ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilBadgeWAC.php
Go to the documentation of this file.
1 <?php
2 
22 class ilBadgeWAC implements ilWACCheckingClass
23 {
24  public function canBeDelivered(ilWACPath $ilWACPath): bool
25  {
26  global $DIC;
27 
28  if (strpos($ilWACPath->getPath(), '..') !== false) {
29  return false;
30  }
31 
32  if (!preg_match('@ilBadge\/(\d+\/)*?badge(tmpl)?_(\d+)\/@ui', $ilWACPath->getPath())) {
33  return false;
34  }
35 
36  $obj_id = array_keys(ilObject::_getObjectsByType('bdga'))[0] ?? null;
37  $admin_ref_id = null;
38  if ($obj_id > 0) {
39  $admin_ref_id = array_values(ilObject::_getAllReferences($obj_id))[0] ?? null;
40  }
41 
42  $has_global_badge_administration_access = (
43  $admin_ref_id > 0 &&
44  $DIC->rbac()->system()->checkAccessOfUser($DIC->user()->getId(), 'read', $admin_ref_id)
45  );
46 
47  if (preg_match('@\/badgetmpl_(\d+)\/@ui', $ilWACPath->getPath())) {
48  // Badge template images must only be accessible for accounts with `read` permission on the badge administration node
49  return $has_global_badge_administration_access;
50  }
51 
52  if (preg_match('@\/badge_(\d+)\/@ui', $ilWACPath->getPath(), $matches)) {
53  if ($has_global_badge_administration_access) {
54  return true;
55  }
56 
57  $badge_id = (int) $matches[1];
58 
59  return (
60  $this->isAssignedBadge($DIC, $badge_id) ||
61  $this->isAssignedBadgeOfPublishedUserProfile($DIC, $badge_id) ||
62  $this->hasAccessToBadgeParentIdNode($DIC, $badge_id, $has_global_badge_administration_access)
63  );
64  }
65 
66  return false;
67  }
68 
69  private function hasAccessToBadgeParentIdNode(
70  \ILIAS\DI\Container $DIC,
71  int $badge_id,
72  bool $has_global_badge_administration_access
73  ) : bool {
74  // If the acting user still does not have access, check if the image is used in an object badge type
75  $badge = new ilBadge($badge_id);
76  if ($badge->getParentId() > 0) {
77  return false;
78  }
79 
80  $badge_handler = ilBadgeHandler::getInstance();
81  if (!$badge_handler->isObjectActive((int) $badge->getParentId())) {
82  return false;
83  }
84 
85  $context_ref_id = array_values(ilObject::_getAllReferences((int) $badge->getParentId()))[0] ?? null;
86  if (!($context_ref_id > 0)) {
87  return false;
88  }
89 
90  $context_ref_id = (int) $context_ref_id;
91  if ($DIC->repositoryTree()->isGrandChild((int) SYSTEM_FOLDER_ID, $context_ref_id)) {
92  $has_access = $has_global_badge_administration_access;
93  } else {
94  $has_access = $DIC->access()->checkAccessOfUser(
95  $DIC->user()->getId(),
96  'write',
97  '',
98  $context_ref_id
99  );
100  }
101 
102  return $has_access;
103  }
104 
105  private function isAssignedBadge(\ILIAS\DI\Container $DIC, int $badge_id) : bool
106  {
107  // First, check all badge assignments of the current user for a match
108  $badges_of_user = ilBadgeAssignment::getInstancesByUserId($DIC->user()->getId());
109  foreach ($badges_of_user as $user_badge) {
110  if ((int) $user_badge->getBadgeId() === $badge_id) {
111  return true;
112  }
113  }
114 
115  return false;
116  }
117 
118  private function isAssignedBadgeOfPublishedUserProfile(\ILIAS\DI\Container $DIC, int $badge_id) : bool
119  {
120  // It seems the badge is not assigned to the curent user, so check if the profile of the badge user is made visible
121  $assignments = ilBadgeAssignment::getInstancesByBadgeId($badge_id);
122  foreach ($assignments as $assignment) {
123  if (!$assignment->getPosition()) {
124  continue;
125  }
126 
127  $user = ilObjectFactory::getInstanceByObjId((int) $assignment->getUserId(), false);
128  if (!$user instanceof ilObjUser) {
129  continue;
130  }
131 
132  $profile_visibility = $user->getPref('public_profile');
133  if ($profile_visibility === 'g' || ($profile_visibility === 'y' && !$DIC->user()->isAnonymous())) {
134  return true;
135  }
136  }
137 
138  return false;
139  }
140 }
ilBadgeWAC
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilBadgeWAC.php:22
ilBadgeAssignment\getInstancesByUserId
static getInstancesByUserId(int $a_user_id)
Definition: class.ilBadgeAssignment.php:102
ILIAS
Class ChatMainBarProvider .
ilObject\_getAllReferences
static _getAllReferences(int $id)
get all reference ids for object ID
Definition: class.ilObject.php:816
ilBadgeWAC\hasAccessToBadgeParentIdNode
hasAccessToBadgeParentIdNode(\ILIAS\DI\Container $DIC, int $badge_id, bool $has_global_badge_administration_access)
Definition: class.ilBadgeWAC.php:69
ilBadgeWAC\isAssignedBadge
isAssignedBadge(\ILIAS\DI\Container $DIC, int $badge_id)
Definition: class.ilBadgeWAC.php:105
ilObject\_getObjectsByType
static _getObjectsByType(string $obj_type="", int $owner=null)
Definition: class.ilObject.php:1478
ilWACPath
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilWACPath.php:25
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
ilBadgeWAC\isAssignedBadgeOfPublishedUserProfile
isAssignedBadgeOfPublishedUserProfile(\ILIAS\DI\Container $DIC, int $badge_id)
Definition: class.ilBadgeWAC.php:118
$DIC
global $DIC
Definition: feed.php:28
ilBadgeAssignment\getInstancesByBadgeId
static getInstancesByBadgeId(int $a_badge_id)
Definition: class.ilBadgeAssignment.php:127
DI
Class HTTPServicesTest.
ilWACCheckingClass
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilWACCheckingClass.php:24
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilBadgeWAC\canBeDelivered
canBeDelivered(ilWACPath $ilWACPath)
Definition: class.ilBadgeWAC.php:24