ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilAccessInitialPermissionGuidelineAppliedObjective.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /* Copyright (c) 2021 - Daniel Weise <daniel.weise@concepts-and-training.de> - Extended GPL, see LICENSE */
6 
7 use ILIAS\Setup;
8 use ILIAS\Setup\Environment;
9 
10 class ilAccessInitialPermissionGuidelineAppliedObjective implements Setup\Objective
11 {
12  protected const RBAC_OP_EDIT_PERMISSIONS = 1;
13  protected const RBAC_OP_VISIBLE = 2;
14  protected const RBAC_OP_READ = 3;
15  protected const RBAC_OP_WRITE = 4;
16  protected const RBAC_OP_DELETE = 6;
17  protected const RBAC_OP_COPY = 99;
18 
19  protected array $initial_permission_definition = [
20  'role' => [
21  'User' => [
22  'id' => 4,
23  'ignore_for_authoring_objects' => true,
24  'object' => [
25  self::RBAC_OP_VISIBLE,
26  self::RBAC_OP_READ,
27  ]
28  ]
29  ],
30  'rolt' => [
31  'il_crs_admin' => [
32  'object' => [
33  self::RBAC_OP_VISIBLE,
34  self::RBAC_OP_READ,
35  self::RBAC_OP_WRITE,
36  self::RBAC_OP_DELETE,
37  self::RBAC_OP_COPY,
38  self::RBAC_OP_EDIT_PERMISSIONS,
39  ],
40  'lp' => true,
41  'create' => [
42  'crs',
43  'grp',
44  'fold',
45  ]
46  ],
47  'il_crs_tutor' => [
48  'object' => [
49  self::RBAC_OP_VISIBLE,
50  self::RBAC_OP_READ,
51  self::RBAC_OP_WRITE,
52  self::RBAC_OP_COPY,
53  ],
54  'create' => [
55  'crs',
56  'fold',
57  ]
58  ],
59  'il_crs_member' => [
60  'ignore_for_authoring_objects' => true,
61  'object' => [
62  self::RBAC_OP_VISIBLE,
63  self::RBAC_OP_READ,
64  ]
65  ],
66  'il_grp_admin' => [
67  'object' => [
68  self::RBAC_OP_VISIBLE,
69  self::RBAC_OP_READ,
70  self::RBAC_OP_WRITE,
71  self::RBAC_OP_DELETE,
72  self::RBAC_OP_COPY,
73  self::RBAC_OP_EDIT_PERMISSIONS,
74  ],
75  'lp' => true,
76  'create' => [
77  'grp',
78  'fold',
79  ]
80  ],
81  'il_grp_member' => [
82  'ignore_for_authoring_objects' => true,
83  'object' => [
84  self::RBAC_OP_VISIBLE,
85  self::RBAC_OP_READ,
86  ]
87  ],
88  'Author' => [
89  'object' => [
90  self::RBAC_OP_VISIBLE,
91  self::RBAC_OP_READ,
92  self::RBAC_OP_WRITE,
93  self::RBAC_OP_DELETE,
94  self::RBAC_OP_COPY,
95  self::RBAC_OP_EDIT_PERMISSIONS,
96  ],
97  'lp' => true,
98  'create' => [
99  'cat',
100  'crs',
101  'grp',
102  'fold',
103  ]
104  ],
105  'Local Administrator' => [
106  'object' => [
107  self::RBAC_OP_VISIBLE,
108  self::RBAC_OP_DELETE,
109  self::RBAC_OP_EDIT_PERMISSIONS,
110  ],
111  'create' => [
112  'cat',
113  ]
114  ],
115  ]
116  ];
117 
118  protected string $object_type;
119  protected bool $has_learning_progress;
120  protected bool $used_for_authoring;
121 
122  public function __construct(
123  string $object_type,
124  bool $has_learning_progress = false,
125  bool $used_for_authoring = false
126  ) {
127  $this->object_type = $object_type;
128  $this->has_learning_progress = $has_learning_progress;
129  $this->used_for_authoring = $used_for_authoring;
130  }
131 
132  public function getHash(): string
133  {
134  return hash("sha256", self::class);
135  }
136 
137  public function getLabel(): string
138  {
139  return "Apply initial permission guideline";
140  }
141 
142  public function isNotable(): bool
143  {
144  return true;
145  }
146 
147  public function getPreconditions(Environment $environment): array
148  {
149  return [
150  new ilIniFilesLoadedObjective(),
151  new ilDatabaseInitializedObjective()
152  ];
153  }
154 
155  public function achieve(Environment $environment): Environment
156  {
157  $client_ini = $environment->getResource(Setup\Environment::RESOURCE_CLIENT_INI);
158  $db = $environment->getResource(Environment::RESOURCE_DATABASE);
159 
160  $role_folder_id = (int) $client_ini->readVariable("system", "ROLE_FOLDER_ID");
161 
162  $learning_progress_permissions = [];
163  if ($this->has_learning_progress) {
164  $learning_progress_permissions = array_filter([
165  ilRbacReview::_getCustomRBACOperationId("read_learning_progress"),
166  ilRbacReview::_getCustomRBACOperationId("edit_learning_progress")
167 
168  ]);
169  }
170 
171  foreach ($this->initial_permission_definition as $role_type => $roles) {
172  foreach ($roles as $role_title => $definition) {
173  if (
174  $this->used_for_authoring &&
175  array_key_exists('ignore_for_authoring_objects', $definition) &&
176  $definition['ignore_for_authoring_objects']
177  ) {
178  continue;
179  }
180 
181  if (array_key_exists('id', $definition) && is_numeric($definition['id'])) {
182  // According to JF (2018-07-02), some roles have to be selected by if, not by title
183  $query = "SELECT obj_id FROM object_data WHERE type = %s AND obj_id = %s";
184  $query_types = ['text', 'integer'];
185  $query_values = [$role_type, $definition['id']];
186  } else {
187  $query = "SELECT obj_id FROM object_data WHERE type = %s AND title = %s";
188  $query_types = ['text', 'text'];
189  $query_values = [$role_type, $role_title];
190  }
191 
192  $res = $db->queryF($query, $query_types, $query_values);
193  if (1 == $db->numRows($res)) {
194  $row = $db->fetchAssoc($res);
195  $role_id = (int) $row['obj_id'];
196 
197  $operation_ids = [];
198 
199  if (array_key_exists('object', $definition) && is_array($definition['object'])) {
200  $operation_ids = array_merge($operation_ids, $definition['object']);
201  }
202 
203  if (array_key_exists('lp', $definition) && $definition['lp']) {
204  $operation_ids = array_merge($operation_ids, $learning_progress_permissions);
205  }
206 
207  foreach (array_filter(array_map('intval', $operation_ids)) as $ops_id) {
208  if ($ops_id == self::RBAC_OP_COPY) {
209  $ops_id = ilRbacReview::_getCustomRBACOperationId('copy');
210  }
211 
212  $db->replace(
213  'rbac_templates',
214  [
215  'rol_id' => ['integer', $role_id],
216  'type' => ['text', $this->object_type],
217  'ops_id' => ['integer', $ops_id],
218  'parent' => ['integer', $role_folder_id]
219  ],
220  []
221  );
222  }
223 
224  if (array_key_exists('create', $definition) && is_array($definition['create'])) {
225  foreach ($definition['create'] as $container_object_type) {
226  foreach (ilRbacReview::_getCustomRBACOperationId("create_" . $this->object_type) as $ops_id) {
227  if ($ops_id == self::RBAC_OP_COPY) {
228  $ops_id = ilRbacReview::_getCustomRBACOperationId('copy');
229  }
230 
231  $db->replace(
232  'rbac_templates',
233  [
234  'rol_id' => ['integer', $role_id],
235  'type' => ['text', $container_object_type],
236  'ops_id' => ['integer', $ops_id],
237  'parent' => ['integer', $role_folder_id]
238  ],
239  []
240  );
241  }
242  }
243  }
244  }
245  }
246  }
247 
248 
249  return $environment;
250  }
251 
252  public function isApplicable(Environment $environment): bool
253  {
254  if (!ilObject::_getObjectTypeIdByTitle($this->object_type)) {
255  throw new Exception("Something went wrong, there MUST be valid id for object_type " . $this->object_type);
256  }
257 
258  if (!ilRbacReview::_getCustomRBACOperationId("create_" . $this->object_type)) {
259  throw new Exception(
260  "Something went wrong, missing CREATE operation id for object type " . $this->object_type
261  );
262  }
263 
264  return true;
265  }
266 }
$res
$res
Definition: ltiservices.php:69
ilAccessInitialPermissionGuidelineAppliedObjective\__construct
__construct(string $object_type, bool $has_learning_progress=false, bool $used_for_authoring=false)
Definition: class.ilAccessInitialPermissionGuidelineAppliedObjective.php:122
$query
$query
Definition: proxy_ylocal.php:13
ILIAS\Setup\Environment\getResource
getResource(string $id)
Consumers of this method should check if the result is what they expect, e.g.
ilRbacReview\_getCustomRBACOperationId
static _getCustomRBACOperationId(string $operation, \ilDBInterface $ilDB=null)
Definition: class.ilRbacReview.php:1395
ILIAS\Setup
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilMysqlMyIsamToInnoDbMigration.php:19
ILIAS\Setup\Environment
An environment holds resources to be used in the setup process.
Definition: Environment.php:27
ilObject\_getObjectTypeIdByTitle
static _getObjectTypeIdByTitle(string $type, \ilDBInterface $ilDB=null)
Definition: class.ilObject.php:2150