRefId(), $target_obj, $target);
if (!$change_existing || !$target_obj) {
return true;
}
$start = $target_obj;
include_once './Services/AccessControl/classes/class.ilObjRole.php';
if ($rbacreview->isProtected($this->object->getRefId(), $source)) {
$mode = ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES;
} else {
$mode = ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES;
}
if ($start) {
$role = new ilObjRole($target);
$role->changeExistingObjects($start, $mode, array('all'));
}
}
