ILIAS  trunk Revision v12.0_alpha-377-g3641b37b9db
class.ilMyStaffAccess.php
Go to the documentation of this file.
1<?php
2
19namespace ILIAS\MyStaff;
20
21use ilObjectAccess;
22use ilOrgUnitOperation;
23use ilOrgUnitOperationContext;
24use ilOrgUnitOperationContextQueries;
25use ilOrgUnitOperationQueries;
26use ilOrgUnitUserAssignmentQueries;
27
32class ilMyStaffAccess extends ilObjectAccess
33{
34 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
35 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
36 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
37 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
38 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
39 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
40 public const string ACCESS_ENROLMENTS_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
41 public const string COURSE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_CRS;
42 public const string EXERCISE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_EXC;
43 public const string GROUP_CONTEXT = ilOrgUnitOperationContext::CONTEXT_GRP;
44 public const string SURVEY_CONTEXT = ilOrgUnitOperationContext::CONTEXT_SVY;
45 public const string TEST_CONTEXT = ilOrgUnitOperationContext::CONTEXT_TST;
46 public const string EMPLOYEE_TALK_CONTEXT = ilOrgUnitOperationContext::CONTEXT_ETAL;
47
48 protected static ?self $instance = null;
49
50 protected array $users_for_user = [];
51
52 public static function getInstance(): self
53 {
54 global $DIC;
55
56 if (self::$instance === null) {
57 self::$instance = new self();
58
59 if (!self::isMyStaffActive()) {
60 return self::$instance;
61 }
62
63 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
64 . self::COURSE_CONTEXT);
65 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
66 . "_" . self::COURSE_CONTEXT);
67 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
68 . "_" . self::COURSE_CONTEXT);
69 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
70 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
71 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
72 . self::COURSE_CONTEXT);
73 }
74
75 return self::$instance;
76 }
77
78 public function __construct()
79 {
80 }
81
82 public static function isMyStaffActive(): bool
83 {
84 global $DIC;
85
86 return (bool) $DIC->settings()->get('enable_my_staff');
87 }
88
89 public function hasCurrentUserAccessToMyStaff(): bool
90 {
91 global $DIC;
92
93 if (!self::isMyStaffActive()) {
94 return false;
95 }
96
97 if ($this->hasCurrentUserAccessToCourseMemberships()) {
98 return true;
99 }
100
101 if ($this->hasCurrentUserAccessToCertificates()) {
102 return true;
103 }
104
105 if ($this->hasCurrentUserAccessToCompetences()) {
106 return true;
107 }
108
109 if ($this->hasCurrentUserAccessToTalks()) {
110 return true;
111 }
112
113 if ($this->hasCurrentUserAccessToStaffList()) {
114 return true;
115 }
116
117 return false;
118 }
119
120 public function hasCurrentUserAccessToCertificates(): bool
121 {
122 global $DIC;
123
124 if (!self::isMyStaffActive()) {
125 return false;
126 }
127
128 $cert_set = new \ilSetting("certificate");
129 if (!$cert_set->get("active")) {
130 return false;
131 }
132
133 if ($this->countOrgusOfUserWithOperationAndContext(
134 $DIC->user()->getId(),
135 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
136 self::COURSE_CONTEXT
137 )
138 > 0
139 ) {
140 return true;
141 }
142
143 if ($this->countOrgusOfUserWithOperationAndContext(
144 $DIC->user()->getId(),
145 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
146 self::EXERCISE_CONTEXT
147 )
148 > 0
149 ) {
150 return true;
151 }
152
153 if ($this->countOrgusOfUserWithOperationAndContext(
154 $DIC->user()->getId(),
155 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
156 self::TEST_CONTEXT
157 )
158 > 0
159 ) {
160 return true;
161 }
162
163 return false;
164 }
165
166 public function hasCurrentUserAccessToTalks(): bool
167 {
168 global $DIC;
169
170 if (!self::isMyStaffActive()) {
171 return false;
172 }
173
174 if ($this->countOrgusOfUserWithOperationAndContext(
175 $DIC->user()->getId(),
176 ilOrgUnitOperation::OP_CREATE_EMPLOYEE_TALK,
177 self::EMPLOYEE_TALK_CONTEXT
178 )
179 > 0
180 ) {
181 return true;
182 }
183
