public function addToExternalSettingsForm($a_form_id) { switch ($a_form_id) { case ilAdministrationSettingsFormHandler::FORM_SECURITY: include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security = ilSecuritySettings::_getInstance(); $fields = array(); $subitems = array('ps_password_change_on_first_login_enabled' => array($security->isPasswordChangeOnFirstLoginEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL), 'ps_password_must_not_contain_loginame' => array((bool) $security->getPasswordMustNotContainLoginnameStatus(), ilAdministrationSettingsFormHandler::VALUE_BOOL), 'ps_password_chars_and_numbers_enabled' => array($security->isPasswordCharsAndNumbersEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL), 'ps_password_special_chars_enabled' => array($security->isPasswordSpecialCharsEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL), 'ps_password_min_length' => (int) $security->getPasswordMinLength(), 'ps_password_max_length' => (int) $security->getPasswordMaxLength(), 'ps_password_uppercase_chars_num' => (int) $security->getPasswordNumberOfUppercaseChars(), 'ps_password_lowercase_chars_num' => (int) $security->getPasswordNumberOfLowercaseChars(), 'ps_password_max_age' => (int) $security->getPasswordMaxAge()); $fields['ps_password_settings'] = array(null, null, $subitems); $subitems = array('ps_login_max_attempts' => (int) $security->getLoginMaxAttempts(), 'ps_prevent_simultaneous_logins' => array($security->isPreventionOfSimultaneousLoginsEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL)); $fields['ps_security_protection'] = array(null, null, $subitems); return array(array("generalSettings", $fields)); } }
/** * Save security settings * * @access public * */ public function save_security() { global $ilErr, $ilAccess, $ilSetting, $rbacreview, $ilUser; if (!$ilAccess->checkAccess('write', '', $this->object->getRefId())) { $ilErr->raiseError($this->lng->txt('no_permission'), $ilErr->WARNING); } $security = ilSecuritySettings::_getInstance(); // auto https detection settings $security->setAutomaticHTTPSEnabled((int) $_POST["auto_https_detect_enabled"]); $security->setAutomaticHTTPSHeaderName(ilUtil::stripSlashes($_POST["auto_https_detect_header_name"])); $security->setAutomaticHTTPSHeaderValue(ilUtil::stripSlashes($_POST["auto_https_detect_header_value"])); // prevention of simultaneous logins with the same account $security->setPreventionOfSimultaneousLogins((bool) $_POST['ps_prevent_simultaneous_logins']); // ilias https handling settings $security->setHTTPSEnabled($_POST["https_enabled"]); // account security settings $security->setAccountSecurityMode((int) $_POST["account_security_mode"]); $security->setPasswordCharsAndNumbersEnabled((bool) $_POST["password_chars_and_numbers_enabled"]); $security->setPasswordSpecialCharsEnabled((bool) $_POST["password_special_chars_enabled"]); $security->setPasswordMinLength((int) $_POST["password_min_length"]); $security->setPasswordMaxLength((int) $_POST["password_max_length"]); $security->setPasswordMaxAge((int) $_POST["password_max_age"]); $security->setLoginMaxAttempts((int) $_POST["login_max_attempts"]); // change password on first login settings $security->setPasswordChangeOnFirstLoginEnabled((bool) $_POST['password_change_on_first_login_enabled']); // file suffic replacements $ilSetting->set("suffix_repl_additional", $_POST["suffix_repl_additional"]); // validate settings if ($rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)) { $security->protectedAdminRole((int) $_POST['admin_role']); } $code = $security->validate(); // if error code != 0, display error and do not save if ($code != 0) { $msg = $this->getErrorMessage($code); ilUtil::sendFailure($msg); } else { $security->save(); ilUtil::sendSuccess($this->lng->txt('settings_saved')); } $this->showSecurity(); }
