ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilMyStaffAccess.php
Go to the documentation of this file.
1<?php
2
3namespace ILIAS\MyStaff;
4
5use ilObjectAccess;
6use ilOrgUnitOperation;
7use ilOrgUnitOperationContext;
8use ilOrgUnitOperationContextQueries;
9use ilOrgUnitOperationQueries;
10use ilOrgUnitUserAssignmentQueries;
11
17class ilMyStaffAccess extends ilObjectAccess
18{
19
20 const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
21 const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
22 const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
23 const TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
24 const TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
25 const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
26 const ACCESS_ENROLMENTS_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
27 const COURSE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_CRS;
28 const EXERCISE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_EXC;
29 const GROUP_CONTEXT = ilOrgUnitOperationContext::CONTEXT_GRP;
30 const SURVEY_CONTEXT = ilOrgUnitOperationContext::CONTEXT_SVY;
31 const TEST_CONTEXT = ilOrgUnitOperationContext::CONTEXT_TST;
32
36 protected static $instance = null;
37
41 protected $users_for_user = [];
42
46 public static function getInstance()
47 {
48 global $DIC;
49
50 if (self::$instance === null) {
51 self::$instance = new self();
52
53 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
54 . self::COURSE_CONTEXT);
55 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
56 . "_" . self::COURSE_CONTEXT);
57 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
58 . "_" . self::COURSE_CONTEXT);
59 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
60 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
61 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
62 . self::COURSE_CONTEXT);
63 }
64
65 return self::$instance;
66 }
67
68
72 private function __construct()
73 {
74 }
75
76
80 public function hasCurrentUserAccessToMyStaff() : bool
81 {
82 global $DIC;
83
84 if (!$DIC->settings()->get("enable_my_staff")) {
85 return false;
86 }
87
88 if ($this->hasCurrentUserAccessToCourseMemberships()) {
89 return true;
90 }
91
92 if ($this->hasCurrentUserAccessToCertificates()) {
93 return true;
94 }
95
96 if ($this->hasCurrentUserAccessToCompetences()) {
97 return true;
98 }
99
100 if ($this->hasCurrentUserAccessToUser()) {
101 return true;
102 }
103
104 return false;
105 }
106
107
111 public function hasCurrentUserAccessToCertificates() : bool
112 {
113 global $DIC;
114
115 if (!$DIC->settings()->get("enable_my_staff")) {
116 return false;
117 }
118
119 $cert_set = new \ilSetting("certificate");
120 if (!$cert_set->get("active")) {
121 return false;
122 }
123
124 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_CERTIFICATES, self::COURSE_CONTEXT)
125 > 0
126 ) {
127 return true;
128 }
129
130 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_CERTIFICATES, self::EXERCISE_CONTEXT)
131 > 0
132 ) {
133 return true;
134 }
135
136 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_CERTIFICATES, self::TEST_CONTEXT)
137 > 0
138 ) {
139 return true;
140 }
141
142 return false;
143 }
144
145
149 public function hasCurrentUserAccessToCompetences() : bool
150 {
151 global $DIC;
152
153 if (!$DIC->settings()->get("enable_my_staff")) {
154 return false;
155 }
156
157 $skmg_set = new \ilSkillManagementSettings();
158 if (!$skmg_set->isActivated()) {
159 return false;
160 }
161
162 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::COURSE_CONTEXT)
163 > 0
164 ) {
165 return true;
166 }
167
168 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::GROUP_CONTEXT)
169 > 0
170 ) {
171 return true;
172 }
173
174 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::SURVEY_CONTEXT)
175 > 0
176 ) {
177 return true;
178 }
179
180 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::TEST_CONTEXT)
181 > 0
182 ) {
183 return true;
184 }
185
186 return false;
187 }
188
189 public function hasCurrentUserAccessToCourseMemberships() : bool
190 {
191 global $DIC;
192
193 if (!$DIC->settings()->get("enable_my_staff")) {
194 return false;
195 }
196
197 if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION, self::COURSE_CONTEXT)
198 > 0
199 ) {
200 return true;
201 }
202
203 return false;
204 }
205
211 public function hasCurrentUserAccessToUser($usr_id = 0) : bool
212 {
213 global $DIC;
214
215 if (!$DIC->settings()->get("enable_my_staff")) {
216 return false;
217 }
218
219 $arr_users = $this->getUsersForUser($DIC->user()->getId());
220 if (count($arr_users) > 0 && $usr_id === 0) {
221 return true;
222 }
223
224 if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
225 return true;
226 }
227
228 return false;
229 }
230
231
237 public function hasCurrentUserAccessToLearningProgressInObject($ref_id = 0) : bool
238 {
239 global $DIC;
240
241 return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
242 }
243
244
248 public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser() : bool
249 {
250 global $DIC;
251
252 $arr_usr_id = $this->getUsersForUserOperationAndContext($DIC->user()
253 ->getId(), ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, self::COURSE_CONTEXT);
254 if (count($arr_usr_id) > 0) {
255 return true;
256 }
257
258 return false;
259 }
260
261
267 public function countOrgusOfUserWithAtLeastOneOperation($user_id)
268 {
269 global $DIC;
270
271 $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
272 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
273 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
274 WHERE orgu_ua.user_id = " . $DIC->database()->quote($user_id, 'integer') . " AND perm.operations is not NULL AND perm.parent_id = -1";
275
276 $set = $DIC->database()->query($q);
277 $rec = $DIC->database()->fetchAssoc($set);
278
279 return $rec['cnt'];
280 }
281
282
290 public function countOrgusOfUserWithOperationAndContext($user_id, $org_unit_operation_string, $context)
291 {
292 global $DIC;
293
297 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
298
299 $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
300 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
301 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
302 and orgu_ua.user_id = " . $DIC->database()->quote($user_id, 'integer') . " AND perm.operations LIKE '%\""
303 . $operation->getOperationId() . "\"%'
304 WHERE perm.parent_id = -1";
305
306 $set = $DIC->database()->query($q);
307 $rec = $DIC->database()->fetchAssoc($set);
308
309 return $rec['cnt'];
310 }
311
312
321 public function getUsersForUserOperationAndContext(
322 $user_id,
323 $org_unit_operation_string,
324 $context,
325 $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
326 ) {
327 global $DIC;
328
329 $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext($user_id, $org_unit_operation_string, $context, $tmp_table_name_prefix);
330
331 $q = 'SELECT usr_id FROM ' . $tmp_table_name;
332
333 $user_set = $DIC->database()->query($q);
334
335 $arr_users = array();
336
337 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
338 $arr_users[$rec['usr_id']] = $rec['usr_id'];
339 }
340
341 return $arr_users;
342 }
343
344
350 public function getUsersForUserPerPosition($user_id) : array
351 {
352 $users = [];
353 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
354 foreach ($user_assignments as $user_assignment) {
355 $users[$user_assignment->getPositionId()] = $this->getUsersForUser($user_id, $user_assignment->getPositionId());
356 }
357
358 return $users;
359 }
360
361
369 public function getUsersForUser($user_id, ?int $position_id = null) : array
370 {
371 global $DIC;
372
373 if (isset($this->users_for_user[$user_id]) && $position_id === null) {
374 return $this->users_for_user[$user_id];
375 }
376
377 $tmp_orgu_members = $this->buildTempTableOrguMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array());
378
379 $position_limitation = '';
380 if (!is_null($position_id)) {
381 $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
382 }
383
384 $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
385 FROM
386 " . $tmp_orgu_members . "
387 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote($user_id, 'integer') . "
388 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
389 WHERE
390 (
391 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
392 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
393 AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
394 )
395 OR
396 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
397 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
398 OR
399 /* Kinder OrgUnit wie Current User */
400 (
401 (
402 " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
403 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
404 OR
405 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
406 )
407 AND
408 (
409 (
410 (
411 /* Gleiche Position */
412 auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
413 )
414 OR
415 (
416 /* Position Egal */
417 auth.over = -1
418 )
419 )
420 AND auth.scope = 2
421 )
422 )
423 )";
424
425 $user_set = $DIC->database()->query($q);
426
427 $arr_users = array();
428
429 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
430 $arr_users[$rec['usr_id']] = $rec['usr_id'];
431 }
432
433 if ($position_id === null) {
434 $this->users_for_user[$user_id] = $arr_users;
435 }
436
437 return $arr_users;
438 }
439
440
448 public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false) : array
449 {
450 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
451 $ids = [];
452 foreach ($user_assignments as $user_assignment) {
453 $ref_ids = $this->getIdsForPositionAndOperation($user_assignment->getPositionId(), $operation, $return_ref_id);
454 if(count($ref_ids) > 0) {
455 $ids = array_merge($ids, $ref_ids);
456 }
457 }
458
459 return $ids;
460 }
461
462
470 public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id) : array
471 {
472 $ids = [];
473 foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
474 $ref_ids = $this->getIdsForPositionAndOperationAndContext($position_id, $operation, $context, $return_ref_id);
475 if(count($ref_ids) > 0) {
476 $ids = array_merge($ids, $ref_ids);
477 }
478 }
479
480 return $ids;
481 }
482
483
497 public function getIdsForPositionAndOperationAndContext(int $position_id, string $operation, string $context, bool $return_ref_id) : array
498 {
499 global $DIC;
500 $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
501 $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
502 if (is_null($operation_object)) {
503 // operation doesn't exist in this context
504 return [];
505 }
506 $operation_id = $operation_object->getOperationId();
507
508 if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
509 $query = 'select ' . ($return_ref_id ? 'object_reference.ref_id' : 'object_data.obj_id') . ' from object_data ' .
510 'inner join object_reference on object_reference.obj_id = object_data.obj_id ' .
511 'where type = "' . $context . '" ' .
512 'AND object_reference.ref_id not in ' .
513 ' (SELECT parent_id FROM il_orgu_permissions ' .
514 ' where position_id = ' . $position_id . ' and context_id = ' . $context_id . ' and operations not like \'%"' . $operation_id . '"%\' and parent_id <> -1)';
515 } else {
516 $query = $return_ref_id
517 ?
518 'SELECT parent_id as ref_id FROM il_orgu_permissions '
519 :
520 'SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ';
521 $query .= ' where position_id = ' . $position_id . ' and context_id = ' . $context_id . ' and operations like \'%"' . $operation_id . '"%\' and parent_id <> -1';
522 }
523
524 return array_map(function ($item) use ($return_ref_id) {
525 return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
526 }, $DIC->database()->fetchAll($DIC->database()->query($query)));
527 }
528
529
537 public function hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id) : bool
538 {
539 global $DIC;
540 $res = $DIC->database()->query('SELECT * FROM il_orgu_permissions ' .
541 ' WHERE context_id = ' . $context_id . ' ' .
542 'AND operations LIKE \'%"' . $operation_id . '"%\' ' .
543 'AND position_id = ' . $position_id . ' ' .
544 'AND parent_id = -1');
545
546 return (bool) $DIC->database()->numRows($res) > 0;
547 }
548
549
557 public function getIlobjectsAndUsersForUserOperationAndContext($user_id, $org_unit_operation_string, $context)
558 {
559 global $DIC;
560
564 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
565
566 $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
567
568 $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext($user_id, $org_unit_operation_string, $context, $tmp_table_name);
569
570 $q = 'SELECT * FROM ' . $tmp_table_name;
571
572 $user_set = $DIC->database()->query($q);
573
574 $arr_user_obj = array();
575
576 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
577 $arr_user_obj[] = $rec;
578 }
579
580 return $arr_user_obj;
581 }
582
583
592 public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
593 $user_id,
594 $org_unit_operation_string,
595 $context,
596 $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
597 ) {
598 global $DIC;
599
600 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
601
605 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
606
607 $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
608
609 $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
610 $org_unit_operation_string,
611 $context,
612 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
613 );
614
615 $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
616 $org_unit_operation_string,
617 $context,
618 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
619 );
620
621 $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
622 $org_unit_operation_string,
623 $context,
624 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
625 );
626
627 $tmp_table_course_members = $this->buildTempTableCourseMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, $all_users_for_user);
628
629 $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, $all_users_for_user);
630
631 $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships('tmp_orgu_members_path', $all_users_for_user);
632
633 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
634 . self::COURSE_CONTEXT
635 ) {
636 $this->dropTempTable($temporary_table_name);
637 }
638
639 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
640 SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
641 (
642 SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
643 (
644 SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
645 UNION
646 SELECT * FROM " . $tmp_table_objects_default_perimissions . "
647 ) AS crs
648 INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
649 and (
650 (
651 " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
652 )
653 or perm_orgu_scope = 2
654 )
655 UNION
656 SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
657 . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
658 INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
659 . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
660 and (
661 (
662 " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
663 . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
664 )
665 or perm_orgu_scope = 2
666 )
667
668 ) AS user_perm_matrix
669 INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
670
671 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote($user_id, 'integer') . "
672 INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
673 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
674 and perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
675
676 AND
677 (
678 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
679 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
680 AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
681 )
682 OR
683 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
684 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
685 OR
686 /* Kinder OrgUnit wie Current User */
687 (
688 orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
689 AND
690 (
691 path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
692 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
693 OR
694 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
695 )
696 AND
697 (
698 (
699 (
700 /* Gleiche Position */
701 orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
702 )
703 OR
704 (
705 /* Position Egal */
706 user_perm_matrix.perm_over_user_with_position = -1
707 )
708 )
709 AND user_perm_matrix.perm_orgu_scope = 2
710 )
711 )
712 )
713 );";
714
715 $DIC->database()->manipulate($q);
716
717 return $temporary_table_name;
718 }
719
720
728 public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
729 $org_unit_operation_string,
730 $context,
731 $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
732 ) {
733 global $DIC;
734
735 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
736
740 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
741
742 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
743 . self::COURSE_CONTEXT
744 ) {
745 $this->dropTempTable($temporary_table_name);
746 }
747
748 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
749 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
750 AS (
751 SELECT
752 obj_ref.ref_id AS perm_for_ref_id,
753 orgu_ua.orgu_id AS perm_for_orgu_id,
754 auth.scope AS perm_orgu_scope,
755 orgu_ua.position_id AS perm_for_position_id,
756 auth.over AS perm_over_user_with_position
757 FROM
758 il_orgu_permissions AS perm
759 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
760 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
761 ->getId() . "
762 INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
763 INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
764 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
765 WHERE
766 perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
767 );";
768
769 $DIC->database()->manipulate($q);
770
771 return $temporary_table_name;
772 }
773
774
782 public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
783 $org_unit_operation_string,
784 $context,
785 $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
786 ) {
787 global $DIC;
788
789 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
790
794 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
795
796 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
797 . self::COURSE_CONTEXT
798 ) {
799 $this->dropTempTable($temporary_table_name);
800 }
801
802 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
803 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
804 AS (
805 SELECT
806 obj_ref.ref_id AS perm_for_ref_id,
807 orgu_ua.orgu_id AS perm_for_orgu_id,
808 auth.scope AS perm_orgu_scope,
809 orgu_ua.position_id AS perm_for_position_id,
810 auth.over AS perm_over_user_with_position
811 FROM
812 object_data AS obj
813 INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
814 INNER JOIN il_orgu_permissions AS perm ON perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%' AND perm.parent_id = -1
815 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
816 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
817 ->getId() . "
818 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
819
820 WHERE
821 obj.type = '" . $context . "'
822 AND (obj_ref.ref_id , orgu_ua.position_id)
823
824 NOT IN (SELECT
825 perm.parent_id, orgu_ua.position_id
826 FROM
827 il_orgu_permissions AS perm
828 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
829 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
830 WHERE perm.parent_id <> -1)
831 );";
832
833 $DIC->database()->manipulate($q);
834
835 return $temporary_table_name;
836 }
837
838
846 public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
847 $org_unit_operation_string,
848 $context,
849 $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
850 ) {
851 global $DIC;
852
853 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
857 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
858
859 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
860 . self::COURSE_CONTEXT
861 ) {
862 $this->dropTempTable($temporary_table_name);
863 }
864
865 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
866 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
867 AS (
868 SELECT
869 orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
870 orgu_ua.orgu_id AS perm_for_orgu_id,
871 auth.scope AS perm_orgu_scope,
872 orgu_ua.position_id AS perm_for_position_id,
873 auth.over AS perm_over_user_with_position
874 FROM
875 il_orgu_permissions AS perm
876 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
877 . $GLOBALS['DIC']->user()->getId() . "
878 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
879 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
880 WHERE
881 perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
882 );";
883
884 $DIC->database()->manipulate($q);
885
886 return $temporary_table_name;
887 }
888
889
896 public function buildTempTableCourseMemberships($temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids = array())
897 {
898 global $DIC;
899
900 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
901
902 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
903 || count($only_courses_of_user_ids) > 0
904 ) {
905 $this->dropTempTable($temporary_table_name);
906 }
907
908 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
909 (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
910 AS (
911 SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
912 FROM (
913 SELECT obj_id, usr_id FROM obj_members WHERE admin > 0 OR tutor > 0 OR member > 0
914 AND " . $DIC->database()->in('obj_members.usr_id', $only_courses_of_user_ids, false, 'integer') . "
915 UNION
916 SELECT obj_id, usr_id FROM crs_waiting_list
917 WHERE " . $DIC->database()->in('crs_waiting_list.usr_id', $only_courses_of_user_ids, false, 'integer') . "
918 UNION
919 SELECT obj_id, usr_id FROM il_subscribers
920 WHERE " . $DIC->database()->in('il_subscribers.usr_id', $only_courses_of_user_ids, false, 'integer') . "
921 ) AS crs_members
922 INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
923 INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
924 );";
925
926 $DIC->database()->manipulate($q);
927
928 return $temporary_table_name;
929 }
930
931
938 public function buildTempTableOrguMemberships($temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids = array())
939 {
940 global $DIC;
941
942 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
943
944 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
945 || count($only_orgus_of_user_ids) > 0
946 ) {
947 $this->dropTempTable($temporary_table_name);
948 }
949
950 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
951 (INDEX i1(orgu_id), INDEX i2 (tree_path), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
952 AS (
953 SELECT orgu_ua.orgu_id AS orgu_id,
954 tree_orgu.path AS tree_path,
955 tree_orgu.child AS tree_child,
956 tree_orgu.parent AS tree_parent,
957 tree_orgu.lft AS tree_lft,
958 tree_orgu.rgt AS tree_rgt,
959 orgu_ua.position_id AS user_position_id,
960 orgu_ua.user_id AS user_id
961 FROM
962 il_orgu_ua AS orgu_ua
963 INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
964 LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
965
966 if (count($only_orgus_of_user_ids) > 0) {
967 $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
968 }
969
970 $q .= ");";
971
972 $DIC->database()->manipulate($q);
973
974 return $temporary_table_name;
975 }
976
977
983 public function dropTempTable($temporary_table_name)
984 {
985 global $DIC;
986
987 $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
988 $DIC->database()->manipulate($q);
989
990 return true;
991 }
992}
user
user()
Definition: user.php:4
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
php
An exception for terminatinating execution or to throw for unit testing.
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships($temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:896
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperationAndContext
getIdsForPositionAndOperationAndContext(int $position_id, string $operation, string $context, bool $return_ref_id)
returns all obj_ids/ref_ids (depending on flag "ref_id") of objects of type $context,...
Definition: class.ilMyStaffAccess.php:497
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable($temporary_table_name)
Definition: class.ilMyStaffAccess.php:983
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:537
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext( $user_id, $org_unit_operation_string, $context, $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:321
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:470
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships($temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:938
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser($user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:369
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:448
ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:17
ilOrgUnitOperationContextQueries
Class ilOrgUnitOperationContextQueries.
Definition: class.ilOrgUnitOperationContextQueries.php:9
ilOrgUnitOperationContext
Class ilOrgUnitOperationContext.
Definition: class.ilOrgUnitOperationContext.php:9
ilOrgUnitOperationQueries
Class ilOrgUnitOperationQueries.
Definition: class.ilOrgUnitOperationQueries.php:9
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString($operation_string, $context_name)
Definition: class.ilOrgUnitOperationQueries.php:115
ilOrgUnitOperation
Class ilOrgUnitOperation.
Definition: class.ilOrgUnitOperation.php:9
ilOrgUnitUserAssignmentQueries
Class ilOrgUnitUserAssignmentQueries.
Definition: class.ilOrgUnitUserAssignmentQueries.php:9
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$context
$context
Definition: webdav.php:26