ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilMyStaffAccess.php
Go to the documentation of this file.
1 <?php
19 namespace ILIAS\MyStaff;
20 
21 use ilObjectAccess;
22 use ilOrgUnitOperation;
23 use ilOrgUnitOperationContext;
24 use ilOrgUnitOperationContextQueries;
25 use ilOrgUnitOperationQueries;
26 use ilOrgUnitUserAssignmentQueries;
27 
32 class ilMyStaffAccess extends ilObjectAccess
33 {
34  public const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
35  public const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
36  public const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
37  public const TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
38  public const TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
39  public const TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
40  public const ACCESS_ENROLMENTS_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
41  public const COURSE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_CRS;
42  public const EXERCISE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_EXC;
43  public const GROUP_CONTEXT = ilOrgUnitOperationContext::CONTEXT_GRP;
44  public const SURVEY_CONTEXT = ilOrgUnitOperationContext::CONTEXT_SVY;
45  public const TEST_CONTEXT = ilOrgUnitOperationContext::CONTEXT_TST;
46  public const EMPLOYEE_TALK_CONTEXT = ilOrgUnitOperationContext::CONTEXT_ETAL;
47 
48  protected static ?self $instance = null;
49 
50  protected array $users_for_user = [];
51 
52  public static function getInstance(): self
53  {
54  global $DIC;
55 
56  if (self::$instance === null) {
57  self::$instance = new self();
58 
59  if (!self::isMyStaffActive()) {
60  return self::$instance;
61  }
62 
63  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
64  . self::COURSE_CONTEXT);
65  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
66  . "_" . self::COURSE_CONTEXT);
67  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
68  . "_" . self::COURSE_CONTEXT);
69  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
70  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
71  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
72  . self::COURSE_CONTEXT);
73  }
74 
75  return self::$instance;
76  }
77 
78  public function __construct()
79  {
80  }
81 
82  public static function isMyStaffActive(): bool
83  {
84  global $DIC;
85 
86  return (bool) $DIC->settings()->get('enable_my_staff');
87  }
88 
89  public function hasCurrentUserAccessToMyStaff(): bool
90  {
91  global $DIC;
92 
93  if (!self::isMyStaffActive()) {
94  return false;
95  }
96 
97  if ($this->hasCurrentUserAccessToCourseMemberships()) {
98  return true;
99  }
100 
101  if ($this->hasCurrentUserAccessToCertificates()) {
102  return true;
103  }
104 
105  if ($this->hasCurrentUserAccessToCompetences()) {
106  return true;
107  }
108 
109  if ($this->hasCurrentUserAccessToTalks()) {
110  return true;
111  }
112 
113  if ($this->hasCurrentUserAccessToUser()) {
114  return true;
115  }
116 
117  return false;
118  }
119 
120  public function hasCurrentUserAccessToCertificates(): bool
121  {
122  global $DIC;
123 
124  if (!self::isMyStaffActive()) {
125  return false;
126  }
127 
128  $cert_set = new \ilSetting("certificate");
129  if (!$cert_set->get("active")) {
130  return false;
131  }
132 
133  if ($this->countOrgusOfUserWithOperationAndContext(
134  $DIC->user()->getId(),
135  ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
136  self::COURSE_CONTEXT
137  )
138  > 0
139  ) {
140  return true;
141  }
142 
143  if ($this->countOrgusOfUserWithOperationAndContext(
144  $DIC->user()->getId(),
145  ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
146  self::EXERCISE_CONTEXT
147  )
148  > 0
149  ) {
150  return true;
151  }
152 
153  if ($this->countOrgusOfUserWithOperationAndContext(
154  $DIC->user()->getId(),
155  ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
156  self::TEST_CONTEXT
157  )
158  > 0
159  ) {
160  return true;
161  }
162 
163  return false;
164  }
165 
166  public function hasCurrentUserAccessToTalks(): bool
167  {
168  global $DIC;
169 
170  if (!self::isMyStaffActive()) {
171  return false;
172  }
173 
174  if ($this->countOrgusOfUserWithOperationAndContext(
175  $DIC->user()->getId(),
176  ilOrgUnitOperation::OP_CREATE_EMPLOYEE_TALK,
177  self::EMPLOYEE_TALK_CONTEXT
178  )
179  > 0
180  ) {
181  return true;
182  }
183 
184  if ($this->countOrgusOfUserWithOperationAndContext(
185  $DIC->user()->getId(),
186  ilOrgUnitOperation::OP_EDIT_EMPLOYEE_TALK,
187  self::EMPLOYEE_TALK_CONTEXT
188  )
189  > 0
190  ) {
191  return true;
192  }
193 
194  if ($this->countOrgusOfUserWithOperationAndContext(
195  $DIC->user()->getId(),
196  ilOrgUnitOperation::OP_READ_EMPLOYEE_TALK,
197  self::EMPLOYEE_TALK_CONTEXT
198  )
199  > 0
200  ) {
201  return true;
202  }
203 
204  return false;
205  }
206 
207  public function hasCurrentUserAccessToCompetences(): bool
208  {
209  global $DIC;
210 
211  if (!self::isMyStaffActive()) {
212  return false;
213  }
214 
215  $skmg_set = new \ilSkillManagementSettings();
216  if (!$skmg_set->isActivated()) {
217  return false;
218  }
219 
220  if ($this->countOrgusOfUserWithOperationAndContext(
221  $DIC->user()->getId(),
222  ilOrgUnitOperation::OP_VIEW_COMPETENCES,
223  self::COURSE_CONTEXT
224  )
225  > 0
226  ) {
227  return true;
228  }
229 
230  if ($this->countOrgusOfUserWithOperationAndContext(
231  $DIC->user()->getId(),
232  ilOrgUnitOperation::OP_VIEW_COMPETENCES,
233  self::GROUP_CONTEXT
234  )
235  > 0
236  ) {
237  return true;
238  }
239 
240  if ($this->countOrgusOfUserWithOperationAndContext(
241  $DIC->user()->getId(),
242  ilOrgUnitOperation::OP_VIEW_COMPETENCES,
243  self::SURVEY_CONTEXT
244  )
245  > 0
246  ) {
247  return true;
248  }
249 
250  if ($this->countOrgusOfUserWithOperationAndContext(
251  $DIC->user()->getId(),
252  ilOrgUnitOperation::OP_VIEW_COMPETENCES,
253  self::TEST_CONTEXT
254  )
255  > 0
256  ) {
257  return true;
258  }
259 
260  return false;
261  }
262 
263  public function hasCurrentUserAccessToCourseMemberships(): bool
264  {
265  global $DIC;
266 
267  if (!self::isMyStaffActive()) {
268  return false;
269  }
270 
271  if ($this->countOrgusOfUserWithOperationAndContext(
272  $DIC->user()->getId(),
273  self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION,
274  self::COURSE_CONTEXT
275  )
276  > 0
277  ) {
278  return true;
279  }
280 
281  return false;
282  }
283 
284  public function hasCurrentUserAccessToUser(int $usr_id = 0): bool
285  {
286  global $DIC;
287 
288  if (!self::isMyStaffActive()) {
289  return false;
290  }
291 
292  $arr_users = $this->getUsersForUser($DIC->user()->getId());
293  if (count($arr_users) > 0 && $usr_id === 0) {
294  return true;
295  }
296 
297  if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
298  return true;
299  }
300 
301  return false;
302  }
303 
304  public function hasCurrentUserAccessToLearningProgressInObject(int $ref_id = 0): bool
305  {
306  global $DIC;
307 
308  return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
309  }
310 
311  public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser(): bool
312  {
313  global $DIC;
314 
315  $arr_usr_id = $this->getUsersForUserOperationAndContext(
316  $DIC->user()->getId(),
317  ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
318  self::COURSE_CONTEXT
319  );
320  if (count($arr_usr_id) > 0) {
321  return true;
322  }
323 
324  return false;
325  }
326 
327  public function countOrgusOfUserWithAtLeastOneOperation(int $user_id): int
328  {
329  global $DIC;
330 
331  $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
332  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
333  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
334  WHERE orgu_ua.user_id = " . $DIC->database()->quote(
335  $user_id,
336  'integer'
337  ) . " AND perm.operations is not NULL AND perm.parent_id = -1";
338 
339  $set = $DIC->database()->query($q);
340  $rec = $DIC->database()->fetchAssoc($set);
341 
342  return $rec['cnt'];
343  }
344 
345  public function countOrgusOfUserWithOperationAndContext(
346  int $user_id,
347  string $org_unit_operation_string,
348  string $context
349  ): int {
350  global $DIC;
351 
355  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
356 
357  $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
358  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
359  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
360  and orgu_ua.user_id = " . $DIC->database()->quote(
361  $user_id,
362  'integer'
363  ) . " AND perm.operations REGEXP '[\\\[,]\"?"
