/**
* display edit form
*
* @access public
*/
function editObject()
{
global $rbacsystem, $rbacreview;
if (!$rbacsystem->checkAccess("edit_permission", $_GET["ref_id"])) {
$this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
}
//prepare objectlist
$this->data = array();
$this->data["data"] = array();
$this->data["ctrl"] = array();
$this->data["cols"] = array("type", "operation", "description", "status");
$ops_valid = $rbacreview->getOperationsOnType($this->obj_id);
if ($ops_arr = ilRbacReview::_getOperationList('', $a_order, $a_direction)) {
$options = array("e" => "enabled", "d" => "disabled");
foreach ($ops_arr as $key => $ops) {
// BEGIN ROW
if (in_array($ops["ops_id"], $ops_valid)) {
$ops_status = 'e';
} else {
$ops_status = 'd';
}
$obj = $ops["ops_id"];
$ops_options = ilUtil::formSelect($ops_status, "id[{$obj}]", $options);
//visible data part
$this->data["data"][] = array("type" => "perm", "operation" => $ops["operation"], "description" => $ops["desc"], "status" => $ops_status, "status_html" => $ops_options, "obj_id" => $val["ops_id"]);
}
}
//if typedata
$this->maxcount = count($this->data["data"]);
// sorting array
$this->data["data"] = ilUtil::sortArray($this->data["data"], $_GET["sort_by"], $_GET["sort_order"]);
// now compute control information
foreach ($this->data["data"] as $key => $val) {
$this->data["ctrl"][$key] = array("obj_id" => $val["obj_id"], "type" => $val["type"]);
unset($this->data["data"][$key]["obj_id"]);
$this->data["data"][$key]["status"] = $this->data["data"][$key]["status_html"];
unset($this->data["data"][$key]["status_html"]);
}
// build table
include_once "./Services/Table/classes/class.ilTableGUI.php";
// load template for table
$this->tpl->addBlockfile("ADM_CONTENT", "adm_content", "tpl.table.html");
// load template for table content data
$this->tpl->addBlockfile("TBL_CONTENT", "tbl_content", "tpl.obj_tbl_rows.html");
$num = 0;
$obj_str = $this->call_by_reference ? "" : "&obj_id=" . $this->obj_id;
$this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=" . $this->ref_id . "{$obj_str}&cmd=save");
// create table
$tbl = new ilTableGUI();
// title & header columns
$tbl->setTitle($this->lng->txt("edit_operations") . " " . strtolower($this->lng->txt("of")) . " '" . $this->object->getTitle() . "'", "icon_" . $this->object->getType() . "_b.png", $this->lng->txt("obj_" . $this->object->getType()));
$tbl->setHelp("tbl_help.php", "icon_help.png", $this->lng->txt("help"));
foreach ($this->data["cols"] as $val) {
$header_names[] = $this->lng->txt($val);
}
$tbl->setHeaderNames($header_names);
$header_params = array("ref_id" => $this->ref_id, "obj_id" => $this->id, "cmd" => "edit");
$tbl->setHeaderVars($this->data["cols"], $header_params);
// control
$tbl->setOrderColumn($_GET["sort_by"]);
$tbl->setOrderDirection($_GET["sort_order"]);
$tbl->setLimit(0);
$tbl->setOffset(0);
$tbl->setMaxCount($this->maxcount);
// SHOW VALID ACTIONS
$this->tpl->setVariable("IMG_ARROW", ilUtil::getImagePath("arrow_downright.png"));
$this->tpl->setVariable("COLUMN_COUNTS", count($this->data["cols"]));
// footer
$tbl->setFooter("tblfooter", $this->lng->txt("previous"), $this->lng->txt("next"));
//$tbl->disable("footer");
// render table
$tbl->render();
if (is_array($this->data["data"][0])) {
//table cell
for ($i = 0; $i < count($this->data["data"]); $i++) {
$data = $this->data["data"][$i];
$ctrl = $this->data["ctrl"][$i];
// color changing
$css_row = ilUtil::switchColor($i + 1, "tblrow1", "tblrow2");
$this->tpl->setCurrentBlock("table_cell");
$this->tpl->setVariable("CELLSTYLE", "tblrow1");
$this->tpl->parseCurrentBlock();
foreach ($data as $key => $val) {
$this->tpl->setCurrentBlock("text");
if ($key == "type") {
$val = ilUtil::getImageTagByType($val, $this->tpl->tplPath);
}
$this->tpl->setVariable("TEXT_CONTENT", $val);
$this->tpl->parseCurrentBlock();
$this->tpl->setCurrentBlock("table_cell");
$this->tpl->parseCurrentBlock();
}
//foreach
$this->tpl->setVariable("BTN_VALUE", $this->lng->txt("save"));
$this->tpl->setCurrentBlock("tbl_content");
$this->tpl->setVariable("CSS_ROW", $css_row);
$this->tpl->parseCurrentBlock();
}
//for
}
//if is_array
}
/**
* Access Permissions Table Data
* @return array
*/
function getAccessPermissionTableData()
{
global $ilAccess, $ilObjDataCache, $objDefinition;
// get all possible operation of current object
$ops_list = ilRbacReview::_getOperationList($this->object->getType());
$counter = 0;
$result_set = array();
// check permissions of user
foreach ($ops_list as $ops) {
$access = $ilAccess->doRBACCheck($ops['operation'], "info", $this->object->getRefId(), $this->user->getId(), $this->object->getType());
$result_set[$counter]["img"] = $access ? self::IMG_OK : self::IMG_NOT_OK;
if (substr($ops['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($ops['operation'], 7))) {
$result_set[$counter]["operation"] = ilPlugin::lookupTxt("rep_robj", substr($ops['operation'], 7), 'rbac_' . $ops['operation']);
} else {
if ($objDefinition->isPlugin($this->object->getType())) {
$result_set[$counter]["operation"] = ilPlugin::lookupTxt("rep_robj", $this->object->getType(), $this->object->getType() . "_" . $ops['operation']);
} elseif (substr($ops['operation'], 0, 7) == 'create_') {
$result_set[$counter]["operation"] = $this->lng->txt('rbac_' . $ops['operation']);
} else {
$result_set[$counter]["operation"] = $this->lng->txt($this->object->getType() . "_" . $ops['operation']);
}
}
$list_role = "";
// Check ownership
if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
if (substr($ops['operation'], 0, 7) != 'create_' and $ops['operation'] != 'edit_permission' and $ops['operation'] != 'edit_leanring_progress') {
$list_role[] = $this->lng->txt('info_owner_of_object');
}
}
// get operations on object for each assigned role to user
foreach ($this->getAssignedValidRoles() as $role) {
if (in_array($ops['ops_id'], $role['ops'])) {
$list_role[] = $role['translation'];
}
}
if (empty($list_role)) {
$list_role[] = $this->lng->txt('none');
}
$result_set[$counter]["role_ownership"] = $list_role;
++$counter;
}
return $result_set;
}
function getRolesData()
{
global $rbacsystem, $rbacreview, $tree;
// first get all roles in
$roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
// filter roles
$_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
// set default filter (all roles) if no filter is set
if ($_SESSION['perm_filtered_roles'] == 0) {
if ($tree->checkForParentType($this->gui_obj->object->getRefId(), 'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(), 'grp')) {
$_SESSION['perm_filtered_roles'] = 3;
} else {
$_SESSION['perm_filtered_roles'] = 1;
}
}
// remove filtered roles from array
$roles = $this->__filterRoles($roles, $_SESSION["perm_filtered_roles"]);
// determine status of each role (local role, changed policy, protected)
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
$local_roles = array();
if (!empty($role_folder)) {
$local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
}
foreach ($roles as $key => $role) {
// exclude system admin role from list
if ($role["obj_id"] == SYSTEM_ROLE_ID) {
unset($roles[$key]);
continue;
}
$this->roles[$role['obj_id']] = $role;
// don't allow local policies for protected roles
$this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'], $role['obj_id']);
if (!in_array($role["obj_id"], $local_roles)) {
$this->roles[$role['obj_id']]['local_policy_enabled'] = false;
$this->roles[$role['obj_id']]['local_policy_allowed'] = true;
} else {
// no checkbox for local roles
if ($rbacreview->isAssignable($role["obj_id"], $role_folder["ref_id"])) {
$this->roles[$role['obj_id']]['local_policy_allowed'] = false;
} else {
$this->roles[$role['obj_id']]['local_policy_enabled'] = true;
$this->roles[$role['obj_id']]['local_policy_allowed'] = true;
}
}
// compute permission settings for each role
$grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
foreach ($grouped_ops as $ops_group => $ops_data) {
foreach ($ops_data as $key => $operation) {
$grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
}
}
$this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
unset($grouped_ops);
}
}
function getPermissionInfo()
{
global $ilAccess, $lng, $rbacreview, $ilUser, $ilObjDataCache, $objDefinition;
// icon handlers
$icon_ok = "<img src=\"" . ilUtil::getImagePath("icon_ok.png") . "\" alt=\"" . $lng->txt("info_assigned") . "\" title=\"" . $lng->txt("info_assigned") . "\" border=\"0\" vspace=\"0\"/>";
$icon_not_ok = "<img src=\"" . ilUtil::getImagePath("icon_not_ok.png") . "\" alt=\"" . $lng->txt("info_not_assigned") . "\" title=\"" . $lng->txt("info_not_assigned") . "\" border=\"0\" vspace=\"0\"/>";
// get all possible operation of current object
$ops_list = ilRbacReview::_getOperationList($this->object->getType());
$counter = 0;
// check permissions of user
foreach ($ops_list as $ops) {
$access = $ilAccess->doRBACCheck($ops['operation'], "info", $this->object->getRefId(), $this->user->getId(), $this->object->getType());
$result_set[$counter][] = $access ? $icon_ok : $icon_not_ok;
if (substr($ops['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($ops['operation'], 7))) {
$result_set[$counter][] = ilPlugin::lookupTxt("rep_robj", substr($ops['operation'], 7), 'rbac_' . $ops['operation']);
} else {
if ($objDefinition->isPlugin($this->object->getType())) {
$result_set[$counter][] = ilPlugin::lookupTxt("rep_robj", $this->object->getType(), $this->object->getType() . "_" . $ops['operation']);
} elseif (substr($ops['operation'], 0, 7) == 'create_') {
$result_set[$counter][] = $lng->txt('rbac_' . $ops['operation']);
} else {
$result_set[$counter][] = $lng->txt($this->object->getType() . "_" . $ops['operation']);
}
}
$list_role = "";
// Check ownership
if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
if (substr($ops['operation'], 0, 7) != 'create_' and $ops['operation'] != 'edit_permission' and $ops['operation'] != 'edit_leanring_progress') {
$list_role[] = $lng->txt('info_owner_of_object');
}
}
// get operations on object for each assigned role to user
foreach ($this->assigned_valid_roles as $role) {
if (in_array($ops['ops_id'], $role['ops'])) {
$list_role[] = $role['translation'];
}
}
if (empty($list_role)) {
$roles_formatted = $lng->txt('none');
} else {
$roles_formatted = implode("<br/>", $list_role);
}
$result_set[$counter][] = $roles_formatted;
++$counter;
}
return $this->__showPermissionsTable($result_set);
}
/**
* display permissions
*
* @access public
*/
function permObject()
{
global $rbacadmin, $rbacreview, $rbacsystem, $objDefinition, $ilSetting;
if (!$rbacsystem->checkAccess('write', $this->rolf_ref_id)) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->WARNING);
exit;
}
$to_filter = $objDefinition->getSubobjectsToFilter();
$tpl_filter = array();
$internal_tpl = false;
if ($internal_tpl = $this->object->isInternalTemplate()) {
$tpl_filter = $this->object->getFilterOfInternalTemplate();
}
$op_order = array();
foreach (ilRbacReview::_getOperationList() as $op) {
$op_order[$op["ops_id"]] = $op["order"];
}
$operation_info = $rbacreview->getOperationAssignment();
foreach ($operation_info as $info) {
if ($objDefinition->getDevMode($info['type'])) {
continue;
}
// FILTER SUBOJECTS OF adm OBJECT
if (in_array($info['type'], $to_filter)) {
continue;
}
if ($internal_tpl and $tpl_filter and !in_array($info['type'], $tpl_filter)) {
continue;
}
$rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'], "type" => $info['type']);
$txt = $objDefinition->isPlugin($info['type']) ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type'] . "_" . $info['operation']) : $this->lng->txt($info['type'] . "_" . $info['operation']);
if (substr($info['operation'], 0, 7) == "create_" && $objDefinition->isPlugin(substr($info['operation'], 7))) {
$txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type'] . "_" . $info['operation']);
} elseif (substr($info['operation'], 0, 6) == 'create') {
$txt = $this->lng->txt('rbac_' . $info['operation']);
}
$order = $op_order[$info['ops_id']];
if (substr($info['operation'], 0, 6) == 'create') {
$order = $objDefinition->getPositionByType($info['type']);
}
$rbac_operations[$info['typ_id']][$info['ops_id']] = array("ops_id" => $info['ops_id'], "title" => $info['operation'], "name" => $txt, "order" => $order);
}
foreach ($rbac_objects as $key => $obj_data) {
if ($objDefinition->isPlugin($obj_data["type"])) {
$rbac_objects[$key]["name"] = ilPlugin::lookupTxt("rep_robj", $obj_data["type"], "obj_" . $obj_data["type"]);
} else {
$rbac_objects[$key]["name"] = $this->lng->txt("obj_" . $obj_data["type"]);
}
$rbac_objects[$key]["ops"] = $rbac_operations[$key];
}
sort($rbac_objects);
foreach ($rbac_objects as $key => $obj_data) {
sort($rbac_objects[$key]["ops"]);
}
// sort by (translated) name of object type
$rbac_objects = ilUtil::sortArray($rbac_objects, "name", "asc");
// BEGIN CHECK_PERM
foreach ($rbac_objects as $key => $obj_data) {
$arr_selected = $rbacreview->getOperationsOfRole($this->object->getId(), $obj_data["type"], $this->rolf_ref_id);
$arr_checked = array_intersect($arr_selected, array_keys($rbac_operations[$obj_data["obj_id"]]));
foreach ($rbac_operations[$obj_data["obj_id"]] as $operation) {
$checked = in_array($operation["ops_id"], $arr_checked);
$disabled = false;
// Es wird eine 2-dim Post Variable �bergeben: perm[rol_id][ops_id]
$box = ilUtil::formCheckBox($checked, "template_perm[" . $obj_data["type"] . "][]", $operation["ops_id"], $disabled);
$output["perm"][$obj_data["obj_id"]][$operation["ops_id"]] = $box;
}
}
// END CHECK_PERM
$output["col_anz"] = count($rbac_objects);
$output["txt_save"] = $this->lng->txt("save");
$output["check_protected"] = ilUtil::formCheckBox($rbacreview->isProtected($this->rolf_ref_id, $this->object->getId()), "protected", 1);
$output["text_protected"] = $this->lng->txt("role_protect_permissions");
/************************************/
/* adopt permissions form */
/************************************/
$output["message_middle"] = $this->lng->txt("adopt_perm_from_template");
// send message for system role
if ($this->object->getId() == SYSTEM_ROLE_ID) {
$output["adopt"] = array();
ilUtil::sendFailure($this->lng->txt("msg_sysrole_not_editable"));
} else {
// BEGIN ADOPT_PERMISSIONS
$parent_role_ids = $rbacreview->getParentRoleIds($this->rolf_ref_id, true);
// sort output for correct color changing
ksort($parent_role_ids);
foreach ($parent_role_ids as $key => $par) {
if ($par["obj_id"] != SYSTEM_ROLE_ID) {
$radio = ilUtil::formRadioButton(0, "adopt", $par["obj_id"]);
$output["adopt"][$key]["css_row_adopt"] = ilUtil::switchColor($key, "tblrow1", "tblrow2");
$output["adopt"][$key]["check_adopt"] = $radio;
$output["adopt"][$key]["type"] = $par["type"] == 'role' ? 'Role' : 'Template';
$output["adopt"][$key]["role_name"] = $par["title"];
}
}
$output["formaction_adopt"] = $this->ctrl->getFormAction($this);
// END ADOPT_PERMISSIONS
}
$output["formaction"] = $this->ctrl->getFormAction($this);
$this->data = $output;
/************************************/
/* generate output */
/************************************/
$this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.adm_perm_role.html", "Services/AccessControl");
foreach ($rbac_objects as $obj_data) {
// BEGIN object_operations
$this->tpl->setCurrentBlock("object_operations");
$obj_data["ops"] = ilUtil::sortArray($obj_data["ops"], 'order', 'asc', true, true);
foreach ($obj_data["ops"] as $operation) {
$ops_ids[] = $operation["ops_id"];
$css_row = ilUtil::switchColor($key, "tblrow1", "tblrow2");
$this->tpl->setVariable("CSS_ROW", $css_row);
$this->tpl->setVariable("PERMISSION", $operation["name"]);
$this->tpl->setVariable("CHECK_PERMISSION", $this->data["perm"][$obj_data["obj_id"]][$operation["ops_id"]]);
$this->tpl->parseCurrentBlock();
}
// END object_operations
// BEGIN object_type
$this->tpl->setCurrentBlock("object_type");
$this->tpl->setVariable("TXT_OBJ_TYPE", $obj_data["name"]);
// TODO: move this if in a function and query all objects that may be disabled or inactive
if ($this->objDefinition->getDevMode($obj_data["type"])) {
$this->tpl->setVariable("TXT_NOT_IMPL", "(" . $this->lng->txt("not_implemented_yet") . ")");
} else {
if ($obj_data["type"] == "icrs" and !$this->ilias->getSetting("ilinc_active")) {
$this->tpl->setVariable("TXT_NOT_IMPL", "(" . $this->lng->txt("not_enabled_or_configured") . ")");
}
}
// js checkbox toggles
$this->tpl->setVariable("JS_VARNAME", "template_perm_" . $obj_data["type"]);
$this->tpl->setVariable("JS_ONCLICK", ilUtil::array_php2js($ops_ids));
$this->tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all"));
$this->tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all"));
$this->tpl->parseCurrentBlock();
// END object_type
}
/*
// BEGIN ADOPT PERMISSIONS
foreach ($this->data["adopt"] as $key => $value)
{
$this->tpl->setCurrentBlock("ADOPT_PERM_ROW");
$this->tpl->setVariable("CSS_ROW_ADOPT",$value["css_row_adopt"]);
$this->tpl->setVariable("CHECK_ADOPT",$value["check_adopt"]);
$this->tpl->setVariable("TYPE",$value["type"]);
$this->tpl->setVariable("ROLE_NAME",$value["role_name"]);
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("ADOPT_PERM_FORM");
$this->tpl->setVariable("MESSAGE_MIDDLE",$this->data["message_middle"]);
$this->tpl->setVariable("FORMACTION_ADOPT",$this->data["formaction_adopt"]);
$this->tpl->setVariable("ADOPT",$this->lng->txt('copy'));
$this->tpl->parseCurrentBlock();
// END ADOPT PERMISSIONS
*/
$this->tpl->setCurrentBlock("tblfooter_protected");
$this->tpl->setVariable("COL_ANZ", 3);
$this->tpl->setVariable("CHECK_BOTTOM", $this->data["check_protected"]);
$this->tpl->setVariable("MESSAGE_TABLE", $this->data["text_protected"]);
$this->tpl->parseCurrentBlock();
$this->tpl->setVariable("COL_ANZ_PLUS", 4);
$this->tpl->setVariable("TXT_SAVE", $this->data["txt_save"]);
$this->tpl->setCurrentBlock("adm_content");
$this->tpl->setVariable("TBL_TITLE_IMG", ilUtil::getImagePath("icon_" . $this->object->getType() . ".svg"));
$this->tpl->setVariable("TBL_TITLE_IMG_ALT", $this->lng->txt($this->object->getType()));
// compute additional information in title
if (substr($this->object->getTitle(), 0, 3) == "il_") {
$desc = $this->lng->txt("predefined_template");
//$this->lng->txt("obj_".$parent_node['type'])." (".$parent_node['obj_id'].") : ".$parent_node['title'];
}
$description = "<br/> <span class=\"small\">" . $desc . "</span>";
// translation for autogenerated roles
if (substr($this->object->getTitle(), 0, 3) == "il_") {
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$title = ilObjRole::_getTranslation($this->object->getTitle()) . " (" . $this->object->getTitle() . ")";
} else {
$title = $this->object->getTitle();
}
$this->tpl->setVariable("TBL_TITLE", $title . $description);
$this->tpl->setVariable("TXT_PERMISSION", $this->data["txt_permission"]);
$this->tpl->setVariable("FORMACTION", $this->data["formaction"]);
$this->tpl->parseCurrentBlock();
}
