ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
class.ilMyStaffAccess.php
Go to the documentation of this file.
1<?php
2
3namespace ILIAS\MyStaff;
4
5use ilObjectAccess;
6use ilOrgUnitOperation;
7use ilOrgUnitOperationContext;
8use ilOrgUnitOperationContextQueries;
9use ilOrgUnitOperationQueries;
10use ilOrgUnitUserAssignmentQueries;
11
17class ilMyStaffAccess extends ilObjectAccess
18{
19
20 const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
21 const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
22 const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
23 const TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
24 const TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
25 const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
26 const DEFAULT_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
27 const DEFAULT_CONTEXT = 'crs';
31 protected static $instance = null;
35 protected static $orgu_users_of_current_user_show_staff_permission;
36
37
41 public static function getInstance()
42 {
43 global $DIC;
44
45 if (self::$instance === null) {
46 self::$instance = new self();
47
48 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
49 . self::DEFAULT_CONTEXT);
50 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION
51 . "_" . self::DEFAULT_CONTEXT);
52 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION
53 . "_" . self::DEFAULT_CONTEXT);
54 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
55 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
56 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
57 . self::DEFAULT_CONTEXT);
58 }
59
60 return self::$instance;
61 }
62
63
67 private function __construct()
68 {
69 }
70
71
75 public function hasCurrentUserAccessToMyStaff() : bool
76 {
77 global $DIC;
78
79 if ($DIC->rbac()->system()->checkAccess('visible', SYSTEM_FOLDER_ID)) {
80 return true;
81 }
82
83 if (!$DIC->settings()->get("enable_my_staff")) {
84 return false;
85 }
86
87 if ($this->hasCurrentUserAccessToUser()) {
88 return true;
89 }
90
91 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_ACCESS_ENROLMENTS, self::DEFAULT_CONTEXT)
92 > 0
93 ) {
94 return true;
95 }
96
97 if ($this->hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser()) {
98 return true;
99 }
100
101 if ($this->hasCurrentUserAccessToCertificates()) {
102 return true;
103 }
104
105 if ($this->hasCurrentUserAccessToCompetences()) {
106 true;
107 }
108
109 return false;
110 }
111
112
116 public function hasCurrentUserAccessToCertificates() : bool
117 {
118 global $DIC;
119
120 if (!$DIC->settings()->get("enable_my_staff")) {
121 return false;
122 }
123
124 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_CERTIFICATES, self::DEFAULT_CONTEXT)
125 > 0
126 ) {
127 return true;
128 }
129
130 return false;
131 }
132
133
137 public function hasCurrentUserAccessToCompetences() : bool
138 {
139 global $DIC;
140
141 if (!$DIC->settings()->get("enable_my_staff")) {
142 return false;
143 }
144
145 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::DEFAULT_CONTEXT)
146 > 0
147 ) {
148 return true;
149 }
150
151 return false;
152 }
153
154
160 public function hasCurrentUserAccessToUser($usr_id = 0) : bool
161 {
162 global $DIC;
163
164 $arr_users = $this->getUsersForUser($DIC->user()->getId());
165 if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
166 return true;
167 }
168
169 return false;
170 }
171
172
178 public function hasCurrentUserAccessToLearningProgressInObject($ref_id = 0) : bool
179 {
180 global $DIC;
181
182 return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
183 }
184
185
189 public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser() : bool
190 {
191 global $DIC;
192
193 $arr_usr_id = $this->getUsersForUserOperationAndContext($DIC->user()
194 ->getId(), ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, self::DEFAULT_CONTEXT);
195 if (count($arr_usr_id) > 0) {
196 return true;
197 }
198
199 return false;
200 }
201
202
208 public function countOrgusOfUserWithAtLeastOneOperation($user_id)
209 {
210 global $DIC;
211
212 $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
213 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
214 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
215 WHERE orgu_ua.user_id = " . $DIC->database()->quote($user_id, 'integer') . " AND perm.operations is not NULL AND perm.parent_id = -1";
216
217 $set = $DIC->database()->query($q);
218 $rec = $DIC->database()->fetchAssoc($set);
219
220 return $rec['cnt'];
221 }
222
223
231 public function countOrgusOfUserWithOperationAndContext($user_id, $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, $context = self::DEFAULT_CONTEXT)
232 {
233 global $DIC;
234
238 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
239
240 $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
241 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
242 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
243 and orgu_ua.user_id = " . $DIC->database()->quote($user_id, 'integer') . " AND perm.operations LIKE '%\""
244 . $operation->getOperationId() . "\"%'
245 WHERE perm.parent_id = -1";
246
247 $set = $DIC->database()->query($q);
248 $rec = $DIC->database()->fetchAssoc($set);
249
250 return $rec['cnt'];
251 }
252
253
262 public function getUsersForUserOperationAndContext(
263 $user_id,
264 $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
265 $context = self::DEFAULT_CONTEXT,
266 $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
267 ) {
268 global $DIC;
269
270 $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext($user_id, $org_unit_operation_string, $context, $tmp_table_name_prefix);
271
272 $q = 'SELECT usr_id FROM ' . $tmp_table_name;
273
274 $user_set = $DIC->database()->query($q);
275
276 $arr_users = array();
277
278 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
279 $arr_users[$rec['usr_id']] = $rec['usr_id'];
280 }
281
282 return $arr_users;
283 }
284
285
291 public function getUsersForUserPerPosition($user_id) : array
292 {
293 $users = [];
294 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
295 foreach ($user_assignments as $user_assignment) {
296 $users[$user_assignment->getPositionId()] = $this->getUsersForUser($user_id, $user_assignment->getPositionId());
297 }
298
299 return $users;
300 }
301
302
310 public function getUsersForUser($user_id, ?int $position_id = null) : array
311 {
312 global $DIC;
313
314 $tmp_orgu_members = $this->buildTempTableOrguMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array());
315
316 $position_limitation = '';
317 if (!is_null($position_id)) {
318 $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
319 }
320
321 $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
322 FROM
323 " . $tmp_orgu_members . "
324 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote($user_id, 'integer') . "
325 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
326 WHERE
327 (
328 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
329 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
330 AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
331 )
332 OR
333 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
334 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
335 OR
336 /* Kinder OrgUnit wie Current User */
337 (
338 (
339 " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
340 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
341 OR
342 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
343 )
344 AND
345 (
346 (
347 (
348 /* Gleiche Position */
349 auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
350 )
351 OR
352 (
353 /* Position Egal */
354 auth.over = -1
355 )
356 )
357 AND auth.scope = 2
358 )
359 )
360 )";
361
362 $user_set = $DIC->database()->query($q);
363
364 $arr_users = array();
365
366 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
367 $arr_users[$rec['usr_id']] = $rec['usr_id'];
368 }
369
370 return $arr_users;
371 }
372
373
381 public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false) : array
382 {
383 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
384 $ids = [];
385 foreach ($user_assignments as $user_assignment) {
386 $ref_ids = $this->getIdsForPositionAndOperation($user_assignment->getPositionId(), $operation, $return_ref_id);
387 if(count($ref_ids) > 0) {
388 $ids = array_merge($ids, $ref_ids);
389 }
390 }
391
392 return $ids;
393 }
394
395
403 public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id) : array
404 {
405 $ids = [];
406 foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
407 $ref_ids = $this->getIdsForPositionAndOperationAndContext($position_id, $operation, $context, $return_ref_id);
408 if(count($ref_ids) > 0) {
409 $ids = array_merge($ids, $ref_ids);
410 }
411 }
412
413 return $ids;
414 }
415
416
430 public function getIdsForPositionAndOperationAndContext(int $position_id, string $operation, string $context, bool $return_ref_id) : array
431 {
432 global $DIC;
433 $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
434 $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
435 if (is_null($operation_object)) {
436 // operation doesn't exist in this context
437 return [];
438 }
439 $operation_id = $operation_object->getOperationId();
440
441 if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
442 $query = 'select ' . ($return_ref_id ? 'object_reference.ref_id' : 'object_data.obj_id') . ' from object_data ' .
443 'inner join object_reference on object_reference.obj_id = object_data.obj_id ' .
444 'where type = "' . $context . '" ' .
445 'AND object_reference.ref_id not in ' .
446 ' (SELECT parent_id FROM il_orgu_permissions ' .
447 ' where position_id = ' . $position_id . ' and context_id = ' . $context_id . ' and operations not like \'%"' . $operation_id . '"%\' and parent_id <> -1)';
448 } else {
449 $query = $return_ref_id
450 ?
451 'SELECT parent_id as ref_id FROM il_orgu_permissions '
452 :
453 'SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ';
454 $query .= ' where position_id = ' . $position_id . ' and context_id = ' . $context_id . ' and operations like \'%"' . $operation_id . '"%\' and parent_id <> -1';
455 }
456
457 return array_map(function ($item) use ($return_ref_id) {
458 return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
459 }, $DIC->database()->fetchAll($DIC->database()->query($query)));
460 }
461
462
470 public function hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id) : bool
471 {
472 global $DIC;
473 $res = $DIC->database()->query('SELECT * FROM il_orgu_permissions ' .
474 ' WHERE context_id = ' . $context_id . ' ' .
475 'AND operations LIKE \'%"' . $operation_id . '"%\' ' .
476 'AND position_id = ' . $position_id . ' ' .
477 'AND parent_id = -1');
478
479 return (bool) $DIC->database()->numRows($res) > 0;
480 }
481
482
490 public function getIlobjectsAndUsersForUserOperationAndContext($user_id, $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, $context = self::DEFAULT_CONTEXT)
491 {
492 global $DIC;
493
497 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
498
499 $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
500
501 $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext($user_id, $org_unit_operation_string, $context, $tmp_table_name);
502
503 $q = 'SELECT * FROM ' . $tmp_table_name;
504
505 $user_set = $DIC->database()->query($q);
506
507 $arr_user_obj = array();
508
509 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
510 $arr_user_obj[] = $rec;
511 }
512
513 return $arr_user_obj;
514 }
515
516
525 public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
526 $user_id,
527 $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
528 $context = self::DEFAULT_CONTEXT,
529 $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
530 ) {
531 global $DIC;
532
533 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
534
538 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
539
540 $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
541
542 $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
543 $org_unit_operation_string,
544 $context,
545 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
546 );
547
548 $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
549 $org_unit_operation_string,
550 $context,
551 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
552 );
553
554 $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
555 $org_unit_operation_string,
556 $context,
557 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
558 );
559
560 $tmp_table_course_members = $this->buildTempTableCourseMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, $all_users_for_user);
561
562 $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, $all_users_for_user);
563
564 $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships('tmp_orgu_members_path', $all_users_for_user);
565
566 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
567 . self::DEFAULT_CONTEXT
568 ) {
569 $this->dropTempTable($temporary_table_name);
570 }
571
572 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
573 SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
574 (
575 SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
576 (
577 SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
578 UNION
579 SELECT * FROM " . $tmp_table_objects_default_perimissions . "
580 ) AS crs
581 INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
582 and (
583 (
584 " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
585 )
586 or perm_orgu_scope = 2
587 )
588 UNION
589 SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
590 . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
591 INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
592 . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
593 and (
594 (
595 " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
596 . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
597 )
598 or perm_orgu_scope = 2
599 )
600
601 ) AS user_perm_matrix
602 INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
603
604 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote($user_id, 'integer') . "
605 INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
606 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
607 and perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
608
609 AND
610 (
611 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
612 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
613 AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
614 )
615 OR
616 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
617 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
618 OR
619 /* Kinder OrgUnit wie Current User */
620 (
621 orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
622 AND
623 (
624 path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
625 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
626 OR
627 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
628 )
629 AND
630 (
631 (
632 (
633 /* Gleiche Position */
634 orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
635 )
636 OR
637 (
638 /* Position Egal */
639 user_perm_matrix.perm_over_user_with_position = -1
640 )
641 )
642 AND user_perm_matrix.perm_orgu_scope = 2
643 )
644 )
645 )
646 );";
647
648 $DIC->database()->manipulate($q);
649
650 return $temporary_table_name;
651 }
652
653
661 public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
662 $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
663 $context = self::DEFAULT_CONTEXT,
664 $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
665 ) {
666 global $DIC;
667
668 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
669
673 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
674
675 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
676 . self::DEFAULT_CONTEXT
677 ) {
678 $this->dropTempTable($temporary_table_name);
679 }
680
681 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
682 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
683 AS (
684 SELECT
685 obj_ref.ref_id AS perm_for_ref_id,
686 orgu_ua.orgu_id AS perm_for_orgu_id,
687 auth.scope AS perm_orgu_scope,
688 orgu_ua.position_id AS perm_for_position_id,
689 auth.over AS perm_over_user_with_position
690 FROM
691 il_orgu_permissions AS perm
692 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
693 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
694 ->getId() . "
695 INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
696 INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
697 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
698 WHERE
699 perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
700 );";
701
702 $DIC->database()->manipulate($q);
703
704 return $temporary_table_name;
705 }
706
707
715 public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
716 $org_unit_operation_string = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS,
717 $context = self::DEFAULT_CONTEXT,
718 $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
719 ) {
720 global $DIC;
721
722 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
723
727 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
728
729 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
730 . self::DEFAULT_CONTEXT
731 ) {
732 $this->dropTempTable($temporary_table_name);
733 }
734
735 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
736 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
737 AS (
738 SELECT
739 obj_ref.ref_id AS perm_for_ref_id,
740 orgu_ua.orgu_id AS perm_for_orgu_id,
741 auth.scope AS perm_orgu_scope,
742 orgu_ua.position_id AS perm_for_position_id,
743 auth.over AS perm_over_user_with_position
744 FROM
745 object_data AS obj
746 INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
747 INNER JOIN il_orgu_permissions AS perm ON perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%' AND perm.parent_id = -1
748 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
749 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
750 ->getId() . "
751 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
752
753 WHERE
754 obj.type = '" . $context . "'
755 AND (obj_ref.ref_id , orgu_ua.position_id)
756
757 NOT IN (SELECT
758 perm.parent_id, orgu_ua.position_id
759 FROM
760 il_orgu_permissions AS perm
761 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
762 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
763 WHERE perm.parent_id <> -1)
764 );";
765
766 $DIC->database()->manipulate($q);
767
768 return $temporary_table_name;
769 }
770
771
779 public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
780 $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
781 $context = self::DEFAULT_CONTEXT,
782 $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
783 ) {
784 global $DIC;
785
786 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
790 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
791
792 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
793 . self::DEFAULT_CONTEXT
794 ) {
795 $this->dropTempTable($temporary_table_name);
796 }
797
798 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
799 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
800 AS (
801 SELECT
802 orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
803 orgu_ua.orgu_id AS perm_for_orgu_id,
804 auth.scope AS perm_orgu_scope,
805 orgu_ua.position_id AS perm_for_position_id,
806 auth.over AS perm_over_user_with_position
807 FROM
808 il_orgu_permissions AS perm
809 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
810 . $GLOBALS['DIC']->user()->getId() . "
811 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
812 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
813 WHERE
814 perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
815 );";
816
817 $DIC->database()->manipulate($q);
818
819 return $temporary_table_name;
820 }
821
822
829 public function buildTempTableCourseMemberships($temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids = array())
830 {
831 global $DIC;
832
833 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
834
835 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
836 || count($only_courses_of_user_ids) > 0
837 ) {
838 $this->dropTempTable($temporary_table_name);
839 }
840
841 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
842 (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
843 AS (
844 SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
845 FROM (
846 SELECT obj_id, usr_id FROM obj_members WHERE member = 1
847 AND " . $DIC->database()->in('obj_members.usr_id', $only_courses_of_user_ids, false, 'integer') . "
848 UNION
849 SELECT obj_id, usr_id FROM crs_waiting_list
850 WHERE " . $DIC->database()->in('crs_waiting_list.usr_id', $only_courses_of_user_ids, false, 'integer') . "
851 UNION
852 SELECT obj_id, usr_id FROM il_subscribers
853 WHERE " . $DIC->database()->in('il_subscribers.usr_id', $only_courses_of_user_ids, false, 'integer') . "
854 ) AS crs_members
855 INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
856 INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
857 );";
858
859 $DIC->database()->manipulate($q);
860
861 return $temporary_table_name;
862 }
863
864
871 public function buildTempTableOrguMemberships($temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids = array())
872 {
873 global $DIC;
874
875 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
876
877 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
878 || count($only_orgus_of_user_ids) > 0
879 ) {
880 $this->dropTempTable($temporary_table_name);
881 }
882
883 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
884 (INDEX i1(orgu_id), INDEX i2 (tree_path), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
885 AS (
886 SELECT orgu_ua.orgu_id AS orgu_id,
887 tree_orgu.path AS tree_path,
888 tree_orgu.child AS tree_child,
889 tree_orgu.parent AS tree_parent,
890 tree_orgu.lft AS tree_lft,
891 tree_orgu.rgt AS tree_rgt,
892 orgu_ua.position_id AS user_position_id,
893 orgu_ua.user_id AS user_id
894 FROM
895 il_orgu_ua AS orgu_ua
896 INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
897 LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
898
899 if (count($only_orgus_of_user_ids) > 0) {
900 $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
901 }
902
903 $q .= ");";
904
905 $DIC->database()->manipulate($q);
906
907 return $temporary_table_name;
908 }
909
910
916 public function dropTempTable($temporary_table_name)
917 {
918 global $DIC;
919
920 $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
921 $DIC->database()->manipulate($q);
922
923 return true;
924 }
925}
user
user()
Definition: user.php:4
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
php
An exception for terminatinating execution or to throw for unit testing.
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships($temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:829
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperationAndContext
getIdsForPositionAndOperationAndContext(int $position_id, string $operation, string $context, bool $return_ref_id)
returns all obj_ids/ref_ids (depending on flag "ref_id") of objects of type $context,...
Definition: class.ilMyStaffAccess.php:430
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable($temporary_table_name)
Definition: class.ilMyStaffAccess.php:916
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:470
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext( $user_id, $org_unit_operation_string=self::DEFAULT_ORG_UNIT_OPERATION, $context=self::DEFAULT_CONTEXT, $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:262
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:403
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships($temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:871
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser($user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:310
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:381
ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:17
ilOrgUnitOperationContextQueries
Class ilOrgUnitOperationContextQueries.
Definition: class.ilOrgUnitOperationContextQueries.php:9
ilOrgUnitOperationContext
Class ilOrgUnitOperationContext.
Definition: class.ilOrgUnitOperationContext.php:9
ilOrgUnitOperationQueries
Class ilOrgUnitOperationQueries.
Definition: class.ilOrgUnitOperationQueries.php:9
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString($operation_string, $context_name)
Definition: class.ilOrgUnitOperationQueries.php:115
ilOrgUnitOperation
Class ilOrgUnitOperation.
Definition: class.ilOrgUnitOperation.php:9
ilOrgUnitUserAssignmentQueries
Class ilOrgUnitUserAssignmentQueries.
Definition: class.ilOrgUnitUserAssignmentQueries.php:9
$query
$query
Definition: proxy_ylocal.php:13
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$context
$context
Definition: webdav.php:26
$DIC
$DIC
Definition: xapitoken.php:46