ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
Public Member Functions | Protected Attributes | Static Protected Attributes | Private Member Functions | Private Attributes
ilOrgUnitPositionAccess Class Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

+ Inheritance diagram for ilOrgUnitPositionAccess:
+ Collaboration diagram for ilOrgUnitPositionAccess:

Public Member Functions

 __construct (ilAccess $access)
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, string $permission)
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, int $for_user_id, string $permission)
 
 isCurrentUserBasedOnPositionsAllowedTo (string $permission, array $on_user_ids)
 
 isUserBasedOnPositionsAllowedTo (int $which_user_id, string $permission, array $on_user_ids)
 
 filterUserIdsByPositionOfCurrentUser (string $pos_perm, int $ref_id, array $user_ids)
 
 filterUserIdsByPositionOfUser (int $user_id, string $pos_perm, int $ref_id, array $user_ids)
 
 checkPositionAccess (string $pos_perm, int $ref_id)
 
 hasCurrentUserAnyPositionAccess (int $ref_id)
 
 checkRbacOrPositionPermissionAccess (string $rbac_perm, string $pos_perm, int $ref_id)
 
 filterUserIdsByRbacOrPositionOfCurrentUser (string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
 
 hasUserRBACorAnyPositionAccess (string $rbac_perm, int $ref_id)
 

Protected Attributes

ilOrgUnitUserAssignmentDBRepository $assignmentRepo
 
ilOrgUnitOperationDBRepository $operationRepo
 
ilOrgUnitPermissionDBRepository $permissionRepo
 

Static Protected Attributes

static array $ref_id_obj_type_map = array()
 

Private Member Functions

 getCurrentUsersId ()
 
 getTypeForRefId (int $ref_id)
 
 getObjIdForRefId (int $ref_id)
 
 isPositionActiveForRefId (int $ref_id)
 

Private Attributes

ilOrgUnitGlobalSettings $set
 
ilAccess $access
 
ilObjUser $user
 

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning Class ilOrgUnitPositionAccess

Author
Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch

Definition at line 24 of file class.ilOrgUnitPositionAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilOrgUnitPositionAccess::__construct ( ilAccess  $access)

Definition at line 34 of file class.ilOrgUnitPositionAccess.php.

References $access, $DIC, $dic, ILIAS\Repository\access(), ilOrgUnitLocalDIC\dic(), ilOrgUnitGlobalSettings\getInstance(), and ILIAS\Repository\user().

35  {
36  global $DIC;
37  $this->set = ilOrgUnitGlobalSettings::getInstance();
38  $this->access = $access;
39  $this->user = $DIC->user();
40 
41  $dic = \ilOrgUnitLocalDIC::dic();
42  $this->assignmentRepo = $dic["repo.UserAssignments"];
43  $this->operationRepo = $dic["repo.Operations"];
44  $this->permissionRepo = $dic["repo.Permissions"];
45  }
$DIC
global $DIC
Definition: shib_login.php:25
$dic
$dic
Definition: ltiresult.php:33
+ Here is the call graph for this function:

Member Function Documentation

◆ checkPositionAccess()

ilOrgUnitPositionAccess::checkPositionAccess ( string  $pos_perm,
int  $ref_id 
)
Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
Returns
bool
See also
getAvailablePositionRelatedPermissions for available permissions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 184 of file class.ilOrgUnitPositionAccess.php.

References getCurrentUsersId(), getTypeForRefId(), and isPositionActiveForRefId().

Referenced by ilAccess\checkPositionAccess(), and checkRbacOrPositionPermissionAccess().

184  : bool
185  {
186  if (!$this->isPositionActiveForRefId($ref_id)) {
187  return false;
188  }
189 
190  $operation = $this->operationRepo->find($pos_perm, $this->getTypeForRefId($ref_id));
191  if (!$operation) {
192  return false;
193  }
194  $current_user_id = $this->getCurrentUsersId();
195 
196  foreach ($this->assignmentRepo->getPositionsByUser($current_user_id) as $position) {
197  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
198  if ($permissions->isOperationIdSelected($operation->getOperationId())) {
199  return true;
200  }
201  }
202 
203  return false;
204  }
$ref_id
$ref_id
Definition: ltiauth.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkRbacOrPositionPermissionAccess()

ilOrgUnitPositionAccess::checkRbacOrPositionPermissionAccess ( string  $rbac_perm,
string  $pos_perm,
int  $ref_id 
)
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 226 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\access(), checkPositionAccess(), and isPositionActiveForRefId().

Referenced by ilAccess\checkRbacOrPositionPermissionAccess().

226  : bool
227  {
228  // If RBAC allows, just return true
229  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
230  return true;
231  }
232 
233  if (!$this->isPositionActiveForRefId($ref_id)) {
234  return false;
235  }
236 
237  return $this->checkPositionAccess($pos_perm, $ref_id);
238  }
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:184
$ref_id
$ref_id
Definition: ltiauth.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByPositionOfCurrentUser()

ilOrgUnitPositionAccess::filterUserIdsByPositionOfCurrentUser ( string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
int[]$user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 101 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsByPositionOfUser(), and getCurrentUsersId().

Referenced by ilAccess\filterUserIdsByPositionOfCurrentUser(), and filterUserIdsByRbacOrPositionOfCurrentUser().

101  : array
102  {
103  $current_user_id = $this->getCurrentUsersId();
104 
105  return $this->filterUserIdsByPositionOfUser($current_user_id, $pos_perm, $ref_id, $user_ids);
106  }
$ref_id
$ref_id
Definition: ltiauth.php:66
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:110
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByPositionOfUser()

ilOrgUnitPositionAccess::filterUserIdsByPositionOfUser ( int  $user_id,
string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
int[]$user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 110 of file class.ilOrgUnitPositionAccess.php.

References getTypeForRefId(), isPositionActiveForRefId(), ilOrgUnitAuthority\OVER_EVERYONE, ilOrgUnitAuthority\SCOPE_SAME_ORGU, ilOrgUnitAuthority\SCOPE_SUBSEQUENT_ORGUS, and ILIAS\Repository\user().

Referenced by filterUserIdsByPositionOfCurrentUser(), and ilAccess\filterUserIdsByPositionOfUser().

115  : array {
116  if (!$this->isPositionActiveForRefId($ref_id)) {
117  return [];
118  }
119 
120  $operation = $this->operationRepo->find($pos_perm, $this->getTypeForRefId($ref_id));
121  if (!$operation) {
122  return [];
123  }
124 
125  $allowed_user_ids = [];
126  foreach ($this->assignmentRepo->getPositionsByUser($user_id) as $position) {
127  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
128  if (!$permissions->isOperationIdSelected($operation->getOperationId())) {
129  continue;
130  }
131 
132  foreach ($position->getAuthorities() as $authority) {
133  switch ($authority->getOver()) {
134  case ilOrgUnitAuthority::OVER_EVERYONE:
135  switch ($authority->getScope()) {
136  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
137  $allowed = $this->assignmentRepo->getUsersByUserAndPosition(
138  $user_id,
139  $position->getId(),
140  false
141  );
142  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
143  break;
144  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
145  $allowed = $this->assignmentRepo->getUsersByUserAndPosition(
146  $user_id,
147  $position->getId(),
148  true
149  );
150  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
151  break;
152  }
153  break;
154  default:
155  switch ($authority->getScope()) {
156  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
157  $allowed = $this->assignmentRepo->getFilteredUsersByUserAndPosition(
158  $user_id,
159  $authority->getPositionId(),
160  $authority->getOver(),
161  false
162  );
163  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
164  break;
165  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
166  $allowed = $this->assignmentRepo->getFilteredUsersByUserAndPosition(
167  $user_id,
168  $authority->getPositionId(),
169  $authority->getOver(),
170  true
171  );
172  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
173  break;
174  }
175  break;
176  }
177  }
178  }
179  $allowed_user_ids[] = $this->user->getId();
180  return array_intersect($user_ids, $allowed_user_ids);
181  }
$ref_id
$ref_id
Definition: ltiauth.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByRbacOrPositionOfCurrentUser()

ilOrgUnitPositionAccess::filterUserIdsByRbacOrPositionOfCurrentUser ( string  $rbac_perm,
string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 241 of file class.ilOrgUnitPositionAccess.php.

References $DIC, ILIAS\Repository\access(), and filterUserIdsByPositionOfCurrentUser().

Referenced by ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

246  : array {
247  global $DIC;
248 
249  // If RBAC allows, just return true
250  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
251  return $user_ids;
252  }
253 
254  return $this->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
255  }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:101
$ref_id
$ref_id
Definition: ltiauth.php:66
$DIC
global $DIC
Definition: shib_login.php:25
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsForCurrentUsersPositionsAndPermission()

ilOrgUnitPositionAccess::filterUserIdsForCurrentUsersPositionsAndPermission ( array  $user_ids,
string  $permission 
)
Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 49 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsForUsersPositionsAndPermission(), and getCurrentUsersId().

Referenced by ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

52  : array {
53  $current_user_id = $this->getCurrentUsersId();
54  return $this->filterUserIdsForUsersPositionsAndPermission($user_ids, $current_user_id, $permission);
55  }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:60
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsForUsersPositionsAndPermission()

ilOrgUnitPositionAccess::filterUserIdsForUsersPositionsAndPermission ( array  $user_ids,
int  $for_user_id,
string  $permission 
)
Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 60 of file class.ilOrgUnitPositionAccess.php.

Referenced by filterUserIdsForCurrentUsersPositionsAndPermission(), ilAccess\filterUserIdsForUsersPositionsAndPermission(), and isUserBasedOnPositionsAllowedTo().

64  : array {
65  $assignment_of_user = $this->assignmentRepo->getByUsers([$for_user_id]);
66  $other_users_in_same_org_units = [];
67  foreach ($assignment_of_user as $assignment) {
68  $other_users_in_same_org_units += $this->assignmentRepo->getUsersByOrgUnits([$assignment->getOrguId()]);
69  }
70 
71  return array_intersect($user_ids, $other_users_in_same_org_units);
72  }
+ Here is the caller graph for this function:

◆ getCurrentUsersId()

ilOrgUnitPositionAccess::getCurrentUsersId ( )
private

Definition at line 272 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\user().

Referenced by checkPositionAccess(), filterUserIdsByPositionOfCurrentUser(), filterUserIdsForCurrentUsersPositionsAndPermission(), hasCurrentUserAnyPositionAccess(), and isCurrentUserBasedOnPositionsAllowedTo().

272  : int
273  {
274  return $this->user->getId();
275  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getObjIdForRefId()

ilOrgUnitPositionAccess::getObjIdForRefId ( int  $ref_id)
private

Definition at line 287 of file class.ilOrgUnitPositionAccess.php.

References ilObject\_lookupObjectId().

Referenced by isPositionActiveForRefId().

287  : int
288  {
289  return ilObject2::_lookupObjectId($ref_id);
290  }
$ref_id
$ref_id
Definition: ltiauth.php:66
ilObject\_lookupObjectId
static _lookupObjectId(int $ref_id)
Definition: class.ilObject.php:1117
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getTypeForRefId()

ilOrgUnitPositionAccess::getTypeForRefId ( int  $ref_id)
private

Definition at line 278 of file class.ilOrgUnitPositionAccess.php.

References $ref_id, and ilObject\_lookupType().

Referenced by checkPositionAccess(), and filterUserIdsByPositionOfUser().

278  : string
279  {
280  if (!isset(self::$ref_id_obj_type_map[$ref_id])) {
281  self::$ref_id_obj_type_map[$ref_id] = ilObject2::_lookupType($ref_id, true);
282  }
283 
284  return self::$ref_id_obj_type_map[$ref_id];
285  }
$ref_id
$ref_id
Definition: ltiauth.php:66
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1085
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasCurrentUserAnyPositionAccess()

ilOrgUnitPositionAccess::hasCurrentUserAnyPositionAccess ( int  $ref_id)
Parameters
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 207 of file class.ilOrgUnitPositionAccess.php.

References getCurrentUsersId(), and isPositionActiveForRefId().

Referenced by ilAccess\hasCurrentUserAnyPositionAccess(), and hasUserRBACorAnyPositionAccess().

207  : bool
208  {
209  if (!$this->isPositionActiveForRefId($ref_id)) {
210  return false;
211  }
212 
213  $current_user_id = $this->getCurrentUsersId();
214 
215  foreach ($this->assignmentRepo->getPositionsByUser($current_user_id) as $position) {
216  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
217  if (count($permissions->getOperations()) > 0) {
218  return true;
219  }
220  }
221 
222  return false;
223  }
$ref_id
$ref_id
Definition: ltiauth.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasUserRBACorAnyPositionAccess()

ilOrgUnitPositionAccess::hasUserRBACorAnyPositionAccess ( string  $rbac_perm,
int  $ref_id 
)

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 258 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\access(), and hasCurrentUserAnyPositionAccess().

Referenced by ilAccess\hasUserRBACorAnyPositionAccess().

258  : bool
259  {
260  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
261  return true;
262  }
263 
264  return $this->hasCurrentUserAnyPositionAccess($ref_id);
265  }
$ref_id
$ref_id
Definition: ltiauth.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isCurrentUserBasedOnPositionsAllowedTo()

ilOrgUnitPositionAccess::isCurrentUserBasedOnPositionsAllowedTo ( string  $permission,
array  $on_user_ids 
)
Parameters
int[]$on_user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 75 of file class.ilOrgUnitPositionAccess.php.

References getCurrentUsersId(), and isUserBasedOnPositionsAllowedTo().

Referenced by ilAccess\isCurrentUserBasedOnPositionsAllowedTo().

75  : bool
76  {
77  $current_user_id = $this->getCurrentUsersId();
78 
79  return $this->isUserBasedOnPositionsAllowedTo($current_user_id, $permission, $on_user_ids);
80  }
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:84
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isPositionActiveForRefId()

ilOrgUnitPositionAccess::isPositionActiveForRefId ( int  $ref_id)
private

Definition at line 292 of file class.ilOrgUnitPositionAccess.php.

References getObjIdForRefId().

Referenced by checkPositionAccess(), checkRbacOrPositionPermissionAccess(), filterUserIdsByPositionOfUser(), and hasCurrentUserAnyPositionAccess().

292  : bool
293  {
294  $obj_id = $this->getObjIdForRefId($ref_id); // TODO this will change to ref_id!!
295 
296  return $this->set->isPositionAccessActiveForObject($obj_id);
297  }
$ref_id
$ref_id
Definition: ltiauth.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isUserBasedOnPositionsAllowedTo()

ilOrgUnitPositionAccess::isUserBasedOnPositionsAllowedTo ( int  $which_user_id,
string  $permission,
array  $on_user_ids 
)
Parameters
int[]$on_user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 84 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsForUsersPositionsAndPermission().

Referenced by isCurrentUserBasedOnPositionsAllowedTo(), and ilAccess\isUserBasedOnPositionsAllowedTo().

88  : bool {
89  $filtered_user_ids = $this->filterUserIdsForUsersPositionsAndPermission(
90  $on_user_ids,
91  $which_user_id,
92  $permission
93  );
94 
95  return ($on_user_ids === array_intersect($on_user_ids, $filtered_user_ids)
96  && $filtered_user_ids === array_intersect($filtered_user_ids, $on_user_ids));
97  }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:60
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $access

ilAccess ilOrgUnitPositionAccess::$access
private

Definition at line 28 of file class.ilOrgUnitPositionAccess.php.

Referenced by __construct().

◆ $assignmentRepo

ilOrgUnitUserAssignmentDBRepository ilOrgUnitPositionAccess::$assignmentRepo
protected

Definition at line 30 of file class.ilOrgUnitPositionAccess.php.

◆ $operationRepo

ilOrgUnitOperationDBRepository ilOrgUnitPositionAccess::$operationRepo
protected

Definition at line 31 of file class.ilOrgUnitPositionAccess.php.

◆ $permissionRepo

ilOrgUnitPermissionDBRepository ilOrgUnitPositionAccess::$permissionRepo
protected

Definition at line 32 of file class.ilOrgUnitPositionAccess.php.

◆ $ref_id_obj_type_map

array ilOrgUnitPositionAccess::$ref_id_obj_type_map = array()
staticprotected

Definition at line 26 of file class.ilOrgUnitPositionAccess.php.

◆ $set

ilOrgUnitGlobalSettings ilOrgUnitPositionAccess::$set
private

Definition at line 27 of file class.ilOrgUnitPositionAccess.php.

◆ $user

ilObjUser ilOrgUnitPositionAccess::$user
private

Definition at line 29 of file class.ilOrgUnitPositionAccess.php.

The documentation for this class was generated from the following file: