ILIAS  release_8 Revision v8.19-1-g4e8f2f9140c
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Static Protected Attributes | Private Member Functions | Private Attributes
ilOrgUnitPositionAccess Class Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

+ Inheritance diagram for ilOrgUnitPositionAccess:
+ Collaboration diagram for ilOrgUnitPositionAccess:

Public Member Functions

 __construct (ilAccess $access)
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, string $permission)
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, int $for_user_id, string $permission)
 
 isCurrentUserBasedOnPositionsAllowedTo (string $permission, array $on_user_ids)
 
 isUserBasedOnPositionsAllowedTo (int $which_user_id, string $permission, array $on_user_ids)
 
 filterUserIdsByPositionOfCurrentUser (string $pos_perm, int $ref_id, array $user_ids)
 
 filterUserIdsByPositionOfUser (int $user_id, string $pos_perm, int $ref_id, array $user_ids)
 
 checkPositionAccess (string $pos_perm, int $ref_id)
 
 hasCurrentUserAnyPositionAccess (int $ref_id)
 
 checkRbacOrPositionPermissionAccess (string $rbac_perm, string $pos_perm, int $ref_id)
 
 filterUserIdsByRbacOrPositionOfCurrentUser (string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
 
 hasUserRBACorAnyPositionAccess (string $rbac_perm, int $ref_id)
 

Static Protected Attributes

static array $ref_id_obj_type_map = array()
 

Private Member Functions

 getCurrentUsersId ()
 
 getTypeForRefId (int $ref_id)
 
 getObjIdForRefId (int $ref_id)
 
 isPositionActiveForRefId (int $ref_id)
 

Private Attributes

ilOrgUnitUserAssignmentQueries $ua
 
ilOrgUnitGlobalSettings $set
 
ilAccess $access
 
ilObjUser $user
 

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning Class ilOrgUnitPositionAccess

Author
Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch

Definition at line 23 of file class.ilOrgUnitPositionAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilOrgUnitPositionAccess::__construct ( ilAccess  $access)

Definition at line 31 of file class.ilOrgUnitPositionAccess.php.

References $access, $DIC, ILIAS\Repository\access(), ilOrgUnitUserAssignmentQueries\getInstance(), ilOrgUnitGlobalSettings\getInstance(), and ILIAS\Repository\user().

32  {
33  global $DIC;
34  $this->set = ilOrgUnitGlobalSettings::getInstance();
35  $this->ua = ilOrgUnitUserAssignmentQueries::getInstance();
36  $this->access = $access;
37  $this->user = $DIC->user();
38  }
$DIC
global $DIC
Definition: feed.php:28
+ Here is the call graph for this function:

Member Function Documentation

◆ checkPositionAccess()

ilOrgUnitPositionAccess::checkPositionAccess ( string  $pos_perm,
int  $ref_id 
)
Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
Returns
bool
See also
getAvailablePositionRelatedPermissions for available permissions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 172 of file class.ilOrgUnitPositionAccess.php.

References ilOrgUnitOperationQueries\findByOperationString(), getCurrentUsersId(), getTypeForRefId(), and isPositionActiveForRefId().

Referenced by ilAccess\checkPositionAccess(), and checkRbacOrPositionPermissionAccess().

172  : bool
173  {
174  if (!$this->isPositionActiveForRefId($ref_id)) {
175  return false;
176  }
177 
178  $operation = ilOrgUnitOperationQueries::findByOperationString($pos_perm, $this->getTypeForRefId($ref_id));
179  if (!$operation) {
180  return false;
181  }
182  $current_user_id = $this->getCurrentUsersId();
183 
184  foreach ($this->ua->getPositionsOfUserId($current_user_id) as $position) {
185  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
186  if ($permissions->isOperationIdSelected($operation->getOperationId())) {
187  return true;
188  }
189  }
190 
191  return false;
192  }
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString(string $operation_string, string $context_name)
Definition: class.ilOrgUnitOperationQueries.php:106
$ref_id
$ref_id
Definition: ltiauth.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkRbacOrPositionPermissionAccess()

ilOrgUnitPositionAccess::checkRbacOrPositionPermissionAccess ( string  $rbac_perm,
string  $pos_perm,
int  $ref_id 
)
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 214 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\access(), checkPositionAccess(), and isPositionActiveForRefId().

