ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilAccessInitialPermissionGuidelineAppliedObjective.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\Setup;
22use ILIAS\Setup\Environment;
23
24class ilAccessInitialPermissionGuidelineAppliedObjective implements Setup\Objective
25{
26 protected const RBAC_OP_EDIT_PERMISSIONS = 1;
27 protected const RBAC_OP_VISIBLE = 2;
28 protected const RBAC_OP_READ = 3;
29 protected const RBAC_OP_WRITE = 4;
30 protected const RBAC_OP_DELETE = 6;
31 protected const RBAC_OP_COPY = 99;
32
33 protected array $initial_permission_definition = [
34 'role' => [
35 'User' => [
36 'id' => 4,
37 'ignore_for_authoring_objects' => true,
38 'object' => [
39 self::RBAC_OP_VISIBLE,
40 self::RBAC_OP_READ,
41 ]
42 ]
43 ],
44 'rolt' => [
45 'il_crs_admin' => [
46 'object' => [
47 self::RBAC_OP_VISIBLE,
48 self::RBAC_OP_READ,
49 self::RBAC_OP_WRITE,
50 self::RBAC_OP_DELETE,
51 self::RBAC_OP_COPY,
52 self::RBAC_OP_EDIT_PERMISSIONS,
53 ],
54 'lp' => true,
55 'create' => [
56 'crs',
57 'grp',
58 'fold',
59 ]
60 ],
61 'il_crs_tutor' => [
62 'object' => [
63 self::RBAC_OP_VISIBLE,
64 self::RBAC_OP_READ,
65 self::RBAC_OP_WRITE,
66 self::RBAC_OP_COPY,
67 ],
68 'create' => [
69 'crs',
70 'fold',
71 ]
72 ],
73 'il_crs_member' => [
74 'ignore_for_authoring_objects' => true,
75 'object' => [
76 self::RBAC_OP_VISIBLE,
77 self::RBAC_OP_READ,
78 ]
79 ],
80 'il_grp_admin' => [
81 'object' => [
82 self::RBAC_OP_VISIBLE,
83 self::RBAC_OP_READ,
84 self::RBAC_OP_WRITE,
85 self::RBAC_OP_DELETE,
86 self::RBAC_OP_COPY,
87 self::RBAC_OP_EDIT_PERMISSIONS,
88 ],
89 'lp' => true,
90 'create' => [
91 'grp',
92 'fold',
93 ]
94 ],
95 'il_grp_member' => [
96 'ignore_for_authoring_objects' => true,
97 'object' => [
98 self::RBAC_OP_VISIBLE,
99 self::RBAC_OP_READ,
100 ]
101 ],
102 'Author' => [
103 'object' => [
104 self::RBAC_OP_VISIBLE,
105 self::RBAC_OP_READ,
106 self::RBAC_OP_WRITE,
107 self::RBAC_OP_DELETE,
108 self::RBAC_OP_COPY,
109 self::RBAC_OP_EDIT_PERMISSIONS,
110 ],
111 'lp' => true,
112 'create' => [
113 'cat',
114 'crs',
115 'grp',
116 'fold',
117 ]
118 ],
119 'Local Administrator' => [
120 'object' => [
121 self::RBAC_OP_VISIBLE,
122 self::RBAC_OP_DELETE,
123 self::RBAC_OP_EDIT_PERMISSIONS,
124 ],
125 'create' => [
126 'cat',
127 ]
128 ],
129 ]
130 ];
131
132 protected string $object_type;
133 protected bool $has_learning_progress;
134 protected bool $used_for_authoring;
135
136 public function __construct(
137 string $object_type,
138 bool $has_learning_progress = false,
139 bool $used_for_authoring = false
140 ) {
141 $this->object_type = $object_type;
142 $this->has_learning_progress = $has_learning_progress;
143 $this->used_for_authoring = $used_for_authoring;
144 }
145
146 public function getHash(): string
147 {
148 return hash("sha256", self::class);
149 }
150
151 public function getLabel(): string
152 {
153 return "Apply initial permission guideline";
154 }
155
156 public function isNotable(): bool
157 {
158 return true;
159 }
160
161 public function getPreconditions(Environment $environment): array
162 {
163 return [
164 new ilIniFilesLoadedObjective(),
165 new ilDatabaseInitializedObjective()
166 ];
167 }
168
169 public function achieve(Environment $environment): Environment
170 {
171 $client_ini = $environment->getResource(Setup\Environment::RESOURCE_CLIENT_INI);
172 $db = $environment->getResource(Environment::RESOURCE_DATABASE);
173
174 $role_folder_id = (int) $client_ini->readVariable("system", "ROLE_FOLDER_ID");
175
176 $learning_progress_permissions = [];
177 if ($this->has_learning_progress) {
178 $learning_progress_permissions = array_filter([
179 ilRbacReview::_getCustomRBACOperationId("read_learning_progress"),
180 ilRbacReview::_getCustomRBACOperationId("edit_learning_progress")
181
182 ]);
183 }
184
185 foreach ($this->initial_permission_definition as $role_type => $roles) {
186 foreach ($roles as $role_title => $definition) {
187 if (
188 $this->used_for_authoring &&
189 array_key_exists('ignore_for_authoring_objects', $definition) &&
190 $definition['ignore_for_authoring_objects']
191 ) {
192 continue;
193 }
194
195 if (array_key_exists('id', $definition) && is_numeric($definition['id'])) {
196 // According to JF (2018-07-02), some roles have to be selected by if, not by title
197 $query = "SELECT obj_id FROM object_data WHERE type = %s AND obj_id = %s";
198 $query_types = ['text', 'integer'];
199 $query_values = [$role_type, $definition['id']];
200 } else {
201 $query = "SELECT obj_id FROM object_data WHERE type = %s AND title = %s";
202 $query_types = ['text', 'text'];
203 $query_values = [$role_type, $role_title];
204 }
205
206 $res = $db->queryF($query, $query_types, $query_values);
207 if (1 == $db->numRows($res)) {
208 $row = $db->fetchAssoc($res);
209 $role_id = (int) $row['obj_id'];
210
211 $operation_ids = [];
212
213 if (array_key_exists('object', $definition) && is_array($definition['object'])) {
214 $operation_ids = array_merge($operation_ids, $definition['object']);
215 }
216
217 if (array_key_exists('lp', $definition) && $definition['lp']) {
218 $operation_ids = array_merge($operation_ids, $learning_progress_permissions);
219 }
220
221 foreach (array_filter(array_map('intval', $operation_ids)) as $ops_id) {
222 if ($ops_id == self::RBAC_OP_COPY) {
223 $ops_id = ilRbacReview::_getCustomRBACOperationId('copy');
224 }
225
226 $db->replace(
227 'rbac_templates',
228 [
229 'rol_id' => ['integer', $role_id],
230 'type' => ['text', $this->object_type],
231 'ops_id' => ['integer', $ops_id],
232 'parent' => ['integer', $role_folder_id]
233 ],
234 []
235 );
236 }
237
238 if (array_key_exists('create', $definition) && is_array($definition['create'])) {
239 foreach ($definition['create'] as $container_object_type) {
240 foreach (ilRbacReview::_getCustomRBACOperationId("create_" . $this->object_type) as $ops_id) {
241 if ($ops_id == self::RBAC_OP_COPY) {
242 $ops_id = ilRbacReview::_getCustomRBACOperationId('copy');
243 }
244
245 $db->replace(
246 'rbac_templates',
247 [
248 'rol_id' => ['integer', $role_id],
249 'type' => ['text', $container_object_type],
250 'ops_id' => ['integer', $ops_id],
251 'parent' => ['integer', $role_folder_id]
252 ],
253 []
254 );
255 }
256 }
257 }
258 }
259 }
260 }
261
262
263 return $environment;
264 }
265
266 public function isApplicable(Environment $environment): bool
267 {
268 if (!ilObject::_getObjectTypeIdByTitle($this->object_type)) {
269 throw new Exception("Something went wrong, there MUST be valid id for object_type " . $this->object_type);
270 }
271
272 if (!ilRbacReview::_getCustomRBACOperationId("create_" . $this->object_type)) {
273 throw new Exception(
274 "Something went wrong, missing CREATE operation id for object type " . $this->object_type
275 );
276 }
277
278 return true;
279 }
280}
ilAccessInitialPermissionGuidelineAppliedObjective\__construct
__construct(string $object_type, bool $has_learning_progress=false, bool $used_for_authoring=false)
Definition: class.ilAccessInitialPermissionGuidelineAppliedObjective.php:136
ilObject\_getObjectTypeIdByTitle
static _getObjectTypeIdByTitle(string $type, ?\ilDBInterface $ilDB=null)
Definition: class.ilObject.php:2152
ilRbacReview\_getCustomRBACOperationId
static _getCustomRBACOperationId(string $operation, ?\ilDBInterface $ilDB=null)
Definition: class.ilRbacReview.php:1422
ILIAS\Setup\Environment
An environment holds resources to be used in the setup process.
Definition: Environment.php:28
ILIAS\Setup\Environment\getResource
getResource(string $id)
Consumers of this method should check if the result is what they expect, e.g.
ILIAS\Setup\Objective
An objective is a desired state of the system that is supposed to be created by the setup.
Definition: Objective.php:31
$res
$res
Definition: ltiservices.php:69
ILIAS\Setup
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilMysqlMyIsamToInnoDbMigration.php:19