ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2019 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
11 class ilObjSurveyAccess extends ilObjectAccess implements ilConditionHandling
12 {
16  protected $user;
17 
21  protected $lng;
22 
26  protected $rbacsystem;
27 
31  protected $access;
32 
33 
37  public function __construct()
38  {
39  global $DIC;
40 
41  $this->user = $DIC->user();
42  $this->lng = $DIC->language();
43  $this->rbacsystem = $DIC->rbac()->system();
44  $this->access = $DIC->access();
45  }
46 
47 
51  public static function getConditionOperators()
52  {
53  return array(
54  ilConditionHandler::OPERATOR_FINISHED
55  );
56  }
57 
58 
67  public static function checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
68  {
69  switch ($a_operator) {
70  case ilConditionHandler::OPERATOR_FINISHED:
71  if (ilObjSurveyAccess::_lookupFinished($a_svy_id, $a_usr_id)) {
72  return true;
73  } else {
74  return false;
75  }
76  break;
77 
78  default:
79  return true;
80  }
81  return true;
82  }
83 
99  public function _checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id = "")
100  {
101  $ilUser = $this->user;
102  $lng = $this->lng;
103  $rbacsystem = $this->rbacsystem;
104  $ilAccess = $this->access;
105 
106  if ($a_user_id == "") {
107  $a_user_id = $ilUser->getId();
108  }
109 
110  $is_admin = $rbacsystem->checkAccessOfUser($a_user_id, 'write', $a_ref_id);
111 
112  switch ($a_permission) {
113  case "visible":
114  case "read":
115  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id) &&
116  !$is_admin) {
117  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
118  return false;
119  }
120  break;
121  }
122 
123  switch ($a_cmd) {
124  case "run":
125  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)) {
126  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
127  return false;
128  }
129  break;
130 
131  case "evaluation":
132  if (!ilObjSurveyAccess::_lookupCreationComplete($a_obj_id)) {
133  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
134  return false;
135  }
136  if ($rbacsystem->checkAccess("write", $a_ref_id) || ilObjSurveyAccess::_hasEvaluationAccess($a_obj_id, $a_user_id)) {
137  return true;
138  } else {
139  $ilAccess->addInfoItem(IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
140  return false;
141  }
142  break;
143  }
144 
145  return true;
146  }
147 
148 
161  public static function _getCommands()
162  {
163  $commands = array(
164  array("permission" => "read", "cmd" => "infoScreen", "lang_var" => "svy_run", "default" => true),
165  array("permission" => "write", "cmd" => "questionsrepo", "lang_var" => "edit_questions"),
166  array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
167  array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
168  );
169 
170  return $commands;
171  }
172 
173  //
174  // object specific access related methods
175  //
176 
180  public static function _lookupCreationComplete($a_obj_id)
181  {
182  global $DIC;
183 
184  $ilDB = $DIC->database();
185 
186  $result = $ilDB->queryF(
187  "SELECT * FROM svy_svy WHERE obj_fi=%s",
188  array('integer'),
189  array($a_obj_id)
190  );
191 
192  if ($result->numRows() == 1) {
193  $row = $ilDB->fetchAssoc($result);
194  }
195  if (!$row["complete"]) {
196  return false;
197  }
198  return true;
199  }
200 
204  public static function _lookupEvaluationAccess($a_obj_id)
205  {
206  global $DIC;
207 
208  $ilDB = $DIC->database();
209 
210  $result = $ilDB->queryF(
211  "SELECT * FROM svy_svy WHERE obj_fi=%s",
212  array('integer'),
213  array($a_obj_id)
214  );
215  if ($result->numRows() == 1) {
216  $row = $ilDB->fetchAssoc($result);
217  }
218 
219  return $row["evaluation_access"];
220  }
221 
222  public static function _isSurveyParticipant($user_id, $survey_id)
223  {
224  global $DIC;
225 
226  $ilDB = $DIC->database();
227 
228  $result = $ilDB->queryF(
229  "SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
230  array('integer','integer'),
231  array($user_id, $survey_id)
232  );
233  return ($result->numRows() == 1) ? true : false;
234  }
235 
236  public static function _lookupAnonymize($a_obj_id)
237  {
238  global $DIC;
239 
240  $ilDB = $DIC->database();
241 
242  $result = $ilDB->queryF(
243  "SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
244  array('integer'),
245  array($a_obj_id)
246  );
247  if ($result->numRows() == 1) {
248  $row = $ilDB->fetchAssoc($result);
249  return $row["anonymize"];
250  } else {
251  return 0;
252  }
253  }
254 
255  public static function _hasEvaluationAccess($a_obj_id, $user_id)
256  {
257  $evaluation_access = ilObjSurveyAccess::_lookupEvaluationAccess($a_obj_id);
258  switch ($evaluation_access) {
259  case 0:
260  // no evaluation access
261  return false;
262  break;
263  case 1:
264  // evaluation access for all registered users
265  if (($user_id > 0) && ($user_id != ANONYMOUS_USER_ID)) {
266  return true;
267  } else {
268  return false;
269  }
270  break;
271  case 2:
272  $svy_mode = self::_lookupMode($a_obj_id);
273  switch ($svy_mode) {
274  case ilObjSurvey::MODE_360:
275  $svy = new ilObjSurvey($a_obj_id, false);
276  $svy->read();
277  switch ($svy->get360Results()) {
278  case ilObjSurvey::RESULTS_360_NONE:
279  return false;
280 
281  case ilObjSurvey::RESULTS_360_OWN:
282  return $svy->isAppraiseeClosed($user_id);
283 
284  case ilObjSurvey::RESULTS_360_ALL:
285  return $svy->isAppraisee($user_id);
286  }
287  break;
288 
289  case ilObjSurvey::MODE_SELF_EVAL:
290  $svy = new ilObjSurvey($a_obj_id, false);
291  $svy->read();
292  switch ($svy->getSelfEvaluationResults()) {
293  case ilObjSurvey::RESULTS_SELF_EVAL_NONE:
294  return false;
295  default:
296  return true;
297  }
298  break;
299 
300  default:
301  // evaluation access for participants
302  // check if the user with the given id is a survey participant
303 
304  // show the evaluation button for anonymized surveys for all users
305  // access is only granted with the survey access code
306  if (ilObjSurveyAccess::_lookupAnonymize($a_obj_id) == 1) {
307  return true;
308  }
309 
310  global $DIC;
311 
312  $ilDB = $DIC->database();
313  $result = $ilDB->queryF(
314  "SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
315  array('integer'),
316  array($a_obj_id)
317  );
318  if ($result->numRows() == 1) {
319  $row = $ilDB->fetchAssoc($result);
320 
321  if (ilObjSurveyAccess::_isSurveyParticipant($user_id, $row["survey_id"])) {
322  return true;
323  }
324  }
325  return false;
326  break;
327  }
328  break;
329  }
330  }
331 
332 
338  public static function _lookupFinished($a_obj_id, $a_user_id = "")
339  {
340  global $DIC;
341 
342  $ilDB = $DIC->database();
343  $ilUser = $DIC->user();
344 
345  $finished = "";
346  if (!strlen($a_user_id)) {
347  $a_user_id = $ilUser->getId();
348  }
349 
350  $result = $ilDB->queryF(
351  "SELECT * FROM svy_svy WHERE obj_fi = %s",
352  array('integer'),
353  array($a_obj_id)
354  );
355  if ($result->numRows() == 1) {
356  $row = $ilDB->fetchObject($result);
357  if ($row->anonymize == 1) {
358  $result = $ilDB->queryF(
359  "SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s " .
360  "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s " .
361  "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
362  array('integer','text'),
363  array($row->survey_id, md5($a_user_id))
364  );
365  } else {
366  $result = $ilDB->queryF(
367  "SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
368  array('integer','integer'),
369  array($row->survey_id, $a_user_id)
370  );
371  }
372  if ($result->numRows() == 1) {
373  $foundrow = $ilDB->fetchAssoc($result);
374  $finished = (int) $foundrow["state"];
375  }
376  }
377 
378  return $finished;
379  }
380 
386  public static function _lookupMode($a_obj_id)
387  {
388  global $DIC;
389  $ilDB = $DIC->database();
390 
391  $result = $ilDB->queryF(
392  "SELECT mode FROM svy_svy" .
393  " WHERE obj_fi = %s",
394  array('integer'),
395  array($a_obj_id)
396  );
397 
398  if ($result->numRows() == 1) {
399  $row = $ilDB->fetchAssoc($result);
400  }
401 
402  return $row["mode"];
403  }
404 
405  public static function _lookup360Mode($a_obj_id)
406  {
407  global $DIC;
408 
409  $ilDB = $DIC->database();
410 
411  $result = $ilDB->queryF(
412  "SELECT mode FROM svy_svy" .
413  " WHERE obj_fi = %s AND mode = %s",
414  array('integer','integer'),
415  array($a_obj_id, ilObjSurvey::MODE_360)
416  );
417  return (bool) $ilDB->numRows($result);
418  }
419 
423  public static function _checkGoto($a_target)
424  {
425  global $DIC;
426 
427  $ilAccess = $DIC->access();
428 
429  $t_arr = explode("_", $a_target);
430 
431  if ($t_arr[0] != "svy" || ((int) $t_arr[1]) <= 0) {
432  return false;
433  }
434 
435  // 360° external raters
436  if ($_GET["accesscode"]) {
437  if (ilObjSurvey::validateExternalRaterCode($t_arr[1], $_GET["accesscode"])) {
438  return true;
439  }
440  }
441 
442  if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||
443  $ilAccess->checkAccess("read", "", $t_arr[1])) {
444  return true;
445  }
446  return false;
447  }
448 }
ilObjSurveyAccess\_getCommands
static _getCommands()
get commands
Definition: class.ilObjSurveyAccess.php:161
ilObjSurveyAccess\_isSurveyParticipant
static _isSurveyParticipant($user_id, $survey_id)
Definition: class.ilObjSurveyAccess.php:222
ilObjSurveyAccess\_lookupEvaluationAccess
static _lookupEvaluationAccess($a_obj_id)
get evaluation access
Definition: class.ilObjSurveyAccess.php:204
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:25
$result
$result
Definition: CleanUpTest.php:463
ilObjSurvey\validateExternalRaterCode
static validateExternalRaterCode($a_ref_id, $a_code)
Definition: class.ilObjSurvey.php:5520
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
IL_NO_OBJECT_ACCESS
const IL_NO_OBJECT_ACCESS
Definition: class.ilAccessInfo.php:26
ilObjSurvey
Class ilObjSurvey.
Definition: class.ilObjSurvey.php:12
ilObjSurveyAccess\_lookupAnonymize
static _lookupAnonymize($a_obj_id)
Definition: class.ilObjSurveyAccess.php:236
ilConditionHandling
Interface for condition handling.
Definition: interface.ilConditionHandling.php:10
ilObjSurveyAccess\getConditionOperators
static getConditionOperators()
Get possible conditions operators.
Definition: class.ilObjSurveyAccess.php:51
user
user()
Definition: user.php:4
ilObjSurveyAccess\_checkAccess
_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id="")
Checks wether a user may invoke a command or not (this method is called by ilAccessHandler::checkAcce...
Definition: class.ilObjSurveyAccess.php:99
ilObjSurveyAccess\checkCondition
static checkCondition($a_svy_id, $a_operator, $a_value, $a_usr_id)
check condition
Definition: class.ilObjSurveyAccess.php:67
$DIC
global $DIC
Definition: goto.php:24
ilObjSurveyAccess\_lookupMode
static _lookupMode($a_obj_id)
Get survey mode.
Definition: class.ilObjSurveyAccess.php:386
ilObjSurveyAccess
Class ilObjSurveyAccess.
Definition: class.ilObjSurveyAccess.php:11
ilObjSurveyAccess\_lookupFinished
static _lookupFinished($a_obj_id, $a_user_id="")
get finished status
Definition: class.ilObjSurveyAccess.php:338
ilObjSurveyAccess\_hasEvaluationAccess
static _hasEvaluationAccess($a_obj_id, $user_id)
Definition: class.ilObjSurveyAccess.php:255
ilObjSurveyAccess\_lookup360Mode
static _lookup360Mode($a_obj_id)
Definition: class.ilObjSurveyAccess.php:405
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilObjSurvey\RESULTS_SELF_EVAL_NONE
const RESULTS_SELF_EVAL_NONE
Definition: class.ilObjSurvey.php:196
ilObjSurveyAccess\_checkGoto
static _checkGoto($a_target)
check whether goto script will succeed
Definition: class.ilObjSurveyAccess.php:423
$ilUser
$ilUser
Definition: imgupload.php:18
ilObjSurveyAccess\_lookupCreationComplete
static _lookupCreationComplete($a_obj_id)
checks wether all necessary parts of the survey are given
Definition: class.ilObjSurveyAccess.php:180