184 if ($this->countOrgusOfUserWithOperationAndContext(
185 $DIC->user()->getId(),
186 ilOrgUnitOperation::OP_EDIT_EMPLOYEE_TALK,
187 self::EMPLOYEE_TALK_CONTEXT
188 )
189 > 0
190 ) {
191 return true;
192 }
193
194 if ($this->countOrgusOfUserWithOperationAndContext(
195 $DIC->user()->getId(),
196 ilOrgUnitOperation::OP_READ_EMPLOYEE_TALK,
197 self::EMPLOYEE_TALK_CONTEXT
198 )
199 > 0
200 ) {
201 return true;
202 }
203
204 return false;
205 }
206
207 public function hasCurrentUserAccessToCompetences(): bool
208 {
209 global $DIC;
210
211 if (!self::isMyStaffActive()) {
212 return false;
213 }
214
215 $skmg_set = new \ilSkillManagementSettings();
216 if (!$skmg_set->isActivated()) {
217 return false;
218 }
219
220 if ($this->countOrgusOfUserWithOperationAndContext(
221 $DIC->user()->getId(),
222 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
223 self::COURSE_CONTEXT
224 )
225 > 0
226 ) {
227 return true;
228 }
229
230 if ($this->countOrgusOfUserWithOperationAndContext(
231 $DIC->user()->getId(),
232 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
233 self::GROUP_CONTEXT
234 )
235 > 0
236 ) {
237 return true;
238 }
239
240 if ($this->countOrgusOfUserWithOperationAndContext(
241 $DIC->user()->getId(),
242 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
243 self::SURVEY_CONTEXT
244 )
245 > 0
246 ) {
247 return true;
248 }
249
250 if ($this->countOrgusOfUserWithOperationAndContext(
251 $DIC->user()->getId(),
252 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
253 self::TEST_CONTEXT
254 )
255 > 0
256 ) {
257 return true;
258 }
259
260 return false;
261 }
262
263 public function hasCurrentUserAccessToCourseMemberships(): bool
264 {
265 global $DIC;
266
267 if (!self::isMyStaffActive()) {
268 return false;
269 }
270
271 if ($this->countOrgusOfUserWithOperationAndContext(
272 $DIC->user()->getId(),
273 self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION,
274 self::COURSE_CONTEXT
275 )
276 > 0
277 ) {
278 return true;
279 }
280
281 return false;
282 }
283
284 public function hasCurrentUserAccessToStaffList(): bool
285 {
286 return $this->hasCurrentUserAccessToUser(0);
287 }
288
289 public function hasCurrentUserAccessToUser(int $usr_id): bool
290 {
291 global $DIC;
292
293 if (!self::isMyStaffActive()) {
294 return false;
295 }
296
297 $arr_users = $this->getUsersForUser($DIC->user()->getId());
298 if (count($arr_users) > 0 && $usr_id === 0) {
299 return true;
300 }
301
302 if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
303 return true;
304 }
305
306 return false;
307 }
308
309 public function hasCurrentUserAccessToLearningProgressInObject(int $ref_id = 0): bool
310 {
311 global $DIC;
312
313 return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
314 }
315
316 public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser(): bool
317 {
318 global $DIC;
319
320 $arr_usr_id = $this->getUsersForUserOperationAndContext(
321 $DIC->user()->getId(),
322 ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
323 self::COURSE_CONTEXT
324 );
325 if (count($arr_usr_id) > 0) {
326 return true;
327 }
328
329 return false;
330 }
331
332 public function countOrgusOfUserWithAtLeastOneOperation(int $user_id): int
333 {
334 global $DIC;
335
336 $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
337 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
338 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
339 WHERE orgu_ua.user_id = " . $DIC->database()->quote(
340 $user_id,
341 'integer'
342 ) . " AND perm.operations is not NULL AND perm.parent_id = -1";
343
344 $set = $DIC->database()->query($q);
345 $rec = $DIC->database()->fetchAssoc($set);
346
347 return $rec['cnt'];
348 }
349
350 public function countOrgusOfUserWithOperationAndContext(
351 int $user_id,
352 string $org_unit_operation_string,
353 string $context
354 ): int {
355 global $DIC;
356
360 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
361
362 $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
363 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
364 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
365 and orgu_ua.user_id = " . $DIC->database()->quote(
366 $user_id,
367 'integer'
368 ) . " AND perm.operations REGEXP '[\\\[,]\"?"
369 . $operation->getOperationId() . "\"?[\],]'";
370
371 $set = $DIC->database()->query($q);
372 $rec = $DIC->database()->fetchAssoc($set);
373
374 return $rec['cnt'];
375 }
376
377 public function getUsersForUserOperationAndContext(
378 int $user_id,
379 string $org_unit_operation_string,
380 string $context,
381 string $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
382 ): array {
383 global $DIC;
384
385 $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
386 $user_id,
387 $org_unit_operation_string,
388 $context,
389 $tmp_table_name_prefix
390 );
391
392 $q = 'SELECT usr_id FROM ' . $tmp_table_name;
393
394 $user_set = $DIC->database()->query($q);
395
396 $arr_users = array();
397
398 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
399 $arr_users[$rec['usr_id']] = $rec['usr_id'];
400 }
401
402 return $arr_users;
403 }
404
405 public function getUsersForUserPerPosition(int $user_id): array
406 {
407 $users = [];
408 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
409 foreach ($user_assignments as $user_assignment) {
410 $users[$user_assignment->getPositionId()] = $this->getUsersForUser(
411 $user_id,
412 $user_assignment->getPositionId()
413 );
414 }
415
416 return $users;
417 }
418
422 public function getUsersForUser(int $user_id, ?int $position_id = null): array
423 {
424 global $DIC;
425
426 if (isset($this->users_for_user[$user_id]) && $position_id === null) {
427 return $this->users_for_user[$user_id];
428 }
429
430 $tmp_orgu_members = $this->buildTempTableOrguMemberships(
431 self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
432 array()
433 );
434
435 $position_limitation = '';
436 if (!is_null($position_id)) {
437 $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
438 }
439
440 $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
441 FROM
442 " . $tmp_orgu_members . "
443 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
444 $user_id,
445 'integer'
446 ) . "
447 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
448 WHERE
449 (
450 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
451 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
452 AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
453 )
454 OR
455 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
456 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
457 OR
458 /* Kinder OrgUnit wie Current User */
459 (
460 (
461 " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
462 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
463 OR
464 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
465 )
466 AND
467 (
468 (
469 (
470 /* Gleiche Position */
471 auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
472 )
473 OR
474 (
475 /* Position Egal */
476 auth.over = -1
477 )
478 )
479 AND auth.scope = 2
480 )
481 )
482 )";
483
484 $user_set = $DIC->database()->query($q);
485
486 $arr_users = array();
487
488 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
489 $arr_users[$rec['usr_id']] = $rec['usr_id'];
490 }
491
492 if ($position_id === null) {
493 $this->users_for_user[$user_id] = $arr_users;
494 }
495
496 return $arr_users;
497 }
498
499 public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false): array
500 {
501 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
502 $ids = [];
503 foreach ($user_assignments as $user_assignment) {
504 $ref_ids = $this->getIdsForPositionAndOperation(
505 $user_assignment->getPositionId(),
506 $operation,
507 $return_ref_id
508 );
509 if (count($ref_ids) > 0) {
510 $ids = array_merge($ids, $ref_ids);
511 }
512 }
513 return $ids;
514 }
515
516 public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id): array
517 {
518 $ids = [];
519 foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
520 $ref_ids = $this->getIdsForPositionAndOperationAndContext(
521 $position_id,
522 $operation,
523 $context,
524 $return_ref_id
525 );
526 if (count($ref_ids) > 0) {
527 $ids = array_merge($ids, $ref_ids);
528 }
529 }
530
531 return $ids;
532 }
533
539 public function getIdsForPositionAndOperationAndContext(
540 int $position_id,
541 string $operation,
542 string $context,
543 bool $return_ref_id
544 ): array {
545 global $DIC;
546 $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
550 $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
551 if (is_null($operation_object)) {
552 // operation doesn't exist in this context
553 return [];
554 }
555 $operation_id = $operation_object->getOperationId();
556
557 if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
558 $query = "select " . ($return_ref_id ? "object_reference.ref_id" : "object_data.obj_id") . " from object_data " .
559 "inner join object_reference on object_reference.obj_id = object_data.obj_id " .
560 "where type = '" . $context . "' " .
561 "AND object_reference.ref_id not in " .
562 " (SELECT parent_id FROM il_orgu_permissions " .
563 " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations NOT REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1)";
564 } else {
565 $query = $return_ref_id
566 ?
567 "SELECT parent_id as ref_id FROM il_orgu_permissions "
568 :
569 "SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ";
570 $query .= " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1";
571 }
572
573 return array_map(function ($item) use ($return_ref_id) {
574 return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
575 }, $DIC->database()->fetchAll($DIC->database()->query($query)));
576 }
577
578 public function hasPositionDefaultPermissionForOperationInContext(
579 int $position_id,
580 int $operation_id,
581 int $context_id
582 ): bool {
583 global $DIC;
584 $res = $DIC->database()->query("SELECT * FROM il_orgu_permissions " .
585 " WHERE context_id = " . $context_id . " " .
586 "AND operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' " .
587 "AND position_id = " . $position_id . " " .
588 "AND parent_id = -1");
589
590 return (bool) $DIC->database()->numRows($res) > 0;
591 }
592
593 public function getIlobjectsAndUsersForUserOperationAndContext(
594 int $user_id,
595 string $org_unit_operation_string,
596 string $context
597 ): array {
598 global $DIC;
599
600
601 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
602 assert($operation instanceof ilOrgUnitOperation);
603
604 $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
605
606 $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
607 $user_id,
608 $org_unit_operation_string,
609 $context,
610 $tmp_table_name
611 );
612
613 $q = 'SELECT * FROM ' . $tmp_table_name;
614
615 $user_set = $DIC->database()->query($q);
616
617 $arr_user_obj = array();
618
619 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
620 $arr_user_obj[] = $rec;
621 }
622
623 return $arr_user_obj;
624 }
625
626 public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
627 int $user_id,
628 string $org_unit_operation_string,
629 string $context,
630 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
631 ): string {
632 global $DIC;
633
634 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
635
636 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
637 assert($operation instanceof ilOrgUnitOperation);
638
639 $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
640
641
642 $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
643 $org_unit_operation_string,
644 $context,
645 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
646 );
647
648 $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
649 $org_unit_operation_string,
650 $context,
651 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
652 );
653
654 $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
655 $org_unit_operation_string,
656 $context,
657 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
658 );
659
660 $tmp_table_course_members = $this->buildTempTableCourseMemberships(
661 self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
662 $all_users_for_user
663 );
664
665 $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(
666 self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
667 $all_users_for_user
668 );
669
670 $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships(
671 'tmp_orgu_members_path',
672 $all_users_for_user
673 );
674
675 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
676 . self::COURSE_CONTEXT
677 ) {
678 $this->dropTempTable($temporary_table_name);
679 }
680
681 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
682 SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
683 (
684 SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
685 (
686 SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
687 UNION
688 SELECT * FROM " . $tmp_table_objects_default_perimissions . "
689 ) AS crs
690 INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
691 and (
692 (
693 " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
694 )
695 or perm_orgu_scope = 2
696 )
697 UNION
698 SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
699 . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
700 INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
701 . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
702 and (
703 (
704 " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
705 . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
706 )
707 or perm_orgu_scope = 2
708 )
709
710 ) AS user_perm_matrix
711 INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
712
713 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
714 $user_id,
715 'integer'
716 ) . "
717 INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
718 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
719 and perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
720
721 AND
722 (
723 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
724 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
725 AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
726 )
727 OR
728 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
729 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
730 OR
731 /* Kinder OrgUnit wie Current User */
732 (
733 orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
734 AND
735 (
736 path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
737 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
738 OR
739 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
740 )
741 AND
742 (
743 (
744 (
745 /* Gleiche Position */
746 orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
747 )
748 OR
749 (
750 /* Position Egal */
751 user_perm_matrix.perm_over_user_with_position = -1
752 )
753 )
754 AND user_perm_matrix.perm_orgu_scope = 2
755 )
756 )
757 )
758 );";
759
760 $DIC->database()->manipulate($q);
761
762 return $temporary_table_name;
763 }
764
765 public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
766 string $org_unit_operation_string,
767 string $context,
768 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
769 ): string {
770 global $DIC;
771
772 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
773
774 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
775 assert($operation instanceof ilOrgUnitOperation);
776
777 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
778 . self::COURSE_CONTEXT
779 ) {
780 $this->dropTempTable($temporary_table_name);
781 }
782
783 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
784 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
785 AS (
786 SELECT
787 obj_ref.ref_id AS perm_for_ref_id,
788 orgu_ua.orgu_id AS perm_for_orgu_id,
789 auth.scope AS perm_orgu_scope,
790 orgu_ua.position_id AS perm_for_position_id,
791 auth.over AS perm_over_user_with_position
792 FROM
793 il_orgu_permissions AS perm
794 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
795 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
796 ->getId() . "
797 INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
798 INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
799 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
800 WHERE
801 perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
802 );";
803
804 $DIC->database()->manipulate($q);
805
806 return $temporary_table_name;
807 }
808
809 public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
810 string $org_unit_operation_string,
811 string $context,
812 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
813 ): string {
814 global $DIC;
815
816 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
817
821 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
822
823 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
824 . self::COURSE_CONTEXT
825 ) {
826 $this->dropTempTable($temporary_table_name);
827 }
828
829 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
830 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
831 AS (
832 SELECT
833 obj_ref.ref_id AS perm_for_ref_id,
834 orgu_ua.orgu_id AS perm_for_orgu_id,
835 auth.scope AS perm_orgu_scope,
836 orgu_ua.position_id AS perm_for_position_id,
837 auth.over AS perm_over_user_with_position
838 FROM
839 object_data AS obj
840 INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
841 INNER JOIN il_orgu_permissions AS perm ON perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]' AND perm.parent_id = -1
842 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
843 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
844 ->getId() . "
845 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
846
847 WHERE
848 obj.type = '" . $context . "'
849 AND (obj_ref.ref_id , orgu_ua.position_id)
850
851 NOT IN (SELECT
852 perm.parent_id, orgu_ua.position_id
853 FROM
854 il_orgu_permissions AS perm
855 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
856 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
857 WHERE perm.parent_id <> -1)
858 );";
859
860 $DIC->database()->manipulate($q);
861
862 return $temporary_table_name;
863 }
864
871 public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
872 string $org_unit_operation_string,
873 string $context,
874 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
875 ): string {
876 global $DIC;
877
878 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
882 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
883
884 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
885 . self::COURSE_CONTEXT
886 ) {
887 $this->dropTempTable($temporary_table_name);
888 }
889
890 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
891 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
892 AS (
893 SELECT
894 orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
895 orgu_ua.orgu_id AS perm_for_orgu_id,
896 auth.scope AS perm_orgu_scope,
897 orgu_ua.position_id AS perm_for_position_id,
898 auth.over AS perm_over_user_with_position
899 FROM
900 il_orgu_permissions AS perm
901 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
902 . $GLOBALS['DIC']->user()->getId() . "
903 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
904 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
905 WHERE
906 perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
907 );";
908
909 $DIC->database()->manipulate($q);
910
911 return $temporary_table_name;
912 }
913
914 public function buildTempTableCourseMemberships(
915 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
916 array $only_courses_of_user_ids = array()
917 ): string {
918 global $DIC;
919
920 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
921
922 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
923 || count($only_courses_of_user_ids) > 0
924 ) {
925 $this->dropTempTable($temporary_table_name);
926 }
927
928 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
929 (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
930 AS (
931 SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
932 FROM (
933 SELECT obj_id, usr_id FROM obj_members WHERE admin > 0 OR tutor > 0 OR member > 0
934 AND " . $DIC->database()->in(
935 'obj_members.usr_id',
936 $only_courses_of_user_ids,
937 false,
938 'integer'
939 ) . "
940 UNION
941 SELECT obj_id, usr_id FROM crs_waiting_list
942 WHERE " . $DIC->database()->in(
943 'crs_waiting_list.usr_id',
944 $only_courses_of_user_ids,
945 false,
946 'integer'
947 ) . "
948 UNION
949 SELECT obj_id, usr_id FROM il_subscribers
950 WHERE " . $DIC->database()->in(
951 'il_subscribers.usr_id',
952 $only_courses_of_user_ids,
953 false,
954 'integer'
955 ) . "
956 ) AS crs_members
957 INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
958 INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
959 );";
960
961 $DIC->database()->manipulate($q);
962
963 return $temporary_table_name;
964 }
965
966 public function buildTempTableOrguMemberships(
967 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
968 array $only_orgus_of_user_ids = array()
969 ): string {
970 global $DIC;
971
972 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
973
974 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
975 || count($only_orgus_of_user_ids) > 0
976 ) {
977 $this->dropTempTable($temporary_table_name);
978 }
979
980 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
981 (INDEX i1(orgu_id), INDEX i2 (tree_path(255)), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
982 AS (
983 SELECT orgu_ua.orgu_id AS orgu_id,
984 tree_orgu.path AS tree_path,
985 tree_orgu.child AS tree_child,
986 tree_orgu.parent AS tree_parent,
987 tree_orgu.lft AS tree_lft,
988 tree_orgu.rgt AS tree_rgt,
989 orgu_ua.position_id AS user_position_id,
990 orgu_ua.user_id AS user_id
991 FROM
992 il_orgu_ua AS orgu_ua
993 INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
994 LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
995
996 if (count($only_orgus_of_user_ids) > 0) {
997 $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
998 }
999
1000 $q .= ");";
1001
1002 $DIC->database()->manipulate($q);
1003
1004 return $temporary_table_name;
1005 }
1006
1007 public function dropTempTable(string $temporary_table_name): void
1008 {
1009 global $DIC;
1010
1011 $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
1012 $DIC->database()->manipulate($q);
1013 }
1014}
ILIAS\MyStaff\ilMyStaffAccess\getIlobjectsAndUsersForUserOperationAndContext
getIlobjectsAndUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context)
Definition: class.ilMyStaffAccess.php:593
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:377
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:966
ILIAS\MyStaff\ilMyStaffAccess\hasCurrentUserAccessToLearningProgressInObject
hasCurrentUserAccessToLearningProgressInObject(int $ref_id=0)
Definition: class.ilMyStaffAccess.php:309
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
Definition: class.ilMyStaffAccess.php:36
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:914
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:578
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
Definition: class.ilMyStaffAccess.php:35
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS
Definition: class.ilMyStaffAccess.php:37
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:516
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser(int $user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:422
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable(string $temporary_table_name)
Definition: class.ilMyStaffAccess.php:1007
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:499
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
Definition: class.ilMyStaffAccess.php:34
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS
Definition: class.ilMyStaffAccess.php:38
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
Definition: class.ilMyStaffAccess.php:39
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsUserMatrixForUserOperationAndContext
buildTempTableIlobjectsUserMatrixForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:626
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext
buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS)
Definition: class.ilMyStaffAccess.php:765
ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:32
ilOrgUnitOperationContextQueries
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationContextQueries.php:25
ilOrgUnitOperationContext
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationContext.php:24
ilOrgUnitOperationQueries
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationQueries.php:25
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString(string $operation_string, string $context_name)
@deprecated Please use find() from OrgUnitOperationRepository
Definition: class.ilOrgUnitOperationQueries.php:90
ilOrgUnitOperation
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperation.php:24
ilOrgUnitUserAssignmentQueries
Class ilOrgUnitUserAssignmentQueries.
Definition: class.ilOrgUnitUserAssignmentQueries.php:27
$ref_id
$ref_id
Definition: ltiauth.php:66
$res
$res
Definition: ltiservices.php:69
ILIAS\MyStaff
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilMyStaffAccess.php:19
$DIC
global $DIC
Definition: shib_login.php:26
$q
$q
Definition: shib_logout.php:23
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$context
$context
Definition: webdav.php:31