diff --git a/app/controllers/admin/ilias_interface.php b/app/controllers/admin/ilias_interface.php
index 750e33d91184db59e89a10718dbab5e26cc6fa0b..9399a63f554cbe7f455568eefbc9111330e26cb5 100644
--- a/app/controllers/admin/ilias_interface.php
+++ b/app/controllers/admin/ilias_interface.php
@@ -51,6 +51,8 @@ class Admin_IliasInterfaceController extends AuthenticatedController
PageLayout::setHelpKeyword('Basis.Ilias');
$this->modules_available = ConnectedIlias::getSupportedModuleTypes();
+ $this->studip_roles = ['autor', 'tutor', 'dozent', 'admin', 'root'];
+
$this->sidebar = Sidebar::get();
}
@@ -151,7 +153,8 @@ class Admin_IliasInterfaceController extends AuthenticatedController
'author_role_name' => 'Author',
'author_role' => '',
- 'author_perm' => 'tutor'
+ 'author_perm' => 'tutor',
+ 'additional_roles' => []
];
// fetch existing indicies from previously connected ILIAS installations
@@ -258,6 +261,9 @@ class Admin_IliasInterfaceController extends AuthenticatedController
{
$this->ilias_config = $this->ilias_configs[$index];
$this->ilias_index = $index;
+
+ $connected_ilias = new ConnectedIlias($index);
+ $this->global_roles = $connected_ilias->soap_client->getRoles('global', -1);
}
/**
@@ -283,7 +289,7 @@ class Admin_IliasInterfaceController extends AuthenticatedController
{
CSRFProtection::verifyUnsafeRequest();
- if (Request::submitted('submit')) {
+ if (Request::submittedSome('submit', 'add_additional_role', 'remove_additional_role')) {
// set basic server settings
if (Request::getInstance()->offsetExists('ilias_name')) {
$this->ilias_configs[$index]['name'] = Request::get('ilias_name');
@@ -373,10 +379,59 @@ class Admin_IliasInterfaceController extends AuthenticatedController
// set permissions settings
if (Request::getInstance()->offsetExists('ilias_author_role_name')) {
+ $this->global_roles = $connected_ilias->soap_client->getRoles('global', -1);
$this->ilias_configs[$index]['author_role_name'] = Request::get('ilias_author_role_name');
$this->ilias_configs[$index]['author_perm'] = Request::get('ilias_author_perm');
$this->ilias_configs[$index]['allow_change_account'] = Request::get('ilias_allow_change_account');
+ // remove ilias role assignment
+ if (
+ Request::submitted('remove_additional_role')
+ && Request::option('studip_role')
+ && array_key_exists('additional_roles', $this->ilias_configs[$index])
+ ) {
+ $studip_role = Request::option('studip_role');
+ $ilias_role = Request::option('remove_additional_role');
+ if (
+ in_array($studip_role, $this->studip_roles)
+ && array_key_exists($studip_role, $this->ilias_configs[$index]['additional_roles'])
+ && array_key_exists($ilias_role, $this->ilias_configs[$index]['additional_roles'][$studip_role])
+ ) {
+ unset($this->ilias_configs[$index]['additional_roles'][$studip_role][$ilias_role]);
+ PageLayout::postSuccess(sprintf(_('ILIAS-Rollenzuweisung der Stud.IP-Rechtestufe %s wurde entfernt.'), $studip_role));
+ }
+ }
+
+ // add ilias role assignment
+ if (
+ Request::submitted('add_additional_role')
+ && Request::option('add_studip_role')
+ && Request::option('add_ilias_role')
+ ) {
+ $studip_role = Request::option('add_studip_role');
+ $ilias_role = Request::option('add_ilias_role');
+ $role_already_assigned = false;
+ if (!array_key_exists('additional_roles', $this->ilias_configs[$index])) {
+ $this->ilias_configs[$index]['additional_roles'] = [];
+ }
+ if (
+ in_array($studip_role, $this->studip_roles)
+ && (array_key_exists($ilias_role, $this->global_roles))
+ ) {
+ if (!array_key_exists($studip_role, $this->ilias_configs[$index]['additional_roles'])) {
+ $this->ilias_configs[$index]['additional_roles'][$studip_role] = [];
+ }
+ if (array_key_exists($ilias_role, $this->global_roles)) {
+ $this->ilias_configs[$index]['additional_roles'][$studip_role][$ilias_role] = [
+ 'id' => $this->global_roles[$ilias_role]['id'],
+ 'name' => $this->global_roles[$ilias_role]['name']];
+ PageLayout::postSuccess(sprintf(_('ILIAS-Rolle %s wird Stud.IP-Rechtestufe %s zugewiesen.'), $this->global_roles[$ilias_role]['name'], $studip_role));
+ } else {
+ PageLayout::postError(_('ILIAS-Rolle nicht gefunden.'));
+ }
+ }
+ }
+
//store config entry
Config::get()->store('ILIAS_INTERFACE_SETTINGS', $this->ilias_configs);
PageLayout::postSuccess(_('ILIAS-Berechtigungseinstellungen wurden gespeichert.'));
diff --git a/app/views/admin/ilias_interface/edit_permissions.php b/app/views/admin/ilias_interface/edit_permissions.php
index ef85091406e2e85e9a2e434d9f98162e728adb3d..3410a0265ef382578ad6753470fc31429a53a64e 100644
--- a/app/views/admin/ilias_interface/edit_permissions.php
+++ b/app/views/admin/ilias_interface/edit_permissions.php
@@ -7,26 +7,86 @@
?>
<form class="default" action="<?= $controller->url_for('admin/ilias_interface/save/'.$ilias_index) ?>" method="post">
<?= CSRFProtection::tokenTag() ?>
- <label>
- <span class="required"><?= _('Rollen-Template zum Erstellen von Lernobjekten') ?></span>
- <input type="text" name="ilias_author_role_name" size="50" maxlength="255" value="<?= $ilias_config['author_role_name'] ? htmlReady($ilias_config['author_role_name']) : 'Author' ?>" required>
- </label>
- <label>
- <span class="required"><?= _('Erforderliche Rechtestufe zum Erstellen von Lernobjekten') ?></span>
- <select name="ilias_author_perm">
- <option value="autor" <?=$ilias_config['author_perm'] == 'autor' ? 'selected' : ''?>><?=_('autor')?></option>
- <option value="tutor" <?=$ilias_config['author_perm'] == 'tutor' ? 'selected' : ''?>><?=_('tutor')?></option>
- <option value="dozent" <?=(($ilias_config['author_perm'] == 'dozent') OR ! $ilias_config['author_perm']) ? 'selected' : ''?>><?=_('dozent')?></option>
- <option value="admin" <?=$ilias_config['author_perm'] == 'admin' ? 'selected' : ''?>><?=_('admin')?></option>
- <option value="root" <?=$ilias_config['author_perm'] == 'root' ? 'selected' : ''?>><?=_('root')?></option>
- </select>
- </label>
- <label>
- <input type="checkbox" name="ilias_allow_change_account" value="1" <?= $ilias_config['allow_change_account'] ? 'checked' : '' ?>>
- <span><?= _('Stud.IP-User können sich bestehende ILIAS-Accounts manuell zuordnen') ?></span>
- </label>
+ <fieldset>
+ <legend>
+ <?= _('Anlegen von Inhalten') ?>
+ </legend>
+ <label>
+ <span class="required"><?= _('Rollentemplate zum Erstellen von Lernobjekten') ?></span>
+ <input type="text" name="ilias_author_role_name" size="50" maxlength="255" value="<?= $ilias_config['author_role_name'] ? htmlReady($ilias_config['author_role_name']) : 'Author' ?>" required>
+ </label>
+ <label>
