ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24include_once "./Services/Object/classes/class.ilObjectAccess.php";
25include_once './Services/AccessControl/interfaces/interface.ilConditionHandling.php';
26
37class ilObjSurveyAccess extends ilObjectAccess implements ilConditionHandling
38{
42 protected $user;
43
47 protected $lng;
48
52 protected $rbacsystem;
53
57 protected $access;
58
59
63 public function __construct()
64 {
65 global $DIC;
66
67 $this->user = $DIC->user();
68 $this->lng = $DIC->language();
69 $this->rbacsystem = $DIC->rbac()->system();
70 $this->access = $DIC->access();
71 }
72
73
77 public static function getConditionOperators()
78 {
79 include_once './Services/AccessControl/classes/class.ilConditionHandler.php';
80 return array(
81 ilConditionHandler::OPERATOR_FINISHED
82 );
83 }
84
85
94 public static function checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
95 {
96 switch ($a_operator) {
97 case ilConditionHandler::OPERATOR_FINISHED:
98 include_once("./Modules/Survey/classes/class.ilObjSurveyAccess.php");
99 if (ilObjSurveyAccess::_lookupFinished($a_svy_id, $a_usr_id)) {
100 return true;
101 } else {
102 return false;
103 }
104 break;
105
106 default:
107 return true;
108 }
109 return true;
110 }
111
127 public function _checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id = "")
128 {
129 $ilUser = $this->user;
130 $lng = $this->lng;
131 $rbacsystem = $this->rbacsystem;
132 $ilAccess = $this->access;
133
134 if ($a_user_id == "") {
135 $a_user_id = $ilUser->getId();
136 }
137
138 $is_admin = $rbacsystem->checkAccessOfUser($a_user_id, 'write', $a_ref_id);
139
140 // check "global" online switch
141 if (!self::_lookupOnline($a_obj_id) && !$is_admin) {
142 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("offline"));
143 return false;
144 }
145
146 switch ($a_permission) {
147 case "visible":
148 case "read":
149 if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id) &&
150 !$is_admin) {
151 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
152 return false;
153 }
154 break;
155 }
156
157 switch ($a_cmd) {
158 case "run":
159 if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)
160 || !(ilObjSurveyAccess::_lookupOnline($a_obj_id) == 1)) {
161 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
162 return false;
163 }
164 break;
165
166 case "evaluation":
167 if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)) {
168 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
169 return false;
170 }
171 if ($rbacsystem->checkAccess("write", $a_ref_id) || ilObjSurveyAccess::_hasEvaluationAccess($a_obj_id, $a_user_id)) {
172 return true;
173 } else {
174 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
175 return false;
176 }
177 break;
178 }
179
180 return true;
181 }
182
183
196 public static function _getCommands()
197 {
198 $commands = array(
199 array("permission" => "read", "cmd" => "infoScreen", "lang_var" => "svy_run", "default" => true),
200 array("permission" => "write", "cmd" => "questionsrepo", "lang_var" => "edit_questions"),
201 array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
202 array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
203 );
204
205 return $commands;
206 }
207
208 //
209 // object specific access related methods
210 //
211
215 public static function _lookupCreationComplete($a_obj_id)
216 {
217 global $DIC;
218
219 $ilDB = $DIC->database();
220
221 $result = $ilDB->queryF(
222 "SELECT * FROM svy_svy WHERE obj_fi=%s",
223 array('integer'),
224 array($a_obj_id)
225 );
226
227 if ($result->numRows() == 1) {
228 $row = $ilDB->fetchAssoc($result);
229 }
230 if (!$row["complete"]) {
231 return false;
232 }
233 return true;
234 }
235
239 public static function _lookupEvaluationAccess($a_obj_id)
240 {
241 global $DIC;
242
243 $ilDB = $DIC->database();
244
245 $result = $ilDB->queryF(
246 "SELECT * FROM svy_svy WHERE obj_fi=%s",
247 array('integer'),
248 array($a_obj_id)
249 );
250 if ($result->numRows() == 1) {
251 $row = $ilDB->fetchAssoc($result);
252 }
253
254 return $row["evaluation_access"];
255 }
256
