ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 include_once "./Services/Object/classes/class.ilObjectAccess.php";
25 include_once './Services/Conditions/interfaces/interface.ilConditionHandling.php';
26 
37 class ilObjSurveyAccess extends ilObjectAccess implements ilConditionHandling
38 {
42  protected $user;
43 
47  protected $lng;
48 
52  protected $rbacsystem;
53 
57  protected $access;
58 
59 
63  public function __construct()
64  {
65  global $DIC;
66 
67  $this->user = $DIC->user();
68  $this->lng = $DIC->language();
69  $this->rbacsystem = $DIC->rbac()->system();
70  $this->access = $DIC->access();
71  }
72 
73 
77  public static function getConditionOperators()
78  {
79  include_once './Services/Conditions/classes/class.ilConditionHandler.php';
80  return array(
81  ilConditionHandler::OPERATOR_FINISHED
82  );
83  }
84 
85 
94  public static function checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
95  {
96  switch ($a_operator) {
97  case ilConditionHandler::OPERATOR_FINISHED:
98  include_once("./Modules/Survey/classes/class.ilObjSurveyAccess.php");
99  if (ilObjSurveyAccess::_lookupFinished($a_svy_id, $a_usr_id)) {
100  return true;
101  } else {
102  return false;
103  }
104  break;
105 
106  default:
107  return true;
108  }
109  return true;
110  }
111 
127  public function _checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id = "")
128  {
129  $ilUser = $this->user;
130  $lng = $this->lng;
131  $rbacsystem = $this->rbacsystem;
132  $ilAccess = $this->access;
133 
134  if ($a_user_id == "") {
135  $a_user_id = $ilUser->getId();
136  }
137 
138  $is_admin = $rbacsystem->checkAccessOfUser($a_user_id, 'write', $a_ref_id);
139 
140  switch ($a_permission) {
141  case "visible":
142  case "read":
143  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id) &&
144  !$is_admin) {
145  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
146  return false;
147  }
148  break;
149  }
150 
151  switch ($a_cmd) {
152  case "run":
153  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)) {
154  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
155  return false;
156  }
157  break;
158 
159  case "evaluation":
160  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)) {
161  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
162  return false;
163  }
164  if ($rbacsystem->checkAccess("write", $a_ref_id) || ilObjSurveyAccess::_hasEvaluationAccess($a_obj_id, $a_user_id)) {
165  return true;
166  } else {
167  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
168  return false;
169  }
170  break;
171  }
172 
173  return true;
174  }
175 
176 
189  public static function _getCommands()
190  {
191  $commands = array(
192  array("permission" => "read", "cmd" => "infoScreen", "lang_var" => "svy_run", "default" => true),
193  array("permission" => "write", "cmd" => "questionsrepo", "lang_var" => "edit_questions"),
194  array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
195  array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
196  );
197 
198  return $commands;
199  }
200 
201  //
202  // object specific access related methods
203  //
204 
208  public static function _lookupCreationComplete($a_obj_id)
209  {
210  global $DIC;
211 
212  $ilDB = $DIC->database();
213 
214  $result = $ilDB->queryF(
215  "SELECT * FROM svy_svy WHERE obj_fi=%s",
216  array('integer'),
217  array($a_obj_id)
218  );
219 
220  if ($result->numRows() == 1) {
221  $row = $ilDB->fetchAssoc($result);
222  }
223  if (!$row["complete"]) {
224  return false;
225  }
226  return true;
227  }
228 
232  public static function _lookupEvaluationAccess($a_obj_id)
233  {
234  global $DIC;
235 
236  $ilDB = $DIC->database();
237 
238  $result = $ilDB->queryF(
239  "SELECT * FROM svy_svy WHERE obj_fi=%s",
240  array('integer'),
241  array($a_obj_id)
242  );
243  if ($result->numRows() == 1) {
244  $row = $ilDB->fetchAssoc($result);
245  }
246 
247  return $row["evaluation_access"];
248  }
249 
250  public static function _isSurveyParticipant($user_id, $survey_id)
251  {
252  global $DIC;
253 
254  $ilDB = $DIC->database();
255 
256  $result = $ilDB->queryF(
257  "SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
258  array('integer','integer'),
259  array($user_id, $survey_id)
260  );
261  return ($result->numRows() == 1) ? true : false;
262  }
263 
264  public static function _lookupAnonymize($a_obj_id)
265  {
266  global $DIC;
267 
268  $ilDB = $DIC->database();
269 
270  $result = $ilDB->queryF(
271  "SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
272  array('integer'),
273  array($a_obj_id)
274  );
275  if ($result->numRows() == 1) {
276  $row = $ilDB->fetchAssoc($result);
277  return $row["anonymize"];
278  } else {
279  return 0;
280  }
281  }
282 
283  public static function _hasEvaluationAccess($a_obj_id, $user_id)
284  {
285  $evaluation_access = ilObjSurveyAccess::_lookupEvaluationAccess($a_obj_id);
286  switch ($evaluation_access) {
287  case 0:
288  // no evaluation access
289  return false;
290  break;
291  case 1:
292  // evaluation access for all registered users
293  if (($user_id > 0) && ($user_id != ANONYMOUS_USER_ID)) {
294  return true;
295  } else {
296  return false;
297  }
298  break;
299  case 2:
300  $svy_mode = self::_lookupMode($a_obj_id);
301  switch ($svy_mode) {
302  case ilObjSurvey::MODE_360:
303  include_once "Modules/Survey/classes/class.ilObjSurvey.php";
304  $svy = new ilObjSurvey($a_obj_id, false);
305  $svy->read();
306  switch ($svy->get360Results()) {
307  case ilObjSurvey::RESULTS_360_NONE:
308  return false;
309 
310  case ilObjSurvey::RESULTS_360_OWN:
311  return $svy->isAppraiseeClosed($user_id);
312 
313  case ilObjSurvey::RESULTS_360_ALL:
314  return $svy->isAppraisee($user_id);
315  }
316  break;
317 
318  case ilObjSurvey::MODE_SELF_EVAL:
319  include_once "Modules/Survey/classes/class.ilObjSurvey.php";
320  $svy = new ilObjSurvey($a_obj_id, false);
321  $svy->read();
322  switch ($svy->getSelfEvaluationResults()) {
323  case ilObjSurvey::RESULTS_SELF_EVAL_NONE:
324  return false;
325  default:
326  return true;
327  }
328  break;
329 
330  default:
331  // evaluation access for participants
332  // check if the user with the given id is a survey participant
333 
334  // show the evaluation button for anonymized surveys for all users
335  // access is only granted with the survey access code
336  if (ilObjSurveyAccess::_lookupAnonymize($a_obj_id) == 1) {
337  return true;
338  }
339 
340  global $DIC;
341 
342  $ilDB = $DIC->database();
343  $result = $ilDB->queryF(
344  "SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
345  array('integer'),
346  array($a_obj_id)
347  );
348  if ($result->numRows() == 1) {
349  $row = $ilDB->fetchAssoc($result);
350 
351  if (ilObjSurveyAccess::_isSurveyParticipant($user_id, $row["survey_id"])) {
352  return true;
353  }
354  }
355  return false;
356  break;
357  }
358  break;
359  }
360  }
361 
362 
368  public static function _lookupFinished($a_obj_id, $a_user_id = "")
369  {
370  global $DIC;
371 
372  $ilDB = $DIC->database();
373  $ilUser = $DIC->user();
374 
375  $finished = "";
376  if (!strlen($a_user_id)) {
377  $a_user_id = $ilUser->getId();
378  }
379 
380  $result = $ilDB->queryF(
381  "SELECT * FROM svy_svy WHERE obj_fi = %s",
382  array('integer'),
383  array($a_obj_id)
384  );
385  if ($result->numRows() == 1) {
386  $row = $ilDB->fetchObject($result);
387  if ($row->anonymize == 1) {
388  $result = $ilDB->queryF(
389  "SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s " .
390  "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s " .
391  "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
392  array('integer','text'),
393  array($row->survey_id, md5($a_user_id))
394  );
395  } else {
396  $result = $ilDB->queryF(
397  "SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
398  array('integer','integer'),
399  array($row->survey_id, $a_user_id)
400  );
401  }
402  if ($result->numRows() == 1) {
403  $foundrow = $ilDB->fetchAssoc($result);
404  $finished = (int) $foundrow["state"];
405  }
406  }
407 
408  return $finished;
409  }
410 
416  public static function _lookupMode($a_obj_id)
417  {
418  global $DIC;
419  $ilDB = $DIC->database();
420 
421  $result = $ilDB->queryF(
422  "SELECT mode FROM svy_svy" .
