/**
* Parse
* @return
*/
public function parse()
{
global $rbacreview, $objDefinition;
$this->initColumns();
$perms = array();
$roles = array();
if (!count($this->getVisibleRoles())) {
return $this->setData(array());
}
// Read operations of role
$operations = array();
foreach ($this->getVisibleRoles() as $role_data) {
$operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
}
$counter = 0;
// Local policy
if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
$roles = array();
$local_roles = $rbacreview->getRolesOfObject($this->getRefId());
foreach ($this->getVisibleRoles() as $role_id => $role_data) {
$roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'local_policy' => in_array($role_data['obj_id'], $local_roles), 'isLocal' => $this->getRefId() == $role_data['parent'] && $role_data['assign'] == 'y');
}
$perms[$counter]['roles'] = $roles;
$perms[$counter]['show_local_policy_row'] = 1;
$counter++;
}
// Protect permissions
if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
$roles = array();
foreach ($this->getVisibleRoles() as $role_id => $role_data) {
$roles[$role_data['obj_id']] = array('protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'], $this->getRefId()), 'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id']));
}
$perms[$counter]['roles'] = $roles;
$perms[$counter]['show_protected_row'] = 1;
$counter++;
}
// Block role
if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
$perms[$counter++]['show_block_row'] = 1;
}
if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
$perms[$counter++]['show_start_info'] = true;
}
// no creation permissions
$no_creation_operations = array();
foreach ($rbacreview->getOperationsByTypeAndClass($this->getObjType(), 'object') as $operation) {
$this->addActiveOperation($operation);
$no_creation_operations[] = $operation;
$roles = array();
foreach ($this->getVisibleRoles() as $role_data) {
$roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'permission_set' => in_array($operation, (array) $operations[$role_data['obj_id']]));
}
$op = $rbacreview->getOperation($operation);
$perms[$counter]['roles'] = $roles;
$perms[$counter]['perm'] = $op;
$counter++;
}
/*
* Select all
*/
if ($no_creation_operations) {
$perms[$counter]['show_select_all'] = 1;
$perms[$counter]['ops'] = $no_creation_operations;
$perms[$counter]['subtype'] = 'nocreation';
$counter++;
}
if ($objDefinition->isContainer($this->getObjType())) {
$perms[$counter++]['show_create_info'] = true;
}
// Get creatable objects
$objects = $objDefinition->getCreatableSubObjects($this->getObjType());
$ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
$creation_operations = array();
foreach ($objects as $type => $info) {
$ops_id = $ops_ids[$type];
if (!$ops_id) {
continue;
}
$this->addActiveOperation($ops_id);
$creation_operations[] = $ops_id;
$roles = array();
foreach ($this->getVisibleRoles() as $role_data) {
$roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'permission_set' => in_array($ops_id, (array) $operations[$role_data['obj_id']]));
}
$op = $rbacreview->getOperation($ops_id);
$perms[$counter]['roles'] = $roles;
$perms[$counter]['perm'] = $op;
$counter++;
}
// Select all
if (count($creation_operations)) {
$perms[$counter]['show_select_all'] = 1;
$perms[$counter]['ops'] = $creation_operations;
$perms[$counter]['subtype'] = 'creation';
$counter++;
}
$this->setData($perms);
}
/**
* Save permissions
* @return
*/
protected function savePermissions()
{
global $rbacreview, $objDefinition, $rbacadmin;
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
$roles = $this->applyRoleFilter($rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()), $table->getFilterItemByPostVar('role')->getValue());
// Log history
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
# all possible create permissions
$possible_ops_ids = $rbacreview->getOperationsByTypeAndClass($this->getCurrentObject()->getType(), 'create');
# createable (activated) create permissions
$create_types = $objDefinition->getCreatableSubObjects($this->getCurrentObject()->getType());
$createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
foreach ((array) $roles as $role => $role_data) {
if ($role_data['protected']) {
continue;
}
$new_ops = array_keys((array) $_POST['perm'][$role]);
$old_ops = $rbacreview->getRoleOperationsOnObject($role, $this->getCurrentObject()->getRefId());
// Add operations which were enabled and are not activated.
foreach ($possible_ops_ids as $create_ops_id) {
if (in_array($create_ops_id, $createable_ops_ids)) {
continue;
}
if (in_array($create_ops_id, $old_ops)) {
$new_ops[] = $create_ops_id;
}
}
$rbacadmin->revokePermission($this->getCurrentObject()->getRefId(), $role);
$rbacadmin->grantPermission($role, array_unique($new_ops), $this->getCurrentObject()->getRefId());
}
// Handle local policies.
$rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
$relevant_roles = array_intersect($rbacreview->getRolesOfRoleFolder($rolf_id), array_keys($roles));
if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
foreach ($roles as $role) {
// No action for local roles
if ($role['parent'] == $rolf_id and $role['assign'] == 'y') {
continue;
}
// Nothing for protected roles
if ($role['protected']) {
continue;
}
// Stop local policy
if ($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']])) {
$role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
$role_obj->setParent($rolf_id);
$role_obj->delete();
continue;
}
// Add local policy
if ($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']])) {
$rbacadmin->copyRoleTemplatePermissions($role['obj_id'], $role['parent'], $rolf_id, $role['obj_id']);
$rbacadmin->assignRoleToFolder($role['obj_id'], $rolf_id, 'n');
}
}
}
// Protect permissions
if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
foreach ($roles as $role) {
if ($rbacreview->isAssignable($role['obj_id'], $rolf_id)) {
if (isset($_POST['protect'][$role['obj_id']]) and !$rbacreview->isProtected($rolf_id, $role['obj_id'])) {
$rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
} elseif (!isset($_POST['protect'][$role['obj_id']]) and $rbacreview->isProtected($rolf_id, $role['obj_id'])) {
$rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
}
}
}
}
$log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
$log = ilRbacLog::diffFaPa($log_old, $log_new);
ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
if (count((array) $_POST['block'])) {
return $this->showConfirmBlockRole(array_keys($_POST['block']));
}
ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
#$this->ctrl->redirect($this,'perm');
$this->perm();
}
