ILIAS  release_8 Revision v8.24
class.ilMyStaffAccess.php
Go to the documentation of this file.
1<?php
19namespace ILIAS\MyStaff;
20
21use ilObjectAccess;
22use ilOrgUnitOperation;
23use ilOrgUnitOperationContext;
24use ilOrgUnitOperationContextQueries;
25use ilOrgUnitOperationQueries;
26use ilOrgUnitUserAssignmentQueries;
27
32class ilMyStaffAccess extends ilObjectAccess
33{
34 public const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
35 public const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
36 public const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
37 public const TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
38 public const TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
39 public const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
40 public const ACCESS_ENROLMENTS_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
41 public const COURSE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_CRS;
42 public const EXERCISE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_EXC;
43 public const GROUP_CONTEXT = ilOrgUnitOperationContext::CONTEXT_GRP;
44 public const SURVEY_CONTEXT = ilOrgUnitOperationContext::CONTEXT_SVY;
45 public const TEST_CONTEXT = ilOrgUnitOperationContext::CONTEXT_TST;
46 public const EMPLOYEE_TALK_CONTEXT = ilOrgUnitOperationContext::CONTEXT_ETAL;
47
48 protected static ?self $instance = null;
49
50 protected array $users_for_user = [];
51
52 public static function getInstance(): self
53 {
54 global $DIC;
55
56 if (self::$instance === null) {
57 self::$instance = new self();
58
59 if (!self::isMyStaffActive()) {
60 return self::$instance;
61 }
62
63 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
64 . self::COURSE_CONTEXT);
65 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
66 . "_" . self::COURSE_CONTEXT);
67 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
68 . "_" . self::COURSE_CONTEXT);
69 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
70 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
71 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
72 . self::COURSE_CONTEXT);
73 }
74
75 return self::$instance;
76 }
77
78 public function __construct()
79 {
80 }
81
82 public static function isMyStaffActive(): bool
83 {
84 global $DIC;
85
86 return (bool) $DIC->settings()->get('enable_my_staff');
87 }
88
89 public function hasCurrentUserAccessToMyStaff(): bool
90 {
91 global $DIC;
92
93 if (!self::isMyStaffActive()) {
94 return false;
95 }
96
97 if ($this->hasCurrentUserAccessToCourseMemberships()) {
98 return true;
99 }
100
101 if ($this->hasCurrentUserAccessToCertificates()) {
102 return true;
103 }
104
105 if ($this->hasCurrentUserAccessToCompetences()) {
106 return true;
107 }
108
109 if ($this->hasCurrentUserAccessToTalks()) {
110 return true;
111 }
112
113 if ($this->hasCurrentUserAccessToUser()) {
114 return true;
115 }
116
117 return false;
118 }
119
120 public function hasCurrentUserAccessToCertificates(): bool
121 {
122 global $DIC;
123
124 if (!self::isMyStaffActive()) {
125 return false;
126 }
127
128 $cert_set = new \ilSetting("certificate");
129 if (!$cert_set->get("active")) {
130 return false;
131 }
132
133 if ($this->countOrgusOfUserWithOperationAndContext(
134 $DIC->user()->getId(),
135 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
136 self::COURSE_CONTEXT
137 )
138 > 0
139 ) {
140 return true;
141 }
142
143 if ($this->countOrgusOfUserWithOperationAndContext(
144 $DIC->user()->getId(),
145 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
146 self::EXERCISE_CONTEXT
147 )
148 > 0
149 ) {
150 return true;
151 }
152
153 if ($this->countOrgusOfUserWithOperationAndContext(
154 $DIC->user()->getId(),
155 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
156 self::TEST_CONTEXT
157 )
158 > 0
159 ) {
160 return true;
161 }
162
163 return false;
164 }
165
166 public function hasCurrentUserAccessToTalks(): bool
167 {
168 global $DIC;
169
170 if (!self::isMyStaffActive()) {
171 return false;
172 }
173
174 if ($this->countOrgusOfUserWithOperationAndContext(
175 $DIC->user()->getId(),
176 ilOrgUnitOperation::OP_CREATE_EMPLOYEE_TALK,
177 self::EMPLOYEE_TALK_CONTEXT