Referenced by ilAccess\checkRbacOrPositionPermissionAccess().

214  : bool
215  {
216  // If RBAC allows, just return true
217  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
218  return true;
219  }
220 
221  if (!$this->isPositionActiveForRefId($ref_id)) {
222  return false;
223  }
224 
225  return $this->checkPositionAccess($pos_perm, $ref_id);
226  }
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:172
$ref_id
$ref_id
Definition: ltiauth.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByPositionOfCurrentUser()

ilOrgUnitPositionAccess::filterUserIdsByPositionOfCurrentUser ( string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
int[]$user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 94 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsByPositionOfUser(), and getCurrentUsersId().

Referenced by ilAccess\filterUserIdsByPositionOfCurrentUser(), and filterUserIdsByRbacOrPositionOfCurrentUser().

94  : array
95  {
96  $current_user_id = $this->getCurrentUsersId();
97 
98  return $this->filterUserIdsByPositionOfUser($current_user_id, $pos_perm, $ref_id, $user_ids);
99  }
$ref_id
$ref_id
Definition: ltiauth.php:67
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:103
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByPositionOfUser()

ilOrgUnitPositionAccess::filterUserIdsByPositionOfUser ( int  $user_id,
string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
int[]$user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 103 of file class.ilOrgUnitPositionAccess.php.

References ilOrgUnitOperationQueries\findByOperationString(), getTypeForRefId(), ilOrgUnitAuthority\OVER_EVERYONE, ilOrgUnitAuthority\SCOPE_SAME_ORGU, ilOrgUnitAuthority\SCOPE_SUBSEQUENT_ORGUS, and ILIAS\Repository\user().

Referenced by filterUserIdsByPositionOfCurrentUser(), and ilAccess\filterUserIdsByPositionOfUser().

108  : array {
109  // $all_available_users = $this->ua->getUserIdsOfOrgUnit()
110  $operation = ilOrgUnitOperationQueries::findByOperationString($pos_perm, $this->getTypeForRefId($ref_id));
111  if (!$operation) {
112  return [];
113  }
114 
115  $allowed_user_ids = [];
116  foreach ($this->ua->getPositionsOfUserId($user_id) as $position) {
117  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
118  $permissions->afterObjectLoad();
119  if (!$permissions->isOperationIdSelected($operation->getOperationId())) {
120  continue;
121  }
122 
123  $position->afterObjectLoad();
124  foreach ($position->getAuthorities() as $authority) {
125  switch ($authority->getOver()) {
126  case ilOrgUnitAuthority::OVER_EVERYONE:
127  switch ($authority->getScope()) {
128  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
129  $allowed = $this->ua->getUserIdsOfOrgUnitsOfUsersPosition($position->getId(), $user_id);
130  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
131  break;
132  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
133  $allowed = $this->ua->getUserIdsOfOrgUnitsOfUsersPosition(
134  $position->getId(),
135  $user_id,
136  true
137  );
138  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
139  break;
140  }
141  break;
142  default:
143  switch ($authority->getScope()) {
144  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
145  $allowed = $this->ua->getUserIdsOfUsersOrgUnitsInPosition(
146  $user_id,
147  $authority->getPositionId(),
148  $authority->getOver(),
149  false
150  );
151  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
152  break;
153  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
154  $allowed = $this->ua->getUserIdsOfUsersOrgUnitsInPosition(
155  $user_id,
156  $authority->getPositionId(),
157  $authority->getOver(),
158  true
159  );
160  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
161  break;
162  }
163  break;
164  }
165  }
166  }
167  $allowed_user_ids[] = $this->user->getId();
168  return array_intersect($user_ids, $allowed_user_ids);
169  }
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString(string $operation_string, string $context_name)
Definition: class.ilOrgUnitOperationQueries.php:106
$ref_id
$ref_id
Definition: ltiauth.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByRbacOrPositionOfCurrentUser()

ilOrgUnitPositionAccess::filterUserIdsByRbacOrPositionOfCurrentUser ( string  $rbac_perm,
string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 229 of file class.ilOrgUnitPositionAccess.php.

References $DIC, ILIAS\Repository\access(), and filterUserIdsByPositionOfCurrentUser().

Referenced by ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

234  : array {
235  global $DIC;
236 
237  // If RBAC allows, just return true
238  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
239  return $user_ids;
240  }
241 
242  return $this->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
243  }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:94
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsForCurrentUsersPositionsAndPermission()

ilOrgUnitPositionAccess::filterUserIdsForCurrentUsersPositionsAndPermission ( array  $user_ids,
string  $permission 
)
Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 42 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsForUsersPositionsAndPermission(), and getCurrentUsersId().

Referenced by ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

45  : array {
46  $current_user_id = $this->getCurrentUsersId();
47  return $this->filterUserIdsForUsersPositionsAndPermission($user_ids, $current_user_id, $permission);
48  }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:53
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsForUsersPositionsAndPermission()

ilOrgUnitPositionAccess::filterUserIdsForUsersPositionsAndPermission ( array  $user_ids,
int  $for_user_id,
string  $permission 
)
Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 53 of file class.ilOrgUnitPositionAccess.php.

Referenced by filterUserIdsForCurrentUsersPositionsAndPermission(), ilAccess\filterUserIdsForUsersPositionsAndPermission(), and isUserBasedOnPositionsAllowedTo().

57  : array {
58  $assignment_of_user = $this->ua->getAssignmentsOfUserId($for_user_id);
59  $other_users_in_same_org_units = [];
60  foreach ($assignment_of_user as $assignment) {
61  $other_users_in_same_org_units += $this->ua->getUserIdsOfOrgUnit($assignment->getOrguId());
62  }
63 
64  return array_intersect($user_ids, $other_users_in_same_org_units);
65  }
+ Here is the caller graph for this function:

◆ getCurrentUsersId()

ilOrgUnitPositionAccess::getCurrentUsersId ( )
private

Definition at line 260 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\user().

Referenced by checkPositionAccess(), filterUserIdsByPositionOfCurrentUser(), filterUserIdsForCurrentUsersPositionsAndPermission(), hasCurrentUserAnyPositionAccess(), and isCurrentUserBasedOnPositionsAllowedTo().

260  : int
261  {
262  return $this->user->getId();
263  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getObjIdForRefId()

ilOrgUnitPositionAccess::getObjIdForRefId ( int  $ref_id)
private

Definition at line 275 of file class.ilOrgUnitPositionAccess.php.

References ilObject\_lookupObjectId().

Referenced by isPositionActiveForRefId().

275  : int
276  {
277  return ilObject2::_lookupObjectId($ref_id);
278  }
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObject\_lookupObjectId
static _lookupObjectId(int $ref_id)
Definition: class.ilObject.php:1123
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getTypeForRefId()

ilOrgUnitPositionAccess::getTypeForRefId ( int  $ref_id)
private

Definition at line 266 of file class.ilOrgUnitPositionAccess.php.

References $ref_id, and ilObject\_lookupType().

Referenced by checkPositionAccess(), and filterUserIdsByPositionOfUser().

266  : string
267  {
268  if (!isset(self::$ref_id_obj_type_map[$ref_id])) {
269  self::$ref_id_obj_type_map[$ref_id] = ilObject2::_lookupType($ref_id, true);
270  }
271 
272  return self::$ref_id_obj_type_map[$ref_id];
273  }
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasCurrentUserAnyPositionAccess()

ilOrgUnitPositionAccess::hasCurrentUserAnyPositionAccess ( int  $ref_id)
Parameters
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 195 of file class.ilOrgUnitPositionAccess.php.

References getCurrentUsersId(), and isPositionActiveForRefId().

Referenced by ilAccess\hasCurrentUserAnyPositionAccess(), and hasUserRBACorAnyPositionAccess().

195  : bool
196  {
197  if (!$this->isPositionActiveForRefId($ref_id)) {
198  return false;
199  }
200 
201  $current_user_id = $this->getCurrentUsersId();
202 
203  foreach ($this->ua->getPositionsOfUserId($current_user_id) as $position) {
204  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
205  if (count($permissions->getOperations()) > 0) {
206  return true;
207  }
208  }
209 
210  return false;
211  }
$ref_id
$ref_id
Definition: ltiauth.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasUserRBACorAnyPositionAccess()

ilOrgUnitPositionAccess::hasUserRBACorAnyPositionAccess ( string  $rbac_perm,
int  $ref_id 
)

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 246 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\access(), and hasCurrentUserAnyPositionAccess().

Referenced by ilAccess\hasUserRBACorAnyPositionAccess().

246  : bool
247  {
248  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
249  return true;
250  }
251 
252  return $this->hasCurrentUserAnyPositionAccess($ref_id);
253  }
$ref_id
$ref_id
Definition: ltiauth.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isCurrentUserBasedOnPositionsAllowedTo()

ilOrgUnitPositionAccess::isCurrentUserBasedOnPositionsAllowedTo ( string  $permission,
array  $on_user_ids 
)
Parameters
int[]$on_user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 68 of file class.ilOrgUnitPositionAccess.php.

References getCurrentUsersId(), and isUserBasedOnPositionsAllowedTo().

Referenced by ilAccess\isCurrentUserBasedOnPositionsAllowedTo().

68  : bool
69  {
70  $current_user_id = $this->getCurrentUsersId();
71 
72  return $this->isUserBasedOnPositionsAllowedTo($current_user_id, $permission, $on_user_ids);
73  }
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:77
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isPositionActiveForRefId()

ilOrgUnitPositionAccess::isPositionActiveForRefId ( int  $ref_id)
private

Definition at line 280 of file class.ilOrgUnitPositionAccess.php.

References getObjIdForRefId().

Referenced by checkPositionAccess(), checkRbacOrPositionPermissionAccess(), and hasCurrentUserAnyPositionAccess().

280  : bool
281  {
282  $obj_id = $this->getObjIdForRefId($ref_id); // TODO this will change to ref_id!!
283 
284  return $this->set->isPositionAccessActiveForObject($obj_id);
285  }
$ref_id
$ref_id
Definition: ltiauth.php:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isUserBasedOnPositionsAllowedTo()

ilOrgUnitPositionAccess::isUserBasedOnPositionsAllowedTo ( int  $which_user_id,
string  $permission,
array  $on_user_ids 
)
Parameters
int[]$on_user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 77 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsForUsersPositionsAndPermission().

Referenced by isCurrentUserBasedOnPositionsAllowedTo(), and ilAccess\isUserBasedOnPositionsAllowedTo().

81  : bool {
82  $filtered_user_ids = $this->filterUserIdsForUsersPositionsAndPermission(
83  $on_user_ids,
84  $which_user_id,
85  $permission
86  );
87 
88  return ($on_user_ids === array_intersect($on_user_ids, $filtered_user_ids)
89  && $filtered_user_ids === array_intersect($filtered_user_ids, $on_user_ids));
90  }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:53
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $access

ilAccess ilOrgUnitPositionAccess::$access
private

Definition at line 28 of file class.ilOrgUnitPositionAccess.php.

Referenced by __construct().

◆ $ref_id_obj_type_map

array ilOrgUnitPositionAccess::$ref_id_obj_type_map = array()
staticprotected

Definition at line 25 of file class.ilOrgUnitPositionAccess.php.

◆ $set

ilOrgUnitGlobalSettings ilOrgUnitPositionAccess::$set
private

Definition at line 27 of file class.ilOrgUnitPositionAccess.php.

◆ $ua

ilOrgUnitUserAssignmentQueries ilOrgUnitPositionAccess::$ua
private

Definition at line 26 of file class.ilOrgUnitPositionAccess.php.

◆ $user

ilObjUser ilOrgUnitPositionAccess::$user
private

Definition at line 29 of file class.ilOrgUnitPositionAccess.php.

The documentation for this class was generated from the following file: