ILIAS  release_8 Revision v8.19-1-g4e8f2f9140c
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
ilObjEmployeeTalkAccess Class Reference
+ Inheritance diagram for ilObjEmployeeTalkAccess:
+ Collaboration diagram for ilObjEmployeeTalkAccess:

Public Member Functions

 __construct ()
 
 canCreate (?ilObjUser $talkParticipant=null)
 Checks if the user is allowed to create a new talks series. More...
 
 hasPermissionToReadUnownedTalksOfUser (int $userId)
 
 canRead (int $refId)
 
 canEditTalkLockStatus (int $refId)
 
 canEdit (int $refId)
 
 canDelete (int $refId)
 
 isTalkReadonlyByCurrentUser (int $ref_id)
 
- Public Member Functions inherited from ilObjectAccess
 _checkAccess (string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id=null)
 Checks whether a user may invoke a command or not (this method is called by ilAccessHandler::checkAccess) More...
 
 canBeDelivered (ilWACPath $ilWACPath)
 

Static Public Member Functions

static getInstance ()
 
static _getCommands ()
 get commands More...
 
static _isOffline ($a_obj_id)
 
static _checkGoto ($a_target)
 
- Static Public Member Functions inherited from ilObjectAccess
static _getCommands ()
 get commands More...
 
static _checkGoto (string $target)
 check whether goto script will succeed More...
 
static _isOffline (int $obj_id)
 Type-specific implementation of general status, has to be overwritten if object type does not support centralized offline handling. More...
 
static _preloadData (array $obj_ids, array $ref_ids)
 Preload data. More...
 

Private Member Functions

 isPermittedToExecuteOperation (int $refId, string $operation)
 
 getCurrentUsersId ()
 

Private Attributes

ilOrgUnitUserAssignmentQueries $ua
 
ilOrgUnitGlobalSettings $set
 
IlOrgUnitPositionAccess $orgUnitAccess
 
Container $container
 
ilOrgUnitObjectTypePositionSetting $talkPositionSettings
 
IliasDBEmployeeTalkSeriesRepository $seriesSettingsRepository
 

Static Private Attributes

static self $instance = null
 

Detailed Description

Definition at line 28 of file class.ilObjEmployeeTalkAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilObjEmployeeTalkAccess::__construct ( )

Definition at line 47 of file class.ilObjEmployeeTalkAccess.php.

References $GLOBALS, ilOrgUnitUserAssignmentQueries\getInstance(), ilOrgUnitGlobalSettings\getInstance(), and ilObjEmployeeTalk\TYPE.

48  {
49  $this->container = $GLOBALS['DIC'];
50 
51  $this->set = ilOrgUnitGlobalSettings::getInstance();
52  $this->ua = ilOrgUnitUserAssignmentQueries::getInstance();
53  $this->orgUnitAccess = new ilOrgUnitPositionAccess($this->container->access());
54  $this->talkPositionSettings = $this->set->getObjectPositionSettingsByType(ilObjEmployeeTalk::TYPE);
55  $this->seriesSettingsRepository = new IliasDBEmployeeTalkSeriesRepository($this->container->user(), $this->container->database());
56  }
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:23
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
+ Here is the call graph for this function:

Member Function Documentation

◆ _checkGoto()

static ilObjEmployeeTalkAccess::_checkGoto (   $a_target)
static
Parameters
string$a_targetcheck whether goto script will succeed
Returns
bool

Definition at line 94 of file class.ilObjEmployeeTalkAccess.php.

94  : bool
95  {
96  $access = new self();
97 
98  $t_arr = explode('_', $a_target);
99  if ($t_arr[0] !== 'etal' || ((int) $t_arr[1]) <= 0) {
100  return false;
101  }
102  if ($access->canRead(intval($t_arr[1]))) {
103  return true;
104  }
105 
106  return false;
107  }

◆ _getCommands()

static ilObjEmployeeTalkAccess::_getCommands ( )
static

get commands

this method returns an array of all possible commands/permission combinations

example: $commands = array ( array('permission' => 'read', 'cmd' => 'view', 'lang_var' => 'show'), array('permission' => 'write', 'cmd' => 'edit', 'lang_var' => 'edit'), );

Definition at line 70 of file class.ilObjEmployeeTalkAccess.php.

Referenced by ilObjEmployeeTalkListGUI\init().

70  : array
71  {
72  $commands = [
73  [
74  'permission' => 'read',
75  'cmd' => ControlFlowCommand::DEFAULT,
76  'lang_var' => 'show',
77  'default' => true,
78  ]
79  ];
80 
81  return $commands;
82  }
+ Here is the caller graph for this function:

◆ _isOffline()

static ilObjEmployeeTalkAccess::_isOffline (   $a_obj_id)
static

Definition at line 84 of file class.ilObjEmployeeTalkAccess.php.

84  : bool
85  {
86  return false;
87  }

◆ canCreate()

ilObjEmployeeTalkAccess::canCreate ( ?ilObjUser  $talkParticipant = null)

Checks if the user is allowed to create a new talks series.

If no user is given only the position right is checked, which can be used to display create or new buttons based on the general position rights of the user.

If the user is given, only positions with an authority over the given user are used to check the position rights.

Parameters
ilObjUser | null$talkParticipantThe talk participant which should get invited into the new talk.
Returns
bool True if the user has creation rights otherwise false.

Definition at line 120 of file class.ilObjEmployeeTalkAccess.php.

References getCurrentUsersId(), ilOrgUnitPermissionQueries\getTemplateSetForContextName(), and ilObjEmployeeTalk\TYPE.

Referenced by ilEmployeeTalkMyStaffListGUI\loadActionBar().

120  : bool
121  {
122  try {
123  $currentUserId = $this->getCurrentUsersId();
124 
125  // Root has always full access
126  if ($currentUserId === 6) {
127  return true;
128  }
129 
130  // Talks are never editable if the position rights are not active, because the talks don't use RBAC
131  if (!$this->talkPositionSettings->isActive()) {
132  return false;
133  }
134 
135  $positions = $this->ua->getPositionsOfUserId($currentUserId);
136 
137  // If we don't have a user just check if the current user has the right in any position to create a new talk
138  if ($talkParticipant === null) {
139  foreach ($positions as $position) {
140  // Check if the position has any relevant position rights
141  $permissionSet = ilOrgUnitPermissionQueries::getTemplateSetForContextName(ilObjEmployeeTalk::TYPE, strval($position->getId() ?? 0));
142  $isAbleToExecuteOperation = array_reduce($permissionSet->getOperations(), function (bool $prev, ilOrgUnitOperation $it) {
143  return $prev || $it->getOperationString() === EmployeeTalkPositionAccessLevel::CREATE;
144  }, false);
145 
146  // If the position has no rights check the next one
147  if (!$isAbleToExecuteOperation) {
148  continue;
149  }
150 
151  return true;
152  }
153 
154  // The current user was not in a position with create etal position rights
155  return false;
156  }
157 
158  // Validate authority and position rights over the given participant
159  return $this->hasAuthorityAndOperationPermissionOverUser($talkParticipant, EmployeeTalkPositionAccessLevel::CREATE);
160  } catch (\Exception $ex) {
161  return false;
162  }
163  }
ilOrgUnitPermissionQueries\getTemplateSetForContextName
static getTemplateSetForContextName(string $context_name, string $position_id, bool $editable=false)
Definition: class.ilOrgUnitPermissionQueries.php:28
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ canDelete()

ilObjEmployeeTalkAccess::canDelete ( int  $refId)
Parameters
int$refId
Returns
bool

Definition at line 205 of file class.ilObjEmployeeTalkAccess.php.

References getCurrentUsersId(), and SYSTEM_ROLE_ID.

