ILIAS  trunk Revision v11.0_alpha-1702-gfd3ecb7f852
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilMyStaffAccess.php
Go to the documentation of this file.
1 <?php
2 
19 namespace ILIAS\MyStaff;
20 
21 use ilObjectAccess;
22 use ilOrgUnitOperation;
23 use ilOrgUnitOperationContext;
24 use ilOrgUnitOperationContextQueries;
25 use ilOrgUnitOperationQueries;
26 use ilOrgUnitUserAssignmentQueries;
27 
32 class ilMyStaffAccess extends ilObjectAccess
33 {
34  public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
35  public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
36  public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
37  public const string TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
38  public const string TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
39  public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
40  public const string ACCESS_ENROLMENTS_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
41  public const string COURSE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_CRS;
42  public const string EXERCISE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_EXC;
43  public const string GROUP_CONTEXT = ilOrgUnitOperationContext::CONTEXT_GRP;
44  public const string SURVEY_CONTEXT = ilOrgUnitOperationContext::CONTEXT_SVY;
45  public const string TEST_CONTEXT = ilOrgUnitOperationContext::CONTEXT_TST;
46  public const string EMPLOYEE_TALK_CONTEXT = ilOrgUnitOperationContext::CONTEXT_ETAL;
47 
48  protected static ?self $instance = null;
49 
50  protected array $users_for_user = [];
51 
52  public static function getInstance(): self
53  {
54  global $DIC;
55 
56  if (self::$instance === null) {
57  self::$instance = new self();
58 
59  if (!self::isMyStaffActive()) {
60  return self::$instance;
61  }
62 
63  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
64  . self::COURSE_CONTEXT);
65  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
66  . "_" . self::COURSE_CONTEXT);
67  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
68  . "_" . self::COURSE_CONTEXT);
69  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
70  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
71  self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
72  . self::COURSE_CONTEXT);
73  }
74 
75  return self::$instance;
76  }
77 
78  public function __construct()
79  {
80  }
81 
82  public static function isMyStaffActive(): bool
83  {
84  global $DIC;
85 
86  return (bool) $DIC->settings()->get('enable_my_staff');
87  }
88 
89  public function hasCurrentUserAccessToMyStaff(): bool
90  {
91  global $DIC;
92 
93  if (!self::isMyStaffActive()) {
94  return false;
95  }
96 
97  if ($this->hasCurrentUserAccessToCourseMemberships()) {
98  return true;
99  }
100 
101  if ($this->hasCurrentUserAccessToCertificates()) {
102  return true;
103  }
104 
105  if ($this->hasCurrentUserAccessToCompetences()) {
106  return true;
107  }
108 
109  if ($this->hasCurrentUserAccessToTalks()) {
110  return true;
111  }
112 
113  if ($this->hasCurrentUserAccessToStaffList()) {
114  return true;
115  }
116 
117  return false;
118  }
119 
120  public function hasCurrentUserAccessToCertificates(): bool
121  {
122  global $DIC;
123 
124  if (!self::isMyStaffActive()) {
125  return false;
126  }
127 
128  $cert_set = new \ilSetting("certificate");
129  if (!$cert_set->get("active")) {
130  return false;
131  }
132 
133  if ($this->countOrgusOfUserWithOperationAndContext(
134  $DIC->user()->getId(),
135  ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
136  self::COURSE_CONTEXT
137  )
138  > 0
139  ) {
140  return true;
141  }
142 
143  if ($this->countOrgusOfUserWithOperationAndContext(
144  $DIC->user()->getId(),
145  ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
146  self::EXERCISE_CONTEXT
147  )
148  > 0
149  ) {
150  return true;
151  }
152 
153  if ($this->countOrgusOfUserWithOperationAndContext(
154  $DIC->user()->getId(),
155  ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
156  self::TEST_CONTEXT
157  )
158  > 0
159  ) {
160  return true;
161  }
162 
163  return false;
164  }
165 
166  public function hasCurrentUserAccessToTalks(): bool
167  {
168  global $DIC;
169 
170  if (!self::isMyStaffActive()) {
171  return false;
172  }
173 
174  if ($this->countOrgusOfUserWithOperationAndContext(
175  $DIC->user()->getId(),
176  ilOrgUnitOperation::OP_CREATE_EMPLOYEE_TALK,
177  self::EMPLOYEE_TALK_CONTEXT
178  )
179  > 0
180  ) {
181  return true;
182  }
183 
184  if ($this->countOrgusOfUserWithOperationAndContext(
185  $DIC->user()->getId(),
186  ilOrgUnitOperation::OP_EDIT_EMPLOYEE_TALK,
187  self::EMPLOYEE_TALK_CONTEXT
188  )
189  > 0
190  ) {
191  return true;
192  }
193 
194  if ($this->countOrgusOfUserWithOperationAndContext(
195  $DIC->user()->getId(),
196  ilOrgUnitOperation::OP_READ_EMPLOYEE_TALK,
197  self::EMPLOYEE_TALK_CONTEXT
198  )
199  > 0
200  ) {
201  return true;
202  }
203 
204  return false;
205  }
206 
207  public function hasCurrentUserAccessToCompetences(): bool
208  {
209  global $DIC;
210 
211  if (!self::isMyStaffActive()) {
212  return false;
213  }
214 
215  $skmg_set = new \ilSkillManagementSettings();
216  if (!$skmg_set->isActivated()) {
217  return false;
218  }
219 
220  if ($this->countOrgusOfUserWithOperationAndContext(
221  $DIC->user()->getId(),
222  ilOrgUnitOperation::OP_VIEW_COMPETENCES,
223  self::COURSE_CONTEXT
224  )
225  > 0
226  ) {
227  return true;
228  }
229 
230  if ($this->countOrgusOfUserWithOperationAndContext(
231  $DIC->user()->getId(),
232  ilOrgUnitOperation::OP_VIEW_COMPETENCES,
233  self::GROUP_CONTEXT
234  )
235  > 0
236  ) {
237  return true;
238  }
239 
240  if ($this->countOrgusOfUserWithOperationAndContext(
241  $DIC->user()->getId(),
242  ilOrgUnitOperation::OP_VIEW_COMPETENCES,
243  self::SURVEY_CONTEXT
244  )
245  > 0
246  ) {
247  return true;
248  }
249 
250  if ($this->countOrgusOfUserWithOperationAndContext(
251  $DIC->user()->getId(),
252  ilOrgUnitOperation::OP_VIEW_COMPETENCES,
253  self::TEST_CONTEXT
254  )
255  > 0
256  ) {
257  return true;
258  }
259 
260  return false;
261  }
262 
263  public function hasCurrentUserAccessToCourseMemberships(): bool
264  {
265  global $DIC;
266 
267  if (!self::isMyStaffActive()) {
268  return false;
269  }
270 
271  if ($this->countOrgusOfUserWithOperationAndContext(
272  $DIC->user()->getId(),
273  self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION,
274  self::COURSE_CONTEXT
275  )
276  > 0
277  ) {
278  return true;
279  }
280 
281  return false;
282  }
283 
284  public function hasCurrentUserAccessToStaffList(): bool
285  {
286  return $this->hasCurrentUserAccessToUser(0);
287  }
288 
289  public function hasCurrentUserAccessToUser(int $usr_id): bool
290  {
291  global $DIC;
292 
293  if (!self::isMyStaffActive()) {
294  return false;
295  }
296 
297  $arr_users = $this->getUsersForUser($DIC->user()->getId());
298  if (count($arr_users) > 0 && $usr_id === 0) {
299  return true;
300  }
301 
302  if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
303  return true;
304  }
305 
306  return false;
307  }
308 
309  public function hasCurrentUserAccessToLearningProgressInObject(int $ref_id = 0): bool
310  {
311  global $DIC;
312 
313  return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
314  }
315 
316  public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser(): bool
317  {
318  global $DIC;
319 
320  $arr_usr_id = $this->getUsersForUserOperationAndContext(
321  $DIC->user()->getId(),
322  ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
323  self::COURSE_CONTEXT
324  );
325  if (count($arr_usr_id) > 0) {
326  return true;
327  }
328 
329  return false;
330  }
331 
332  public function countOrgusOfUserWithAtLeastOneOperation(int $user_id): int
333  {
334  global $DIC;
335 
336  $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
337  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
338  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
339  WHERE orgu_ua.user_id = " . $DIC->database()->quote(
340  $user_id,
341  'integer'
342  ) . " AND perm.operations is not NULL AND perm.parent_id = -1";
343 
344  $set = $DIC->database()->query($q);
345  $rec = $DIC->database()->fetchAssoc($set);
346 
347  return $rec['cnt'];
348  }
349 
350  public function countOrgusOfUserWithOperationAndContext(
351  int $user_id,
352  string $org_unit_operation_string,
353  string $context
354  ): int {
355  global $DIC;
356 
360  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
361 
362  $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
363  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
364  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
365  and orgu_ua.user_id = " . $DIC->database()->quote(
366  $user_id,
367  'integer'
368  ) . " AND perm.operations REGEXP '[\\\[,]\"?"
369  . $operation->getOperationId() . "\"?[\],]'
370  WHERE perm.parent_id = -1";
371 
372  $set = $DIC->database()->query($q);
373  $rec = $DIC->database()->fetchAssoc($set);
374 
375  return $rec['cnt'];
376  }
377 
378  public function getUsersForUserOperationAndContext(
379  int $user_id,
380  string $org_unit_operation_string,
381  string $context,
382  string $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
383  ): array {
384  global $DIC;
385 
386  $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
387  $user_id,
388  $org_unit_operation_string,
389  $context,
390  $tmp_table_name_prefix
391  );
392 
393  $q = 'SELECT usr_id FROM ' . $tmp_table_name;
394 
395  $user_set = $DIC->database()->query($q);
396 
397  $arr_users = array();
398 
399  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
400  $arr_users[$rec['usr_id']] = $rec['usr_id'];
401  }
402 
403  return $arr_users;
404  }
405 
406  public function getUsersForUserPerPosition(int $user_id): array
407  {
408  $users = [];
409  $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
410  foreach ($user_assignments as $user_assignment) {
411  $users[$user_assignment->getPositionId()] = $this->getUsersForUser(
412  $user_id,
413  $user_assignment->getPositionId()
414  );
415  }
416 
417  return $users;
418  }
419 
423  public function getUsersForUser(int $user_id, ?int $position_id = null): array
424  {
425  global $DIC;
426 
427  if (isset($this->users_for_user[$user_id]) && $position_id === null) {
428  return $this->users_for_user[$user_id];
429  }
430 
431  $tmp_orgu_members = $this->buildTempTableOrguMemberships(
432  self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
433  array()
434  );
435 
436  $position_limitation = '';
437  if (!is_null($position_id)) {
438  $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
439  }
440 
441  $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
442  FROM
443  " . $tmp_orgu_members . "
444  INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
445  $user_id,
446  'integer'
447  ) . "
448  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
449  WHERE
450  (
451  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
452  (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
453  AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
454  )
455  OR
456  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
457  (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
458  OR
459  /* Kinder OrgUnit wie Current User */
460  (
461  (
462  " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
463  " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
464  OR
465  " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
466  )
467  AND
468  (
469  (
470  (
471  /* Gleiche Position */
472  auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
473  )
474  OR
475  (
476  /* Position Egal */
477  auth.over = -1
478  )
479  )
480  AND auth.scope = 2
481  )
482  )
483  )";
484 
485  $user_set = $DIC->database()->query($q);
486 
487  $arr_users = array();
488 
489  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
490  $arr_users[$rec['usr_id']] = $rec['usr_id'];
491  }
492 
493  if ($position_id === null) {
494  $this->users_for_user[$user_id] = $arr_users;
495  }
496 
497  return $arr_users;
498  }
499 
500  public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false): array
501  {
502  $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
503  $ids = [];
504  foreach ($user_assignments as $user_assignment) {
505  $ref_ids = $this->getIdsForPositionAndOperation(
506  $user_assignment->getPositionId(),
507  $operation,
508  $return_ref_id
509  );
510  if (count($ref_ids) > 0) {
511  $ids = array_merge($ids, $ref_ids);
512  }
513  }
514  return $ids;
515  }
516 
517  public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id): array
518  {
519  $ids = [];
520  foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
521  $ref_ids = $this->getIdsForPositionAndOperationAndContext(
522  $position_id,
523  $operation,
524  $context,
525  $return_ref_id
526  );
527  if (count($ref_ids) > 0) {
528  $ids = array_merge($ids, $ref_ids);
529  }
530  }
531 
532  return $ids;
533  }
534 
540  public function getIdsForPositionAndOperationAndContext(
541  int $position_id,
542  string $operation,
543  string $context,
544  bool $return_ref_id
545  ): array {
546  global $DIC;
547  $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
551  $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
552  if (is_null($operation_object)) {
553  // operation doesn't exist in this context
554  return [];
555  }
556  $operation_id = $operation_object->getOperationId();
557 
558  if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
559  $query = "select " . ($return_ref_id ? "object_reference.ref_id" : "object_data.obj_id") . " from object_data " .
560  "inner join object_reference on object_reference.obj_id = object_data.obj_id " .
561  "where type = '" . $context . "' " .
562  "AND object_reference.ref_id not in " .
563  " (SELECT parent_id FROM il_orgu_permissions " .
564  " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations NOT REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1)";
565  } else {
566  $query = $return_ref_id
567  ?
568  "SELECT parent_id as ref_id FROM il_orgu_permissions "
569  :
570  "SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ";
571  $query .= " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1";
572  }
573 
574  return array_map(function ($item) use ($return_ref_id) {
575  return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
576  }, $DIC->database()->fetchAll($DIC->database()->query($query)));
577  }
578 
579  public function hasPositionDefaultPermissionForOperationInContext(
580  int $position_id,
581  int $operation_id,
582  int $context_id
583  ): bool {
584  global $DIC;
585  $res = $DIC->database()->query("SELECT * FROM il_orgu_permissions " .
586  " WHERE context_id = " . $context_id . " " .
587  "AND operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' " .
588  "AND position_id = " . $position_id . " " .
589  "AND parent_id = -1");
590 
591  return (bool) $DIC->database()->numRows($res) > 0;
592  }
593 
594  public function getIlobjectsAndUsersForUserOperationAndContext(
595  int $user_id,
596  string $org_unit_operation_string,
597  string $context
598  ): array {
599  global $DIC;
600 
601 
602  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
603  assert($operation instanceof ilOrgUnitOperation);
604 
605  $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
606 
607  $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
608  $user_id,
609  $org_unit_operation_string,
610  $context,
611  $tmp_table_name
612  );
613 
614  $q = 'SELECT * FROM ' . $tmp_table_name;
615 
616  $user_set = $DIC->database()->query($q);
617 
618  $arr_user_obj = array();
619 
620  while ($rec = $DIC->database()->fetchAssoc($user_set)) {
621  $arr_user_obj[] = $rec;
622  }
623 
624  return $arr_user_obj;
625  }
626 
627  public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
628  int $user_id,
629  string $org_unit_operation_string,
630  string $context,
631  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
632  ): string {
633  global $DIC;
634 
635  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
636 
637  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
638  assert($operation instanceof ilOrgUnitOperation);
639 
640  $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
641 
642 
643  $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
644  $org_unit_operation_string,
645  $context,
646  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
647  );
648 
649  $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
650  $org_unit_operation_string,
651  $context,
652  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
653  );
654 
655  $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
656  $org_unit_operation_string,
657  $context,
658  self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
659  );
660 
661  $tmp_table_course_members = $this->buildTempTableCourseMemberships(
662  self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
663  $all_users_for_user
664  );
665 
666  $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(
667  self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
668  $all_users_for_user
669  );
670 
671  $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships(
672  'tmp_orgu_members_path',
673  $all_users_for_user
674  );
675 
676  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
677  . self::COURSE_CONTEXT
678  ) {
679  $this->dropTempTable($temporary_table_name);
680  }
681 
682  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
683  SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
684  (
685  SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
686  (
687  SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
688  UNION
689  SELECT * FROM " . $tmp_table_objects_default_perimissions . "
690  ) AS crs
691  INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
692  and (
693  (
694  " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
695  )
696  or perm_orgu_scope = 2
697  )
698  UNION
699  SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
700  . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
701  INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
702  . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
703  and (
704  (
705  " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
706  . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
707  )
708  or perm_orgu_scope = 2
709  )
710 
711  ) AS user_perm_matrix
712  INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
713 
714  INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
715  $user_id,
716  'integer'
717  ) . "
718  INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
719  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
720  and perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
721 
722  AND
723  (
724  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
725  (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
726  AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
727  )
728  OR
729  /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
730  (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
731  OR
732  /* Kinder OrgUnit wie Current User */
733  (
734  orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
735  AND
736  (
737  path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
738  path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
739  OR
740  path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
741  )
742  AND
743  (
744  (
745  (
746  /* Gleiche Position */
747  orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
748  )
749  OR
750  (
751  /* Position Egal */
752  user_perm_matrix.perm_over_user_with_position = -1
753  )
754  )
755  AND user_perm_matrix.perm_orgu_scope = 2
756  )
757  )
758  )
759  );";
760 
761  $DIC->database()->manipulate($q);
762 
763  return $temporary_table_name;
764  }
765 
766  public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
767  string $org_unit_operation_string,
768  string $context,
769  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
770  ): string {
771  global $DIC;
772 
773  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
774 
775  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
776  assert($operation instanceof ilOrgUnitOperation);
777 
778  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
779  . self::COURSE_CONTEXT
780  ) {
781  $this->dropTempTable($temporary_table_name);
782  }
783 
784  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
785  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
786  AS (
787  SELECT
788  obj_ref.ref_id AS perm_for_ref_id,
789  orgu_ua.orgu_id AS perm_for_orgu_id,
790  auth.scope AS perm_orgu_scope,
791  orgu_ua.position_id AS perm_for_position_id,
792  auth.over AS perm_over_user_with_position
793  FROM
794  il_orgu_permissions AS perm
795  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
796  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
797  ->getId() . "
798  INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
799  INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
800  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
801  WHERE
802  perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
803  );";
804 
805  $DIC->database()->manipulate($q);
806 
807  return $temporary_table_name;
808  }
809 
810  public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
811  string $org_unit_operation_string,
812  string $context,
813  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
814  ): string {
815  global $DIC;
816 
817  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
818 
822  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
823 
824  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
825  . self::COURSE_CONTEXT
826  ) {
827  $this->dropTempTable($temporary_table_name);
828  }
829 
830  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
831  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
832  AS (
833  SELECT
834  obj_ref.ref_id AS perm_for_ref_id,
835  orgu_ua.orgu_id AS perm_for_orgu_id,
836  auth.scope AS perm_orgu_scope,
837  orgu_ua.position_id AS perm_for_position_id,
838  auth.over AS perm_over_user_with_position
839  FROM
840  object_data AS obj
841  INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
842  INNER JOIN il_orgu_permissions AS perm ON perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]' AND perm.parent_id = -1
843  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
844  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
845  ->getId() . "
846  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
847 
848  WHERE
849  obj.type = '" . $context . "'
850  AND (obj_ref.ref_id , orgu_ua.position_id)
851 
852  NOT IN (SELECT
853  perm.parent_id, orgu_ua.position_id
854  FROM
855  il_orgu_permissions AS perm
856  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
857  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
858  WHERE perm.parent_id <> -1)
859  );";
860 
861  $DIC->database()->manipulate($q);
862 
863  return $temporary_table_name;
864  }
865 
872  public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
873  string $org_unit_operation_string,
874  string $context,
875  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
876  ): string {
877  global $DIC;
878 
879  $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
883  $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
884 
885  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
886  . self::COURSE_CONTEXT
887  ) {
888  $this->dropTempTable($temporary_table_name);
889  }
890 
891  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
892  (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
893  AS (
894  SELECT
895  orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
896  orgu_ua.orgu_id AS perm_for_orgu_id,
897  auth.scope AS perm_orgu_scope,
898  orgu_ua.position_id AS perm_for_position_id,
899  auth.over AS perm_over_user_with_position
900  FROM
901  il_orgu_permissions AS perm
902  INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
903  . $GLOBALS['DIC']->user()->getId() . "
904  INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
905  INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
906  WHERE
907  perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
908  );";
909 
910  $DIC->database()->manipulate($q);
911 
912  return $temporary_table_name;
913  }
914 
915  public function buildTempTableCourseMemberships(
916  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
917  array $only_courses_of_user_ids = array()
918  ): string {
919  global $DIC;
920 
921  $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
922 
923  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
924  || count($only_courses_of_user_ids) > 0
925  ) {
926  $this->dropTempTable($temporary_table_name);
927  }
928 
929  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
930  (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
931  AS (
932  SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
933  FROM (
934  SELECT obj_id, usr_id FROM obj_members WHERE admin > 0 OR tutor > 0 OR member > 0
935  AND " . $DIC->database()->in(
936  'obj_members.usr_id',
937  $only_courses_of_user_ids,
938  false,
939  'integer'
940  ) . "
941  UNION
942  SELECT obj_id, usr_id FROM crs_waiting_list
943  WHERE " . $DIC->database()->in(
944  'crs_waiting_list.usr_id',
945  $only_courses_of_user_ids,
946  false,
947  'integer'
948  ) . "
949  UNION
950  SELECT obj_id, usr_id FROM il_subscribers
951  WHERE " . $DIC->database()->in(
952  'il_subscribers.usr_id',
953  $only_courses_of_user_ids,
954  false,
955  'integer'
956  ) . "
957  ) AS crs_members
958  INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
959  INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
960  );";
961 
962  $DIC->database()->manipulate($q);
963 
964  return $temporary_table_name;
965  }
966 
967  public function buildTempTableOrguMemberships(
968  string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
969  array $only_orgus_of_user_ids = array()
970  ): string {
971  global $DIC;
972 
973  $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
974 
975  if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
976  || count($only_orgus_of_user_ids) > 0
977  ) {
978  $this->dropTempTable($temporary_table_name);
979  }
980 
981  $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
982  (INDEX i1(orgu_id), INDEX i2 (tree_path(255)), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
983  AS (
984  SELECT orgu_ua.orgu_id AS orgu_id,
985  tree_orgu.path AS tree_path,
986  tree_orgu.child AS tree_child,
987  tree_orgu.parent AS tree_parent,
988  tree_orgu.lft AS tree_lft,
989  tree_orgu.rgt AS tree_rgt,
990  orgu_ua.position_id AS user_position_id,
991  orgu_ua.user_id AS user_id
992  FROM
993  il_orgu_ua AS orgu_ua
994  INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
995  LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
996 
997  if (count($only_orgus_of_user_ids) > 0) {
998  $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
999  }
1000 
1001  $q .= ");";
1002 
1003  $DIC->database()->manipulate($q);
1004 
1005  return $temporary_table_name;
1006  }
1007 
1008  public function dropTempTable(string $temporary_table_name): void
1009  {
1010  global $DIC;
1011 
1012  $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
1013  $DIC->database()->manipulate($q);
1014  }
1015 }
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS
Definition: class.ilMyStaffAccess.php:38
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString(string $operation_string, string $context_name)
@deprecated Please use find() from OrgUnitOperationRepository
Definition: class.ilOrgUnitOperationQueries.php:90
$res
$res
Definition: ltiservices.php:66
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:517
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser(int $user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:423
$context
$context
Definition: webdav.php:31
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsUserMatrixForUserOperationAndContext
buildTempTableIlobjectsUserMatrixForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:627
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:579
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
Definition: class.ilMyStaffAccess.php:34
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:500
array_map
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS
Definition: class.ilMyStaffAccess.php:37
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
$ref_id
$ref_id
Definition: ltiauth.php:65
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:378
ILIAS\MyStaff\ilMyStaffAccess\hasCurrentUserAccessToLearningProgressInObject
hasCurrentUserAccessToLearningProgressInObject(int $ref_id=0)
Definition: class.ilMyStaffAccess.php:309
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
Definition: class.ilMyStaffAccess.php:39
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:967
$DIC
global $DIC
Definition: shib_login.php:22
ILIAS\MyStaff\ilMyStaffAccess\getIlobjectsAndUsersForUserOperationAndContext
getIlobjectsAndUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context)
Definition: class.ilMyStaffAccess.php:594
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext
buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS)
Definition: class.ilMyStaffAccess.php:766
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
Definition: class.ilMyStaffAccess.php:35
$q
$q
Definition: shib_logout.php:21
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:915
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable(string $temporary_table_name)
Definition: class.ilMyStaffAccess.php:1008
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
Definition: class.ilMyStaffAccess.php:36
ILIAS\MyStaff
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilMyStaffAccess.php:19