/**
  * Init form
  */
 protected function initForm()
 {
     $this->setFormAction($this->ctrl->getFormAction($this->parent_gui));
     $title = $this->isNew ? $this->pl->txt('add_new_type') : $this->pl->txt('edit_type');
     $this->setTitle($title);
     $item = new ilTextInputGUI($this->lng->txt('title'), 'title');
     $item->setRequired(true);
     $item->setValue($this->type->getTitle());
     $this->addItem($item);
     $item = new ilTextAreaInputGUI($this->lng->txt('description'), 'description');
     $item->setValue($this->type->getDescription());
     $this->addItem($item);
     $item = new ilMultiSelectInputGUI($this->lng->txt('languages'), 'languages');
     $item->setWidth(self::WIDTH_MULTISELECT_INPUT);
     $langs = $this->lng->getInstalledLanguages();
     $options = array();
     foreach ($langs as $lang_code) {
         $options[$lang_code] = $this->lng->txt("meta_l_{$lang_code}");
     }
     $item->setOptions($options);
     $item->setValue($this->type->getLanguages());
     $item->setRequired(true);
     $this->addItem($item);
     $item = new ilMultiSelectInputGUI($this->lng->txt('roles'), 'roles');
     $item->setWidth(self::WIDTH_MULTISELECT_INPUT);
     $roles = $this->rbac->getRolesByFilter(ilRbacReview::FILTER_ALL, 0, '');
     $options = array();
     $hide_roles = array(14, 5);
     foreach ($roles as $role) {
         if (strpos($role['title'], 'il_') === 0 || in_array($role['obj_id'], $hide_roles)) {
             // Don't show auto-generated roles. If this takes to much performance, write query...
             continue;
         }
         $options[$role['obj_id']] = $role['title'];
     }
     $item->setOptions($options);
     $item->setValue($this->type->getRoles());
     $item->setInfo($this->pl->txt('roles_info'));
     $this->addItem($item);
     $item = new ilMultiSelectInputGUI($this->pl->txt('available_objects'), 'available_objects');
     $item->setWidth(self::WIDTH_MULTISELECT_INPUT);
     $options = array();
     foreach (srCertificateType::getAllAvailableObjectTypes() as $type) {
         $options[$type] = $type;
     }
     $item->setOptions($options);
     $item->setValue($this->type->getAvailableObjects());
     $item->setRequired(true);
     $item->setInfo($this->pl->txt('available_objects_info'));
     $this->addItem($item);
     $this->addCommandButton('saveType', $this->lng->txt('save'));
 }
 protected function addOtherRolesToolbar()
 {
     $arrLocalRoles = $this->rbacreview->getLocalRoles($this->parent_object->getRefId());
     $types = array();
     foreach ($arrLocalRoles as $role_id) {
         $ilObjRole = new ilObjRole($role_id);
         if (!preg_match("/il_orgu_/", $ilObjRole->getUntranslatedTitle())) {
             $types[$role_id] = $ilObjRole->getPresentationTitle();
         }
     }
     $this->ctrl->setParameterByClass('ilRepositorySearchGUI', 'addusertype', 'other');
     ilRepositorySearchGUI::fillAutoCompleteToolbar($this, $this->toolbar, array('auto_complete_name' => $this->lng->txt('user'), 'user_type' => $types, 'submit_name' => $this->lng->txt('add')));
 }
 /**
  * Reads the submitted data from the password assistance form.
  * The following form fields are read as HTTP POST parameters:
  * username
  * email
  * If the submitted username and email address matches an entry in the user data
  * table, then ILIAS creates a password assistance session for the user, and
  * sends a password assistance mail to the email address.
  * For details about the creation of the session and the e-mail see function
  * sendPasswordAssistanceMail().
  */
 public function submitAssistanceForm()
 {
     $form = $this->getAssistanceForm();
     if (!$form->checkInput()) {
         $form->setValuesByPost();
         $this->showAssistanceForm($form);
         return;
     }
     $username = $form->getInput('username');
     $email = $form->getInput('email');
     $userObj = null;
     $userid = ilObjUser::getUserIdByLogin($username);
     $txt_key = 'pwassist_invalid_username_or_email';
     if ($userid != 0) {
         $userObj = new ilObjUser($userid);
         if (strcasecmp($userObj->getEmail(), $email) != 0) {
             $userObj = null;
         } elseif (!strlen($email)) {
             $userObj = null;
             $txt_key = 'pwassist_no_email_found';
         } else {
             if ($userObj->getAuthMode(true) != AUTH_LOCAL || $userObj->getAuthMode(true) == AUTH_DEFAULT && AUTH_DEFAULT != AUTH_LOCAL) {
                 $userObj = null;
                 $txt_key = 'pwassist_invalid_auth_mode';
             }
         }
     }
     // No matching user object found?
     // Show the password assistance form again, and display an error message.
     if ($userObj == null) {
         ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt($txt_key)));
         $form->setValuesByPost();
         $this->showAssistanceForm($form);
     } else {
         // Matching user object found?
         // Check if the user is permitted to use the password assistance function,
         // and then send a password assistance mail to the email address.
         // FIXME: Extend this if-statement to check whether the user
         // has the permission to use the password assistance function.
         // The anonymous user and users who are system administrators are
         // not allowed to use this feature
         if ($this->rbacreview->isAssigned($userObj->getId, ANONYMOUS_ROLE_ID) || $this->rbacreview->isAssigned($userObj->getId, SYSTEM_ROLE_ID)) {
             ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_not_permitted')));
             $form->setValuesByPost();
             $this->showAssistanceForm($form);
         } else {
             $this->sendPasswordAssistanceMail($userObj);
             $this->showMessageForm(sprintf($this->lng->txt('pwassist_mail_sent'), $email));
         }
     }
 }
Exemplo n.º 4
0
 /**
  * Get the number of users who may access the object but don't have yet a license
  *
  * @access   public
  * @return   int     number of potential accesses
  */
 function getPotentialAccesses()
 {
     global $ilDB;
     // get the operation id for read access
     $ops_ids = ilRbacReview::_getOperationIdsByName(array('read'));
     // first get all roles with read access
     $role_ids = array();
     $query = 'SELECT DISTINCT pa.rol_id' . ' FROM rbac_pa pa' . ' INNER JOIN object_reference ob ON ob.ref_id = pa.ref_id' . ' WHERE ' . $ilDB->like('pa.ops_id', 'text', '%%i:' . $ops_ids[0] . ';%%') . ' AND ob.obj_id = ' . $ilDB->quote($this->obj_id, 'integer');
     $result = $ilDB->query($query);
     while ($row = $ilDB->fetchObject($result)) {
         $role_ids[] = $row->rol_id;
     }
     if (!count($role_ids)) {
         return 0;
     }
     // then count all users of these roles without read events
     $query = 'SELECT COUNT(DISTINCT(usr_id)) accesses ' . ' FROM rbac_ua' . ' WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' AND usr_id NOT IN' . ' (SELECT usr_id FROM read_event' . '  WHERE obj_id = ' . $ilDB->quote($this->obj_id, 'integer') . ')';
     $result = $ilDB->query($query);
     $row = $ilDB->fetchObject($result);
     return $row->accesses;
 }
 /**
  * Available Roles Table Data
  * @return array
  */
 function getAvailableRolesTableData()
 {
     global $tree;
     include_once './Services/AccessControl/classes/class.ilObjRole.php';
     $path = array_reverse($tree->getPathId($this->object->getRefId()));
     include_once './Services/AccessControl/classes/class.ilObjRole.php';
     $counter = 0;
     foreach ($this->valid_roles as $role) {
         $result_set[$counter]["img"] = in_array($role['obj_id'], $this->user_roles) ? self::IMG_OK : self::IMG_NOT_OK;
         $result_set[$counter]["role"] = str_replace(" ", " ", ilObjRole::_getTranslation($role["title"]));
         if ($role['role_type'] != "linked") {
             $result_set[$counter]["effective_from"] = "";
         } else {
             $rolfs = $this->rbacreview->getFoldersAssignedToRole($role["obj_id"]);
             // ok, try to match the next rolf in path
             foreach ($path as $node) {
                 if ($node == 1) {
                     break;
                 }
                 if (in_array($node, $rolfs)) {
                     $nodedata = $tree->getNodeData($node);
                     $result_set[$counter]["effective_from"] = $nodedata["title"];
                     $result_set[$counter]["effective_from_ref_id"] = $node;
                     break;
                 }
             }
         }
         if (in_array($role['obj_id'], $this->global_roles)) {
             $result_set[$counter]["original_position"] = $this->lng->txt("global");
             $result_set[$counter]["original_position_ref_id"] = false;
         } else {
             $rolf = $this->rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
             $parent_node = $tree->getNodeData($rolf[0]);
             $result_set[$counter]["original_position"] = $parent_node["title"];
             $result_set[$counter]["original_position_ref_id"] = $parent_node["ref_id"];
         }
         ++$counter;
     }
     return $result_set;
 }
 function getRolesWithContribute($a_node_id)
 {
     global $rbacreview;
     include_once "Services/AccessControl/classes/class.ilObjRole.php";
     $contr_op_id = ilRbacReview::_getOperationIdByName("contribute");
     $contr_role_id = $this->getLocalContributorRole($a_node_id);
     $res = array();
     foreach ($rbacreview->getParentRoleIds($a_node_id) as $role_id => $role) {
         if ($role_id != $contr_role_id && in_array($contr_op_id, $rbacreview->getActiveOperationsOfRole($a_node_id, $role_id))) {
             $res[$role_id] = ilObjRole::_getTranslation($role["title"]);
         }
     }
     return $res;
 }
 protected function handlePermissionUpdate(ilECSSetting $server)
 {
     if ($this->content_obj->getType() == 'crs') {
         $GLOBALS['ilLog']->write(__METHOD__ . ': Permission update');
         if ($this->content_obj->getType() == 'crs') {
             $GLOBALS['rbacadmin']->grantPermission($server->getGlobalRole(), ilRbacReview::_getOperationIdsByName(array('join', 'visible')), $this->content_obj->getRefId());
         }
     }
 }
Exemplo n.º 8
0
 /**
  * Get all objects of a specific type and check access
  * This function is not recursive, instead it parses the serialized rbac_pa entries
  *
  * Get all objects of a specific type where access is granted for the given
  * operation. This function does a checkAccess call for all objects
  * in the object hierarchy and return only the objects of the given type.
  * Please note if access is not granted to any object in the hierarchy
  * the function skips all objects under it.
  * Example:
  * You want a list of all Courses that are visible and readable for the user.
  * The function call would be:
  * $your_list = IlUtil::getObjectsByOperation ("crs", "visible");
  * Lets say there is a course A where the user would have access to according to
  * his role assignments. Course A lies within a group object which is not readable
  * for the user. Therefore course A won't appear in the result list although
  * the queried operations 'read' would actually permit the user
  * to access course A.
  *
  * @access	public
  * @param	string/array	object type 'lm' or array('lm','sahs')
  * @param	string	permission to check e.g. 'visible' or 'read'
  * @param	int id of user in question
  * @param    int limit of results. if not given it defaults to search max hits.If limit is -1 limit is unlimited
  * @return	array of ref_ids
  * @static
  * 
  */
 public static function _getObjectsByOperations($a_obj_type, $a_operation, $a_usr_id = 0, $limit = 0)
 {
     global $ilDB, $rbacreview, $ilAccess, $ilUser, $ilias, $tree;
     if (!is_array($a_obj_type)) {
         $where = "WHERE type = " . $ilDB->quote($a_obj_type, "text") . " ";
     } else {
         $where = "WHERE " . $ilDB->in("type", $a_obj_type, false, "text") . " ";
     }
     // limit number of results default is search result limit
     if (!$limit) {
         $limit = $ilias->getSetting('search_max_hits', 100);
     }
     if ($limit == -1) {
         $limit = 10000;
     }
     // default to logged in usr
     $a_usr_id = $a_usr_id ? $a_usr_id : $ilUser->getId();
     $a_roles = $rbacreview->assignedRoles($a_usr_id);
     // Since no rbac_pa entries are available for the system role. This function returns !all! ref_ids in the case the user
     // is assigned to the system role
     if ($rbacreview->isAssigned($a_usr_id, SYSTEM_ROLE_ID)) {
         $query = "SELECT ref_id FROM object_reference obr LEFT JOIN object_data obd ON obr.obj_id = obd.obj_id " . "LEFT JOIN tree ON obr.ref_id = tree.child " . $where . "AND tree = 1";
         $res = $ilDB->query($query);
         $counter = 0;
         while ($row = $ilDB->fetchObject($res)) {
             // Filter recovery folder
             if ($tree->isGrandChild(RECOVERY_FOLDER_ID, $row->ref_id)) {
                 continue;
             }
             if ($counter++ >= $limit) {
                 break;
             }
             $ref_ids[] = $row->ref_id;
         }
         return $ref_ids ? $ref_ids : array();
     }
     // End Administrators
     // Check ownership if it is not asked for edit_permission or a create permission
     if ($a_operation == 'edit_permissions' or strpos($a_operation, 'create') !== false) {
         $check_owner = ") ";
     } else {
         $check_owner = "OR owner = " . $ilDB->quote($a_usr_id, "integer") . ") ";
     }
     $ops_ids = ilRbacReview::_getOperationIdsByName(array($a_operation));
     $ops_id = $ops_ids[0];
     $and = "AND ((" . $ilDB->in("rol_id", $a_roles, false, "integer") . " ";
     $query = "SELECT DISTINCT(obr.ref_id),obr.obj_id,type FROM object_reference obr " . "JOIN object_data obd ON obd.obj_id = obr.obj_id " . "LEFT JOIN rbac_pa  ON obr.ref_id = rbac_pa.ref_id " . $where . $and . "AND (" . $ilDB->like("ops_id", "text", "%i:" . $ops_id . "%") . " " . "OR " . $ilDB->like("ops_id", "text", "%:\"" . $ops_id . "\";%") . ")) " . $check_owner;
     $res = $ilDB->query($query);
     $counter = 0;
     while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
         if ($counter >= $limit) {
             break;
         }
         // Filter objects in recovery folder
         if ($tree->isGrandChild(RECOVERY_FOLDER_ID, $row->ref_id)) {
             continue;
         }
         // Check deleted, hierarchical access ...
         if ($ilAccess->checkAccessOfUser($a_usr_id, $a_operation, '', $row->ref_id, $row->type, $row->obj_id)) {
             $counter++;
             $ref_ids[] = $row->ref_id;
         }
     }
     return $ref_ids ? $ref_ids : array();
 }
Exemplo n.º 9
0
 /**
  * display roleassignment panel
  *
  * @access	public
  */
 function roleassignmentObject()
 {
     global $rbacreview, $rbacsystem, $ilUser, $ilTabs;
     $ilTabs->activateTab("role_assignment");
     if (!$rbacsystem->checkAccess("edit_roleassignment", $this->usrf_ref_id)) {
         $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_role_to_user"), $this->ilias->error_obj->MESSAGE);
     }
     $_SESSION['filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['filtered_roles'];
     if ($_SESSION['filtered_roles'] > 5) {
         $_SESSION['filtered_roles'] = 0;
     }
     $this->tpl->addBlockfile('ADM_CONTENT', 'adm_content', 'tpl.usr_role_assignment.html', 'Services/User');
     if (false) {
         $this->tpl->setCurrentBlock("filter");
         $this->tpl->setVariable("FILTER_TXT_FILTER", $this->lng->txt('filter'));
         $this->tpl->setVariable("SELECT_FILTER", $this->__buildFilterSelect());
         $this->tpl->setVariable("FILTER_ACTION", $this->ctrl->getFormAction($this));
         $this->tpl->setVariable("FILTER_NAME", 'roleassignment');
         $this->tpl->setVariable("FILTER_VALUE", $this->lng->txt('apply_filter'));
         $this->tpl->parseCurrentBlock();
     }
     // init table
     include_once "./Services/User/classes/class.ilRoleAssignmentTableGUI.php";
     $tab = new ilRoleAssignmentTableGUI($this, "roleassignment");
     // now get roles depending on filter settings
     $role_list = $rbacreview->getRolesByFilter($tab->filter["role_filter"], $this->object->getId());
     $assigned_roles = $rbacreview->assignedRoles($this->object->getId());
     $counter = 0;
     include_once './Services/AccessControl/classes/class.ilObjRole.php';
     $records = array();
     foreach ($role_list as $role) {
         // fetch context path of role
         $rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
         // only list roles that are not set to status "deleted"
         if ($rbacreview->isDeleted($rolf[0])) {
             continue;
         }
         // build context path
         $path = "";
         if ($this->tree->isInTree($rolf[0])) {
             if ($rolf[0] == ROLE_FOLDER_ID) {
                 $path = $this->lng->txt("global");
             } else {
                 $tmpPath = $this->tree->getPathFull($rolf[0]);
                 // count -1, to exclude the role folder itself
                 /*for ($i = 1; $i < (count($tmpPath)-1); $i++)
                 				    {
                 					    if ($path != "")
                 					    {
                 						    $path .= " > ";
                 					    }
                 
                 					    $path .= $tmpPath[$i]["title"];
                 				    }*/
                 $path = $tmpPath[count($tmpPath) - 1]["title"];
             }
         } else {
             $path = "<b>Rolefolder " . $rolf[0] . " not found in tree! (Role " . $role["obj_id"] . ")</b>";
         }
         $disabled = false;
         // disable checkbox for system role for the system user
         if ($this->object->getId() == SYSTEM_USER_ID and $role["obj_id"] == SYSTEM_ROLE_ID or !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId())) and $role["obj_id"] == SYSTEM_ROLE_ID) {
             $disabled = true;
         }
         // protected admin role
         if ($role['obj_id'] == SYSTEM_ROLE_ID && !$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)) {
             include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
             if (ilSecuritySettings::_getInstance()->isAdminRoleProtected()) {
                 $disabled = true;
             }
         }
         if (substr($role["title"], 0, 3) == "il_") {
             if (!$assignable) {
                 $rolf_arr = $rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
                 $rolf2 = $rolf_arr[0];
             } else {
                 $rolf2 = $rolf;
             }
             $parent_node = $this->tree->getNodeData($rolf2);
             $role["description"] = $this->lng->txt("obj_" . $parent_node["type"]) . "&nbsp;(#" . $parent_node["obj_id"] . ")";
         }
         $role_ids[$counter] = $role["obj_id"];
         $result_set[$counter][] = $checkbox = ilUtil::formCheckBox(in_array($role["obj_id"], $assigned_roles), "role_id[]", $role["obj_id"], $disabled) . "<input type=\"hidden\" name=\"role_id_ctrl[]\" value=\"" . $role["obj_id"] . "\"/>";
         $this->ctrl->setParameterByClass("ilobjrolegui", "ref_id", $rolf[0]);
         $this->ctrl->setParameterByClass("ilobjrolegui", "obj_id", $role["obj_id"]);
         $result_set[$counter][] = $link = "<a href=\"" . $this->ctrl->getLinkTargetByClass("ilobjrolegui", "perm") . "\">" . ilObjRole::_getTranslation($role["title"]) . "</a>";
         $title = ilObjRole::_getTranslation($role["title"]);
         $result_set[$counter][] = $role["description"];
         // Add link to objector local Rores
         if ($role["role_type"] == "local") {
             // Get Object to the role
             $obj_id = ilRbacReview::getObjectOfRole($role["rol_id"]);
             $obj_type = ilObject::_lookupType($obj_id);
             $ref_ids = ilObject::_getAllReferences($obj_id);
             foreach ($ref_ids as $ref_id) {
             }
             require_once "./Services/Link/classes/class.ilLink.php";
             $result_set[$counter][] = $context = "<a href='" . ilLink::_getLink($ref_id, ilObject::_lookupType($obj_id)) . "' target='_top'>" . $path . "</a>";
         } else {
             $result_set[$counter][] = $path;
             $context = $path;
         }
         $records[] = array("path" => $path, "description" => $role["description"], "context" => $context, "checkbox" => $checkbox, "role" => $link, "title" => $title);
         ++$counter;
     }
     if (true) {
         $tab->setData($records);
         $this->tpl->setVariable("ROLES_TABLE", $tab->getHTML());
         return;
     }
 }
 /**
  * Parse permissions
  * @return 
  */
 public function parse()
 {
     global $rbacreview, $objDefinition;
     $operations = $this->getPermissions($this->getTemplateType());
     // Object permissions
     $rows = array();
     foreach ($rbacreview->getOperationsByTypeAndClass($this->getTemplateType(), 'object') as $ops_id) {
         $operations = $this->getPermissions($this->getTemplateType());
         $operation = $rbacreview->getOperation($ops_id);
         $perm['ops_id'] = $ops_id;
         $perm['set'] = (in_array($ops_id, $operations) or $this->getRoleId() == SYSTEM_ROLE_ID);
         $perm['name'] = $operation['operation'];
         $rows[] = $perm;
     }
     // Get creatable objects
     $objects = $objDefinition->getCreatableSubObjects($this->getTemplateType());
     $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
     foreach ($objects as $type => $info) {
         $ops_id = $ops_ids[$type];
         if (!$ops_id) {
             continue;
         }
         $perm['ops_id'] = $ops_id;
         $perm['set'] = (in_array($ops_id, $operations) or $this->getRoleId() == SYSTEM_ROLE_ID);
         $perm['name'] = 'create_' . $info['name'];
         $perm['create_type'] = $info['name'];
         $rows[] = $perm;
     }
     if (!$this->show_admin_permissions) {
         $rows[] = array('show_ce' => 1);
     }
     $this->setData($rows);
 }
 function checkAccessOfUser($a_user_id, $a_operations, $a_ref_id, $a_type = "")
 {
     global $ilUser, $rbacreview, $ilObjDataCache, $ilDB, $ilLog;
     // Create the user cache key
     $cacheKey = $a_user_id . ':' . $a_operations . ':' . $a_ref_id . ':' . $a_type;
     // Create the cache if it does not yet exist
     if (!is_array(self::$_checkAccessOfUserCache)) {
         self::$_checkAccessOfUserCache = array();
     }
     // Try to return result from cache
     if (array_key_exists($cacheKey, self::$_checkAccessOfUserCache)) {
         return self::$_checkAccessOfUserCache[$cacheKey];
     }
     #echo ++$counter;
     // DISABLED
     // Check For owner
     // Owners do always have full access to their objects
     // Excluded are the permissions create and perm
     // This method call return all operations that are NOT granted by the owner status
     if (!($a_operations = $this->__filterOwnerPermissions($a_user_id, $a_operations, $a_ref_id))) {
         // Store positive outcome in cache.
         // Note: we only cache up to 1000 results to avoid memory overflows
         if (count(self::$_checkAccessOfUserCache) < 1000) {
             self::$_checkAccessOfUserCache[$cacheKey] = true;
         }
         return true;
     }
     // get roles using role cache
     $roles = $this->fetchAssignedRoles($a_user_id, $a_ref_id);
     // exclude system role from rbac
     if (in_array(SYSTEM_ROLE_ID, $roles)) {
         // Store positive outcome in cache.
         // Note: we only cache up to 1000 results to avoid memory overflows
         if (count(self::$_checkAccessOfUserCache) < 1000) {
             self::$_checkAccessOfUserCache[$cacheKey] = true;
         }
         return true;
     }
     if (!isset($a_operations) or !isset($a_ref_id)) {
         $GLOBALS['ilLog']->logStack();
         $this->ilErr->raiseError(get_class($this) . "::checkAccess(): Missing parameter! " . "ref_id: " . $a_ref_id . " operations: " . $a_operations, $this->ilErr->WARNING);
     }
     if (!is_string($a_operations)) {
         $GLOBALS['ilLog']->logStack();
         $this->ilErr->raiseError(get_class($this) . "::checkAccess(): Wrong datatype for operations!", $this->ilErr->WARNING);
     }
     // Create the PA cache if it does not exist yet
     $paCacheKey = $a_user_id . ':' . $a_ref_id;
     if (!is_array(self::$_paCache)) {
         self::$_paCache = array();
     }
     if (array_key_exists($paCacheKey, self::$_paCache)) {
         // Return result from PA cache
         $ops = self::$_paCache[$paCacheKey];
     } else {
         // Data is not in PA cache, perform database query
         $q = "SELECT * FROM rbac_pa " . "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer');
         $r = $this->ilDB->query($q);
         $ops = array();
         while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT)) {
             if (in_array($row->rol_id, $roles)) {
                 $ops = array_merge($ops, unserialize(stripslashes($row->ops_id)));
             }
         }
         // Cache up to 1000 entries in the PA cache
         if (count(self::$_paCache) < 1000) {
             self::$_paCache[$paCacheKey] = $ops;
         }
     }
     $operations = explode(",", $a_operations);
     foreach ($operations as $operation) {
         if ($operation == "create") {
             if (empty($a_type)) {
                 $this->ilErr->raiseError(get_class($this) . "::CheckAccess(): Expect a type definition for checking a 'create' permission", $this->ilErr->WARNING);
             }
             $ops_id = ilRbacReview::_getOperationIdByName($operation . "_" . $a_type);
         } else {
             $ops_id = ilRbacReview::_getOperationIdByName($operation);
         }
         if (!in_array($ops_id, (array) $ops)) {
             //$ilLog->write('PERMISSION: '.$a_ref_id.' -> '.$a_ops_id.' failed');
             // Store negative outcome in cache.
             // Note: we only cache up to 1000 results to avoid memory overflows
             if (count(self::$_checkAccessOfUserCache) < 1000) {
                 self::$_checkAccessOfUserCache[$cacheKey] = false;
             }
             return false;
         }
     }
     // Store positive outcome in cache.
     // Note: we only cache up to 1000 results to avoid memory overflows
     if (count(self::$_checkAccessOfUserCache) < 1000) {
         //$ilLog->write('PERMISSION: '.$a_ref_id.' -> '.$ops_id.' granted');
         self::$_checkAccessOfUserCache[$cacheKey] = true;
     }
     return true;
 }
 function getPermissionInfo()
 {
     global $ilAccess, $lng, $rbacreview, $ilUser, $ilObjDataCache, $objDefinition;
     // icon handlers
     $icon_ok = "<img src=\"" . ilUtil::getImagePath("icon_ok.png") . "\" alt=\"" . $lng->txt("info_assigned") . "\" title=\"" . $lng->txt("info_assigned") . "\" border=\"0\" vspace=\"0\"/>";
     $icon_not_ok = "<img src=\"" . ilUtil::getImagePath("icon_not_ok.png") . "\" alt=\"" . $lng->txt("info_not_assigned") . "\" title=\"" . $lng->txt("info_not_assigned") . "\" border=\"0\" vspace=\"0\"/>";
     // get all possible operation of current object
     $ops_list = ilRbacReview::_getOperationList($this->object->getType());
     $counter = 0;
     // check permissions of user
     foreach ($ops_list as $ops) {
         $access = $ilAccess->doRBACCheck($ops['operation'], "info", $this->object->getRefId(), $this->user->getId(), $this->object->getType());
         $result_set[$counter][] = $access ? $icon_ok : $icon_not_ok;
         if (substr($ops['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($ops['operation'], 7))) {
             $result_set[$counter][] = ilPlugin::lookupTxt("rep_robj", substr($ops['operation'], 7), 'rbac_' . $ops['operation']);
         } else {
             if ($objDefinition->isPlugin($this->object->getType())) {
                 $result_set[$counter][] = ilPlugin::lookupTxt("rep_robj", $this->object->getType(), $this->object->getType() . "_" . $ops['operation']);
             } elseif (substr($ops['operation'], 0, 7) == 'create_') {
                 $result_set[$counter][] = $lng->txt('rbac_' . $ops['operation']);
             } else {
                 $result_set[$counter][] = $lng->txt($this->object->getType() . "_" . $ops['operation']);
             }
         }
         $list_role = "";
         // Check ownership
         if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
             if (substr($ops['operation'], 0, 7) != 'create_' and $ops['operation'] != 'edit_permission' and $ops['operation'] != 'edit_leanring_progress') {
                 $list_role[] = $lng->txt('info_owner_of_object');
             }
         }
         // get operations on object for each assigned role to user
         foreach ($this->assigned_valid_roles as $role) {
             if (in_array($ops['ops_id'], $role['ops'])) {
                 $list_role[] = $role['translation'];
             }
         }
         if (empty($list_role)) {
             $roles_formatted = $lng->txt('none');
         } else {
             $roles_formatted = implode("<br/>", $list_role);
         }
         $result_set[$counter][] = $roles_formatted;
         ++$counter;
     }
     return $this->__showPermissionsTable($result_set);
 }
Exemplo n.º 13
0
 function getRolesData()
 {
     global $rbacsystem, $rbacreview, $tree;
     // first get all roles in
     $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
     // filter roles
     $_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
     // set default filter (all roles) if no filter is set
     if ($_SESSION['perm_filtered_roles'] == 0) {
         if ($tree->checkForParentType($this->gui_obj->object->getRefId(), 'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(), 'grp')) {
             $_SESSION['perm_filtered_roles'] = 3;
         } else {
             $_SESSION['perm_filtered_roles'] = 1;
         }
     }
     // remove filtered roles from array
     $roles = $this->__filterRoles($roles, $_SESSION["perm_filtered_roles"]);
     // determine status of each role (local role, changed policy, protected)
     $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
     $local_roles = array();
     if (!empty($role_folder)) {
         $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
     }
     foreach ($roles as $key => $role) {
         // exclude system admin role from list
         if ($role["obj_id"] == SYSTEM_ROLE_ID) {
             unset($roles[$key]);
             continue;
         }
         $this->roles[$role['obj_id']] = $role;
         // don't allow local policies for protected roles
         $this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'], $role['obj_id']);
         if (!in_array($role["obj_id"], $local_roles)) {
             $this->roles[$role['obj_id']]['local_policy_enabled'] = false;
             $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
         } else {
             // no checkbox for local roles
             if ($rbacreview->isAssignable($role["obj_id"], $role_folder["ref_id"])) {
                 $this->roles[$role['obj_id']]['local_policy_allowed'] = false;
             } else {
                 $this->roles[$role['obj_id']]['local_policy_enabled'] = true;
                 $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
             }
         }
         // compute permission settings for each role
         $grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
         foreach ($grouped_ops as $ops_group => $ops_data) {
             foreach ($ops_data as $key => $operation) {
                 $grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
             }
         }
         $this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
         unset($grouped_ops);
     }
 }
Exemplo n.º 14
0
 /**
  * display permissions
  * 
  * @access	public
  */
 function permObject()
 {
     global $rbacadmin, $rbacreview, $rbacsystem, $objDefinition, $ilSetting;
     if (!$rbacsystem->checkAccess('write', $this->rolf_ref_id)) {
         $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->WARNING);
         exit;
     }
     $to_filter = $objDefinition->getSubobjectsToFilter();
     $tpl_filter = array();
     $internal_tpl = false;
     if ($internal_tpl = $this->object->isInternalTemplate()) {
         $tpl_filter = $this->object->getFilterOfInternalTemplate();
     }
     $op_order = array();
     foreach (ilRbacReview::_getOperationList() as $op) {
         $op_order[$op["ops_id"]] = $op["order"];
     }
     $operation_info = $rbacreview->getOperationAssignment();
     foreach ($operation_info as $info) {
         if ($objDefinition->getDevMode($info['type'])) {
             continue;
         }
         // FILTER SUBOJECTS OF adm OBJECT
         if (in_array($info['type'], $to_filter)) {
             continue;
         }
         if ($internal_tpl and $tpl_filter and !in_array($info['type'], $tpl_filter)) {
             continue;
         }
         $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'], "type" => $info['type']);
         $txt = $objDefinition->isPlugin($info['type']) ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type'] . "_" . $info['operation']) : $this->lng->txt($info['type'] . "_" . $info['operation']);
         if (substr($info['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($info['operation'], 7))) {
             $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type'] . "_" . $info['operation']);
         } elseif (substr($info['operation'], 0, 6) == 'create') {
             $txt = $this->lng->txt('rbac_' . $info['operation']);
         }
         $order = $op_order[$info['ops_id']];
         if (substr($info['operation'], 0, 6) == 'create') {
             $order = $objDefinition->getPositionByType($info['type']);
         }
         $rbac_operations[$info['typ_id']][$info['ops_id']] = array("ops_id" => $info['ops_id'], "title" => $info['operation'], "name" => $txt, "order" => $order);
     }
     foreach ($rbac_objects as $key => $obj_data) {
         if ($objDefinition->isPlugin($obj_data["type"])) {
             $rbac_objects[$key]["name"] = ilPlugin::lookupTxt("rep_robj", $obj_data["type"], "obj_" . $obj_data["type"]);
         } else {
             $rbac_objects[$key]["name"] = $this->lng->txt("obj_" . $obj_data["type"]);
         }
         $rbac_objects[$key]["ops"] = $rbac_operations[$key];
     }
     sort($rbac_objects);
     foreach ($rbac_objects as $key => $obj_data) {
         sort($rbac_objects[$key]["ops"]);
     }
     // sort by (translated) name of object type
     $rbac_objects = ilUtil::sortArray($rbac_objects, "name", "asc");
     // BEGIN CHECK_PERM
     foreach ($rbac_objects as $key => $obj_data) {
         $arr_selected = $rbacreview->getOperationsOfRole($this->object->getId(), $obj_data["type"], $this->rolf_ref_id);
         $arr_checked = array_intersect($arr_selected, array_keys($rbac_operations[$obj_data["obj_id"]]));
         foreach ($rbac_operations[$obj_data["obj_id"]] as $operation) {
             $checked = in_array($operation["ops_id"], $arr_checked);
             $disabled = false;
             // Es wird eine 2-dim Post Variable �bergeben: perm[rol_id][ops_id]
             $box = ilUtil::formCheckBox($checked, "template_perm[" . $obj_data["type"] . "][]", $operation["ops_id"], $disabled);
             $output["perm"][$obj_data["obj_id"]][$operation["ops_id"]] = $box;
         }
     }
     // END CHECK_PERM
     $output["col_anz"] = count($rbac_objects);
     $output["txt_save"] = $this->lng->txt("save");
     $output["check_protected"] = ilUtil::formCheckBox($rbacreview->isProtected($this->rolf_ref_id, $this->object->getId()), "protected", 1);
     $output["text_protected"] = $this->lng->txt("role_protect_permissions");
     /************************************/
     /*		adopt permissions form		*/
     /************************************/
     $output["message_middle"] = $this->lng->txt("adopt_perm_from_template");
     // send message for system role
     if ($this->object->getId() == SYSTEM_ROLE_ID) {
         $output["adopt"] = array();
         ilUtil::sendFailure($this->lng->txt("msg_sysrole_not_editable"));
     } else {
         // BEGIN ADOPT_PERMISSIONS
         $parent_role_ids = $rbacreview->getParentRoleIds($this->rolf_ref_id, true);
         // sort output for correct color changing
         ksort($parent_role_ids);
         foreach ($parent_role_ids as $key => $par) {
             if ($par["obj_id"] != SYSTEM_ROLE_ID) {
                 $radio = ilUtil::formRadioButton(0, "adopt", $par["obj_id"]);
                 $output["adopt"][$key]["css_row_adopt"] = ilUtil::switchColor($key, "tblrow1", "tblrow2");
                 $output["adopt"][$key]["check_adopt"] = $radio;
                 $output["adopt"][$key]["type"] = $par["type"] == 'role' ? 'Role' : 'Template';
                 $output["adopt"][$key]["role_name"] = $par["title"];
             }
         }
         $output["formaction_adopt"] = $this->ctrl->getFormAction($this);
         // END ADOPT_PERMISSIONS
     }
     $output["formaction"] = $this->ctrl->getFormAction($this);
     $this->data = $output;
     /************************************/
     /*			generate output			*/
     /************************************/
     $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.adm_perm_role.html", "Services/AccessControl");
     foreach ($rbac_objects as $obj_data) {
         // BEGIN object_operations
         $this->tpl->setCurrentBlock("object_operations");
         $obj_data["ops"] = ilUtil::sortArray($obj_data["ops"], 'order', 'asc', true, true);
         foreach ($obj_data["ops"] as $operation) {
             $ops_ids[] = $operation["ops_id"];
             $css_row = ilUtil::switchColor($key, "tblrow1", "tblrow2");
             $this->tpl->setVariable("CSS_ROW", $css_row);
             $this->tpl->setVariable("PERMISSION", $operation["name"]);
             $this->tpl->setVariable("CHECK_PERMISSION", $this->data["perm"][$obj_data["obj_id"]][$operation["ops_id"]]);
             $this->tpl->parseCurrentBlock();
         }
         // END object_operations
         // BEGIN object_type
         $this->tpl->setCurrentBlock("object_type");
         $this->tpl->setVariable("TXT_OBJ_TYPE", $obj_data["name"]);
         // TODO: move this if in a function and query all objects that may be disabled or inactive
         if ($this->objDefinition->getDevMode($obj_data["type"])) {
             $this->tpl->setVariable("TXT_NOT_IMPL", "(" . $this->lng->txt("not_implemented_yet") . ")");
         } else {
             if ($obj_data["type"] == "icrs" and !$this->ilias->getSetting("ilinc_active")) {
                 $this->tpl->setVariable("TXT_NOT_IMPL", "(" . $this->lng->txt("not_enabled_or_configured") . ")");
             }
         }
         // js checkbox toggles
         $this->tpl->setVariable("JS_VARNAME", "template_perm_" . $obj_data["type"]);
         $this->tpl->setVariable("JS_ONCLICK", ilUtil::array_php2js($ops_ids));
         $this->tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all"));
         $this->tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all"));
         $this->tpl->parseCurrentBlock();
         // END object_type
     }
     /* 
     // BEGIN ADOPT PERMISSIONS
     foreach ($this->data["adopt"] as $key => $value)
     {			
     	$this->tpl->setCurrentBlock("ADOPT_PERM_ROW");
     	$this->tpl->setVariable("CSS_ROW_ADOPT",$value["css_row_adopt"]);
     	$this->tpl->setVariable("CHECK_ADOPT",$value["check_adopt"]);
     	$this->tpl->setVariable("TYPE",$value["type"]);
     	$this->tpl->setVariable("ROLE_NAME",$value["role_name"]);
     	$this->tpl->parseCurrentBlock();
     }
     
     $this->tpl->setCurrentBlock("ADOPT_PERM_FORM");
     $this->tpl->setVariable("MESSAGE_MIDDLE",$this->data["message_middle"]);
     $this->tpl->setVariable("FORMACTION_ADOPT",$this->data["formaction_adopt"]);
     $this->tpl->setVariable("ADOPT",$this->lng->txt('copy'));
     $this->tpl->parseCurrentBlock();
     // END ADOPT PERMISSIONS 		
     */
     $this->tpl->setCurrentBlock("tblfooter_protected");
     $this->tpl->setVariable("COL_ANZ", 3);
     $this->tpl->setVariable("CHECK_BOTTOM", $this->data["check_protected"]);
     $this->tpl->setVariable("MESSAGE_TABLE", $this->data["text_protected"]);
     $this->tpl->parseCurrentBlock();
     $this->tpl->setVariable("COL_ANZ_PLUS", 4);
     $this->tpl->setVariable("TXT_SAVE", $this->data["txt_save"]);
     $this->tpl->setCurrentBlock("adm_content");
     $this->tpl->setVariable("TBL_TITLE_IMG", ilUtil::getImagePath("icon_" . $this->object->getType() . ".svg"));
     $this->tpl->setVariable("TBL_TITLE_IMG_ALT", $this->lng->txt($this->object->getType()));
     // compute additional information in title
     if (substr($this->object->getTitle(), 0, 3) == "il_") {
         $desc = $this->lng->txt("predefined_template");
         //$this->lng->txt("obj_".$parent_node['type'])." (".$parent_node['obj_id'].") : ".$parent_node['title'];
     }
     $description = "<br/>&nbsp;<span class=\"small\">" . $desc . "</span>";
     // translation for autogenerated roles
     if (substr($this->object->getTitle(), 0, 3) == "il_") {
         include_once './Services/AccessControl/classes/class.ilObjRole.php';
         $title = ilObjRole::_getTranslation($this->object->getTitle()) . " (" . $this->object->getTitle() . ")";
     } else {
         $title = $this->object->getTitle();
     }
     $this->tpl->setVariable("TBL_TITLE", $title . $description);
     $this->tpl->setVariable("TXT_PERMISSION", $this->data["txt_permission"]);
     $this->tpl->setVariable("FORMACTION", $this->data["formaction"]);
     $this->tpl->parseCurrentBlock();
 }
 function __appendOperations($a_ref_id, $a_type)
 {
     global $ilAccess, $rbacreview, $objDefinition;
     if ($this->enabledOperations()) {
         $ops = $rbacreview->getOperationsOnTypeString($a_type);
         if (is_array($ops)) {
             foreach ($ops as $ops_id) {
                 $operation = $rbacreview->getOperation($ops_id);
                 if (count($operation) && $ilAccess->checkAccessOfUser($this->getUserId(), $operation['operation'], 'view', $a_ref_id)) {
                     $this->xmlElement('Operation', null, $operation['operation']);
                 }
             }
         }
         // Create operations
         // Get creatable objects
         $objects = $objDefinition->getCreatableSubObjects($a_type);
         $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
         $creation_operations = array();
         foreach ($objects as $type => $info) {
             $ops_id = $ops_ids[$type];
             if (!$ops_id) {
                 continue;
             }
             $operation = $rbacreview->getOperation($ops_id);
             if (count($operation) && $ilAccess->checkAccessOfUser($this->getUserId(), $operation['operation'], 'view', $a_ref_id)) {
                 $this->xmlElement('Operation', null, $operation['operation']);
             }
         }
     }
     return true;
 }
Exemplo n.º 16
0
    $tree = new ilTree(ROOT_FOLDER_ID);
    $tree->insertNode($ref_id, $chatfolder_ref_id);
    $rolf_obj_id = $ilDB->nextId('object_data');
    // Create role folder
    $ilDB->manipulateF("INSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($rolf_obj_id, "rolf", $obj_id, "(ref_id " . $ref_id . ")", -1, ilUtil::now(), ilUtil::now()));
    $rolf_ref_id = $ilDB->nextId('object_reference');
    // Create reference
    $ilDB->manipulateF("INSERT INTO object_reference (ref_id, obj_id) VALUES (%s, %s)", array('integer', 'integer'), array($rolf_ref_id, $rolf_obj_id));
    // put in tree
    $tree->insertNode($rolf_ref_id, $ref_id);
    $role_obj_id = $ilDB->nextId('object_data');
    // Create role
    $ilDB->manipulateF("INSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($role_obj_id, "role", "il_chat_moderator_" . $ref_id, "Moderator of chat obj_no." . $obj_id, -1, ilUtil::now(), ilUtil::now()));
    // Insert role_data
    $ilDB->manipulateF('INSERT INTO role_data (role_id) VALUES (%s)', array('integer'), array($role_obj_id));
    $permissions = ilRbacReview::_getOperationIdsByName(array('visible', 'read', 'moderate'));
    $rbacadmin = new ilRbacAdmin();
    $rbacadmin->grantPermission($role_obj_id, $permissions, $ref_id);
    $rbacadmin->assignRoleToFolder($role_obj_id, $rolf_ref_id);
    $id = $ilDB->nextId('chatroom_settings');
    $ilDB->insert('chatroom_settings', array('room_id' => array('integer', $id), 'object_id' => array('integer', $obj_id), 'room_type' => array('text', 'default'), 'allow_anonymous' => array('integer', 0), 'allow_custom_usernames' => array('integer', 0), 'enable_history' => array('integer', 0), 'restrict_history' => array('integer', 0), 'autogen_usernames' => array('text', 'Anonymous #'), 'allow_private_rooms' => array('integer', 1)));
    $settings = new ilSetting('chatroom');
    $settings->set('public_room_ref', $ref_id);
}
?>
<#3461>
<?php 
$chat_modetator_tpl_id = $ilDB->nextId('object_data');
$ilDB->manipulateF("\n\t\tINSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($chat_modetator_tpl_id, "rolt", "il_chat_moderator", "Moderator template for chat moderators", -1, ilUtil::now(), ilUtil::now()));
$query = 'SELECT ops_id FROM rbac_operations WHERE operation = ' . $ilDB->quote('moderate', 'text');
$rset = $ilDB->query($query);
 /**
  * display edit form
  * 
  * @access	public
  */
 function editObject()
 {
     global $rbacsystem, $rbacreview;
     if (!$rbacsystem->checkAccess("edit_permission", $_GET["ref_id"])) {
         $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
     }
     //prepare objectlist
     $this->data = array();
     $this->data["data"] = array();
     $this->data["ctrl"] = array();
     $this->data["cols"] = array("type", "operation", "description", "status");
     $ops_valid = $rbacreview->getOperationsOnType($this->obj_id);
     if ($ops_arr = ilRbacReview::_getOperationList('', $a_order, $a_direction)) {
         $options = array("e" => "enabled", "d" => "disabled");
         foreach ($ops_arr as $key => $ops) {
             // BEGIN ROW
             if (in_array($ops["ops_id"], $ops_valid)) {
                 $ops_status = 'e';
             } else {
                 $ops_status = 'd';
             }
             $obj = $ops["ops_id"];
             $ops_options = ilUtil::formSelect($ops_status, "id[{$obj}]", $options);
             //visible data part
             $this->data["data"][] = array("type" => "perm", "operation" => $ops["operation"], "description" => $ops["desc"], "status" => $ops_status, "status_html" => $ops_options, "obj_id" => $val["ops_id"]);
         }
     }
     //if typedata
     $this->maxcount = count($this->data["data"]);
     // sorting array
     $this->data["data"] = ilUtil::sortArray($this->data["data"], $_GET["sort_by"], $_GET["sort_order"]);
     // now compute control information
     foreach ($this->data["data"] as $key => $val) {
         $this->data["ctrl"][$key] = array("obj_id" => $val["obj_id"], "type" => $val["type"]);
         unset($this->data["data"][$key]["obj_id"]);
         $this->data["data"][$key]["status"] = $this->data["data"][$key]["status_html"];
         unset($this->data["data"][$key]["status_html"]);
     }
     // build table
     include_once "./Services/Table/classes/class.ilTableGUI.php";
     // load template for table
     $this->tpl->addBlockfile("ADM_CONTENT", "adm_content", "tpl.table.html");
     // load template for table content data
     $this->tpl->addBlockfile("TBL_CONTENT", "tbl_content", "tpl.obj_tbl_rows.html");
     $num = 0;
     $obj_str = $this->call_by_reference ? "" : "&obj_id=" . $this->obj_id;
     $this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=" . $this->ref_id . "{$obj_str}&cmd=save");
     // create table
     $tbl = new ilTableGUI();
     // title & header columns
     $tbl->setTitle($this->lng->txt("edit_operations") . " " . strtolower($this->lng->txt("of")) . " '" . $this->object->getTitle() . "'", "icon_" . $this->object->getType() . "_b.png", $this->lng->txt("obj_" . $this->object->getType()));
     $tbl->setHelp("tbl_help.php", "icon_help.png", $this->lng->txt("help"));
     foreach ($this->data["cols"] as $val) {
         $header_names[] = $this->lng->txt($val);
     }
     $tbl->setHeaderNames($header_names);
     $header_params = array("ref_id" => $this->ref_id, "obj_id" => $this->id, "cmd" => "edit");
     $tbl->setHeaderVars($this->data["cols"], $header_params);
     // control
     $tbl->setOrderColumn($_GET["sort_by"]);
     $tbl->setOrderDirection($_GET["sort_order"]);
     $tbl->setLimit(0);
     $tbl->setOffset(0);
     $tbl->setMaxCount($this->maxcount);
     // SHOW VALID ACTIONS
     $this->tpl->setVariable("IMG_ARROW", ilUtil::getImagePath("arrow_downright.png"));
     $this->tpl->setVariable("COLUMN_COUNTS", count($this->data["cols"]));
     // footer
     $tbl->setFooter("tblfooter", $this->lng->txt("previous"), $this->lng->txt("next"));
     //$tbl->disable("footer");
     // render table
     $tbl->render();
     if (is_array($this->data["data"][0])) {
         //table cell
         for ($i = 0; $i < count($this->data["data"]); $i++) {
             $data = $this->data["data"][$i];
             $ctrl = $this->data["ctrl"][$i];
             // color changing
             $css_row = ilUtil::switchColor($i + 1, "tblrow1", "tblrow2");
             $this->tpl->setCurrentBlock("table_cell");
             $this->tpl->setVariable("CELLSTYLE", "tblrow1");
             $this->tpl->parseCurrentBlock();
             foreach ($data as $key => $val) {
                 $this->tpl->setCurrentBlock("text");
                 if ($key == "type") {
                     $val = ilUtil::getImageTagByType($val, $this->tpl->tplPath);
                 }
                 $this->tpl->setVariable("TEXT_CONTENT", $val);
                 $this->tpl->parseCurrentBlock();
                 $this->tpl->setCurrentBlock("table_cell");
                 $this->tpl->parseCurrentBlock();
             }
             //foreach
             $this->tpl->setVariable("BTN_VALUE", $this->lng->txt("save"));
             $this->tpl->setCurrentBlock("tbl_content");
             $this->tpl->setVariable("CSS_ROW", $css_row);
             $this->tpl->parseCurrentBlock();
         }
         //for
     }
     //if is_array
 }
Exemplo n.º 18
0
 /**
  * Save permissions
  * @return 
  */
 protected function savePermissions()
 {
     global $rbacreview, $objDefinition, $rbacadmin;
     include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
     $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
     $roles = $this->applyRoleFilter($rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()), $table->getFilterItemByPostVar('role')->getValue());
     // Log history
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
     # all possible create permissions
     $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass($this->getCurrentObject()->getType(), 'create');
     # createable (activated) create permissions
     $create_types = $objDefinition->getCreatableSubObjects($this->getCurrentObject()->getType());
     $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
     foreach ((array) $roles as $role => $role_data) {
         if ($role_data['protected']) {
             continue;
         }
         $new_ops = array_keys((array) $_POST['perm'][$role]);
         $old_ops = $rbacreview->getRoleOperationsOnObject($role, $this->getCurrentObject()->getRefId());
         // Add operations which were enabled and are not activated.
         foreach ($possible_ops_ids as $create_ops_id) {
             if (in_array($create_ops_id, $createable_ops_ids)) {
                 continue;
             }
             if (in_array($create_ops_id, $old_ops)) {
                 $new_ops[] = $create_ops_id;
             }
         }
         $rbacadmin->revokePermission($this->getCurrentObject()->getRefId(), $role);
         $rbacadmin->grantPermission($role, array_unique($new_ops), $this->getCurrentObject()->getRefId());
     }
     // Handle local policies.
     $rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
     $relevant_roles = array_intersect($rbacreview->getRolesOfRoleFolder($rolf_id), array_keys($roles));
     if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
         foreach ($roles as $role) {
             // No action for local roles
             if ($role['parent'] == $rolf_id and $role['assign'] == 'y') {
                 continue;
             }
             // Nothing for protected roles
             if ($role['protected']) {
                 continue;
             }
             // Stop local policy
             if ($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']])) {
                 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
                 $role_obj->setParent($rolf_id);
                 $role_obj->delete();
                 continue;
             }
             // Add local policy
             if ($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']])) {
                 $rbacadmin->copyRoleTemplatePermissions($role['obj_id'], $role['parent'], $rolf_id, $role['obj_id']);
                 $rbacadmin->assignRoleToFolder($role['obj_id'], $rolf_id, 'n');
             }
         }
     }
     // Protect permissions
     if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
         foreach ($roles as $role) {
             if ($rbacreview->isAssignable($role['obj_id'], $rolf_id)) {
                 if (isset($_POST['protect'][$role['obj_id']]) and !$rbacreview->isProtected($rolf_id, $role['obj_id'])) {
                     $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
                 } elseif (!isset($_POST['protect'][$role['obj_id']]) and $rbacreview->isProtected($rolf_id, $role['obj_id'])) {
                     $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
                 }
             }
         }
     }
     $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
     $log = ilRbacLog::diffFaPa($log_old, $log_new);
     ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
     if (count((array) $_POST['block'])) {
         return $this->showConfirmBlockRole(array_keys($_POST['block']));
     }
     ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
     #$this->ctrl->redirect($this,'perm');
     $this->perm();
 }
Exemplo n.º 19
0
 /**
  * get operation id by name of operation
  * @access	public
  * @access	static
  * @param	string	operation name
  * @return	integer	operation id
  * @todo refactor rolf => DONE
  */
 public static function _getOperationIdByName($a_operation)
 {
     global $ilDB, $ilErr;
     if (!isset($a_operation)) {
         $message = "perm::getOperationId(): No operation given!";
         $ilErr->raiseError($message, $ilErr->WARNING);
     }
     // Cache operation ids
     if (!is_array(self::$_opsCache)) {
         self::$_opsCache = array();
         $q = "SELECT ops_id, operation FROM rbac_operations";
         $r = $ilDB->query($q);
         while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT)) {
             self::$_opsCache[$row->operation] = $row->ops_id;
         }
     }
     // Get operation ID by name from cache
     if (array_key_exists($a_operation, self::$_opsCache)) {
         return self::$_opsCache[$a_operation];
     }
     return null;
 }
 /**
  * Parse 
  * @return 
  */
 public function parse()
 {
     global $rbacreview, $objDefinition;
     $this->initColumns();
     $perms = array();
     $roles = array();
     if (!count($this->getVisibleRoles())) {
         return $this->setData(array());
     }
     // Read operations of role
     $operations = array();
     foreach ($this->getVisibleRoles() as $role_data) {
         $operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
     }
     $counter = 0;
     // Local policy
     if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
         $roles = array();
         $local_roles = $rbacreview->getRolesOfObject($this->getRefId());
         foreach ($this->getVisibleRoles() as $role_id => $role_data) {
             $roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'local_policy' => in_array($role_data['obj_id'], $local_roles), 'isLocal' => $this->getRefId() == $role_data['parent'] && $role_data['assign'] == 'y');
         }
         $perms[$counter]['roles'] = $roles;
         $perms[$counter]['show_local_policy_row'] = 1;
         $counter++;
     }
     // Protect permissions
     if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
         $roles = array();
         foreach ($this->getVisibleRoles() as $role_id => $role_data) {
             $roles[$role_data['obj_id']] = array('protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'], $this->getRefId()), 'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id']));
         }
         $perms[$counter]['roles'] = $roles;
         $perms[$counter]['show_protected_row'] = 1;
         $counter++;
     }
     // Block role
     if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
         $perms[$counter++]['show_block_row'] = 1;
     }
     if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
         $perms[$counter++]['show_start_info'] = true;
     }
     // no creation permissions
     $no_creation_operations = array();
     foreach ($rbacreview->getOperationsByTypeAndClass($this->getObjType(), 'object') as $operation) {
         $this->addActiveOperation($operation);
         $no_creation_operations[] = $operation;
         $roles = array();
         foreach ($this->getVisibleRoles() as $role_data) {
             $roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'permission_set' => in_array($operation, (array) $operations[$role_data['obj_id']]));
         }
         $op = $rbacreview->getOperation($operation);
         $perms[$counter]['roles'] = $roles;
         $perms[$counter]['perm'] = $op;
         $counter++;
     }
     /*
      * Select all
      */
     if ($no_creation_operations) {
         $perms[$counter]['show_select_all'] = 1;
         $perms[$counter]['ops'] = $no_creation_operations;
         $perms[$counter]['subtype'] = 'nocreation';
         $counter++;
     }
     if ($objDefinition->isContainer($this->getObjType())) {
         $perms[$counter++]['show_create_info'] = true;
     }
     // Get creatable objects
     $objects = $objDefinition->getCreatableSubObjects($this->getObjType());
     $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
     $creation_operations = array();
     foreach ($objects as $type => $info) {
         $ops_id = $ops_ids[$type];
         if (!$ops_id) {
             continue;
         }
         $this->addActiveOperation($ops_id);
         $creation_operations[] = $ops_id;
         $roles = array();
         foreach ($this->getVisibleRoles() as $role_data) {
             $roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'permission_set' => in_array($ops_id, (array) $operations[$role_data['obj_id']]));
         }
         $op = $rbacreview->getOperation($ops_id);
         $perms[$counter]['roles'] = $roles;
         $perms[$counter]['perm'] = $op;
         $counter++;
     }
     // Select all
     if (count($creation_operations)) {
         $perms[$counter]['show_select_all'] = 1;
         $perms[$counter]['ops'] = $creation_operations;
         $perms[$counter]['subtype'] = 'creation';
         $counter++;
     }
     $this->setData($perms);
 }
 /**
  * Check permissions
  */
 protected function checkPermission()
 {
     $allowed_roles = ilCertificateConfig::get('roles_administrate_certificate_types');
     return $this->rbac->isAssignedToAtLeastOneGivenRole($this->user->getId(), json_decode($allowed_roles, true));
 }
 /**
  * Update properties
  */
 public function updateProperties()
 {
     global $tpl, $lng, $ilCtrl, $ScormCloudService;
     if ($_FILES["scormcloudfile"]["name"]) {
         // First, process SCORM Cloud upload
         if ($_FILES["scormcloudfile"]["error"] > 0) {
             error_log("Error: " . $_FILES["scormcloudfile"]["error"]);
         } else {
             $id = $this->object->getId();
             if ($this->isPackageImportedInScormCloud()) {
                 $mode = "update";
             } else {
                 $mode = "new";
             }
             $courseService = $ScormCloudService->getCourseService();
             $uploadService = $ScormCloudService->getUploadService();
             $courseId = $id;
             // Where the file is going to be placed
             $target_path = "uploads/";
             $target_path = $_FILES["scormcloudfile"]["tmp_name"] . '.zip';
             $tempFile = $_FILES["scormcloudfile"]["tmp_name"];
             move_uploaded_file($_FILES['scormcloudfile']['tmp_name'], $target_path);
             $absoluteFilePathToZip = $target_path;
             try {
                 //now upload the file and save the resulting location
                 $location = $uploadService->UploadFile($absoluteFilePathToZip, null);
                 if ($mode == 'update') {
                     //version the uploaded course
                     $ir = $courseService->VersionUploadedCourse($courseId, $location, null);
                 } else {
                     //import the uploaded course
                     $ir = $courseService->ImportUploadedCourse($courseId, $location, null);
                 }
             } catch (Exception $e) {
                 // unlink deletes file
                 unlink($absoluteFilePathToZip);
                 throw $e;
             }
             // unlink deletes uploaded file
             unlink($absoluteFilePathToZip);
             //TODO: Expose and view import result object
             // if ($ir->getWasSuccessful())
             // {
             // 	$this->object->setTitle($ir->getTitle());
             // 	$this->object->update();
             //
             // }
             // Don't have $ir now... so by virtue of it existing in this next call we'll call it good
             if ($this->isPackageImportedInScormCloud()) {
                 $allResults = $courseService->GetCourseList();
                 $xmlstring = '';
                 $courseTitle = '';
                 foreach ($allResults as $course) {
                     if ($course->getCourseId() == $this->object->getId()) {
                         $courseTitle = $course->getTitle();
                         $versionCount = $course->getNumberOfVersions();
                         $xmlstring = $courseService->GetMetadata($courseId, $versionCount - 1, 0, 'xml');
                         error_log("xmlString : " . $xmlstring);
                         $this->object->setTitle($courseTitle);
                         $this->object->setExistsOnCloud(true);
                         $this->object->setVersion($versionCount);
                         $this->object->update();
                         //$this->object->refreshMetaData();
                         break;
                     }
                 }
                 // Here's where we set the default permissions.  Here's a spot where we have a good
                 // refId so use it to set the initial permissions.
                 if ($mode == "new") {
                     // Looks like a good spot to modify permissions since the object has been created
                     global $rbacadmin, $rbacreview;
                     $user_role_id = 4;
                     $guest_role_id = 5;
                     $ref_id = $this->object->getRefId();
                     $rbacadmin->grantPermission($guest_role_id, ilRbacReview::_getOperationIdsByName(array("visible")), $ref_id);
                     $rbacadmin->grantPermission($user_role_id, ilRbacReview::_getOperationIdsByName(array("visible", "read")), $ref_id);
                 }
             }
         }
     }
     $this->initPropertiesForm();
     if ($this->form->checkInput()) {
         //$this->object->setTitle($this->form->getInput("title"));
         $this->object->setDescription($this->form->getInput("desc"));
         $this->object->setOnline($this->form->getInput("online"));
         $this->object->setLearnersSeeRptDetails($this->form->getInput("learners_see_rpt_details"));
         $this->object->update();
         ilUtil::sendSuccess($lng->txt("msg_obj_modified"), true);
         $ilCtrl->redirect($this, "editProperties");
     }
     $this->form->setValuesByPost();
     $tpl->setContent($this->form->getHtml());
 }