/**
* Init form
*/
protected function initForm()
{
$this->setFormAction($this->ctrl->getFormAction($this->parent_gui));
$title = $this->isNew ? $this->pl->txt('add_new_type') : $this->pl->txt('edit_type');
$this->setTitle($title);
$item = new ilTextInputGUI($this->lng->txt('title'), 'title');
$item->setRequired(true);
$item->setValue($this->type->getTitle());
$this->addItem($item);
$item = new ilTextAreaInputGUI($this->lng->txt('description'), 'description');
$item->setValue($this->type->getDescription());
$this->addItem($item);
$item = new ilMultiSelectInputGUI($this->lng->txt('languages'), 'languages');
$item->setWidth(self::WIDTH_MULTISELECT_INPUT);
$langs = $this->lng->getInstalledLanguages();
$options = array();
foreach ($langs as $lang_code) {
$options[$lang_code] = $this->lng->txt("meta_l_{$lang_code}");
}
$item->setOptions($options);
$item->setValue($this->type->getLanguages());
$item->setRequired(true);
$this->addItem($item);
$item = new ilMultiSelectInputGUI($this->lng->txt('roles'), 'roles');
$item->setWidth(self::WIDTH_MULTISELECT_INPUT);
$roles = $this->rbac->getRolesByFilter(ilRbacReview::FILTER_ALL, 0, '');
$options = array();
$hide_roles = array(14, 5);
foreach ($roles as $role) {
if (strpos($role['title'], 'il_') === 0 || in_array($role['obj_id'], $hide_roles)) {
// Don't show auto-generated roles. If this takes to much performance, write query...
continue;
}
$options[$role['obj_id']] = $role['title'];
}
$item->setOptions($options);
$item->setValue($this->type->getRoles());
$item->setInfo($this->pl->txt('roles_info'));
$this->addItem($item);
$item = new ilMultiSelectInputGUI($this->pl->txt('available_objects'), 'available_objects');
$item->setWidth(self::WIDTH_MULTISELECT_INPUT);
$options = array();
foreach (srCertificateType::getAllAvailableObjectTypes() as $type) {
$options[$type] = $type;
}
$item->setOptions($options);
$item->setValue($this->type->getAvailableObjects());
$item->setRequired(true);
$item->setInfo($this->pl->txt('available_objects_info'));
$this->addItem($item);
$this->addCommandButton('saveType', $this->lng->txt('save'));
}
protected function addOtherRolesToolbar()
{
$arrLocalRoles = $this->rbacreview->getLocalRoles($this->parent_object->getRefId());
$types = array();
foreach ($arrLocalRoles as $role_id) {
$ilObjRole = new ilObjRole($role_id);
if (!preg_match("/il_orgu_/", $ilObjRole->getUntranslatedTitle())) {
$types[$role_id] = $ilObjRole->getPresentationTitle();
}
}
$this->ctrl->setParameterByClass('ilRepositorySearchGUI', 'addusertype', 'other');
ilRepositorySearchGUI::fillAutoCompleteToolbar($this, $this->toolbar, array('auto_complete_name' => $this->lng->txt('user'), 'user_type' => $types, 'submit_name' => $this->lng->txt('add')));
}
/**
* Reads the submitted data from the password assistance form.
* The following form fields are read as HTTP POST parameters:
* username
* email
* If the submitted username and email address matches an entry in the user data
* table, then ILIAS creates a password assistance session for the user, and
* sends a password assistance mail to the email address.
* For details about the creation of the session and the e-mail see function
* sendPasswordAssistanceMail().
*/
public function submitAssistanceForm()
{
$form = $this->getAssistanceForm();
if (!$form->checkInput()) {
$form->setValuesByPost();
$this->showAssistanceForm($form);
return;
}
$username = $form->getInput('username');
$email = $form->getInput('email');
$userObj = null;
$userid = ilObjUser::getUserIdByLogin($username);
$txt_key = 'pwassist_invalid_username_or_email';
if ($userid != 0) {
$userObj = new ilObjUser($userid);
if (strcasecmp($userObj->getEmail(), $email) != 0) {
$userObj = null;
} elseif (!strlen($email)) {
$userObj = null;
$txt_key = 'pwassist_no_email_found';
} else {
if ($userObj->getAuthMode(true) != AUTH_LOCAL || $userObj->getAuthMode(true) == AUTH_DEFAULT && AUTH_DEFAULT != AUTH_LOCAL) {
$userObj = null;
$txt_key = 'pwassist_invalid_auth_mode';
}
}
}
// No matching user object found?
// Show the password assistance form again, and display an error message.
if ($userObj == null) {
ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt($txt_key)));
$form->setValuesByPost();
$this->showAssistanceForm($form);
} else {
// Matching user object found?
// Check if the user is permitted to use the password assistance function,
// and then send a password assistance mail to the email address.
// FIXME: Extend this if-statement to check whether the user
// has the permission to use the password assistance function.
// The anonymous user and users who are system administrators are
// not allowed to use this feature
if ($this->rbacreview->isAssigned($userObj->getId, ANONYMOUS_ROLE_ID) || $this->rbacreview->isAssigned($userObj->getId, SYSTEM_ROLE_ID)) {
ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_not_permitted')));
$form->setValuesByPost();
$this->showAssistanceForm($form);
} else {
$this->sendPasswordAssistanceMail($userObj);
$this->showMessageForm(sprintf($this->lng->txt('pwassist_mail_sent'), $email));
}
}
}
/**
* Get the number of users who may access the object but don't have yet a license
*
* @access public
* @return int number of potential accesses
*/
function getPotentialAccesses()
{
global $ilDB;
// get the operation id for read access
$ops_ids = ilRbacReview::_getOperationIdsByName(array('read'));
// first get all roles with read access
$role_ids = array();
$query = 'SELECT DISTINCT pa.rol_id' . ' FROM rbac_pa pa' . ' INNER JOIN object_reference ob ON ob.ref_id = pa.ref_id' . ' WHERE ' . $ilDB->like('pa.ops_id', 'text', '%%i:' . $ops_ids[0] . ';%%') . ' AND ob.obj_id = ' . $ilDB->quote($this->obj_id, 'integer');
$result = $ilDB->query($query);
while ($row = $ilDB->fetchObject($result)) {
$role_ids[] = $row->rol_id;
}
if (!count($role_ids)) {
return 0;
}
// then count all users of these roles without read events
$query = 'SELECT COUNT(DISTINCT(usr_id)) accesses ' . ' FROM rbac_ua' . ' WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' AND usr_id NOT IN' . ' (SELECT usr_id FROM read_event' . ' WHERE obj_id = ' . $ilDB->quote($this->obj_id, 'integer') . ')';
$result = $ilDB->query($query);
$row = $ilDB->fetchObject($result);
return $row->accesses;
}
/**
* Available Roles Table Data
* @return array
*/
function getAvailableRolesTableData()
{
global $tree;
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$path = array_reverse($tree->getPathId($this->object->getRefId()));
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$counter = 0;
foreach ($this->valid_roles as $role) {
$result_set[$counter]["img"] = in_array($role['obj_id'], $this->user_roles) ? self::IMG_OK : self::IMG_NOT_OK;
$result_set[$counter]["role"] = str_replace(" ", " ", ilObjRole::_getTranslation($role["title"]));
if ($role['role_type'] != "linked") {
$result_set[$counter]["effective_from"] = "";
} else {
$rolfs = $this->rbacreview->getFoldersAssignedToRole($role["obj_id"]);
// ok, try to match the next rolf in path
foreach ($path as $node) {
if ($node == 1) {
break;
}
if (in_array($node, $rolfs)) {
$nodedata = $tree->getNodeData($node);
$result_set[$counter]["effective_from"] = $nodedata["title"];
$result_set[$counter]["effective_from_ref_id"] = $node;
break;
}
}
}
if (in_array($role['obj_id'], $this->global_roles)) {
$result_set[$counter]["original_position"] = $this->lng->txt("global");
$result_set[$counter]["original_position_ref_id"] = false;
} else {
$rolf = $this->rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
$parent_node = $tree->getNodeData($rolf[0]);
$result_set[$counter]["original_position"] = $parent_node["title"];
$result_set[$counter]["original_position_ref_id"] = $parent_node["ref_id"];
}
++$counter;
}
return $result_set;
}
function getRolesWithContribute($a_node_id)
{
global $rbacreview;
include_once "Services/AccessControl/classes/class.ilObjRole.php";
$contr_op_id = ilRbacReview::_getOperationIdByName("contribute");
$contr_role_id = $this->getLocalContributorRole($a_node_id);
$res = array();
foreach ($rbacreview->getParentRoleIds($a_node_id) as $role_id => $role) {
if ($role_id != $contr_role_id && in_array($contr_op_id, $rbacreview->getActiveOperationsOfRole($a_node_id, $role_id))) {
$res[$role_id] = ilObjRole::_getTranslation($role["title"]);
}
}
return $res;
}
protected function handlePermissionUpdate(ilECSSetting $server)
{
if ($this->content_obj->getType() == 'crs') {
$GLOBALS['ilLog']->write(__METHOD__ . ': Permission update');
if ($this->content_obj->getType() == 'crs') {
$GLOBALS['rbacadmin']->grantPermission($server->getGlobalRole(), ilRbacReview::_getOperationIdsByName(array('join', 'visible')), $this->content_obj->getRefId());
}
}
}
/**
* Get all objects of a specific type and check access
* This function is not recursive, instead it parses the serialized rbac_pa entries
*
* Get all objects of a specific type where access is granted for the given
* operation. This function does a checkAccess call for all objects
* in the object hierarchy and return only the objects of the given type.
* Please note if access is not granted to any object in the hierarchy
* the function skips all objects under it.
* Example:
* You want a list of all Courses that are visible and readable for the user.
* The function call would be:
* $your_list = IlUtil::getObjectsByOperation ("crs", "visible");
* Lets say there is a course A where the user would have access to according to
* his role assignments. Course A lies within a group object which is not readable
* for the user. Therefore course A won't appear in the result list although
* the queried operations 'read' would actually permit the user
* to access course A.
*
* @access public
* @param string/array object type 'lm' or array('lm','sahs')
* @param string permission to check e.g. 'visible' or 'read'
* @param int id of user in question
* @param int limit of results. if not given it defaults to search max hits.If limit is -1 limit is unlimited
* @return array of ref_ids
* @static
*
*/
public static function _getObjectsByOperations($a_obj_type, $a_operation, $a_usr_id = 0, $limit = 0)
{
global $ilDB, $rbacreview, $ilAccess, $ilUser, $ilias, $tree;
if (!is_array($a_obj_type)) {
$where = "WHERE type = " . $ilDB->quote($a_obj_type, "text") . " ";
} else {
$where = "WHERE " . $ilDB->in("type", $a_obj_type, false, "text") . " ";
}
// limit number of results default is search result limit
if (!$limit) {
$limit = $ilias->getSetting('search_max_hits', 100);
}
if ($limit == -1) {
$limit = 10000;
}
// default to logged in usr
$a_usr_id = $a_usr_id ? $a_usr_id : $ilUser->getId();
$a_roles = $rbacreview->assignedRoles($a_usr_id);
// Since no rbac_pa entries are available for the system role. This function returns !all! ref_ids in the case the user
// is assigned to the system role
if ($rbacreview->isAssigned($a_usr_id, SYSTEM_ROLE_ID)) {
$query = "SELECT ref_id FROM object_reference obr LEFT JOIN object_data obd ON obr.obj_id = obd.obj_id " . "LEFT JOIN tree ON obr.ref_id = tree.child " . $where . "AND tree = 1";
$res = $ilDB->query($query);
$counter = 0;
while ($row = $ilDB->fetchObject($res)) {
// Filter recovery folder
if ($tree->isGrandChild(RECOVERY_FOLDER_ID, $row->ref_id)) {
continue;
}
if ($counter++ >= $limit) {
break;
}
$ref_ids[] = $row->ref_id;
}
return $ref_ids ? $ref_ids : array();
}
// End Administrators
// Check ownership if it is not asked for edit_permission or a create permission
if ($a_operation == 'edit_permissions' or strpos($a_operation, 'create') !== false) {
$check_owner = ") ";
} else {
$check_owner = "OR owner = " . $ilDB->quote($a_usr_id, "integer") . ") ";
}
$ops_ids = ilRbacReview::_getOperationIdsByName(array($a_operation));
$ops_id = $ops_ids[0];
$and = "AND ((" . $ilDB->in("rol_id", $a_roles, false, "integer") . " ";
$query = "SELECT DISTINCT(obr.ref_id),obr.obj_id,type FROM object_reference obr " . "JOIN object_data obd ON obd.obj_id = obr.obj_id " . "LEFT JOIN rbac_pa ON obr.ref_id = rbac_pa.ref_id " . $where . $and . "AND (" . $ilDB->like("ops_id", "text", "%i:" . $ops_id . "%") . " " . "OR " . $ilDB->like("ops_id", "text", "%:\"" . $ops_id . "\";%") . ")) " . $check_owner;
$res = $ilDB->query($query);
$counter = 0;
while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
if ($counter >= $limit) {
break;
}
// Filter objects in recovery folder
if ($tree->isGrandChild(RECOVERY_FOLDER_ID, $row->ref_id)) {
continue;
}
// Check deleted, hierarchical access ...
if ($ilAccess->checkAccessOfUser($a_usr_id, $a_operation, '', $row->ref_id, $row->type, $row->obj_id)) {
$counter++;
$ref_ids[] = $row->ref_id;
}
}
return $ref_ids ? $ref_ids : array();
}
/**
* display roleassignment panel
*
* @access public
*/
function roleassignmentObject()
{
global $rbacreview, $rbacsystem, $ilUser, $ilTabs;
$ilTabs->activateTab("role_assignment");
if (!$rbacsystem->checkAccess("edit_roleassignment", $this->usrf_ref_id)) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_role_to_user"), $this->ilias->error_obj->MESSAGE);
}
$_SESSION['filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['filtered_roles'];
if ($_SESSION['filtered_roles'] > 5) {
$_SESSION['filtered_roles'] = 0;
}
$this->tpl->addBlockfile('ADM_CONTENT', 'adm_content', 'tpl.usr_role_assignment.html', 'Services/User');
if (false) {
$this->tpl->setCurrentBlock("filter");
$this->tpl->setVariable("FILTER_TXT_FILTER", $this->lng->txt('filter'));
$this->tpl->setVariable("SELECT_FILTER", $this->__buildFilterSelect());
$this->tpl->setVariable("FILTER_ACTION", $this->ctrl->getFormAction($this));
$this->tpl->setVariable("FILTER_NAME", 'roleassignment');
$this->tpl->setVariable("FILTER_VALUE", $this->lng->txt('apply_filter'));
$this->tpl->parseCurrentBlock();
}
// init table
include_once "./Services/User/classes/class.ilRoleAssignmentTableGUI.php";
$tab = new ilRoleAssignmentTableGUI($this, "roleassignment");
// now get roles depending on filter settings
$role_list = $rbacreview->getRolesByFilter($tab->filter["role_filter"], $this->object->getId());
$assigned_roles = $rbacreview->assignedRoles($this->object->getId());
$counter = 0;
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$records = array();
foreach ($role_list as $role) {
// fetch context path of role
$rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
// only list roles that are not set to status "deleted"
if ($rbacreview->isDeleted($rolf[0])) {
continue;
}
// build context path
$path = "";
if ($this->tree->isInTree($rolf[0])) {
if ($rolf[0] == ROLE_FOLDER_ID) {
$path = $this->lng->txt("global");
} else {
$tmpPath = $this->tree->getPathFull($rolf[0]);
// count -1, to exclude the role folder itself
/*for ($i = 1; $i < (count($tmpPath)-1); $i++)
{
if ($path != "")
{
$path .= " > ";
}
$path .= $tmpPath[$i]["title"];
}*/
$path = $tmpPath[count($tmpPath) - 1]["title"];
}
} else {
$path = "<b>Rolefolder " . $rolf[0] . " not found in tree! (Role " . $role["obj_id"] . ")</b>";
}
$disabled = false;
// disable checkbox for system role for the system user
if ($this->object->getId() == SYSTEM_USER_ID and $role["obj_id"] == SYSTEM_ROLE_ID or !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId())) and $role["obj_id"] == SYSTEM_ROLE_ID) {
$disabled = true;
}
// protected admin role
if ($role['obj_id'] == SYSTEM_ROLE_ID && !$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)) {
include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
if (ilSecuritySettings::_getInstance()->isAdminRoleProtected()) {
$disabled = true;
}
}
if (substr($role["title"], 0, 3) == "il_") {
if (!$assignable) {
$rolf_arr = $rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
$rolf2 = $rolf_arr[0];
} else {
$rolf2 = $rolf;
}
$parent_node = $this->tree->getNodeData($rolf2);
$role["description"] = $this->lng->txt("obj_" . $parent_node["type"]) . " (#" . $parent_node["obj_id"] . ")";
}
$role_ids[$counter] = $role["obj_id"];
$result_set[$counter][] = $checkbox = ilUtil::formCheckBox(in_array($role["obj_id"], $assigned_roles), "role_id[]", $role["obj_id"], $disabled) . "<input type=\"hidden\" name=\"role_id_ctrl[]\" value=\"" . $role["obj_id"] . "\"/>";
$this->ctrl->setParameterByClass("ilobjrolegui", "ref_id", $rolf[0]);
$this->ctrl->setParameterByClass("ilobjrolegui", "obj_id", $role["obj_id"]);
$result_set[$counter][] = $link = "<a href=\"" . $this->ctrl->getLinkTargetByClass("ilobjrolegui", "perm") . "\">" . ilObjRole::_getTranslation($role["title"]) . "</a>";
$title = ilObjRole::_getTranslation($role["title"]);
$result_set[$counter][] = $role["description"];
// Add link to objector local Rores
if ($role["role_type"] == "local") {
// Get Object to the role
$obj_id = ilRbacReview::getObjectOfRole($role["rol_id"]);
$obj_type = ilObject::_lookupType($obj_id);
$ref_ids = ilObject::_getAllReferences($obj_id);
foreach ($ref_ids as $ref_id) {
}
require_once "./Services/Link/classes/class.ilLink.php";
$result_set[$counter][] = $context = "<a href='" . ilLink::_getLink($ref_id, ilObject::_lookupType($obj_id)) . "' target='_top'>" . $path . "</a>";
} else {
$result_set[$counter][] = $path;
$context = $path;
}
$records[] = array("path" => $path, "description" => $role["description"], "context" => $context, "checkbox" => $checkbox, "role" => $link, "title" => $title);
++$counter;
}
if (true) {
$tab->setData($records);
$this->tpl->setVariable("ROLES_TABLE", $tab->getHTML());
return;
}
}
/**
* Parse permissions
* @return
*/
public function parse()
{
global $rbacreview, $objDefinition;
$operations = $this->getPermissions($this->getTemplateType());
// Object permissions
$rows = array();
foreach ($rbacreview->getOperationsByTypeAndClass($this->getTemplateType(), 'object') as $ops_id) {
$operations = $this->getPermissions($this->getTemplateType());
$operation = $rbacreview->getOperation($ops_id);
$perm['ops_id'] = $ops_id;
$perm['set'] = (in_array($ops_id, $operations) or $this->getRoleId() == SYSTEM_ROLE_ID);
$perm['name'] = $operation['operation'];
$rows[] = $perm;
}
// Get creatable objects
$objects = $objDefinition->getCreatableSubObjects($this->getTemplateType());
$ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
foreach ($objects as $type => $info) {
$ops_id = $ops_ids[$type];
if (!$ops_id) {
continue;
}
$perm['ops_id'] = $ops_id;
$perm['set'] = (in_array($ops_id, $operations) or $this->getRoleId() == SYSTEM_ROLE_ID);
$perm['name'] = 'create_' . $info['name'];
$perm['create_type'] = $info['name'];
$rows[] = $perm;
}
if (!$this->show_admin_permissions) {
$rows[] = array('show_ce' => 1);
}
$this->setData($rows);
}
function checkAccessOfUser($a_user_id, $a_operations, $a_ref_id, $a_type = "")
{
global $ilUser, $rbacreview, $ilObjDataCache, $ilDB, $ilLog;
// Create the user cache key
$cacheKey = $a_user_id . ':' . $a_operations . ':' . $a_ref_id . ':' . $a_type;
// Create the cache if it does not yet exist
if (!is_array(self::$_checkAccessOfUserCache)) {
self::$_checkAccessOfUserCache = array();
}
// Try to return result from cache
if (array_key_exists($cacheKey, self::$_checkAccessOfUserCache)) {
return self::$_checkAccessOfUserCache[$cacheKey];
}
#echo ++$counter;
// DISABLED
// Check For owner
// Owners do always have full access to their objects
// Excluded are the permissions create and perm
// This method call return all operations that are NOT granted by the owner status
if (!($a_operations = $this->__filterOwnerPermissions($a_user_id, $a_operations, $a_ref_id))) {
// Store positive outcome in cache.
// Note: we only cache up to 1000 results to avoid memory overflows
if (count(self::$_checkAccessOfUserCache) < 1000) {
self::$_checkAccessOfUserCache[$cacheKey] = true;
}
return true;
}
// get roles using role cache
$roles = $this->fetchAssignedRoles($a_user_id, $a_ref_id);
// exclude system role from rbac
if (in_array(SYSTEM_ROLE_ID, $roles)) {
// Store positive outcome in cache.
// Note: we only cache up to 1000 results to avoid memory overflows
if (count(self::$_checkAccessOfUserCache) < 1000) {
self::$_checkAccessOfUserCache[$cacheKey] = true;
}
return true;
}
if (!isset($a_operations) or !isset($a_ref_id)) {
$GLOBALS['ilLog']->logStack();
$this->ilErr->raiseError(get_class($this) . "::checkAccess(): Missing parameter! " . "ref_id: " . $a_ref_id . " operations: " . $a_operations, $this->ilErr->WARNING);
}
if (!is_string($a_operations)) {
$GLOBALS['ilLog']->logStack();
$this->ilErr->raiseError(get_class($this) . "::checkAccess(): Wrong datatype for operations!", $this->ilErr->WARNING);
}
// Create the PA cache if it does not exist yet
$paCacheKey = $a_user_id . ':' . $a_ref_id;
if (!is_array(self::$_paCache)) {
self::$_paCache = array();
}
if (array_key_exists($paCacheKey, self::$_paCache)) {
// Return result from PA cache
$ops = self::$_paCache[$paCacheKey];
} else {
// Data is not in PA cache, perform database query
$q = "SELECT * FROM rbac_pa " . "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer');
$r = $this->ilDB->query($q);
$ops = array();
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT)) {
if (in_array($row->rol_id, $roles)) {
$ops = array_merge($ops, unserialize(stripslashes($row->ops_id)));
}
}
// Cache up to 1000 entries in the PA cache
if (count(self::$_paCache) < 1000) {
self::$_paCache[$paCacheKey] = $ops;
}
}
$operations = explode(",", $a_operations);
foreach ($operations as $operation) {
if ($operation == "create") {
if (empty($a_type)) {
$this->ilErr->raiseError(get_class($this) . "::CheckAccess(): Expect a type definition for checking a 'create' permission", $this->ilErr->WARNING);
}
$ops_id = ilRbacReview::_getOperationIdByName($operation . "_" . $a_type);
} else {
$ops_id = ilRbacReview::_getOperationIdByName($operation);
}
if (!in_array($ops_id, (array) $ops)) {
//$ilLog->write('PERMISSION: '.$a_ref_id.' -> '.$a_ops_id.' failed');
// Store negative outcome in cache.
// Note: we only cache up to 1000 results to avoid memory overflows
if (count(self::$_checkAccessOfUserCache) < 1000) {
self::$_checkAccessOfUserCache[$cacheKey] = false;
}
return false;
}
}
// Store positive outcome in cache.
// Note: we only cache up to 1000 results to avoid memory overflows
if (count(self::$_checkAccessOfUserCache) < 1000) {
//$ilLog->write('PERMISSION: '.$a_ref_id.' -> '.$ops_id.' granted');
self::$_checkAccessOfUserCache[$cacheKey] = true;
}
return true;
}
function getPermissionInfo()
{
global $ilAccess, $lng, $rbacreview, $ilUser, $ilObjDataCache, $objDefinition;
// icon handlers
$icon_ok = "<img src=\"" . ilUtil::getImagePath("icon_ok.png") . "\" alt=\"" . $lng->txt("info_assigned") . "\" title=\"" . $lng->txt("info_assigned") . "\" border=\"0\" vspace=\"0\"/>";
$icon_not_ok = "<img src=\"" . ilUtil::getImagePath("icon_not_ok.png") . "\" alt=\"" . $lng->txt("info_not_assigned") . "\" title=\"" . $lng->txt("info_not_assigned") . "\" border=\"0\" vspace=\"0\"/>";
// get all possible operation of current object
$ops_list = ilRbacReview::_getOperationList($this->object->getType());
$counter = 0;
// check permissions of user
foreach ($ops_list as $ops) {
$access = $ilAccess->doRBACCheck($ops['operation'], "info", $this->object->getRefId(), $this->user->getId(), $this->object->getType());
$result_set[$counter][] = $access ? $icon_ok : $icon_not_ok;
if (substr($ops['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($ops['operation'], 7))) {
$result_set[$counter][] = ilPlugin::lookupTxt("rep_robj", substr($ops['operation'], 7), 'rbac_' . $ops['operation']);
} else {
if ($objDefinition->isPlugin($this->object->getType())) {
$result_set[$counter][] = ilPlugin::lookupTxt("rep_robj", $this->object->getType(), $this->object->getType() . "_" . $ops['operation']);
} elseif (substr($ops['operation'], 0, 7) == 'create_') {
$result_set[$counter][] = $lng->txt('rbac_' . $ops['operation']);
} else {
$result_set[$counter][] = $lng->txt($this->object->getType() . "_" . $ops['operation']);
}
}
$list_role = "";
// Check ownership
if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
if (substr($ops['operation'], 0, 7) != 'create_' and $ops['operation'] != 'edit_permission' and $ops['operation'] != 'edit_leanring_progress') {
$list_role[] = $lng->txt('info_owner_of_object');
}
}
// get operations on object for each assigned role to user
foreach ($this->assigned_valid_roles as $role) {
if (in_array($ops['ops_id'], $role['ops'])) {
$list_role[] = $role['translation'];
}
}
if (empty($list_role)) {
$roles_formatted = $lng->txt('none');
} else {
$roles_formatted = implode("<br/>", $list_role);
}
$result_set[$counter][] = $roles_formatted;
++$counter;
}
return $this->__showPermissionsTable($result_set);
}
function getRolesData()
{
global $rbacsystem, $rbacreview, $tree;
// first get all roles in
$roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
// filter roles
$_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
// set default filter (all roles) if no filter is set
if ($_SESSION['perm_filtered_roles'] == 0) {
if ($tree->checkForParentType($this->gui_obj->object->getRefId(), 'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(), 'grp')) {
$_SESSION['perm_filtered_roles'] = 3;
} else {
$_SESSION['perm_filtered_roles'] = 1;
}
}
// remove filtered roles from array
$roles = $this->__filterRoles($roles, $_SESSION["perm_filtered_roles"]);
// determine status of each role (local role, changed policy, protected)
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
$local_roles = array();
if (!empty($role_folder)) {
$local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
}
foreach ($roles as $key => $role) {
// exclude system admin role from list
if ($role["obj_id"] == SYSTEM_ROLE_ID) {
unset($roles[$key]);
continue;
}
$this->roles[$role['obj_id']] = $role;
// don't allow local policies for protected roles
$this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'], $role['obj_id']);
if (!in_array($role["obj_id"], $local_roles)) {
$this->roles[$role['obj_id']]['local_policy_enabled'] = false;
$this->roles[$role['obj_id']]['local_policy_allowed'] = true;
} else {
// no checkbox for local roles
if ($rbacreview->isAssignable($role["obj_id"], $role_folder["ref_id"])) {
$this->roles[$role['obj_id']]['local_policy_allowed'] = false;
} else {
$this->roles[$role['obj_id']]['local_policy_enabled'] = true;
$this->roles[$role['obj_id']]['local_policy_allowed'] = true;
}
}
// compute permission settings for each role
$grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
foreach ($grouped_ops as $ops_group => $ops_data) {
foreach ($ops_data as $key => $operation) {
$grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
}
}
$this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
unset($grouped_ops);
}
}
/**
* display permissions
*
* @access public
*/
function permObject()
{
global $rbacadmin, $rbacreview, $rbacsystem, $objDefinition, $ilSetting;
if (!$rbacsystem->checkAccess('write', $this->rolf_ref_id)) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->WARNING);
exit;
}
$to_filter = $objDefinition->getSubobjectsToFilter();
$tpl_filter = array();
$internal_tpl = false;
if ($internal_tpl = $this->object->isInternalTemplate()) {
$tpl_filter = $this->object->getFilterOfInternalTemplate();
}
$op_order = array();
foreach (ilRbacReview::_getOperationList() as $op) {
$op_order[$op["ops_id"]] = $op["order"];
}
$operation_info = $rbacreview->getOperationAssignment();
foreach ($operation_info as $info) {
if ($objDefinition->getDevMode($info['type'])) {
continue;
}
// FILTER SUBOJECTS OF adm OBJECT
if (in_array($info['type'], $to_filter)) {
continue;
}
if ($internal_tpl and $tpl_filter and !in_array($info['type'], $tpl_filter)) {
continue;
}
$rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'], "type" => $info['type']);
$txt = $objDefinition->isPlugin($info['type']) ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type'] . "_" . $info['operation']) : $this->lng->txt($info['type'] . "_" . $info['operation']);
if (substr($info['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($info['operation'], 7))) {
$txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type'] . "_" . $info['operation']);
} elseif (substr($info['operation'], 0, 6) == 'create') {
$txt = $this->lng->txt('rbac_' . $info['operation']);
}
$order = $op_order[$info['ops_id']];
if (substr($info['operation'], 0, 6) == 'create') {
$order = $objDefinition->getPositionByType($info['type']);
}
$rbac_operations[$info['typ_id']][$info['ops_id']] = array("ops_id" => $info['ops_id'], "title" => $info['operation'], "name" => $txt, "order" => $order);
}
foreach ($rbac_objects as $key => $obj_data) {
if ($objDefinition->isPlugin($obj_data["type"])) {
$rbac_objects[$key]["name"] = ilPlugin::lookupTxt("rep_robj", $obj_data["type"], "obj_" . $obj_data["type"]);
} else {
$rbac_objects[$key]["name"] = $this->lng->txt("obj_" . $obj_data["type"]);
}
$rbac_objects[$key]["ops"] = $rbac_operations[$key];
}
sort($rbac_objects);
foreach ($rbac_objects as $key => $obj_data) {
sort($rbac_objects[$key]["ops"]);
}
// sort by (translated) name of object type
$rbac_objects = ilUtil::sortArray($rbac_objects, "name", "asc");
// BEGIN CHECK_PERM
foreach ($rbac_objects as $key => $obj_data) {
$arr_selected = $rbacreview->getOperationsOfRole($this->object->getId(), $obj_data["type"], $this->rolf_ref_id);
$arr_checked = array_intersect($arr_selected, array_keys($rbac_operations[$obj_data["obj_id"]]));
foreach ($rbac_operations[$obj_data["obj_id"]] as $operation) {
$checked = in_array($operation["ops_id"], $arr_checked);
$disabled = false;
// Es wird eine 2-dim Post Variable �bergeben: perm[rol_id][ops_id]
$box = ilUtil::formCheckBox($checked, "template_perm[" . $obj_data["type"] . "][]", $operation["ops_id"], $disabled);
$output["perm"][$obj_data["obj_id"]][$operation["ops_id"]] = $box;
}
}
// END CHECK_PERM
$output["col_anz"] = count($rbac_objects);
$output["txt_save"] = $this->lng->txt("save");
$output["check_protected"] = ilUtil::formCheckBox($rbacreview->isProtected($this->rolf_ref_id, $this->object->getId()), "protected", 1);
$output["text_protected"] = $this->lng->txt("role_protect_permissions");
/************************************/
/* adopt permissions form */
/************************************/
$output["message_middle"] = $this->lng->txt("adopt_perm_from_template");
// send message for system role
if ($this->object->getId() == SYSTEM_ROLE_ID) {
$output["adopt"] = array();
ilUtil::sendFailure($this->lng->txt("msg_sysrole_not_editable"));
} else {
// BEGIN ADOPT_PERMISSIONS
$parent_role_ids = $rbacreview->getParentRoleIds($this->rolf_ref_id, true);
// sort output for correct color changing
ksort($parent_role_ids);
foreach ($parent_role_ids as $key => $par) {
if ($par["obj_id"] != SYSTEM_ROLE_ID) {
$radio = ilUtil::formRadioButton(0, "adopt", $par["obj_id"]);
$output["adopt"][$key]["css_row_adopt"] = ilUtil::switchColor($key, "tblrow1", "tblrow2");
$output["adopt"][$key]["check_adopt"] = $radio;
$output["adopt"][$key]["type"] = $par["type"] == 'role' ? 'Role' : 'Template';
$output["adopt"][$key]["role_name"] = $par["title"];
}
}
$output["formaction_adopt"] = $this->ctrl->getFormAction($this);
// END ADOPT_PERMISSIONS
}
$output["formaction"] = $this->ctrl->getFormAction($this);
$this->data = $output;
/************************************/
/* generate output */
/************************************/
$this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.adm_perm_role.html", "Services/AccessControl");
foreach ($rbac_objects as $obj_data) {
// BEGIN object_operations
$this->tpl->setCurrentBlock("object_operations");
$obj_data["ops"] = ilUtil::sortArray($obj_data["ops"], 'order', 'asc', true, true);
foreach ($obj_data["ops"] as $operation) {
$ops_ids[] = $operation["ops_id"];
$css_row = ilUtil::switchColor($key, "tblrow1", "tblrow2");
$this->tpl->setVariable("CSS_ROW", $css_row);
$this->tpl->setVariable("PERMISSION", $operation["name"]);
$this->tpl->setVariable("CHECK_PERMISSION", $this->data["perm"][$obj_data["obj_id"]][$operation["ops_id"]]);
$this->tpl->parseCurrentBlock();
}
// END object_operations
// BEGIN object_type
$this->tpl->setCurrentBlock("object_type");
$this->tpl->setVariable("TXT_OBJ_TYPE", $obj_data["name"]);
// TODO: move this if in a function and query all objects that may be disabled or inactive
if ($this->objDefinition->getDevMode($obj_data["type"])) {
$this->tpl->setVariable("TXT_NOT_IMPL", "(" . $this->lng->txt("not_implemented_yet") . ")");
} else {
if ($obj_data["type"] == "icrs" and !$this->ilias->getSetting("ilinc_active")) {
$this->tpl->setVariable("TXT_NOT_IMPL", "(" . $this->lng->txt("not_enabled_or_configured") . ")");
}
}
// js checkbox toggles
$this->tpl->setVariable("JS_VARNAME", "template_perm_" . $obj_data["type"]);
$this->tpl->setVariable("JS_ONCLICK", ilUtil::array_php2js($ops_ids));
$this->tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all"));
$this->tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all"));
$this->tpl->parseCurrentBlock();
// END object_type
}
/*
// BEGIN ADOPT PERMISSIONS
foreach ($this->data["adopt"] as $key => $value)
{
$this->tpl->setCurrentBlock("ADOPT_PERM_ROW");
$this->tpl->setVariable("CSS_ROW_ADOPT",$value["css_row_adopt"]);
$this->tpl->setVariable("CHECK_ADOPT",$value["check_adopt"]);
$this->tpl->setVariable("TYPE",$value["type"]);
$this->tpl->setVariable("ROLE_NAME",$value["role_name"]);
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("ADOPT_PERM_FORM");
$this->tpl->setVariable("MESSAGE_MIDDLE",$this->data["message_middle"]);
$this->tpl->setVariable("FORMACTION_ADOPT",$this->data["formaction_adopt"]);
$this->tpl->setVariable("ADOPT",$this->lng->txt('copy'));
$this->tpl->parseCurrentBlock();
// END ADOPT PERMISSIONS
*/
$this->tpl->setCurrentBlock("tblfooter_protected");
$this->tpl->setVariable("COL_ANZ", 3);
$this->tpl->setVariable("CHECK_BOTTOM", $this->data["check_protected"]);
$this->tpl->setVariable("MESSAGE_TABLE", $this->data["text_protected"]);
$this->tpl->parseCurrentBlock();
$this->tpl->setVariable("COL_ANZ_PLUS", 4);
$this->tpl->setVariable("TXT_SAVE", $this->data["txt_save"]);
$this->tpl->setCurrentBlock("adm_content");
$this->tpl->setVariable("TBL_TITLE_IMG", ilUtil::getImagePath("icon_" . $this->object->getType() . ".svg"));
$this->tpl->setVariable("TBL_TITLE_IMG_ALT", $this->lng->txt($this->object->getType()));
// compute additional information in title
if (substr($this->object->getTitle(), 0, 3) == "il_") {
$desc = $this->lng->txt("predefined_template");
//$this->lng->txt("obj_".$parent_node['type'])." (".$parent_node['obj_id'].") : ".$parent_node['title'];
}
$description = "<br/> <span class=\"small\">" . $desc . "</span>";
// translation for autogenerated roles
if (substr($this->object->getTitle(), 0, 3) == "il_") {
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$title = ilObjRole::_getTranslation($this->object->getTitle()) . " (" . $this->object->getTitle() . ")";
} else {
$title = $this->object->getTitle();
}
$this->tpl->setVariable("TBL_TITLE", $title . $description);
$this->tpl->setVariable("TXT_PERMISSION", $this->data["txt_permission"]);
$this->tpl->setVariable("FORMACTION", $this->data["formaction"]);
$this->tpl->parseCurrentBlock();
}
function __appendOperations($a_ref_id, $a_type)
{
global $ilAccess, $rbacreview, $objDefinition;
if ($this->enabledOperations()) {
$ops = $rbacreview->getOperationsOnTypeString($a_type);
if (is_array($ops)) {
foreach ($ops as $ops_id) {
$operation = $rbacreview->getOperation($ops_id);
if (count($operation) && $ilAccess->checkAccessOfUser($this->getUserId(), $operation['operation'], 'view', $a_ref_id)) {
$this->xmlElement('Operation', null, $operation['operation']);
}
}
}
// Create operations
// Get creatable objects
$objects = $objDefinition->getCreatableSubObjects($a_type);
$ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
$creation_operations = array();
foreach ($objects as $type => $info) {
$ops_id = $ops_ids[$type];
if (!$ops_id) {
continue;
}
$operation = $rbacreview->getOperation($ops_id);
if (count($operation) && $ilAccess->checkAccessOfUser($this->getUserId(), $operation['operation'], 'view', $a_ref_id)) {
$this->xmlElement('Operation', null, $operation['operation']);
}
}
}
return true;
}
$tree = new ilTree(ROOT_FOLDER_ID);
$tree->insertNode($ref_id, $chatfolder_ref_id);
$rolf_obj_id = $ilDB->nextId('object_data');
// Create role folder
$ilDB->manipulateF("INSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($rolf_obj_id, "rolf", $obj_id, "(ref_id " . $ref_id . ")", -1, ilUtil::now(), ilUtil::now()));
$rolf_ref_id = $ilDB->nextId('object_reference');
// Create reference
$ilDB->manipulateF("INSERT INTO object_reference (ref_id, obj_id) VALUES (%s, %s)", array('integer', 'integer'), array($rolf_ref_id, $rolf_obj_id));
// put in tree
$tree->insertNode($rolf_ref_id, $ref_id);
$role_obj_id = $ilDB->nextId('object_data');
// Create role
$ilDB->manipulateF("INSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($role_obj_id, "role", "il_chat_moderator_" . $ref_id, "Moderator of chat obj_no." . $obj_id, -1, ilUtil::now(), ilUtil::now()));
// Insert role_data
$ilDB->manipulateF('INSERT INTO role_data (role_id) VALUES (%s)', array('integer'), array($role_obj_id));
$permissions = ilRbacReview::_getOperationIdsByName(array('visible', 'read', 'moderate'));
$rbacadmin = new ilRbacAdmin();
$rbacadmin->grantPermission($role_obj_id, $permissions, $ref_id);
$rbacadmin->assignRoleToFolder($role_obj_id, $rolf_ref_id);
$id = $ilDB->nextId('chatroom_settings');
$ilDB->insert('chatroom_settings', array('room_id' => array('integer', $id), 'object_id' => array('integer', $obj_id), 'room_type' => array('text', 'default'), 'allow_anonymous' => array('integer', 0), 'allow_custom_usernames' => array('integer', 0), 'enable_history' => array('integer', 0), 'restrict_history' => array('integer', 0), 'autogen_usernames' => array('text', 'Anonymous #'), 'allow_private_rooms' => array('integer', 1)));
$settings = new ilSetting('chatroom');
$settings->set('public_room_ref', $ref_id);
}
?>
<#3461>
<?php
$chat_modetator_tpl_id = $ilDB->nextId('object_data');
$ilDB->manipulateF("\n\t\tINSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($chat_modetator_tpl_id, "rolt", "il_chat_moderator", "Moderator template for chat moderators", -1, ilUtil::now(), ilUtil::now()));
$query = 'SELECT ops_id FROM rbac_operations WHERE operation = ' . $ilDB->quote('moderate', 'text');
$rset = $ilDB->query($query);
/**
* display edit form
*
* @access public
*/
function editObject()
{
global $rbacsystem, $rbacreview;
if (!$rbacsystem->checkAccess("edit_permission", $_GET["ref_id"])) {
$this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
}
//prepare objectlist
$this->data = array();
$this->data["data"] = array();
$this->data["ctrl"] = array();
$this->data["cols"] = array("type", "operation", "description", "status");
$ops_valid = $rbacreview->getOperationsOnType($this->obj_id);
if ($ops_arr = ilRbacReview::_getOperationList('', $a_order, $a_direction)) {
$options = array("e" => "enabled", "d" => "disabled");
foreach ($ops_arr as $key => $ops) {
// BEGIN ROW
if (in_array($ops["ops_id"], $ops_valid)) {
$ops_status = 'e';
} else {
$ops_status = 'd';
}
$obj = $ops["ops_id"];
$ops_options = ilUtil::formSelect($ops_status, "id[{$obj}]", $options);
//visible data part
$this->data["data"][] = array("type" => "perm", "operation" => $ops["operation"], "description" => $ops["desc"], "status" => $ops_status, "status_html" => $ops_options, "obj_id" => $val["ops_id"]);
}
}
//if typedata
$this->maxcount = count($this->data["data"]);
// sorting array
$this->data["data"] = ilUtil::sortArray($this->data["data"], $_GET["sort_by"], $_GET["sort_order"]);
// now compute control information
foreach ($this->data["data"] as $key => $val) {
$this->data["ctrl"][$key] = array("obj_id" => $val["obj_id"], "type" => $val["type"]);
unset($this->data["data"][$key]["obj_id"]);
$this->data["data"][$key]["status"] = $this->data["data"][$key]["status_html"];
unset($this->data["data"][$key]["status_html"]);
}
// build table
include_once "./Services/Table/classes/class.ilTableGUI.php";
// load template for table
$this->tpl->addBlockfile("ADM_CONTENT", "adm_content", "tpl.table.html");
// load template for table content data
$this->tpl->addBlockfile("TBL_CONTENT", "tbl_content", "tpl.obj_tbl_rows.html");
$num = 0;
$obj_str = $this->call_by_reference ? "" : "&obj_id=" . $this->obj_id;
$this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=" . $this->ref_id . "{$obj_str}&cmd=save");
// create table
$tbl = new ilTableGUI();
// title & header columns
$tbl->setTitle($this->lng->txt("edit_operations") . " " . strtolower($this->lng->txt("of")) . " '" . $this->object->getTitle() . "'", "icon_" . $this->object->getType() . "_b.png", $this->lng->txt("obj_" . $this->object->getType()));
$tbl->setHelp("tbl_help.php", "icon_help.png", $this->lng->txt("help"));
foreach ($this->data["cols"] as $val) {
$header_names[] = $this->lng->txt($val);
}
$tbl->setHeaderNames($header_names);
$header_params = array("ref_id" => $this->ref_id, "obj_id" => $this->id, "cmd" => "edit");
$tbl->setHeaderVars($this->data["cols"], $header_params);
// control
$tbl->setOrderColumn($_GET["sort_by"]);
$tbl->setOrderDirection($_GET["sort_order"]);
$tbl->setLimit(0);
$tbl->setOffset(0);
$tbl->setMaxCount($this->maxcount);
// SHOW VALID ACTIONS
$this->tpl->setVariable("IMG_ARROW", ilUtil::getImagePath("arrow_downright.png"));
$this->tpl->setVariable("COLUMN_COUNTS", count($this->data["cols"]));
// footer
$tbl->setFooter("tblfooter", $this->lng->txt("previous"), $this->lng->txt("next"));
//$tbl->disable("footer");
// render table
$tbl->render();
if (is_array($this->data["data"][0])) {
//table cell
for ($i = 0; $i < count($this->data["data"]); $i++) {
$data = $this->data["data"][$i];
$ctrl = $this->data["ctrl"][$i];
// color changing
$css_row = ilUtil::switchColor($i + 1, "tblrow1", "tblrow2");
$this->tpl->setCurrentBlock("table_cell");
$this->tpl->setVariable("CELLSTYLE", "tblrow1");
$this->tpl->parseCurrentBlock();
foreach ($data as $key => $val) {
$this->tpl->setCurrentBlock("text");
if ($key == "type") {
$val = ilUtil::getImageTagByType($val, $this->tpl->tplPath);
}
$this->tpl->setVariable("TEXT_CONTENT", $val);
$this->tpl->parseCurrentBlock();
$this->tpl->setCurrentBlock("table_cell");
$this->tpl->parseCurrentBlock();
}
//foreach
$this->tpl->setVariable("BTN_VALUE", $this->lng->txt("save"));
$this->tpl->setCurrentBlock("tbl_content");
$this->tpl->setVariable("CSS_ROW", $css_row);
$this->tpl->parseCurrentBlock();
}
//for
}
//if is_array
}
/**
* Save permissions
* @return
*/
protected function savePermissions()
{
global $rbacreview, $objDefinition, $rbacadmin;
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
$roles = $this->applyRoleFilter($rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()), $table->getFilterItemByPostVar('role')->getValue());
// Log history
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
# all possible create permissions
$possible_ops_ids = $rbacreview->getOperationsByTypeAndClass($this->getCurrentObject()->getType(), 'create');
# createable (activated) create permissions
$create_types = $objDefinition->getCreatableSubObjects($this->getCurrentObject()->getType());
$createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
foreach ((array) $roles as $role => $role_data) {
if ($role_data['protected']) {
continue;
}
$new_ops = array_keys((array) $_POST['perm'][$role]);
$old_ops = $rbacreview->getRoleOperationsOnObject($role, $this->getCurrentObject()->getRefId());
// Add operations which were enabled and are not activated.
foreach ($possible_ops_ids as $create_ops_id) {
if (in_array($create_ops_id, $createable_ops_ids)) {
continue;
}
if (in_array($create_ops_id, $old_ops)) {
$new_ops[] = $create_ops_id;
}
}
$rbacadmin->revokePermission($this->getCurrentObject()->getRefId(), $role);
$rbacadmin->grantPermission($role, array_unique($new_ops), $this->getCurrentObject()->getRefId());
}
// Handle local policies.
$rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
$relevant_roles = array_intersect($rbacreview->getRolesOfRoleFolder($rolf_id), array_keys($roles));
if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
foreach ($roles as $role) {
// No action for local roles
if ($role['parent'] == $rolf_id and $role['assign'] == 'y') {
continue;
}
// Nothing for protected roles
if ($role['protected']) {
continue;
}
// Stop local policy
if ($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']])) {
$role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
$role_obj->setParent($rolf_id);
$role_obj->delete();
continue;
}
// Add local policy
if ($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']])) {
$rbacadmin->copyRoleTemplatePermissions($role['obj_id'], $role['parent'], $rolf_id, $role['obj_id']);
$rbacadmin->assignRoleToFolder($role['obj_id'], $rolf_id, 'n');
}
}
}
// Protect permissions
if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
foreach ($roles as $role) {
if ($rbacreview->isAssignable($role['obj_id'], $rolf_id)) {
if (isset($_POST['protect'][$role['obj_id']]) and !$rbacreview->isProtected($rolf_id, $role['obj_id'])) {
$rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
} elseif (!isset($_POST['protect'][$role['obj_id']]) and $rbacreview->isProtected($rolf_id, $role['obj_id'])) {
$rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
}
}
}
}
$log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
$log = ilRbacLog::diffFaPa($log_old, $log_new);
ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
if (count((array) $_POST['block'])) {
return $this->showConfirmBlockRole(array_keys($_POST['block']));
}
ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
#$this->ctrl->redirect($this,'perm');
$this->perm();
}
/**
* get operation id by name of operation
* @access public
* @access static
* @param string operation name
* @return integer operation id
* @todo refactor rolf => DONE
*/
public static function _getOperationIdByName($a_operation)
{
global $ilDB, $ilErr;
if (!isset($a_operation)) {
$message = "perm::getOperationId(): No operation given!";
$ilErr->raiseError($message, $ilErr->WARNING);
}
// Cache operation ids
if (!is_array(self::$_opsCache)) {
self::$_opsCache = array();
$q = "SELECT ops_id, operation FROM rbac_operations";
$r = $ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT)) {
self::$_opsCache[$row->operation] = $row->ops_id;
}
}
// Get operation ID by name from cache
if (array_key_exists($a_operation, self::$_opsCache)) {
return self::$_opsCache[$a_operation];
}
return null;
}
/**
* Parse
* @return
*/
public function parse()
{
global $rbacreview, $objDefinition;
$this->initColumns();
$perms = array();
$roles = array();
if (!count($this->getVisibleRoles())) {
return $this->setData(array());
}
// Read operations of role
$operations = array();
foreach ($this->getVisibleRoles() as $role_data) {
$operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
}
$counter = 0;
// Local policy
if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
$roles = array();
$local_roles = $rbacreview->getRolesOfObject($this->getRefId());
foreach ($this->getVisibleRoles() as $role_id => $role_data) {
$roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'local_policy' => in_array($role_data['obj_id'], $local_roles), 'isLocal' => $this->getRefId() == $role_data['parent'] && $role_data['assign'] == 'y');
}
$perms[$counter]['roles'] = $roles;
$perms[$counter]['show_local_policy_row'] = 1;
$counter++;
}
// Protect permissions
if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
$roles = array();
foreach ($this->getVisibleRoles() as $role_id => $role_data) {
$roles[$role_data['obj_id']] = array('protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'], $this->getRefId()), 'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id']));
}
$perms[$counter]['roles'] = $roles;
$perms[$counter]['show_protected_row'] = 1;
$counter++;
}
// Block role
if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
$perms[$counter++]['show_block_row'] = 1;
}
if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
$perms[$counter++]['show_start_info'] = true;
}
// no creation permissions
$no_creation_operations = array();
foreach ($rbacreview->getOperationsByTypeAndClass($this->getObjType(), 'object') as $operation) {
$this->addActiveOperation($operation);
$no_creation_operations[] = $operation;
$roles = array();
foreach ($this->getVisibleRoles() as $role_data) {
$roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'permission_set' => in_array($operation, (array) $operations[$role_data['obj_id']]));
}
$op = $rbacreview->getOperation($operation);
$perms[$counter]['roles'] = $roles;
$perms[$counter]['perm'] = $op;
$counter++;
}
/*
* Select all
*/
if ($no_creation_operations) {
$perms[$counter]['show_select_all'] = 1;
$perms[$counter]['ops'] = $no_creation_operations;
$perms[$counter]['subtype'] = 'nocreation';
$counter++;
}
if ($objDefinition->isContainer($this->getObjType())) {
$perms[$counter++]['show_create_info'] = true;
}
// Get creatable objects
$objects = $objDefinition->getCreatableSubObjects($this->getObjType());
$ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
$creation_operations = array();
foreach ($objects as $type => $info) {
$ops_id = $ops_ids[$type];
if (!$ops_id) {
continue;
}
$this->addActiveOperation($ops_id);
$creation_operations[] = $ops_id;
$roles = array();
foreach ($this->getVisibleRoles() as $role_data) {
$roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'permission_set' => in_array($ops_id, (array) $operations[$role_data['obj_id']]));
}
$op = $rbacreview->getOperation($ops_id);
$perms[$counter]['roles'] = $roles;
$perms[$counter]['perm'] = $op;
$counter++;
}
// Select all
if (count($creation_operations)) {
$perms[$counter]['show_select_all'] = 1;
$perms[$counter]['ops'] = $creation_operations;
$perms[$counter]['subtype'] = 'creation';
$counter++;
}
$this->setData($perms);
}
/**
* Check permissions
*/
protected function checkPermission()
{
$allowed_roles = ilCertificateConfig::get('roles_administrate_certificate_types');
return $this->rbac->isAssignedToAtLeastOneGivenRole($this->user->getId(), json_decode($allowed_roles, true));
}
/**
* Update properties
*/
public function updateProperties()
{
global $tpl, $lng, $ilCtrl, $ScormCloudService;
if ($_FILES["scormcloudfile"]["name"]) {
// First, process SCORM Cloud upload
if ($_FILES["scormcloudfile"]["error"] > 0) {
error_log("Error: " . $_FILES["scormcloudfile"]["error"]);
} else {
$id = $this->object->getId();
if ($this->isPackageImportedInScormCloud()) {
$mode = "update";
} else {
$mode = "new";
}
$courseService = $ScormCloudService->getCourseService();
$uploadService = $ScormCloudService->getUploadService();
$courseId = $id;
// Where the file is going to be placed
$target_path = "uploads/";
$target_path = $_FILES["scormcloudfile"]["tmp_name"] . '.zip';
$tempFile = $_FILES["scormcloudfile"]["tmp_name"];
move_uploaded_file($_FILES['scormcloudfile']['tmp_name'], $target_path);
$absoluteFilePathToZip = $target_path;
try {
//now upload the file and save the resulting location
$location = $uploadService->UploadFile($absoluteFilePathToZip, null);
if ($mode == 'update') {
//version the uploaded course
$ir = $courseService->VersionUploadedCourse($courseId, $location, null);
} else {
//import the uploaded course
$ir = $courseService->ImportUploadedCourse($courseId, $location, null);
}
} catch (Exception $e) {
// unlink deletes file
unlink($absoluteFilePathToZip);
throw $e;
}
// unlink deletes uploaded file
unlink($absoluteFilePathToZip);
//TODO: Expose and view import result object
// if ($ir->getWasSuccessful())
// {
// $this->object->setTitle($ir->getTitle());
// $this->object->update();
//
// }
// Don't have $ir now... so by virtue of it existing in this next call we'll call it good
if ($this->isPackageImportedInScormCloud()) {
$allResults = $courseService->GetCourseList();
$xmlstring = '';
$courseTitle = '';
foreach ($allResults as $course) {
if ($course->getCourseId() == $this->object->getId()) {
$courseTitle = $course->getTitle();
$versionCount = $course->getNumberOfVersions();
$xmlstring = $courseService->GetMetadata($courseId, $versionCount - 1, 0, 'xml');
error_log("xmlString : " . $xmlstring);
$this->object->setTitle($courseTitle);
$this->object->setExistsOnCloud(true);
$this->object->setVersion($versionCount);
$this->object->update();
//$this->object->refreshMetaData();
break;
}
}
// Here's where we set the default permissions. Here's a spot where we have a good
// refId so use it to set the initial permissions.
if ($mode == "new") {
// Looks like a good spot to modify permissions since the object has been created
global $rbacadmin, $rbacreview;
$user_role_id = 4;
$guest_role_id = 5;
$ref_id = $this->object->getRefId();
$rbacadmin->grantPermission($guest_role_id, ilRbacReview::_getOperationIdsByName(array("visible")), $ref_id);
$rbacadmin->grantPermission($user_role_id, ilRbacReview::_getOperationIdsByName(array("visible", "read")), $ref_id);
}
}
}
}
$this->initPropertiesForm();
if ($this->form->checkInput()) {
//$this->object->setTitle($this->form->getInput("title"));
$this->object->setDescription($this->form->getInput("desc"));
$this->object->setOnline($this->form->getInput("online"));
$this->object->setLearnersSeeRptDetails($this->form->getInput("learners_see_rpt_details"));
$this->object->update();
ilUtil::sendSuccess($lng->txt("msg_obj_modified"), true);
$ilCtrl->redirect($this, "editProperties");
}
$this->form->setValuesByPost();
$tpl->setContent($this->form->getHtml());
}