/**
  * Parse permissions
  * @return 
  */
 public function parse()
 {
     global $rbacreview, $objDefinition;
     $operations = $this->getPermissions($this->getTemplateType());
     // Object permissions
     $rows = array();
     foreach ($rbacreview->getOperationsByTypeAndClass($this->getTemplateType(), 'object') as $ops_id) {
         $operations = $this->getPermissions($this->getTemplateType());
         $operation = $rbacreview->getOperation($ops_id);
         $perm['ops_id'] = $ops_id;
         $perm['set'] = (in_array($ops_id, $operations) or $this->getRoleId() == SYSTEM_ROLE_ID);
         $perm['name'] = $operation['operation'];
         $rows[] = $perm;
     }
     // Get creatable objects
     $objects = $objDefinition->getCreatableSubObjects($this->getTemplateType());
     $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
     foreach ($objects as $type => $info) {
         $ops_id = $ops_ids[$type];
         if (!$ops_id) {
             continue;
         }
         $perm['ops_id'] = $ops_id;
         $perm['set'] = (in_array($ops_id, $operations) or $this->getRoleId() == SYSTEM_ROLE_ID);
         $perm['name'] = 'create_' . $info['name'];
         $perm['create_type'] = $info['name'];
         $rows[] = $perm;
     }
     if (!$this->show_admin_permissions) {
         $rows[] = array('show_ce' => 1);
     }
     $this->setData($rows);
 }
 /**
  * Parse 
  * @return 
  */
 public function parse()
 {
     global $rbacreview, $objDefinition;
     $this->initColumns();
     $perms = array();
     $roles = array();
     if (!count($this->getVisibleRoles())) {
         return $this->setData(array());
     }
     // Read operations of role
     $operations = array();
     foreach ($this->getVisibleRoles() as $role_data) {
         $operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
     }
     $counter = 0;
     // Local policy
     if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
         $roles = array();
         $local_roles = $rbacreview->getRolesOfObject($this->getRefId());
         foreach ($this->getVisibleRoles() as $role_id => $role_data) {
             $roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'local_policy' => in_array($role_data['obj_id'], $local_roles), 'isLocal' => $this->getRefId() == $role_data['parent'] && $role_data['assign'] == 'y');
         }
         $perms[$counter]['roles'] = $roles;
         $perms[$counter]['show_local_policy_row'] = 1;
         $counter++;
     }
     // Protect permissions
     if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
         $roles = array();
         foreach ($this->getVisibleRoles() as $role_id => $role_data) {
             $roles[$role_data['obj_id']] = array('protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'], $this->getRefId()), 'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id']));
         }
         $perms[$counter]['roles'] = $roles;
         $perms[$counter]['show_protected_row'] = 1;
         $counter++;
     }
     // Block role
     if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
         $perms[$counter++]['show_block_row'] = 1;
     }
     if (ilPermissionGUI::hasContainerCommands($this->getObjType())) {
         $perms[$counter++]['show_start_info'] = true;
     }
     // no creation permissions
     $no_creation_operations = array();
     foreach ($rbacreview->getOperationsByTypeAndClass($this->getObjType(), 'object') as $operation) {
         $this->addActiveOperation($operation);
         $no_creation_operations[] = $operation;
         $roles = array();
         foreach ($this->getVisibleRoles() as $role_data) {
             $roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'permission_set' => in_array($operation, (array) $operations[$role_data['obj_id']]));
         }
         $op = $rbacreview->getOperation($operation);
         $perms[$counter]['roles'] = $roles;
         $perms[$counter]['perm'] = $op;
         $counter++;
     }
     /*
      * Select all
      */
     if ($no_creation_operations) {
         $perms[$counter]['show_select_all'] = 1;
         $perms[$counter]['ops'] = $no_creation_operations;
         $perms[$counter]['subtype'] = 'nocreation';
         $counter++;
     }
     if ($objDefinition->isContainer($this->getObjType())) {
         $perms[$counter++]['show_create_info'] = true;
     }
     // Get creatable objects
     $objects = $objDefinition->getCreatableSubObjects($this->getObjType());
     $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
     $creation_operations = array();
     foreach ($objects as $type => $info) {
         $ops_id = $ops_ids[$type];
         if (!$ops_id) {
             continue;
         }
         $this->addActiveOperation($ops_id);
         $creation_operations[] = $ops_id;
         $roles = array();
         foreach ($this->getVisibleRoles() as $role_data) {
             $roles[$role_data['obj_id']] = array('protected' => $role_data['protected'], 'permission_set' => in_array($ops_id, (array) $operations[$role_data['obj_id']]));
         }
         $op = $rbacreview->getOperation($ops_id);
         $perms[$counter]['roles'] = $roles;
         $perms[$counter]['perm'] = $op;
         $counter++;
     }
     // Select all
     if (count($creation_operations)) {
         $perms[$counter]['show_select_all'] = 1;
         $perms[$counter]['ops'] = $creation_operations;
         $perms[$counter]['subtype'] = 'creation';
         $counter++;
     }
     $this->setData($perms);
 }
 function __appendOperations($a_ref_id, $a_type)
 {
     global $ilAccess, $rbacreview, $objDefinition;
     if ($this->enabledOperations()) {
         $ops = $rbacreview->getOperationsOnTypeString($a_type);
         if (is_array($ops)) {
             foreach ($ops as $ops_id) {
                 $operation = $rbacreview->getOperation($ops_id);
                 if (count($operation) && $ilAccess->checkAccessOfUser($this->getUserId(), $operation['operation'], 'view', $a_ref_id)) {
                     $this->xmlElement('Operation', null, $operation['operation']);
                 }
             }
         }
         // Create operations
         // Get creatable objects
         $objects = $objDefinition->getCreatableSubObjects($a_type);
         $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
         $creation_operations = array();
         foreach ($objects as $type => $info) {
             $ops_id = $ops_ids[$type];
             if (!$ops_id) {
                 continue;
             }
             $operation = $rbacreview->getOperation($ops_id);
             if (count($operation) && $ilAccess->checkAccessOfUser($this->getUserId(), $operation['operation'], 'view', $a_ref_id)) {
                 $this->xmlElement('Operation', null, $operation['operation']);
             }
         }
     }
     return true;
 }
 /**
  * Save permissions
  * @return 
  */
 protected function savePermissions()
 {
     global $rbacreview, $objDefinition, $rbacadmin;
     include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
     $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
     $roles = $this->applyRoleFilter($rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()), $table->getFilterItemByPostVar('role')->getValue());
     // Log history
     include_once "Services/AccessControl/classes/class.ilRbacLog.php";
     $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
     # all possible create permissions
     $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass($this->getCurrentObject()->getType(), 'create');
     # createable (activated) create permissions
     $create_types = $objDefinition->getCreatableSubObjects($this->getCurrentObject()->getType());
     $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
     foreach ((array) $roles as $role => $role_data) {
         if ($role_data['protected']) {
             continue;
         }
         $new_ops = array_keys((array) $_POST['perm'][$role]);
         $old_ops = $rbacreview->getRoleOperationsOnObject($role, $this->getCurrentObject()->getRefId());
         // Add operations which were enabled and are not activated.
         foreach ($possible_ops_ids as $create_ops_id) {
             if (in_array($create_ops_id, $createable_ops_ids)) {
                 continue;
             }
             if (in_array($create_ops_id, $old_ops)) {
                 $new_ops[] = $create_ops_id;
             }
         }
         $rbacadmin->revokePermission($this->getCurrentObject()->getRefId(), $role);
         $rbacadmin->grantPermission($role, array_unique($new_ops), $this->getCurrentObject()->getRefId());
     }
     // Handle local policies.
     $rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
     $relevant_roles = array_intersect($rbacreview->getRolesOfRoleFolder($rolf_id), array_keys($roles));
     if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
         foreach ($roles as $role) {
             // No action for local roles
             if ($role['parent'] == $rolf_id and $role['assign'] == 'y') {
                 continue;
             }
             // Nothing for protected roles
             if ($role['protected']) {
                 continue;
             }
             // Stop local policy
             if ($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']])) {
                 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
                 $role_obj->setParent($rolf_id);
                 $role_obj->delete();
                 continue;
             }
             // Add local policy
             if ($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']])) {
                 $rbacadmin->copyRoleTemplatePermissions($role['obj_id'], $role['parent'], $rolf_id, $role['obj_id']);
                 $rbacadmin->assignRoleToFolder($role['obj_id'], $rolf_id, 'n');
             }
         }
     }
     // Protect permissions
     if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
         foreach ($roles as $role) {
             if ($rbacreview->isAssignable($role['obj_id'], $rolf_id)) {
                 if (isset($_POST['protect'][$role['obj_id']]) and !$rbacreview->isProtected($rolf_id, $role['obj_id'])) {
                     $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
                 } elseif (!isset($_POST['protect'][$role['obj_id']]) and $rbacreview->isProtected($rolf_id, $role['obj_id'])) {
                     $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
                 }
             }
         }
     }
     $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
     $log = ilRbacLog::diffFaPa($log_old, $log_new);
     ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
     if (count((array) $_POST['block'])) {
         return $this->showConfirmBlockRole(array_keys($_POST['block']));
     }
     ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
     #$this->ctrl->redirect($this,'perm');
     $this->perm();
 }