ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilMyStaffAccess.php
Go to the documentation of this file.
1<?php
2
19namespace ILIAS\MyStaff;
20
21use ilObjectAccess;
22use ilOrgUnitOperation;
23use ilOrgUnitOperationContext;
24use ilOrgUnitOperationContextQueries;
25use ilOrgUnitOperationQueries;
26use ilOrgUnitUserAssignmentQueries;
27
32class ilMyStaffAccess extends ilObjectAccess
33{
34 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS = 'tmp_obj_spec_perm';
35 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS = 'tmp_obj_def_perm';
36 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS = 'tmp_orgu_def_perm';
37 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS = 'tmp_crs_members';
38 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS = 'tmp_orgu_members';
39 public const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX = 'tmp_obj_user_matr';
40 public const string ACCESS_ENROLMENTS_ORG_UNIT_OPERATION = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS;
41 public const string COURSE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_CRS;
42 public const string EXERCISE_CONTEXT = ilOrgUnitOperationContext::CONTEXT_EXC;
43 public const string GROUP_CONTEXT = ilOrgUnitOperationContext::CONTEXT_GRP;
44 public const string SURVEY_CONTEXT = ilOrgUnitOperationContext::CONTEXT_SVY;
45 public const string TEST_CONTEXT = ilOrgUnitOperationContext::CONTEXT_TST;
46 public const string EMPLOYEE_TALK_CONTEXT = ilOrgUnitOperationContext::CONTEXT_ETAL;
47
48 protected static ?self $instance = null;
49
50 protected array $users_for_user = [];
51
52 public static function getInstance(): self
53 {
54 global $DIC;
55
56 if (self::$instance === null) {
57 self::$instance = new self();
58
59 if (!self::isMyStaffActive()) {
60 return self::$instance;
61 }
62
63 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
64 . self::COURSE_CONTEXT);
65 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
66 . "_" . self::COURSE_CONTEXT);
67 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION
68 . "_" . self::COURSE_CONTEXT);
69 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId());
70 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId());
71 self::$instance->dropTempTable(self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
72 . self::COURSE_CONTEXT);
73 }
74
75 return self::$instance;
76 }
77
78 public function __construct()
79 {
80 }
81
82 public static function isMyStaffActive(): bool
83 {
84 global $DIC;
85
86 return (bool) $DIC->settings()->get('enable_my_staff');
87 }
88
89 public function hasCurrentUserAccessToMyStaff(): bool
90 {
91 global $DIC;
92
93 if (!self::isMyStaffActive()) {
94 return false;
95 }
96
97 if ($this->hasCurrentUserAccessToCourseMemberships()) {
98 return true;
99 }
100
101 if ($this->hasCurrentUserAccessToCertificates()) {
102 return true;
103 }
104
105 if ($this->hasCurrentUserAccessToCompetences()) {
106 return true;
107 }
108
109 if ($this->hasCurrentUserAccessToTalks()) {
110 return true;
111 }
112
113 if ($this->hasCurrentUserAccessToStaffList()) {
114 return true;
115 }
116
117 return false;
118 }
119
120 public function hasCurrentUserAccessToCertificates(): bool
121 {
122 global $DIC;
123
124 if (!self::isMyStaffActive()) {
125 return false;
126 }
127
128 $cert_set = new \ilSetting("certificate");
129 if (!$cert_set->get("active")) {
130 return false;
131 }
132
133 if ($this->countOrgusOfUserWithOperationAndContext(
134 $DIC->user()->getId(),
135 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
136 self::COURSE_CONTEXT
137 )
138 > 0
139 ) {
140 return true;
141 }
142
143 if ($this->countOrgusOfUserWithOperationAndContext(
144 $DIC->user()->getId(),
145 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
146 self::EXERCISE_CONTEXT
147 )
148 > 0
149 ) {
150 return true;
151 }
152
153 if ($this->countOrgusOfUserWithOperationAndContext(
154 $DIC->user()->getId(),
155 ilOrgUnitOperation::OP_VIEW_CERTIFICATES,
156 self::TEST_CONTEXT
157 )
158 > 0
159 ) {
160 return true;
161 }
162
163 return false;
164 }
165
166 public function hasCurrentUserAccessToTalks(): bool
167 {
168 global $DIC;
169
170 if (!self::isMyStaffActive()) {
171 return false;
172 }
173
174 if ($this->countOrgusOfUserWithOperationAndContext(
175 $DIC->user()->getId(),
176 ilOrgUnitOperation::OP_CREATE_EMPLOYEE_TALK,
177 self::EMPLOYEE_TALK_CONTEXT
178 )
179 > 0
180 ) {
181 return true;
182 }
183
184 if ($this->countOrgusOfUserWithOperationAndContext(
185 $DIC->user()->getId(),
186 ilOrgUnitOperation::OP_EDIT_EMPLOYEE_TALK,
187 self::EMPLOYEE_TALK_CONTEXT
188 )
189 > 0
190 ) {
191 return true;
192 }
193
194 if ($this->countOrgusOfUserWithOperationAndContext(
195 $DIC->user()->getId(),
196 ilOrgUnitOperation::OP_READ_EMPLOYEE_TALK,
197 self::EMPLOYEE_TALK_CONTEXT
198 )
199 > 0
200 ) {
201 return true;
202 }
203
204 return false;
205 }
206
207 public function hasCurrentUserAccessToCompetences(): bool
208 {
209 global $DIC;
210
211 if (!self::isMyStaffActive()) {
212 return false;
213 }
214
215 $skmg_set = new \ilSkillManagementSettings();
216 if (!$skmg_set->isActivated()) {
217 return false;
218 }
219
220 if ($this->countOrgusOfUserWithOperationAndContext(
221 $DIC->user()->getId(),
222 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
223 self::COURSE_CONTEXT
224 )
225 > 0
226 ) {
227 return true;
228 }
229
230 if ($this->countOrgusOfUserWithOperationAndContext(
231 $DIC->user()->getId(),
232 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
233 self::GROUP_CONTEXT
234 )
235 > 0
236 ) {
237 return true;
238 }
239
240 if ($this->countOrgusOfUserWithOperationAndContext(
241 $DIC->user()->getId(),
242 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
243 self::SURVEY_CONTEXT
244 )
245 > 0
246 ) {
247 return true;
248 }
249
250 if ($this->countOrgusOfUserWithOperationAndContext(
251 $DIC->user()->getId(),
252 ilOrgUnitOperation::OP_VIEW_COMPETENCES,
253 self::TEST_CONTEXT
254 )
255 > 0
256 ) {
257 return true;
258 }
259
260 return false;
261 }
262
263 public function hasCurrentUserAccessToCourseMemberships(): bool
264 {
265 global $DIC;
266
267 if (!self::isMyStaffActive()) {
268 return false;
269 }
270
271 if ($this->countOrgusOfUserWithOperationAndContext(
272 $DIC->user()->getId(),
273 self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION,
274 self::COURSE_CONTEXT
275 )
276 > 0
277 ) {
278 return true;
279 }
280
281 return false;
282 }
283
284 public function hasCurrentUserAccessToStaffList(): bool
285 {
286 return $this->hasCurrentUserAccessToUser(0);
287 }
288
289 public function hasCurrentUserAccessToUser(int $usr_id): bool
290 {
291 global $DIC;
292
293 if (!self::isMyStaffActive()) {
294 return false;
295 }
296
297 $arr_users = $this->getUsersForUser($DIC->user()->getId());
298 if (count($arr_users) > 0 && $usr_id === 0) {
299 return true;
300 }
301
302 if (count($arr_users) > 0 && in_array($usr_id, $arr_users)) {
303 return true;
304 }
305
306 return false;
307 }
308
309 public function hasCurrentUserAccessToLearningProgressInObject(int $ref_id = 0): bool
310 {
311 global $DIC;
312
313 return $DIC->access()->checkPositionAccess(ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS, $ref_id);
314 }
315
316 public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser(): bool
317 {
318 global $DIC;
319
320 $arr_usr_id = $this->getUsersForUserOperationAndContext(
321 $DIC->user()->getId(),
322 ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
323 self::COURSE_CONTEXT
324 );
325 if (count($arr_usr_id) > 0) {
326 return true;
327 }
328
329 return false;
330 }
331
332 public function countOrgusOfUserWithAtLeastOneOperation(int $user_id): int
333 {
334 global $DIC;
335
336 $q = "SELECT COUNT(orgu_ua.orgu_id) AS 'cnt' FROM il_orgu_permissions AS perm
337 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
338 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context is not NULL
339 WHERE orgu_ua.user_id = " . $DIC->database()->quote(
340 $user_id,
341 'integer'
342 ) . " AND perm.operations is not NULL AND perm.parent_id = -1";
343
344 $set = $DIC->database()->query($q);
345 $rec = $DIC->database()->fetchAssoc($set);
346
347 return $rec['cnt'];
348 }
349
350 public function countOrgusOfUserWithOperationAndContext(
351 int $user_id,
352 string $org_unit_operation_string,
353 string $context
354 ): int {
355 global $DIC;
356
360 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
361
362 $q = "SELECT COUNT(orgu_ua.orgu_id) AS cnt FROM il_orgu_permissions AS perm
363 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
364 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
365 and orgu_ua.user_id = " . $DIC->database()->quote(
366 $user_id,
367 'integer'
368 ) . " AND perm.operations REGEXP '[\\\[,]\"?"
