ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilMyStaffAccess.php
Go to the documentation of this file.
1 <?php
2 
3 namespace ILIAS\MyStaff;
4 
5 use ilObjectAccess;
6 use ilOrgUnitOperation;
7 use ilOrgUnitOperationContext;
8 use ilOrgUnitOperationContextQueries;
9 use ilOrgUnitOperationQueries;
10 use ilOrgUnitUserAssignmentQueries;
11 
17 class ilMyStaffAccess extends ilObjectAccess
18 {
19 
20  const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
21  const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
22  const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
23  const TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
24  const TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
25  const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
26  const ACCESS_ENROLMENTS_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
27  const COURSE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_CRS;
28  const EXERCISE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_EXC;
29  const GROUP_CONTEXT = ilOrgUnitOperationContext::CONTEXT_GRP;
30  const SURVEY_CONTEXT = ilOrgUnitOperationContext::CONTEXT_SVY;
31  const TEST_CONTEXT = ilOrgUnitOperationContext::CONTEXT_TST;
32 
36  protected static $instance = null;
37 
41  protected $users_for_user = [];
42 
46  public static function getInstance()
47  {
48  global $DIC;
49 
50  if (self::$instance === null) {
51  self::$instance = new self();
52 
53  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
54  . self::COURSE_CONTEXT);
55  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
56  . "_" . self::COURSE_CONTEXT);
57  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
58  . "_" . self::COURSE_CONTEXT);
59  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
60  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
61  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
62  . self::COURSE_CONTEXT);
63  }
64 
65  return self::$instance;
66  }
67 
68 
72  private function __construct()
73  {
74  }
75 
76 
80  public function hasCurrentUserAccessToMyStaff() : bool
81  {
82  global $DIC;
83 
84  if (!$DIC->settings()->get("enable_my_staff")) {
85  return false;
86  }
87 
88  if ($this->hasCurrentUserAccessToCourseMemberships()) {
89  return true;
90  }
91 
92  if ($this->hasCurrentUserAccessToCertificates()) {
93  return true;
94  }
95 
96  if ($this->hasCurrentUserAccessToCompetences()) {
97  return true;
98  }
99 
100  if ($this->hasCurrentUserAccessToUser()) {
101  return true;
102  }
103 
104  return false;
105  }
106 
107 
111  public function hasCurrentUserAccessToCertificates() : bool
112  {
113  global $DIC;
114 
115  if (!$DIC->settings()->get("enable_my_staff")) {
116  return false;
117  }
118 
119  $cert_set = new \ilSetting("certificate");
120  if (!$cert_set->get("active")) {
121  return false;
122  }
123 
124  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_CERTIFICATES, self::COURSE_CONTEXT)
125  > 0
126  ) {
127  return true;
128  }
129 
130  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_CERTIFICATES, self::EXERCISE_CONTEXT)
131  > 0
132  ) {
133  return true;
134  }
135 
136  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_CERTIFICATES, self::TEST_CONTEXT)
137  > 0
138  ) {
139  return true;
140  }
141 
142  return false;
143  }
144 
145 
149  public function hasCurrentUserAccessToCompetences() : bool
150  {
151  global $DIC;
152 
153  if (!$DIC->settings()->get("enable_my_staff")) {
154  return false;
155  }
156 
157  $skmg_set = new \ilSkillManagementSettings();
158  if (!$skmg_set->isActivated()) {
159  return false;
160  }
161 
162  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::COURSE_CONTEXT)
163  > 0
164  ) {
165  return true;
166  }
167 
168  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::GROUP_CONTEXT)
169  > 0
170  ) {
171  return true;
172  }
173 
174  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::SURVEY_CONTEXT)
175  > 0
176  ) {
177  return true;
178  }
179 
180  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), ilOrgUnitOperation::OP_VIEW_COMPETENCES, self::TEST_CONTEXT)
181  > 0
182  ) {
183  return true;
184  }
185 
186  return false;
187  }
188 
189  public function hasCurrentUserAccessToCourseMemberships() : bool