364  . $operation->getOperationId() . "\"?[\],]'
365  WHERE perm.parent_id = -1";
366 
367  $set = $DIC->database()->query($q);
368  $rec = $DIC->database()->fetchAssoc($set);
369 
370  return $rec['cnt'];
371  }
372 
373  public function getUsersForUserOperationAndContext(
374  int $user_id,
375  string $org_unit_operation_string,
376  string $context,
377  string $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
378  ): array {
379  global $DIC;
380 
381  $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
382  $user_id,
383  $org_unit_operation_string,
384  $context,
385  $tmp_table_name_prefix
386  );
387 
388  $q = 'SELECT usr_id FROM ' . $tmp_table_name;
389 
390  $user_set = $DIC->database()->query($q);
391 
392  $arr_users = array();
393 
394  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
395  $arr_users[$rec['usr_id']] = $rec['usr_id'];
396  }
397 
398  return $arr_users;
399  }
400 
401  public function getUsersForUserPerPosition(int $user_id): array
402  {
403  $users = [];
404  $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
405  foreach ($user_assignments as $user_assignment) {
406  $users[$user_assignment->getPositionId()] = $this->getUsersForUser(
407  $user_id,
408  $user_assignment->getPositionId()
409  );
410  }
411 
412  return $users;
413  }
414 
418  public function getUsersForUser(int $user_id, ?int $position_id = null): array
419  {
420  global $DIC;
421 
422  if (isset($this->users_for_user[$user_id]) && $position_id === null) {
423  return $this->users_for_user[$user_id];
424  }
425 
426  $tmp_orgu_members = $this->buildTempTableOrguMemberships(
427  self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
428  array()
429  );
430 
431  $position_limitation = '';
432  if (!is_null($position_id)) {
433  $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
434  }
435 
436  $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
437  FROM
438  " . $tmp_orgu_members . "
439  INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
440  $user_id,
441  'integer'
442  ) . "
443  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
444  WHERE
445  (
446  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
447  (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
448  AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
449  )
450  OR
451  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
452  (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
453  OR
454  /* Kinder OrgUnit wie Current User */
455  (
456  (
457  " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
458  " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
459  OR
460  " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
461  )
462  AND
463  (
464  (
465  (
466  /* Gleiche Position */
467  auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
468  )
469  OR
470  (
471  /* Position Egal */
472  auth.over = -1
473  )
474  )
475  AND auth.scope = 2
476  )
477  )
478  )";
479 
480  $user_set = $DIC->database()->query($q);
481 
482  $arr_users = array();
483 
484  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
485  $arr_users[$rec['usr_id']] = $rec['usr_id'];
486  }
487 
488  if ($position_id === null) {
489  $this->users_for_user[$user_id] = $arr_users;
490  }
491 
492  return $arr_users;
493  }
494 
495  public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false): array
496  {
497  $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
498  $ids = [];
499  foreach ($user_assignments as $user_assignment) {
500  $ref_ids = $this->getIdsForPositionAndOperation(
501  $user_assignment->getPositionId(),
502  $operation,
503  $return_ref_id
504  );
505  if (count($ref_ids) > 0) {
506  $ids = array_merge($ids, $ref_ids);
507  }
508  }
509  return $ids;
510  }
511 
512  public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id): array
513  {
514  $ids = [];
515  foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
516  $ref_ids = $this->getIdsForPositionAndOperationAndContext(
517  $position_id,
518  $operation,
519  $context,
520  $return_ref_id
521  );
522  if (count($ref_ids) > 0) {
523  $ids = array_merge($ids, $ref_ids);
524  }
525  }
526 
527  return $ids;
528  }
529 
535  public function getIdsForPositionAndOperationAndContext(
536  int $position_id,
537  string $operation,
538  string $context,
539  bool $return_ref_id
540  ): array {
541  global $DIC;
542  $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
546  $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
547  if (is_null($operation_object)) {
548  // operation doesn't exist in this context
549  return [];
550  }
551  $operation_id = $operation_object->getOperationId();
552 
553  if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
554  $query = "select " . ($return_ref_id ? "object_reference.ref_id" : "object_data.obj_id") . " from object_data " .
555  "inner join object_reference on object_reference.obj_id = object_data.obj_id " .
556  "where type = '" . $context . "' " .
557  "AND object_reference.ref_id not in " .
558  " (SELECT parent_id FROM il_orgu_permissions " .
559  " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations NOT REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1)";
560  } else {
561  $query = $return_ref_id
562  ?
563  "SELECT parent_id as ref_id FROM il_orgu_permissions "
564  :
565  "SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ";
566  $query .= " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1";
567  }
568 
569  return array_map(function ($item) use ($return_ref_id) {
570  return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
571  }, $DIC->database()->fetchAll($DIC->database()->query($query)));
572  }
573 
574  public function hasPositionDefaultPermissionForOperationInContext(
575  int $position_id,
576  int $operation_id,
577  int $context_id
578  ): bool {
579  global $DIC;
580  $res = $DIC->database()->query("SELECT * FROM il_orgu_permissions " .
581  " WHERE context_id = " . $context_id . " " .
582  "AND operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' " .
583  "AND position_id = " . $position_id . " " .
584  "AND parent_id = -1");
585 
586  return (bool) $DIC->database()->numRows($res) > 0;
587  }
588 
589  public function getIlobjectsAndUsersForUserOperationAndContext(
590  int $user_id,
591  string $org_unit_operation_string,
592  string $context
593  ): array {
594  global $DIC;
595 
596 
597  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
598  assert($operation instanceof ilOrgUnitOperation);
599 
600  $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
601 
602  $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
603  $user_id,
604  $org_unit_operation_string,
605  $context,
606  $tmp_table_name
607  );
608 
609  $q = 'SELECT * FROM ' . $tmp_table_name;
610 
611  $user_set = $DIC->database()->query($q);
612 
613  $arr_user_obj = array();
614 
615  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
616  $arr_user_obj[] = $rec;
617  }
618 
619  return $arr_user_obj;
620  }
621 
622  public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
623  int $user_id,
624  string $org_unit_operation_string,
625  string $context,
626  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
627  ): string {
628  global $DIC;
629 
630  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
631 
632  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
633  assert($operation instanceof ilOrgUnitOperation);
634 
635  $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
636 
637 
638  $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
639  $org_unit_operation_string,
640  $context,
641  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
642  );
643 
644  $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
645  $org_unit_operation_string,
646  $context,
647  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
648  );
649 
650  $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
651  $org_unit_operation_string,
652  $context,
653  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
654  );
655 
656  $tmp_table_course_members = $this->buildTempTableCourseMemberships(
657  self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
658  $all_users_for_user
659  );
660 
661  $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(
662  self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
663  $all_users_for_user
664  );
665 
666  $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships(
667  'tmp_orgu_members_path',
668  $all_users_for_user
669  );
670 
671  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
672  . self::COURSE_CONTEXT
673  ) {
674  $this->dropTempTable($temporary_table_name);
675  }
676 
677  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
678  SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
679  (
680  SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
681  (
682  SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
683  UNION
684  SELECT * FROM " . $tmp_table_objects_default_perimissions . "
685  ) AS crs
686  INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
687  and (
688  (
689  " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
690  )
691  or perm_orgu_scope = 2
692  )
693  UNION
694  SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
695  . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
696  INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
697  . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
698  and (
699  (
700  " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
701  . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
702  )
703  or perm_orgu_scope = 2
704  )
705 
706  ) AS user_perm_matrix
707  INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
708 
709  INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
710  $user_id,
711  'integer'
712  ) . "
713  INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
714  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
715  and perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
716 
717  AND
718  (
719  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
720  (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
721  AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
722  )
723  OR
724  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
725  (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
726  OR
727  /* Kinder OrgUnit wie Current User */
728  (
729  orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
730  AND
731  (
732  path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
733  path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
734  OR
735  path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
736  )
737  AND
738  (
739  (
740  (
741  /* Gleiche Position */
742  orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
743  )
744  OR
745  (
746  /* Position Egal */
747  user_perm_matrix.perm_over_user_with_position = -1
748  )
749  )
750  AND user_perm_matrix.perm_orgu_scope = 2
751  )
752  )
753  )
754  );";
755 
756  $DIC->database()->manipulate($q);
757 
758  return $temporary_table_name;
759  }
760 
761  public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
762  string $org_unit_operation_string,
763  string $context,
764  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
765  ): string {
766  global $DIC;
767 
768  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
769 
770  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
771  assert($operation instanceof ilOrgUnitOperation);
772 
773  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
774  . self::COURSE_CONTEXT
775  ) {
776  $this->dropTempTable($temporary_table_name);
777  }
778 
779  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
780  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
781  AS (
782  SELECT
783  obj_ref.ref_id AS perm_for_ref_id,
784  orgu_ua.orgu_id AS perm_for_orgu_id,
785  auth.scope AS perm_orgu_scope,
786  orgu_ua.position_id AS perm_for_position_id,
787  auth.over AS perm_over_user_with_position
788  FROM
789  il_orgu_permissions AS perm
790  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
791  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
792  ->getId() . "
793  INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
794  INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
795  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
796  WHERE
797  perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
798  );";
799 
800  $DIC->database()->manipulate($q);
801 
802  return $temporary_table_name;
803  }
804 
805  public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
806  string $org_unit_operation_string,
807  string $context,
808  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
809  ): string {
810  global $DIC;
811 
812  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
813 
817  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
818 
819  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
820  . self::COURSE_CONTEXT
821  ) {
822  $this->dropTempTable($temporary_table_name);
823  }
824 
825  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
826  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
827  AS (
828  SELECT
829  obj_ref.ref_id AS perm_for_ref_id,
830  orgu_ua.orgu_id AS perm_for_orgu_id,
831  auth.scope AS perm_orgu_scope,
832  orgu_ua.position_id AS perm_for_position_id,
833  auth.over AS perm_over_user_with_position
834  FROM
835  object_data AS obj
836  INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
837  INNER JOIN il_orgu_permissions AS perm ON perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]' AND perm.parent_id = -1
838  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
839  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
840  ->getId() . "
841  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
842 
843  WHERE
844  obj.type = '" . $context . "'
845  AND (obj_ref.ref_id , orgu_ua.position_id)
846 
847  NOT IN (SELECT
848  perm.parent_id, orgu_ua.position_id
849  FROM
850  il_orgu_permissions AS perm
851  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
852  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
853  WHERE perm.parent_id <> -1)
854  );";
855 
856  $DIC->database()->manipulate($q);
857 
858  return $temporary_table_name;
859  }
860 
867  public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
868  string $org_unit_operation_string,
869  string $context,
870  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
871  ): string {
872  global $DIC;
873 
874  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
878  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
879 
880  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
881  . self::COURSE_CONTEXT
882  ) {
883  $this->dropTempTable($temporary_table_name);
884  }
885 
886  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
887  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
888  AS (
889  SELECT
890  orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
891  orgu_ua.orgu_id AS perm_for_orgu_id,
892  auth.scope AS perm_orgu_scope,
893  orgu_ua.position_id AS perm_for_position_id,
894  auth.over AS perm_over_user_with_position
895  FROM
896  il_orgu_permissions AS perm
897  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
898  . $GLOBALS['DIC']->user()->getId() . "
899  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
900  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
901  WHERE
902  perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
903  );";
904 
905  $DIC->database()->manipulate($q);
906 
907  return $temporary_table_name;
908  }
909 
910  public function buildTempTableCourseMemberships(
911  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
912  array $only_courses_of_user_ids = array()
913  ): string {
914  global $DIC;
915 
916  $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
917 
918  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
919  || count($only_courses_of_user_ids) > 0
920  ) {
921  $this->dropTempTable($temporary_table_name);
922  }
923 
924  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
925  (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
926  AS (
927  SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
928  FROM (
929  SELECT obj_id, usr_id FROM obj_members WHERE admin > 0 OR tutor > 0 OR member > 0
930  AND " . $DIC->database()->in(
931  'obj_members.usr_id',
932  $only_courses_of_user_ids,
933  false,
934  'integer'
935  ) . "
936  UNION
937  SELECT obj_id, usr_id FROM crs_waiting_list
938  WHERE " . $DIC->database()->in(
939  'crs_waiting_list.usr_id',
940  $only_courses_of_user_ids,
941  false,
942  'integer'
943  ) . "
944  UNION
945  SELECT obj_id, usr_id FROM il_subscribers
946  WHERE " . $DIC->database()->in(
947  'il_subscribers.usr_id',
948  $only_courses_of_user_ids,
949  false,
950  'integer'
951  ) . "
952  ) AS crs_members
953  INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
954  INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
955  );";
956 
957  $DIC->database()->manipulate($q);
958 
959  return $temporary_table_name;
960  }
961 
962  public function buildTempTableOrguMemberships(
963  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
964  array $only_orgus_of_user_ids = array()
965  ): string {
966  global $DIC;
967 
968  $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
969 
970  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
971  || count($only_orgus_of_user_ids) > 0
972  ) {
973  $this->dropTempTable($temporary_table_name);
974  }
975 
976  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
977  (INDEX i1(orgu_id), INDEX i2 (tree_path(255)), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
978  AS (
979  SELECT orgu_ua.orgu_id AS orgu_id,
980  tree_orgu.path AS tree_path,
981  tree_orgu.child AS tree_child,
982  tree_orgu.parent AS tree_parent,
983  tree_orgu.lft AS tree_lft,
984  tree_orgu.rgt AS tree_rgt,
985  orgu_ua.position_id AS user_position_id,
986  orgu_ua.user_id AS user_id
987  FROM
988  il_orgu_ua AS orgu_ua
989  INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
990  LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
991 
992  if (count($only_orgus_of_user_ids) > 0) {
993  $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
994  }
995 
996  $q .= ");";
997 
998  $DIC->database()->manipulate($q);
999 
1000  return $temporary_table_name;
1001  }
1002 
1003  public function dropTempTable(string $temporary_table_name): void
1004  {
1005  global $DIC;
1006 
1007  $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
1008  $DIC->database()->manipulate($q);
1009  }
1010 }
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString(string $operation_string, string $context_name)
Definition: class.ilOrgUnitOperationQueries.php:106
$res
$res
Definition: ltiservices.php:69
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:512
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser(int $user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:418
$context
$context
Definition: webdav.php:29
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsUserMatrixForUserOperationAndContext
buildTempTableIlobjectsUserMatrixForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:622
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:574
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:495
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:373
ILIAS\MyStaff\ilMyStaffAccess\hasCurrentUserAccessToLearningProgressInObject
hasCurrentUserAccessToLearningProgressInObject(int $ref_id=0)
Definition: class.ilMyStaffAccess.php:304
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:962
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ILIAS\MyStaff\ilMyStaffAccess\getIlobjectsAndUsersForUserOperationAndContext
getIlobjectsAndUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context)
Definition: class.ilMyStaffAccess.php:589
$query
$query
Definition: proxy_ylocal.php:13
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext
buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS)
Definition: class.ilMyStaffAccess.php:761
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:910
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable(string $temporary_table_name)
Definition: class.ilMyStaffAccess.php:1003
ILIAS\MyStaff
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilMyStaffAccess.php:19