ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
AssignedRolesManager.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 namespace ILIAS\Catgory;
22 
23 use ILIAS\Category\InternalDomainService;
24 
25 class AssignedRolesManager
26 {
27  public function __construct(
28  protected InternalDomainService $domain,
29  protected int $ref_id,
30  protected int $managed_user_id,
31  protected int $managing_user_id,
32  ) {
33  }
34 
35  public function getAssignableRoles(): array
36  {
37  $rbacreview = $this->domain->rbac()->review();
38  $tmp_obj = \ilObjectFactory::getInstanceByObjId($this->managed_user_id);
39  // Admin => all roles
40  if (in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($this->managing_user_id), true)) {
41  $global_roles = $rbacreview->getGlobalRolesArray();
42  } elseif ($tmp_obj?->getTimeLimitOwner() === $this->ref_id) {
43  $global_roles = $rbacreview->getGlobalAssignableRoles();
44  } else {
45  $global_roles = [];
46  }
47  return array_merge(
48  $global_roles,
49  $rbacreview->getAssignableChildRoles($this->ref_id)
50  );
51  }
52 
53  public function switchAssignment(array $ids): void
54  {
55  $roles = $this->getAssignableRoles();
56  $lng = $this->domain->lng();
57  $rbacreview = $this->domain->rbac()->review();
58  $rbacadmin = $this->domain->rbac()->admin();
59 
60  // check minimum one global role
61  if (!$this->checkGlobalRoles($ids)) {
62  throw new \Exception($lng->txt('no_global_role_left'));
63  }
64 
65  $assigned_roles = $rbacreview->assignedRoles($this->managed_user_id);
66  foreach ($roles as $role) {
67  if (in_array((int) $role['obj_id'], $ids, true) && !in_array((int) $role['obj_id'], $assigned_roles, true)) {
68  $rbacadmin->assignUser((int) $role['obj_id'], $this->managed_user_id);
69  }
70  if (in_array((int) $role['obj_id'], $ids, true) && in_array((int) $role['obj_id'], $assigned_roles, true)) {
71  $rbacadmin->deassignUser((int) $role['obj_id'], $this->managed_user_id);
72  }
73  }
74  }
75 
76  private function checkGlobalRoles(array $ids): bool
77  {
78  $rbacreview = $this->domain->rbac()->review();
79 
80  $tmp_obj = \ilObjectFactory::getInstanceByObjId($this->managed_user_id);
81  if ($tmp_obj->getTimeLimitOwner() !== $this->ref_id &&
82  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($this->managing_user_id), true)) {
83  return true;
84  }
85 
86  // new assignment by form
87  $assigned = $rbacreview->assignedRoles($this->managed_user_id);
88 
89  // all assignable globals
90  if (!in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($this->managing_user_id), true)) {
91  $ga = $rbacreview->getGlobalAssignableRoles();
92  } else {
93  $ga = $rbacreview->getGlobalRolesArray();
94  }
95  $global_assignable = [];
96  foreach ($ga as $role) {
97  $global_assignable[] = $role['obj_id'];
98  }
99 
100  $has_global_role = false;
101  foreach ($rbacreview->getGlobalRoles() as $gb_role_id) {
102  // global role will be switched on
103  if (in_array($gb_role_id, $ids, true) &&
104  !in_array($gb_role_id, $assigned, true)) {
105  $has_global_role = true;
106  }
107  // global role was switched on and will not be switched off
108  if (in_array($gb_role_id, $assigned, true) &&
109  !in_array($gb_role_id, $ids, true)) {
110  $has_global_role = true;
111  }
112  }
113  return $has_global_role;
114  }
115 
116 }
ILIAS\Catgory\AssignedRolesManager\__construct
__construct(protected InternalDomainService $domain, protected int $ref_id, protected int $managed_user_id, protected int $managing_user_id,)
Definition: AssignedRolesManager.php:27
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
$lng
global $lng
Definition: privfeed.php:31