ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2019 ILIAS open source, Extended GPL, see docs/LICENSE */
4
12{
16 protected $user;
17
21 protected $lng;
22
26 protected $rbacsystem;
27
31 protected $access;
32
33
37 public function __construct()
38 {
39 global $DIC;
40
41 $this->user = $DIC->user();
42 $this->lng = $DIC->language();
43 $this->rbacsystem = $DIC->rbac()->system();
44 $this->access = $DIC->access();
45 }
46
47
51 public static function getConditionOperators()
52 {
53 return array(
55 );
56 }
57
58
67 public static function checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
68 {
69 switch ($a_operator) {
71 if (ilObjSurveyAccess::_lookupFinished($a_svy_id, $a_usr_id)) {
72 return true;
73 } else {
74 return false;
75 }
76 break;
77
78 default:
79 return true;
80 }
81 return true;
82 }
83
99 public function _checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id = "")
100 {
104 $ilAccess = $this->access;
105
106 if ($a_user_id == "") {
107 $a_user_id = $ilUser->getId();
108 }
109
110 $is_admin = $rbacsystem->checkAccessOfUser($a_user_id, 'write', $a_ref_id);
111
112 switch ($a_permission) {
113 case "visible":
114 case "read":
116 !$is_admin) {
117 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
118 return false;
119 }
120 break;
121 }
122
123 switch ($a_cmd) {
124 case "run":
126 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
127 return false;
128 }
129 break;
130
131 case "evaluation":
133 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
134 return false;
135 }
136 if ($rbacsystem->checkAccess("write", $a_ref_id) || ilObjSurveyAccess::_hasEvaluationAccess($a_obj_id, $a_user_id)) {
137 return true;
138 } else {
139 $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
140 return false;
141 }
142 break;
143 }
144
145 return true;
146 }
147
148
161 public static function _getCommands()
162 {
163 $commands = array(
164 array("permission" => "read", "cmd" => "infoScreen", "lang_var" => "svy_run", "default" => true),
165 array("permission" => "write", "cmd" => "questionsrepo", "lang_var" => "edit_questions"),
166 array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
167 array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
168 );
169
170 return $commands;
171 }
172
173 //
174 // object specific access related methods
175 //
176
180 public static function _lookupCreationComplete($a_obj_id)
181 {
182 global $DIC;
183
184 $ilDB = $DIC->database();
185
186 $result = $ilDB->queryF(
187 "SELECT * FROM svy_svy WHERE obj_fi=%s",
188 array('integer'),
189 array($a_obj_id)
190 );
191
192 if ($result->numRows() == 1) {
193 $row = $ilDB->fetchAssoc($result);
194 }
195 if (!$row["complete"]) {
196 return false;
197 }
198 return true;
199 }
200
204 public static function _lookupEvaluationAccess($a_obj_id)
205 {
206 global $DIC;
207
208 $ilDB = $DIC->database();
209
210 $result = $ilDB->queryF(
211 "SELECT * FROM svy_svy WHERE obj_fi=%s",
212 array('integer'),
213 array($a_obj_id)
214 );
215 if ($result->numRows() == 1) {
216 $row = $ilDB->fetchAssoc($result);
217 }
218
219 return $row["evaluation_access"];
220 }
221
222 public static function _isSurveyParticipant($user_id, $survey_id)
223 {
224 global $DIC;
225
226 $ilDB = $DIC->database();
227
228 $result = $ilDB->queryF(
229 "SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
230 array('integer','integer'),
231 array($user_id, $survey_id)
232 );
233 return ($result->numRows() == 1) ? true : false;
234 }
235
236 public static function _lookupAnonymize($a_obj_id)
237 {
238 global $DIC;
239
240 $ilDB = $DIC->database();
241
242 $result = $ilDB->queryF(
243 "SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
244 array('integer'),
245 array($a_obj_id)
246 );
247 if ($result->numRows() == 1) {
248 $row = $ilDB->fetchAssoc($result);
249 return $row["anonymize"];
250 } else {
251 return 0;
252 }
253 }
254
255 public static function _hasEvaluationAccess($a_obj_id, $user_id)
256 {
257 $evaluation_access = ilObjSurveyAccess::_lookupEvaluationAccess($a_obj_id);
258 switch ($evaluation_access) {
259 case 0:
260 // no evaluation access
261 return false;
262 break;
263 case 1:
264 // evaluation access for all registered users
265 if (($user_id > 0) && ($user_id != ANONYMOUS_USER_ID)) {
266 return true;
267 } else {
268 return false;
269 }
270 break;
271 case 2:
272 $svy_mode = self::_lookupMode($a_obj_id);
273 switch ($svy_mode) {
275 $svy = new ilObjSurvey($a_obj_id, false);
276 $svy->read();
277 switch ($svy->get360Results()) {
279 return false;
280
282 return $svy->isAppraiseeClosed($user_id);
283
285 return $svy->isAppraisee($user_id);
286 }
287 break;
288
290 $svy = new ilObjSurvey($a_obj_id, false);
291 $svy->read();
292 switch ($svy->getSelfEvaluationResults()) {
294 return false;
295 default:
296 return true;
297 }
298 break;
299
300 default:
301 // evaluation access for participants
302 // check if the user with the given id is a survey participant
303
304 // show the evaluation button for anonymized surveys for all users
305 // access is only granted with the survey access code
306 if (ilObjSurveyAccess::_lookupAnonymize($a_obj_id) == 1) {
307 return true;
308 }
309
310 global $DIC;
311
312 $ilDB = $DIC->database();
313 $result = $ilDB->queryF(
314 "SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
315 array('integer'),
316 array($a_obj_id)
317 );
318 if ($result->numRows() == 1) {
319 $row = $ilDB->fetchAssoc($result);
320
321 if (ilObjSurveyAccess::_isSurveyParticipant($user_id, $row["survey_id"])) {
322 return true;
323 }
324 }
325 return false;
326 break;
327 }
328 break;
329 }
330 }
331
332
338 public static function _lookupFinished($a_obj_id, $a_user_id = "")
339 {
340 global $DIC;
341
342 $ilDB = $DIC->database();
343 $ilUser = $DIC->user();
344
345 $finished = "";
346 if (!strlen($a_user_id)) {
347 $a_user_id = $ilUser->getId();
348 }
349
350 $result = $ilDB->queryF(
351 "SELECT * FROM svy_svy WHERE obj_fi = %s",
352 array('integer'),
353 array($a_obj_id)
354 );
355 if ($result->numRows() == 1) {
356 $row = $ilDB->fetchObject($result);
357 if ($row->anonymize == 1) {
358 $result = $ilDB->queryF(
359 "SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s " .
360 "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s " .
361 "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
362 array('integer','text'),
363 array($row->survey_id, md5($a_user_id))
364 );
365 } else {
366 $result = $ilDB->queryF(
367 "SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
368 array('integer','integer'),
369 array($row->survey_id, $a_user_id)
370 );
371 }
372 if ($result->numRows() == 1) {
373 $foundrow = $ilDB->fetchAssoc($result);
374 $finished = (int) $foundrow["state"];
375 }
376 }
377
378 return $finished;
379 }
380
386 public static function _lookupMode($a_obj_id)
387 {
388 global $DIC;
389 $ilDB = $DIC->database();
390
391 $result = $ilDB->queryF(
392 "SELECT mode FROM svy_svy" .
393 " WHERE obj_fi = %s",
394 array('integer'),
395 array($a_obj_id)
396 );
397
398 if ($result->numRows() == 1) {
399 $row = $ilDB->fetchAssoc($result);
400 }
401
402 return $row["mode"];
403 }
404
405 public static function _lookup360Mode($a_obj_id)
406 {
407 global $DIC;
408
409 $ilDB = $DIC->database();
410
411 $result = $ilDB->queryF(
412 "SELECT mode FROM svy_svy" .
413 " WHERE obj_fi = %s AND mode = %s",
414 array('integer','integer'),
415 array($a_obj_id, ilObjSurvey::MODE_360)
416 );
417 return (bool) $ilDB->numRows($result);
418 }
419
423 public static function _checkGoto($a_target)
424 {
425 global $DIC;
426
427 $ilAccess = $DIC->access();
428
429 $t_arr = explode("_", $a_target);
430
431 if ($t_arr[0] != "svy" || ((int) $t_arr[1]) <= 0) {
432 return false;
433 }
434
435 // 360° external raters
436 if ($_GET["accesscode"]) {
437 if (ilObjSurvey::validateExternalRaterCode($t_arr[1], $_GET["accesscode"])) {
438 return true;
439 }
440 }
441
442 if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||
443 $ilAccess->checkAccess("read", "", $t_arr[1])) {
444 return true;
445 }
446 return false;
447 }
448}
$result
user()
Definition: user.php:4
$_GET["client_id"]
An exception for terminatinating execution or to throw for unit testing.
const IL_NO_OBJECT_ACCESS
Class ilObjSurveyAccess.
static _isSurveyParticipant($user_id, $survey_id)
static _lookupEvaluationAccess($a_obj_id)
get evaluation access
static getConditionOperators()
Get possible conditions operators.
static _lookup360Mode($a_obj_id)
static _getCommands()
get commands
_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id="")
Checks wether a user may invoke a command or not (this method is called by ilAccessHandler::checkAcce...
static checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
check condition
static _lookupMode($a_obj_id)
Get survey mode.
static _lookupFinished($a_obj_id, $a_user_id="")
get finished status
static _lookupCreationComplete($a_obj_id)
checks wether all necessary parts of the survey are given
static _checkGoto($a_target)
check whether goto script will succeed
static _hasEvaluationAccess($a_obj_id, $user_id)
static _lookupAnonymize($a_obj_id)
Class ilObjSurvey.
const RESULTS_SELF_EVAL_NONE
static validateExternalRaterCode($a_ref_id, $a_code)
Class ilObjectAccess.
Interface for condition handling.
global $ilDB
$ilUser
Definition: imgupload.php:18
$DIC
Definition: xapitoken.php:46