ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilIndividualAssessmentAccessHandler.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
24 class ilIndividualAssessmentAccessHandler implements IndividualAssessmentAccessHandler
25 {
26  public const DEFAULT_ROLE = 'il_iass_member';
27 
28  protected ilObjIndividualAssessment $iass;
29  protected ilAccessHandler $handler;
30  protected ilRbacAdmin $admin;
31  protected ilRbacReview $review;
32  protected ilObjUser $usr;
33 
34  public function __construct(
35  ilObjIndividualAssessment $iass,
36  ilAccessHandler $handler,
37  ilRbacAdmin $admin,
38  ilRbacReview $review,
39  ilObjUser $usr
40  ) {
41  $this->iass = $iass;
42  $this->handler = $handler;
43  $this->admin = $admin;
44  $this->review = $review;
45  $this->usr = $usr;
46  }
47 
51  public function checkRBACAccessToObj(string $operation): bool
52  {
53  return $this->isSystemAdmin() || $this->handler->checkAccessOfUser($this->usr->getId(), $operation, '', $this->iass->getRefId(), 'iass');
54  }
55 
56  public function checkRBACOrPositionAccessToObj(string $operation)
57  {
58  if ($this->isSystemAdmin()) {
59  return true;
60  }
61 
62  if ($operation == "read_learning_progress") {
63  return $this->handler->checkRbacOrPositionPermissionAccess(
64  "read_learning_progress",
65  "read_learning_progress",
66  $this->iass->getRefId()
67  );
68  }
69 
70  if ($operation == "edit_learning_progress") {
71  return $this->handler->checkRbacOrPositionPermissionAccess(
72  "edit_learning_progress",
73  "write_learning_progress",
74  $this->iass->getRefId()
75  );
76  }
77 
78  throw new \LogicException("Unknown rbac/position-operation: $operation");
79  }
80 
84  public function initDefaultRolesForObject(ilObjIndividualAssessment $iass): void
85  {
86  ilObjRole::createDefaultRole(
87  $this->getRoleTitleByObj($iass),
88  "Admin of iass obj_no." . $iass->getId(),
89  self::DEFAULT_ROLE,
90  $iass->getRefId()
91  );
92  }
93 
97  public function assignUserToMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass): bool
98  {
99  $this->admin->assignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
100  return true;
101  }
102 
106  public function deassignUserFromMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass): bool
107  {
108  $this->admin->deassignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
109  return true;
110  }
111 
112  protected function getRoleTitleByObj(ilObjIndividualAssessment $iass): string
113  {
114  return self::DEFAULT_ROLE . '_' . $iass->getRefId();
115  }
116 
120  protected function getMemberRoleIdForObj(ilObjIndividualAssessment $iass)
121  {
122  return current($this->review->getLocalRoles($iass->getRefId()));
123  }
124 
125  public function mayReadObject(): bool
126  {
127  return $this->checkRBACAccessToObj('read');
128  }
129 
130  public function mayEditObject(): bool
131  {
132  return $this->checkRBACAccessToObj('write');
133  }
134 
135  public function mayEditPermissions(): bool
136  {
137  return $this->checkRBACAccessToObj('edit_permission');
138  }
139 
140  public function mayEditMembers(): bool
141  {
142  return $this->checkRBACAccessToObj('edit_members');
143  }
144 
145  public function mayViewAnyUser(): bool
146  {
147  return $this->mayViewAllUsers()
148  || $this->checkRBACOrPositionAccessToObj('read_learning_progress')
149  || $this->checkRBACOrPositionAccessToObj('edit_learning_progress');
150  }
151 
152  public function mayViewAllUsers(): bool
153  {
154  return $this->checkRBACAccessToObj('read_learning_progress');
155  }
156 
157  public function mayGradeAnyUser(): bool
158  {
159  return $this->mayGradeAllUsers() || $this->checkRBACOrPositionAccessToObj('edit_learning_progress');
160  }
161 
162  public function mayGradeAllUsers(): bool
163  {
164  return $this->checkRBACAccessToObj('edit_learning_progress');
165  }
166 
167  public function mayGradeUser(int $user_id): bool
168  {
169  return
170  $this->mayGradeAllUsers() ||
171  (count(
172  $this->handler->filterUserIdsByRbacOrPositionOfCurrentUser(
173  "edit_learning_progress",
174  "write_learning_progress",
175  $this->iass->getRefId(),
176  [$user_id]
177  )
178  ) > 0);
179  }
180 
181  public function mayViewUser(int $user_id): bool
182  {
183  return
184  $this->mayViewAllUsers() ||
185  (count(
186  $this->handler->filterUserIdsByRbacOrPositionOfCurrentUser(
187  "read_learning_progress",
188  "read_learning_progress",
189  $this->iass->getRefId(),
190  [$user_id]
191  )
192  ) > 0);
193  }
194 
195  public function mayAmendAllUsers(): bool
196  {
197  return $this->checkRBACAccessToObj('amend_grading');
198  }
199 
200  public function isSystemAdmin(): bool
201  {
202  return $this->review->isAssigned($this->usr->getId(), SYSTEM_ROLE_ID);
203  }
204 }
ilIndividualAssessmentAccessHandler
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilIndividualAssessmentAccessHandler.php:24
ilIndividualAssessmentAccessHandler\assignUserToMemberRole
assignUserToMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
Assign a user to the member role at an Individual assessment.
Definition: class.ilIndividualAssessmentAccessHandler.php:97
ilObjIndividualAssessment
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjIndividualAssessment.php:26
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilObjRole\createDefaultRole
static createDefaultRole(string $a_title, string $a_description, string $a_tpl_name, int $a_ref_id)
Definition: class.ilObjRole.php:59
IndividualAssessmentAccessHandler
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.IndividualAssessmentAccessHandler.php:24
ilIndividualAssessmentAccessHandler\__construct
__construct(ilObjIndividualAssessment $iass, ilAccessHandler $handler, ilRbacAdmin $admin, ilRbacReview $review, ilObjUser $usr)
Definition: class.ilIndividualAssessmentAccessHandler.php:34
ilIndividualAssessmentAccessHandler\initDefaultRolesForObject
initDefaultRolesForObject(ilObjIndividualAssessment $iass)
Create default roles at an object.
Definition: class.ilIndividualAssessmentAccessHandler.php:84
ilIndividualAssessmentAccessHandler\deassignUserFromMemberRole
deassignUserFromMemberRole(ilObjUser $usr, ilObjIndividualAssessment $iass)
Deasign a user from the member role at an Individual assessment.
Definition: class.ilIndividualAssessmentAccessHandler.php:106
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:30