369 . $operation->getOperationId() . "\"?[\],]'
370 WHERE perm.parent_id = -1";
371
372 $set = $DIC->database()->query($q);
373 $rec = $DIC->database()->fetchAssoc($set);
374
375 return $rec['cnt'];
376 }
377
378 public function getUsersForUserOperationAndContext(
379 int $user_id,
380 string $org_unit_operation_string,
381 string $context,
382 string $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
383 ): array {
384 global $DIC;
385
386 $tmp_table_name = $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
387 $user_id,
388 $org_unit_operation_string,
389 $context,
390 $tmp_table_name_prefix
391 );
392
393 $q = 'SELECT usr_id FROM ' . $tmp_table_name;
394
395 $user_set = $DIC->database()->query($q);
396
397 $arr_users = array();
398
399 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
400 $arr_users[$rec['usr_id']] = $rec['usr_id'];
401 }
402
403 return $arr_users;
404 }
405
406 public function getUsersForUserPerPosition(int $user_id): array
407 {
408 $users = [];
409 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
410 foreach ($user_assignments as $user_assignment) {
411 $users[$user_assignment->getPositionId()] = $this->getUsersForUser(
412 $user_id,
413 $user_assignment->getPositionId()
414 );
415 }
416
417 return $users;
418 }
419
423 public function getUsersForUser(int $user_id, ?int $position_id = null): array
424 {
425 global $DIC;
426
427 if (isset($this->users_for_user[$user_id]) && $position_id === null) {
428 return $this->users_for_user[$user_id];
429 }
430
431 $tmp_orgu_members = $this->buildTempTableOrguMemberships(
432 self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
433 array()
434 );
435
436 $position_limitation = '';
437 if (!is_null($position_id)) {
438 $position_limitation = ' AND orgu_ua_current_user.position_id = ' . $position_id;
439 }
440
441 $q = "SELECT " . $tmp_orgu_members . ".user_id AS usr_id
442 FROM
443 " . $tmp_orgu_members . "
444 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
445 $user_id,
446 'integer'
447 ) . "
448 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua_current_user.position_id " . $position_limitation . "
449 WHERE
450 (
451 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
452 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1
453 AND auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
454 )
455 OR
456 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
457 (orgu_ua_current_user.orgu_id = " . $tmp_orgu_members . ".orgu_id AND auth.scope = 1 AND auth.over = -1)
458 OR
459 /* Kinder OrgUnit wie Current User */
460 (
461 (
462 " . $tmp_orgu_members . ".orgu_id = orgu_ua_current_user.orgu_id OR
463 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id ,\".%\")
464 OR
465 " . $tmp_orgu_members . ".tree_path LIKE CONCAT(\"%.\",orgu_ua_current_user.orgu_id )
466 )
467 AND
468 (
469 (
470 (
471 /* Gleiche Position */
472 auth.over = " . $tmp_orgu_members . ".user_position_id AND auth.over <> -1
473 )
474 OR
475 (
476 /* Position Egal */
477 auth.over = -1
478 )
479 )
480 AND auth.scope = 2
481 )
482 )
483 )";
484
485 $user_set = $DIC->database()->query($q);
486
487 $arr_users = array();
488
489 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
490 $arr_users[$rec['usr_id']] = $rec['usr_id'];
