ILIAS  release_4-4 Revision
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 include_once "./Services/Object/classes/class.ilObjectAccess.php";
25 
37 {
53  function _checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id = "")
54  {
55  global $ilUser, $lng, $rbacsystem, $ilAccess;
56 
57  if ($a_user_id == "")
58  {
59  $a_user_id = $ilUser->getId();
60  }
61 
62  $is_admin = $rbacsystem->checkAccessOfUser($a_user_id,'write',$a_ref_id);
63 
64  // check "global" online switch
65  if(!self::_lookupOnline($a_obj_id) && !$is_admin)
66  {
67  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("offline"));
68  return false;
69  }
70 
71  switch ($a_permission)
72  {
73  case "visible":
74  case "read":
76  !$is_admin)
77  {
78  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
79  return false;
80  }
81  break;
82  }
83 
84  switch ($a_cmd)
85  {
86  case "run":
88  || !(ilObjSurveyAccess::_lookupOnline($a_obj_id) == 1))
89  {
90  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
91  return false;
92  }
93  break;
94 
95  case "evaluation":
97  {
98  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
99  return false;
100  }
101  if ($rbacsystem->checkAccess("write",$a_ref_id) || ilObjSurveyAccess::_hasEvaluationAccess($a_obj_id, $a_user_id))
102  {
103  return true;
104  }
105  else
106  {
107  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
108  return false;
109  }
110  break;
111  }
112 
113  return true;
114  }
115 
116 
129  function _getCommands()
130  {
131  $commands = array
132  (
133  array("permission" => "read", "cmd" => "infoScreen", "lang_var" => "svy_run", "default" => true),
134  array("permission" => "write", "cmd" => "questionsrepo", "lang_var" => "edit_questions"),
135  array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
136  array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
137  );
138 
139  return $commands;
140  }
141 
142  //
143  // object specific access related methods
144  //
145 
149  function _lookupCreationComplete($a_obj_id)
150  {
151  global $ilDB;
152 
153  $result = $ilDB->queryF("SELECT * FROM svy_svy WHERE obj_fi=%s",
154  array('integer'),
155  array($a_obj_id)
156  );
157 
158  if ($result->numRows() == 1)
159  {
160  $row = $ilDB->fetchAssoc($result);
161  }
162  if (!$row["complete"])
163  {
164  return false;
165  }
166  return true;
167  }
168 
172  function _lookupEvaluationAccess($a_obj_id)
173  {
174  global $ilDB;
175 
176  $result = $ilDB->queryF("SELECT * FROM svy_svy WHERE obj_fi=%s",
177  array('integer'),
178  array($a_obj_id)
179  );
180  if ($result->numRows() == 1)
181  {
182  $row = $ilDB->fetchAssoc($result);
183  }
184 
185  return $row["evaluation_access"];
186  }
187 
188  function _isSurveyParticipant($user_id, $survey_id)
189  {
190  global $ilDB;
191 
192  $result = $ilDB->queryF("SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
193  array('integer','integer'),
194  array($user_id, $survey_id)
195  );
196  return ($result->numRows() == 1) ? true : false;
197  }
198 
199  function _lookupAnonymize($a_obj_id)
200  {
201  global $ilDB;
202 
203  $result = $ilDB->queryF("SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
204  array('integer'),
205  array($a_obj_id)
206  );
207  if ($result->numRows() == 1)
208  {
209  $row = $ilDB->fetchAssoc($result);
210  return $row["anonymize"];
211  }
212  else
213  {
214  return 0;
215  }
216  }
217 
218  function _hasEvaluationAccess($a_obj_id, $user_id)
219  {
220  $evaluation_access = ilObjSurveyAccess::_lookupEvaluationAccess($a_obj_id);
221  switch ($evaluation_access)
222  {
223  case 0:
224  // no evaluation access
225  return false;
226  break;
227  case 1:
228  // evaluation access for all registered users
229  if (($user_id > 0) && ($user_id != ANONYMOUS_USER_ID))
230  {
231  return true;
232  }
233  else
234  {
235  return false;
236  }
237  break;
238  case 2:
239  if(!self::_lookup360Mode($a_obj_id))
240  {
241  // evaluation access for participants
242  // check if the user with the given id is a survey participant
243 
244  // show the evaluation button for anonymized surveys for all users
245  // access is only granted with the survey access code
246  if (ilObjSurveyAccess::_lookupAnonymize($a_obj_id) == 1) return true;
247 
248  global $ilDB;
249  $result = $ilDB->queryF("SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
250  array('integer'),
251  array($a_obj_id)
252  );
253  if ($result->numRows() == 1)
254  {
255  $row = $ilDB->fetchAssoc($result);
256 
257  if (ilObjSurveyAccess::_isSurveyParticipant($user_id, $row["survey_id"]))
258  {
259  return true;
260  }
261  }
262  return false;
263  }
264  // 360°
265  else
266  {
267  include_once "Modules/Survey/classes/class.ilObjSurvey.php";
268  $svy = new ilObjSurvey($a_obj_id, false);
269  $svy->read();
270  switch($svy->get360Results())
271  {
273  return false;
274 
276  return $svy->isAppraiseeClosed($user_id);
277 
279  return $svy->isAppraisee($user_id);
280  }
281  }
282  break;
283  }
284  }
285 
289  function _lookupOnline($a_obj_id)
290  {
291  global $ilDB;
292 
293  $result = $ilDB->queryF("SELECT * FROM svy_svy WHERE obj_fi=%s",
294  array('integer'),
295  array($a_obj_id)
296  );
297  if ($result->numRows() == 1) {
298  $row = $ilDB->fetchAssoc($result);
299  }
300 
301  return $row["status"];
302  }
303 
309  function _lookupFinished($a_obj_id, $a_user_id = "")
310  {
311  global $ilDB, $ilUser;
312 
313  $finished = "";
314  if (!strlen($a_user_id)) $a_user_id = $ilUser->getId();
315 
316  $result = $ilDB->queryF("SELECT * FROM svy_svy WHERE obj_fi = %s",
317  array('integer'),
318  array($a_obj_id)
319  );
320  if ($result->numRows() == 1)
321  {
322  $row = $ilDB->fetchObject($result);
323  if ($row->anonymize == 1)
324  {
325  $result = $ilDB->queryF("SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s ".
326  "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s ".
327  "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
328  array('integer','text'),
329  array($row->survey_id, md5($a_user_id))
330  );
331  }
332  else
333  {
334  $result = $ilDB->queryF("SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
335  array('integer','integer'),
336  array($row->survey_id, $a_user_id)
337  );
338  }
339  if ($result->numRows() == 1)
340  {
341  $foundrow = $ilDB->fetchAssoc($result);
342  $finished = (int)$foundrow["state"];
343  }
344  }
345 
346  return $finished;
347  }
348 
349  function _lookup360Mode($a_obj_id)
350  {
351  global $ilDB;
352 
353  $result = $ilDB->queryF("SELECT mode_360 FROM svy_svy".
354  " WHERE obj_fi = %s AND mode_360 = %s",
355  array('integer','integer'),
356  array($a_obj_id, 1)
357  );
358  return (bool)$ilDB->numRows($result);
359  }
360 
364  function _checkGoto($a_target)
365  {
366  global $ilAccess;
367 
368  $t_arr = explode("_", $a_target);
369 
370  if ($t_arr[0] != "svy" || ((int) $t_arr[1]) <= 0)
371  {
372  return false;
373  }
374 
375  // 360° external raters
376  if ($_GET["accesscode"])
377  {
378  include_once "Modules/Survey/classes/class.ilObjSurvey.php";
379  if(ilObjSurvey::validateExternalRaterCode($t_arr[1], $_GET["accesscode"]))
380  {
381  return true;
382  }
383  }
384 
385  if ($ilAccess->checkAccess("read", "", $t_arr[1]))
386  {
387  return true;
388  }
389  return false;
390  }
391 }
392 
393 ?>
$result
static validateExternalRaterCode($a_ref_id, $a_code)
$_GET["client_id"]
const IL_NO_OBJECT_ACCESS
_lookupEvaluationAccess($a_obj_id)
get evaluation access
_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id="")
Checks wether a user may invoke a command or not (this method is called by ilAccessHandler::checkAcce...
_isSurveyParticipant($user_id, $survey_id)
_lookupFinished($a_obj_id, $a_user_id="")
get finished status
_lookupCreationComplete($a_obj_id)
checks wether all necessary parts of the survey are given
Class ilObjSurveyAccess.
global $ilUser
Definition: imgupload.php:15
Class ilObjectAccess.
global $lng
Definition: privfeed.php:40
_hasEvaluationAccess($a_obj_id, $user_id)
_checkGoto($a_target)
check whether goto script will succeed
_lookupOnline($a_obj_id)
get status