257 public static function _isSurveyParticipant($user_id, $survey_id)
258 {
259 global $DIC;
260
261 $ilDB = $DIC->database();
262
263 $result = $ilDB->queryF(
264 "SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
265 array('integer','integer'),
266 array($user_id, $survey_id)
267 );
268 return ($result->numRows() == 1) ? true : false;
269 }
270
271 public static function _lookupAnonymize($a_obj_id)
272 {
273 global $DIC;
274
275 $ilDB = $DIC->database();
276
277 $result = $ilDB->queryF(
278 "SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
279 array('integer'),
280 array($a_obj_id)
281 );
282 if ($result->numRows() == 1) {
283 $row = $ilDB->fetchAssoc($result);
284 return $row["anonymize"];
285 } else {
286 return 0;
287 }
288 }
289
290 public static function _hasEvaluationAccess($a_obj_id, $user_id)
291 {
292 $evaluation_access = ilObjSurveyAccess::_lookupEvaluationAccess($a_obj_id);
293 switch ($evaluation_access) {
294 case 0:
295 // no evaluation access
296 return false;
297 break;
298 case 1:
299 // evaluation access for all registered users
300 if (($user_id > 0) && ($user_id != ANONYMOUS_USER_ID)) {
301 return true;
302 } else {
303 return false;
304 }
305 break;
306 case 2:
307 if (!self::_lookup360Mode($a_obj_id)) {
308 // evaluation access for participants
309 // check if the user with the given id is a survey participant
310
311 // show the evaluation button for anonymized surveys for all users
312 // access is only granted with the survey access code
313 if (ilObjSurveyAccess::_lookupAnonymize($a_obj_id) == 1) {
314 return true;
315 }
316
317 global $DIC;
318
319 $ilDB = $DIC->database();
320 $result = $ilDB->queryF(
321 "SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
322 array('integer'),
323 array($a_obj_id)
324 );
325 if ($result->numRows() == 1) {
326 $row = $ilDB->fetchAssoc($result);
327
328 if (ilObjSurveyAccess::_isSurveyParticipant($user_id, $row["survey_id"])) {
329 return true;
330 }
331 }
332 return false;
333 }
334 // 360°
335 else {
336 include_once "Modules/Survey/classes/class.ilObjSurvey.php";
337 $svy = new ilObjSurvey($a_obj_id, false);
338 $svy->read();
339 switch ($svy->get360Results()) {
340 case ilObjSurvey::RESULTS_360_NONE:
341 return false;
342
343 case ilObjSurvey::RESULTS_360_OWN:
344 return $svy->isAppraiseeClosed($user_id);
345
346 case ilObjSurvey::RESULTS_360_ALL:
347 return $svy->isAppraisee($user_id);
348 }
349 }
350 break;
351 }
352 }
353
357 public static function _lookupOnline($a_obj_id)
358 {
359 global $DIC;
360
361 $ilDB = $DIC->database();
362
363 $result = $ilDB->queryF(
364 "SELECT * FROM svy_svy WHERE obj_fi=%s",
365 array('integer'),
366 array($a_obj_id)
367 );
368 if ($result->numRows() == 1) {
369 $row = $ilDB->fetchAssoc($result);
370 }
371
372 return $row["status"];
373 }
374
380 public static function _lookupFinished($a_obj_id, $a_user_id = "")
381 {
382 global $DIC;
383
384 $ilDB = $DIC->database();
385 $ilUser = $DIC->user();
386
387 $finished = "";
388 if (!strlen($a_user_id)) {
389 $a_user_id = $ilUser->getId();
390 }
391
392 $result = $ilDB->queryF(
393 "SELECT * FROM svy_svy WHERE obj_fi = %s",
394 array('integer'),
395 array($a_obj_id)
396 );
397 if ($result->numRows() == 1) {
398 $row = $ilDB->fetchObject($result);
399 if ($row->anonymize == 1) {
400 $result = $ilDB->queryF(
401 "SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s " .
402 "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s " .
403 "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
404 array('integer','text'),
405 array($row->survey_id, md5($a_user_id))
406 );
407 } else {
408 $result = $ilDB->queryF(
409 "SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
410 array('integer','integer'),
411 array($row->survey_id, $a_user_id)
412 );
413 }
414 if ($result->numRows() == 1) {
415 $foundrow = $ilDB->fetchAssoc($result);
416 $finished = (int) $foundrow["state"];
417 }
418 }
419
420 return $finished;
421 }
422
423 public static function _lookup360Mode($a_obj_id)
424 {
425 global $DIC;
426
427 $ilDB = $DIC->database();
428
429 $result = $ilDB->queryF(
430 "SELECT mode_360 FROM svy_svy" .
431 " WHERE obj_fi = %s AND mode_360 = %s",
432 array('integer','integer'),
433 array($a_obj_id, 1)
434 );
435 return (bool) $ilDB->numRows($result);
436 }
437
441 public static function _checkGoto($a_target)
442 {
443 global $DIC;
444
445 $ilAccess = $DIC->access();
446
447 $t_arr = explode("_", $a_target);
448
449 if ($t_arr[0] != "svy" || ((int) $t_arr[1]) <= 0) {
450 return false;
451 }
452
453 // 360° external raters
454 if ($_GET["accesscode"]) {
455 include_once "Modules/Survey/classes/class.ilObjSurvey.php";
456 if (ilObjSurvey::validateExternalRaterCode($t_arr[1], $_GET["accesscode"])) {
457 return true;
458 }
459 }
460
461 if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||
462 $ilAccess->checkAccess("read", "", $t_arr[1])) {
463 return true;
464 }
465 return false;
466 }
467}
$result
$result
Definition: CleanUpTest.php:463
user
user()
Definition: user.php:4
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
php
An exception for terminatinating execution or to throw for unit testing.
IL_NO_OBJECT_ACCESS
const IL_NO_OBJECT_ACCESS
Definition: class.ilAccessInfo.php:26
ilObjSurveyAccess
Class ilObjSurveyAccess.
Definition: class.ilObjSurveyAccess.php:38
ilObjSurveyAccess\_isSurveyParticipant
static _isSurveyParticipant($user_id, $survey_id)
Definition: class.ilObjSurveyAccess.php:257
ilObjSurveyAccess\_lookupEvaluationAccess
static _lookupEvaluationAccess($a_obj_id)
get evaluation access
Definition: class.ilObjSurveyAccess.php:239
ilObjSurveyAccess\getConditionOperators
static getConditionOperators()
Get possible conditions operators.
Definition: class.ilObjSurveyAccess.php:77
ilObjSurveyAccess\_lookup360Mode
static _lookup360Mode($a_obj_id)
Definition: class.ilObjSurveyAccess.php:423
ilObjSurveyAccess\_getCommands
static _getCommands()
get commands
Definition: class.ilObjSurveyAccess.php:196
ilObjSurveyAccess\_checkAccess
_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id="")
Checks wether a user may invoke a command or not (this method is called by ilAccessHandler::checkAcce...
Definition: class.ilObjSurveyAccess.php:127
ilObjSurveyAccess\checkCondition
static checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
check condition
Definition: class.ilObjSurveyAccess.php:94
ilObjSurveyAccess\_lookupOnline
static _lookupOnline($a_obj_id)
get status
Definition: class.ilObjSurveyAccess.php:357
ilObjSurveyAccess\_lookupFinished
static _lookupFinished($a_obj_id, $a_user_id="")
get finished status
Definition: class.ilObjSurveyAccess.php:380
ilObjSurveyAccess\_lookupCreationComplete
static _lookupCreationComplete($a_obj_id)
checks wether all necessary parts of the survey are given
Definition: class.ilObjSurveyAccess.php:215
ilObjSurveyAccess\_checkGoto
static _checkGoto($a_target)
check whether goto script will succeed
Definition: class.ilObjSurveyAccess.php:441
ilObjSurveyAccess\_hasEvaluationAccess
static _hasEvaluationAccess($a_obj_id, $user_id)
Definition: class.ilObjSurveyAccess.php:290
ilObjSurveyAccess\_lookupAnonymize
static _lookupAnonymize($a_obj_id)
Definition: class.ilObjSurveyAccess.php:271
ilObjSurvey\validateExternalRaterCode
static validateExternalRaterCode($a_ref_id, $a_code)
Definition: class.ilObjSurvey.php:5688
ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:17
ilConditionHandling
Interface for condition handling.
Definition: interface.ilConditionHandling.php:11
$DIC
global $DIC
Definition: saml.php:7
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
$ilUser
Definition: imgupload.php:18