ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilOrgUnitPositionAccess.php
Go to the documentation of this file.
1<?php
2
8class ilOrgUnitPositionAccess implements ilOrgUnitPositionAccessHandler, ilOrgUnitPositionAndRBACAccessHandler
9{
10
14 protected $ua;
18 protected $set;
22 protected static $ref_id_obj_type_map = array();
23
24
28 public function __construct()
29 {
30 $this->set = ilOrgUnitGlobalSettings::getInstance();
31 $this->ua = ilOrgUnitUserAssignmentQueries::getInstance();
32 }
33
34
38 public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
39 {
40 $current_user_id = $this->getCurrentUsersId();
41
42 return $this->filterUserIdsForUsersPositionsAndPermission($user_ids, $current_user_id, $permission);
43 }
44
45
49 public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
50 {
51 // FSX TODO no permission is checked or existing
52 $assignment_of_user = $this->ua->getAssignmentsOfUserId($for_user_id);
53 $other_users_in_same_org_units = [];
54 foreach ($assignment_of_user as $assignment) {
55 $other_users_in_same_org_units = $other_users_in_same_org_units + $this->ua->getUserIdsOfOrgUnit($assignment->getOrguId());
56 }
57
58 return array_intersect($user_ids, $other_users_in_same_org_units);
59 }
60
61
65 public function isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
66 {
67 $current_user_id = $this->getCurrentUsersId();
68
69 return $this->isUserBasedOnPositionsAllowedTo($current_user_id, $permission, $on_user_ids);
70 }
71
72
76 public function isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
77 {
78 $filtered_user_ids = $this->filterUserIdsForUsersPositionsAndPermission($on_user_ids, $which_user_id, $permission);
79
80 return ($on_user_ids === array_intersect($on_user_ids, $filtered_user_ids)
81 && $filtered_user_ids === array_intersect($filtered_user_ids, $on_user_ids));
82 }
83
84
88 public function filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
89 {
90 // If context is not activated, return same array of $user_ids
91 if (!$this->set->getObjectPositionSettingsByType($this->getTypeForRefId($ref_id))->isActive()) {
92 return $user_ids;
93 }
94
95 $current_user_id = $this->getCurrentUsersId();
96
97 return $this->filterUserIdsByPositionOfUser($current_user_id, $pos_perm, $ref_id, $user_ids);
98 }
99
100
104 public function filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
105 {
106 // If context is not activated, return same array of $user_ids
107 if (!$this->set->getObjectPositionSettingsByType($this->getTypeForRefId($ref_id))->isActive()) {
108 return $user_ids;
109 }
110
111 // $all_available_users = $this->ua->getUserIdsOfOrgUnit()
112 $operation = ilOrgUnitOperationQueries::findByOperationString($pos_perm, $this->getTypeForRefId($ref_id));
113 if (!$operation) {
114 return $user_ids;
115 }
116
117 $allowed_user_ids = [];
118 foreach ($this->ua->getPositionsOfUserId($user_id) as $position) {
119 $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
120 if (!$permissions->isOperationIdSelected($operation->getOperationId())) {
121 continue;
122 }
123
124 foreach ($position->getAuthorities() as $authority) {
125 switch ($authority->getOver()) {
126 case ilOrgUnitAuthority::OVER_EVERYONE:
127 switch ($authority->getScope()) {
128 case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
129 $allowed = $this->ua->getUserIdsOfOrgUnitsOfUsersPosition($position->getId(), $user_id);
130 $allowed_user_ids = $allowed_user_ids + $allowed;
131 break;
132 case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
133 $allowed = $this->ua->getUserIdsOfOrgUnitsOfUsersPosition($position->getId(), $user_id, true);
134 $allowed_user_ids = $allowed_user_ids + $allowed;
135 break;
136 }
137 break;
138 default:
139 switch ($authority->getScope()) {
140 case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
141 $allowed = $this->ua->getUserIdsOfUsersOrgUnitsInPosition($user_id, $position->getId(), $authority->getOver());
142 $allowed_user_ids = $allowed_user_ids + $allowed;
143 break;
144 case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
145 $allowed = $this->ua->getUserIdsOfUsersOrgUnitsInPosition($user_id, $position->getId(), $authority->getOver(), true);
146 $allowed_user_ids = $allowed_user_ids + $allowed;
147 break;
148 }
149 break;
150 }
151 }
152 }
153
154 return array_intersect($user_ids, $allowed_user_ids);
155 }
156
157
161 public function checkPositionAccess($pos_perm, $ref_id)
162 {
163 // If context is not activated, return same array of $user_ids
164 if (!$this->isPositionActiveForRefId($ref_id)) {
165 return false;
166 }
167
168 $operation = ilOrgUnitOperationQueries::findByOperationString($pos_perm, $this->getTypeForRefId($ref_id));
169 if (!$operation) {
170 return false;
171 }
172 $current_user_id = $this->getCurrentUsersId();
173
174 foreach ($this->ua->getPositionsOfUserId($current_user_id) as $position) {
175 $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
176 if ($permissions->isOperationIdSelected($operation->getOperationId())) {
177 return true;
178 }
179 }
180
181 return false;
182 }
183
184
188 public function hasCurrentUserAnyPositionAccess($ref_id)
189 {
190 // If context is not activated, return same array of $user_ids
191 if (!$this->isPositionActiveForRefId($ref_id)) {
192 return false;
193 }
194
195 $current_user_id = $this->getCurrentUsersId();
196
197 foreach ($this->ua->getPositionsOfUserId($current_user_id) as $position) {
198 $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
199 if (count($permissions->getOperations()) > 0) {
200 return true;
201 }
202 }
203
204 return false;
205 }
206
207
211 public function checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
212 {
213 global $DIC;
214 // If RBAC allows, just return true
215 if ($DIC->access()->checkAccess($rbac_perm, '', $ref_id)) {
216 return true;
217 }
218
219 // If context is not activated, return same array of $user_ids
220 if (!$this->isPositionActiveForRefId($ref_id)) {
221 return false;
222 }
223
224 return $this->checkPositionAccess($pos_perm, $ref_id);
225 }
226
227
231 public function filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
232 {
233 global $DIC;
234 // If RBAC allows, just return true
235 if ($DIC->access()->checkAccess($rbac_perm, '', $ref_id)) {
236 return $user_ids;
237 }
238 // If context is not activated, return same array of $user_ids
239 if (!$this->isPositionActiveForRefId($ref_id)) {
240 return $user_ids;
241 }
242
243 return $this->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
244 }
245
246
250 public function hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
251 {
252 global $DIC;
253 if ($DIC->access()->checkAccess($rbac_perm, '', $ref_id)) {
254 return true;
255 }
256
257 return $this->hasCurrentUserAnyPositionAccess($ref_id);
258 }
259
260
261 //
262 // Helpers
263 //
264
268 private function dic()
269 {
270 return $GLOBALS['DIC'];
271 }
272
273
277 private function getCurrentUsersId()
278 {
279 return $this->dic()->user()->getId();
280 }
281
282
288 private function getTypeForRefId($ref_id)
289 {
290 if (!isset(self::$ref_id_obj_type_map[$ref_id])) {
291 self::$ref_id_obj_type_map[$ref_id] = ilObject2::_lookupType($ref_id, true);
292 }
293
294 return self::$ref_id_obj_type_map[$ref_id];
295 }
296
297
303 private function getObjIdForRefId($ref_id)
304 {
305 return ilObject2::_lookupObjectId($ref_id);
306 }
307
308
314 private function isPositionActiveForRefId($ref_id)
315 {
316 $obj_id = $this->getObjIdForRefId($ref_id); // TODO this will change to ref_id!!
317
318 return $this->set->isPositionAccessActiveForObject($obj_id);
319 }
320}
php
An exception for terminatinating execution or to throw for unit testing.
ilObject2\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject2.php:307
ilObject2\_lookupObjectId
static _lookupObjectId($a_ref_id)
lookup object id
Definition: class.ilObject2.php:319
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString($operation_string, $context_name)
Definition: class.ilOrgUnitOperationQueries.php:114
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:9
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:49
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:161
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:65
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88
ilOrgUnitPositionAccess\__construct
__construct()
ilOrgUnitPositionAccess constructor.
Definition: class.ilOrgUnitPositionAccess.php:28
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:38
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:211
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
Definition: class.ilOrgUnitPositionAccess.php:231
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:76
$authority
$authority
Definition: consentAdmin.php:71
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilOrgUnitPositionAccessHandler
Interface ilOrgUnitPositionAccessHandler.
Definition: class.ilOrgUnitPositionAccessHandler.php:11
ilOrgUnitPositionAndRBACAccessHandler
Interface ilOrgUnitPositionAndRBACAccessHandler.
Definition: class.ilOrgUnitPositionAndRBACAccessHandler.php:11
$DIC
global $DIC
Definition: saml.php:7