423  " WHERE obj_fi = %s",
424  array('integer'),
425  array($a_obj_id)
426  );
427 
428  if ($result->numRows() == 1) {
429  $row = $ilDB->fetchAssoc($result);
430  }
431 
432  return $row["mode"];
433  }
434 
435  public static function _lookup360Mode($a_obj_id)
436  {
437  global $DIC;
438 
439  $ilDB = $DIC->database();
440 
441  $result = $ilDB->queryF(
442  "SELECT mode FROM svy_svy" .
443  " WHERE obj_fi = %s AND mode = %s",
444  array('integer','integer'),
445  array($a_obj_id, ilObjSurvey::MODE_360)
446  );
447  return (bool) $ilDB->numRows($result);
448  }
449 
453  public static function _checkGoto($a_target)
454  {
455  global $DIC;
456 
457  $ilAccess = $DIC->access();
458 
459  $t_arr = explode("_", $a_target);
460 
461  if ($t_arr[0] != "svy" || ((int) $t_arr[1]) <= 0) {
462  return false;
463  }
464 
465  // 360° external raters
466  if ($_GET["accesscode"]) {
467  include_once "Modules/Survey/classes/class.ilObjSurvey.php";
468  if (ilObjSurvey::validateExternalRaterCode($t_arr[1], $_GET["accesscode"])) {
469  return true;
470  }
471  }
472 
473  if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||
474  $ilAccess->checkAccess("read", "", $t_arr[1])) {
475  return true;
476  }
477  return false;
478  }
479 }
ilObjSurveyAccess\_getCommands
static _getCommands()
get commands
Definition: class.ilObjSurveyAccess.php:189
ilObjSurveyAccess\_isSurveyParticipant
static _isSurveyParticipant($user_id, $survey_id)
Definition: class.ilObjSurveyAccess.php:250
ilObjSurveyAccess\_lookupEvaluationAccess
static _lookupEvaluationAccess($a_obj_id)
get evaluation access
Definition: class.ilObjSurveyAccess.php:232
$result
$result
Definition: CleanUpTest.php:463
$DIC
global $DIC
Definition: saml.php:7
ilObjSurvey\validateExternalRaterCode
static validateExternalRaterCode($a_ref_id, $a_code)
Definition: class.ilObjSurvey.php:5685
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
IL_NO_OBJECT_ACCESS
const IL_NO_OBJECT_ACCESS
Definition: class.ilAccessInfo.php:26
ilObjSurveyAccess\_lookupAnonymize
static _lookupAnonymize($a_obj_id)
Definition: class.ilObjSurveyAccess.php:264
ilConditionHandling
Interface for condition handling.
Definition: interface.ilConditionHandling.php:10
ilObjSurveyAccess\getConditionOperators
static getConditionOperators()
Get possible conditions operators.
Definition: class.ilObjSurveyAccess.php:77
user
user()
Definition: user.php:4
ilObjSurveyAccess\_checkAccess
_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id="")
Checks wether a user may invoke a command or not (this method is called by ilAccessHandler::checkAcce...
Definition: class.ilObjSurveyAccess.php:127
ilObjSurveyAccess\checkCondition
static checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
check condition
Definition: class.ilObjSurveyAccess.php:94
$ilUser
$ilUser
Definition: imgupload.php:18
ilObjSurveyAccess\_lookupMode
static _lookupMode($a_obj_id)
Get survey mode.
Definition: class.ilObjSurveyAccess.php:416
ilObjSurveyAccess
Class ilObjSurveyAccess.
Definition: class.ilObjSurveyAccess.php:37
ilObjSurveyAccess\_lookupFinished
static _lookupFinished($a_obj_id, $a_user_id="")
get finished status
Definition: class.ilObjSurveyAccess.php:368
$row
$row
Definition: migrateto20.php:360
ilObjSurveyAccess\_hasEvaluationAccess
static _hasEvaluationAccess($a_obj_id, $user_id)
Definition: class.ilObjSurveyAccess.php:283
ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:16
ilObjSurveyAccess\_lookup360Mode
static _lookup360Mode($a_obj_id)
Definition: class.ilObjSurveyAccess.php:435
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilObjSurvey\RESULTS_SELF_EVAL_NONE
const RESULTS_SELF_EVAL_NONE
Definition: class.ilObjSurvey.php:205
ilObjSurveyAccess\_checkGoto
static _checkGoto($a_target)
check whether goto script will succeed
Definition: class.ilObjSurveyAccess.php:453
ilObjSurveyAccess\_lookupCreationComplete
static _lookupCreationComplete($a_obj_id)
checks wether all necessary parts of the survey are given
Definition: class.ilObjSurveyAccess.php:208