ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilIndividualAssessmentAccessHandler.php
Go to the documentation of this file.
1<?php
2require_once 'Modules/IndividualAssessment/interfaces/AccessControl/interface.IndividualAssessmentAccessHandler.php';
3require_once 'Services/AccessControl/classes/class.ilObjRole.php';
8class ilIndividualAssessmentAccessHandler implements IndividualAssessmentAccessHandler
9{
13 protected $iass;
14
18 protected $handler;
19
23 protected $admin;
24
28 protected $review;
29
33 protected $user;
34
38 protected $mass_global_permissions_cache;
39
40 const DEFAULT_ROLE = 'il_iass_member';
41
42 public function __construct(ilObjIndividualAssessment $iass, ilAccessHandler $handler, ilRbacAdmin $admin, ilRbacReview $review, ilObjUser $usr)
43 {
44 $this->iass = $iass;
45 $this->handler = $handler;
46 $this->admin = $admin;
47 $this->review = $review;
48 $this->usr = $usr;
49 $this->mass_global_permissions_cache = array();
50 }
51
55 public function checkAccessToObj($operation)
56 {
57 if ($operation == "read_learning_progress") {
58 return $this->handler->checkRbacOrPositionPermissionAccess("read_learning_progress", "read_learning_progress", $this->iass->getRefId());
59 }
60 if ($operation == "edit_learning_progress") {
61 return $this->handler->checkRbacOrPositionPermissionAccess("edit_learning_progress", "write_learning_progress", $this->iass->getRefId());
62 }
63
64 return $this->handler->checkAccessOfUser($this->usr->getId(), $operation, '', $this->iass->getRefId(), 'iass');
65 }
66
70 public function initDefaultRolesForObject(ilObjIndividualAssessment $iass)
71 {
72 $role = ilObjRole::createDefaultRole(
73 $this->getRoleTitleByObj($iass),
74 "Admin of iass obj_no." . $iass->getId(),
75 self::DEFAULT_ROLE,
76 $iass->getRefId()
77 );
78 }
79
83 public function assignUserToMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
84 {
85 return $this->admin->assignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
86 }
87
91 public function deassignUserFromMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
92 {
93 return $this->admin->deassignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
94 }
95
96 protected function getRoleTitleByObj(ilObjIndividualAssessment $iass)
97 {
98 return self::DEFAULT_ROLE . '_' . $iass->getRefId();
99 }
100
101 protected function getMemberRoleIdForObj(ilObjIndividualAssessment $iass)
102 {
103 return current($this->review->getLocalRoles($iass->getRefId()));
104 }
105
113 public function mayViewObject($use_cache = true)
114 {
115 if ($use_cache) {
116 return $this->cacheCheckAccessToObj('read');
117 }
118
119 return $this->isSystemAdmin() || $this->checkAccessToObj('read');
120 }
121
129 public function mayEditObject($use_cache = true)
130 {
131 if ($use_cache) {
132 return $this->cacheCheckAccessToObj('write');
133 }
134
135 return $this->isSystemAdmin() || $this->checkAccessToObj('write');
136 }
137
145 public function mayEditPermissions($use_cache = true)
146 {
147 if ($use_cache) {
148 return $this->cacheCheckAccessToObj('edit_permission');
149 }
150
151 return $this->isSystemAdmin() || $this->checkAccessToObj('edit_permission');
152 }
153
161 public function mayEditMembers($use_cache = true)
162 {
163 if ($use_cache) {
164 return $this->cacheCheckAccessToObj('edit_members');
165 }
166
167 return $this->isSystemAdmin() || $this->checkAccessToObj('edit_members');
168 }
169
177 public function mayViewUser($use_cache = true)
178 {
179 if ($use_cache) {
180 return $this->cacheCheckAccessToObj('read_learning_progress');
181 }
182
183 return $this->isSystemAdmin() || $this->checkAccessToObj('read_learning_progress');
184 }
185
193 public function mayGradeUser($use_cache = true)
194 {
195 if ($use_cache) {
196 return $this->cacheCheckAccessToObj('edit_learning_progress');
197 }
198
199 return $this->isSystemAdmin() || $this->checkAccessToObj('edit_learning_progress');
200 }
201
209 public function mayGradeUserById($a_user_id)
210 {
211 return $this->isSystemAdmin()
212 || ($this->mayGradeUser() && count($this->handler->filterUserIdsByRbacOrPositionOfCurrentUser("edit_learning_progress", "set_lp", $this->iass->getRefId(), [$a_user_id])) > 0);
213 }
214
222 public function mayAmendGradeUser($use_cache = true)
223 {
224 if ($use_cache) {
225 return $this->cacheCheckAccessToObj('amend_grading');
226 }
227
228 return $this->checkAccessToObj('amend_grading');
229 }
230
238 protected function cacheCheckAccessToObj($operation)
239 {
240 $iass_id = $this->iass->getId();
241 $user_id = $this->usr->getId();
242
243 if (!isset($this->mass_global_permissions_cache[$iass_id][$user_id][$operation])) {
244 $this->mass_global_permissions_cache[$iass_id][$user_id][$operation]
245 = $this->checkAccessToObj($operation);
246 }
247
248 return $this->mass_global_permissions_cache[$iass_id][$user_id][$operation];
249 }
250
256 public function isSystemAdmin()
257 {
258 return $this->review->isAssigned($this->usr->getId(), SYSTEM_ROLE_ID);
259 }
260}
php
An exception for terminatinating execution or to throw for unit testing.
ilIndividualAssessmentAccessHandler\initDefaultRolesForObject
initDefaultRolesForObject(ilObjIndividualAssessment $iass)
Create default roles at an object.
Definition: class.ilIndividualAssessmentAccessHandler.php:70
ilIndividualAssessmentAccessHandler\assignUserToMemberRole
assignUserToMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
Assign a user to the member role at an Individual assessment.
Definition: class.ilIndividualAssessmentAccessHandler.php:83
ilIndividualAssessmentAccessHandler\cacheCheckAccessToObj
cacheCheckAccessToObj($operation)
Get permission state from cache.
Definition: class.ilIndividualAssessmentAccessHandler.php:238
ilIndividualAssessmentAccessHandler\checkAccessToObj
checkAccessToObj($operation)
Can an user perform an operation on some Individual assessment?bool
Definition: class.ilIndividualAssessmentAccessHandler.php:55
ilIndividualAssessmentAccessHandler\__construct
__construct(ilObjIndividualAssessment $iass, ilAccessHandler $handler, ilRbacAdmin $admin, ilRbacReview $review, ilObjUser $usr)
Definition: class.ilIndividualAssessmentAccessHandler.php:42
ilIndividualAssessmentAccessHandler\mayEditPermissions
mayEditPermissions($use_cache=true)
User edit permissions.
Definition: class.ilIndividualAssessmentAccessHandler.php:145
ilIndividualAssessmentAccessHandler\deassignUserFromMemberRole
deassignUserFromMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
Deasign a user from the member role at an Individual assessment.
Definition: class.ilIndividualAssessmentAccessHandler.php:91
ilIndividualAssessmentAccessHandler\mayAmendGradeUser
mayAmendGradeUser($use_cache=true)
User may Amend grading.
Definition: class.ilIndividualAssessmentAccessHandler.php:222
ilObjIndividualAssessment
For the purpose of streamlining the grading and learning-process status definition outside of tests,...
Definition: class.ilObjIndividualAssessment.php:18
ilObjRole\createDefaultRole
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
Definition: class.ilObjRole.php:60
ilObject\getId
getId()
get object id @access public
Definition: class.ilObject.php:308
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:19
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:20
IndividualAssessmentAccessHandler
Mechanic regarding the access controll and roles of an objcet goes here.
Definition: interface.IndividualAssessmentAccessHandler.php:9
ilAccessHandler
Interface ilAccessHandler.
Definition: interface.ilAccessHandler.php:11