public function addToExternalSettingsForm($a_form_id) { switch ($a_form_id) { case ilAdministrationSettingsFormHandler::FORM_SECURITY: include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security = ilSecuritySettings::_getInstance(); $subitems = null; $fields['activate_https'] = array($security->isHTTPSEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL); return array("general_settings" => array("showHTTPS", $fields)); } }
function initIlias($context = "web") { global $ilDB, $ilUser, $ilLog, $ilErr, $ilClientIniFile, $ilIliasIniFile, $ilSetting, $ilias, $https, $ilObjDataCache, $ilLog, $objDefinition, $lng, $ilCtrl, $ilBrowser, $ilHelp, $ilTabs, $ilMainMenu, $rbacsystem, $ilNavigationHistory; // remove unsafe characters $this->removeUnsafeCharacters(); // error reporting // remove notices from error reporting if (version_compare(PHP_VERSION, '5.3.0', '>=')) { error_reporting(ini_get("error_reporting") & ~E_NOTICE & ~E_DEPRECATED); } else { error_reporting(ini_get('error_reporting') & ~E_NOTICE); } // include common code files $this->requireCommonIncludes(); global $ilBench; // set error handler (to do: check preconditions for error handler to work) $ilBench->start("Core", "HeaderInclude_GetErrorHandler"); $ilErr = new ilErrorHandling(); $GLOBALS['ilErr'] =& $ilErr; $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, 'errorHandler')); $ilBench->stop("Core", "HeaderInclude_GetErrorHandler"); // prepare file access to work with safe mode (has been done in class ilias before) umask(0117); // set cookie params $this->setCookieParams(); // $ilIliasIniFile initialisation $this->initIliasIniFile(); // CLIENT_ID determination $this->determineClient(); // $ilAppEventHandler initialisation $this->initEventHandling(); // $ilClientIniFile initialisation $this->initClientIniFile(); // removed redirection madness the service should respond with SERVICE UNAVAILABLE // $ilDB initialisation $this->initDatabase(); // init plugin admin class include_once "Services/Component/classes/class.ilPluginAdmin.php"; $ilPluginAdmin = new ilPluginAdmin(); $GLOBALS['ilPluginAdmin'] = $ilPluginAdmin; // set session handler $this->setSessionHandler(); // $ilSetting initialisation $this->initSettings(); // $ilLog initialisation $this->initLog(); // $https initialisation require_once 'classes/class.ilHTTPS.php'; $https = new ilHTTPS(); $GLOBALS['https'] =& $https; $https->enableSecureCookies(); $https->checkPort(); if ($this->returnBeforeAuth()) { return; } $ilCtrl = new ilCtrl2(); $GLOBALS['ilCtrl'] =& $ilCtrl; // $ilAuth initialisation include_once "Services/Authentication/classes/class.ilAuthUtils.php"; ilAuthUtils::_initAuth(); global $ilAuth; $this->includePhp5Compliance(); // Do not accept external session ids if (!ilSession::_exists(session_id())) { // $_GET["PHPSESSID"] = ""; session_regenerate_id(); } // $ilias initialisation global $ilias, $ilBench; $ilBench->start("Core", "HeaderInclude_GetILIASObject"); $ilias = new ILIAS(); $GLOBALS['ilias'] =& $ilias; $ilBench->stop("Core", "HeaderInclude_GetILIASObject"); // $ilObjDataCache initialisation $ilObjDataCache = new ilObjectDataCache(); $GLOBALS['ilObjDataCache'] =& $ilObjDataCache; // workaround: load old post variables if error handler 'message' was called if (isset($_SESSION["message"]) && $_SESSION["message"]) { $_POST = $_SESSION["post_vars"]; } // put debugging functions here require_once "include/inc.debug.php"; // $objDefinition initialisation $ilBench->start("Core", "HeaderInclude_getObjectDefinitions"); $objDefinition = new ilObjectDefinition(); $GLOBALS['objDefinition'] =& $objDefinition; // $objDefinition->startParsing(); $ilBench->stop("Core", "HeaderInclude_getObjectDefinitions"); // init tree $tree = new ilTree(ROOT_FOLDER_ID); $GLOBALS['tree'] =& $tree; // $ilAccess and $rbac... initialisation $this->initAccessHandling(); // authenticate & start session PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, "errorHandler")); $ilBench->start("Core", "HeaderInclude_Authentication"); //var_dump($_SESSION); ////require_once('Log.php'); ////$ilAuth->logger = Log::singleton('error_log',PEAR_LOG_TYPE_SYSTEM,'TEST'); ////$ilAuth->enableLogging = true; if (!defined("IL_PHPUNIT_TEST")) { $oldSid = session_id(); $ilAuth->start(); $newSid = session_id(); include_once 'Services/Payment/classes/class.ilPaymentShoppingCart.php'; ilPaymentShoppingCart::_migrateShoppingCart($oldSid, $newSid); } //var_dump($_SESSION); $ilias->setAuthError($ilErr->getLastError()); $ilBench->stop("Core", "HeaderInclude_Authentication"); // workaround: force login if (!empty($_GET["cmd"]) && $_GET["cmd"] == "force_login" || $this->script == "login.php") { $ilAuth->logout(); if (!isset($_GET['forceShoppingCartRedirect'])) { $_SESSION = array(); } $_SESSION["AccountId"] = ""; $ilAuth->start(); $ilias->setAuthError($ilErr->getLastError()); } // check correct setup if (!$ilias->getSetting("setup_ok")) { die("Setup is not completed. Please run setup routine again."); } // $ilUser initialisation (1) $ilBench->start("Core", "HeaderInclude_getCurrentUser"); $ilUser = new ilObjUser(); $ilias->account =& $ilUser; $GLOBALS['ilUser'] =& $ilUser; $ilBench->stop("Core", "HeaderInclude_getCurrentUser"); // $ilCtrl initialisation //$ilCtrl = new ilCtrl(); // determin current script and up-path to main directory // (sets $this->script and $this->updir) $this->determineScriptAndUpDir(); // $styleDefinition initialisation and style handling for login and co. $this->initStyle(); if (in_array($this->script, array("login.php", "register.php", "view_usr_agreement.php")) || $_GET["baseClass"] == "ilStartUpGUI") { $this->handleStyle(); } // init locale $this->initLocale(); // handle ILIAS 2 imported users: // check ilias 2 password, if authentication failed // only if AUTH_LOCAL //echo "A"; if (AUTH_CURRENT == AUTH_LOCAL && !$ilAuth->getAuth() && $this->script == "login.php" && $_POST["username"] != "") { if (ilObjUser::_lookupHasIlias2Password(ilUtil::stripSlashes($_POST["username"]))) { if (ilObjUser::_switchToIlias3Password(ilUtil::stripSlashes($_POST["username"]), ilUtil::stripSlashes($_POST["password"]))) { $ilAuth->start(); $ilias->setAuthError($ilErr->getLastError()); ilUtil::redirect("index.php"); } } } // // SUCCESSFUL AUTHENTICATION // if ($ilAuth->getStatus() == '' && $ilias->account->isCurrentUserActive() || defined("IL_PHPUNIT_TEST") && DEVMODE) { //echo "C"; exit; $ilBench->start("Core", "HeaderInclude_getCurrentUserAccountData"); //var_dump($_SESSION); // get user data $this->initUserAccount(); //var_dump($_SESSION); // differentiate account security mode require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security_settings = ilSecuritySettings::_getInstance(); if ($security_settings->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) { // reset counter for failed logins ilObjUser::_resetLoginAttempts($ilUser->getId()); } $ilBench->stop("Core", "HeaderInclude_getCurrentUserAccountData"); } else { if (!$ilAuth->getAuth()) { require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; // differentiate account security mode $security = ilSecuritySettings::_getInstance(); if ($security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) { if (isset($_POST['username']) && $_POST['username'] && $ilUser->getId() == 0) { $username = ilUtil::stripSlashes($_POST['username']); $usr_id = ilObjUser::_lookupId($username); if ($usr_id != ANONYMOUS_USER_ID) { ilObjUser::_incrementLoginAttempts($usr_id); $login_attempts = ilObjUser::_getLoginAttempts($usr_id); $max_attempts = $security->getLoginMaxAttempts(); if ($login_attempts >= $max_attempts && $usr_id != SYSTEM_USER_ID && $max_attempts > 0) { ilObjUser::_setUserInactive($usr_id); } } } } } } // // SUCCESSFUL AUTHENTICATED or NON-AUTH-AREA (Login, Registration, ...) // // $lng initialisation $this->initLanguage(); // store user language in tree $GLOBALS['tree']->initLangCode(); // ### AA 03.10.29 added new LocatorGUI class ### // when locator data array does not exist, initialise if (!isset($_SESSION["locator_level"])) { $_SESSION["locator_data"] = array(); $_SESSION["locator_level"] = -1; } // initialise global ilias_locator object // ECS Tasks include_once 'Services/WebServices/ECS/classes/class.ilECSTaskScheduler.php'; $scheduler = ilECSTaskScheduler::start(); $ilBench->stop("Core", "HeaderInclude"); }
/** * Generate a number of passwords * * @static * */ public static function generatePasswords($a_number) { $ret = array(); srand((double) microtime() * 1000000); include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security = ilSecuritySettings::_getInstance(); for ($i = 1; $i <= $a_number; $i++) { $min = $security->getPasswordMinLength() > 0 ? $security->getPasswordMinLength() : 6; $max = $security->getPasswordMaxLength() > 0 ? $security->getPasswordMaxLength() : 10; if ($min > $max) { $max = $max + 1; } $length = rand($min, $max); $next = rand(1, 2); $vowels = "aeiou"; $consonants = "bcdfghjklmnpqrstvwxyz"; $numbers = "1234567890"; $special = "_.+?#-*@!\$%~"; $pw = ""; // position for number if ($security->isPasswordCharsAndNumbersEnabled()) { $num_pos = rand(0, $length - 1); } // position for special character if ($security->isPasswordSpecialCharsEnabled()) { $spec_pos = rand(0, $length - 1); if ($security->isPasswordCharsAndNumbersEnabled()) { if ($num_pos == $spec_pos) { if ($spec_pos > 0) { $spec_pos -= 1; } else { $spec_pos += 1; } } } } for ($j = 0; $j < $length; $j++) { if ($security->isPasswordCharsAndNumbersEnabled() && $num_pos == $j) { $pw .= $numbers[rand(0, strlen($numbers) - 1)]; } else { if ($security->isPasswordSpecialCharsEnabled() && $spec_pos == $j) { $pw .= $special[rand(0, strlen($special) - 1)]; } else { switch ($next) { case 1: $pw .= $consonants[rand(0, strlen($consonants) - 1)]; $next = 2; break; case 2: $pw .= $vowels[rand(0, strlen($vowels) - 1)]; $next = 1; break; } } } } $ret[] = $pw; } return $ret; }
/** * display user assignment panel */ function userassignmentObject() { global $rbacreview, $rbacsystem, $lng, $ilUser; //if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id)) if (!$this->checkAccess('edit_userassignment', 'edit_permission')) { $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE); } $this->tabs_gui->setTabActive('user_assignment'); $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'Services/AccessControl'); include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php'; $tb = new ilToolbarGUI(); // protected admin role include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; if ($this->object->getId() != SYSTEM_ROLE_ID || (!$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID) or !ilSecuritySettings::_getInstance()->isAdminRoleProtected())) { // add member include_once './Services/Search/classes/class.ilRepositorySearchGUI.php'; ilRepositorySearchGUI::fillAutoCompleteToolbar($this, $tb, array('auto_complete_name' => $lng->txt('user'), 'submit_name' => $lng->txt('add'))); /* // add button $tb->addFormButton($lng->txt("add"), "assignUser"); */ $tb->addSpacer(); $tb->addButton($this->lng->txt('search_user'), $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')); $tb->addSpacer(); } $tb->addButton($this->lng->txt('role_mailto'), $this->ctrl->getLinkTarget($this, 'mailToRole')); $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML()); include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $role_assignment_editable = true; if ($this->object->getId() == SYSTEM_ROLE_ID && !