+ <span class="required"><?= _('Erforderliche Rechtestufe zum Erstellen von Lernobjekten') ?></span>
+ <select name="ilias_author_perm">
+ <option value="autor" <?=$ilias_config['author_perm'] == 'autor' ? 'selected' : ''?>><?=_('autor')?></option>
+ <option value="tutor" <?=$ilias_config['author_perm'] == 'tutor' ? 'selected' : ''?>><?=_('tutor')?></option>
+ <option value="dozent" <?=(($ilias_config['author_perm'] == 'dozent') OR ! $ilias_config['author_perm']) ? 'selected' : ''?>><?=_('dozent')?></option>
+ <option value="admin" <?=$ilias_config['author_perm'] == 'admin' ? 'selected' : ''?>><?=_('admin')?></option>
+ <option value="root" <?=$ilias_config['author_perm'] == 'root' ? 'selected' : ''?>><?=_('root')?></option>
+ </select>
+ </label>
+ <label>
+ <input type="checkbox" name="ilias_allow_change_account" value="1" <?= $ilias_config['allow_change_account'] ? 'checked' : '' ?>>
+ <span><?= _('Stud.IP-User können sich bestehende ILIAS-Accounts manuell zuordnen') ?></span>
+ </label>
+ </fieldset>
<footer data-dialog-button>
<?= Studip\Button::createAccept(_('Speichern'), 'submit') ?>
- <?= Studip\Button::createCancel(_('Abbrechen'), 'cancel', ['data-dialog' => 'close']) ?>
+ <?= Studip\Button::createCancel(_('Schließen'), 'cancel', ['data-dialog' => 'close']) ?>
</footer>
+ <fieldset>
+ <legend>
+ <?= _('Rollenzuweisungen') ?>
+ </legend>
+ <? if (array_key_exists('additional_roles', $ilias_config) && is_array($ilias_config['additional_roles']) && is_array($global_roles)) : ?>
+ <? foreach ($ilias_config['additional_roles'] as $studip_role => $ilias_roles) : ?>
+ <? if (count($ilias_roles) > 0) : ?>
+ <div id="ilias_studip_role_<?=htmlReady($studip_role)?>"><?= sprintf(_('Rechtestufe %s erhält zusätzliche globale Rolle(n):'), htmlReady($studip_role)) ?>
+ <ul>
+ <? foreach ($ilias_roles as $role_data) : ?>
+ <li><?= htmlReady(sprintf(_('%s (ID %s)'), $role_data['name'], $role_data['id'])) ?>
+ <?= Icon::create('trash')->asInput([
+ 'class' => 'text-bottom',
+ 'title' => _('Diese Rollenzuweisung entfernen'),
+ 'data-confirm' => _('Sind Sie sicher, dass Sie diese ILIAS-Rollenzuweisung entfernen wollen?'),
+ 'formaction' => $controller->url_for(
+ 'admin/ilias_interface/save/'.$ilias_index,
+ [
+ 'remove_additional_role' => $role_data['id'],
+ 'studip_role' => $studip_role,
+ ]
+ )
+ ])?></li>
+ <? endforeach ?>
+ </ul></div>
+ <br>
+ <? endif ?>
+ <? endforeach ?>
+ <? endif ?>
+ <? if (is_array($global_roles) && is_array($studip_roles)) : ?>
+ <section>
+ <span><?= _('Stud.IP-Rechtestufe') ?></span>
+ <label>
+ <select name="add_studip_role" aria-label="<?= _('Stud.IP-Rechtestufe')?>">
+ <option><?=_('-- Bitte auswählen --')?></option>
+ <? foreach ($studip_roles as $studip_role) : ?>
+ <option><?= htmlReady($studip_role) ?></option>
+ <? endforeach ?>
+ </select>
+ </label>
+ <span><?= _('ILIAS-Rolle') ?></span>
+ <label>
+ <select name="add_ilias_role" aria-label="<?= _('ILIAS-Rolle')?>">
+ <option><?=_('-- Bitte auswählen --')?></option>
+ <? foreach ($global_roles as $role_data) : ?>
+ <option value="<?= htmlReady($role_data['id']) ?>">
+ <?= htmlReady(sprintf(_('%s (ID %s)'), $role_data['name'], $role_data['id'])) ?>
+ </option>
+ <? endforeach ?>
+ </select>
+ </label>
+ <?= Studip\Button::create(_('Zusätzliche Rolle zuweisen und speichern'), 'add_additional_role') ?>
+ </section>
+ <? endif ?>
+ </fieldset>
</form>
diff --git a/lib/ilias_interface/ConnectedIlias.php b/lib/ilias_interface/ConnectedIlias.php
index e90f75b6fde7a690ba2daf0a03ec46a365f0feef..0dc172375b25275898adb73b1b438391b9e94e08 100644
--- a/lib/ilias_interface/ConnectedIlias.php
+++ b/lib/ilias_interface/ConnectedIlias.php
@@ -383,6 +383,18 @@ class ConnectedIlias
$this->user->id = $user_id;
$this->user->login = $this->ilias_config['user_prefix'].$this->user->studip_login;
+ // add additional roles
+ $temp_user = User::find($this->user->studip_id);
+
+ if (
+ array_key_exists('additional_roles', $this->ilias_config)
+ && array_key_exists($temp_user->perms, $this->ilias_config['additional_roles'])
+ ) {
+ foreach ($this->ilias_config['additional_roles'][$temp_user->perms] as $role_data) {
+ $this->soap_client->addUserRoleEntry($user_id, $role_data['id']);
+ }
+ }
+
$this->user->setConnection(IliasUser::USER_TYPE_CREATED);
return true;
}
@@ -403,6 +415,17 @@ class ConnectedIlias
return false;
}
$update_user = new IliasUser($this->index, $this->ilias_config['version'], $user->id);
+
+ // add additional roles
+ if (
+ array_key_exists('additional_roles', $this->ilias_config)
+ && array_key_exists($user->perms, $this->ilias_config['additional_roles'])
+ ) {
+ foreach ($this->ilias_config['additional_roles'][$user->perms] as $role_data) {
+ $this->soap_client->addUserRoleEntry($update_user->id, $role_data['id']);
+ }
+ }
+
// don't update ldap user
if (! $this->ilias_config['user_prefix'] &&
$this->ilias_config['ldap_enable'] &&
@@ -412,10 +435,12 @@ class ConnectedIlias
} elseif ($this->ilias_config['no_account_updates']) {
return true;
}
+
// if user is manually connected don't update user data
if ($update_user->getUserType() == IliasUser::USER_TYPE_ORIGINAL) {
return true;
}
+
$this->soap_client->setCachingStatus(false);
$this->soap_client->clearCache();
if ($update_user->isConnected() && $update_user->id && $this->soap_client->lookupUser($update_user->login)) {
diff --git a/lib/ilias_interface/IliasSoap.php b/lib/ilias_interface/IliasSoap.php
index 7bef42f448d84209ac535ffe0396a0b49258e49e..585595b3d88fb6f1fdd47a0b4600d5921310a47f 100644
--- a/lib/ilias_interface/IliasSoap.php
+++ b/lib/ilias_interface/IliasSoap.php
@@ -706,6 +706,41 @@ class IliasSoap extends StudipSoapClient
return false;
}
+ /**
+ * get roles
+ *
+ * gets roles of given type for given object
+ *
+ * @param string $role_type type of role (global|local|user|user_login|template or empty)
+ * @param string $id reference id, user id, or -1 for all available roles of given type
+ * @return array|false role-objects
+ */
+ public function getRoles(string $role_type, string $id)
+ {
+ $param = [
+ 'sid' => $this->getSID(),
+ 'role_type' => $role_type,
+ 'id' => $id
+ ];
+ $result = $this->call('getRoles', $param);
+ if ($result) {
+ $s = simplexml_load_string($result);
+ $role_array = [];
+
+ foreach ($s->Role as $role) {
+ $id_parts = explode('_role_', (string) $role->attributes()->id);
+ $role_array[$id_parts[1]] = [
+ 'id' => $id_parts[1],
+ 'type' => (string) $role->attributes()->role_type,
+ 'name' => (string) $role->Title,
+ 'description' => (string) $role->Description,
+ ];
+ }
+ return $role_array;
+ }
+ return false;
+ }
+
/**
* add role
*