ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilMyStaffAccess.php
Go to the documentation of this file.
1 <?php
2 
3 namespace ILIAS\MyStaff;
4 
5 use ilObjectAccess;
6 use ilOrgUnitOperation;
7 use ilOrgUnitOperationContext;
8 use ilOrgUnitOperationContextQueries;
9 use ilOrgUnitOperationQueries;
10 use ilOrgUnitUserAssignmentQueries;
11 
17 class ilMyStaffAccess extends ilObjectAccess
18 {
19 
20  const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
21  const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
22  const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
23  const TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
24  const TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
25  const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
26  const DEFAULT_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
27  const DEFAULT_CONTEXT = 'crs';
31  protected static $instance = null;
35  protected static $orgu_users_of_current_user_show_staff_permission;
36 
37 
41  public static function getInstance()
42  {
43  global $DIC;
44 
45  if (self::$instance === null) {
46  self::$instance = new self();
47 
48  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
49  . self::DEFAULT_CONTEXT);
50  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION
51  . "_" . self::DEFAULT_CONTEXT);
52  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION
53  . "_" . self::DEFAULT_CONTEXT);
54  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
55  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
56  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
57  . self::DEFAULT_CONTEXT);
58  }
59 
60  return self::$instance;
61  }
62 
63 
67  private function __construct()
68  {
69  }
70 
71 
75  public function hasCurrentUserAccessToMyStaff() : bool
76  {
77  global $DIC;
78 
79  if ($DIC->rbac()->system()->checkAccess('visible', SYSTEM_FOLDER_ID)) {
80  return true;
81  }
82 
83  if (!$DIC->settings()->get("enable_my_staff")) {
84  return false;
85  }
86 
87  if ($this->hasCurrentUserAccessToUser()) {
88  return true;
89  }
90 
91  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_ACCESS_ENROLMENTS, self::DEFAULT_CONTEXT)
92  > 0
93  ) {
94  return true;
95  }
96 
97  if ($this->hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser()) {
98  return true;
99  }
100 
101  if ($this->hasCurrentUserAccessToCertificates()) {
102  return true;
103  }
104 
105  if ($this->hasCurrentUserAccessToCompetences()) {
106  true;
107  }
108 
109  return false;
110  }
111 
112 
116  public function hasCurrentUserAccessToCertificates() : bool
117  {
118  global $DIC;
119 
120  if (!$DIC->settings()->get("enable_my_staff")) {
121  return false;
122  }
123 
124  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_CERTIFICATES, self::DEFAULT_CONTEXT)
125  > 0
126  ) {
127  return true;
128  }
129 
130  return false;
131  }
132 
133 
137  public function hasCurrentUserAccessToCompetences() : bool
138  {
139  global $DIC;
140 
141  if (!$DIC->settings()->get("enable_my_staff")) {
142  return false;
143  }
144 
145  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::DEFAULT_CONTEXT)
146  > 0
147  ) {
148  return true;
149  }
150 
151  return false;
152  }
153 
154 
160  public function hasCurrentUserAccessToUser($usr_id = 0) : bool
161  {
162  global $DIC;
163 
164  $arr_users = $this->getUsersForUser($DIC->user()->getId());
165  if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
166  return true;
167  }
168 
169  return false;
170  }
171 
172 
178  public function hasCurrentUserAccessToLearningProgressInObject($ref_id = 0) : bool
179  {
180  global $DIC;
181 
182  return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
183  }
184 
185 
189  public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser() : bool
190  {
191  global $DIC;
192 
193  $arr_usr_id = $this->getUsersForUserOperationAndContext($DIC->user()
194  ->getId(), ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, self::DEFAULT_CONTEXT);
195  if (count($arr_usr_id) > 0) {
196  return true;
197  }
198 
199  return false;
200  }
201 
202 
208  public function countOrgusOfUserWithAtLeastOneOperation($user_id)
209  {
210  global $DIC;
211 
212  $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
213  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
214  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
215  WHERE orgu_ua.user_id = " . $DIC->database()->quote($user_id, 'integer') . " AND perm.operations is not NULL AND perm.parent_id = -1";
216 
217  $set = $DIC->database()->query($q);
218  $rec = $DIC->database()->fetchAssoc($set);
219 
220  return $rec['cnt'];
221  }
222 
223 
231  public function countOrgusOfUserWithOperationAndContext($user_id, $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, $context = self::DEFAULT_CONTEXT)
232  {
233  global $DIC;
234 
238  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
239 
240  $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
241  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
242  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
243  and orgu_ua.user_id = " . $DIC->database()->quote($user_id, 'integer') . " AND perm.operations LIKE '%\""
244  . $operation->getOperationId() . "\"%'
245  WHERE perm.parent_id = -1";
246 
247  $set = $DIC->database()->query($q);
248  $rec = $DIC->database()->fetchAssoc($set);
249 
250  return $rec['cnt'];
251  }
252 
253 
262  public function getUsersForUserOperationAndContext(
263  $user_id,
264  $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
265  $context = self::DEFAULT_CONTEXT,
266  $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
267  ) {
268  global $DIC;
269 
270  $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext($user_id, $org_unit_operation_string, $context, $tmp_table_name_prefix);
271 
272  $q = 'SELECT usr_id FROM ' . $tmp_table_name;
273 
274  $user_set = $DIC->database()->query($q);
275 
276  $arr_users = array();
277 
278  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
279  $arr_users[$rec['usr_id']] = $rec['usr_id'];
280  }
281 
282  return $arr_users;
283  }
284 
285 
291  public function getUsersForUserPerPosition($user_id) : array
292  {
293  $users = [];
294  $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
295  foreach ($user_assignments as $user_assignment) {
296  $users[$user_assignment->getPositionId()] = $this->getUsersForUser($user_id, $user_assignment->getPositionId());
297  }
298 
299  return $users;
300  }
301 
302 
310  public function getUsersForUser($user_id, ?int $position_id = null) : array
311  {
312  global $DIC;
313 
314  $tmp_orgu_members = $this->buildTempTableOrguMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array());
315 
316  $position_limitation = '';
317  if (!is_null($position_id)) {
318  $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
319  }
320 
321  $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
322  FROM
323  " . $tmp_orgu_members . "
324  INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote($user_id, 'integer') . "
325  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
326  WHERE
327  (
328  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
329  (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
330  AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
331  )
332  OR
333  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
334  (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
335  OR
336  /* Kinder OrgUnit wie Current User */
337  (
338  (
339  " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
340  " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
341  OR
342  " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
343  )
344  AND
345  (
346  (
347  (
348  /* Gleiche Position */
349  auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
350  )
351  OR
352  (
353  /* Position Egal */
354  auth.over = -1
355  )
356  )
357  AND auth.scope = 2
358  )
359  )
360  )";
361 
362  $user_set = $DIC->database()->query($q);
363 
364  $arr_users = array();
365 
366  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
367  $arr_users[$rec['usr_id']] = $rec['usr_id'];
368  }
369 
370  return $arr_users;
371  }
372 
373 
381  public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false) : array
382  {
383  $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
384  $ids = [];
385  foreach ($user_assignments as $user_assignment) {
386  $ref_ids = $this->getIdsForPositionAndOperation($user_assignment->getPositionId(), $operation, $return_ref_id);
387  if(count($ref_ids) > 0) {
388  $ids = array_merge($ids, $ref_ids);
389  }
390  }
391 
392  return $ids;
393  }
394 
395 
403  public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id) : array
404  {
405  $ids = [];
406  foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
407  $ref_ids = $this->getIdsForPositionAndOperationAndContext($position_id, $operation, $context, $return_ref_id);
408  if(count($ref_ids) > 0) {
409  $ids = array_merge($ids, $ref_ids);
410  }
411  }
412 
413  return $ids;
414  }
415 
416 
430  public function getIdsForPositionAndOperationAndContext(int $position_id, string $operation, string $context, bool $return_ref_id) : array
431  {
432  global $DIC;
433  $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
434  $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
435  if (is_null($operation_object)) {
436  // operation doesn't exist in this context
437  return [];
438  }
439  $operation_id = $operation_object->getOperationId();
440 
441  if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
442  $query = 'select ' . ($return_ref_id ? 'object_reference.ref_id' : 'object_data.obj_id') . ' from object_data ' .
443  'inner join object_reference on object_reference.obj_id = object_data.obj_id ' .
444  'where type = "' . $context . '" ' .
445  'AND object_reference.ref_id not in ' .
446  ' (SELECT parent_id FROM il_orgu_permissions ' .
447  ' where position_id = ' . $position_id . ' and context_id = ' . $context_id . ' and operations not like \'%"' . $operation_id . '"%\' and parent_id <> -1)';
448  } else {
449  $query = $return_ref_id
450  ?
451  'SELECT parent_id as ref_id FROM il_orgu_permissions '
452  :
453  'SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ';
454  $query .= ' where position_id = ' . $position_id . ' and context_id = ' . $context_id . ' and operations like \'%"' . $operation_id . '"%\' and parent_id <> -1';
455  }
456 
457  return array_map(function ($item) use ($return_ref_id) {
458  return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
459  }, $DIC->database()->fetchAll($DIC->database()->query($query)));
460  }
461 
462 
470  public function hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id) : bool
471  {
472  global $DIC;
473  $res = $DIC->database()->query('SELECT * FROM il_orgu_permissions ' .
474  ' WHERE context_id = ' . $context_id . ' ' .
475  'AND operations LIKE \'%"' . $operation_id . '"%\' ' .
476  'AND position_id = ' . $position_id . ' ' .
477  'AND parent_id = -1');
478 
479  return (bool) $DIC->database()->numRows($res) > 0;
480  }
481 
482 
490  public function getIlobjectsAndUsersForUserOperationAndContext($user_id, $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, $context = self::DEFAULT_CONTEXT)
491  {
492  global $DIC;
493 
497  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
498 
499  $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
500 
501  $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext($user_id, $org_unit_operation_string, $context, $tmp_table_name);
502 
503  $q = 'SELECT * FROM ' . $tmp_table_name;
504 
505  $user_set = $DIC->database()->query($q);
506 
507  $arr_user_obj = array();
508 
509  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
510  $arr_user_obj[] = $rec;
511  }
512 
513  return $arr_user_obj;
514  }
515 
516 
525  public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
526  $user_id,
527  $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
528  $context = self::DEFAULT_CONTEXT,
529  $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
530  ) {
531  global $DIC;
532 
533  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
534 
538  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
539 
540  $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
541 
542  $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
543  $org_unit_operation_string,
544  $context,
545  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
546  );
547 
548  $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
549  $org_unit_operation_string,
550  $context,
551  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
552  );
553 
554  $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
555  $org_unit_operation_string,
556  $context,
557  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
558  );
559 
560  $tmp_table_course_members = $this->buildTempTableCourseMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, $all_users_for_user);
561 
562  $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, $all_users_for_user);
563 
564  $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships('tmp_orgu_members_path', $all_users_for_user);
565 
566  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
567  . self::DEFAULT_CONTEXT
568  ) {
569  $this->dropTempTable($temporary_table_name);
570  }
571 
572  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
573  SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
574  (
575  SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
576  (
577  SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
578  UNION
579  SELECT * FROM " . $tmp_table_objects_default_perimissions . "
580  ) AS crs
581  INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
582  and (
583  (
584  " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
585  )
586  or perm_orgu_scope = 2
587  )
588  UNION
589  SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
590  . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
591  INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
592  . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
593  and (
594  (
595  " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
596  . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
597  )
598  or perm_orgu_scope = 2
599  )
600 
601  ) AS user_perm_matrix
602  INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
603 
604  INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote($user_id, 'integer') . "
605  INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
606  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
607  and perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
608 
609  AND
610  (
611  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
612  (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
613  AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
614  )
615  OR
616  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
617  (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
618  OR
619  /* Kinder OrgUnit wie Current User */
620  (
621  orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
622  AND
623  (
624  path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
625  path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
626  OR
627  path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
628  )
629  AND
630  (
631  (
632  (
633  /* Gleiche Position */
634  orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
635  )
636  OR
637  (
638  /* Position Egal */
639  user_perm_matrix.perm_over_user_with_position = -1
640  )
641  )
642  AND user_perm_matrix.perm_orgu_scope = 2
643  )
644  )
645  )
646  );";
647 
648  $DIC->database()->manipulate($q);
649 
650  return $temporary_table_name;
651  }
652 
653 
661  public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
662  $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
663  $context = self::DEFAULT_CONTEXT,
664  $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
665  ) {
666  global $DIC;
667 
668  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
669 
673  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
674 
675  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
676  . self::DEFAULT_CONTEXT
677  ) {
678  $this->dropTempTable($temporary_table_name);
679  }
680 
681  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
682  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
683  AS (
684  SELECT
685  obj_ref.ref_id AS perm_for_ref_id,
686  orgu_ua.orgu_id AS perm_for_orgu_id,
687  auth.scope AS perm_orgu_scope,
688  orgu_ua.position_id AS perm_for_position_id,
689  auth.over AS perm_over_user_with_position
690  FROM
691  il_orgu_permissions AS perm
692  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
693  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
694  ->getId() . "
695  INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
696  INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
697  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
698  WHERE
699  perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
700  );";
701 
702  $DIC->database()->manipulate($q);
703 
704  return $temporary_table_name;
705  }
706 
707 
715  public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
716  $org_unit_operation_string = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS,
717  $context = self::DEFAULT_CONTEXT,
718  $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
719  ) {
720  global $DIC;
721 
722  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
723 
727  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
728 
729  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
730  . self::DEFAULT_CONTEXT
731  ) {
732  $this->dropTempTable($temporary_table_name);
733  }
734 
735  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
736  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
737  AS (
738  SELECT
739  obj_ref.ref_id AS perm_for_ref_id,
740  orgu_ua.orgu_id AS perm_for_orgu_id,
741  auth.scope AS perm_orgu_scope,
742  orgu_ua.position_id AS perm_for_position_id,
743  auth.over AS perm_over_user_with_position
744  FROM
745  object_data AS obj
746  INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
747  INNER JOIN il_orgu_permissions AS perm ON perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%' AND perm.parent_id = -1
748  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
749  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
750  ->getId() . "
751  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
752 
753  WHERE
754  obj.type = '" . $context . "'
755  AND (obj_ref.ref_id , orgu_ua.position_id)
756 
757  NOT IN (SELECT
758  perm.parent_id, orgu_ua.position_id
759  FROM
760  il_orgu_permissions AS perm
761  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
762  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
763  WHERE perm.parent_id <> -1)
764  );";
765 
766  $DIC->database()->manipulate($q);
767 
768  return $temporary_table_name;
769  }
770 
771 
779  public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
780  $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
781  $context = self::DEFAULT_CONTEXT,
782  $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
783  ) {
784  global $DIC;
785 
786  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
790  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
791 
792  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::DEFAULT_ORG_UNIT_OPERATION . "_"
793  . self::DEFAULT_CONTEXT
794  ) {
795  $this->dropTempTable($temporary_table_name);
796  }
797 
798  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
799  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
800  AS (
801  SELECT
802  orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
803  orgu_ua.orgu_id AS perm_for_orgu_id,
804  auth.scope AS perm_orgu_scope,
805  orgu_ua.position_id AS perm_for_position_id,
806  auth.over AS perm_over_user_with_position
807  FROM
808  il_orgu_permissions AS perm
809  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
810  . $GLOBALS['DIC']->user()->getId() . "
811  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
812  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
813  WHERE
814  perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
815  );";
816 
817  $DIC->database()->manipulate($q);
818 
819  return $temporary_table_name;
820  }
821 
822 
829  public function buildTempTableCourseMemberships($temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids = array())
830  {
831  global $DIC;
832 
833  $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
834 
835  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
836  || count($only_courses_of_user_ids) > 0
837  ) {
838  $this->dropTempTable($temporary_table_name);
839  }
840 
841  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
842  (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
843  AS (
844  SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
845  FROM (
846  SELECT obj_id, usr_id FROM obj_members WHERE member = 1
847  AND " . $DIC->database()->in('obj_members.usr_id', $only_courses_of_user_ids, false, 'integer') . "
848  UNION
849  SELECT obj_id, usr_id FROM crs_waiting_list
850  WHERE " . $DIC->database()->in('crs_waiting_list.usr_id', $only_courses_of_user_ids, false, 'integer') . "
851  UNION
852  SELECT obj_id, usr_id FROM il_subscribers
853  WHERE " . $DIC->database()->in('il_subscribers.usr_id', $only_courses_of_user_ids, false, 'integer') . "
854  ) AS crs_members
855  INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
856  INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
857  );";
858 
859  $DIC->database()->manipulate($q);
860 
861  return $temporary_table_name;
862  }
863 
864 
871  public function buildTempTableOrguMemberships($temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids = array())
872  {
873  global $DIC;
874 
875  $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
876 
877  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
878  || count($only_orgus_of_user_ids) > 0
879  ) {
880  $this->dropTempTable($temporary_table_name);
881  }
882 
883  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
884  (INDEX i1(orgu_id), INDEX i2 (tree_path), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
885  AS (
886  SELECT orgu_ua.orgu_id AS orgu_id,
887  tree_orgu.path AS tree_path,
888  tree_orgu.child AS tree_child,
889  tree_orgu.parent AS tree_parent,
890  tree_orgu.lft AS tree_lft,
891  tree_orgu.rgt AS tree_rgt,
892  orgu_ua.position_id AS user_position_id,
893  orgu_ua.user_id AS user_id
894  FROM
895  il_orgu_ua AS orgu_ua
896  INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
897  LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
898 
899  if (count($only_orgus_of_user_ids) > 0) {
900  $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
901  }
902 
903  $q .= ");";
904 
905  $DIC->database()->manipulate($q);
906 
907  return $temporary_table_name;
908  }
909 
910 
916  public function dropTempTable($temporary_table_name)
917  {
918  global $DIC;
919 
920  $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
921  $DIC->database()->manipulate($q);
922 
923  return true;
924  }
925 }
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:403
$context
$context
Definition: webdav.php:26
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:470
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:381
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships($temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:829
user
user()
Definition: user.php:4
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser($user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:310
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext( $user_id, $org_unit_operation_string=self::DEFAULT_ORG_UNIT_OPERATION, $context=self::DEFAULT_CONTEXT, $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:262
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
$DIC
$DIC
Definition: xapitoken.php:46
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable($temporary_table_name)
Definition: class.ilMyStaffAccess.php:916
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString($operation_string, $context_name)
Definition: class.ilOrgUnitOperationQueries.php:115
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperationAndContext
getIdsForPositionAndOperationAndContext(int $position_id, string $operation, string $context, bool $return_ref_id)
returns all obj_ids/ref_ids (depending on flag "ref_id") of objects of type $context, to which the position with $position_id has permissions on the operation with $operation_id
Definition: class.ilMyStaffAccess.php:430
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships($temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:871