ILIAS  release_8 Revision v8.24
class.ilAccessInitialPermissionGuidelineAppliedObjective.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
5/* Copyright (c) 2021 - Daniel Weise <daniel.weise@concepts-and-training.de> - Extended GPL, see LICENSE */
6
7use ILIAS\Setup;
8use ILIAS\Setup\Environment;
9
10class ilAccessInitialPermissionGuidelineAppliedObjective implements Setup\Objective
11{
12 protected const RBAC_OP_EDIT_PERMISSIONS = 1;
13 protected const RBAC_OP_VISIBLE = 2;
14 protected const RBAC_OP_READ = 3;
15 protected const RBAC_OP_WRITE = 4;
16 protected const RBAC_OP_DELETE = 6;
17 protected const RBAC_OP_COPY = 99;
18
19 protected array $initial_permission_definition = [
20 'role' => [
21 'User' => [
22 'id' => 4,
23 'ignore_for_authoring_objects' => true,
24 'object' => [
25 self::RBAC_OP_VISIBLE,
26 self::RBAC_OP_READ,
27 ]
28 ]
29 ],
30 'rolt' => [
31 'il_crs_admin' => [
32 'object' => [
33 self::RBAC_OP_VISIBLE,
34 self::RBAC_OP_READ,
35 self::RBAC_OP_WRITE,
36 self::RBAC_OP_DELETE,
37 self::RBAC_OP_COPY,
38 self::RBAC_OP_EDIT_PERMISSIONS,
39 ],
40 'lp' => true,
41 'create' => [
42 'crs',
43 'grp',
44 'fold',
45 ]
46 ],
47 'il_crs_tutor' => [
48 'object' => [
49 self::RBAC_OP_VISIBLE,
50 self::RBAC_OP_READ,
51 self::RBAC_OP_WRITE,
52 self::RBAC_OP_COPY,
53 ],
54 'create' => [
55 'crs',
56 'fold',
57 ]
58 ],
59 'il_crs_member' => [
60 'ignore_for_authoring_objects' => true,
61 'object' => [
62 self::RBAC_OP_VISIBLE,
63 self::RBAC_OP_READ,
64 ]
65 ],
66 'il_grp_admin' => [
67 'object' => [
68 self::RBAC_OP_VISIBLE,
69 self::RBAC_OP_READ,
70 self::RBAC_OP_WRITE,
71 self::RBAC_OP_DELETE,
72 self::RBAC_OP_COPY,
73 self::RBAC_OP_EDIT_PERMISSIONS,
74 ],
75 'lp' => true,
76 'create' => [
77 'grp',
78 'fold',
79 ]
80 ],
81 'il_grp_member' => [
82 'ignore_for_authoring_objects' => true,
83 'object' => [
84 self::RBAC_OP_VISIBLE,
85 self::RBAC_OP_READ,
86 ]
87 ],
88 'Author' => [
89 'object' => [
90 self::RBAC_OP_VISIBLE,
91 self::RBAC_OP_READ,
92 self::RBAC_OP_WRITE,
93 self::RBAC_OP_DELETE,
94 self::RBAC_OP_COPY,
95 self::RBAC_OP_EDIT_PERMISSIONS,
96 ],
97 'lp' => true,
98 'create' => [
99 'cat',
100 'crs',
101 'grp',
102 'fold',
103 ]
104 ],
105 'Local Administrator' => [
106 'object' => [
107 self::RBAC_OP_VISIBLE,
108 self::RBAC_OP_DELETE,
109 self::RBAC_OP_EDIT_PERMISSIONS,
110 ],
111 'create' => [
112 'cat',
113 ]
114 ],
115 ]
116 ];
117
118 protected string $object_type;
119 protected bool $has_learning_progress;
120 protected bool $used_for_authoring;
121
122 public function __construct(
123 string $object_type,
124 bool $has_learning_progress = false,
125 bool $used_for_authoring = false
126 ) {
127 $this->object_type = $object_type;
128 $this->has_learning_progress = $has_learning_progress;
129 $this->used_for_authoring = $used_for_authoring;
130 }
131
132 public function getHash(): string
133 {
134 return hash("sha256", self::class);
135 }
136
137 public function getLabel(): string
138 {
139 return "Apply initial permission guideline";
140 }
141
142 public function isNotable(): bool
143 {
144 return true;
145 }
146
147 public function getPreconditions(Environment $environment): array
148 {
149 return [
150 new ilIniFilesLoadedObjective(),
151 new ilDatabaseInitializedObjective()
152 ];
153 }
154
155 public function achieve(Environment $environment): Environment
156 {
157 $client_ini = $environment->getResource(Setup\Environment::RESOURCE_CLIENT_INI);
158 $db = $environment->getResource(Environment::RESOURCE_DATABASE);
159
160 $role_folder_id = (int) $client_ini->readVariable("system", "ROLE_FOLDER_ID");
161
162 $learning_progress_permissions = [];
163 if ($this->has_learning_progress) {
164 $learning_progress_permissions = array_filter([
165 ilRbacReview::_getCustomRBACOperationId("read_learning_progress"),
166 ilRbacReview::_getCustomRBACOperationId("edit_learning_progress")
167
168 ]);
169 }
170
171 foreach ($this->initial_permission_definition as $role_type => $roles) {
172 foreach ($roles as $role_title => $definition) {
173 if (
174 $this->used_for_authoring &&
175 array_key_exists('ignore_for_authoring_objects', $definition) &&
176 $definition['ignore_for_authoring_objects']
177 ) {
178 continue;
179 }
180
181 if (array_key_exists('id', $definition) && is_numeric($definition['id'])) {
182 // According to JF (2018-07-02), some roles have to be selected by if, not by title
183 $query = "SELECT obj_id FROM object_data WHERE type = %s AND obj_id = %s";
184 $query_types = ['text', 'integer'];
185 $query_values = [$role_type, $definition['id']];
186 } else {
187 $query = "SELECT obj_id FROM object_data WHERE type = %s AND title = %s";
188 $query_types = ['text', 'text'];
189 $query_values = [$role_type, $role_title];
190 }
191
192 $res = $db->queryF($query, $query_types, $query_values);
193 if (1 == $db->numRows($res)) {
194 $row = $db->fetchAssoc($res);
195 $role_id = (int) $row['obj_id'];
196
197 $operation_ids = [];
198
199 if (array_key_exists('object', $definition) && is_array($definition['object'])) {
200 $operation_ids = array_merge($operation_ids, $definition['object']);
201 }
202
203 if (array_key_exists('lp', $definition) && $definition['lp']) {
204 $operation_ids = array_merge($operation_ids, $learning_progress_permissions);
205 }
206
207 foreach (array_filter(array_map('intval', $operation_ids)) as $ops_id) {
208 if ($ops_id == self::RBAC_OP_COPY) {
209 $ops_id = ilRbacReview::_getCustomRBACOperationId('copy');
210 }
211
212 $db->replace(
213 'rbac_templates',
214 [
215 'rol_id' => ['integer', $role_id],
216 'type' => ['text', $this->object_type],
217 'ops_id' => ['integer', $ops_id],
218 'parent' => ['integer', $role_folder_id]
219 ],
220 []
221 );
222 }
223
224 if (array_key_exists('create', $definition) && is_array($definition['create'])) {
225 foreach ($definition['create'] as $container_object_type) {
226 foreach (ilRbacReview::_getCustomRBACOperationId("create_" . $this->object_type) as $ops_id) {
227 if ($ops_id == self::RBAC_OP_COPY) {
228 $ops_id = ilRbacReview::_getCustomRBACOperationId('copy');
229 }
230
231 $db->replace(
232 'rbac_templates',
233 [
234 'rol_id' => ['integer', $role_id],
235 'type' => ['text', $container_object_type],
236 'ops_id' => ['integer', $ops_id],
237 'parent' => ['integer', $role_folder_id]
238 ],
239 []
240 );
241 }
242 }
243 }
244 }
245 }
246 }
247
248
249 return $environment;
250 }
251
252 public function isApplicable(Environment $environment): bool
253 {
254 if (!ilObject::_getObjectTypeIdByTitle($this->object_type)) {
255 throw new Exception("Something went wrong, there MUST be valid id for object_type " . $this->object_type);
256 }
257
258 if (!ilRbacReview::_getCustomRBACOperationId("create_" . $this->object_type)) {
259 throw new Exception(
260 "Something went wrong, missing CREATE operation id for object type " . $this->object_type
261 );
262 }
263
264 return true;
265 }
266}
ilAccessInitialPermissionGuidelineAppliedObjective\__construct
__construct(string $object_type, bool $has_learning_progress=false, bool $used_for_authoring=false)
Definition: class.ilAccessInitialPermissionGuidelineAppliedObjective.php:122
ilObject\_getObjectTypeIdByTitle
static _getObjectTypeIdByTitle(string $type, \ilDBInterface $ilDB=null)
Definition: class.ilObject.php:2150
ilRbacReview\_getCustomRBACOperationId
static _getCustomRBACOperationId(string $operation, \ilDBInterface $ilDB=null)
Definition: class.ilRbacReview.php:1395
ILIAS\Setup\Environment
An environment holds resources to be used in the setup process.
Definition: Environment.php:28
ILIAS\Setup\Environment\getResource
getResource(string $id)
Consumers of this method should check if the result is what they expect, e.g.
ILIAS\Setup\Objective
An objective is a desired state of the system that is supposed to be created by the setup.
Definition: Objective.php:31
$res
$res
Definition: ltiservices.php:69
ILIAS\Setup
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilMysqlMyIsamToInnoDbMigration.php:19
$query
$query
Definition: proxy_ylocal.php:13