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId())) { $role_assignment_editable = false; } include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php'; $ut = new ilAssignedUsersTableGUI($this, 'userassignment', $this->object->getId(), $role_assignment_editable); $this->tpl->setVariable('TABLE_UA', $ut->getHTML()); return true; }
/** * Called after failed login * @return * @param array $a_username * @param object $a_auth */ protected function failedLoginObserver($a_username, $a_auth) { global $ilLog; $ilLog->write(__METHOD__ . ': login failed for user ' . $a_username . ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] . ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']); if ($a_username) { $usr_id = ilObjUser::_lookupId($a_username); if (!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID))) { ilObjUser::_incrementLoginAttempts($usr_id); $login_attempts = ilObjUser::_getLoginAttempts($usr_id); require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security = ilSecuritySettings::_getInstance(); $max_attempts = $security->getLoginMaxAttempts(); if ((int) $max_attempts && $login_attempts >= $max_attempts) { ilObjUser::_setUserInactive($usr_id); } } } return $this->getContainer()->failedLoginObserver($a_username, $a_auth); }
public function isPasswordExpired() { //error_reporting(E_ALL); if ($this->id == ANONYMOUS_USER_ID) { return false; } require_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security = ilSecuritySettings::_getInstance(); if ($this->getLastPasswordChangeTS() > 0) { $max_pass_age = $security->getPasswordMaxAge(); if ($max_pass_age > 0) { $max_pass_age_ts = $max_pass_age * 86400; $pass_change_ts = $this->getLastPasswordChangeTS(); $current_ts = time(); if ($current_ts - $pass_change_ts > $max_pass_age_ts) { return true; } } } return false; }
public function addToExternalSettingsForm($a_form_id) { switch ($a_form_id) { case ilAdministrationSettingsFormHandler::FORM_SECURITY: include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security = ilSecuritySettings::_getInstance(); $subitems = null; if ($security->isAutomaticHTTPSEnabled()) { $subitems = array('ps_auto_https_header_name' => $security->getAutomaticHTTPSHeaderName(), 'ps_auto_https_header_value' => $security->getAutomaticHTTPSHeaderValue()); } $fields = array('ps_auto_https' => array($security->isAutomaticHTTPSEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL, $subitems)); $fields['activate_https'] = array($security->isHTTPSEnabled(), ilAdministrationSettingsFormHandler::VALUE_BOOL); return array("general_settings" => array("showHTTPS", $fields)); } }
/** * Generate a number of passwords * * @static * */ public static function generatePasswords($a_number) { $ret = array(); srand((double) microtime() * 1000000); include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security = ilSecuritySettings::_getInstance(); for ($i = 1; $i <= $a_number; $i++) { $min = $security->getPasswordMinLength() > 0 ? $security->getPasswordMinLength() : 6; $max = $security->getPasswordMaxLength() > 0 ? $security->getPasswordMaxLength() : 10; if ($min > $max) { $max = $max + 1; } $length = rand($min, $max); $next = rand(1, 2); $vowels = "aeiou"; $vowels_uc = strtoupper($vowels); $consonants = "bcdfghjklmnpqrstvwxyz"; $consonants_uc = strtoupper($consonants); $numbers = "1234567890"; $special = "_.+?#-*@!\$%~"; $pw = ""; if ($security->getPasswordNumberOfUppercaseChars() > 0) { for ($j = 0; $j < $security->getPasswordNumberOfUppercaseChars(); $j++) { switch ($next) { case 1: $pw .= $consonants_uc[rand(0, strlen($consonants_uc) - 1)]; $next = 2; break; case 2: $pw .= $vowels_uc[rand(0, strlen($vowels_uc) - 1)]; $next = 1; break; } } } if ($security->isPasswordCharsAndNumbersEnabled()) { $pw .= $numbers[rand(0, strlen($numbers) - 1)]; } if ($security->isPasswordSpecialCharsEnabled()) { $pw .= $special[rand(0, strlen($special) - 1)]; } $num_lcase_chars = max($security->getPasswordNumberOfLowercaseChars(), $length - strlen($pw)); for ($j = 0; $j < $num_lcase_chars; $j++) { switch ($next) { case 1: $pw .= $consonants[rand(0, strlen($consonants) - 1)]; $next = 2; break; case 2: $pw .= $vowels[rand(0, strlen($vowels) - 1)]; $next = 1; break; } } $pw = str_shuffle($pw); $ret[] = $pw; } return $ret; }
/** * Get instance of ilSecuritySettings * * @return ilSecuritySettings instance * @access public * */ public static function _getInstance() { if (is_object(self::$instance)) { return self::$instance; } return self::$instance = new ilSecuritySettings(); }
/** * Show Privacy settings * * @access public */ public function showSecurity() { global $ilSetting, $ilUser, $rbacreview; include_once "./Services/Form/classes/class.ilPropertyFormGUI.php"; $security = ilSecuritySettings::_getInstance(); $this->tabs_gui->setTabActive('show_security'); $form = new ilPropertyFormGUI(); $form->setFormAction($this->ctrl->getFormAction($this)); $form->setTitle($this->lng->txt('ps_security_protection')); include_once "Services/Administration/classes/class.ilAdministrationSettingsFormHandler.php"; ilAdministrationSettingsFormHandler::addFieldsToForm(ilAdministrationSettingsFormHandler::FORM_SECURITY, $form, $this); // $form->addCommandButton('save_security',$this->lng->txt('save')); $this->tpl->setContent($form->getHTML()); }
/** * display roleassignment panel * * @access public */ function roleassignmentObject() { global $rbacreview, $rbacsystem, $ilUser, $ilTabs; $ilTabs->activateTab("role_assignment"); if (!$rbacsystem->checkAccess("edit_roleassignment", $this->usrf_ref_id)) { $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_role_to_user"), $this->ilias->error_obj->MESSAGE); } $_SESSION['filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['filtered_roles']; if ($_SESSION['filtered_roles'] > 5) { $_SESSION['filtered_roles'] = 0; } $this->tpl->addBlockfile('ADM_CONTENT', 'adm_content', 'tpl.usr_role_assignment.html', 'Services/User'); if (false) { $this->tpl->setCurrentBlock("filter"); $this->tpl->setVariable("FILTER_TXT_FILTER", $this->lng->txt('filter')); $this->tpl->setVariable("SELECT_FILTER", $this->__buildFilterSelect()); $this->tpl->setVariable("FILTER_ACTION", $this->ctrl->getFormAction($this)); $this->tpl->setVariable("FILTER_NAME", 'roleassignment'); $this->tpl->setVariable("FILTER_VALUE", $this->lng->txt('apply_filter')); $this->tpl->parseCurrentBlock(); } // init table include_once "./Services/User/classes/class.ilRoleAssignmentTableGUI.php"; $tab = new ilRoleAssignmentTableGUI($this, "roleassignment"); // now get roles depending on filter settings $role_list = $rbacreview->getRolesByFilter($tab->filter["role_filter"], $this->object->getId()); $assigned_roles = $rbacreview->assignedRoles($this->object->getId()); $counter = 0; include_once './Services/AccessControl/classes/class.ilObjRole.php'; $records = array(); foreach ($role_list as $role) { // fetch context path of role $rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"], true); // only list roles that are not set to status "deleted" if ($rbacreview->isDeleted($rolf[0])) { continue; } // build context path $path = ""; if ($this->tree->isInTree($rolf[0])) { if ($rolf[0] == ROLE_FOLDER_ID) { $path = $this->lng->txt("global"); } else { $tmpPath = $this->tree->getPathFull($rolf[0]); // count -1, to exclude the role folder itself /*for ($i = 1; $i < (count($tmpPath)-1); $i++) { if ($path != "") { $path .= " > "; } $path .= $tmpPath[$i]["title"]; }*/ $path = $tmpPath[count($tmpPath) - 1]["title"]; } } else { $path = "<b>Rolefolder " . $rolf[0] . " not found in tree! (Role " . $role["obj_id"] . ")</b>"; } $disabled = false; // disable checkbox for system role for the system user if ($this->object->getId() == SYSTEM_USER_ID and $role["obj_id"] == SYSTEM_ROLE_ID or !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId())) and $role["obj_id"] == SYSTEM_ROLE_ID) { $disabled = true; } // protected admin role if ($role['obj_id'] == SYSTEM_ROLE_ID && !$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)) { include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; if (ilSecuritySettings::_getInstance()->isAdminRoleProtected()) { $disabled = true; } } if (substr($role["title"], 0, 3) == "il_") { if (!$assignable) { $rolf_arr = $rbacreview->getFoldersAssignedToRole($role["obj_id"], true); $rolf2 = $rolf_arr[0]; } else { $rolf2 = $rolf; } $parent_node = $this->tree->getNodeData($rolf2); $role["description"] = $this->lng->txt("obj_" . $parent_node["type"]) . " (#" . $parent_node["obj_id"] . ")"; } $role_ids[$counter] = $role["obj_id"]; $result_set[$counter][] = $checkbox = ilUtil::formCheckBox(in_array($role["obj_id"], $assigned_roles), "role_id[]", $role["obj_id"], $disabled) . "<input type=\"hidden\" name=\"role_id_ctrl[]\" value=\"" . $role["obj_id"] . "\"/>"; $this->ctrl->setParameterByClass("ilobjrolegui", "ref_id", $rolf[0]); $this->ctrl->setParameterByClass("ilobjrolegui", "obj_id", $role["obj_id"]); $result_set[$counter][] = $link = "<a href=\"" . $this->ctrl->getLinkTargetByClass("ilobjrolegui", "perm") . "\">" . ilObjRole::_getTranslation($role["title"]) . "</a>"; $title = ilObjRole::_getTranslation($role["title"]); $result_set[$counter][] = $role["description"]; // Add link to objector local Rores if ($role["role_type"] == "local") { // Get Object to the role $obj_id = ilRbacReview::getObjectOfRole($role["rol_id"]); $obj_type = ilObject::_lookupType($obj_id); $ref_ids = ilObject::_getAllReferences($obj_id); foreach ($ref_ids as $ref_id) { } require_once "./Services/Link/classes/class.ilLink.php"; $result_set[$counter][] = $context = "<a href='" . ilLink::_getLink($ref_id, ilObject::_lookupType($obj_id)) . "' target='_top'>" . $path . "</a>"; } else { $result_set[$counter][] = $path; $context = $path; } $records[] = array("path" => $path, "description" => $role["description"], "context" => $context, "checkbox" => $checkbox, "role" => $link, "title" => $title); ++$counter; } if (true) { $tab->setData($records); $this->tpl->setVariable("ROLES_TABLE", $tab->getHTML()); return; } }
public function addToExternalSettingsForm($a_form_id) { switch ($a_form_id) { case ilAdministrationSettingsFormHandler::FORM_SECURITY: include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security = ilSecuritySettings::_getInstance(); $fields = array('adm_adm_role_protect' => array($security->isAdminRoleProtected(), ilAdministrationSettingsFormHandler::VALUE_BOOL)); return array(array("editSettings", $fields)); case ilAdministrationSettingsFormHandler::FORM_PRIVACY: include_once './Services/PrivacySecurity/classes/class.ilPrivacySettings.php'; $privacy = ilPrivacySettings::_getInstance(); $subitems = null; if ((bool) $privacy->enabledRbacLog()) { $subitems = array('rbac_log_age' => $privacy->getRbacLogAge()); } $fields = array('rbac_log' => array($privacy->enabledRbacLog(), ilAdministrationSettingsFormHandler::VALUE_BOOL, $subitems)); return array(array("editSettings", $fields)); } }