178 )
179 > 0
180 ) {
181 return true;
182 }
183
184 if ($this->countOrgusOfUserWithOperationAndContext(
185 $DIC->user()->getId(),
186 ilOrgUnitOperation::OP_EDIT_EMPLOYEE_TALK,
187 self::EMPLOYEE_TALK_CONTEXT
188 )
189 > 0
190 ) {
191 return true;
192 }
193
194 if ($this->countOrgusOfUserWithOperationAndContext(
195 $DIC->user()->getId(),
196 ilOrgUnitOperation::OP_READ_EMPLOYEE_TALK,
197 self::EMPLOYEE_TALK_CONTEXT
198 )
199 > 0
200 ) {
201 return true;
202 }
203
204 return false;
205 }
206
207 public function hasCurrentUserAccessToCompetences(): bool
208 {
209 global $DIC;
210
211 if (!self::isMyStaffActive()) {
212 return false;
213 }
214
215 $skmg_set = new \ilSkillManagementSettings();
216 if (!$skmg_set->isActivated()) {
217 return false;
218 }
219
220 if ($this->countOrgusOfUserWithOperationAndContext(
221 $DIC->user()->getId(),
222 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
223 self::COURSE_CONTEXT
224 )
225 > 0
226 ) {
227 return true;
228 }
229
230 if ($this->countOrgusOfUserWithOperationAndContext(
231 $DIC->user()->getId(),
232 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
233 self::GROUP_CONTEXT
234 )
235 > 0
236 ) {
237 return true;
238 }
239
240 if ($this->countOrgusOfUserWithOperationAndContext(
241 $DIC->user()->getId(),
242 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
243 self::SURVEY_CONTEXT
244 )
245 > 0
246 ) {
247 return true;
248 }
249
250 if ($this->countOrgusOfUserWithOperationAndContext(
251 $DIC->user()->getId(),
252 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
253 self::TEST_CONTEXT
254 )
255 > 0
256 ) {
257 return true;
258 }
259
260 return false;
261 }
262
263 public function hasCurrentUserAccessToCourseMemberships(): bool
264 {
265 global $DIC;
266
267 if (!self::isMyStaffActive()) {
268 return false;
269 }
270
271 if ($this->countOrgusOfUserWithOperationAndContext(
272 $DIC->user()->getId(),
273 self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION,
274 self::COURSE_CONTEXT
275 )
276 > 0
277 ) {
278 return true;
279 }
280
281 return false;
282 }
283
284 public function hasCurrentUserAccessToUser(int $usr_id = 0): bool
285 {
286 global $DIC;
287
288 if (!self::isMyStaffActive()) {
289 return false;
290 }
291
292 $arr_users = $this->getUsersForUser($DIC->user()->getId());
293 if (count($arr_users) > 0 && $usr_id === 0) {
294 return true;
295 }
296
297 if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
298 return true;
299 }
300
301 return false;
302 }
303
304 public function hasCurrentUserAccessToLearningProgressInObject(int $ref_id = 0): bool
305 {
306 global $DIC;
307
308 return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
309 }
310
311 public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser(): bool
312 {
313 global $DIC;
314
315 $arr_usr_id = $this->getUsersForUserOperationAndContext(
316 $DIC->user()->getId(),
317 ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
318 self::COURSE_CONTEXT
319 );
320 if (count($arr_usr_id) > 0) {
321 return true;
322 }
323
324 return false;
325 }
326
327 public function countOrgusOfUserWithAtLeastOneOperation(int $user_id): int
328 {
329 global $DIC;
330
331 $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
332 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
333 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
334 WHERE orgu_ua.user_id = " . $DIC->database()->quote(
335 $user_id,
336 'integer'
337 ) . " AND perm.operations is not NULL AND perm.parent_id = -1";
338
339 $set = $DIC->database()->query($q);
340 $rec = $DIC->database()->fetchAssoc($set);
341
342 return $rec['cnt'];
343 }
344
345 public function countOrgusOfUserWithOperationAndContext(
346 int $user_id,
347 string $org_unit_operation_string,
348 string $context
349 ): int {
350 global $DIC;
351
355 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
356
357 $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
358 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
359 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
360 and orgu_ua.user_id = " . $DIC->database()->quote(
361 $user_id,
362 'integer'
363 ) . " AND perm.operations REGEXP '[\\\[,]\"?"
364 . $operation->getOperationId() . "\"?[\],]'
365 WHERE perm.parent_id = -1";
366
367 $set = $DIC->database()->query($q);
368 $rec = $DIC->database()->fetchAssoc($set);
369
370 return $rec['cnt'];
371 }
372
373 public function getUsersForUserOperationAndContext(
374 int $user_id,
375 string $org_unit_operation_string,
376 string $context,
377 string $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
378 ): array {
379 global $DIC;
380
381 $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
382 $user_id,
383 $org_unit_operation_string,
384 $context,
385 $tmp_table_name_prefix
386 );
387
388 $q = 'SELECT usr_id FROM ' . $tmp_table_name;
389
390 $user_set = $DIC->database()->query($q);
391
392 $arr_users = array();
393
394 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
395 $arr_users[$rec['usr_id']] = $rec['usr_id'];
396 }
397
398 return $arr_users;
399 }
400
401 public function getUsersForUserPerPosition(int $user_id): array
402 {
403 $users = [];
404 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
405 foreach ($user_assignments as $user_assignment) {
406 $users[$user_assignment->getPositionId()] = $this->getUsersForUser(
407 $user_id,
408 $user_assignment->getPositionId()
409 );
410 }
411
412 return $users;
413 }
414
418 public function getUsersForUser(int $user_id, ?int $position_id = null): array
419 {
420 global $DIC;
421
422 if (isset($this->users_for_user[$user_id]) && $position_id === null) {
423 return $this->users_for_user[$user_id];
424 }
425
426 $tmp_orgu_members = $this->buildTempTableOrguMemberships(
427 self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
428 array()
429 );
430
431 $position_limitation = '';
432 if (!is_null($position_id)) {
433 $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
434 }
435
436 $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
437 FROM
438 " . $tmp_orgu_members . "
439 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
440 $user_id,
441 'integer'
442 ) . "
443 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
444 WHERE
445 (
446 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
447 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
448 AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
449 )
450 OR
451 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
452 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
453 OR
454 /* Kinder OrgUnit wie Current User */
455 (
456 (
457 " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
458 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
459 OR
460 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
461 )
462 AND
463 (
464 (
465 (
466 /* Gleiche Position */
467 auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
468 )
469 OR
470 (
471 /* Position Egal */
472 auth.over = -1
473 )
474 )
475 AND auth.scope = 2
476 )
477 )
478 )";
479
480 $user_set = $DIC->database()->query($q);
481
482 $arr_users = array();
483
484 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
485 $arr_users[$rec['usr_id']] = $rec['usr_id'];
486 }
487
488 if ($position_id === null) {
489 $this->users_for_user[$user_id] = $arr_users;
490 }
491
492 return $arr_users;
493 }
494
495 public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false): array
496 {
497 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
498 $ids = [];
499 foreach ($user_assignments as $user_assignment) {
500 $ref_ids = $this->getIdsForPositionAndOperation(
501 $user_assignment->getPositionId(),
502 $operation,
503 $return_ref_id
504 );
505 if (count($ref_ids) > 0) {
506 $ids = array_merge($ids, $ref_ids);
507 }
508 }
509 return $ids;
510 }
511
512 public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id): array
513 {
514 $ids = [];
515 foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
516 $ref_ids = $this->getIdsForPositionAndOperationAndContext(
517 $position_id,
518 $operation,
519 $context,
520 $return_ref_id
521 );
522 if (count($ref_ids) > 0) {
523 $ids = array_merge($ids, $ref_ids);
524 }
525 }
526
527 return $ids;
528 }
529
535 public function getIdsForPositionAndOperationAndContext(
536 int $position_id,
537 string $operation,
538 string $context,
539 bool $return_ref_id
540 ): array {
541 global $DIC;
542 $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
546 $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
547 if (is_null($operation_object)) {
548 // operation doesn't exist in this context
549 return [];
550 }
551 $operation_id = $operation_object->getOperationId();
552
553 if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
554 $query = "select " . ($return_ref_id ? "object_reference.ref_id" : "object_data.obj_id") . " from object_data " .