491 }
492
493 if ($position_id === null) {
494 $this->users_for_user[$user_id] = $arr_users;
495 }
496
497 return $arr_users;
498 }
499
500 public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false): array
501 {
502 $user_assignments = ilOrgUnitUserAssignmentQueries::getInstance()->getAssignmentsOfUserId($user_id);
503 $ids = [];
504 foreach ($user_assignments as $user_assignment) {
505 $ref_ids = $this->getIdsForPositionAndOperation(
506 $user_assignment->getPositionId(),
507 $operation,
508 $return_ref_id
509 );
510 if (count($ref_ids) > 0) {
511 $ids = array_merge($ids, $ref_ids);
512 }
513 }
514 return $ids;
515 }
516
517 public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id): array
518 {
519 $ids = [];
520 foreach (ilOrgUnitOperationContext::$available_contexts as $context) {
521 $ref_ids = $this->getIdsForPositionAndOperationAndContext(
522 $position_id,
523 $operation,
524 $context,
525 $return_ref_id
526 );
527 if (count($ref_ids) > 0) {
528 $ids = array_merge($ids, $ref_ids);
529 }
530 }
531
532 return $ids;
533 }
534
540 public function getIdsForPositionAndOperationAndContext(
541 int $position_id,
542 string $operation,
543 string $context,
544 bool $return_ref_id
545 ): array {
546 global $DIC;
547 $context_id = ilOrgUnitOperationContextQueries::findByName($context)->getId();
551 $operation_object = ilOrgUnitOperationQueries::findByOperationString($operation, $context);
552 if (is_null($operation_object)) {
553 // operation doesn't exist in this context
554 return [];
555 }
556 $operation_id = $operation_object->getOperationId();
557
558 if ($this->hasPositionDefaultPermissionForOperationInContext($position_id, $operation_id, $context_id)) {
559 $query = "select " . ($return_ref_id ? "object_reference.ref_id" : "object_data.obj_id") . " from object_data " .
560 "inner join object_reference on object_reference.obj_id = object_data.obj_id " .
561 "where type = '" . $context . "' " .
562 "AND object_reference.ref_id not in " .
563 " (SELECT parent_id FROM il_orgu_permissions " .
564 " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations NOT REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1)";
565 } else {
566 $query = $return_ref_id
567 ?
568 "SELECT parent_id as ref_id FROM il_orgu_permissions "
569 :
570 "SELECT obj_id FROM il_orgu_permissions INNER JOIN object_reference ON object_reference.ref_id = il_orgu_permissions.parent_id ";
571 $query .= " where position_id = " . $position_id . " and context_id = " . $context_id . " and operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' and parent_id <> -1";
572 }
573
574 return array_map(function ($item) use ($return_ref_id) {
575 return $return_ref_id ? $item['ref_id'] : $item['obj_id'];
576 }, $DIC->database()->fetchAll($DIC->database()->query($query)));
577 }
578
579 public function hasPositionDefaultPermissionForOperationInContext(
580 int $position_id,
581 int $operation_id,
582 int $context_id
583 ): bool {
584 global $DIC;
585 $res = $DIC->database()->query("SELECT * FROM il_orgu_permissions " .
586 " WHERE context_id = " . $context_id . " " .
587 "AND operations REGEXP '[\\\[,]\"?" . $operation_id . "\"?[\],]' " .
588 "AND position_id = " . $position_id . " " .
589 "AND parent_id = -1");
590
591 return (bool) $DIC->database()->numRows($res) > 0;
592 }
593
594 public function getIlobjectsAndUsersForUserOperationAndContext(
595 int $user_id,
596 string $org_unit_operation_string,
597 string $context
598 ): array {
599 global $DIC;
600
601
602 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
603 assert($operation instanceof ilOrgUnitOperation);
604
605 $tmp_table_name = 'tmp_ilobj_user_matrix_' . $operation->getOperationId();
606
607 $this->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
608 $user_id,
609 $org_unit_operation_string,
610 $context,
611 $tmp_table_name
612 );
613
614 $q = 'SELECT * FROM ' . $tmp_table_name;
615
616 $user_set = $DIC->database()->query($q);
617
618 $arr_user_obj = array();
619
620 while ($rec = $DIC->database()->fetchAssoc($user_set)) {
621 $arr_user_obj[] = $rec;
622 }
623
624 return $arr_user_obj;
625 }
626
627 public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
628 int $user_id,
629 string $org_unit_operation_string,
630 string $context,
631 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
632 ): string {
633 global $DIC;
634
635 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
636
637 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
638 assert($operation instanceof ilOrgUnitOperation);
639
640 $all_users_for_user = $this->getUsersForUser($GLOBALS['DIC']->user()->getId());
641
642
643 $tmp_table_objects_specific_perimissions = $this->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
644 $org_unit_operation_string,
645 $context,
646 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
647 );
648
649 $tmp_table_objects_default_perimissions = $this->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
650 $org_unit_operation_string,
651 $context,
652 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
653 );
654
655 $tmp_table_orgunit_default_perimissions = $this->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
656 $org_unit_operation_string,
657 $context,
658 self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
659 );
660
661 $tmp_table_course_members = $this->buildTempTableCourseMemberships(
662 self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
663 $all_users_for_user
664 );
665
666 $tmp_table_orgu_members = $this->buildTempTableOrguMemberships(
667 self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
668 $all_users_for_user
669 );
670
671 $tmp_table_orgu_member_path = $this->buildTempTableOrguMemberships(
672 'tmp_orgu_members_path',
673 $all_users_for_user
674 );
675
676 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
677 . self::COURSE_CONTEXT
678 ) {
679 $this->dropTempTable($temporary_table_name);
680 }
681
682 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . " AS (
683 SELECT DISTINCT user_perm_matrix.perm_for_ref_id, user_perm_matrix.usr_id FROM
684 (
685 SELECT crs.*," . $tmp_table_course_members . ".ref_id," . $tmp_table_course_members . ".usr_id FROM
686 (
687 SELECT * FROM " . $tmp_table_objects_specific_perimissions . "
688 UNION
689 SELECT * FROM " . $tmp_table_objects_default_perimissions . "
690 ) AS crs
691 INNER JOIN " . $tmp_table_course_members . " on " . $tmp_table_course_members . ".ref_id = crs.perm_for_ref_id
692 and (
693 (
694 " . $tmp_table_course_members . ".orgu_id = crs.perm_for_orgu_id AND " . $tmp_table_course_members . ".position_id = crs.perm_over_user_with_position AND perm_orgu_scope = 1
695 )
696 or perm_orgu_scope = 2
697 )
698 UNION
699 SELECT " . $tmp_table_orgunit_default_perimissions . ".*, " . $tmp_table_orgu_members . ".orgu_id AS ref_id, "
700 . $tmp_table_orgu_members . ".user_id FROM " . $tmp_table_orgunit_default_perimissions . "
701 INNER JOIN " . $tmp_table_orgu_members . " on " . $tmp_table_orgu_members . ".orgu_id = "
702 . $tmp_table_orgunit_default_perimissions . ".perm_for_ref_id
703 and (
704 (
705 " . $tmp_table_orgu_members . ".orgu_id = " . $tmp_table_orgunit_default_perimissions . ".perm_for_orgu_id AND "
706 . $tmp_table_orgu_members . ".user_position_id = " . $tmp_table_orgunit_default_perimissions . ".perm_over_user_with_position AND perm_orgu_scope = 1
707 )
708 or perm_orgu_scope = 2
709 )
710
711 ) AS user_perm_matrix
712 INNER JOIN " . $tmp_table_orgu_member_path . " AS path on path.user_id = user_perm_matrix.usr_id
713
714 INNER JOIN il_orgu_ua AS orgu_ua_current_user on orgu_ua_current_user.user_id = " . $DIC->database()->quote(
715 $user_id,
716 'integer'
717 ) . "
718 INNER JOIN il_orgu_permissions AS perm on perm.position_id = orgu_ua_current_user.position_id AND perm.parent_id = -1
719 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
720 and perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
721
722 AND
723 (
724 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Fixe Position */
725 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1
726 AND orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
727 )
728 OR
729 /* Identische OrgUnit wie Current User; Nicht Rekursiv; Position egal */
730 (orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id AND user_perm_matrix.perm_orgu_scope = 1 AND user_perm_matrix.perm_over_user_with_position = -1)
731 OR
732 /* Kinder OrgUnit wie Current User */
733 (
734 orgu_ua_current_user.orgu_id = user_perm_matrix.perm_for_orgu_id
735 AND
736 (
737 path.orgu_id = user_perm_matrix.perm_for_orgu_id OR
738 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id ,\".%\")
739 OR
740 path.tree_path LIKE CONCAT(\"%.\",user_perm_matrix.perm_for_orgu_id )
741 )
742 AND
743 (
744 (
745 (
746 /* Gleiche Position */
747 orgu_ua_current_user.position_id = user_perm_matrix.perm_for_position_id AND user_perm_matrix.perm_over_user_with_position <> -1
748 )
749 OR
750 (
751 /* Position Egal */
752 user_perm_matrix.perm_over_user_with_position = -1
753 )
754 )
755 AND user_perm_matrix.perm_orgu_scope = 2
756 )
757 )
758 )
759 );";
760
761 $DIC->database()->manipulate($q);
762
763 return $temporary_table_name;
764 }
765
766 public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
767 string $org_unit_operation_string,
768 string $context,
769 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
770 ): string {
771 global $DIC;
772
773 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
774
775 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
776 assert($operation instanceof ilOrgUnitOperation);
777
778 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
779 . self::COURSE_CONTEXT
780 ) {
781 $this->dropTempTable($temporary_table_name);
782 }
783
784 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
785 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
786 AS (
787 SELECT
788 obj_ref.ref_id AS perm_for_ref_id,
789 orgu_ua.orgu_id AS perm_for_orgu_id,
790 auth.scope AS perm_orgu_scope,
791 orgu_ua.position_id AS perm_for_position_id,
792 auth.over AS perm_over_user_with_position
793 FROM
794 il_orgu_permissions AS perm
795 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
796 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
797 ->getId() . "
798 INNER JOIN object_reference AS obj_ref ON obj_ref.ref_id = perm.parent_id
799 INNER JOIN object_data AS obj ON obj.obj_id = obj_ref.obj_id AND obj.type = '$context'
800 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '$context'
801 WHERE
802 perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
803 );";
804
805 $DIC->database()->manipulate($q);
806
807 return $temporary_table_name;
808 }
809
810 public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
811 string $org_unit_operation_string,
812 string $context,
813 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
814 ): string {
815 global $DIC;
816
817 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
818
822 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
823
824 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
825 . self::COURSE_CONTEXT
826 ) {
827 $this->dropTempTable($temporary_table_name);
828 }
829
830 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
831 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id),INDEX i5 (perm_over_user_with_position))
832 AS (
833 SELECT
834 obj_ref.ref_id AS perm_for_ref_id,
835 orgu_ua.orgu_id AS perm_for_orgu_id,
836 auth.scope AS perm_orgu_scope,
837 orgu_ua.position_id AS perm_for_position_id,
838 auth.over AS perm_over_user_with_position
839 FROM
840 object_data AS obj
841 INNER JOIN object_reference AS obj_ref ON obj_ref.obj_id = obj.obj_id
842 INNER JOIN il_orgu_permissions AS perm ON perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]' AND perm.parent_id = -1
843 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
844 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND orgu_ua.user_id = " . $GLOBALS['DIC']->user()
845 ->getId() . "
846 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
847
848 WHERE
849 obj.type = '" . $context . "'
850 AND (obj_ref.ref_id , orgu_ua.position_id)
851
852 NOT IN (SELECT
853 perm.parent_id, orgu_ua.position_id
854 FROM
855 il_orgu_permissions AS perm
856 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id
857 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
858 WHERE perm.parent_id <> -1)
859 );";
860
861 $DIC->database()->manipulate($q);
862
863 return $temporary_table_name;
864 }
865
872 public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
873 string $org_unit_operation_string,
874 string $context,
875 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
876 ): string {
877 global $DIC;
878
879 $temporary_table_name = $temporary_table_name_prefix . "_" . $org_unit_operation_string . "_" . $context;
883 $operation = ilOrgUnitOperationQueries::findByOperationString($org_unit_operation_string, $context);
884
885 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS . "_" . self::ACCESS_ENROLMENTS_ORG_UNIT_OPERATION . "_"
886 . self::COURSE_CONTEXT
887 ) {
888 $this->dropTempTable($temporary_table_name);
889 }
890
891 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
892 (INDEX i1 (perm_for_ref_id), INDEX i2 (perm_for_orgu_id), INDEX i3 (perm_orgu_scope), INDEX i4 (perm_for_position_id), INDEX i5 (perm_over_user_with_position))
893 AS (
894 SELECT
895 orgu_ua.orgu_id AS perm_for_ref_id, /* Table has to be identical to the other Permission For Operation And Context-Tables! */
896 orgu_ua.orgu_id AS perm_for_orgu_id,
897 auth.scope AS perm_orgu_scope,
898 orgu_ua.position_id AS perm_for_position_id,
899 auth.over AS perm_over_user_with_position
900 FROM
901 il_orgu_permissions AS perm
902 INNER JOIN il_orgu_ua AS orgu_ua ON orgu_ua.position_id = perm.position_id AND perm.parent_id = -1 AND orgu_ua.user_id = "
903 . $GLOBALS['DIC']->user()->getId() . "
904 INNER JOIN il_orgu_authority AS auth ON auth.position_id = orgu_ua.position_id
905 INNER JOIN il_orgu_op_contexts AS contexts on contexts.id = perm.context_id AND contexts.context = '" . $context . "'
906 WHERE
907 perm.operations REGEXP '[\\\[,]\"?" . $operation->getOperationId() . "\"?[\],]'
908 );";
909
910 $DIC->database()->manipulate($q);
911
912 return $temporary_table_name;
913 }
914
915 public function buildTempTableCourseMemberships(
916 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
917 array $only_courses_of_user_ids = array()
918 ): string {
919 global $DIC;
920
921 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
922
923 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS . "_user_id_" . $DIC->user()->getId()
924 || count($only_courses_of_user_ids) > 0
925 ) {
926 $this->dropTempTable($temporary_table_name);
927 }
928
929 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
930 (INDEX i1(ref_id), INDEX i2 (usr_id), INDEX i3 (position_id), INDEX i4 (orgu_id))
931 AS (
932 SELECT crs_members_crs_ref.ref_id, crs_members.usr_id, orgu_ua.position_id, orgu_ua.orgu_id
933 FROM (
934 SELECT obj_id, usr_id FROM obj_members WHERE admin > 0 OR tutor > 0 OR member > 0
935 AND " . $DIC->database()->in(
936 'obj_members.usr_id',
937 $only_courses_of_user_ids,
938 false,
939 'integer'
940 ) . "
941 UNION
942 SELECT obj_id, usr_id FROM crs_waiting_list
943 WHERE " . $DIC->database()->in(
944 'crs_waiting_list.usr_id',
945 $only_courses_of_user_ids,
946 false,
947 'integer'
948 ) . "
949 UNION
950 SELECT obj_id, usr_id FROM il_subscribers
951 WHERE " . $DIC->database()->in(
952 'il_subscribers.usr_id',
953 $only_courses_of_user_ids,
954 false,
955 'integer'
956 ) . "
957 ) AS crs_members
958 INNER JOIN object_reference AS crs_members_crs_ref on crs_members_crs_ref.obj_id = crs_members.obj_id
959 INNER JOIN il_orgu_ua AS orgu_ua on orgu_ua.user_id = crs_members.usr_id
960 );";
961
962 $DIC->database()->manipulate($q);
963
964 return $temporary_table_name;
965 }
966
967 public function buildTempTableOrguMemberships(
968 string $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
969 array $only_orgus_of_user_ids = array()
970 ): string {
971 global $DIC;
972
973 $temporary_table_name = $temporary_table_name_prefix . "_user_id_" . $DIC->user()->getId();
974
975 if ($temporary_table_name != self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS . "_user_id_" . $DIC->user()->getId()
976 || count($only_orgus_of_user_ids) > 0
977 ) {
978 $this->dropTempTable($temporary_table_name);
979 }
980
981 $q = "CREATE TEMPORARY TABLE IF NOT EXISTS " . $temporary_table_name . "
982 (INDEX i1(orgu_id), INDEX i2 (tree_path(255)), INDEX i3 (tree_child), INDEX i4 (tree_parent), INDEX i5 (tree_lft), INDEX i6 (tree_rgt), INDEX i7 (user_position_id), INDEX i8 (user_id))
983 AS (
984 SELECT orgu_ua.orgu_id AS orgu_id,
985 tree_orgu.path AS tree_path,
986 tree_orgu.child AS tree_child,
987 tree_orgu.parent AS tree_parent,
988 tree_orgu.lft AS tree_lft,
989 tree_orgu.rgt AS tree_rgt,
990 orgu_ua.position_id AS user_position_id,
991 orgu_ua.user_id AS user_id
992 FROM
993 il_orgu_ua AS orgu_ua
994 INNER JOIN object_reference AS obj_ref on obj_ref.ref_id = orgu_ua.orgu_id AND obj_ref.deleted is null
995 LEFT JOIN tree AS tree_orgu ON tree_orgu.child = orgu_ua.orgu_id";
996
997 if (count($only_orgus_of_user_ids) > 0) {
998 $q .= " WHERE " . $DIC->database()->in('orgu_ua.user_id', $only_orgus_of_user_ids, false, 'integer') . " ";
999 }
1000
1001 $q .= ");";
1002
1003 $DIC->database()->manipulate($q);
1004
1005 return $temporary_table_name;
1006 }
1007
1008 public function dropTempTable(string $temporary_table_name): void
1009 {
1010 global $DIC;
1011
1012 $q = "DROP TABLE IF EXISTS " . $temporary_table_name;
1013 $DIC->database()->manipulate($q);
1014 }
1015}
ILIAS\MyStaff\ilMyStaffAccess\getIlobjectsAndUsersForUserOperationAndContext
getIlobjectsAndUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context)
Definition: class.ilMyStaffAccess.php:594
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUserOperationAndContext
getUsersForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $tmp_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:378
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableOrguMemberships
buildTempTableOrguMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, array $only_orgus_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:967
ILIAS\MyStaff\ilMyStaffAccess\hasCurrentUserAccessToLearningProgressInObject
hasCurrentUserAccessToLearningProgressInObject(int $ref_id=0)
Definition: class.ilMyStaffAccess.php:309
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
Definition: class.ilMyStaffAccess.php:36
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableCourseMemberships
buildTempTableCourseMemberships(string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, array $only_courses_of_user_ids=array())
Definition: class.ilMyStaffAccess.php:915
ILIAS\MyStaff\ilMyStaffAccess\hasPositionDefaultPermissionForOperationInContext
hasPositionDefaultPermissionForOperationInContext(int $position_id, int $operation_id, int $context_id)
Definition: class.ilMyStaffAccess.php:579
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
Definition: class.ilMyStaffAccess.php:35
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS
Definition: class.ilMyStaffAccess.php:37
ILIAS\MyStaff\ilMyStaffAccess\getIdsForPositionAndOperation
getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id)
Definition: class.ilMyStaffAccess.php:517
ILIAS\MyStaff\ilMyStaffAccess\getUsersForUser
getUsersForUser(int $user_id, ?int $position_id=null)
Definition: class.ilMyStaffAccess.php:423
ILIAS\MyStaff\ilMyStaffAccess\dropTempTable
dropTempTable(string $temporary_table_name)
Definition: class.ilMyStaffAccess.php:1008
ILIAS\MyStaff\ilMyStaffAccess\getIdsForUserAndOperation
getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id=false)
Definition: class.ilMyStaffAccess.php:500
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
Definition: class.ilMyStaffAccess.php:34
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS
const string TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS
Definition: class.ilMyStaffAccess.php:38
ILIAS\MyStaff\ilMyStaffAccess\TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
const string TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
Definition: class.ilMyStaffAccess.php:39
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsUserMatrixForUserOperationAndContext
buildTempTableIlobjectsUserMatrixForUserOperationAndContext(int $user_id, string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX)
Definition: class.ilMyStaffAccess.php:627
ILIAS\MyStaff\ilMyStaffAccess\buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext
buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(string $org_unit_operation_string, string $context, string $temporary_table_name_prefix=self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS)
Definition: class.ilMyStaffAccess.php:766
ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:32
ilOrgUnitOperationContextQueries
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationContextQueries.php:25
ilOrgUnitOperationContext
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationContext.php:24
ilOrgUnitOperationQueries
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperationQueries.php:25
ilOrgUnitOperationQueries\findByOperationString
static findByOperationString(string $operation_string, string $context_name)
@deprecated Please use find() from OrgUnitOperationRepository
Definition: class.ilOrgUnitOperationQueries.php:90
ilOrgUnitOperation
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitOperation.php:24
ilOrgUnitUserAssignmentQueries
Class ilOrgUnitUserAssignmentQueries.
Definition: class.ilOrgUnitUserAssignmentQueries.php:27
$ref_id
$ref_id
Definition: ltiauth.php:66
$res
$res
Definition: ltiservices.php:69
ILIAS\MyStaff
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilMyStaffAccess.php:19
$DIC
global $DIC
Definition: shib_login.php:26
$q
$q
Definition: shib_logout.php:23
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$context
$context
Definition: webdav.php:31