ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1 <?php
2 
25 class ilObjSurveyAccess extends ilObjectAccess implements ilConditionHandling
26 {
27  protected ilObjUser $user;
28  protected ilLanguage $lng;
29  protected ilRbacSystem $rbacsystem;
30  protected ilAccessHandler $access;
31 
32  public function __construct()
33  {
34  global $DIC;
35 
36  $this->user = $DIC->user();
37  $this->lng = $DIC->language();
38  $this->rbacsystem = $DIC->rbac()->system();
39  $this->access = $DIC->access();
40  }
41 
42 
43  public static function getConditionOperators(): array
44  {
45  return array(
46  ilConditionHandler::OPERATOR_FINISHED
47  );
48  }
49 
50  public static function checkCondition(int $a_trigger_obj_id, string $a_operator, string $a_value, int $a_usr_id): bool
51  {
52  switch ($a_operator) {
53  case ilConditionHandler::OPERATOR_FINISHED:
54  if (self::_lookupFinished($a_trigger_obj_id, $a_usr_id)) {
55  return true;
56  } else {
57  return false;
58  }
59 
60  // no break
61  default:
62  return true;
63  }
64  }
65 
66  public function _checkAccess(string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id = null): bool
67  {
68  $ilUser = $this->user;
69  $lng = $this->lng;
70  $rbacsystem = $this->rbacsystem;
71  $ilAccess = $this->access;
72 
73  if (is_null($user_id)) {
74  $user_id = $ilUser->getId();
75  }
76 
77  $is_admin = $rbacsystem->checkAccessOfUser($user_id, 'write', $ref_id);
78 
79  switch ($permission) {
80  case "visible":
81  case "read":
82  if (!self::_lookupCreationComplete($obj_id) &&
83  !$is_admin) {
84  $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
85  return false;
86  }
87  break;
88  }
89 
90  switch ($cmd) {
91  case "run":
92  if (!self::_lookupCreationComplete($obj_id)) {
93  $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
94  return false;
95  }
96  break;
97 
98  case "evaluation":
99  if (!self::_lookupCreationComplete($obj_id)) {
100  $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
101  return false;
102  }
103  if ($rbacsystem->checkAccess("write", $ref_id) || self::_hasEvaluationAccess($obj_id, $user_id)) {
104  return true;
105  } else {
106  $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
107  return false;
108  }
109  }
110 
111  return true;
112  }
113 
114 
115  public static function _getCommands(): array
116  {
117  $commands = array(
118  array("permission" => "read", "cmd" => "infoScreen", "lang_var" => "svy_run", "default" => true),
119  array("permission" => "write", "cmd" => "questions", "lang_var" => "edit_questions"),
120  array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
121  array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
122  );
123 
124  return $commands;
125  }
126 
127  //
128  // object specific access related methods
129  //
130 
134  public static function _lookupCreationComplete(int $a_obj_id): bool
135  {
136  global $DIC;
137 
138  $ilDB = $DIC->database();
139 
140  $result = $ilDB->queryF(
141  "SELECT * FROM svy_svy WHERE obj_fi=%s",
142  array('integer'),
143  array($a_obj_id)
144  );
145 
146  $row = null;
147  if ($result->numRows() === 1) {
148  $row = $ilDB->fetchAssoc($result);
149  }
150  if (is_null($row) || !$row["complete"]) {
151  return false;
152  }
153  return true;
154  }
155 
159  public static function _lookupEvaluationAccess(int $a_obj_id): int
160  {
161  global $DIC;
162 
163  $ilDB = $DIC->database();
164 
165  $result = $ilDB->queryF(
166  "SELECT * FROM svy_svy WHERE obj_fi=%s",
167  array('integer'),
168  array($a_obj_id)
169  );
170  if ($result->numRows() === 1) {
171  $row = $ilDB->fetchAssoc($result);
172  return (int) $row["evaluation_access"];
173  }
174  return 0;
175  }
176 
177  public static function _isSurveyParticipant(
178  int $user_id,
179  int $survey_id
180  ): bool {
181  global $DIC;
182 
183  $ilDB = $DIC->database();
184 
185  $result = $ilDB->queryF(
186  "SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
187  array('integer','integer'),
188  array($user_id, $survey_id)
189  );
190  return $result->numRows() === 1;
191  }
192 
193  public static function _lookupAnonymize(
194  int $a_obj_id
195  ): bool {
196  global $DIC;
197 
198  $ilDB = $DIC->database();
199 
200  $result = $ilDB->queryF(
201  "SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
202  array('integer'),
203  array($a_obj_id)
204  );
205  if ($result->numRows() === 1) {
206  $row = $ilDB->fetchAssoc($result);
207  return (bool) $row["anonymize"];
208  } else {
209  return false;
210  }
211  }
212 
213  public static function _hasEvaluationAccess(
214  int $a_obj_id,
215  int $user_id
216  ): bool {
217  $evaluation_access = self::_lookupEvaluationAccess($a_obj_id);
218  $svy_mode = self::_lookupMode($a_obj_id);
219  if ($svy_mode === ilObjSurvey::MODE_IND_FEEDB) {
220  $svy = new ilObjSurvey($a_obj_id, false);
221  $svy->read();
222  switch ($svy->get360Results()) {
223  case ilObjSurvey::RESULTS_360_ALL:
224  case ilObjSurvey::RESULTS_360_NONE:
225  return false;
226 
227  case ilObjSurvey::RESULTS_360_OWN:
228  return true;
229 
230  // not applicable
231  }
232  }
233 
234  switch ($evaluation_access) {
235  case 0:
236  // no evaluation access
237  return false;
238  case 1:
239  // evaluation access for all registered users
240  return ($user_id > 0) && ($user_id !== ANONYMOUS_USER_ID);
241  case 2:
242  switch ($svy_mode) {
243  case ilObjSurvey::MODE_360:
244  $svy = new ilObjSurvey($a_obj_id, false);
245  $svy->read();
246  switch ($svy->get360Results()) {
247  case ilObjSurvey::RESULTS_360_NONE:
248  return false;
249 
250  case ilObjSurvey::RESULTS_360_OWN:
251  return $svy->isAppraiseeClosed($user_id);
252 
253  case ilObjSurvey::RESULTS_360_ALL:
254  return $svy->isAppraisee($user_id);
255  }
256  break;
257 
258  case ilObjSurvey::MODE_IND_FEEDB:
259  $svy = new ilObjSurvey($a_obj_id, false);
260  $svy->read();
261  switch ($svy->get360Results()) {
262  case ilObjSurvey::RESULTS_360_NONE:
263  return false;
264 
265  case ilObjSurvey::RESULTS_360_OWN:
266  return true;
267 
268  case ilObjSurvey::RESULTS_360_ALL:
269  return $svy->isAppraisee($user_id);
270  }
271  break;
272 
273  case ilObjSurvey::MODE_SELF_EVAL:
274  $svy = new ilObjSurvey($a_obj_id, false);
275  $svy->read();
276  switch ($svy->getSelfEvaluationResults()) {
277  case ilObjSurvey::RESULTS_SELF_EVAL_NONE:
278  return false;
279  default:
280  global $DIC;
281  $run_manager = $DIC->survey()->internal()->domain()
282  ->execution()->run($svy, $user_id);
283  return $run_manager->hasFinished();
284  }
285 
286  // no break
287  default:
288  // evaluation access for participants
289  // check if the user with the given id is a survey participant
290 
291  // show the evaluation button for anonymized surveys for all users
292  // access is only granted with the survey access code
293  if (self::_lookupAnonymize($a_obj_id)) {
294  return true;
295  }
296 
297  global $DIC;
298 
299  $ilDB = $DIC->database();
300  $result = $ilDB->queryF(
301  "SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
302  array('integer'),
303  array($a_obj_id)
304  );
305  if ($result->numRows() === 1) {
306  $row = $ilDB->fetchAssoc($result);
307 
308  if (self::_isSurveyParticipant($user_id, $row["survey_id"])) {
309  $survey = new ilObjSurvey($a_obj_id, false);
310  $run_manager = $DIC->survey()->internal()->domain()
311  ->execution()->run($survey, $user_id);
312  return $run_manager->hasFinished();
313  }
314  }
315  return false;
316  }
317  }
318  return false;
319  }
320 
321 
327  public static function _lookupFinished(
328  int $a_obj_id,
329  int $a_user_id = 0
330  ): ?int {
331  global $DIC;
332 
333  $ilDB = $DIC->database();
334  $ilUser = $DIC->user();
335 
336  $finished = null;
337  if ($a_user_id === 0) {
338  $a_user_id = $ilUser->getId();
339  }
340 
341  $result = $ilDB->queryF(
342  "SELECT * FROM svy_svy WHERE obj_fi = %s",
343  array('integer'),
344  array($a_obj_id)
345  );
346  if ($result->numRows() === 1) {
347  $row = $ilDB->fetchObject($result);
348  if ((int) $row->anonymize === 1) {
349  $result = $ilDB->queryF(
350  "SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s " .
351  "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s " .
352  "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
353  array('integer','text'),
354  array($row->survey_id, md5($a_user_id))
355  );
356  } else {
357  $result = $ilDB->queryF(
358  "SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
359  array('integer','integer'),
360  array($row->survey_id, $a_user_id)
361  );
362  }
363  if ($result->numRows() === 1) {
364  $foundrow = $ilDB->fetchAssoc($result);
365  $finished = (int) $foundrow["state"];
366  }
367  }
368 
369  return $finished;
370  }
371 
375  public static function _lookupMode(
376  int $a_obj_id
377  ): int {
378  global $DIC;
379  $ilDB = $DIC->database();
380 
381  $result = $ilDB->queryF(
382  "SELECT mode FROM svy_svy" .
383  " WHERE obj_fi = %s",
384  array('integer'),
385  array($a_obj_id)
386  );
387 
388  if ($result->numRows() === 1) {
389  $row = $ilDB->fetchAssoc($result);
390  return (int) $row["mode"];
391  }
392 
393  return 0;
394  }
395 
396  public static function _lookup360Mode(
397  int $a_obj_id
398  ): bool {
399  global $DIC;
400 
401  $ilDB = $DIC->database();
402 
403  $result = $ilDB->queryF(
404  "SELECT mode FROM svy_svy" .
405  " WHERE obj_fi = %s AND mode = %s",
406  array('integer','integer'),
407  array($a_obj_id, ilObjSurvey::MODE_360)
408  );
409  return (bool) $ilDB->numRows($result);
410  }
411 
415  public static function _checkGoto(string $target): bool
416  {
417  global $DIC;
418 
419  $request = $DIC->survey()
420  ->internal()
421  ->gui()
422  ->execution()
423  ->request();
424 
425  $ilAccess = $DIC->access();
426 
427  $t_arr = explode("_", $target);
428  if ($t_arr[0] !== "svy" || ((int) $t_arr[1]) <= 0) {
429  return false;
430  }
431 
432  // 360° external raters
433  $access_code = ($request->getAccessCode() !== "")
434  ? $request->getAccessCode()
435  : ($t_arr[2] ?? "");
436  if ($access_code !== "") {
437  $survey = new ilObjSurvey((int) $t_arr[1]);
438  $run_manager = $DIC->survey()->internal()->domain()->execution()->run($survey, $DIC->user()->getId());
439  try {
440  $run_manager->initSession($access_code);
441  } catch (Exception $e) {
442  return false;
443  }
444  if (ilObjSurvey::validateExternalRaterCode((int) $t_arr[1], $access_code)) {
445  return true;
446  }
447  }
448 
449  if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||
450  $ilAccess->checkAccess("read", "", $t_arr[1])) {
451  return true;
452  }
453  return false;
454  }
455 }
ilObjSurveyAccess\_lookupEvaluationAccess
static _lookupEvaluationAccess(int $a_obj_id)
get evaluation access
Definition: class.ilObjSurveyAccess.php:159
ilObjSurveyAccess\_isSurveyParticipant
static _isSurveyParticipant(int $user_id, int $survey_id)
Definition: class.ilObjSurveyAccess.php:177
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilObjSurveyAccess\checkCondition
static checkCondition(int $a_trigger_obj_id, string $a_operator, string $a_value, int $a_usr_id)
check condition for a specific user and object
Definition: class.ilObjSurveyAccess.php:50
ilLanguage\txt
txt(string $a_topic, string $a_default_lang_fallback_mod="")
gets the text for a given topic if the topic is not in the list, the topic itself with "-" will be re...
Definition: class.ilLanguage.php:172
ilObjSurveyAccess\_checkGoto
static _checkGoto(string $target)
check whether goto script will succeed
Definition: class.ilObjSurveyAccess.php:415
ilObjSurveyAccess\_lookupAnonymize
static _lookupAnonymize(int $a_obj_id)
Definition: class.ilObjSurveyAccess.php:193
ilObjSurveyAccess\_lookupFinished
static _lookupFinished(int $a_obj_id, int $a_user_id=0)
get finished status
Definition: class.ilObjSurveyAccess.php:327
ilConditionHandling
Interface for condition handling.
Definition: interface.ilConditionHandling.php:26
ilObjSurveyAccess\getConditionOperators
static getConditionOperators()
Returns an array with valid operators for the specific object type.
Definition: class.ilObjSurveyAccess.php:43
ilRbacSystem\checkAccessOfUser
checkAccessOfUser(int $a_user_id, string $a_operations, int $a_ref_id, string $a_type="")
Definition: class.ilRbacSystem.php:113
$DIC
global $DIC
Definition: feed.php:28
ilRbacSystem\checkAccess
checkAccess(string $a_operations, int $a_ref_id, string $a_type="")
checkAccess represents the main method of the RBAC-system in ILIAS3 developers want to use With this ...
Definition: class.ilRbacSystem.php:108
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObjSurveyAccess\_lookupMode
static _lookupMode(int $a_obj_id)
Get survey mode (see ilObjSurvey::MODE_...
Definition: class.ilObjSurveyAccess.php:375
ilObjSurveyAccess\_checkAccess
_checkAccess(string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id=null)
Definition: class.ilObjSurveyAccess.php:66
ilObjSurveyAccess\_hasEvaluationAccess
static _hasEvaluationAccess(int $a_obj_id, int $user_id)
Definition: class.ilObjSurveyAccess.php:213
ilObjSurveyAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjSurveyAccess.php:25
ilObjSurvey\RESULTS_SELF_EVAL_NONE
const RESULTS_SELF_EVAL_NONE
Definition: class.ilObjSurvey.php:51
ilObjSurveyAccess\_lookupCreationComplete
static _lookupCreationComplete(int $a_obj_id)
checks whether all necessary parts of the survey are given
Definition: class.ilObjSurveyAccess.php:134
ilObjSurveyAccess\_lookup360Mode
static _lookup360Mode(int $a_obj_id)
Definition: class.ilObjSurveyAccess.php:396