ILIAS  release_7 Revision v7.30-3-g800a261c036
Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes
ilPRGPermissionsHelper Class Reference

Both role and OrgU-based permissions are relevant in many places of the PRG. More...

+ Collaboration diagram for ilPRGPermissionsHelper:

Public Member Functions

 __construct (ilAccess $access, ilOrgUnitPositionAccess $orgu_access, ilObjStudyProgramme $programme)
 
 may (string $operation)
 
 mayAnyOf (array $operations)
 
 getUserIdsSusceptibleTo (string $operation)
 return int[] More...
 
 filterUserIds (array $user_ids, string $operation)
 

Data Fields

const ORGU_OPERATIONS
 
const ROLEPERM_VIEW = 'rp_visible'
 
const ROLEPERM_READ = 'rp_read'
 
const ROLEPERM_WRITE = 'rp_write'
 
const ROLEPERM_MANAGE_MEMBERS = 'rp_manage_members'
 
const ROLEMAPPINGS
 

Protected Member Functions

 throwForInvalidOperation (string $operation)
 
 getUserIdsInPrgAccessibleForOperation (string $orgu_operation)
 
 getAllAssignedUserIds ()
 
 getProgrammeRefId ()
 

Protected Attributes

 $access
 
 $orgu_access
 
 $programme
 
 $user_id_cache
 

Detailed Description

Both role and OrgU-based permissions are relevant in many places of the PRG.

This is to bundle permission-checks.

Please note that the 'manage_members'-permission granted via global or local roles will include all the ORGU_OPERATIONS listed here and is thus very different from the OrgUnitOperation 'manage_members'.

Definition at line 11 of file ilPRGPermissionsHelper.php.

Constructor & Destructor Documentation

◆ __construct()

ilPRGPermissionsHelper::__construct ( ilAccess  $access,
ilOrgUnitPositionAccess  $orgu_access,
ilObjStudyProgramme  $programme 
)

Definition at line 55 of file ilPRGPermissionsHelper.php.

59 {
60 $this->access = $access;
61 $this->orgu_access = $orgu_access;
62 $this->programme = $programme;
63 }

References $access, $orgu_access, and $programme.

Member Function Documentation

◆ filterUserIds()

ilPRGPermissionsHelper::filterUserIds ( array  $user_ids,
string  $operation 
)
Parameters
int[]$user_ids

Definition at line 114 of file ilPRGPermissionsHelper.php.

114 : array
115 {
116 if ($this->may(self::ROLEPERM_MANAGE_MEMBERS)) { //RBAC overrides OrgUs
117 return $user_ids;
118 }
119
120 return $this->orgu_access->filterUserIdsByPositionOfCurrentUser(
121 $operation,
122 $this->getProgrammeRefId(),
123 $user_ids
124 );
125 }

References getProgrammeRefId(), and may().

+ Here is the call graph for this function:

◆ getAllAssignedUserIds()

ilPRGPermissionsHelper::getAllAssignedUserIds ( )
protected
Returns
int[]

Definition at line 163 of file ilPRGPermissionsHelper.php.

163 : array
164 {
165 if (!$this->cache[self::ROLEPERM_MANAGE_MEMBERS]) {
166 $this->cache[self::ROLEPERM_MANAGE_MEMBERS] = array_unique($this->programme->getMembers());
167 }
168 return $this->cache[self::ROLEPERM_MANAGE_MEMBERS];
169 }

References ROLEPERM_MANAGE_MEMBERS.

Referenced by getUserIdsSusceptibleTo().

+ Here is the caller graph for this function:

◆ getProgrammeRefId()

ilPRGPermissionsHelper::getProgrammeRefId ( )
protected

Definition at line 171 of file ilPRGPermissionsHelper.php.

171 : int
172 {
173 return (int) $this->programme->getRefId();
174 }

Referenced by filterUserIds(), and may().

+ Here is the caller graph for this function:

◆ getUserIdsInPrgAccessibleForOperation()

ilPRGPermissionsHelper::getUserIdsInPrgAccessibleForOperation ( string  $orgu_operation)
protected

Definition at line 144 of file ilPRGPermissionsHelper.php.

144 : array
145 {
146 if (!$this->cache[$orgu_operation]) {
147 $user_ids = array_map(
148 'intval',
149 $this->orgu_access->filterUserIdsByPositionOfCurrentUser(
150 $orgu_operation,
151 $this->getProgrammeRefId(),
152 $this->getAllAssignedUserIds()
153 )
154 );
155 $this->cache[$orgu_operation] = array_unique($user_ids);
156 }
157 return $this->cache[$orgu_operation];
158 }

Referenced by getUserIdsSusceptibleTo().

+ Here is the caller graph for this function:

◆ getUserIdsSusceptibleTo()

ilPRGPermissionsHelper::getUserIdsSusceptibleTo ( string  $operation)

return int[]

Definition at line 97 of file ilPRGPermissionsHelper.php.

97 : array
98 {
99 $this->throwForInvalidOperation($operation);
100
101 if ($this->may(self::ROLEPERM_MANAGE_MEMBERS)) { //RBAC overrides OrgUs
102 return $this->getAllAssignedUserIds();
103 }
104
105 if (in_array($operation, self::ORGU_OPERATIONS) && $this->may($operation)) {
106 return $this->getUserIdsInPrgAccessibleForOperation($operation);
107 }
108 return [];
109 }
ilPRGPermissionsHelper\throwForInvalidOperation
throwForInvalidOperation(string $operation)
Definition: ilPRGPermissionsHelper.php:127
ilPRGPermissionsHelper\getUserIdsInPrgAccessibleForOperation
getUserIdsInPrgAccessibleForOperation(string $orgu_operation)
Definition: ilPRGPermissionsHelper.php:144

References getAllAssignedUserIds(), getUserIdsInPrgAccessibleForOperation(), may(), and throwForInvalidOperation().

+ Here is the call graph for this function:

◆ may()

ilPRGPermissionsHelper::may ( string  $operation)

Definition at line 65 of file ilPRGPermissionsHelper.php.

65 : bool
66 {
67 $this->throwForInvalidOperation($operation);
68 if (in_array($operation, self::ORGU_OPERATIONS)) {
69 return
70 $this->access->checkAccess( //RBAC overrides OrgUs
71 self::ROLEMAPPINGS[self::ROLEPERM_MANAGE_MEMBERS],
72 '',
73 $this->getProgrammeRefId()
74 )
75 || $this->access->checkPositionAccess($operation, $this->getProgrammeRefId());
76 } else {
77 return $this->access->checkAccess(self::ROLEMAPPINGS[$operation], '', $this->getProgrammeRefId());
78 }
79 }

References getProgrammeRefId(), and throwForInvalidOperation().

Referenced by filterUserIds(), getUserIdsSusceptibleTo(), and mayAnyOf().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mayAnyOf()

ilPRGPermissionsHelper::mayAnyOf ( array  $operations)
Parameters
string[]$operations

Definition at line 84 of file ilPRGPermissionsHelper.php.

84 : bool
85 {
86 foreach ($operations as $operation) {
87 if ($this->may($operation)) {
88 return true;
89 }
90 }
91 return false;
92 }

References may().

+ Here is the call graph for this function:

◆ throwForInvalidOperation()

ilPRGPermissionsHelper::throwForInvalidOperation ( string  $operation)
protected

Definition at line 127 of file ilPRGPermissionsHelper.php.

127 : void
128 {
129 $valid = array_merge(
130 self::ORGU_OPERATIONS,
131 [
132 self::ROLEPERM_VIEW,
133 self::ROLEPERM_READ,
134 self::ROLEPERM_WRITE,
135 self::ROLEPERM_MANAGE_MEMBERS
136 ]
137 );
138
139 if (!in_array($operation, $valid)) {
140 throw new \ilException('prg does not provide this permission: ' . $operation);
141 }
142 }
$valid
$valid
Definition: dummy_client.php:52

References $valid.

Referenced by getUserIdsSusceptibleTo(), and may().

+ Here is the caller graph for this function:

Field Documentation

◆ $access

ilPRGPermissionsHelper::$access
protected

Definition at line 38 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $orgu_access

ilPRGPermissionsHelper::$orgu_access
protected

Definition at line 43 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $programme

ilPRGPermissionsHelper::$programme
protected

Definition at line 48 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $user_id_cache

ilPRGPermissionsHelper::$user_id_cache
protected

Definition at line 53 of file ilPRGPermissionsHelper.php.

◆ ORGU_OPERATIONS

const ilPRGPermissionsHelper::ORGU_OPERATIONS
Initial value:
= [
ilOrgUnitOperation::OP_VIEW_MEMBERS,
ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
ilOrgUnitOperation::OP_VIEW_INDIVIDUAL_PLAN,
ilOrgUnitOperation::OP_EDIT_INDIVIDUAL_PLAN,
ilOrgUnitOperation::OP_MANAGE_MEMBERS
]

Definition at line 13 of file ilPRGPermissionsHelper.php.

◆ ROLEMAPPINGS

const ilPRGPermissionsHelper::ROLEMAPPINGS
Initial value:
= [
'rp_visible' => 'visible',
'rp_read' => 'read',
'rp_write' => 'write',
'rp_manage_members' => 'manage_members'
]

Definition at line 28 of file ilPRGPermissionsHelper.php.

◆ ROLEPERM_MANAGE_MEMBERS

const ilPRGPermissionsHelper::ROLEPERM_MANAGE_MEMBERS = 'rp_manage_members'

Definition at line 26 of file ilPRGPermissionsHelper.php.

Referenced by getAllAssignedUserIds().

◆ ROLEPERM_READ

const ilPRGPermissionsHelper::ROLEPERM_READ = 'rp_read'

Definition at line 22 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\addToNavigationHistory(), ilObjStudyProgrammeGUI\executeCommand(), ilObjStudyProgrammeGUI\getSubTabs(), ilObjStudyProgrammeGUI\getTabs(), and ilObjStudyProgrammeGUI\view().

◆ ROLEPERM_VIEW

const ilPRGPermissionsHelper::ROLEPERM_VIEW = 'rp_visible'

Definition at line 21 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\denyAccessIfNotAnyOf(), and ilObjStudyProgrammeGUI\executeCommand().

◆ ROLEPERM_WRITE

const ilPRGPermissionsHelper::ROLEPERM_WRITE = 'rp_write'

Definition at line 23 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\edit(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjStudyProgrammeGUI\executeCommand(), ilObjStudyProgrammeGUI\getSubTabs(), ilObjStudyProgrammeGUI\getTabs(), and ilObjStudyProgrammeGUI\updateAdvancedSettings().

The documentation for this class was generated from the following file: