ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 include_once "./Services/Object/classes/class.ilObjectAccess.php";
25 include_once './Services/AccessControl/interfaces/interface.ilConditionHandling.php';
26 
37 class ilObjSurveyAccess extends ilObjectAccess implements ilConditionHandling
38 {
42  protected $user;
43 
47  protected $lng;
48 
52  protected $rbacsystem;
53 
57  protected $access;
58 
59 
63  public function __construct()
64  {
65  global $DIC;
66 
67  $this->user = $DIC->user();
68  $this->lng = $DIC->language();
69  $this->rbacsystem = $DIC->rbac()->system();
70  $this->access = $DIC->access();
71  }
72 
73 
77  public static function getConditionOperators()
78  {
79  include_once './Services/AccessControl/classes/class.ilConditionHandler.php';
80  return array(
81  ilConditionHandler::OPERATOR_FINISHED
82  );
83  }
84 
85 
94  public static function checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
95  {
96  switch ($a_operator) {
97  case ilConditionHandler::OPERATOR_FINISHED:
98  include_once("./Modules/Survey/classes/class.ilObjSurveyAccess.php");
99  if (ilObjSurveyAccess::_lookupFinished($a_svy_id, $a_usr_id)) {
100  return true;
101  } else {
102  return false;
103  }
104  break;
105 
106  default:
107  return true;
108  }
109  return true;
110  }
111 
127  public function _checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id = "")
128  {
129  $ilUser = $this->user;
130  $lng = $this->lng;
131  $rbacsystem = $this->rbacsystem;
132  $ilAccess = $this->access;
133 
134  if ($a_user_id == "") {
135  $a_user_id = $ilUser->getId();
136  }
137 
138  $is_admin = $rbacsystem->checkAccessOfUser($a_user_id, 'write', $a_ref_id);
139 
140  // check "global" online switch
141  if (!self::_lookupOnline($a_obj_id) && !$is_admin) {
142  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("offline"));
143  return false;
144  }
145 
146  switch ($a_permission) {
147  case "visible":
148  case "read":
149  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id) &&
150  !$is_admin) {
151  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
152  return false;
153  }
154  break;
155  }
156 
157  switch ($a_cmd) {
158  case "run":
159  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)
160  || !(ilObjSurveyAccess::_lookupOnline($a_obj_id) == 1)) {
161  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
162  return false;
163  }
164  break;
165 
166  case "evaluation":
167  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)) {
168  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
169  return false;
170  }
171  if ($rbacsystem->checkAccess("write", $a_ref_id) || ilObjSurveyAccess::_hasEvaluationAccess($a_obj_id, $a_user_id)) {
172  return true;
173  } else {
174  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
175  return false;
176  }
177  break;
178  }
179 
180  return true;
181  }
182 
183 
196  public static function _getCommands()
197  {
198  $commands = array(
199  array("permission" => "read", "cmd" => "infoScreen", "lang_var" => "svy_run", "default" => true),
200  array("permission" => "write", "cmd" => "questionsrepo", "lang_var" => "edit_questions"),
201  array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
202  array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
203  );
204 
205  return $commands;
206  }
207 
208  //
209  // object specific access related methods
210  //
211 
215  public static function _lookupCreationComplete($a_obj_id)
216  {
217  global $DIC;
218 
219  $ilDB = $DIC->database();
220 
221  $result = $ilDB->queryF(
222  "SELECT * FROM svy_svy WHERE obj_fi=%s",
223  array('integer'),
224  array($a_obj_id)
225  );
226 
227  if ($result->numRows() == 1) {
228  $row = $ilDB->fetchAssoc($result);
229  }
230  if (!$row["complete"]) {
231  return false;
232  }
233  return true;
234  }
235 
239  public static function _lookupEvaluationAccess($a_obj_id)
240  {
241  global $DIC;
242 
243  $ilDB = $DIC->database();
244 
245  $result = $ilDB->queryF(
246  "SELECT * FROM svy_svy WHERE obj_fi=%s",
247  array('integer'),
248  array($a_obj_id)
249  );
250  if ($result->numRows() == 1) {
251  $row = $ilDB->fetchAssoc($result);
252  }
253 
254  return $row["evaluation_access"];
255  }
256 
257  public static function _isSurveyParticipant($user_id, $survey_id)
258  {
259  global $DIC;
260 
261  $ilDB = $DIC->database();
262 
263  $result = $ilDB->queryF(
264  "SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
265  array('integer','integer'),
266  array($user_id, $survey_id)
267  );
268  return ($result->numRows() == 1) ? true : false;
269  }
270 
271  public static function _lookupAnonymize($a_obj_id)
272  {
273  global $DIC;
274 
275  $ilDB = $DIC->database();
276 
277  $result = $ilDB->queryF(
278  "SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
279  array('integer'),
280  array($a_obj_id)
281  );
282  if ($result->numRows() == 1) {
283  $row = $ilDB->fetchAssoc($result);
284  return $row["anonymize"];
285  } else {
286  return 0;
287  }
288  }
289 
290  public static function _hasEvaluationAccess($a_obj_id, $user_id)
291  {
292  $evaluation_access = ilObjSurveyAccess::_lookupEvaluationAccess($a_obj_id);
293  switch ($evaluation_access) {
294  case 0:
295  // no evaluation access
296  return false;
297  break;
298  case 1:
299  // evaluation access for all registered users
300  if (($user_id > 0) && ($user_id != ANONYMOUS_USER_ID)) {
301  return true;
302  } else {
303  return false;
304  }
305  break;
306  case 2:
307  if (!self::_lookup360Mode($a_obj_id)) {
308  // evaluation access for participants
309  // check if the user with the given id is a survey participant
310 
311  // show the evaluation button for anonymized surveys for all users
312  // access is only granted with the survey access code
313  if (ilObjSurveyAccess::_lookupAnonymize($a_obj_id) == 1) {
314  return true;
315  }
316 
317  global $DIC;
318 
319  $ilDB = $DIC->database();
320  $result = $ilDB->queryF(
321  "SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
322  array('integer'),
323  array($a_obj_id)
324  );
325  if ($result->numRows() == 1) {
326  $row = $ilDB->fetchAssoc($result);
327 
328  if (ilObjSurveyAccess::_isSurveyParticipant($user_id, $row["survey_id"])) {
329  return true;
330  }
331  }
332  return false;
333  }
334  // 360°
335  else {
336  include_once "Modules/Survey/classes/class.ilObjSurvey.php";
337  $svy = new ilObjSurvey($a_obj_id, false);
338  $svy->read();
339  switch ($svy->get360Results()) {
340  case ilObjSurvey::RESULTS_360_NONE:
341  return false;
342 
343  case ilObjSurvey::RESULTS_360_OWN:
344  return $svy->isAppraiseeClosed($user_id);
345 
346  case ilObjSurvey::RESULTS_360_ALL:
347  return $svy->isAppraisee($user_id);
348  }
349  }
350  break;
351  }
352  }
353 
357  public static function _lookupOnline($a_obj_id)
358  {
359  global $DIC;
360 
361  $ilDB = $DIC->database();
362 
363  $result = $ilDB->queryF(
364  "SELECT * FROM svy_svy WHERE obj_fi=%s",
365  array('integer'),
366  array($a_obj_id)
367  );
368  if ($result->numRows() == 1) {
369  $row = $ilDB->fetchAssoc($result);
370  }
371 
372  return $row["status"];
373  }
374 
380  public static function _lookupFinished($a_obj_id, $a_user_id = "")
381  {
382  global $DIC;
383 
384  $ilDB = $DIC->database();
385  $ilUser = $DIC->user();
386 
387  $finished = "";
388  if (!strlen($a_user_id)) {
389  $a_user_id = $ilUser->getId();
390  }
391 
392  $result = $ilDB->queryF(
393  "SELECT * FROM svy_svy WHERE obj_fi = %s",
394  array('integer'),
395  array($a_obj_id)
396  );
397  if ($result->numRows() == 1) {
398  $row = $ilDB->fetchObject($result);
399  if ($row->anonymize == 1) {
400  $result = $ilDB->queryF(
401  "SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s " .
402  "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s " .
403  "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
404  array('integer','text'),
405  array($row->survey_id, md5($a_user_id))
406  );
407  } else {
408  $result = $ilDB->queryF(
409  "SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
410  array('integer','integer'),
411  array($row->survey_id, $a_user_id)
412  );
413  }
414  if ($result->numRows() == 1) {
415  $foundrow = $ilDB->fetchAssoc($result);
416  $finished = (int) $foundrow["state"];
417  }
418  }
419 
420  return $finished;
421  }
422 
423  public static function _lookup360Mode($a_obj_id)
424  {
425  global $DIC;
426 
427  $ilDB = $DIC->database();
428 
429  $result = $ilDB->queryF(
430  "SELECT mode_360 FROM svy_svy" .
431  " WHERE obj_fi = %s AND mode_360 = %s",
432  array('integer','integer'),
433  array($a_obj_id, 1)
434  );
435  return (bool) $ilDB->numRows($result);
436  }
437 
441  public static function _checkGoto($a_target)
442  {
443  global $DIC;
444 
445  $ilAccess = $DIC->access();
446 
447  $t_arr = explode("_", $a_target);
448 
449  if ($t_arr[0] != "svy" || ((int) $t_arr[1]) <= 0) {
450  return false;
451  }
452 
453  // 360° external raters
454  if ($_GET["accesscode"]) {
455  include_once "Modules/Survey/classes/class.ilObjSurvey.php";
456  if (ilObjSurvey::validateExternalRaterCode($t_arr[1], $_GET["accesscode"])) {
457  return true;
458  }
459  }
460 
461  if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||
462  $ilAccess->checkAccess("read", "", $t_arr[1])) {
463  return true;
464  }
465  return false;
466  }
467 }
ilObjSurveyAccess\_getCommands
static _getCommands()
get commands
Definition: class.ilObjSurveyAccess.php:196
ilObjSurveyAccess\_isSurveyParticipant
static _isSurveyParticipant($user_id, $survey_id)
Definition: class.ilObjSurveyAccess.php:257
ilObjSurveyAccess\_lookupEvaluationAccess
static _lookupEvaluationAccess($a_obj_id)
get evaluation access
Definition: class.ilObjSurveyAccess.php:239
$result
$result
Definition: CleanUpTest.php:463
$DIC
global $DIC
Definition: saml.php:7
ilObjSurvey\validateExternalRaterCode
static validateExternalRaterCode($a_ref_id, $a_code)
Definition: class.ilObjSurvey.php:5688
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
IL_NO_OBJECT_ACCESS
const IL_NO_OBJECT_ACCESS
Definition: class.ilAccessInfo.php:26
ilObjSurveyAccess\_lookupAnonymize
static _lookupAnonymize($a_obj_id)
Definition: class.ilObjSurveyAccess.php:271
ilConditionHandling
Interface for condition handling.
Definition: interface.ilConditionHandling.php:10
ilObjSurveyAccess\getConditionOperators
static getConditionOperators()
Get possible conditions operators.
Definition: class.ilObjSurveyAccess.php:77
user
user()
Definition: user.php:4
ilObjSurveyAccess\_checkAccess
_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id="")
Checks wether a user may invoke a command or not (this method is called by ilAccessHandler::checkAcce...
Definition: class.ilObjSurveyAccess.php:127
ilObjSurveyAccess\checkCondition
static checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
check condition
Definition: class.ilObjSurveyAccess.php:94
$ilUser
$ilUser
Definition: imgupload.php:18
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObjSurveyAccess
Class ilObjSurveyAccess.
Definition: class.ilObjSurveyAccess.php:37
ilObjSurveyAccess\_lookupFinished
static _lookupFinished($a_obj_id, $a_user_id="")
get finished status
Definition: class.ilObjSurveyAccess.php:380
ilObjSurveyAccess\_hasEvaluationAccess
static _hasEvaluationAccess($a_obj_id, $user_id)
Definition: class.ilObjSurveyAccess.php:290
ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:16
ilObjSurveyAccess\_lookup360Mode
static _lookup360Mode($a_obj_id)
Definition: class.ilObjSurveyAccess.php:423
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilObjSurveyAccess\_checkGoto
static _checkGoto($a_target)
check whether goto script will succeed
Definition: class.ilObjSurveyAccess.php:441
ilObjSurveyAccess\_lookupCreationComplete
static _lookupCreationComplete($a_obj_id)
checks wether all necessary parts of the survey are given
Definition: class.ilObjSurveyAccess.php:215
ilObjSurveyAccess\_lookupOnline
static _lookupOnline($a_obj_id)
get status
Definition: class.ilObjSurveyAccess.php:357