205  : bool
206  {
207  $talk = new ilObjEmployeeTalk($refId);
208  $user = $this->getCurrentUsersId();
209  if ($user === $talk->getOwner()) {
210  return true;
211  }
212  // global admins can delete
213  if ($this->container->rbac()->review()->isAssigned(
214  $user,
215  SYSTEM_ROLE_ID
216  )) {
217  return true;
218  }
219  return false;
220  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:

◆ canEdit()

ilObjEmployeeTalkAccess::canEdit ( int  $refId)
Parameters
int$refId
Returns
bool

Definition at line 196 of file class.ilObjEmployeeTalkAccess.php.

References isPermittedToExecuteOperation().

Referenced by isTalkReadonlyByCurrentUser().

196  : bool
197  {
198  return $this->isPermittedToExecuteOperation($refId, EmployeeTalkPositionAccessLevel::EDIT);
199  }
ilObjEmployeeTalkAccess\isPermittedToExecuteOperation
isPermittedToExecuteOperation(int $refId, string $operation)
Definition: class.ilObjEmployeeTalkAccess.php:222
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ canEditTalkLockStatus()

ilObjEmployeeTalkAccess::canEditTalkLockStatus ( int  $refId)

Definition at line 179 of file class.ilObjEmployeeTalkAccess.php.

References getCurrentUsersId().

179  : bool
180  {
181  $currentUserId = $this->getCurrentUsersId();
182 
183  // Root has always full access
184  if ($currentUserId === 6) {
185  return true;
186  }
187 
188  $talk = new ilObjEmployeeTalk($refId);
189  return intval($talk->getOwner()) === $currentUserId;
190  }
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:

◆ canRead()

ilObjEmployeeTalkAccess::canRead ( int  $refId)

Definition at line 174 of file class.ilObjEmployeeTalkAccess.php.

References isPermittedToExecuteOperation().

174  : bool
175  {
176  return $this->isPermittedToExecuteOperation($refId, EmployeeTalkPositionAccessLevel::VIEW);
177  }
ilObjEmployeeTalkAccess\isPermittedToExecuteOperation
isPermittedToExecuteOperation(int $refId, string $operation)
Definition: class.ilObjEmployeeTalkAccess.php:222
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:

◆ getCurrentUsersId()

ilObjEmployeeTalkAccess::getCurrentUsersId ( )
private
Returns
int

Definition at line 290 of file class.ilObjEmployeeTalkAccess.php.

References ilObject\getId(), ilOrgUnitPermissionQueries\getTemplateSetForContextName(), and ilObjEmployeeTalk\TYPE.

Referenced by canCreate(), canDelete(), canEditTalkLockStatus(), and isPermittedToExecuteOperation().

290  : int
291  {
292  return $this->container->user()->getId();
293  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getInstance()

static ilObjEmployeeTalkAccess::getInstance ( )
static

Definition at line 38 of file class.ilObjEmployeeTalkAccess.php.

Referenced by ilObjEmployeeTalkGUI\__construct(), and ilMStShowUserGUI\executeCommand().

38  : self
39  {
40  if (is_null(self::$instance)) {
41  self::$instance = new ilObjEmployeeTalkAccess();
42  }
43 
44  return self::$instance;
45  }
+ Here is the caller graph for this function:

◆ hasPermissionToReadUnownedTalksOfUser()

ilObjEmployeeTalkAccess::hasPermissionToReadUnownedTalksOfUser ( int  $userId)

Definition at line 165 of file class.ilObjEmployeeTalkAccess.php.

165  : bool
166  {
167  try {
168  return $this->hasAuthorityAndOperationPermissionOverUser(new ilObjUser($userId), EmployeeTalkPositionAccessLevel::VIEW);
169  } catch (\Exception $ex) {
170  return false;
171  }
172  }

◆ isPermittedToExecuteOperation()

ilObjEmployeeTalkAccess::isPermittedToExecuteOperation ( int  $refId,
string  $operation 
)
private

Definition at line 222 of file class.ilObjEmployeeTalkAccess.php.

References $data, and getCurrentUsersId().

Referenced by canEdit(), and canRead().

222  : bool
223  {
224  $currentUserId = $this->getCurrentUsersId();
225 
226  // Root has always full access
227  if ($currentUserId === 6) {
228  return true;
229  }
230 
231  // Talks are never editable if the position rights are not active, because the talks don't use RBAC
232  if (!$this->talkPositionSettings->isActive()) {
233  return false;
234  }
235 
236  $talk = new ilObjEmployeeTalk($refId);
237  $series = $talk->getParent();
238  $hasAuthority = $this->hasAuthorityAndOperationPermissionOverUser(new ilObjUser($talk->getData()->getEmployee()), $operation);
239  $data = $talk->getData();
240  $seriesSettings = $this->seriesSettingsRepository->readEmployeeTalkSerieSettings($series->getId());
241  $canExecuteOperation = $this->orgUnitAccess->checkPositionAccess($operation, $refId);
242  $isOwner = $talk->getOwner() === $currentUserId;
243 
244  if ($isOwner) {
245  return true;
246  }
247 
248  if ($currentUserId === $data->getEmployee()) {
249  // The Employee can never edit their own talks
250  if ($operation !== EmployeeTalkPositionAccessLevel::VIEW) {
251  return false;
252  }
253 
254  // The Employee can always read their own talks
255  return true;
256  }
257 
258  //Only owner can edit talks with enabled write lock
259  if ($seriesSettings->isLockedEditing() && $operation === EmployeeTalkPositionAccessLevel::EDIT) {
260  return false;
261  }
262 
263  // Has no authority over the employee
264  if (!$hasAuthority) {
265  return false;
266  }
267 
268  // Has Authority and is permitted to execute the given permission
269  if ($canExecuteOperation) {
270  return true;
271  }
272 
273  // Has authority but no permission
274  return false;
275  }
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isTalkReadonlyByCurrentUser()

ilObjEmployeeTalkAccess::isTalkReadonlyByCurrentUser ( int  $ref_id)
Parameters
int$ref_id
Returns
bool

Definition at line 282 of file class.ilObjEmployeeTalkAccess.php.

References canEdit().

282  : bool
283  {
284  return !$this->canEdit($ref_id);
285  }
$ref_id
$ref_id
Definition: ltiauth.php:67
+ Here is the call graph for this function:

Field Documentation

◆ $container

Container ilObjEmployeeTalkAccess::$container
private

Definition at line 34 of file class.ilObjEmployeeTalkAccess.php.

◆ $instance

self ilObjEmployeeTalkAccess::$instance = null
staticprivate

Definition at line 30 of file class.ilObjEmployeeTalkAccess.php.

◆ $orgUnitAccess

IlOrgUnitPositionAccess ilObjEmployeeTalkAccess::$orgUnitAccess
private

Definition at line 33 of file class.ilObjEmployeeTalkAccess.php.

◆ $seriesSettingsRepository

IliasDBEmployeeTalkSeriesRepository ilObjEmployeeTalkAccess::$seriesSettingsRepository
private

Definition at line 36 of file class.ilObjEmployeeTalkAccess.php.

◆ $set

ilOrgUnitGlobalSettings ilObjEmployeeTalkAccess::$set
private

Definition at line 32 of file class.ilObjEmployeeTalkAccess.php.

◆ $talkPositionSettings

ilOrgUnitObjectTypePositionSetting ilObjEmployeeTalkAccess::$talkPositionSettings
private

Definition at line 35 of file class.ilObjEmployeeTalkAccess.php.

◆ $ua

ilOrgUnitUserAssignmentQueries ilObjEmployeeTalkAccess::$ua
private

Definition at line 31 of file class.ilObjEmployeeTalkAccess.php.

The documentation for this class was generated from the following file: