ILIAS  trunk Revision v11.0_alpha-1761-g6dbbfa7b760
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
ilObjEmployeeTalkAccess Class Reference
+ Inheritance diagram for ilObjEmployeeTalkAccess:
+ Collaboration diagram for ilObjEmployeeTalkAccess:

Public Member Functions

 __construct ()
 
 canCreate (?ilObjUser $talkParticipant=null)
 Checks if the user is allowed to create a new talks series. More...
 
 hasPermissionToReadUnownedTalksOfUser (int $userId)
 
 canRead (int $refId)
 
 canEditTalkLockStatus (int $refId)
 
 canEdit (int $refId)
 
 canDelete (int $refId)
 
 isTalkReadonlyByCurrentUser (int $ref_id)
 
- Public Member Functions inherited from ilObjectAccess
 _checkAccess (string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id=null)
 Checks whether a user may invoke a command or not (this method is called by ilAccessHandler::checkAccess) More...
 
 canBeDelivered (ilWACPath $ilWACPath)
 

Static Public Member Functions

static getInstance ()
 
static _getCommands ()
 get commands More...
 
static _isOffline ($obj_id)
 
static _checkGoto ($target)
 
- Static Public Member Functions inherited from ilObjectAccess
static _getCommands ()
 get commands More...
 
static _checkGoto (string $target)
 check whether goto script will succeed More...
 
static _isOffline (int $obj_id)
 Type-specific implementation of general status, has to be overwritten if object type does not support centralized offline handling. More...
 
static _preloadData (array $obj_ids, array $ref_ids)
 Preload data. More...
 

Private Member Functions

 isPermittedToExecuteOperation (int $refId, string $operation)
 
 getCurrentUsersId ()
 

Private Attributes

ilOrgUnitUserAssignmentQueries $ua
 
ilOrgUnitGlobalSettings $set
 
IlOrgUnitPositionAccess $orgUnitAccess
 
Container $container
 
ilOrgUnitObjectTypePositionSetting $talkPositionSettings
 
IliasDBEmployeeTalkSeriesRepository $seriesSettingsRepository
 

Static Private Attributes

static self $instance = null
 

Detailed Description

Definition at line 28 of file class.ilObjEmployeeTalkAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilObjEmployeeTalkAccess::__construct ( )

Definition at line 47 of file class.ilObjEmployeeTalkAccess.php.

References $GLOBALS, ilOrgUnitUserAssignmentQueries\getInstance(), ilOrgUnitGlobalSettings\getInstance(), and ilObjEmployeeTalk\TYPE.

48  {
49  $this->container = $GLOBALS['DIC'];
50 
51  $this->set = ilOrgUnitGlobalSettings::getInstance();
52  $this->ua = ilOrgUnitUserAssignmentQueries::getInstance();
53  $this->orgUnitAccess = new ilOrgUnitPositionAccess($this->container->access());
54  $this->talkPositionSettings = $this->set->getObjectPositionSettingsByType(ilObjEmployeeTalk::TYPE);
55  $this->seriesSettingsRepository = new IliasDBEmployeeTalkSeriesRepository($this->container->user(), $this->container->database());
56  }
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:23
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
+ Here is the call graph for this function:

Member Function Documentation

◆ _checkGoto()

static ilObjEmployeeTalkAccess::_checkGoto (   $target)
static

Definition at line 89 of file class.ilObjEmployeeTalkAccess.php.

89  : bool
90  {
91  $access = new self();
92 
93  $t_arr = explode('_', $target);
94  if ($t_arr[0] !== 'etal' || ((int) $t_arr[1]) <= 0) {
95  return false;
96  }
97  if ($access->canRead(intval($t_arr[1]))) {
98  return true;
99  }
100 
101  return false;
102  }

◆ _getCommands()

static ilObjEmployeeTalkAccess::_getCommands ( )
static

get commands

this method returns an array of all possible commands/permission combinations

example: $commands = array ( array('permission' => 'read', 'cmd' => 'view', 'lang_var' => 'show'), array('permission' => 'write', 'cmd' => 'edit', 'lang_var' => 'edit'), );

Definition at line 70 of file class.ilObjEmployeeTalkAccess.php.

Referenced by ilObjEmployeeTalkListGUI\init().

70  : array
71  {
72  $commands = [
73  [
74  'permission' => 'read',
75  'cmd' => ControlFlowCommand::DEFAULT,
76  'lang_var' => 'show',
77  'default' => true,
78  ]
79  ];
80 
81  return $commands;
82  }
+ Here is the caller graph for this function:

◆ _isOffline()

static ilObjEmployeeTalkAccess::_isOffline (   $obj_id)
static

Definition at line 84 of file class.ilObjEmployeeTalkAccess.php.

84  : bool
85  {
86  return false;
87  }

◆ canCreate()

ilObjEmployeeTalkAccess::canCreate ( ?ilObjUser  $talkParticipant = null)

Checks if the user is allowed to create a new talks series.

If no user is given only the position right is checked, which can be used to display create or new buttons based on the general position rights of the user.

If the user is given, only positions with an authority over the given user are used to check the position rights.

Parameters
ilObjUser | null$talkParticipantThe talk participant which should get invited into the new talk.
Returns
bool True if the user has creation rights otherwise false.

Definition at line 115 of file class.ilObjEmployeeTalkAccess.php.

References getCurrentUsersId(), ilOrgUnitPermissionQueries\getTemplateSetForContextName(), null, and ilObjEmployeeTalk\TYPE.

115  : bool
116  {
117  try {
118  $currentUserId = $this->getCurrentUsersId();
119 
120  // Root has always full access
121  if ($currentUserId === 6) {
122  return true;
123  }
124 
125  // Talks are never editable if the position rights are not active, because the talks don't use RBAC
126  if (!$this->talkPositionSettings->isActive()) {
127  return false;
128  }
129 
130  $positions = $this->ua->getPositionsOfUserId($currentUserId);
131 
132  // If we don't have a user just check if the current user has the right in any position to create a new talk
133  if ($talkParticipant === null) {
134  foreach ($positions as $position) {
135  // Check if the position has any relevant position rights
136  $permissionSet = ilOrgUnitPermissionQueries::getTemplateSetForContextName(ilObjEmployeeTalk::TYPE, strval($position->getId() ?? 0));
137  $isAbleToExecuteOperation = array_reduce($permissionSet->getOperations(), function (bool $prev, ilOrgUnitOperation $it) {
138  return $prev || $it->getOperationString() === EmployeeTalkPositionAccessLevel::CREATE;
139  }, false);
140 
141  // If the position has no rights check the next one
142  if (!$isAbleToExecuteOperation) {
143  continue;
144  }
145 
146  return true;
147  }
148 
149  // The current user was not in a position with create etal position rights
150  return false;
151  }
152 
153  // Validate authority and position rights over the given participant
154  return $this->hasAuthorityAndOperationPermissionOverUser($talkParticipant, EmployeeTalkPositionAccessLevel::CREATE);
155  } catch (\Exception $ex) {
156  return false;
157  }
158  }
ilOrgUnitPermissionQueries\getTemplateSetForContextName
static getTemplateSetForContextName(string $context_name, string $position_id, bool $editable=false)
Definition: class.ilOrgUnitPermissionQueries.php:41
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
+ Here is the call graph for this function:

◆ canDelete()

ilObjEmployeeTalkAccess::canDelete ( int  $refId)
Parameters
int$refId
Returns
bool

Definition at line 200 of file class.ilObjEmployeeTalkAccess.php.

References getCurrentUsersId(), and SYSTEM_ROLE_ID.

200  : bool
201  {
202  $talk = new ilObjEmployeeTalk($refId);
203  $user = $this->getCurrentUsersId();
204  if ($user === $talk->getOwner()) {
205  return true;
206  }
207  // global admins can delete
208  if ($this->container->rbac()->review()->isAssigned(
209  $user,
210  SYSTEM_ROLE_ID
211  )) {
212  return true;
213  }
214  return false;
215  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:

◆ canEdit()

ilObjEmployeeTalkAccess::canEdit ( int  $refId)
Parameters
int$refId
Returns
bool

Definition at line 191 of file class.ilObjEmployeeTalkAccess.php.

References isPermittedToExecuteOperation().

Referenced by isTalkReadonlyByCurrentUser().

191  : bool
192  {
193  return $this->isPermittedToExecuteOperation($refId, EmployeeTalkPositionAccessLevel::EDIT);
194  }
ilObjEmployeeTalkAccess\isPermittedToExecuteOperation
isPermittedToExecuteOperation(int $refId, string $operation)
Definition: class.ilObjEmployeeTalkAccess.php:217
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ canEditTalkLockStatus()

ilObjEmployeeTalkAccess::canEditTalkLockStatus ( int  $refId)

Definition at line 174 of file class.ilObjEmployeeTalkAccess.php.

References getCurrentUsersId().

174  : bool
175  {
176  $currentUserId = $this->getCurrentUsersId();
177 
178  // Root has always full access
179  if ($currentUserId === 6) {
180  return true;
181  }
182 
183  $talk = new ilObjEmployeeTalk($refId);
184  return $talk->getOwner() === $currentUserId;
185  }
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:

◆ canRead()

ilObjEmployeeTalkAccess::canRead ( int  $refId)

Definition at line 169 of file class.ilObjEmployeeTalkAccess.php.

References isPermittedToExecuteOperation().

169  : bool
170  {
171  return $this->isPermittedToExecuteOperation($refId, EmployeeTalkPositionAccessLevel::VIEW);
172  }
ilObjEmployeeTalkAccess\isPermittedToExecuteOperation
isPermittedToExecuteOperation(int $refId, string $operation)
Definition: class.ilObjEmployeeTalkAccess.php:217
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:

◆ getCurrentUsersId()

ilObjEmployeeTalkAccess::getCurrentUsersId ( )
private
Returns
int

Definition at line 285 of file class.ilObjEmployeeTalkAccess.php.

References ilObject\getId(), ilOrgUnitPermissionQueries\getTemplateSetForContextName(), and ilObjEmployeeTalk\TYPE.

Referenced by canCreate(), canDelete(), canEditTalkLockStatus(), and isPermittedToExecuteOperation().

285  : int
286  {
287  return $this->container->user()->getId();
288  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getInstance()

static ilObjEmployeeTalkAccess::getInstance ( )
static

Definition at line 38 of file class.ilObjEmployeeTalkAccess.php.

Referenced by ilObjEmployeeTalkGUI\__construct().

38  : self
39  {
40  if (is_null(self::$instance)) {
41  self::$instance = new ilObjEmployeeTalkAccess();
42  }
43 
44  return self::$instance;
45  }
+ Here is the caller graph for this function:

◆ hasPermissionToReadUnownedTalksOfUser()

ilObjEmployeeTalkAccess::hasPermissionToReadUnownedTalksOfUser ( int  $userId)

Definition at line 160 of file class.ilObjEmployeeTalkAccess.php.

160  : bool
161  {
162  try {
163  return $this->hasAuthorityAndOperationPermissionOverUser(new ilObjUser($userId), EmployeeTalkPositionAccessLevel::VIEW);
164  } catch (\Exception $ex) {
165  return false;
166  }
167  }

◆ isPermittedToExecuteOperation()

ilObjEmployeeTalkAccess::isPermittedToExecuteOperation ( int  $refId,
string  $operation 
)
private

Definition at line 217 of file class.ilObjEmployeeTalkAccess.php.

References $data, and getCurrentUsersId().

Referenced by canEdit(), and canRead().

217  : bool
218  {
219  $currentUserId = $this->getCurrentUsersId();
220 
221  // Root has always full access
222  if ($currentUserId === 6) {
223  return true;
224  }
225 
226  // Talks are never editable if the position rights are not active, because the talks don't use RBAC
227  if (!$this->talkPositionSettings->isActive()) {
228  return false;
229  }
230 
231  $talk = new ilObjEmployeeTalk($refId);
232  $series = $talk->getParent();
233  $hasAuthority = $this->hasAuthorityAndOperationPermissionOverUser(new ilObjUser($talk->getData()->getEmployee()), $operation);
234  $data = $talk->getData();
235  $seriesSettings = $this->seriesSettingsRepository->readEmployeeTalkSerieSettings($series->getId());
236  $canExecuteOperation = $this->orgUnitAccess->checkPositionAccess($operation, $refId);
237  $isOwner = $talk->getOwner() === $currentUserId;
238 
239  if ($isOwner) {
240  return true;
241  }
242 
243  if ($currentUserId === $data->getEmployee()) {
244  // The Employee can never edit their own talks
245  if ($operation !== EmployeeTalkPositionAccessLevel::VIEW) {
246  return false;
247  }
248 
249  // The Employee can always read their own talks
250  return true;
251  }
252 
253  //Only owner can edit talks with enabled write lock
254  if ($seriesSettings->isLockedEditing() && $operation === EmployeeTalkPositionAccessLevel::EDIT) {
255  return false;
256  }
257 
258  // Has no authority over the employee
259  if (!$hasAuthority) {
260  return false;
261  }
262 
263  // Has Authority and is permitted to execute the given permission
264  if ($canExecuteOperation) {
265  return true;
266  }
267 
268  // Has authority but no permission
269  return false;
270  }
$refId
$refId
Definition: xapitoken.php:58
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isTalkReadonlyByCurrentUser()

ilObjEmployeeTalkAccess::isTalkReadonlyByCurrentUser ( int  $ref_id)
Parameters
int$ref_id
Returns
bool

Definition at line 277 of file class.ilObjEmployeeTalkAccess.php.

References canEdit().

277  : bool
278  {
279  return !$this->canEdit($ref_id);
280  }
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:

Field Documentation

◆ $container

Container ilObjEmployeeTalkAccess::$container
private

Definition at line 34 of file class.ilObjEmployeeTalkAccess.php.

◆ $instance

self ilObjEmployeeTalkAccess::$instance = null
staticprivate

Definition at line 30 of file class.ilObjEmployeeTalkAccess.php.

◆ $orgUnitAccess

IlOrgUnitPositionAccess ilObjEmployeeTalkAccess::$orgUnitAccess
private

Definition at line 33 of file class.ilObjEmployeeTalkAccess.php.

◆ $seriesSettingsRepository

IliasDBEmployeeTalkSeriesRepository ilObjEmployeeTalkAccess::$seriesSettingsRepository
private

Definition at line 36 of file class.ilObjEmployeeTalkAccess.php.

◆ $set

ilOrgUnitGlobalSettings ilObjEmployeeTalkAccess::$set
private

Definition at line 32 of file class.ilObjEmployeeTalkAccess.php.

◆ $talkPositionSettings

ilOrgUnitObjectTypePositionSetting ilObjEmployeeTalkAccess::$talkPositionSettings
private

Definition at line 35 of file class.ilObjEmployeeTalkAccess.php.

◆ $ua

ilOrgUnitUserAssignmentQueries ilObjEmployeeTalkAccess::$ua
private

Definition at line 31 of file class.ilObjEmployeeTalkAccess.php.

The documentation for this class was generated from the following file: