ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilOrgUnitPositionAccess.php
Go to the documentation of this file.
1 <?php
2 
8 class ilOrgUnitPositionAccess implements ilOrgUnitPositionAccessHandler, ilOrgUnitPositionAndRBACAccessHandler
9 {
10 
14  protected $ua;
18  protected $set;
22  protected static $ref_id_obj_type_map = array();
23 
24 
28  public function __construct()
29  {
30  $this->set = ilOrgUnitGlobalSettings::getInstance();
31  $this->ua = ilOrgUnitUserAssignmentQueries::getInstance();
32  }
33 
34 
38  public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
39  {
40  $current_user_id = $this->getCurrentUsersId();
41 
42  return $this->filterUserIdsForUsersPositionsAndPermission($user_ids, $current_user_id, $permission);
43  }
44 
45 
49  public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
50  {
51  // FSX TODO no permission is checked or existing
52  $assignment_of_user = $this->ua->getAssignmentsOfUserId($for_user_id);
53  $other_users_in_same_org_units = [];
54  foreach ($assignment_of_user as $assignment) {
55  $other_users_in_same_org_units = $other_users_in_same_org_units + $this->ua->getUserIdsOfOrgUnit($assignment->getOrguId());
56  }
57 
58  return array_intersect($user_ids, $other_users_in_same_org_units);
59  }
60 
61 
65  public function isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
66  {
67  $current_user_id = $this->getCurrentUsersId();
68 
69  return $this->isUserBasedOnPositionsAllowedTo($current_user_id, $permission, $on_user_ids);
70  }
71 
72 
76  public function isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
77  {
78  $filtered_user_ids = $this->filterUserIdsForUsersPositionsAndPermission($on_user_ids, $which_user_id, $permission);
79 
80  return ($on_user_ids === array_intersect($on_user_ids, $filtered_user_ids)
81  && $filtered_user_ids === array_intersect($filtered_user_ids, $on_user_ids));
82  }
83 
84 
88  public function filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
89  {
90  // If context is not activated, return same array of $user_ids
91  if (!$this->set->getObjectPositionSettingsByType($this->getTypeForRefId($ref_id))->isActive()) {
92  return $user_ids;
93  }
94 
95  $current_user_id = $this->getCurrentUsersId();
96 
97  return $this->filterUserIdsByPositionOfUser($current_user_id, $pos_perm, $ref_id, $user_ids);
98  }
99 
100 
104  public function filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
105  {
106  // If context is not activated, return same array of $user_ids
107  if (!$this->set->getObjectPositionSettingsByType($this->getTypeForRefId($ref_id))->isActive()) {
108  return $user_ids;
109  }
110 
111  // $all_available_users = $this->ua->getUserIdsOfOrgUnit()
112  $operation = ilOrgUnitOperationQueries::findByOperationString($pos_perm, $this->getTypeForRefId($ref_id));
113  if (!$operation) {
114  return $user_ids;
115  }
116 
117  $allowed_user_ids = [];
118  foreach ($this->ua->getPositionsOfUserId($user_id) as $position) {
119  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
120  if (!$permissions->isOperationIdSelected($operation->getOperationId())) {
121  continue;
122  }
123 
124  foreach ($position->getAuthorities() as $authority) {
125  switch ($authority->getOver()) {
126  case ilOrgUnitAuthority::OVER_EVERYONE:
127  switch ($authority->getScope()) {
128  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
129  $allowed = $this->ua->getUserIdsOfOrgUnitsOfUsersPosition($position->getId(), $user_id);
130  $allowed_user_ids = $allowed_user_ids + $allowed;
131  break;
132  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
133  $allowed = $this->ua->getUserIdsOfOrgUnitsOfUsersPosition($position->getId(), $user_id, true);
134  $allowed_user_ids = $allowed_user_ids + $allowed;
135  break;
136  }
137  break;
138  default:
139  switch ($authority->getScope()) {
140  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
141  $allowed = $this->ua->getUserIdsOfUsersOrgUnitsInPosition($user_id, $position->getId(), $authority->getOver());
142  $allowed_user_ids = $allowed_user_ids + $allowed;
143  break;
144  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
145  $allowed = $this->ua->getUserIdsOfUsersOrgUnitsInPosition($user_id, $position->getId(), $authority->getOver(), true);
146  $allowed_user_ids = $allowed_user_ids + $allowed;
147  break;
148  }
149  break;
150  }
151  }
152  }
153 
154  return array_intersect($user_ids, $allowed_user_ids);
155  }
156 
157 
161  public function checkPositionAccess($pos_perm, $ref_id)
162  {
163  // If context is not activated, return same array of $user_ids
164  if (!$this->isPositionActiveForRefId($ref_id)) {
165  return false;
166  }
167 
168  $operation = ilOrgUnitOperationQueries::findByOperationString($pos_perm, $this->getTypeForRefId($ref_id));
169  if (!$operation) {
170  return false;
171  }
172  $current_user_id = $this->getCurrentUsersId();
173 
174  foreach ($this->ua->getPositionsOfUserId($current_user_id) as $position) {
175  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
176  if ($permissions->isOperationIdSelected($operation->getOperationId())) {
177  return true;
178  }
179  }
180 
181  return false;
182  }
183 
184 
188  public function hasCurrentUserAnyPositionAccess($ref_id)
189  {
190  // If context is not activated, return same array of $user_ids
191  if (!$this->isPositionActiveForRefId($ref_id)) {
192  return false;
193  }
194 
195  $current_user_id = $this->getCurrentUsersId();
196 
197  foreach ($this->ua->getPositionsOfUserId($current_user_id) as $position) {
198  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
199  if (count($permissions->getOperations()) > 0) {
200  return true;
201  }
202  }
203 
204  return false;
205  }
206 
207 
211  public function checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
212  {
213  global $DIC;
214  // If RBAC allows, just return true
215  if ($DIC->access()->checkAccess($rbac_perm, '', $ref_id)) {
216  return true;
217  }
218 
219  // If context is not activated, return same array of $user_ids
220  if (!$this->isPositionActiveForRefId($ref_id)) {
221  return false;
222  }
223 
224  return $this->checkPositionAccess($pos_perm, $ref_id);
225  }
226 
227 
231  public function filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
232  {
233  global $DIC;
234  // If RBAC allows, just return true
235  if ($DIC->access()->checkAccess($rbac_perm, '', $ref_id)) {
236  return $user_ids;
237  }
238  // If context is not activated, return same array of $user_ids
239  if (!$this->isPositionActiveForRefId($ref_id)) {
240  return $user_ids;
241  }
242 
243  return $this->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
244  }
245 
246 
250  public function hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
251  {
252  global $DIC;
253  if ($DIC->access()->checkAccess($rbac_perm, '', $ref_id)) {
254  return true;
255  }
256 
257  return $this->hasCurrentUserAnyPositionAccess($ref_id);
258  }
259 
260 
261  //
262  // Helpers
263  //
264 
268  private function dic()
269  {
270  return $GLOBALS['DIC'];
271  }
272 
273 
277  private function getCurrentUsersId()
278  {
279  return $this->dic()->user()->getId();
280  }
281 
282 
288  private function getTypeForRefId($ref_id)
289  {
290  if (!isset(self::$ref_id_obj_type_map[$ref_id])) {
291  self::$ref_id_obj_type_map[$ref_id] = ilObject2::_lookupType($ref_id, true);
292  }
293 
294  return self::$ref_id_obj_type_map[$ref_id];
295  }
296 
297 
303  private function getObjIdForRefId($ref_id)
304  {
305  return ilObject2::_lookupObjectId($ref_id);
306  }
307 
308 
314  private function isPositionActiveForRefId($ref_id)
315  {
316  $obj_id = $this->getObjIdForRefId($ref_id); // TODO this will change to ref_id!!
317 
318  return $this->set->isPositionAccessActiveForObject($obj_id);
319  }
320 }
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
$on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelatedPermissions for available permissionsbo...
Definition: class.ilOrgUnitPositionAccess.php:65
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
$user_ids List of ILIAS-User-IDs which shall be filteredgetAvailablePositionRelatedPermissions for av...
Definition: class.ilOrgUnitPositionAccess.php:38
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
Reference-ID of the desired Object in the treegetAvailablePositionRelatedPermissions for available pe...
Definition: class.ilOrgUnitPositionAccess.php:161
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilOrgUnitPositionAccess.php:211
$DIC
global $DIC
Definition: saml.php:7
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered getAvailablePositionRelatedPermissions for a...
Definition: class.ilOrgUnitPositionAccess.php:49
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilObject2\_lookupObjectId
static _lookupObjectId($a_ref_id)
Definition: class.ilObject2.php:319
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAndRBACAccessHandler
Interface ilOrgUnitPositionAndRBACAccessHandler.
Definition: class.ilOrgUnitPositionAndRBACAccessHandler.php:10
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250
ilOrgUnitPositionAccess\__construct
__construct()
ilOrgUnitPositionAccess constructor.
Definition: class.ilOrgUnitPositionAccess.php:28
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilOrgUnitPositionAccess.php:231
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
Permission check for this ILIAS-User-ID $on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelate...
Definition: class.ilOrgUnitPositionAccess.php:76
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject2\_lookupType
static _lookupType($a_id, $a_reference=false)
Definition: class.ilObject2.php:307
ilOrgUnitPositionAccessHandler
Interface ilOrgUnitPositionAccessHandler.
Definition: class.ilOrgUnitPositionAccessHandler.php:10
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString($operation_string, $context_name)
Definition: class.ilOrgUnitOperationQueries.php:114
$authority
$authority
Definition: consentAdmin.php:71
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104