ILIAS  release_8 Revision v8.24
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
ilObjEmployeeTalkAccess Class Reference
+ Inheritance diagram for ilObjEmployeeTalkAccess:
+ Collaboration diagram for ilObjEmployeeTalkAccess:

Public Member Functions

 __construct ()
 
 canCreate (?ilObjUser $talkParticipant=null)
 Checks if the user is allowed to create a new talks series. More...
 
 hasPermissionToReadUnownedTalksOfUser (int $userId)
 
 canRead (int $refId)
 
 canEditTalkLockStatus (int $refId)
 
 canEdit (int $refId)
 
 canDelete (int $refId)
 
 isTalkReadonlyByCurrentUser (int $ref_id)
 
- Public Member Functions inherited from ilObjectAccess
 _checkAccess (string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id=null)
 Checks whether a user may invoke a command or not (this method is called by ilAccessHandler::checkAccess) More...
 
 canBeDelivered (ilWACPath $ilWACPath)
 
 canBeDelivered (ilWACPath $ilWACPath)
 

Static Public Member Functions

static getInstance ()
 
static _getCommands ()
 get commands More...
 
static _isOffline ($a_obj_id)
 
static _checkGoto ($a_target)
 
- Static Public Member Functions inherited from ilObjectAccess
static _getCommands ()
 get commands More...
 
static _checkGoto (string $target)
 check whether goto script will succeed More...
 
static _isOffline (int $obj_id)
 Type-specific implementation of general status, has to be overwritten if object type does not support centralized offline handling. More...
 
static _preloadData (array $obj_ids, array $ref_ids)
 Preload data. More...
 

Private Member Functions

 isPermittedToExecuteOperation (int $refId, string $operation)
 
 getCurrentUsersId ()
 

Private Attributes

ilOrgUnitUserAssignmentQueries $ua
 
ilOrgUnitGlobalSettings $set
 
IlOrgUnitPositionAccess $orgUnitAccess
 
Container $container
 
ilOrgUnitObjectTypePositionSetting $talkPositionSettings
 
IliasDBEmployeeTalkSeriesRepository $seriesSettingsRepository
 

Static Private Attributes

static self $instance = null
 

Detailed Description

Definition at line 28 of file class.ilObjEmployeeTalkAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilObjEmployeeTalkAccess::__construct ( )

Definition at line 47 of file class.ilObjEmployeeTalkAccess.php.

48 {
49 $this->container = $GLOBALS['DIC'];
50
51 $this->set = ilOrgUnitGlobalSettings::getInstance();
52 $this->ua = ilOrgUnitUserAssignmentQueries::getInstance();
53 $this->orgUnitAccess = new ilOrgUnitPositionAccess($this->container->access());
54 $this->talkPositionSettings = $this->set->getObjectPositionSettingsByType(ilObjEmployeeTalk::TYPE);
55 $this->seriesSettingsRepository = new IliasDBEmployeeTalkSeriesRepository($this->container->user(), $this->container->database());
56 }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:24

References $GLOBALS, ilOrgUnitUserAssignmentQueries\getInstance(), ilOrgUnitGlobalSettings\getInstance(), and ilObjEmployeeTalk\TYPE.

+ Here is the call graph for this function:

Member Function Documentation

◆ _checkGoto()

static ilObjEmployeeTalkAccess::_checkGoto (   $a_target)
static
Parameters
string$a_targetcheck whether goto script will succeed
Returns
bool

Definition at line 94 of file class.ilObjEmployeeTalkAccess.php.

94 : bool
95 {
96 $access = new self();
97
98 $t_arr = explode('_', $a_target);
99 if ($t_arr[0] !== 'etal' || ((int) $t_arr[1]) <= 0) {
100 return false;
101 }
102 if ($access->canRead(intval($t_arr[1]))) {
103 return true;
104 }
105
106 return false;
107 }

◆ _getCommands()

static ilObjEmployeeTalkAccess::_getCommands ( )
static

get commands

this method returns an array of all possible commands/permission combinations

example: $commands = array ( array('permission' => 'read', 'cmd' => 'view', 'lang_var' => 'show'), array('permission' => 'write', 'cmd' => 'edit', 'lang_var' => 'edit'), );

Reimplemented from ilObjectAccess.

Definition at line 70 of file class.ilObjEmployeeTalkAccess.php.

70 : array
71 {
72 $commands = [
73 [
74 'permission' => 'read',
75 'cmd' => ControlFlowCommand::DEFAULT,
76 'lang_var' => 'show',
77 'default' => true,
78 ]
79 ];
80
81 return $commands;
82 }

Referenced by ilObjEmployeeTalkListGUI\init().

+ Here is the caller graph for this function:

◆ _isOffline()

static ilObjEmployeeTalkAccess::_isOffline (   $a_obj_id)
static

Definition at line 84 of file class.ilObjEmployeeTalkAccess.php.

84 : bool
85 {
86 return false;
87 }

◆ canCreate()

ilObjEmployeeTalkAccess::canCreate ( ?ilObjUser  $talkParticipant = null)

Checks if the user is allowed to create a new talks series.

If no user is given only the position right is checked, which can be used to display create or new buttons based on the general position rights of the user.

If the user is given, only positions with an authority over the given user are used to check the position rights.

Parameters
ilObjUser | null$talkParticipantThe talk participant which should get invited into the new talk.
Returns
bool True if the user has creation rights otherwise false.

Definition at line 120 of file class.ilObjEmployeeTalkAccess.php.

120 : bool
121 {
122 try {
123 $currentUserId = $this->getCurrentUsersId();
124
125 // Root has always full access
126 if ($currentUserId === 6) {
127 return true;
128 }
129
130 // Talks are never editable if the position rights are not active, because the talks don't use RBAC
131 if (!$this->talkPositionSettings->isActive()) {
132 return false;
133 }
134
135 $positions = $this->ua->getPositionsOfUserId($currentUserId);
136
137 // If we don't have a user just check if the current user has the right in any position to create a new talk
138 if ($talkParticipant === null) {
139 foreach ($positions as $position) {
140 // Check if the position has any relevant position rights
141 $permissionSet = ilOrgUnitPermissionQueries::getTemplateSetForContextName(ilObjEmployeeTalk::TYPE, strval($position->getId() ?? 0));
142 $isAbleToExecuteOperation = array_reduce($permissionSet->getOperations(), function (bool $prev, ilOrgUnitOperation $it) {
143 return $prev || $it->getOperationString() === EmployeeTalkPositionAccessLevel::CREATE;
144 }, false);
145
146 // If the position has no rights check the next one
147 if (!$isAbleToExecuteOperation) {
148 continue;
149 }
150
151 return true;
152 }
153
154 // The current user was not in a position with create etal position rights
155 return false;
156 }
157
158 // Validate authority and position rights over the given participant
159 return $this->hasAuthorityAndOperationPermissionOverUser($talkParticipant, EmployeeTalkPositionAccessLevel::CREATE);
160 } catch (\Exception $ex) {
161 return false;
162 }
163 }
function
static return function(ContainerConfigurator $containerConfigurator)
Definition: basic_rector.php:9
ilOrgUnitOperation
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperation.php:24
ilOrgUnitPermissionQueries\getTemplateSetForContextName
static getTemplateSetForContextName(string $context_name, string $position_id, bool $editable=false)
Definition: class.ilOrgUnitPermissionQueries.php:28

References function, getCurrentUsersId(), ilOrgUnitOperation\getOperationString(), ilOrgUnitPermissionQueries\getTemplateSetForContextName(), and ilObjEmployeeTalk\TYPE.

Referenced by ilEmployeeTalkMyStaffListGUI\loadActionBar().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ canDelete()

ilObjEmployeeTalkAccess::canDelete ( int  $refId)
Parameters
int$refId
Returns
bool

Definition at line 205 of file class.ilObjEmployeeTalkAccess.php.

205 : bool
206 {
207 $talk = new ilObjEmployeeTalk($refId);
208 $user = $this->getCurrentUsersId();
209 if ($user === $talk->getOwner()) {
210 return true;
211 }
212 // global admins can delete
213 if ($this->container->rbac()->review()->isAssigned(
214 $user,
215 SYSTEM_ROLE_ID
216 )) {
217 return true;
218 }
219 return false;
220 }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$refId
$refId
Definition: xapitoken.php:58

References $refId, getCurrentUsersId(), and SYSTEM_ROLE_ID.

+ Here is the call graph for this function:

◆ canEdit()

ilObjEmployeeTalkAccess::canEdit ( int  $refId)
Parameters
int$refId
Returns
bool

Definition at line 196 of file class.ilObjEmployeeTalkAccess.php.

196 : bool
197 {
198 return $this->isPermittedToExecuteOperation($refId, EmployeeTalkPositionAccessLevel::EDIT);
199 }
ilObjEmployeeTalkAccess\isPermittedToExecuteOperation
isPermittedToExecuteOperation(int $refId, string $operation)
Definition: class.ilObjEmployeeTalkAccess.php:222

References isPermittedToExecuteOperation().

Referenced by isTalkReadonlyByCurrentUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ canEditTalkLockStatus()

ilObjEmployeeTalkAccess::canEditTalkLockStatus ( int  $refId)

Definition at line 179 of file class.ilObjEmployeeTalkAccess.php.

179 : bool
180 {
181 $currentUserId = $this->getCurrentUsersId();
182
183 // Root has always full access
184 if ($currentUserId === 6) {
185 return true;
186 }
187
188 $talk = new ilObjEmployeeTalk($refId);
189 return intval($talk->getOwner()) === $currentUserId;
190 }

References $refId, and getCurrentUsersId().

+ Here is the call graph for this function:

◆ canRead()

ilObjEmployeeTalkAccess::canRead ( int  $refId)

Definition at line 174 of file class.ilObjEmployeeTalkAccess.php.

174 : bool
175 {
176 return $this->isPermittedToExecuteOperation($refId, EmployeeTalkPositionAccessLevel::VIEW);
177 }

References isPermittedToExecuteOperation().

+ Here is the call graph for this function:

◆ getCurrentUsersId()

ilObjEmployeeTalkAccess::getCurrentUsersId ( )
private
Returns
int

Definition at line 290 of file class.ilObjEmployeeTalkAccess.php.

290 : int
291 {
292 return $this->container->user()->getId();
293 }

Referenced by canCreate(), canDelete(), canEditTalkLockStatus(), and isPermittedToExecuteOperation().

+ Here is the caller graph for this function:

◆ getInstance()

static ilObjEmployeeTalkAccess::getInstance ( )
static

Definition at line 38 of file class.ilObjEmployeeTalkAccess.php.

38 : self
39 {
40 if (is_null(self::$instance)) {
41 self::$instance = new ilObjEmployeeTalkAccess();
42 }
43
44 return self::$instance;
45 }

References $instance.

Referenced by ilObjEmployeeTalkGUI\__construct(), and ilMStShowUserGUI\executeCommand().

+ Here is the caller graph for this function:

◆ hasPermissionToReadUnownedTalksOfUser()

ilObjEmployeeTalkAccess::hasPermissionToReadUnownedTalksOfUser ( int  $userId)

Definition at line 165 of file class.ilObjEmployeeTalkAccess.php.

165 : bool
166 {
167 try {
168 return $this->hasAuthorityAndOperationPermissionOverUser(new ilObjUser($userId), EmployeeTalkPositionAccessLevel::VIEW);
169 } catch (\Exception $ex) {
170 return false;
171 }
172 }
ilObjUser
User class.
Definition: class.ilObjUser.php:28

◆ isPermittedToExecuteOperation()

ilObjEmployeeTalkAccess::isPermittedToExecuteOperation ( int  $refId,
string  $operation 
)
private

Definition at line 222 of file class.ilObjEmployeeTalkAccess.php.

222 : bool
223 {
224 $currentUserId = $this->getCurrentUsersId();
225
226 // Root has always full access
227 if ($currentUserId === 6) {
228 return true;
229 }
230
231 // Talks are never editable if the position rights are not active, because the talks don't use RBAC
232 if (!$this->talkPositionSettings->isActive()) {
233 return false;
234 }
235
236 $talk = new ilObjEmployeeTalk($refId);
237 $series = $talk->getParent();
238 $hasAuthority = $this->hasAuthorityAndOperationPermissionOverUser(new ilObjUser($talk->getData()->getEmployee()), $operation);
239 $data = $talk->getData();
240 $seriesSettings = $this->seriesSettingsRepository->readEmployeeTalkSerieSettings($series->getId());
241 $canExecuteOperation = $this->orgUnitAccess->checkPositionAccess($operation, $refId);
242 $isOwner = $talk->getOwner() === $currentUserId;
243
244 if ($isOwner) {
245 return true;
246 }
247
248 if ($currentUserId === $data->getEmployee()) {
249 // The Employee can never edit their own talks
250 if ($operation !== EmployeeTalkPositionAccessLevel::VIEW) {
251 return false;
252 }
253
254 // The Employee can always read their own talks
255 return true;
256 }
257
258 //Only owner can edit talks with enabled write lock
259 if ($seriesSettings->isLockedEditing() && $operation === EmployeeTalkPositionAccessLevel::EDIT) {
260 return false;
261 }
262
263 // Has no authority over the employee
264 if (!$hasAuthority) {
265 return false;
266 }
267
268 // Has Authority and is permitted to execute the given permission
269 if ($canExecuteOperation) {
270 return true;
271 }
272
273 // Has authority but no permission
274 return false;
275 }

References $data, $refId, and getCurrentUsersId().

Referenced by canEdit(), and canRead().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isTalkReadonlyByCurrentUser()

ilObjEmployeeTalkAccess::isTalkReadonlyByCurrentUser ( int  $ref_id)
Parameters
int$ref_id
Returns
bool

Definition at line 282 of file class.ilObjEmployeeTalkAccess.php.

282 : bool
283 {
284 return !$this->canEdit($ref_id);
285 }
$ref_id
$ref_id
Definition: ltiauth.php:67

References canEdit().

+ Here is the call graph for this function:

Field Documentation

◆ $container

Container ilObjEmployeeTalkAccess::$container
private

Definition at line 34 of file class.ilObjEmployeeTalkAccess.php.

◆ $instance

self ilObjEmployeeTalkAccess::$instance = null
staticprivate

Definition at line 30 of file class.ilObjEmployeeTalkAccess.php.

Referenced by getInstance().

◆ $orgUnitAccess

IlOrgUnitPositionAccess ilObjEmployeeTalkAccess::$orgUnitAccess
private

Definition at line 33 of file class.ilObjEmployeeTalkAccess.php.

◆ $seriesSettingsRepository

IliasDBEmployeeTalkSeriesRepository ilObjEmployeeTalkAccess::$seriesSettingsRepository
private

Definition at line 36 of file class.ilObjEmployeeTalkAccess.php.

◆ $set

ilOrgUnitGlobalSettings ilObjEmployeeTalkAccess::$set
private

Definition at line 32 of file class.ilObjEmployeeTalkAccess.php.

◆ $talkPositionSettings

ilOrgUnitObjectTypePositionSetting ilObjEmployeeTalkAccess::$talkPositionSettings
private

Definition at line 35 of file class.ilObjEmployeeTalkAccess.php.

◆ $ua

ilOrgUnitUserAssignmentQueries ilObjEmployeeTalkAccess::$ua
private

Definition at line 31 of file class.ilObjEmployeeTalkAccess.php.

The documentation for this class was generated from the following file: