d5/dcc/class_8ilObjSurveyAccess_8php_source.html

<?php

/*

        +-----------------------------------------------------------------------------+

        | ILIAS open source                                                           |

        +-----------------------------------------------------------------------------+

        | Copyright (c) 1998-2006 ILIAS open source, University of Cologne            |

        |                                                                             |

        | This program is free software; you can redistribute it and/or               |

        | modify it under the terms of the GNU General Public License                 |

        | as published by the Free Software Foundation; either version 2              |

        | of the License, or (at your option) any later version.                      |

        |                                                                             |

        | This program is distributed in the hope that it will be useful,             |

        | but WITHOUT ANY WARRANTY; without even the implied warranty of              |

        | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |

        | GNU General Public License for more details.                                |

        |                                                                             |

        | You should have received a copy of the GNU General Public License           |

        | along with this program; if not, write to the Free Software                 |

        | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |

        +-----------------------------------------------------------------------------+

*/


include_once "./Services/Object/classes/class.ilObjectAccess.php";

include_once './Services/AccessControl/interfaces/interface.ilConditionHandling.php';


class ilObjSurveyAccess extends ilObjectAccess implements ilConditionHandling

{


        public static function getConditionOperators()

        {

                include_once './Services/AccessControl/classes/class.ilConditionHandler.php';

                return array(

                        ilConditionHandler::OPERATOR_FINISHED

                );

        }


        public static function checkCondition($a_svy_id,$a_operator,$a_value,$a_usr_id)

        {

                switch($a_operator)

                {

                        case ilConditionHandler::OPERATOR_FINISHED:

                                include_once("./Modules/Survey/classes/class.ilObjSurveyAccess.php");

                                if (ilObjSurveyAccess::_lookupFinished($a_svy_id, $a_usr_id))

                                {

                                        return true;

                                }

                                else

                                {

                                        return false;

                                }

                                break;


                        default:

                                return true;

                }

                return true;

        }


        function _checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id = "")

        {

                global $ilUser, $lng, $rbacsystem, $ilAccess;


                if ($a_user_id == "")

                {

                        $a_user_id = $ilUser->getId();

                }


                $is_admin = $rbacsystem->checkAccessOfUser($a_user_id,'write',$a_ref_id);


                // check "global" online switch

                if(!self::_lookupOnline($a_obj_id) && !$is_admin)

                {

                        $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("offline"));

                        return false;

                }


                switch ($a_permission)

                {

                        case "visible":

                        case "read":

                                if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id) &&

                                        !$is_admin)

                                {

                                        $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));

                                        return false;

                                }

                                break;

                }


                switch ($a_cmd)

                {

                        case "run":

                                if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)

                                        || !(ilObjSurveyAccess::_lookupOnline($a_obj_id) == 1))

                                {

                                        $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));

                                        return false;

                                }

                                break;


                        case "evaluation":

                                if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id))

                                {

                                        $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));

                                        return false;

                                }

                                if ($rbacsystem->checkAccess("write",$a_ref_id) || ilObjSurveyAccess::_hasEvaluationAccess($a_obj_id, $a_user_id))

                                {

                                        return true;

                                }

                                else

                                {

                                        $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));

                                        return false;

                                }

                                break;

                }


                return true;

        }


        static function _getCommands()

        {

                $commands = array

                (

                        array("permission" => "read", "cmd" => "infoScreen", "lang_var" => "svy_run", "default" => true),

                        array("permission" => "write", "cmd" => "questionsrepo", "lang_var" => "edit_questions"),

                        array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),

                        array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")

                );


                return $commands;

        }


        //

        // object specific access related methods

        //


        static function _lookupCreationComplete($a_obj_id)

        {

                global $ilDB;


                $result = $ilDB->queryF("SELECT * FROM svy_svy WHERE obj_fi=%s",

                        array('integer'),

                        array($a_obj_id)

                );


                if ($result->numRows() == 1)

                {

                        $row = $ilDB->fetchAssoc($result);

                }

                if (!$row["complete"])

                {

                        return false;

                }

                return true;

        }


        static function _lookupEvaluationAccess($a_obj_id)

        {

                global $ilDB;


                $result = $ilDB->queryF("SELECT * FROM svy_svy WHERE obj_fi=%s",

                        array('integer'),

                        array($a_obj_id)

                );

                if ($result->numRows() == 1)

                {

                        $row = $ilDB->fetchAssoc($result);

                }


                return $row["evaluation_access"];

        }


        static function _isSurveyParticipant($user_id, $survey_id)

        {

                global $ilDB;


                $result = $ilDB->queryF("SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",

                        array('integer','integer'),

                        array($user_id, $survey_id)

                );

                return ($result->numRows() == 1) ? true : false;

        }


        static function _lookupAnonymize($a_obj_id)

        {

                global $ilDB;


                $result = $ilDB->queryF("SELECT anonymize FROM svy_svy WHERE obj_fi = %s",

                        array('integer'),

                        array($a_obj_id)

                );

                if ($result->numRows() == 1)

                {

                        $row = $ilDB->fetchAssoc($result);

                        return $row["anonymize"];

                }

                else

                {

                        return 0;

                }

        }


        static function _hasEvaluationAccess($a_obj_id, $user_id)

        {

                $evaluation_access = ilObjSurveyAccess::_lookupEvaluationAccess($a_obj_id);

                switch ($evaluation_access)

                {

                        case 0:

                                // no evaluation access

                                return false;

                                break;

                        case 1:

                                // evaluation access for all registered users

                                if (($user_id > 0) && ($user_id != ANONYMOUS_USER_ID))

                                {

                                        return true;

                                }

                                else

                                {

                                        return false;

                                }

                                break;

                        case 2:

                                if(!self::_lookup360Mode($a_obj_id))

                                {

                                        // evaluation access for participants

                                        // check if the user with the given id is a survey participant


                                        // show the evaluation button for anonymized surveys for all users

                                        // access is only granted with the survey access code

                                        if (ilObjSurveyAccess::_lookupAnonymize($a_obj_id) == 1) return true;


                                        global $ilDB;

                                        $result = $ilDB->queryF("SELECT survey_id FROM svy_svy WHERE obj_fi = %s",

                                                array('integer'),

                                                array($a_obj_id)

                                        );

                                        if ($result->numRows() == 1)

                                        {

                                                $row = $ilDB->fetchAssoc($result);


                                                if (ilObjSurveyAccess::_isSurveyParticipant($user_id, $row["survey_id"]))

                                                {

                                                        return true;

                                                }

                                        }

                                        return false;

                                }

                                // 360°

                                else

                                {

                                        include_once "Modules/Survey/classes/class.ilObjSurvey.php";

                                        $svy = new ilObjSurvey($a_obj_id, false);

                                        $svy->read();

                                        switch($svy->get360Results())

                                        {

                                                case ilObjSurvey::RESULTS_360_NONE:

                                                        return false;


                                                case ilObjSurvey::RESULTS_360_OWN:

                                                        return $svy->isAppraiseeClosed($user_id);


                                                case ilObjSurvey::RESULTS_360_ALL:

                                                        return $svy->isAppraisee($user_id);

                                        }

                                }

                                break;

                }

        }


        static function _lookupOnline($a_obj_id)

        {

                global $ilDB;


                $result = $ilDB->queryF("SELECT * FROM svy_svy WHERE obj_fi=%s",

                        array('integer'),

                        array($a_obj_id)

                );

                if ($result->numRows() == 1) {

                        $row = $ilDB->fetchAssoc($result);

                }


                return $row["status"];

        }


        static function _lookupFinished($a_obj_id, $a_user_id = "")

        {

                global $ilDB, $ilUser;


                $finished = "";

                if (!strlen($a_user_id)) $a_user_id = $ilUser->getId();


                $result = $ilDB->queryF("SELECT * FROM svy_svy WHERE obj_fi = %s",

                        array('integer'),

                        array($a_obj_id)

                );

                if ($result->numRows() == 1)

                {

                        $row = $ilDB->fetchObject($result);

                        if ($row->anonymize == 1)

                        {

                                $result = $ilDB->queryF("SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s ".

                                        "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s ".

                                        "AND svy_anonymous.survey_key = svy_finished.anonymous_id",

                                        array('integer','text'),

                                        array($row->survey_id, md5($a_user_id))

                                );

                        }

                        else

                        {

                                $result = $ilDB->queryF("SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",

                                        array('integer','integer'),

                                        array($row->survey_id, $a_user_id)

                                );

                        }

                        if ($result->numRows() == 1)

                        {

                                $foundrow = $ilDB->fetchAssoc($result);

                                $finished = (int)$foundrow["state"];

                        }

                }


                return $finished;

        }


        static function _lookup360Mode($a_obj_id)

        {

                global $ilDB;


                $result = $ilDB->queryF("SELECT mode_360 FROM svy_svy".

                        " WHERE obj_fi = %s AND mode_360 = %s",

                        array('integer','integer'),

                        array($a_obj_id, 1)

                );

                return (bool)$ilDB->numRows($result);

        }


        static function _checkGoto($a_target)

        {

                global $ilAccess;


                $t_arr = explode("_", $a_target);


                if ($t_arr[0] != "svy" || ((int) $t_arr[1]) <= 0)

                {

                        return false;

                }


                // 360° external raters

                if ($_GET["accesscode"])

                {

                        include_once "Modules/Survey/classes/class.ilObjSurvey.php";

                        if(ilObjSurvey::validateExternalRaterCode($t_arr[1], $_GET["accesscode"]))

                        {

                                return true;

                        }

                }


                if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||

                        $ilAccess->checkAccess("read", "", $t_arr[1]))

                {

                        return true;

                }

                return false;

        }

}


?>

$row
$row
Definition: 10autofilter-selection-1.php:74

$result
$result
Definition: CleanUpTest.php:407

$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12

php
An exception for terminatinating execution or to throw for unit testing.

IL_NO_OBJECT_ACCESS
const IL_NO_OBJECT_ACCESS
Definition: class.ilAccessInfo.php:26

ilConditionHandler\OPERATOR_FINISHED
const OPERATOR_FINISHED
Definition: class.ilConditionHandler.php:69

ilObjSurveyAccess
Class ilObjSurveyAccess.
Definition: class.ilObjSurveyAccess.php:38

ilObjSurveyAccess\_isSurveyParticipant
static _isSurveyParticipant($user_id, $survey_id)
Definition: class.ilObjSurveyAccess.php:232

ilObjSurveyAccess\_lookupEvaluationAccess
static _lookupEvaluationAccess($a_obj_id)
get evaluation access
Definition: class.ilObjSurveyAccess.php:216

ilObjSurveyAccess\getConditionOperators
static getConditionOperators()
Get possible conditions operators.
Definition: class.ilObjSurveyAccess.php:43

ilObjSurveyAccess\_lookup360Mode
static _lookup360Mode($a_obj_id)
Definition: class.ilObjSurveyAccess.php:393

ilObjSurveyAccess\_getCommands
static _getCommands()
get commands
Definition: class.ilObjSurveyAccess.php:173

ilObjSurveyAccess\_checkAccess
_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id="")
Checks wether a user may invoke a command or not (this method is called by ilAccessHandler::checkAcce...
Definition: class.ilObjSurveyAccess.php:97

ilObjSurveyAccess\checkCondition
static checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
check condition
Definition: class.ilObjSurveyAccess.php:60

ilObjSurveyAccess\_lookupOnline
static _lookupOnline($a_obj_id)
get status
Definition: class.ilObjSurveyAccess.php:333

ilObjSurveyAccess\_lookupFinished
static _lookupFinished($a_obj_id, $a_user_id="")
get finished status
Definition: class.ilObjSurveyAccess.php:353

ilObjSurveyAccess\_lookupCreationComplete
static _lookupCreationComplete($a_obj_id)
checks wether all necessary parts of the survey are given
Definition: class.ilObjSurveyAccess.php:193

ilObjSurveyAccess\_checkGoto
static _checkGoto($a_target)
check whether goto script will succeed
Definition: class.ilObjSurveyAccess.php:408

ilObjSurveyAccess\_hasEvaluationAccess
static _hasEvaluationAccess($a_obj_id, $user_id)
Definition: class.ilObjSurveyAccess.php:262

ilObjSurveyAccess\_lookupAnonymize
static _lookupAnonymize($a_obj_id)
Definition: class.ilObjSurveyAccess.php:243

ilObjSurvey
Definition: class.ilObjSurvey.php:16

ilObjSurvey\RESULTS_360_OWN
const RESULTS_360_OWN
Definition: class.ilObjSurvey.php:160

ilObjSurvey\RESULTS_360_ALL
const RESULTS_360_ALL
Definition: class.ilObjSurvey.php:161

ilObjSurvey\validateExternalRaterCode
static validateExternalRaterCode($a_ref_id, $a_code)
Definition: class.ilObjSurvey.php:5811

ilObjSurvey\RESULTS_360_NONE
const RESULTS_360_NONE
Definition: class.ilObjSurvey.php:159

ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:17

ilConditionHandling
Interface for condition handling.
Definition: interface.ilConditionHandling.php:11

$lng
global $lng
Definition: privfeed.php:17

$ilDB
global $ilDB
Definition: storeScorm2004.php:19

$ilUser
$ilUser
Definition: imgupload.php:18