/**
* save permissions
*
* @access public
*/
function permSaveObject($a_show_admin_permissions = false)
{
global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
// for role administration check write of global role folder
/*
if ($this->rolf_ref_id == ROLE_FOLDER_ID)
{
$access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
}
else // for local roles check 'edit permission' of parent object of the local role folder
{
$access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
}
*/
$access = $this->checkAccess('visible,write', 'edit_permission');
if (!$access) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
}
// rbac log
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$rbac_log_active = ilRbacLog::isActive();
if ($rbac_log_active) {
$rbac_log_old = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
}
// delete all template entries of enabled types
if ($this->rolf_ref_id == ROLE_FOLDER_ID) {
if ($a_show_admin_permissions) {
$subs = $objDefinition->getSubObjectsRecursively('adm', true, true);
} else {
$subs = $objDefinition->getSubObjectsRecursively('root', true, false);
}
} else {
$subs = $objDefinition->getSubObjectsRecursively($this->getParentType(), true, false);
}
foreach ($subs as $subtype => $def) {
// Delete per object type
$rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id, $subtype);
}
if (empty($_POST["template_perm"])) {
$_POST["template_perm"] = array();
}
foreach ($_POST["template_perm"] as $key => $ops_array) {
// sets new template permissions
$rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->rolf_ref_id);
}
if ($rbac_log_active) {
$rbac_log_new = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
$rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
}
// update object data entry (to update last modification date)
$this->object->update();
// set protected flag
if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(), $this->rolf_ref_id)) {
$rbacadmin->setProtected($this->rolf_ref_id, $this->object->getId(), ilUtil::tf2yn($_POST['protected']));
}
if ($a_show_admin_permissions) {
$_POST['recursive'] = true;
}
// Redirect if Change existing objects is not chosen
if (!$_POST['recursive'] and !is_array($_POST['recursive_list'])) {
ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
if ($a_show_admin_permissions) {
$this->ctrl->redirect($this, 'adminPerm');
} else {
$this->ctrl->redirect($this, 'perm');
}
}
// New implementation
if ($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions) {
$this->showChangeExistingObjectsConfirmation();
return true;
}
$start = $this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id);
if ($a_show_admin_permissions) {
$start = $tree->getParentId($this->rolf_ref_id);
}
if ($_POST['protected']) {
$this->object->changeExistingObjects($start, ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'), array());
} else {
$this->object->changeExistingObjects($start, ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'), array());
}
ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
if ($a_show_admin_permissions) {
$this->ctrl->redirect($this, 'adminPerm');
} else {
$this->ctrl->redirect($this, 'perm');
}
return true;
}
/**
* Adjust permissions of moved objects
* - Delete permissions of parent roles that do not exist in new context
* - Delete role templates of parent roles that do not exist in new context
* - Add permissions for parent roles that did not exist in old context
*
* @access public
* @param int ref id of moved object
* @param int ref_id of old parent
*
*/
public function adjustMovedObjectPermissions($a_ref_id, $a_old_parent)
{
global $rbacreview, $tree, $ilLog;
$new_parent = $tree->getParentId($a_ref_id);
$old_context_roles = $rbacreview->getParentRoleIds($a_old_parent, false);
$new_context_roles = $rbacreview->getParentRoleIds($new_parent, false);
$for_addition = $for_deletion = array();
foreach ($new_context_roles as $new_role_id => $new_role) {
if (!isset($old_context_roles[$new_role_id])) {
$for_addition[$new_role_id] = $new_role;
} elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) {
// handle stopped inheritance
$for_deletion[$new_role_id] = $new_role;
$for_addition[$new_role_id] = $new_role;
}
}
foreach ($old_context_roles as $old_role_id => $old_role) {
if (!isset($new_context_roles[$old_role_id])) {
$for_deletion[$old_role_id] = $old_role;
}
}
if (!count($for_deletion) and !count($for_addition)) {
return true;
}
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$rbac_log_active = ilRbacLog::isActive();
if ($rbac_log_active) {
$role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
}
foreach ($nodes = $tree->getSubTree($node_data = $tree->getNodeData($a_ref_id), true) as $node_data) {
$node_id = $node_data['child'];
if ($rbac_log_active) {
$log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
}
// If $node_data['type'] is not set, this means there is a tree entry without
// object_reference and/or object_data entry
// Continue in this case
if (!$node_data['type']) {
$ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.');
continue;
}
if (!$node_id) {
$ilLog->write(__METHOD__ . ': Missing subtree node_id');
continue;
}
foreach ($for_deletion as $role_id => $role_data) {
$this->deleteLocalRole($role_id, $node_id);
$this->revokePermission($node_id, $role_id, false);
//var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
}
foreach ($for_addition as $role_id => $role_data) {
$this->grantPermission($role_id, $ops = $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_data['parent']), $node_id);
//var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
}
if ($rbac_log_active) {
$log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
$log = ilRbacLog::diffFaPa($log_old, $log_new);
ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
}
}
}
/**
* Adjust permissions
* @param int $a_mode
* @param array $a_nodes array of nodes
* @param array $a_policies array of object ref ids
* @param array $a_exclusion_filter of object types.
* @return
*/
protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
{
global $rbacadmin, $rbacreview, $tree;
$operation_stack = array();
$policy_stack = array();
#$left_stack = array();
#$right_stack = array();
$node_stack = array();
$start_node = current($a_nodes);
#array_push($left_stack, $start_node['lft']);
#array_push($right_stack, $start_node['rgt']);
array_push($node_stack, $start_node);
$this->updatePolicyStack($policy_stack, $start_node['child']);
$this->updateOperationStack($operation_stack, $start_node['child'], true);
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$rbac_log_active = ilRbacLog::isActive();
$local_policy = false;
foreach ($a_nodes as $node) {
#$lft = end($left_stack);
#$rgt = end($right_stack);
$cmp_node = end($node_stack);
while ($relation = $tree->getRelationOfNodes($node, $cmp_node)) {
#$GLOBALS['ilLog']->write(__METHOD__.': New relation '. $relation);
switch ($relation) {
case ilTree::RELATION_NONE:
case ilTree::RELATION_SIBLING:
#$GLOBALS['ilLog']->write(__METHOD__.': Handling sibling/none '. $relation);
#$GLOBALS['ilLog']->write(__METHOD__.': Node a '.print_r($node,true).' '.print_r($cmp_node,true));
break;
case ilTree::RELATION_CHILD:
case ilTree::RELATION_EQUALS:
case ilTree::RELATION_PARENT:
default:
#$GLOBALS['ilLog']->write(__METHOD__.': Handling child/equals/parent '. $relation);
break 2;
}
#$GLOBALS['ilLog']->write(__METHOD__.': end switch ');
#$GLOBALS['ilLog']->write(__METHOD__.': Comparing '. print_r($node,true).' with '. print_r($cmp_node,true).' with result '. $tree->getRelationOfnodes($node,$cmp_node));
array_pop($operation_stack);
array_pop($policy_stack);
array_pop($node_stack);
#array_pop($left_stack);
#array_pop($right_stack);
$cmp_node = end($node_stack);
$local_policy = false;
}
#$GLOBALS['ilLog']->write(__METHOD__.': End while');
/*
while(($node['lft'] < $lft) or ($node['rgt'] > $rgt))
{
#echo "LEFT ".$node['child'].'<br>';
array_pop($operation_stack);
array_pop($policy_stack);
array_pop($left_stack);
array_pop($right_stack);
$lft = end($left_stack);
$rgt = end($right_stack);
$local_policy = false;
}
*/
if ($local_policy) {
#echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
// Continue if inside of local policy
continue;
}
// Start node => set permissions and continue
if ($node['child'] == $start_node['child']) {
if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
if ($rbac_log_active) {
$rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
$rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
}
// Set permissions
$perms = end($operation_stack);
$rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
if ($rbac_log_active) {
$rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
$rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
}
}
continue;
}
// Node has local policies => update permission stack and continue
if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) {
#echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
$local_policy = true;
$this->updatePolicyStack($policy_stack, $node['child']);
$this->updateOperationStack($operation_stack, $node['child']);
#array_push($left_stack,$node['lft']);
#array_push($right_stack, $node['rgt']);
array_push($node_stack, $node);
continue;
}
// Continue if this object type is in filter
if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
continue;
}
if ($rbac_log_active) {
$rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
$rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
}
#echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
// Node is course => create course permission intersection
if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') {
#echo "CRS ".$node['child'].'<br>';
// Copy role permission intersection
$perms = end($operation_stack);
$this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']);
if ($this->updateOperationStack($operation_stack, $node['child'])) {
#echo "CRS SUCCESS ".$node['child'].'<br>';
$this->updatePolicyStack($policy_stack, $node['child']);
#array_push($left_stack, $node['lft']);
#array_push($right_stack, $node['rgt']);
array_push($node_stack, $node);
}
}
// Node is group => create group permission intersection
if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') {
#echo "GRP ".$node['child'].'<br>';
// Copy role permission intersection
$perms = end($operation_stack);
$this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']);
if ($this->updateOperationStack($operation_stack, $node['child'])) {
#echo "GRP SUCCESS ".$node['child'].'<br>';
$this->updatePolicyStack($policy_stack, $node['child']);
#array_push($left_stack, $node['lft']);
#array_push($right_stack, $node['rgt']);
array_push($node_stack, $node);
}
}
#echo "GRANTED ".$node['child'].'<br>';
// Set permission
$perms = end($operation_stack);
$rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
#var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
if ($rbac_log_active) {
$rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
$rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
}
}
}
public function performPasteIntoMultipleObjectsObject()
{
global $rbacsystem, $rbacadmin, $rbacreview, $log, $tree, $ilObjDataCache, $ilUser;
$command = $_SESSION['clipboard']['cmd'];
if (!in_array($command, array('cut', 'link', 'copy'))) {
$message = __METHOD__ . ": cmd was neither 'cut', 'link' nor 'copy'; may be a hack attempt!";
$this->ilias->raiseError($message, $this->ilias->error_obj->WARNING);
}
if ($command == 'cut') {
if (isset($_POST['node']) && (int) $_POST['node']) {
$_POST['nodes'] = array($_POST['node']);
}
}
if (!is_array($_POST['nodes']) || !count($_POST['nodes'])) {
ilUtil::sendFailure($this->lng->txt('select_at_least_one_object'));
switch ($command) {
case 'cut':
$this->showPasteTreeObject();
break;
case 'copy':
$this->showPasteTreeObject();
break;
case 'link':
$this->showPasteTreeObject();
break;
}
return;
}
// this loop does all checks
$folder_objects_cache = array();
foreach ($_SESSION['clipboard']['ref_ids'] as $ref_id) {
$obj_data = ilObjectFactory::getInstanceByRefId($ref_id);
$current_parent_id = $tree->getParentId($obj_data->getRefId());
foreach ($_POST['nodes'] as $folder_ref_id) {
if (!array_key_exists($folder_ref_id, $folder_objects_cache)) {
$folder_objects_cache[$folder_ref_id] = ilObjectFactory::getInstanceByRefId($folder_ref_id);
}
// CHECK ACCESS
if (!$rbacsystem->checkAccess('create', $folder_ref_id, $obj_data->getType())) {
$no_paste[] = sprintf($this->lng->txt('msg_no_perm_paste_object_in_folder'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']', $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']');
}
// CHECK IF REFERENCE ALREADY EXISTS
if ($folder_ref_id == $current_parent_id) {
$exists[] = sprintf($this->lng->txt('msg_obj_exists_in_folder'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']', $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']');
}
// CHECK IF PASTE OBJECT SHALL BE CHILD OF ITSELF
if ($tree->isGrandChild($ref_id, $folder_ref_id) || $ref_id == $folder_ref_id) {
$is_child[] = sprintf($this->lng->txt('msg_paste_object_not_in_itself'), $obj_data->getTitle() . ' [' . $obj_data->getRefId() . ']');
}
// CHECK IF OBJECT IS ALLOWED TO CONTAIN PASTED OBJECT AS SUBOBJECT
if (!in_array($obj_data->getType(), array_keys($this->objDefinition->getSubObjects($folder_objects_cache[$folder_ref_id]->getType())))) {
$not_allowed_subobject[] = sprintf($this->lng->txt('msg_obj_may_not_contain_objects_of_type'), $folder_objects_cache[$folder_ref_id]->getTitle() . ' [' . $folder_objects_cache[$folder_ref_id]->getRefId() . ']', $GLOBALS['lng']->txt('obj_' . $obj_data->getType()));
}
}
}
////////////////////////////
// process checking results
if (count($exists) && $command != "copy") {
$error .= implode('<br />', $exists);
}
if (count($is_child)) {
$error .= $error != '' ? '<br />' : '';
$error .= implode('<br />', $is_child);
}
if (count($not_allowed_subobject)) {
$error .= $error != '' ? '<br />' : '';
$error .= implode('<br />', $not_allowed_subobject);
}
if (count($no_paste)) {
$error .= $error != '' ? '<br />' : '';
$error .= implode('<br />', $no_paste);
}
if ($error != '') {
ilUtil::sendFailure($error);
switch ($command) {
case 'cut':
$this->showPasteTreeObject();
break;
case 'copy':
$this->showPasteTreeObject();
break;
case 'link':
$this->showPasteTreeObject();
break;
}
return;
}
// log pasteObject call
$log->write(__METHOD__ . ", cmd: " . $command);
////////////////////////////////////////////////////////
// everything ok: now paste the objects to new location
// to prevent multiple actions via back/reload button
$ref_ids = $_SESSION['clipboard']['ref_ids'];
unset($_SESSION['clipboard']['ref_ids']);
// BEGIN ChangeEvent: Record paste event.
require_once 'Services/Tracking/classes/class.ilChangeEvent.php';
// END ChangeEvent: Record paste event.
// process COPY command
if ($command == 'copy') {
foreach ($_POST['nodes'] as $folder_ref_id) {
foreach ($ref_ids as $ref_id) {
$revIdMapping = array();
$oldNode_data = $tree->getNodeData($ref_id);
if ($oldNode_data['parent'] == $folder_ref_id) {
require_once 'Modules/File/classes/class.ilObjFileAccess.php';
$newTitle = ilObjFileAccess::_appendNumberOfCopyToFilename($oldNode_data['title'], null);
$newRef = $this->cloneNodes($ref_id, $folder_ref_id, $refIdMapping, $newTitle);
} else {
$newRef = $this->cloneNodes($ref_id, $folder_ref_id, $refIdMapping, null);
}
// BEGIN ChangeEvent: Record copy event.
$old_parent_data = $tree->getParentNodeData($ref_id);
$newNode_data = $tree->getNodeData($newRef);
ilChangeEvent::_recordReadEvent($oldNode_data['type'], $ref_id, $oldNode_data['obj_id'], $ilUser->getId());
ilChangeEvent::_recordWriteEvent($newNode_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id));
ilChangeEvent::_catchupWriteEvents($newNode_data['obj_id'], $ilUser->getId());
// END PATCH ChangeEvent: Record cut event.
}
}
ilUtil::sendSuccess($this->lng->txt('msg_cloned'), true);
}
// END COPY
// process CUT command
if ($command == 'cut') {
foreach ($_POST['nodes'] as $folder_ref_id) {
foreach ($ref_ids as $ref_id) {
// Store old parent
$old_parent = $tree->getParentId($ref_id);
$tree->moveTree($ref_id, $folder_ref_id);
$rbacadmin->adjustMovedObjectPermissions($ref_id, $old_parent);
include_once './Services/AccessControl/classes/class.ilConditionHandler.php';
ilConditionHandler::_adjustMovedObjectConditions($ref_id);
// BEGIN ChangeEvent: Record cut event.
$node_data = $tree->getNodeData($ref_id);
$old_parent_data = $tree->getNodeData($old_parent);
ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'remove', $old_parent_data['obj_id']);
ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id));
ilChangeEvent::_catchupWriteEvents($node_data['obj_id'], $ilUser->getId());
// END PATCH ChangeEvent: Record cut event.
}
// prevent multiple iterations for cut cmommand
break;
}
ilUtil::sendSuccess($this->lng->txt('msg_cut_copied'), true);
}
// END CUT
// process LINK command
if ($command == 'link') {
$linked_to_folders = array();
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$rbac_log_active = ilRbacLog::isActive();
foreach ($_POST['nodes'] as $folder_ref_id) {
$linked_to_folders[] = $ilObjDataCache->lookupTitle($ilObjDataCache->lookupObjId($folder_ref_id));
foreach ($ref_ids as $ref_id) {
// get node data
$top_node = $tree->getNodeData($ref_id);
// get subnodes of top nodes
$subnodes[$ref_id] = $tree->getSubtree($top_node);
}
// now move all subtrees to new location
foreach ($subnodes as $key => $subnode) {
// first paste top_node....
$obj_data = ilObjectFactory::getInstanceByRefId($key);
$new_ref_id = $obj_data->createReference();
$obj_data->putInTree($folder_ref_id);
$obj_data->setPermissions($folder_ref_id);
// rbac log
if ($rbac_log_active) {
$rbac_log_roles = $rbacreview->getParentRoleIds($new_ref_id, false);
$rbac_log = ilRbacLog::gatherFaPa($new_ref_id, array_keys($rbac_log_roles), true);
ilRbacLog::add(ilRbacLog::LINK_OBJECT, $new_ref_id, $rbac_log, $key);
}
// BEGIN ChangeEvent: Record link event.
$node_data = $tree->getNodeData($new_ref_id);
ilChangeEvent::_recordWriteEvent($node_data['obj_id'], $ilUser->getId(), 'add', $ilObjDataCache->lookupObjId($folder_ref_id));
ilChangeEvent::_catchupWriteEvents($node_data['obj_id'], $ilUser->getId());
// END PATCH ChangeEvent: Record link event.
}
$log->write(__METHOD__ . ', link finished');
}
ilUtil::sendSuccess(sprintf($this->lng->txt('mgs_objects_linked_to_the_following_folders'), implode(', ', $linked_to_folders)), true);
}
// END LINK
// clear clipboard
$this->clearObject();
$this->ctrl->returnToParent($this);
}
/**
* Adjust permissions
* @param int $a_mode
* @param array $a_nodes array of nodes
* @param array $a_policies array of object ref ids
* @param array $a_exclusion_filter of object types.
* @return
*/
protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
{
global $rbacadmin, $rbacreview;
$operation_stack = array();
$policy_stack = array();
$left_stack = array();
$right_stack = array();
$start_node = current($a_nodes);
array_push($left_stack, $start_node['lft']);
array_push($right_stack, $start_node['rgt']);
$this->updatePolicyStack($policy_stack, $start_node['child']);
$this->updateOperationStack($operation_stack, $start_node['child']);
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$rbac_log_active = ilRbacLog::isActive();
$local_policy = false;
foreach ($a_nodes as $node) {
$lft = end($left_stack);
$rgt = end($right_stack);
#echo "----STACK---- ".$lft.' - '.$rgt.'<br/>';
while ($node['lft'] < $lft or $node['rgt'] > $rgt) {
#echo "LEFT ".$node['child'].'<br>';
array_pop($operation_stack);
array_pop($policy_stack);
array_pop($left_stack);
array_pop($right_stack);
$lft = end($left_stack);
$rgt = end($right_stack);
$local_policy = false;
}
if ($local_policy) {
#echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
// Continue if inside of local policy
continue;
}
// Start node => set permissions and continue
if ($node['child'] == $start_node['child']) {
if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
if ($rbac_log_active) {
$rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
$rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
}
// Set permissions
$perms = end($operation_stack);
$rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
if ($rbac_log_active) {
$rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
$rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
}
}
continue;
}
// Node has local policies => update permission stack and continue
if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) {
#echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
$local_policy = true;
$this->updatePolicyStack($policy_stack, $node['child']);
$this->updateOperationStack($operation_stack, $node['child']);
array_push($left_stack, $node['lft']);
array_push($right_stack, $node['rgt']);
continue;
}
// Continue if this object type is in filter
if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
continue;
}
if ($rbac_log_active) {
$rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
$rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
}
#echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
// Node is course => create course permission intersection
if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') {
#echo "CRS ".$node['child'].'<br>';
// Copy role permission intersection
$perms = end($operation_stack);
$this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']);
if ($this->updateOperationStack($operation_stack, $node['child'])) {
#echo "CRS SUCCESS ".$node['child'].'<br>';
$this->updatePolicyStack($policy_stack, $node['child']);
array_push($left_stack, $node['lft']);
array_push($right_stack, $node['rgt']);
}
}
// Node is group => create group permission intersection
if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') {
#echo "GRP ".$node['child'].'<br>';
// Copy role permission intersection
$perms = end($operation_stack);
$this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']);
if ($this->updateOperationStack($operation_stack, $node['child'])) {
#echo "GRP SUCCESS ".$node['child'].'<br>';
$this->updatePolicyStack($policy_stack, $node['child']);
array_push($left_stack, $node['lft']);
array_push($right_stack, $node['rgt']);
}
}
#echo "GRANTED ".$node['child'].'<br>';
// Set permission
$perms = end($operation_stack);
$rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
#var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
if ($rbac_log_active) {
$rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
$rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
}
}
}
function log()
{
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
if (!ilRbacLog::isActive()) {
$this->ctrl->redirect($this, "perm");
}
$this->__initSubTabs("log");
include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
$table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
$this->tpl->setContent($table->getHTML());
}
/**
* Adjust permissions
* @param int $a_mode
* @param array $a_nodes array of nodes
* @param array $a_policies array of object ref ids
* @param array $a_exclusion_filter of object types.
* @return
*/
protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
{
global $rbacadmin, $rbacreview, $tree;
$operation_stack = array();
$policy_stack = array();
$node_stack = array();
$start_node = current($a_nodes);
array_push($node_stack, $start_node);
$this->updatePolicyStack($policy_stack, $start_node['child']);
$this->updateOperationStack($operation_stack, $start_node['child'], true);
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$rbac_log_active = ilRbacLog::isActive();
$local_policy = false;
foreach ($a_nodes as $node) {
$cmp_node = end($node_stack);
while ($relation = $tree->getRelationOfNodes($node, $cmp_node)) {
switch ($relation) {
case ilTree::RELATION_NONE:
case ilTree::RELATION_SIBLING:
$GLOBALS['ilLog']->write(__METHOD__ . ': Handling sibling/none relation.');
array_pop($operation_stack);
array_pop($policy_stack);
array_pop($node_stack);
$cmp_node = end($node_stack);
$local_policy = false;
break;
case ilTree::RELATION_CHILD:
case ilTree::RELATION_EQUALS:
case ilTree::RELATION_PARENT:
default:
$GLOBALS['ilLog']->write(__METHOD__ . ': Handling child/equals/parent ' . $relation);
break 2;
}
}
if ($local_policy) {
continue;
}
// Start node => set permissions and continue
if ($node['child'] == $start_node['child']) {
if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
if ($rbac_log_active) {
$rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
$rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
}
// Set permissions
$perms = end($operation_stack);
$rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
if ($rbac_log_active) {
$rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
$rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
}
}
continue;
}
// Node has local policies => update permission stack and continue
if (in_array($node['child'], $a_policies) and $node['child'] != SYSTEM_FOLDER_ID) {
$local_policy = true;
$this->updatePolicyStack($policy_stack, $node['child']);
$this->updateOperationStack($operation_stack, $node['child']);
array_push($node_stack, $node);
continue;
}
// Continue if this object type is not in filter
if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
continue;
}
if ($rbac_log_active) {
$rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
$rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
}
// Node is course => create course permission intersection
if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'crs') {
// Copy role permission intersection
$perms = end($operation_stack);
$this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']);
if ($this->updateOperationStack($operation_stack, $node['child'])) {
$this->updatePolicyStack($policy_stack, $node['child']);
array_push($node_stack, $node);
}
}
// Node is group => create group permission intersection
if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and $node['type'] == 'grp') {
// Copy role permission intersection
$perms = end($operation_stack);
$this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']);
if ($this->updateOperationStack($operation_stack, $node['child'])) {
$this->updatePolicyStack($policy_stack, $node['child']);
array_push($node_stack, $node);
}
}
// Set permission
$perms = end($operation_stack);
$rbacadmin->grantPermission($this->getId(), (array) $perms[$node['type']], $node['child']);
if ($rbac_log_active) {
$rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
$rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
}
}
}
/**
* Start cloning a single (not container) object
* @return
*/
protected function copySingleObject()
{
include_once './Services/Link/classes/class.ilLink.php';
include_once 'Services/CopyWizard/classes/class.ilCopyWizardOptions.php';
global $ilAccess, $ilErr, $rbacsystem, $ilUser, $ilCtrl, $rbacreview;
// Create permission
if (!$rbacsystem->checkAccess('create', $this->getTarget(), $this->getType())) {
ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
$ilCtrl->returnToParent($this);
}
// Source defined
if (!$this->getSource()) {
ilUtil::sendFailure($this->lng->txt('select_one'), true);
$ilCtrl->returnToParent($this);
}
// Copy permission
if (!$ilAccess->checkAccess('copy', '', $this->getSource())) {
ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
$ilCtrl->returnToParent($this);
}
// Save wizard options
$copy_id = ilCopyWizardOptions::_allocateCopyId();
$wizard_options = ilCopyWizardOptions::_getInstance($copy_id);
$wizard_options->saveOwner($ilUser->getId());
$wizard_options->saveRoot((int) $this->getSource());
/*
$options = $_POST['cp_options'] ? $_POST['cp_options'] : array();
foreach($options as $source_id => $option)
{
$wizard_options->addEntry($source_id,$option);
}
*/
$wizard_options->read();
$orig = ilObjectFactory::getInstanceByRefId((int) $this->getSource());
$new_obj = $orig->cloneObject($this->getTarget(), $copy_id);
// Delete wizard options
$wizard_options->deleteAll();
// rbac log
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
if (ilRbacLog::isActive()) {
$rbac_log_roles = $rbacreview->getParentRoleIds($new_obj->getRefId(), false);
$rbac_log = ilRbacLog::gatherFaPa($new_obj->getRefId(), array_keys($rbac_log_roles), true);
ilRbacLog::add(ilRbacLog::COPY_OBJECT, $new_obj->getRefId(), $rbac_log, (int) $this->getSource());
}
ilUtil::sendSuccess($this->lng->txt("object_duplicated"), true);
ilUtil::redirect(ilLink::_getLink($new_obj->getRefId()));
}
/**
* Copy multiple non container
*
* @param array $a_sources array of source ref ids
*/
function copyMultipleNonContainer($a_sources)
{
global $ilAccess, $objDefinition, $rbacsystem, $ilUser, $ilCtrl, $rbacreview;
include_once './Services/Link/classes/class.ilLink.php';
include_once 'Services/CopyWizard/classes/class.ilCopyWizardOptions.php';
// check permissions
foreach ($a_sources as $source_ref_id) {
$source_type = ilObject::_lookupType($source_ref_id, true);
// Create permission
if (!$rbacsystem->checkAccess('create', $this->getTarget(), $source_type)) {
ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
$ilCtrl->returnToParent($this);
}
// Copy permission
if (!$ilAccess->checkAccess('copy', '', $source_ref_id)) {
ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
$ilCtrl->returnToParent($this);
}
// check that these objects are really not containers
if ($objDefinition->isContainer($source_type)) {
ilUtil::sendFailure($this->lng->txt('cntr_container_only_on_their_own'), true);
$ilCtrl->returnToParent($this);
}
}
reset($a_sources);
// clone
foreach ($a_sources as $source_ref_id) {
// Save wizard options
$copy_id = ilCopyWizardOptions::_allocateCopyId();
$wizard_options = ilCopyWizardOptions::_getInstance($copy_id);
$wizard_options->saveOwner($ilUser->getId());
$wizard_options->saveRoot((int) $source_ref_id);
$wizard_options->read();
$orig = ilObjectFactory::getInstanceByRefId((int) $source_ref_id);
$new_obj = $orig->cloneObject($this->getTarget(), $copy_id);
// Delete wizard options
$wizard_options->deleteAll();
// rbac log
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
if (ilRbacLog::isActive()) {
$rbac_log_roles = $rbacreview->getParentRoleIds($new_obj->getRefId(), false);
$rbac_log = ilRbacLog::gatherFaPa($new_obj->getRefId(), array_keys($rbac_log_roles), true);
ilRbacLog::add(ilRbacLog::COPY_OBJECT, $new_obj->getRefId(), $rbac_log, (int) $source_ref_id);
}
}
unset($_SESSION["clipboard"]["ref_ids"]);
unset($_SESSION["clipboard"]["cmd"]);
if (count($a_sources) == 1) {
ilUtil::sendSuccess($this->lng->txt("object_duplicated"), true);
ilUtil::redirect(ilLink::_getLink($new_obj->getRefId()));
} else {
ilUtil::sendSuccess($this->lng->txt("objects_duplicated"), true);
ilUtil::redirect(ilLink::_getLink($this->getTarget()));
}
}