190  {
191  global $DIC;
192 
193  if (!$DIC->settings()->get("enable_my_staff")) {
194  return false;
195  }
196 
197  if ($this->countOrgusOfUserWithOperationAndContext($DIC->user()->getId(), self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION, self::COURSE_CONTEXT)
198  > 0
199  ) {
200  return true;
201  }
202 
203  return false;
204  }
205 
211  public function hasCurrentUserAccessToUser($usr_id = 0) : bool
212  {
213  global $DIC;
214 
215  if (!$DIC->settings()->get("enable_my_staff")) {
216  return false;
217  }
218 
219  $arr_users = $this->getUsersForUser($DIC->user()->getId());
220  if (count($arr_users) > 0 && $usr_id === 0) {
221  return true;
222  }
223 
224  if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
225  return true;
226  }
227 
228  return false;
229  }
230 
231 
237  public function hasCurrentUserAccessToLearningProgressInObject($ref_id = 0) : bool
238  {
239  global $DIC;
240 
241  return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
242  }
243 
244 
248  public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser() : bool
249  {
250  global $DIC;
251 
252  $arr_usr_id = $this->getUsersForUserOperationAndContext($DIC->user()
253  ->getId(), ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, self::COURSE_CONTEXT);
254  if (count($arr_usr_id) > 0) {
255  return true;
256  }
257 
258  return false;
259  }
260 
261 
267  public function countOrgusOfUserWithAtLeastOneOperation($user_id)
268  {
269  global $DIC;
270 
271  $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
272  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
273  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
274  WHERE orgu_ua.user_id = " . $DIC->database()->quote($user_id, 'integer') . " AND perm.operations is not NULL AND perm.parent_id = -1";
275 
276  $set = $DIC->database()->query($q);
277  $rec = $DIC->database()->fetchAssoc($set);
278 
279  return $rec['cnt'];
280  }
281 
282 
290  public function countOrgusOfUserWithOperationAndContext($user_id, $org_unit_operation_string, $context)
291  {
292  global $DIC;
293 
297  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
298 
299  $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
300  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
301  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
302  and orgu_ua.user_id = " . $DIC->database()->quote($user_id, 'integer') . " AND perm.operations LIKE '%\""
303  . $operation->getOperationId() . "\"%'
304  WHERE perm.parent_id = -1";
305 
306  $set = $DIC->database()->query($q);
307  $rec = $DIC->database()->fetchAssoc($set);
308 
309  return $rec['cnt'];
310  }
311 
312 
321  public function getUsersForUserOperationAndContext(
322  $user_id,
323  $org_unit_operation_string,
324  $context,
325  $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
326  ) {
327  global $DIC;
328 
329  $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext($user_id, $org_unit_operation_string, $context, $tmp_table_name_prefix);
330 
331  $q = 'SELECT usr_id FROM ' . $tmp_table_name;
332 
333  $user_set = $DIC->database()->query($q);
334 
335  $arr_users = array();
336 
337  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
338  $arr_users[$rec['usr_id']] = $rec['usr_id'];
339  }
340 
341  return $arr_users;
342  }
343 
344 
350  public function getUsersForUserPerPosition($user_id) : array
351  {
352  $users = [];
353  $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
354  foreach ($user_assignments as $user_assignment) {
355  $users[$user_assignment->getPositionId()] = $this->getUsersForUser($user_id, $user_assignment->getPositionId());
356  }
357 
358  return $users;
359  }
360 
361 
369  public function getUsersForUser($user_id, ?int $position_id = null) : array
370  {
371  global $DIC;
372 
373  if (isset($this->users_for_user[$user_id]) && $position_id === null) {
374  return $this->users_for_user[$user_id];
375  }
376 
377  $tmp_orgu_members = $this->buildTempTableOrguMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array());
378 
379  $position_limitation = '';
380  if (!is_null($position_id)) {
381  $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
382  }
383 
384  $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
385  FROM
386  " . $tmp_orgu_members . "
387  INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote($user_id, 'integer') . "
388  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
389  WHERE
390  (
391  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
392  (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
393  AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
394  )
395  OR
396  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
397  (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
398  OR
399  /* Kinder OrgUnit wie Current User */
400  (
401  (
402  " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
403  " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
404  OR
405  " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
406  )
407  AND
408  (
409  (
410  (
411  /* Gleiche Position */
412  auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
413  )
414  OR
415  (
416  /* Position Egal */
417  auth.over = -1
418  )
419  )
420  AND auth.scope = 2
421  )
422  )
423  )";
424 
425  $user_set = $DIC->database()->query($q);
426 
427  $arr_users = array();
428 
429  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
430  $arr_users[$rec['usr_id']] = $rec['usr_id'];
431  }
432 
433  if ($position_id === null) {
434  $this->users_for_user[$user_id] = $arr_users;
435  }
436 
437  return $arr_users;
438  }
439 
440 
448  public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false) : array
449  {
450  $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
451  $ids = [];
452  foreach ($user_assignments as $user_assignment) {
453  $ref_ids = $this->getIdsForPositionAndOperation($user_assignment->getPositionId(), $operation, $return_ref_id);
454  if(count($ref_ids) > 0) {
455  $ids = array_merge($ids, $ref_ids);
456  }
457  }
458 
459  return $ids;
460  }
461 
462 
470  public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id) : array
471  {
472  $ids = [];
473  foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
474  $ref_ids = $this->getIdsForPositionAndOperationAndContext($position_id, $operation, $context, $return_ref_id);
475  if(count($ref_ids) > 0) {
476  $ids = array_merge($ids, $ref_ids);
477  }
478  }
479 
480  return $ids;
481  }
482 
483 
497  public function getIdsForPositionAndOperationAndContext(int $position_id, string $operation, string $context, bool $return_ref_id) : array
498  {
499  global $DIC;
500  $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
501  $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
502  if (is_null($operation_object)) {
503  // operation doesn't exist in this context
504  return [];
505  }
506  $operation_id = $operation_object->getOperationId();
507 
508  if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
509  $query = 'select ' . ($return_ref_id ? 'object_reference.ref_id' : 'object_data.obj_id') . ' from object_data ' .
510  'inner join object_reference on object_reference.obj_id = object_data.obj_id ' .
511  'where type = "' . $context . '" ' .
512  'AND object_reference.ref_id not in ' .
513  ' (SELECT parent_id FROM il_orgu_permissions ' .
514  ' where position_id = ' . $position_id . ' and context_id = ' . $context_id . ' and operations not like \'%"' . $operation_id . '"%\' and parent_id <> -1)';
515  } else {
516  $query = $return_ref_id
517  ?
518  'SELECT parent_id as ref_id FROM il_orgu_permissions '
519  :
520  'SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ';
521  $query .= ' where position_id = ' . $position_id . ' and context_id = ' . $context_id . ' and operations like \'%"' . $operation_id . '"%\' and parent_id <> -1';
522  }
523 
524  return array_map(function ($item) use ($return_ref_id) {
525  return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
526  }, $DIC->database()->fetchAll($DIC->database()->query($query)));
527  }
528 
529 
537  public function hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id) : bool
538  {
539  global $DIC;
540  $res = $DIC->database()->query('SELECT * FROM il_orgu_permissions ' .
541  ' WHERE context_id = ' . $context_id . ' ' .
542  'AND operations LIKE \'%"' . $operation_id . '"%\' ' .
543  'AND position_id = ' . $position_id . ' ' .
544  'AND parent_id = -1');
545 
546  return (bool) $DIC->database()->numRows($res) > 0;
547  }
548 
549 
557  public function getIlobjectsAndUsersForUserOperationAndContext($user_id, $org_unit_operation_string, $context)
558  {
559  global $DIC;
560 
564  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
565 
566  $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
567 
568  $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext($user_id, $org_unit_operation_string, $context, $tmp_table_name);
569 
570  $q = 'SELECT * FROM ' . $tmp_table_name;
571 
572  $user_set = $DIC->database()->query($q);
573 
574  $arr_user_obj = array();
575 
576  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
577  $arr_user_obj[] = $rec;
578  }
579 
580  return $arr_user_obj;
581  }
582 
583 
592  public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
593  $user_id,
594  $org_unit_operation_string,
595  $context,
596  $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
597  ) {
598  global $DIC;
599 
600  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
601 
605  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
606 
607  $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
608 
609  $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
610  $org_unit_operation_string,
611  $context,
612  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
613  );
614 
615  $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
616  $org_unit_operation_string,
617  $context,
618  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
619  );
620 
621  $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
622  $org_unit_operation_string,
623  $context,
624  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
625  );
626 
627  $tmp_table_course_members = $this->buildTempTableCourseMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, $all_users_for_user);
628 
629  $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, $all_users_for_user);
630 
631  $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships('tmp_orgu_members_path', $all_users_for_user);
632 
633  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
634  . self::COURSE_CONTEXT
635  ) {
636  $this->dropTempTable($temporary_table_name);
637  }
638 
639  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
640  SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
641  (
642  SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
643  (
644  SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
645  UNION
646  SELECT * FROM " . $tmp_table_objects_default_perimissions . "
647  ) AS crs
648  INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
649  and (
650  (
651  " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
652  )
653  or perm_orgu_scope = 2
654  )
655  UNION
656  SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
657  . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
658  INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
659  . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
660  and (
661  (
662  " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
663  . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
664  )
665  or perm_orgu_scope = 2
666  )
667 
668  ) AS user_perm_matrix
669  INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
670 
671  INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote($user_id, 'integer') . "
672  INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
673  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
674  and perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
675 
676  AND
677  (
678  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
679  (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
680  AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
681  )
682  OR
683  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
684  (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
685  OR
686  /* Kinder OrgUnit wie Current User */
687  (
688  orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
689  AND
690  (
691  path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
692  path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
693  OR
694  path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
695  )
696  AND
697  (
698  (
699  (
700  /* Gleiche Position */
701  orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
702  )
703  OR
704  (
705  /* Position Egal */
706  user_perm_matrix.perm_over_user_with_position = -1
707  )
708  )
709  AND user_perm_matrix.perm_orgu_scope = 2
710  )
711  )
712  )
713  );";
714 
715  $DIC->database()->manipulate($q);
716 
717  return $temporary_table_name;
718  }
719 
720 
728  public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
729  $org_unit_operation_string,
730  $context,
731  $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
732  ) {
733  global $DIC;
734 
735  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
736 
740  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
741 
742  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
743  . self::COURSE_CONTEXT
744  ) {
745  $this->dropTempTable($temporary_table_name);
746  }
747 
748  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
749  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
750  AS (
751  SELECT
752  obj_ref.ref_id AS perm_for_ref_id,
753  orgu_ua.orgu_id AS perm_for_orgu_id,
754  auth.scope AS perm_orgu_scope,
755  orgu_ua.position_id AS perm_for_position_id,
756  auth.over AS perm_over_user_with_position
757  FROM
758  il_orgu_permissions AS perm
759  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
760  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
761  ->getId() . "
762  INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
763  INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
764  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
765  WHERE
766  perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
767  );";
768 
769  $DIC->database()->manipulate($q);
770 
771  return $temporary_table_name;
772  }
773 
774 
782  public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
783  $org_unit_operation_string,
784  $context,
785  $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
786  ) {
787  global $DIC;
788 
789  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
790 
794  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
795 
796  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
797  . self::COURSE_CONTEXT
798  ) {
799  $this->dropTempTable($temporary_table_name);
800  }
801 
802  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
803  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
804  AS (
805  SELECT
806  obj_ref.ref_id AS perm_for_ref_id,
807  orgu_ua.orgu_id AS perm_for_orgu_id,
808  auth.scope AS perm_orgu_scope,
809  orgu_ua.position_id AS perm_for_position_id,
810  auth.over AS perm_over_user_with_position
811  FROM
812  object_data AS obj
813  INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
814  INNER JOIN il_orgu_permissions AS perm ON perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%' AND perm.parent_id = -1
815  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
816  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
817  ->getId() . "
818  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
819 
820  WHERE
821  obj.type = '" . $context . "'
822  AND (obj_ref.ref_id , orgu_ua.position_id)
823 
824  NOT IN (SELECT
825  perm.parent_id, orgu_ua.position_id
826  FROM
827  il_orgu_permissions AS perm
828  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
829  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
830  WHERE perm.parent_id <> -1)
831  );";
832 
833  $DIC->database()->manipulate($q);
834 
835  return $temporary_table_name;
836  }
837 
838 
846  public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
847  $org_unit_operation_string,
848  $context,
849  $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
850  ) {
851  global $DIC;
852 
853  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
857  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
858 
859  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
860  . self::COURSE_CONTEXT
861  ) {
862  $this->dropTempTable($temporary_table_name);
863  }
864 
865  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
866  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
867  AS (
868  SELECT
869  orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
870  orgu_ua.orgu_id AS perm_for_orgu_id,
871  auth.scope AS perm_orgu_scope,
872  orgu_ua.position_id AS perm_for_position_id,
873  auth.over AS perm_over_user_with_position
874  FROM
875  il_orgu_permissions AS perm
876  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
877  . $GLOBALS['DIC']->user()->getId() . "
878  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
879  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
880  WHERE
881  perm.operations LIKE '%\"" . $operation->getOperationId() . "\"%'
882  );";
883 
884  $DIC->database()->manipulate($q);
885 
886  return $temporary_table_name;
887  }
888 
889 
896  public function buildTempTableCourseMemberships($temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids = array())
897  {
898  global $DIC;
899 
900  $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
901 
902  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
903  || count($only_courses_of_user_ids) > 0
904  ) {
905  $this->dropTempTable($temporary_table_name);
906  }
907 
908  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
909  (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
910  AS (
911  SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
912  FROM (
913  SELECT obj_id, usr_id FROM obj_members WHERE admin > 0 OR tutor > 0 OR member > 0
914  AND " . $DIC->database()->in('obj_members.usr_id', $only_courses_of_user_ids, false, 'integer') . "
915  UNION
916  SELECT obj_id, usr_id FROM crs_waiting_list
917  WHERE " . $DIC->database()->in('crs_waiting_list.usr_id', $only_courses_of_user_ids, false, 'integer') . "
918  UNION
919  SELECT obj_id, usr_id FROM il_subscribers
920  WHERE " . $DIC->database()->in('il_subscribers.usr_id', $only_courses_of_user_ids, false, 'integer') . "
921  ) AS crs_members
922  INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
923  INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
924  );";
925 
926  $DIC->database()->manipulate($q);
927 
928  return $temporary_table_name;
929  }
930 
931 
938  public function buildTempTableOrguMemberships($temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids = array())
939  {
940  global $DIC;
941 
942  $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
943 
944  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
945  || count($only_orgus_of_user_ids) > 0
946  ) {
947  $this->dropTempTable($temporary_table_name);
948  }
949 
950  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
951  (INDEX i1(orgu_id), INDEX i2 (tree_path), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
952  AS (
953  SELECT orgu_ua.orgu_id AS orgu_id,
954  tree_orgu.path AS tree_path,
955  tree_orgu.child AS tree_child,
956  tree_orgu.parent AS tree_parent,
957  tree_orgu.lft AS tree_lft,
958  tree_orgu.rgt AS tree_rgt,
959  orgu_ua.position_id AS user_position_id,
960  orgu_ua.user_id AS user_id
961  FROM
962  il_orgu_ua AS orgu_ua
963  INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
964  LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
965 
966  if (count($only_orgus_of_user_ids) > 0) {
967  $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
968  }
969 
970  $q .= ");";
971 
972  $DIC->database()->manipulate($q);
973 
974  return $temporary_table_name;
975  }
976 
977 
983  public function dropTempTable($temporary_table_name)
984  {
985  global $DIC;
986 
987  $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
988  $DIC->database()->manipulate($q);
989 
990  return true;
991  }
992 }
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:470
$context
$context
Definition: webdav.php:26
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:537
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:448
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships($temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:896
user
user()
Definition: user.php:4
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser($user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:369
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext( $user_id, $org_unit_operation_string, $context, $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:321
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable($temporary_table_name)
Definition: class.ilMyStaffAccess.php:983
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString($operation_string, $context_name)
Definition: class.ilOrgUnitOperationQueries.php:115
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperationAndContext
getIdsForPositionAndOperationAndContext(int $position_id, string $operation, string $context, bool $return_ref_id)
returns all obj_ids/ref_ids (depending on flag "ref_id") of objects of type $context, to which the position with $position_id has permissions on the operation with $operation_id
Definition: class.ilMyStaffAccess.php:497
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships($temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:938