555 "inner join object_reference on object_reference.obj_id = object_data.obj_id " .
556 "where type = '" . $context . "' " .
557 "AND object_reference.ref_id not in " .
558 " (SELECT parent_id FROM il_orgu_permissions " .
559 " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations NOT REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1)";
560 } else {
561 $query = $return_ref_id
562 ?
563 "SELECT parent_id as ref_id FROM il_orgu_permissions "
564 :
565 "SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ";
566 $query .= " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1";
567 }
568
569 return array_map(function ($item) use ($return_ref_id) {
570 return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
571 }, $DIC->database()->fetchAll($DIC->database()->query($query)));
572 }
573
574 public function hasPositionDefaultPermissionForOperationInContext(
575 int $position_id,
576 int $operation_id,
577 int $context_id
578 ): bool {
579 global $DIC;
580 $res = $DIC->database()->query("SELECT * FROM il_orgu_permissions " .
581 " WHERE context_id = " . $context_id . " " .
582 "AND operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' " .
583 "AND position_id = " . $position_id . " " .
584 "AND parent_id = -1");
585
586 return (bool) $DIC->database()->numRows($res) > 0;
587 }
588
589 public function getIlobjectsAndUsersForUserOperationAndContext(
590 int $user_id,
591 string $org_unit_operation_string,
592 string $context
593 ): array {
594 global $DIC;
595
596
597 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
598 assert($operation instanceof ilOrgUnitOperation);
599
600 $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
601
602 $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
603 $user_id,
604 $org_unit_operation_string,
605 $context,
606 $tmp_table_name
607 );
608
609 $q = 'SELECT * FROM ' . $tmp_table_name;
610
611 $user_set = $DIC->database()->query($q);
612
613 $arr_user_obj = array();
614
615 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
616 $arr_user_obj[] = $rec;
617 }
618
619 return $arr_user_obj;
620 }
621
622 public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
623 int $user_id,
624 string $org_unit_operation_string,
625 string $context,
626 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
627 ): string {
628 global $DIC;
629
630 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
631
632 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
633 assert($operation instanceof ilOrgUnitOperation);
634
635 $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
636
637
638 $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
639 $org_unit_operation_string,
640 $context,
641 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
642 );
643
644 $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
645 $org_unit_operation_string,
646 $context,
647 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
648 );
649
650 $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
651 $org_unit_operation_string,
652 $context,
653 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
654 );
655
656 $tmp_table_course_members = $this->buildTempTableCourseMemberships(
657 self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
658 $all_users_for_user
659 );
660
661 $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(
662 self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
663 $all_users_for_user
664 );
665
666 $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships(
667 'tmp_orgu_members_path',
668 $all_users_for_user
669 );
670
671 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
672 . self::COURSE_CONTEXT
673 ) {
674 $this->dropTempTable($temporary_table_name);
675 }
676
677 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
678 SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
679 (
680 SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
681 (
682 SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
683 UNION
684 SELECT * FROM " . $tmp_table_objects_default_perimissions . "
685 ) AS crs
686 INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
687 and (
688 (
689 " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
690 )
691 or perm_orgu_scope = 2
692 )
693 UNION
694 SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
695 . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
696 INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
697 . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
698 and (
699 (
700 " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
701 . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
702 )
703 or perm_orgu_scope = 2
704 )
705
706 ) AS user_perm_matrix
707 INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
708
709 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
710 $user_id,
711 'integer'
712 ) . "
713 INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
714 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
715 and perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
716
717 AND
718 (
719 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
720 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
721 AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
722 )
723 OR
724 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
725 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
726 OR
727 /* Kinder OrgUnit wie Current User */
728 (
729 orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
730 AND
731 (
732 path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
733 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
734 OR
735 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
736 )
737 AND
738 (
739 (
740 (
741 /* Gleiche Position */
742 orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
743 )
744 OR
745 (
746 /* Position Egal */
747 user_perm_matrix.perm_over_user_with_position = -1
748 )
749 )
750 AND user_perm_matrix.perm_orgu_scope = 2
751 )
752 )
753 )
754 );";
755
756 $DIC->database()->manipulate($q);
757
758 return $temporary_table_name;
759 }
760
761 public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
762 string $org_unit_operation_string,
763 string $context,
764 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
765 ): string {
766 global $DIC;
767
768 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
769
770 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
771 assert($operation instanceof ilOrgUnitOperation);
772
773 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
774 . self::COURSE_CONTEXT
775 ) {
776 $this->dropTempTable($temporary_table_name);
777 }
778
779 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
780 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
781 AS (
782 SELECT
783 obj_ref.ref_id AS perm_for_ref_id,
784 orgu_ua.orgu_id AS perm_for_orgu_id,
785 auth.scope AS perm_orgu_scope,
786 orgu_ua.position_id AS perm_for_position_id,
787 auth.over AS perm_over_user_with_position
788 FROM
789 il_orgu_permissions AS perm
790 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
791 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
792 ->getId() . "
793 INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
794 INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
795 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
796 WHERE
797 perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
798 );";
799
800 $DIC->database()->manipulate($q);
801
802 return $temporary_table_name;
803 }
804
805 public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
806 string $org_unit_operation_string,
807 string $context,
808 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
809 ): string {
810 global $DIC;
811
812 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
813
817 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
818
819 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
820 . self::COURSE_CONTEXT
821 ) {
822 $this->dropTempTable($temporary_table_name);
823 }
824
825 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
826 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
827 AS (
828 SELECT
829 obj_ref.ref_id AS perm_for_ref_id,
830 orgu_ua.orgu_id AS perm_for_orgu_id,
831 auth.scope AS perm_orgu_scope,
832 orgu_ua.position_id AS perm_for_position_id,
833 auth.over AS perm_over_user_with_position
834 FROM
835 object_data AS obj
836 INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
837 INNER JOIN il_orgu_permissions AS perm ON perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]' AND perm.parent_id = -1
838 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
839 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
840 ->getId() . "
841 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
842
843 WHERE
844 obj.type = '" . $context . "'
845 AND (obj_ref.ref_id , orgu_ua.position_id)
846
847 NOT IN (SELECT
848 perm.parent_id, orgu_ua.position_id
849 FROM
850 il_orgu_permissions AS perm
851 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
852 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
853 WHERE perm.parent_id <> -1)
854 );";
855
856 $DIC->database()->manipulate($q);
857
858 return $temporary_table_name;
859 }
860
867 public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
868 string $org_unit_operation_string,
869 string $context,
870 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
871 ): string {
872 global $DIC;
873
874 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
878 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
879
880 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
881 . self::COURSE_CONTEXT
882 ) {
883 $this->dropTempTable($temporary_table_name);
884 }
885
886 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
887 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
888 AS (
889 SELECT
890 orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
891 orgu_ua.orgu_id AS perm_for_orgu_id,
892 auth.scope AS perm_orgu_scope,
893 orgu_ua.position_id AS perm_for_position_id,
894 auth.over AS perm_over_user_with_position
895 FROM
896 il_orgu_permissions AS perm
897 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
898 . $GLOBALS['DIC']->user()->getId() . "
899 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
900 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
901 WHERE
902 perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
903 );";
904
905 $DIC->database()->manipulate($q);
906
907 return $temporary_table_name;
908 }
909
910 public function buildTempTableCourseMemberships(
911 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
912 array $only_courses_of_user_ids = array()
913 ): string {
914 global $DIC;
915
916 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
917
918 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
919 || count($only_courses_of_user_ids) > 0
920 ) {
921 $this->dropTempTable($temporary_table_name);
922 }
923
924 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
925 (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
926 AS (
927 SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
928 FROM (
929 SELECT obj_id, usr_id FROM obj_members WHERE admin > 0 OR tutor > 0 OR member > 0
930 AND " . $DIC->database()->in(
931 'obj_members.usr_id',
932 $only_courses_of_user_ids,
933 false,
934 'integer'
935 ) . "
936 UNION
937 SELECT obj_id, usr_id FROM crs_waiting_list
938 WHERE " . $DIC->database()->in(
939 'crs_waiting_list.usr_id',
940 $only_courses_of_user_ids,
941 false,
942 'integer'
943 ) . "
944 UNION
945 SELECT obj_id, usr_id FROM il_subscribers
946 WHERE " . $DIC->database()->in(
947 'il_subscribers.usr_id',
948 $only_courses_of_user_ids,
949 false,
950 'integer'
951 ) . "
952 ) AS crs_members
953 INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
954 INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
955 );";
956
957 $DIC->database()->manipulate($q);
958
959 return $temporary_table_name;
960 }
961
962 public function buildTempTableOrguMemberships(
963 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
964 array $only_orgus_of_user_ids = array()
965 ): string {
966 global $DIC;
967
968 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
969
970 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
971 || count($only_orgus_of_user_ids) > 0
972 ) {
973 $this->dropTempTable($temporary_table_name);
974 }
975
976 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
977 (INDEX i1(orgu_id), INDEX i2 (tree_path(255)), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
978 AS (
979 SELECT orgu_ua.orgu_id AS orgu_id,
980 tree_orgu.path AS tree_path,
981 tree_orgu.child AS tree_child,
982 tree_orgu.parent AS tree_parent,
983 tree_orgu.lft AS tree_lft,
984 tree_orgu.rgt AS tree_rgt,
985 orgu_ua.position_id AS user_position_id,
986 orgu_ua.user_id AS user_id
987 FROM
988 il_orgu_ua AS orgu_ua
989 INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
990 LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
991
992 if (count($only_orgus_of_user_ids) > 0) {
993 $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
994 }
995
996 $q .= ");";
997
998 $DIC->database()->manipulate($q);
999
1000 return $temporary_table_name;
1001 }
1002
1003 public function dropTempTable(string $temporary_table_name): void
1004 {
1005 global $DIC;
1006
1007 $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
1008 $DIC->database()->manipulate($q);
1009 }
1010}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ILIAS\MyStaff\ilMyStaffAccess\getIlobjectsAndUsersForUserOperationAndContext
getIlobjectsAndUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context)
Definition: class.ilMyStaffAccess.php:589
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:373
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:962
ILIAS\MyStaff\ilMyStaffAccess\hasCurrentUserAccessToLearningProgressInObject
hasCurrentUserAccessToLearningProgressInObject(int $ref_id=0)
Definition: class.ilMyStaffAccess.php:304
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:910
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:574
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:512
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser(int $user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:418
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable(string $temporary_table_name)
Definition: class.ilMyStaffAccess.php:1003
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:495
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsUserMatrixForUserOperationAndContext
buildTempTableIlobjectsUserMatrixForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:622
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext
buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS)
Definition: class.ilMyStaffAccess.php:761
ilObjectAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectAccess.php:32
ilOrgUnitOperationContextQueries
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationContextQueries.php:24
ilOrgUnitOperationContext
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationContext.php:24
ilOrgUnitOperationQueries
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationQueries.php:24
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString(string $operation_string, string $context_name)
Definition: class.ilOrgUnitOperationQueries.php:106
ilOrgUnitOperation
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperation.php:24
ilOrgUnitUserAssignmentQueries
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitUserAssignmentQueries.php:24
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
$res
$res
Definition: ltiservices.php:69
ILIAS\MyStaff
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilMyStaffAccess.php:19
$query
$query
Definition: proxy_ylocal.php:13
$context
$context
Definition: webdav.php:29