/** * display edit form * * @access public */ function editObject() { global $rbacsystem, $rbacreview; if (!$rbacsystem->checkAccess("edit_permission", $_GET["ref_id"])) { $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE); } //prepare objectlist $this->data = array(); $this->data["data"] = array(); $this->data["ctrl"] = array(); $this->data["cols"] = array("type", "operation", "description", "status"); $ops_valid = $rbacreview->getOperationsOnType($this->obj_id); if ($ops_arr = ilRbacReview::_getOperationList('', $a_order, $a_direction)) { $options = array("e" => "enabled", "d" => "disabled"); foreach ($ops_arr as $key => $ops) { // BEGIN ROW if (in_array($ops["ops_id"], $ops_valid)) { $ops_status = 'e'; } else { $ops_status = 'd'; } $obj = $ops["ops_id"]; $ops_options = ilUtil::formSelect($ops_status, "id[{$obj}]", $options); //visible data part $this->data["data"][] = array("type" => "perm", "operation" => $ops["operation"], "description" => $ops["desc"], "status" => $ops_status, "status_html" => $ops_options, "obj_id" => $val["ops_id"]); } } //if typedata $this->maxcount = count($this->data["data"]); // sorting array $this->data["data"] = ilUtil::sortArray($this->data["data"], $_GET["sort_by"], $_GET["sort_order"]); // now compute control information foreach ($this->data["data"] as $key => $val) { $this->data["ctrl"][$key] = array("obj_id" => $val["obj_id"], "type" => $val["type"]); unset($this->data["data"][$key]["obj_id"]); $this->data["data"][$key]["status"] = $this->data["data"][$key]["status_html"]; unset($this->data["data"][$key]["status_html"]); } // build table include_once "./Services/Table/classes/class.ilTableGUI.php"; // load template for table $this->tpl->addBlockfile("ADM_CONTENT", "adm_content", "tpl.table.html"); // load template for table content data $this->tpl->addBlockfile("TBL_CONTENT", "tbl_content", "tpl.obj_tbl_rows.html"); $num = 0; $obj_str = $this->call_by_reference ? "" : "&obj_id=" . $this->obj_id; $this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=" . $this->ref_id . "{$obj_str}&cmd=save"); // create table $tbl = new ilTableGUI(); // title & header columns $tbl->setTitle($this->lng->txt("edit_operations") . " " . strtolower($this->lng->txt("of")) . " '" . $this->object->getTitle() . "'", "icon_" . $this->object->getType() . "_b.png", $this->lng->txt("obj_" . $this->object->getType())); $tbl->setHelp("tbl_help.php", "icon_help.png", $this->lng->txt("help")); foreach ($this->data["cols"] as $val) { $header_names[] = $this->lng->txt($val); } $tbl->setHeaderNames($header_names); $header_params = array("ref_id" => $this->ref_id, "obj_id" => $this->id, "cmd" => "edit"); $tbl->setHeaderVars($this->data["cols"], $header_params); // control $tbl->setOrderColumn($_GET["sort_by"]); $tbl->setOrderDirection($_GET["sort_order"]); $tbl->setLimit(0); $tbl->setOffset(0); $tbl->setMaxCount($this->maxcount); // SHOW VALID ACTIONS $this->tpl->setVariable("IMG_ARROW", ilUtil::getImagePath("arrow_downright.png")); $this->tpl->setVariable("COLUMN_COUNTS", count($this->data["cols"])); // footer $tbl->setFooter("tblfooter", $this->lng->txt("previous"), $this->lng->txt("next")); //$tbl->disable("footer"); // render table $tbl->render(); if (is_array($this->data["data"][0])) { //table cell for ($i = 0; $i < count($this->data["data"]); $i++) { $data = $this->data["data"][$i]; $ctrl = $this->data["ctrl"][$i]; // color changing $css_row = ilUtil::switchColor($i + 1, "tblrow1", "tblrow2"); $this->tpl->setCurrentBlock("table_cell"); $this->tpl->setVariable("CELLSTYLE", "tblrow1"); $this->tpl->parseCurrentBlock(); foreach ($data as $key => $val) { $this->tpl->setCurrentBlock("text"); if ($key == "type") { $val = ilUtil::getImageTagByType($val, $this->tpl->tplPath); } $this->tpl->setVariable("TEXT_CONTENT", $val); $this->tpl->parseCurrentBlock(); $this->tpl->setCurrentBlock("table_cell"); $this->tpl->parseCurrentBlock(); } //foreach $this->tpl->setVariable("BTN_VALUE", $this->lng->txt("save")); $this->tpl->setCurrentBlock("tbl_content"); $this->tpl->setVariable("CSS_ROW", $css_row); $this->tpl->parseCurrentBlock(); } //for } //if is_array }
/** * Access Permissions Table Data * @return array */ function getAccessPermissionTableData() { global $ilAccess, $ilObjDataCache, $objDefinition; // get all possible operation of current object $ops_list = ilRbacReview::_getOperationList($this->object->getType()); $counter = 0; $result_set = array(); // check permissions of user foreach ($ops_list as $ops) { $access = $ilAccess->doRBACCheck($ops['operation'], "info", $this->object->getRefId(), $this->user->getId(), $this->object->getType()); $result_set[$counter]["img"] = $access ? self::IMG_OK : self::IMG_NOT_OK; if (substr($ops['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($ops['operation'], 7))) { $result_set[$counter]["operation"] = ilPlugin::lookupTxt("rep_robj", substr($ops['operation'], 7), 'rbac_' . $ops['operation']); } else { if ($objDefinition->isPlugin($this->object->getType())) { $result_set[$counter]["operation"] = ilPlugin::lookupTxt("rep_robj", $this->object->getType(), $this->object->getType() . "_" . $ops['operation']); } elseif (substr($ops['operation'], 0, 7) == 'create_') { $result_set[$counter]["operation"] = $this->lng->txt('rbac_' . $ops['operation']); } else { $result_set[$counter]["operation"] = $this->lng->txt($this->object->getType() . "_" . $ops['operation']); } } $list_role = ""; // Check ownership if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) { if (substr($ops['operation'], 0, 7) != 'create_' and $ops['operation'] != 'edit_permission' and $ops['operation'] != 'edit_leanring_progress') { $list_role[] = $this->lng->txt('info_owner_of_object'); } } // get operations on object for each assigned role to user foreach ($this->getAssignedValidRoles() as $role) { if (in_array($ops['ops_id'], $role['ops'])) { $list_role[] = $role['translation']; } } if (empty($list_role)) { $list_role[] = $this->lng->txt('none'); } $result_set[$counter]["role_ownership"] = $list_role; ++$counter; } return $result_set; }
function getRolesData() { global $rbacsystem, $rbacreview, $tree; // first get all roles in $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId()); // filter roles $_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles']; // set default filter (all roles) if no filter is set if ($_SESSION['perm_filtered_roles'] == 0) { if ($tree->checkForParentType($this->gui_obj->object->getRefId(), 'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(), 'grp')) { $_SESSION['perm_filtered_roles'] = 3; } else { $_SESSION['perm_filtered_roles'] = 1; } } // remove filtered roles from array $roles = $this->__filterRoles($roles, $_SESSION["perm_filtered_roles"]); // determine status of each role (local role, changed policy, protected) $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId()); $local_roles = array(); if (!empty($role_folder)) { $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]); } foreach ($roles as $key => $role) { // exclude system admin role from list if ($role["obj_id"] == SYSTEM_ROLE_ID) { unset($roles[$key]); continue; } $this->roles[$role['obj_id']] = $role; // don't allow local policies for protected roles $this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'], $role['obj_id']); if (!in_array($role["obj_id"], $local_roles)) { $this->roles[$role['obj_id']]['local_policy_enabled'] = false; $this->roles[$role['obj_id']]['local_policy_allowed'] = true; } else { // no checkbox for local roles if ($rbacreview->isAssignable($role["obj_id"], $role_folder["ref_id"])) { $this->roles[$role['obj_id']]['local_policy_allowed'] = false; } else { $this->roles[$role['obj_id']]['local_policy_enabled'] = true; $this->roles[$role['obj_id']]['local_policy_allowed'] = true; } } // compute permission settings for each role $grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType())); foreach ($grouped_ops as $ops_group => $ops_data) { foreach ($ops_data as $key => $operation) { $grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']); } } $this->roles[$role['obj_id']]['permissions'] = $grouped_ops; unset($grouped_ops); } }
function getPermissionInfo() { global $ilAccess, $lng, $rbacreview, $ilUser, $ilObjDataCache, $objDefinition; // icon handlers $icon_ok = "<img src=\"" . ilUtil::getImagePath("icon_ok.png") . "\" alt=\"" . $lng->txt("info_assigned") . "\" title=\"" . $lng->txt("info_assigned") . "\" border=\"0\" vspace=\"0\"/>"; $icon_not_ok = "<img src=\"" . ilUtil::getImagePath("icon_not_ok.png") . "\" alt=\"" . $lng->txt("info_not_assigned") . "\" title=\"" . $lng->txt("info_not_assigned") . "\" border=\"0\" vspace=\"0\"/>"; // get all possible operation of current object $ops_list = ilRbacReview::_getOperationList($this->object->getType()); $counter = 0; // check permissions of user foreach ($ops_list as $ops) { $access = $ilAccess->doRBACCheck($ops['operation'], "info", $this->object->getRefId(), $this->user->getId(), $this->object->getType()); $result_set[$counter][] = $access ? $icon_ok : $icon_not_ok; if (substr($ops['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($ops['operation'], 7))) { $result_set[$counter][] = ilPlugin::lookupTxt("rep_robj", substr($ops['operation'], 7), 'rbac_' . $ops['operation']); } else { if ($objDefinition->isPlugin($this->object->getType())) { $result_set[$counter][] = ilPlugin::lookupTxt("rep_robj", $this->object->getType(), $this->object->getType() . "_" . $ops['operation']); } elseif (substr($ops['operation'], 0, 7) == 'create_') { $result_set[$counter][] = $lng->txt('rbac_' . $ops['operation']); } else { $result_set[$counter][] = $lng->txt($this->object->getType() . "_" . $ops['operation']); } } $list_role = ""; // Check ownership if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) { if (substr($ops['operation'], 0, 7) != 'create_' and $ops['operation'] != 'edit_permission' and $ops['operation'] != 'edit_leanring_progress') { $list_role[] = $lng->txt('info_owner_of_object'); } } // get operations on object for each assigned role to user foreach ($this->assigned_valid_roles as $role) { if (in_array($ops['ops_id'], $role['ops'])) { $list_role[] = $role['translation']; } } if (empty($list_role)) { $roles_formatted = $lng->txt('none'); } else { $roles_formatted = implode("<br/>", $list_role); } $result_set[$counter][] = $roles_formatted; ++$counter; } return $this->__showPermissionsTable($result_set); }
/** * display permissions * * @access public */ function permObject() { global $rbacadmin, $rbacreview, $rbacsystem, $objDefinition, $ilSetting; if (!$rbacsystem->checkAccess('write', $this->rolf_ref_id)) { $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->WARNING); exit; } $to_filter = $objDefinition->getSubobjectsToFilter(); $tpl_filter = array(); $internal_tpl = false; if ($internal_tpl = $this->object->isInternalTemplate()) { $tpl_filter = $this->object->getFilterOfInternalTemplate(); } $op_order = array(); foreach (ilRbacReview::_getOperationList() as $op) { $op_order[$op["ops_id"]] = $op["order"]; } $operation_info = $rbacreview->getOperationAssignment(); foreach ($operation_info as $info) { if ($objDefinition->getDevMode($info['type'])) { continue; } // FILTER SUBOJECTS OF adm OBJECT if (in_array($info['type'], $to_filter)) { continue; } if ($internal_tpl and $tpl_filter and !in_array($info['type'], $tpl_filter)) { continue; } $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'], "type" => $info['type']); $txt = $objDefinition->isPlugin($info['type']) ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type'] . "_" . $info['operation']) : $this->lng->txt($info['type'] . "_" . $info['operation']); if (substr($info['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($info['operation'], 7))) { $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type'] . "_" . $info['operation']); } elseif (substr($info['operation'], 0, 6) == 'create') { $txt = $this->lng->txt('rbac_' . $info['operation']); } $order = $op_order[$info['ops_id']]; if (substr($info['operation'], 0, 6) == 'create') { $order = $objDefinition->getPositionByType($info['type']); } $rbac_operations[$info['typ_id']][$info['ops_id']] = array("ops_id" => $info['ops_id'], "title" => $info['operation'], "name" => $txt, "order" => $order); } foreach ($rbac_objects as $key => $obj_data) { if ($objDefinition->isPlugin($obj_data["type"])) { $rbac_objects[$key]["name"] = ilPlugin::lookupTxt("rep_robj", $obj_data["type"], "obj_" . $obj_data["type"]); } else { $rbac_objects[$key]["name"] = $this->lng->txt("obj_" . $obj_data["type"]); } $rbac_objects[$key]["ops"] = $rbac_operations[$key]; } sort($rbac_objects); foreach ($rbac_objects as $key => $obj_data) { sort($rbac_objects[$key]["ops"]); } // sort by (translated) name of object type $rbac_objects = ilUtil::sortArray($rbac_objects, "name", "asc"); // BEGIN CHECK_PERM foreach ($rbac_objects as $key => $obj_data) { $arr_selected = $rbacreview->getOperationsOfRole($this->object->getId(), $obj_data["type"], $this->rolf_ref_id); $arr_checked = array_intersect($arr_selected, array_keys($rbac_operations[$obj_data["obj_id"]])); foreach ($rbac_operations[$obj_data["obj_id"]] as $operation) { $checked = in_array($operation["ops_id"], $arr_checked); $disabled = false; // Es wird eine 2-dim Post Variable �bergeben: perm[rol_id][ops_id] $box = ilUtil::formCheckBox($checked, "template_perm[" . $obj_data["type"] . "][]", $operation["ops_id"], $disabled); $output["perm"][$obj_data["obj_id"]][$operation["ops_id"]] = $box; } } // END CHECK_PERM $output["col_anz"] = count($rbac_objects); $output["txt_save"] = $this->lng->txt("save"); $output["check_protected"] = ilUtil::formCheckBox($rbacreview->isProtected($this->rolf_ref_id, $this->object->getId()), "protected", 1); $output["text_protected"] = $this->lng->txt("role_protect_permissions"); /************************************/ /* adopt permissions form */ /************************************/ $output["message_middle"] = $this->lng->txt("adopt_perm_from_template"); // send message for system role if ($this->object->getId() == SYSTEM_ROLE_ID) { $output["adopt"] = array(); ilUtil::sendFailure($this->lng->txt("msg_sysrole_not_editable")); } else { // BEGIN ADOPT_PERMISSIONS $parent_role_ids = $rbacreview->getParentRoleIds($this->rolf_ref_id, true); // sort output for correct color changing ksort($parent_role_ids); foreach ($parent_role_ids as $key => $par) { if ($par["obj_id"] != SYSTEM_ROLE_ID) { $radio = ilUtil::formRadioButton(0, "adopt", $par["obj_id"]); $output["adopt"][$key]["css_row_adopt"] = ilUtil::switchColor($key, "tblrow1", "tblrow2"); $output["adopt"][$key]["check_adopt"] = $radio; $output["adopt"][$key]["type"] = $par["type"] == 'role' ? 'Role' : 'Template'; $output["adopt"][$key]["role_name"] = $par["title"]; } } $output["formaction_adopt"] = $this->ctrl->getFormAction($this); // END ADOPT_PERMISSIONS } $output["formaction"] = $this->ctrl->getFormAction($this); $this->data = $output; /************************************/ /* generate output */ /************************************/ $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.adm_perm_role.html", "Services/AccessControl"); foreach ($rbac_objects as $obj_data) { // BEGIN object_operations $this->tpl->setCurrentBlock("object_operations"); $obj_data["ops"] = ilUtil::sortArray($obj_data["ops"], 'order', 'asc', true, true); foreach ($obj_data["ops"] as $operation) { $ops_ids[] = $operation["ops_id"]; $css_row = ilUtil::switchColor($key, "tblrow1", "tblrow2"); $this->tpl->setVariable("CSS_ROW", $css_row); $this->tpl->setVariable("PERMISSION", $operation["name"]); $this->tpl->setVariable("CHECK_PERMISSION", $this->data["perm"][$obj_data["obj_id"]][$operation["ops_id"]]); $this->tpl->parseCurrentBlock(); } // END object_operations // BEGIN object_type $this->tpl->setCurrentBlock("object_type"); $this->tpl->setVariable("TXT_OBJ_TYPE", $obj_data["name"]); // TODO: move this if in a function and query all objects that may be disabled or inactive if ($this->objDefinition->getDevMode($obj_data["type"])) { $this->tpl->setVariable("TXT_NOT_IMPL", "(" . $this->lng->txt("not_implemented_yet") . ")"); } else { if ($obj_data["type"] == "icrs" and !$this->ilias->getSetting("ilinc_active")) { $this->tpl->setVariable("TXT_NOT_IMPL", "(" . $this->lng->txt("not_enabled_or_configured") . ")"); } } // js checkbox toggles $this->tpl->setVariable("JS_VARNAME", "template_perm_" . $obj_data["type"]); $this->tpl->setVariable("JS_ONCLICK", ilUtil::array_php2js($ops_ids)); $this->tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all")); $this->tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all")); $this->tpl->parseCurrentBlock(); // END object_type } /* // BEGIN ADOPT PERMISSIONS foreach ($this->data["adopt"] as $key => $value) { $this->tpl->setCurrentBlock("ADOPT_PERM_ROW"); $this->tpl->setVariable("CSS_ROW_ADOPT",$value["css_row_adopt"]); $this->tpl->setVariable("CHECK_ADOPT",$value["check_adopt"]); $this->tpl->setVariable("TYPE",$value["type"]); $this->tpl->setVariable("ROLE_NAME",$value["role_name"]); $this->tpl->parseCurrentBlock(); } $this->tpl->setCurrentBlock("ADOPT_PERM_FORM"); $this->tpl->setVariable("MESSAGE_MIDDLE",$this->data["message_middle"]); $this->tpl->setVariable("FORMACTION_ADOPT",$this->data["formaction_adopt"]); $this->tpl->setVariable("ADOPT",$this->lng->txt('copy')); $this->tpl->parseCurrentBlock(); // END ADOPT PERMISSIONS */ $this->tpl->setCurrentBlock("tblfooter_protected"); $this->tpl->setVariable("COL_ANZ", 3); $this->tpl->setVariable("CHECK_BOTTOM", $this->data["check_protected"]); $this->tpl->setVariable("MESSAGE_TABLE", $this->data["text_protected"]); $this->tpl->parseCurrentBlock(); $this->tpl->setVariable("COL_ANZ_PLUS", 4); $this->tpl->setVariable("TXT_SAVE", $this->data["txt_save"]); $this->tpl->setCurrentBlock("adm_content"); $this->tpl->setVariable("TBL_TITLE_IMG", ilUtil::getImagePath("icon_" . $this->object->getType() . ".svg")); $this->tpl->setVariable("TBL_TITLE_IMG_ALT", $this->lng->txt($this->object->getType())); // compute additional information in title if (substr($this->object->getTitle(), 0, 3) == "il_") { $desc = $this->lng->txt("predefined_template"); //$this->lng->txt("obj_".$parent_node['type'])." (".$parent_node['obj_id'].") : ".$parent_node['title']; } $description = "<br/> <span class=\"small\">" . $desc . "</span>"; // translation for autogenerated roles if (substr($this->object->getTitle(), 0, 3) == "il_") { include_once './Services/AccessControl/classes/class.ilObjRole.php'; $title = ilObjRole::_getTranslation($this->object->getTitle()) . " (" . $this->object->getTitle() . ")"; } else { $title = $this->object->getTitle(); } $this->tpl->setVariable("TBL_TITLE", $title . $description); $this->tpl->setVariable("TXT_PERMISSION", $this->data["txt_permission"]); $this->tpl->setVariable("FORMACTION", $this->data["formaction"]); $this->tpl->parseCurrentBlock(); }