ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes
ilPRGPermissionsHelper Class Reference

Both role and OrgU-based permissions are relevant in many places of the PRG. More...

+ Collaboration diagram for ilPRGPermissionsHelper:

Public Member Functions

 __construct (ilAccess $access, ilOrgUnitPositionAccess $orgu_access, ilObjStudyProgramme $programme)
 
 may (string $operation)
 
 mayAnyOf (array $operations)
 
 getUserIdsSusceptibleTo (string $operation)
 return int[] More...
 
 filterUserIds (array $user_ids, string $operation)
 

Data Fields

const ORGU_OPERATIONS
 
const ROLEPERM_VIEW = 'rp_visible'
 
const ROLEPERM_READ = 'rp_read'
 
const ROLEPERM_WRITE = 'rp_write'
 
const ROLEPERM_MANAGE_MEMBERS = 'rp_manage_members'
 
const ROLEMAPPINGS
 

Protected Member Functions

 throwForInvalidOperation (string $operation)
 
 getUserIdsInPrgAccessibleForOperation (string $orgu_operation)
 
 getAllAssignedUserIds ()
 
 getProgrammeRefId ()
 

Protected Attributes

 $access
 
 $orgu_access
 
 $programme
 
 $user_id_cache
 

Detailed Description

Both role and OrgU-based permissions are relevant in many places of the PRG.

This is to bundle permission-checks.

Please note that the 'manage_members'-permission granted via global or local roles will include all the ORGU_OPERATIONS listed here and is thus very different from the OrgUnitOperation 'manage_members'.

Definition at line 11 of file ilPRGPermissionsHelper.php.

Constructor & Destructor Documentation

◆ __construct()

ilPRGPermissionsHelper::__construct ( ilAccess  $access,
ilOrgUnitPositionAccess  $orgu_access,
ilObjStudyProgramme  $programme 
)

Definition at line 55 of file ilPRGPermissionsHelper.php.

References $access, $orgu_access, and $programme.

59  {
60  $this->access = $access;
61  $this->orgu_access = $orgu_access;
62  $this->programme = $programme;
63  }

Member Function Documentation

◆ filterUserIds()

ilPRGPermissionsHelper::filterUserIds ( array  $user_ids,
string  $operation 
)
Parameters
int[]$user_ids

Definition at line 114 of file ilPRGPermissionsHelper.php.

References getProgrammeRefId(), and may().

114  : array
115  {
116  if ($this->may(self::ROLEPERM_MANAGE_MEMBERS)) { //RBAC overrides OrgUs
117  return $user_ids;
118  }
119 
120  return $this->orgu_access->filterUserIdsByPositionOfCurrentUser(
121  $operation,
122  $this->getProgrammeRefId(),
123  $user_ids
124  );
125  }
+ Here is the call graph for this function:

◆ getAllAssignedUserIds()

ilPRGPermissionsHelper::getAllAssignedUserIds ( )
protected
Returns
int[]

Definition at line 163 of file ilPRGPermissionsHelper.php.

Referenced by getUserIdsInPrgAccessibleForOperation(), and getUserIdsSusceptibleTo().

163  : array
164  {
165  if (!$this->cache[self::ROLEPERM_MANAGE_MEMBERS]) {
166  $this->cache[self::ROLEPERM_MANAGE_MEMBERS] = array_unique($this->programme->getMembers());
167  }
168  return $this->cache[self::ROLEPERM_MANAGE_MEMBERS];
169  }
+ Here is the caller graph for this function:

◆ getProgrammeRefId()

ilPRGPermissionsHelper::getProgrammeRefId ( )
protected

Definition at line 171 of file ilPRGPermissionsHelper.php.

Referenced by filterUserIds(), and may().

171  : int
172  {
173  return (int) $this->programme->getRefId();
174  }
+ Here is the caller graph for this function:

◆ getUserIdsInPrgAccessibleForOperation()

ilPRGPermissionsHelper::getUserIdsInPrgAccessibleForOperation ( string  $orgu_operation)
protected

Definition at line 144 of file ilPRGPermissionsHelper.php.

References getAllAssignedUserIds().

Referenced by getUserIdsSusceptibleTo().

144  : array
145  {
146  if (!$this->cache[$orgu_operation]) {
147  $user_ids = array_map(
148  'intval',
149  $this->orgu_access->filterUserIdsByPositionOfCurrentUser(
150  $orgu_operation,
151  $this->getProgrammeRefId(),
152  $this->getAllAssignedUserIds()
153  )
154  );
155  $this->cache[$orgu_operation] = array_unique($user_ids);
156  }
157  return $this->cache[$orgu_operation];
158  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUserIdsSusceptibleTo()

ilPRGPermissionsHelper::getUserIdsSusceptibleTo ( string  $operation)

return int[]

Definition at line 97 of file ilPRGPermissionsHelper.php.

References getAllAssignedUserIds(), getUserIdsInPrgAccessibleForOperation(), may(), and throwForInvalidOperation().

