ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
AssignedRolesManager.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21namespace ILIAS\Catgory;
22
23use ILIAS\Category\InternalDomainService;
24
25class AssignedRolesManager
26{
27 public function __construct(
28 protected InternalDomainService $domain,
29 protected int $ref_id,
30 protected int $managed_user_id,
31 protected int $managing_user_id,
32 ) {
33 }
34
35 public function getAssignableRoles(): array
36 {
37 $rbacreview = $this->domain->rbac()->review();
38 $tmp_obj = \ilObjectFactory::getInstanceByObjId($this->managed_user_id);
39 // Admin => all roles
40 if (in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($this->managing_user_id), true)) {
41 $global_roles = $rbacreview->getGlobalRolesArray();
42 } elseif ($tmp_obj?->getTimeLimitOwner() === $this->ref_id) {
43 $global_roles = $rbacreview->getGlobalAssignableRoles();
44 } else {
45 $global_roles = [];
46 }
47 return array_merge(
48 $global_roles,
49 $rbacreview->getAssignableChildRoles($this->ref_id)
50 );
51 }
52
53 public function switchAssignment(array $ids): void
54 {
55 $roles = $this->getAssignableRoles();
56 $lng = $this->domain->lng();
57 $rbacreview = $this->domain->rbac()->review();
58 $rbacadmin = $this->domain->rbac()->admin();
59
60 // check minimum one global role
61 if (!$this->checkGlobalRoles($ids)) {
62 throw new \Exception($lng->txt('no_global_role_left'));
63 }
64
65 $assigned_roles = $rbacreview->assignedRoles($this->managed_user_id);
66 foreach ($roles as $role) {
67 if (in_array((int) $role['obj_id'], $ids, true) && !in_array((int) $role['obj_id'], $assigned_roles, true)) {
68 $rbacadmin->assignUser((int) $role['obj_id'], $this->managed_user_id);
69 }
70 if (in_array((int) $role['obj_id'], $ids, true) && in_array((int) $role['obj_id'], $assigned_roles, true)) {
71 $rbacadmin->deassignUser((int) $role['obj_id'], $this->managed_user_id);
72 }
73 }
74 }
75
76 private function checkGlobalRoles(array $ids): bool
77 {
78 $rbacreview = $this->domain->rbac()->review();
79
80 $tmp_obj = \ilObjectFactory::getInstanceByObjId($this->managed_user_id);
81 if ($tmp_obj->getTimeLimitOwner() !== $this->ref_id &&
82 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($this->managing_user_id), true)) {
83 return true;
84 }
85
86 // new assignment by form
87 $assigned = $rbacreview->assignedRoles($this->managed_user_id);
88
89 // all assignable globals
90 if (!in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($this->managing_user_id), true)) {
91 $ga = $rbacreview->getGlobalAssignableRoles();
92 } else {
93 $ga = $rbacreview->getGlobalRolesArray();
94 }
95 $global_assignable = [];
96 foreach ($ga as $role) {
97 $global_assignable[] = $role['obj_id'];
98 }
99
100 $has_global_role = false;
101 foreach ($rbacreview->getGlobalRoles() as $gb_role_id) {
102 // global role will be switched on
103 if (in_array($gb_role_id, $ids, true) &&
104 !in_array($gb_role_id, $assigned, true)) {
105 $has_global_role = true;
106 }
107 // global role was switched on and will not be switched off
108 if (in_array($gb_role_id, $assigned, true) &&
109 !in_array($gb_role_id, $ids, true)) {
110 $has_global_role = true;
111 }
112 }
113 return $has_global_role;
114 }
115
116}
ILIAS\Catgory\AssignedRolesManager\__construct
__construct(protected InternalDomainService $domain, protected int $ref_id, protected int $managed_user_id, protected int $managing_user_id,)
Definition: AssignedRolesManager.php:27
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$ref_id
$ref_id
Definition: ltiauth.php:66
$lng
global $lng
Definition: privfeed.php:31