ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilIndividualAssessmentAccessHandler.php
Go to the documentation of this file.
1 <?php
2 require_once 'Modules/IndividualAssessment/interfaces/AccessControl/interface.IndividualAssessmentAccessHandler.php';
3 require_once 'Services/AccessControl/classes/class.ilObjRole.php';
8 class ilIndividualAssessmentAccessHandler implements IndividualAssessmentAccessHandler
9 {
13  protected $iass;
14 
18  protected $handler;
19 
23  protected $admin;
24 
28  protected $review;
29 
33  protected $user;
34 
38  protected $mass_global_permissions_cache;
39 
40  const DEFAULT_ROLE = 'il_iass_member';
41 
42  public function __construct(ilObjIndividualAssessment $iass, ilAccessHandler $handler, ilRbacAdmin $admin, ilRbacReview $review, ilObjUser $usr)
43  {
44  $this->iass = $iass;
45  $this->handler = $handler;
46  $this->admin = $admin;
47  $this->review = $review;
48  $this->usr = $usr;
49  $this->mass_global_permissions_cache = array();
50  }
51 
55  public function checkAccessToObj($operation)
56  {
57  if ($operation == "read_learning_progress") {
58  return $this->handler->checkRbacOrPositionPermissionAccess("read_learning_progress", "read_learning_progress", $this->iass->getRefId());
59  }
60  if ($operation == "edit_learning_progress") {
61  return $this->handler->checkRbacOrPositionPermissionAccess("edit_learning_progress", "write_learning_progress", $this->iass->getRefId());
62  }
63 
64  return $this->handler->checkAccessOfUser($this->usr->getId(), $operation, '', $this->iass->getRefId(), 'iass');
65  }
66 
70  public function initDefaultRolesForObject(ilObjIndividualAssessment $iass)
71  {
72  $role = ilObjRole::createDefaultRole(
73  $this->getRoleTitleByObj($iass),
74  "Admin of iass obj_no." . $iass->getId(),
75  self::DEFAULT_ROLE,
76  $iass->getRefId()
77  );
78  }
79 
83  public function assignUserToMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
84  {
85  return $this->admin->assignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
86  }
87 
91  public function deassignUserFromMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
92  {
93  return $this->admin->deassignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
94  }
95 
96  protected function getRoleTitleByObj(ilObjIndividualAssessment $iass)
97  {
98  return self::DEFAULT_ROLE . '_' . $iass->getRefId();
99  }
100 
101  protected function getMemberRoleIdForObj(ilObjIndividualAssessment $iass)
102  {
103  return current($this->review->getLocalRoles($iass->getRefId()));
104  }
105 
113  public function mayViewObject($use_cache = true)
114  {
115  if ($use_cache) {
116  return $this->cacheCheckAccessToObj('read');
117  }
118 
119  return $this->isSystemAdmin() || $this->checkAccessToObj('read');
120  }
121 
129  public function mayEditObject($use_cache = true)
130  {
131  if ($use_cache) {
132  return $this->cacheCheckAccessToObj('write');
133  }
134 
135  return $this->isSystemAdmin() || $this->checkAccessToObj('write');
136  }
137 
145  public function mayEditPermissions($use_cache = true)
146  {
147  if ($use_cache) {
148  return $this->cacheCheckAccessToObj('edit_permission');
149  }
150 
151  return $this->isSystemAdmin() || $this->checkAccessToObj('edit_permission');
152  }
153 
161  public function mayEditMembers($use_cache = true)
162  {
163  if ($use_cache) {
164  return $this->cacheCheckAccessToObj('edit_members');
165  }
166 
167  return $this->isSystemAdmin() || $this->checkAccessToObj('edit_members');
168  }
169 
177  public function mayViewUser($use_cache = true)
178  {
179  if ($use_cache) {
180  return $this->cacheCheckAccessToObj('read_learning_progress');
181  }
182 
183  return $this->isSystemAdmin() || $this->checkAccessToObj('read_learning_progress');
184  }
185 
193  public function mayGradeUser($use_cache = true)
194  {
195  if ($use_cache) {
196  return $this->cacheCheckAccessToObj('edit_learning_progress');
197  }
198 
199  return $this->isSystemAdmin() || $this->checkAccessToObj('edit_learning_progress');
200  }
201 
209  public function mayGradeUserById($a_user_id)
210  {
211  return $this->isSystemAdmin()
212  || ($this->mayGradeUser() && count($this->handler->filterUserIdsByRbacOrPositionOfCurrentUser("edit_learning_progress", "set_lp", $this->iass->getRefId(), [$a_user_id])) > 0);
213  }
214 
221  public function filterViewableOrGradeableUsers(array $a_user_ids) : array
222  {
223  $usr_id = $this->usr->getId();
224  $obj_id = $this->iass->getId();
225  $ref_id = $this->iass->getRefId();
226  if (
227  $this->handler->checkAccessOfUser($usr_id, "edit_members", '', $ref_id, 'iass')
228  || $this->handler->checkAccessOfUser($usr_id, "read_learning_progress", '', $ref_id, 'iass')
229  || $this->handler->checkAccessOfUser($usr_id, "write_learning_progress", '', $ref_id, 'iass')
230  ) {
231  return $a_user_ids;
232  }
233 
234  $orgu_settings = ilOrgUnitGlobalSettings::getInstance();
235  if (!$orgu_settings->isPositionAccessActiveForObject($obj_id)) {
236  return [];
237  }
238 
239  $viewable_users = $this->handler->filterUserIdsByPositionOfCurrentUser("read_learning_progress", $ref_id, $a_user_ids);
240  $gradeable_users = $this->handler->filterUserIdsByPositionOfCurrentUser("write_learning_progress", $ref_id, $a_user_ids);
241 
242  return array_unique(array_merge($viewable_users, $gradeable_users));
243  }
244 
252  public function mayAmendGradeUser($use_cache = true)
253  {
254  if ($use_cache) {
255  return $this->cacheCheckAccessToObj('amend_grading');
256  }
257 
258  return $this->checkAccessToObj('amend_grading');
259  }
260 
268  protected function cacheCheckAccessToObj($operation)
269  {
270  $iass_id = $this->iass->getId();
271  $user_id = $this->usr->getId();
272 
273  if (!isset($this->mass_global_permissions_cache[$iass_id][$user_id][$operation])) {
274  $this->mass_global_permissions_cache[$iass_id][$user_id][$operation]
275  = $this->checkAccessToObj($operation);
276  }
277 
278  return $this->mass_global_permissions_cache[$iass_id][$user_id][$operation];
279  }
280 
286  public function isSystemAdmin()
287  {
288  return $this->review->isAssigned($this->usr->getId(), SYSTEM_ROLE_ID);
289  }
290 }
ilIndividualAssessmentAccessHandler\assignUserToMemberRole
assignUserToMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
Assign a user to the member role at an Individual assessment.
Definition: class.ilIndividualAssessmentAccessHandler.php:83
ilObjIndividualAssessment
For the purpose of streamlining the grading and learning-process status definition outside of tests...
Definition: class.ilObjIndividualAssessment.php:17
IndividualAssessmentAccessHandler
Mechanic regarding the access controll and roles of an objcet goes here.
Definition: interface.IndividualAssessmentAccessHandler.php:8
ilObjRole\createDefaultRole
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
Definition: class.ilObjRole.php:72
ilIndividualAssessmentAccessHandler\mayViewUser
mayViewUser($use_cache=true)
User may view gradings.
Definition: class.ilIndividualAssessmentAccessHandler.php:177
ilAccessHandler
Interface ilAccessHandler.
Definition: interface.ilAccessHandler.php:10
ilIndividualAssessmentAccessHandler\__construct
__construct(ilObjIndividualAssessment $iass, ilAccessHandler $handler, ilRbacAdmin $admin, ilRbacReview $review, ilObjUser $usr)
Definition: class.ilIndividualAssessmentAccessHandler.php:42
ilIndividualAssessmentAccessHandler\filterViewableOrGradeableUsers
filterViewableOrGradeableUsers(array $a_user_ids)
Filter out users that may be graded or viewed.
Definition: class.ilIndividualAssessmentAccessHandler.php:221
ilObject\getId
getId()
get object id public
Definition: class.ilObject.php:320
ilIndividualAssessmentAccessHandler\checkAccessToObj
checkAccessToObj($operation)
Can an user perform an operation on some Individual assessment?bool
Definition: class.ilIndividualAssessmentAccessHandler.php:55
ilIndividualAssessmentAccessHandler\mayAmendGradeUser
mayAmendGradeUser($use_cache=true)
User may Amend grading.
Definition: class.ilIndividualAssessmentAccessHandler.php:252
ilIndividualAssessmentAccessHandler\initDefaultRolesForObject
initDefaultRolesForObject(ilObjIndividualAssessment $iass)
Create default roles at an object.
Definition: class.ilIndividualAssessmentAccessHandler.php:70
ilObject\getRefId
getRefId()
get reference id public
Definition: class.ilObject.php:351
ilIndividualAssessmentAccessHandler\cacheCheckAccessToObj
cacheCheckAccessToObj($operation)
Get permission state from cache.
Definition: class.ilIndividualAssessmentAccessHandler.php:268
ilIndividualAssessmentAccessHandler\deassignUserFromMemberRole
deassignUserFromMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
Deasign a user from the member role at an Individual assessment.
Definition: class.ilIndividualAssessmentAccessHandler.php:91
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:18
ilIndividualAssessmentAccessHandler\mayEditPermissions
mayEditPermissions($use_cache=true)
User edit permissions.
Definition: class.ilIndividualAssessmentAccessHandler.php:145
ilIndividualAssessmentAccessHandler\mayEditMembers
mayEditMembers($use_cache=true)
User may edit members.
Definition: class.ilIndividualAssessmentAccessHandler.php:161
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:19