97  : array
98  {
99  $this->throwForInvalidOperation($operation);
100 
101  if ($this->may(self::ROLEPERM_MANAGE_MEMBERS)) { //RBAC overrides OrgUs
102  return $this->getAllAssignedUserIds();
103  }
104 
105  if (in_array($operation, self::ORGU_OPERATIONS) && $this->may($operation)) {
106  return $this->getUserIdsInPrgAccessibleForOperation($operation);
107  }
108  return [];
109  }
ilPRGPermissionsHelper\getUserIdsInPrgAccessibleForOperation
getUserIdsInPrgAccessibleForOperation(string $orgu_operation)
Definition: ilPRGPermissionsHelper.php:144
ilPRGPermissionsHelper\throwForInvalidOperation
throwForInvalidOperation(string $operation)
Definition: ilPRGPermissionsHelper.php:127
+ Here is the call graph for this function:

◆ may()

ilPRGPermissionsHelper::may ( string  $operation)

Definition at line 65 of file ilPRGPermissionsHelper.php.

References getProgrammeRefId(), and throwForInvalidOperation().

Referenced by filterUserIds(), getUserIdsSusceptibleTo(), and mayAnyOf().

65  : bool
66  {
67  $this->throwForInvalidOperation($operation);
68  if (in_array($operation, self::ORGU_OPERATIONS)) {
69  return
70  $this->access->checkAccess( //RBAC overrides OrgUs
71  self::ROLEMAPPINGS[self::ROLEPERM_MANAGE_MEMBERS],
72  '',
73  $this->getProgrammeRefId()
74  )
75  || $this->access->checkPositionAccess($operation, $this->getProgrammeRefId());
76  } else {
77  return $this->access->checkAccess(self::ROLEMAPPINGS[$operation], '', $this->getProgrammeRefId());
78  }
79  }
ilPRGPermissionsHelper\throwForInvalidOperation
throwForInvalidOperation(string $operation)
Definition: ilPRGPermissionsHelper.php:127
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mayAnyOf()

ilPRGPermissionsHelper::mayAnyOf ( array  $operations)
Parameters
string[]$operations

Definition at line 84 of file ilPRGPermissionsHelper.php.

References may().

84  : bool
85  {
86  foreach ($operations as $operation) {
87  if ($this->may($operation)) {
88  return true;
89  }
90  }
91  return false;
92  }
+ Here is the call graph for this function:

◆ throwForInvalidOperation()

ilPRGPermissionsHelper::throwForInvalidOperation ( string  $operation)
protected

Definition at line 127 of file ilPRGPermissionsHelper.php.

References $valid.

Referenced by getUserIdsSusceptibleTo(), and may().

127  : void
128  {
129  $valid = array_merge(
130  self::ORGU_OPERATIONS,
131  [
132  self::ROLEPERM_VIEW,
133  self::ROLEPERM_READ,
134  self::ROLEPERM_WRITE,
135  self::ROLEPERM_MANAGE_MEMBERS
136  ]
137  );
138 
139  if (!in_array($operation, $valid)) {
140  throw new \ilException('prg does not provide this permission: ' . $operation);
141  }
142  }
$valid
$valid
Definition: dummy_client.php:52
+ Here is the caller graph for this function:

Field Documentation

◆ $access

ilPRGPermissionsHelper::$access
protected

Definition at line 38 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $orgu_access

ilPRGPermissionsHelper::$orgu_access
protected

Definition at line 43 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $programme

ilPRGPermissionsHelper::$programme
protected

Definition at line 48 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $user_id_cache

ilPRGPermissionsHelper::$user_id_cache
protected

Definition at line 53 of file ilPRGPermissionsHelper.php.

◆ ORGU_OPERATIONS

const ilPRGPermissionsHelper::ORGU_OPERATIONS
Initial value:
= [
ilOrgUnitOperation::OP_VIEW_MEMBERS,
ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
ilOrgUnitOperation::OP_VIEW_INDIVIDUAL_PLAN,
ilOrgUnitOperation::OP_EDIT_INDIVIDUAL_PLAN,
ilOrgUnitOperation::OP_MANAGE_MEMBERS
]

Definition at line 13 of file ilPRGPermissionsHelper.php.

◆ ROLEMAPPINGS

const ilPRGPermissionsHelper::ROLEMAPPINGS
Initial value:
= [
'rp_visible' => 'visible'

Definition at line 28 of file ilPRGPermissionsHelper.php.

◆ ROLEPERM_MANAGE_MEMBERS

const ilPRGPermissionsHelper::ROLEPERM_MANAGE_MEMBERS = 'rp_manage_members'

Definition at line 26 of file ilPRGPermissionsHelper.php.

◆ ROLEPERM_READ

const ilPRGPermissionsHelper::ROLEPERM_READ = 'rp_read'

Definition at line 22 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\addToNavigationHistory(), ilObjStudyProgrammeGUI\executeCommand(), ilObjStudyProgrammeGUI\getSubTabs(), ilObjStudyProgrammeGUI\getTabs(), and ilObjStudyProgrammeGUI\view().

◆ ROLEPERM_VIEW

const ilPRGPermissionsHelper::ROLEPERM_VIEW = 'rp_visible'

Definition at line 21 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\denyAccessIfNotAnyOf(), and ilObjStudyProgrammeGUI\executeCommand().

◆ ROLEPERM_WRITE

const ilPRGPermissionsHelper::ROLEPERM_WRITE = 'rp_write'

Definition at line 23 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\edit(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjStudyProgrammeGUI\executeCommand(), ilObjStudyProgrammeGUI\getSubTabs(), ilObjStudyProgrammeGUI\getTabs(), and ilObjStudyProgrammeGUI\updateAdvancedSettings().

The documentation for this class was generated from the following file: