/** * Apply action */ public function apply() { global $rbacreview, $rbacadmin; $source = $this->initSourceObject(); // Check if role folder already exists // Create role include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role = new ilObjRole(); $role->setTitle(ilObject::_lookupTitle($this->getRoleTemplateId())); $role->setDescription(ilObject::_lookupDescription($this->getRoleTemplateId())); $role->create(); $rbacadmin->assignRoleToFolder($role->getId(), $source->getRefId(), "y"); $GLOBALS['ilLog']->write(__METHOD__ . ': Using rolt: ' . $this->getRoleTemplateId() . ' with title "' . ilObject::_lookupTitle($this->getRoleTemplateId() . '". ')); // Copy template permissions $rbacadmin->copyRoleTemplatePermissions($this->getRoleTemplateId(), ROLE_FOLDER_ID, $source->getRefId(), $role->getId(), true); // Set permissions $ops = $rbacreview->getOperationsOfRole($role->getId(), $source->getType(), $source->getRefId()); $rbacadmin->grantPermission($role->getId(), $ops, $source->getRefId()); return true; }
/** * * @param type $a_title * @param type $a_description * @param type $a_tpl_name * @param type $a_ref_id * @return ilObjRole */ public static function createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id) { global $ilDB; // SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE $res = $ilDB->query("SELECT obj_id FROM object_data " . " WHERE type=" . $ilDB->quote("rolt", "text") . " AND title=" . $ilDB->quote($a_tpl_name, "text")); while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) { $tpl_id = $row->obj_id; } if (!$tpl_id) { return null; } include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role = new ilObjRole(); $role->setTitle($a_title); $role->setDescription($a_description); $role->create(); $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 'y'); $GLOBALS['rbacadmin']->copyRoleTemplatePermissions($tpl_id, ROLE_FOLDER_ID, $a_ref_id, $role->getId()); $ops = $GLOBALS['rbacreview']->getOperationsOfRole($role->getId(), ilObject::_lookupType($a_ref_id, TRUE), $a_ref_id); $GLOBALS['rbacadmin']->grantPermission($role->getId(), $ops, $a_ref_id); return $role; }
/** * Copy local roles * This method creates a copy of all local role. * Note: auto generated roles are excluded * * @access public * @param int source id of object (not role folder) * @param int target id of object * */ public function copyLocalRoles($a_source_id, $a_target_id) { global $rbacreview, $ilLog, $ilObjDataCache; $real_local = array(); foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) { $title = $ilObjDataCache->lookupTitle($role_data); if (substr($title, 0, 3) == 'il_') { continue; } $real_local[] = $role_data; } if (!count($real_local)) { return true; } // Create role folder foreach ($real_local as $role) { include_once "./Services/AccessControl/classes/class.ilObjRole.php"; $orig = new ilObjRole($role); $orig->read(); $ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle()); $roleObj = new ilObjRole(); $roleObj->setTitle($orig->getTitle()); $roleObj->setDescription($orig->getDescription()); $roleObj->setImportId($orig->getImportId()); $roleObj->create(); $this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y"); $this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true); $ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId()); } }
/** * creates a local role in current rolefolder (this object) * * @access public * @param string title * @param string description * @return object role object */ function createRole($a_title, $a_desc, $a_import_id = 0) { global $rbacadmin, $rbacreview; include_once "./Services/AccessControl/classes/class.ilObjRole.php"; $roleObj = new ilObjRole(); $roleObj->setTitle($a_title); $roleObj->setDescription($a_desc); //echo "aaa-1-"; if ($a_import_id != "") { //echo "aaa-2-".$a_import_id."-"; $roleObj->setImportId($a_import_id); } $roleObj->create(); // ...and put the role into local role folder... $rbacadmin->assignRoleToFolder($roleObj->getId(), $this->getRefId(), "y"); return $roleObj; }
public function initDefaultRoles() { global $rbacadmin, $rbacreview, $ilAppEventHandler; include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role = new ilObjRole(); $role->setTitle("il_orgu_employee_" . $this->getRefId()); $role->setDescription("Emplyee of org unit obj_no." . $this->getId()); $role->create(); $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getRefId(), 'y'); include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role_sup = ilObjRole::createDefaultRole('il_orgu_superior_' . $this->getRefId(), "Superior of org unit obj_no." . $this->getId(), 'il_orgu_superior', $this->getRefId()); $ilAppEventHandler->raise('Modules/OrgUnit', 'initDefaultRoles', array('object' => $this, 'obj_id' => $this->getId(), 'ref_id' => $this->getRefId(), 'role_superior_id' => $role->getId(), 'role_employee_id' => $role_sup->getId())); }
/** * adds a local role * This method is only called when choose the option 'you may add local roles'. This option * is displayed in the permission settings dialogue for an object * TODO: this will be changed * @access public * */ protected function addRole() { global $rbacadmin, $rbacreview, $rbacsystem, $ilErr, $ilCtrl; $form = $this->initRoleForm(); if ($form->checkInput()) { $new_title = $form->getInput("title"); include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role = new ilObjRole(); $role->setTitle($new_title); $role->setDescription($form->getInput('desc')); $role->create(); $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId()); // protect $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role->getId(), $form->getInput('pro') ? 'y' : 'n'); // copy rights $right_id_to_copy = $form->getInput("rights"); if ($right_id_to_copy) { $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true); $rbacadmin->copyRoleTemplatePermissions($right_id_to_copy, $parentRoles[$right_id_to_copy]["parent"], $this->getCurrentObject()->getRefId(), $role->getId(), false); if ($form->getInput('existing')) { if ($form->getInput('pro')) { $role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all')); } else { $role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all')); } } } // add to desktop items if ($form->getInput("desktop")) { include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php'; $role_desk_item_obj = new ilRoleDesktopItem($role->getId()); $role_desk_item_obj->add($this->getCurrentObject()->getRefId(), ilObject::_lookupType($this->getCurrentObject()->getRefId(), true)); } ilUtil::sendSuccess($this->lng->txt("role_added"), true); $this->ctrl->redirect($this, 'perm'); } else { $form->setValuesByPost(); $this->tpl->setContent($form->getHTML()); } }
function addRoleFromTemplate($sid, $target_id, $role_xml, $template_id) { $this->initAuth($sid); $this->initIlias(); if (!$this->__checkSession($sid)) { return $this->__raiseError($this->__getMessage(), $this->__getMessageCode()); } global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin, $ilAccess; if (!($tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id, false))) { return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object', 'Client'); } if (ilObject::_lookupType($template_id) != 'rolt') { return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template', 'Client'); } if (ilObject::_isInTrash($target_id)) { return $this->__raiseError("Parent with ID {$target_id} has been deleted.", 'CLIENT_TARGET_DELETED'); } if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) { return $this->__raiseError('Check access failed. No permission to create roles', 'Server'); } include_once 'webservice/soap/classes/class.ilObjectXMLParser.php'; $xml_parser =& new ilObjectXMLParser($role_xml); $xml_parser->startParsing(); foreach ($xml_parser->getObjectData() as $object_data) { // check if role title has il_ prefix if (substr($object_data['title'], 0, 3) == "il_") { return $this->__raiseError('Rolenames are not allowed to start with "il_" ', 'Client'); } include_once './Services/AccessControl/classes/class.ilObjRole.php'; $role = new ilObjRole(); $role->setTitle($object_data['title']); $role->setDescription($object_data['description']); $role->setImportId($object_data['import_id']); $role->create(); $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $target_id); // Copy permssions $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId()); // Set object permissions according to role template $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id); $rbacadmin->grantPermission($role->getId(), $ops, $target_id); $new_roles[] = $role->getId(); } // CREATE ADMIN ROLE return $new_roles ? $new_roles : array(); }