ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilOrgUnitPositionAccess.php
Go to the documentation of this file.
1 <?php
23 class ilOrgUnitPositionAccess implements ilOrgUnitPositionAccessHandler, ilOrgUnitPositionAndRBACAccessHandler
24 {
25  protected static array $ref_id_obj_type_map = array();
26  private \ilOrgUnitUserAssignmentQueries $ua;
27  private \ilOrgUnitGlobalSettings $set;
28  private ilAccess $access;
29  private ilObjUser $user;
30 
31  public function __construct(ilAccess $access)
32  {
33  global $DIC;
34  $this->set = ilOrgUnitGlobalSettings::getInstance();
35  $this->ua = ilOrgUnitUserAssignmentQueries::getInstance();
36  $this->access = $access;
37  $this->user = $DIC->user();
38  }
39 
40 
42  public function filterUserIdsForCurrentUsersPositionsAndPermission(
43  array $user_ids,
44  string $permission
45  ): array {
46  $current_user_id = $this->getCurrentUsersId();
47  return $this->filterUserIdsForUsersPositionsAndPermission($user_ids, $current_user_id, $permission);
48  }
49 
50 
51 
53  public function filterUserIdsForUsersPositionsAndPermission(
54  array $user_ids,
55  int $for_user_id,
56  string $permission
57  ): array {
58  $assignment_of_user = $this->ua->getAssignmentsOfUserId($for_user_id);
59  $other_users_in_same_org_units = [];
60  foreach ($assignment_of_user as $assignment) {
61  $other_users_in_same_org_units += $this->ua->getUserIdsOfOrgUnit($assignment->getOrguId());
62  }
63 
64  return array_intersect($user_ids, $other_users_in_same_org_units);
65  }
66 
68  public function isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids): bool
69  {
70  $current_user_id = $this->getCurrentUsersId();
71 
72  return $this->isUserBasedOnPositionsAllowedTo($current_user_id, $permission, $on_user_ids);
73  }
74 
75 
77  public function isUserBasedOnPositionsAllowedTo(
78  int $which_user_id,
79  string $permission,
80  array $on_user_ids
81  ): bool {
82  $filtered_user_ids = $this->filterUserIdsForUsersPositionsAndPermission(
83  $on_user_ids,
84  $which_user_id,
85  $permission
86  );
87 
88  return ($on_user_ids === array_intersect($on_user_ids, $filtered_user_ids)
89  && $filtered_user_ids === array_intersect($filtered_user_ids, $on_user_ids));
90  }
91 
92 
94  public function filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids): array
95  {
96  $current_user_id = $this->getCurrentUsersId();
97 
98  return $this->filterUserIdsByPositionOfUser($current_user_id, $pos_perm, $ref_id, $user_ids);
99  }
100 
101 
103  public function filterUserIdsByPositionOfUser(
104  int $user_id,
105  string $pos_perm,
106  int $ref_id,
107  array $user_ids
108  ): array {
109  // $all_available_users = $this->ua->getUserIdsOfOrgUnit()
110  $operation = ilOrgUnitOperationQueries::findByOperationString($pos_perm, $this->getTypeForRefId($ref_id));
111  if (!$operation) {
112  return [];
113  }
114 
115  $allowed_user_ids = [];
116  foreach ($this->ua->getPositionsOfUserId($user_id) as $position) {
117  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
118  $permissions->afterObjectLoad();
119  if (!$permissions->isOperationIdSelected($operation->getOperationId())) {
120  continue;
121  }
122 
123  $position->afterObjectLoad();
124  foreach ($position->getAuthorities() as $authority) {
125  switch ($authority->getOver()) {
126  case ilOrgUnitAuthority::OVER_EVERYONE:
127  switch ($authority->getScope()) {
128  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
129  $allowed = $this->ua->getUserIdsOfOrgUnitsOfUsersPosition($position->getId(), $user_id);
130  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
131  break;
132  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
133  $allowed = $this->ua->getUserIdsOfOrgUnitsOfUsersPosition(
134  $position->getId(),
135  $user_id,
136  true
137  );
138  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
139  break;
140  }
141  break;
142  default:
143  switch ($authority->getScope()) {
144  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
145  $allowed = $this->ua->getUserIdsOfUsersOrgUnitsInPosition(
146  $user_id,
147  $authority->getPositionId(),
148  $authority->getOver(),
149  false
150  );
151  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
152  break;
153  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
154  $allowed = $this->ua->getUserIdsOfUsersOrgUnitsInPosition(
155  $user_id,
156  $authority->getPositionId(),
157  $authority->getOver(),
158  true
159  );
160  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
161  break;
162  }
163  break;
164  }
165  }
166  }
167  $allowed_user_ids[] = $this->user->getId();
168  return array_intersect($user_ids, $allowed_user_ids);
169  }
170 
171 
172  public function checkPositionAccess(string $pos_perm, int $ref_id): bool
173  {
174  if (!$this->isPositionActiveForRefId($ref_id)) {
175  return false;
176  }
177 
178  $operation = ilOrgUnitOperationQueries::findByOperationString($pos_perm, $this->getTypeForRefId($ref_id));
179  if (!$operation) {
180  return false;
181  }
182  $current_user_id = $this->getCurrentUsersId();
183 
184  foreach ($this->ua->getPositionsOfUserId($current_user_id) as $position) {
185  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
186  if ($permissions->isOperationIdSelected($operation->getOperationId())) {
187  return true;
188  }
189  }
190 
191  return false;
192  }
193 
194 
195  public function hasCurrentUserAnyPositionAccess(int $ref_id): bool
196  {
197  if (!$this->isPositionActiveForRefId($ref_id)) {
198  return false;
199  }
200 
201  $current_user_id = $this->getCurrentUsersId();
202 
203  foreach ($this->ua->getPositionsOfUserId($current_user_id) as $position) {
204  $permissions = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position->getId());
205  if (count($permissions->getOperations()) > 0) {
206  return true;
207  }
208  }
209 
210  return false;
211  }
212 
213 
214  public function checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id): bool
215  {
216  // If RBAC allows, just return true
217  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
218  return true;
219  }
220 
221  if (!$this->isPositionActiveForRefId($ref_id)) {
222  return false;
223  }
224 
225  return $this->checkPositionAccess($pos_perm, $ref_id);
226  }
227 
228 
229  public function filterUserIdsByRbacOrPositionOfCurrentUser(
230  string $rbac_perm,
231  string $pos_perm,
232  int $ref_id,
233  array $user_ids
234  ): array {
235  global $DIC;
236 
237  // If RBAC allows, just return true
238  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
239  return $user_ids;
240  }
241 
242  return $this->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
243  }
244 
245 
246  public function hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id): bool
247  {
248  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
249  return true;
250  }
251 
252  return $this->hasCurrentUserAnyPositionAccess($ref_id);
253  }
254 
255 
256  //
257  // Helpers
258  //
259 
260  private function getCurrentUsersId(): int
261  {
262  return $this->user->getId();
263  }
264 
265 
266  private function getTypeForRefId(int $ref_id): string
267  {
268  if (!isset(self::$ref_id_obj_type_map[$ref_id])) {
269  self::$ref_id_obj_type_map[$ref_id] = ilObject2::_lookupType($ref_id, true);
270  }
271 
272  return self::$ref_id_obj_type_map[$ref_id];
273  }
274 
275  private function getObjIdForRefId(int $ref_id): int
276  {
277  return ilObject2::_lookupObjectId($ref_id);
278  }
279 
280  private function isPositionActiveForRefId(int $ref_id): bool
281  {
282  $obj_id = $this->getObjIdForRefId($ref_id); // TODO this will change to ref_id!!
283 
284  return $this->set->isPositionAccessActiveForObject($obj_id);
285  }
286 }
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString(string $operation_string, string $context_name)
Definition: class.ilOrgUnitOperationQueries.php:106
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:77
ilOrgUnitPositionAccess\$ua
ilOrgUnitUserAssignmentQueries $ua
Definition: class.ilOrgUnitPositionAccess.php:26
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:246
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:172
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:94
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:23
ilOrgUnitPositionAndRBACAccessHandler
Interface ilOrgUnitPositionAndRBACAccessHandler Provides access checks due to a users OrgUnit-Positio...
Definition: class.ilOrgUnitPositionAndRBACAccessHandler.php:8
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObject\_lookupObjectId
static _lookupObjectId(int $ref_id)
Definition: class.ilObject.php:1123
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:103
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:214
ilOrgUnitPositionAccessHandler
Interface ilOrgUnitPositionAccessHandler Provides access checks due to a users OrgUnit-Positions.
Definition: class.ilOrgUnitPositionAccessHandler.php:8
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:42
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:229
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:53
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:68
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091