ILIAS  trunk Revision v11.0_alpha-1744-gb0451eebef4
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Protected Attributes | Static Protected Attributes | Private Member Functions | Private Attributes
ilOrgUnitPositionAccess Class Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

+ Inheritance diagram for ilOrgUnitPositionAccess:
+ Collaboration diagram for ilOrgUnitPositionAccess:

Public Member Functions

 __construct (ilAccess $access)
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, string $permission)
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, int $for_user_id, string $permission)
 
 isCurrentUserBasedOnPositionsAllowedTo (string $permission, array $on_user_ids)
 
 isUserBasedOnPositionsAllowedTo (int $which_user_id, string $permission, array $on_user_ids)
 
 filterUserIdsByPositionOfCurrentUser (string $pos_perm, int $ref_id, array $user_ids)
 
 filterUserIdsByPositionOfUser (int $user_id, string $pos_perm, int $ref_id, array $user_ids)
 
 checkPositionAccess (string $pos_perm, int $ref_id)
 
 hasCurrentUserAnyPositionAccess (int $ref_id)
 
 checkRbacOrPositionPermissionAccess (string $rbac_perm, string $pos_perm, int $ref_id)
 
 filterUserIdsByRbacOrPositionOfCurrentUser (string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
 
 hasUserRBACorAnyPositionAccess (string $rbac_perm, int $ref_id)
 

Protected Attributes

ilOrgUnitUserAssignmentDBRepository $assignmentRepo
 
ilOrgUnitOperationDBRepository $operationRepo
 
ilOrgUnitPermissionDBRepository $permissionRepo
 

Static Protected Attributes

static array $ref_id_obj_type_map = array()
 

Private Member Functions

 getCurrentUsersId ()
 
 getTypeForRefId (int $ref_id)
 
 getObjIdForRefId (int $ref_id)
 
 isPositionActiveForRefId (int $ref_id)
 

Private Attributes

ilOrgUnitGlobalSettings $set
 
ilAccess $access
 
ilObjUser $user
 

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning Class ilOrgUnitPositionAccess

Author
Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch

Definition at line 23 of file class.ilOrgUnitPositionAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilOrgUnitPositionAccess::__construct ( ilAccess  $access)

Definition at line 33 of file class.ilOrgUnitPositionAccess.php.

References $access, $DIC, $dic, ILIAS\Repository\access(), ilOrgUnitLocalDIC\dic(), ilOrgUnitGlobalSettings\getInstance(), and ILIAS\Repository\user().

34  {
35  global $DIC;
36  $this->set = ilOrgUnitGlobalSettings::getInstance();
37  $this->access = $access;
38  $this->user = $DIC->user();
39 
40  $dic = \ilOrgUnitLocalDIC::dic();
41  $this->assignmentRepo = $dic["repo.UserAssignments"];
42  $this->operationRepo = $dic["repo.Operations"];
43  $this->permissionRepo = $dic["repo.Permissions"];
44  }
$DIC
global $DIC
Definition: shib_login.php:22
$dic
$dic
Definition: result.php:31
+ Here is the call graph for this function:

Member Function Documentation

◆ checkPositionAccess()

ilOrgUnitPositionAccess::checkPositionAccess ( string  $pos_perm,
int  $ref_id 
)
Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
Returns
bool
See also
getAvailablePositionRelatedPermissions for available permissions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 183 of file class.ilOrgUnitPositionAccess.php.

References getCurrentUsersId(), getTypeForRefId(), and isPositionActiveForRefId().

Referenced by ilAccess\checkPositionAccess(), and checkRbacOrPositionPermissionAccess().

183  : bool
184  {
185  if (!$this->isPositionActiveForRefId($ref_id)) {
186  return false;
187  }
188 
189  $operation = $this->operationRepo->find($pos_perm, $this->getTypeForRefId($ref_id));
190  if (!$operation) {
191  return false;
192  }
193  $current_user_id = $this->getCurrentUsersId();
194 
195  foreach ($this->assignmentRepo->getPositionsByUser($current_user_id) as $position) {
196  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
197  if ($permissions->isOperationIdSelected($operation->getOperationId())) {
198  return true;
199  }
200  }
201 
202  return false;
203  }
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkRbacOrPositionPermissionAccess()

ilOrgUnitPositionAccess::checkRbacOrPositionPermissionAccess ( string  $rbac_perm,
string  $pos_perm,
int  $ref_id 
)
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 225 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\access(), checkPositionAccess(), and isPositionActiveForRefId().

Referenced by ilAccess\checkRbacOrPositionPermissionAccess().

225  : bool
226  {
227  // If RBAC allows, just return true
228  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
229  return true;
230  }
231 
232  if (!$this->isPositionActiveForRefId($ref_id)) {
233  return false;
234  }
235 
236  return $this->checkPositionAccess($pos_perm, $ref_id);
237  }
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:183
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByPositionOfCurrentUser()

ilOrgUnitPositionAccess::filterUserIdsByPositionOfCurrentUser ( string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
int[]$user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 100 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsByPositionOfUser(), and getCurrentUsersId().

Referenced by ilAccess\filterUserIdsByPositionOfCurrentUser(), and filterUserIdsByRbacOrPositionOfCurrentUser().

100  : array
101  {
102  $current_user_id = $this->getCurrentUsersId();
103 
104  return $this->filterUserIdsByPositionOfUser($current_user_id, $pos_perm, $ref_id, $user_ids);
105  }
$ref_id
$ref_id
Definition: ltiauth.php:65
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:109
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByPositionOfUser()

ilOrgUnitPositionAccess::filterUserIdsByPositionOfUser ( int  $user_id,
string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
int[]$user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 109 of file class.ilOrgUnitPositionAccess.php.

References getTypeForRefId(), isPositionActiveForRefId(), ilOrgUnitAuthority\OVER_EVERYONE, ilOrgUnitAuthority\SCOPE_SAME_ORGU, ilOrgUnitAuthority\SCOPE_SUBSEQUENT_ORGUS, and ILIAS\Repository\user().

Referenced by filterUserIdsByPositionOfCurrentUser(), and ilAccess\filterUserIdsByPositionOfUser().

114  : array {
115  if (!$this->isPositionActiveForRefId($ref_id)) {
116  return [];
117  }
118 
119  $operation = $this->operationRepo->find($pos_perm, $this->getTypeForRefId($ref_id));
120  if (!$operation) {
121  return [];
122  }
123 
124  $allowed_user_ids = [];
125  foreach ($this->assignmentRepo->getPositionsByUser($user_id) as $position) {
126  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
127  if (!$permissions->isOperationIdSelected($operation->getOperationId())) {
128  continue;
129  }
130 
131  foreach ($position->getAuthorities() as $authority) {
132  switch ($authority->getOver()) {
133  case ilOrgUnitAuthority::OVER_EVERYONE:
134  switch ($authority->getScope()) {
135  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
136  $allowed = $this->assignmentRepo->getUsersByUserAndPosition(
137  $user_id,
138  $position->getId(),
139  false
140  );
141  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
142  break;
143  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
144  $allowed = $this->assignmentRepo->getUsersByUserAndPosition(
145  $user_id,
146  $position->getId(),
147  true
148  );
149  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
150  break;
151  }
152  break;
153  default:
154  switch ($authority->getScope()) {
155  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
156  $allowed = $this->assignmentRepo->getFilteredUsersByUserAndPosition(
157  $user_id,
158  $authority->getPositionId(),
159  $authority->getOver(),
160  false
161  );
162  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
163  break;
164  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
165  $allowed = $this->assignmentRepo->getFilteredUsersByUserAndPosition(
166  $user_id,
167  $authority->getPositionId(),
168  $authority->getOver(),
169  true
170  );
171  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
172  break;
173  }
174  break;
175  }
176  }
177  }
178  $allowed_user_ids[] = $this->user->getId();
179  return array_intersect($user_ids, $allowed_user_ids);
180  }
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsByRbacOrPositionOfCurrentUser()

ilOrgUnitPositionAccess::filterUserIdsByRbacOrPositionOfCurrentUser ( string  $rbac_perm,
string  $pos_perm,
int  $ref_id,
array  $user_ids 
)
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 240 of file class.ilOrgUnitPositionAccess.php.

References $DIC, ILIAS\Repository\access(), and filterUserIdsByPositionOfCurrentUser().

Referenced by ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

245  : array {
246  global $DIC;
247 
248  // If RBAC allows, just return true
249  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
250  return $user_ids;
251  }
252 
253  return $this->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
254  }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:100
$ref_id
$ref_id
Definition: ltiauth.php:65
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsForCurrentUsersPositionsAndPermission()

ilOrgUnitPositionAccess::filterUserIdsForCurrentUsersPositionsAndPermission ( array  $user_ids,
string  $permission 
)
Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 48 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsForUsersPositionsAndPermission(), and getCurrentUsersId().

Referenced by ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

51  : array {
52  $current_user_id = $this->getCurrentUsersId();
53  return $this->filterUserIdsForUsersPositionsAndPermission($user_ids, $current_user_id, $permission);
54  }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:59
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ filterUserIdsForUsersPositionsAndPermission()

ilOrgUnitPositionAccess::filterUserIdsForUsersPositionsAndPermission ( array  $user_ids,
int  $for_user_id,
string  $permission 
)
Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 59 of file class.ilOrgUnitPositionAccess.php.

Referenced by filterUserIdsForCurrentUsersPositionsAndPermission(), ilAccess\filterUserIdsForUsersPositionsAndPermission(), and isUserBasedOnPositionsAllowedTo().

63  : array {
64  $assignment_of_user = $this->assignmentRepo->getByUsers([$for_user_id]);
65  $other_users_in_same_org_units = [];
66  foreach ($assignment_of_user as $assignment) {
67  $other_users_in_same_org_units += $this->assignmentRepo->getUsersByOrgUnits([$assignment->getOrguId()]);
68  }
69 
70  return array_intersect($user_ids, $other_users_in_same_org_units);
71  }
+ Here is the caller graph for this function:

◆ getCurrentUsersId()

ilOrgUnitPositionAccess::getCurrentUsersId ( )
private

Definition at line 271 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\user().

Referenced by checkPositionAccess(), filterUserIdsByPositionOfCurrentUser(), filterUserIdsForCurrentUsersPositionsAndPermission(), hasCurrentUserAnyPositionAccess(), and isCurrentUserBasedOnPositionsAllowedTo().

271  : int
272  {
273  return $this->user->getId();
274  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getObjIdForRefId()

ilOrgUnitPositionAccess::getObjIdForRefId ( int  $ref_id)
private

Definition at line 286 of file class.ilOrgUnitPositionAccess.php.

References ilObject\_lookupObjectId().

Referenced by isPositionActiveForRefId().

286  : int
287  {
288  return ilObject2::_lookupObjectId($ref_id);
289  }
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObject\_lookupObjectId
static _lookupObjectId(int $ref_id)
Definition: class.ilObject.php:1116
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getTypeForRefId()

ilOrgUnitPositionAccess::getTypeForRefId ( int  $ref_id)
private

Definition at line 277 of file class.ilOrgUnitPositionAccess.php.

References $ref_id, and ilObject\_lookupType().

Referenced by checkPositionAccess(), and filterUserIdsByPositionOfUser().

277  : string
278  {
279  if (!isset(self::$ref_id_obj_type_map[$ref_id])) {
280  self::$ref_id_obj_type_map[$ref_id] = ilObject2::_lookupType($ref_id, true);
281  }
282 
283  return self::$ref_id_obj_type_map[$ref_id];
284  }
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasCurrentUserAnyPositionAccess()

ilOrgUnitPositionAccess::hasCurrentUserAnyPositionAccess ( int  $ref_id)
Parameters
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 206 of file class.ilOrgUnitPositionAccess.php.

References getCurrentUsersId(), and isPositionActiveForRefId().

Referenced by ilAccess\hasCurrentUserAnyPositionAccess(), and hasUserRBACorAnyPositionAccess().

206  : bool
207  {
208  if (!$this->isPositionActiveForRefId($ref_id)) {
209  return false;
210  }
211 
212  $current_user_id = $this->getCurrentUsersId();
213 
214  foreach ($this->assignmentRepo->getPositionsByUser($current_user_id) as $position) {
215  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
216  if (count($permissions->getOperations()) > 0) {
217  return true;
218  }
219  }
220 
221  return false;
222  }
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasUserRBACorAnyPositionAccess()

ilOrgUnitPositionAccess::hasUserRBACorAnyPositionAccess ( string  $rbac_perm,
int  $ref_id 
)

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 257 of file class.ilOrgUnitPositionAccess.php.

References ILIAS\Repository\access(), and hasCurrentUserAnyPositionAccess().

Referenced by ilAccess\hasUserRBACorAnyPositionAccess().

257  : bool
258  {
259  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
260  return true;
261  }
262 
263  return $this->hasCurrentUserAnyPositionAccess($ref_id);
264  }
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isCurrentUserBasedOnPositionsAllowedTo()

ilOrgUnitPositionAccess::isCurrentUserBasedOnPositionsAllowedTo ( string  $permission,
array  $on_user_ids 
)
Parameters
int[]$on_user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 74 of file class.ilOrgUnitPositionAccess.php.

References getCurrentUsersId(), and isUserBasedOnPositionsAllowedTo().

Referenced by ilAccess\isCurrentUserBasedOnPositionsAllowedTo().

74  : bool
75  {
76  $current_user_id = $this->getCurrentUsersId();
77 
78  return $this->isUserBasedOnPositionsAllowedTo($current_user_id, $permission, $on_user_ids);
79  }
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:83
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isPositionActiveForRefId()

ilOrgUnitPositionAccess::isPositionActiveForRefId ( int  $ref_id)
private

Definition at line 291 of file class.ilOrgUnitPositionAccess.php.

References getObjIdForRefId().

Referenced by checkPositionAccess(), checkRbacOrPositionPermissionAccess(), filterUserIdsByPositionOfUser(), and hasCurrentUserAnyPositionAccess().

291  : bool
292  {
293  $obj_id = $this->getObjIdForRefId($ref_id); // TODO this will change to ref_id!!
294 
295  return $this->set->isPositionAccessActiveForObject($obj_id);
296  }
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isUserBasedOnPositionsAllowedTo()

ilOrgUnitPositionAccess::isUserBasedOnPositionsAllowedTo ( int  $which_user_id,
string  $permission,
array  $on_user_ids 
)
Parameters
int[]$on_user_ids

Implements ilOrgUnitPositionAccessHandler.

Definition at line 83 of file class.ilOrgUnitPositionAccess.php.

References filterUserIdsForUsersPositionsAndPermission().

Referenced by isCurrentUserBasedOnPositionsAllowedTo(), and ilAccess\isUserBasedOnPositionsAllowedTo().

87  : bool {
88  $filtered_user_ids = $this->filterUserIdsForUsersPositionsAndPermission(
89  $on_user_ids,
90  $which_user_id,
91  $permission
92  );
93 
94  return ($on_user_ids === array_intersect($on_user_ids, $filtered_user_ids)
95  && $filtered_user_ids === array_intersect($filtered_user_ids, $on_user_ids));
96  }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:59
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $access

ilAccess ilOrgUnitPositionAccess::$access
private

Definition at line 27 of file class.ilOrgUnitPositionAccess.php.

Referenced by __construct().

◆ $assignmentRepo

ilOrgUnitUserAssignmentDBRepository ilOrgUnitPositionAccess::$assignmentRepo
protected

Definition at line 29 of file class.ilOrgUnitPositionAccess.php.

◆ $operationRepo

ilOrgUnitOperationDBRepository ilOrgUnitPositionAccess::$operationRepo
protected

Definition at line 30 of file class.ilOrgUnitPositionAccess.php.

◆ $permissionRepo

ilOrgUnitPermissionDBRepository ilOrgUnitPositionAccess::$permissionRepo
protected

Definition at line 31 of file class.ilOrgUnitPositionAccess.php.

◆ $ref_id_obj_type_map

array ilOrgUnitPositionAccess::$ref_id_obj_type_map = array()
staticprotected

Definition at line 25 of file class.ilOrgUnitPositionAccess.php.

◆ $set

ilOrgUnitGlobalSettings ilOrgUnitPositionAccess::$set
private

Definition at line 26 of file class.ilOrgUnitPositionAccess.php.

◆ $user

ilObjUser ilOrgUnitPositionAccess::$user
private

Definition at line 28 of file class.ilOrgUnitPositionAccess.php.

The documentation for this class was generated from the following file: