ILIAS  trunk Revision v11.0_alpha-1843-g9e1fad99175
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1 <?php
2 
25 class ilObjSurveyAccess extends ilObjectAccess implements ilConditionHandling
26 {
27  protected ilObjUser $user;
28  protected ilLanguage $lng;
29  protected ilRbacSystem $rbacsystem;
30  protected ilAccessHandler $access;
31 
32  public function __construct()
33  {
34  global $DIC;
35 
36  $this->user = $DIC->user();
37  $this->lng = $DIC->language();
38  $this->rbacsystem = $DIC->rbac()->system();
39  $this->access = $DIC->access();
40  }
41 
42 
43  public static function getConditionOperators(): array
44  {
45  return array(
46  ilConditionHandler::OPERATOR_FINISHED
47  );
48  }
49 
50  public static function checkCondition(int $a_trigger_obj_id, string $a_operator, string $a_value, int $a_usr_id): bool
51  {
52  switch ($a_operator) {
53  case ilConditionHandler::OPERATOR_FINISHED:
54  if (self::_lookupFinished($a_trigger_obj_id, $a_usr_id)) {
55  return true;
56  } else {
57  return false;
58  }
59 
60  // no break
61  default:
62  return true;
63  }
64  }
65 
66  public function _checkAccess(string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id = null): bool
67  {
68  $ilUser = $this->user;
69  $lng = $this->lng;
70  $rbacsystem = $this->rbacsystem;
71  $ilAccess = $this->access;
72 
73  if (is_null($user_id)) {
74  $user_id = $ilUser->getId();
75  }
76 
77  $is_admin = $rbacsystem->checkAccessOfUser($user_id, 'write', $ref_id);
78 
79  switch ($permission) {
80  case "visible":
81  case "read":
82  if (!self::_lookupCreationComplete($obj_id) &&
83  !$is_admin) {
84  $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
85  return false;
86  }
87  break;
88  }
89 
90  switch ($cmd) {
91  case "run":
92  if (!self::_lookupCreationComplete($obj_id) &&
93  !$is_admin) {
94  $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
95  return false;
96  }
97  break;
98 
99  case "evaluation":
100  if (!self::_lookupCreationComplete($obj_id)) {
101  $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
102  return false;
103  }
104  if ($rbacsystem->checkAccess("write", $ref_id) || self::_hasEvaluationAccess($obj_id, $user_id)) {
105  return true;
106  } else {
107  $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
108  return false;
109  }
110  }
111 
112  return true;
113  }
114 
115 
116  public static function _getCommands(): array
117  {
118  $commands = array(
119  array("permission" => "read", "cmd" => "run", "lang_var" => "svy_run", "default" => true),
120  array("permission" => "write", "cmd" => "questions", "lang_var" => "edit_questions"),
121  array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
122  array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
123  );
124 
125  return $commands;
126  }
127 
128  //
129  // object specific access related methods
130  //
131 
135  public static function _lookupCreationComplete(int $a_obj_id): bool
136  {
137  global $DIC;
138 
139  $ilDB = $DIC->database();
140 
141  $result = $ilDB->queryF(
142  "SELECT * FROM svy_svy WHERE obj_fi=%s",
143  array('integer'),
144  array($a_obj_id)
145  );
146 
147  $row = null;
148  if ($result->numRows() === 1) {
149  $row = $ilDB->fetchAssoc($result);
150  }
151  if (is_null($row) || !$row["complete"]) {
152  return false;
153  }
154  return true;
155  }
156 
160  public static function _lookupEvaluationAccess(int $a_obj_id): int
161  {
162  global $DIC;
163 
164  $ilDB = $DIC->database();
165 
166  $result = $ilDB->queryF(
167  "SELECT * FROM svy_svy WHERE obj_fi=%s",
168  array('integer'),
169  array($a_obj_id)
170  );
171  if ($result->numRows() === 1) {
172  $row = $ilDB->fetchAssoc($result);
173  return (int) $row["evaluation_access"];
174  }
175  return 0;
176  }
177 
178  public static function _isSurveyParticipant(
179  int $user_id,
180  int $survey_id
181  ): bool {
182  global $DIC;
183 
184  $ilDB = $DIC->database();
185 
186  $result = $ilDB->queryF(
187  "SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
188  array('integer','integer'),
189  array($user_id, $survey_id)
190  );
191  return $result->numRows() === 1;
192  }
193 
194  public static function _lookupAnonymize(
195  int $a_obj_id
196  ): bool {
197  global $DIC;
198 
199  $ilDB = $DIC->database();
200 
201  $result = $ilDB->queryF(
202  "SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
203  array('integer'),
204  array($a_obj_id)
205  );
206  if ($result->numRows() === 1) {
207  $row = $ilDB->fetchAssoc($result);
208  return (bool) $row["anonymize"];
209  } else {
210  return false;
211  }
212  }
213 
214  public static function _hasEvaluationAccess(
215  int $a_obj_id,
216  int $user_id
217  ): bool {
218  $evaluation_access = self::_lookupEvaluationAccess($a_obj_id);
219  $svy_mode = self::_lookupMode($a_obj_id);
220 
221  if ($svy_mode === ilObjSurvey::MODE_IND_FEEDB) {
222  $svy = new ilObjSurvey($a_obj_id, false);
223  $svy->read();
224  switch ($svy->get360Results()) {
225  case ilObjSurvey::RESULTS_360_ALL:
226  case ilObjSurvey::RESULTS_360_NONE:
227  return false;
228 
229  case ilObjSurvey::RESULTS_360_OWN:
230  return true;
231 
232  // not applicable
233  }
234  }
235 
236  switch ($evaluation_access) {
237  case 0:
238  // no evaluation access
239  return false;
240  case 1:
241  // evaluation access for all registered users
242  return ($user_id > 0) && ($user_id !== ANONYMOUS_USER_ID);
243  case 2:
244  switch ($svy_mode) {
245  case ilObjSurvey::MODE_360:
246  $svy = new ilObjSurvey($a_obj_id, false);
247  $svy->read();
248  switch ($svy->get360Results()) {
249  case ilObjSurvey::RESULTS_360_NONE:
250  return false;
251 
252  case ilObjSurvey::RESULTS_360_OWN:
253  return $svy->isAppraiseeClosed($user_id);
254 
255  case ilObjSurvey::RESULTS_360_ALL:
256  return $svy->isAppraisee($user_id);
257  }
258  break;
259 
260  case ilObjSurvey::MODE_IND_FEEDB:
261  $svy = new ilObjSurvey($a_obj_id, false);
262  $svy->read();
263  switch ($svy->get360Results()) {
264  case ilObjSurvey::RESULTS_360_NONE:
265  return false;
266 
267  case ilObjSurvey::RESULTS_360_OWN:
268  return true;
269 
270  case ilObjSurvey::RESULTS_360_ALL:
271  return $svy->isAppraisee($user_id);
272  }
273  break;
274 
275  case ilObjSurvey::MODE_SELF_EVAL:
276  $svy = new ilObjSurvey($a_obj_id, false);
277  $svy->read();
278  switch ($svy->getSelfEvaluationResults()) {
279  case ilObjSurvey::RESULTS_SELF_EVAL_NONE:
280  return false;
281  default:
282  return true;
283  }
284 
285  // no break
286  default:
287  // evaluation access for participants
288  // check if the user with the given id is a survey participant
289 
290  // show the evaluation button for anonymized surveys for all users
291  // access is only granted with the survey access code
292  if (self::_lookupAnonymize($a_obj_id)) {
293  return true;
294  }
295 
296  global $DIC;
297 
298  $ilDB = $DIC->database();
299  $result = $ilDB->queryF(
300  "SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
301  array('integer'),
302  array($a_obj_id)
303  );
304  if ($result->numRows() === 1) {
305  $row = $ilDB->fetchAssoc($result);
306 
307  if (self::_isSurveyParticipant($user_id, $row["survey_id"])) {
308  $survey = new ilObjSurvey($a_obj_id, false);
309  $run_manager = $DIC->survey()->internal()->domain()
310  ->execution()->run($survey, $user_id);
311  return $run_manager->hasFinished();
312  }
313  }
314  return false;
315  }
316  }
317  return false;
318  }
319 
320 
326  public static function _lookupFinished(
327  int $a_obj_id,
328  int $a_user_id = 0
329  ): ?int {
330  global $DIC;
331 
332  $ilDB = $DIC->database();
333  $ilUser = $DIC->user();
334 
335  $finished = null;
336  if ($a_user_id === 0) {
337  $a_user_id = $ilUser->getId();
338  }
339 
340  $result = $ilDB->queryF(
341  "SELECT * FROM svy_svy WHERE obj_fi = %s",
342  array('integer'),
343  array($a_obj_id)
344  );
345  if ($result->numRows() === 1) {
346  $row = $ilDB->fetchObject($result);
347  if ((int) $row->anonymize === 1) {
348  $result = $ilDB->queryF(
349  "SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s " .
350  "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s " .
351  "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
352  array('integer','text'),
353  array($row->survey_id, md5($a_user_id))
354  );
355  } else {
356  $result = $ilDB->queryF(
357  "SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
358  array('integer','integer'),
359  array($row->survey_id, $a_user_id)
360  );
361  }
362  if ($result->numRows() === 1) {
363  $foundrow = $ilDB->fetchAssoc($result);
364  $finished = (int) $foundrow["state"];
365  }
366  }
367 
368  return $finished;
369  }
370 
374  public static function _lookupMode(
375  int $a_obj_id
376  ): int {
377  global $DIC;
378  $ilDB = $DIC->database();
379 
380  $result = $ilDB->queryF(
381  "SELECT mode FROM svy_svy" .
382  " WHERE obj_fi = %s",
383  array('integer'),
384  array($a_obj_id)
385  );
386 
387  if ($result->numRows() === 1) {
388  $row = $ilDB->fetchAssoc($result);
389  return (int) $row["mode"];
390  }
391 
392  return 0;
393  }
394 
395  public static function _lookup360Mode(
396  int $a_obj_id
397  ): bool {
398  global $DIC;
399 
400  $ilDB = $DIC->database();
401 
402  $result = $ilDB->queryF(
403  "SELECT mode FROM svy_svy" .
404  " WHERE obj_fi = %s AND mode = %s",
405  array('integer','integer'),
406  array($a_obj_id, ilObjSurvey::MODE_360)
407  );
408  return (bool) $ilDB->numRows($result);
409  }
410 
414  public static function _checkGoto(string $target): bool
415  {
416  global $DIC;
417 
418  $request = $DIC->survey()
419  ->internal()
420  ->gui()
421  ->execution()
422  ->request();
423 
424  $ilAccess = $DIC->access();
425 
426  $t_arr = explode("_", $target);
427  if ($t_arr[0] !== "svy" || ((int) $t_arr[1]) <= 0) {
428  return false;
429  }
430 
431  // 360° external raters
432  $access_code = ($request->getAccessCode() !== "")
433  ? $request->getAccessCode()
434  : ($t_arr[2] ?? "");
435  if ($access_code !== "") {
436  $survey = new ilObjSurvey((int) $t_arr[1]);
437  $run_manager = $DIC->survey()->internal()->domain()->execution()->run($survey, $DIC->user()->getId());
438  try {
439  $run_manager->initSession($access_code);
440  } catch (Exception $e) {
441  return false;
442  }
443  if (ilObjSurvey::validateExternalRaterCode((int) $t_arr[1], $access_code)) {
444  return true;
445  }
446  }
447 
448  if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||
449  $ilAccess->checkAccess("read", "", $t_arr[1])) {
450  return true;
451  }
452  return false;
453  }
454 }
ilObjSurveyAccess\_lookupEvaluationAccess
static _lookupEvaluationAccess(int $a_obj_id)
get evaluation access
Definition: class.ilObjSurveyAccess.php:160
ilObjSurveyAccess\_isSurveyParticipant
static _isSurveyParticipant(int $user_id, int $survey_id)
Definition: class.ilObjSurveyAccess.php:178
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilObjSurveyAccess\checkCondition
static checkCondition(int $a_trigger_obj_id, string $a_operator, string $a_value, int $a_usr_id)
check condition for a specific user and object
Definition: class.ilObjSurveyAccess.php:50
ilLanguage\txt
txt(string $a_topic, string $a_default_lang_fallback_mod="")
gets the text for a given topic if the topic is not in the list, the topic itself with "-" will be re...
Definition: class.ilLanguage.php:170
ilObjSurveyAccess\_checkGoto
static _checkGoto(string $target)
check whether goto script will succeed
Definition: class.ilObjSurveyAccess.php:414
ilObjSurveyAccess\_lookupAnonymize
static _lookupAnonymize(int $a_obj_id)
Definition: class.ilObjSurveyAccess.php:194
ilObjSurveyAccess\_lookupFinished
static _lookupFinished(int $a_obj_id, int $a_user_id=0)
get finished status
Definition: class.ilObjSurveyAccess.php:326
ilConditionHandling
Interface for condition handling.
Definition: interface.ilConditionHandling.php:25
ilObjSurveyAccess\getConditionOperators
static getConditionOperators()
Returns an array with valid operators for the specific object type.
Definition: class.ilObjSurveyAccess.php:43
ilRbacSystem\checkAccessOfUser
checkAccessOfUser(int $a_user_id, string $a_operations, int $a_ref_id, string $a_type="")
Definition: class.ilRbacSystem.php:113
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilRbacSystem\checkAccess
checkAccess(string $a_operations, int $a_ref_id, string $a_type="")
checkAccess represents the main method of the RBAC-system in ILIAS3 developers want to use With this ...
Definition: class.ilRbacSystem.php:108
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObjSurveyAccess\_lookupMode
static _lookupMode(int $a_obj_id)
Get survey mode (see ilObjSurvey::MODE_...
Definition: class.ilObjSurveyAccess.php:374
ilObjSurveyAccess\_checkAccess
_checkAccess(string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id=null)
Definition: class.ilObjSurveyAccess.php:66
$DIC
global $DIC
Definition: shib_login.php:22
ilObjSurveyAccess\_hasEvaluationAccess
static _hasEvaluationAccess(int $a_obj_id, int $user_id)
Definition: class.ilObjSurveyAccess.php:214
ilObjSurveyAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjSurveyAccess.php:25
ilObjSurvey\RESULTS_SELF_EVAL_NONE
const RESULTS_SELF_EVAL_NONE
Definition: class.ilObjSurvey.php:51
ilObjSurveyAccess\_lookupCreationComplete
static _lookupCreationComplete(int $a_obj_id)
checks whether all necessary parts of the survey are given
Definition: class.ilObjSurveyAccess.php:135
ilObjSurveyAccess\_lookup360Mode
static _lookup360Mode(int $a_obj_id)
Definition: class.ilObjSurveyAccess.php:395