ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilObjSurveyAccess.php
Go to the documentation of this file.
1<?php
2
25class ilObjSurveyAccess extends ilObjectAccess implements ilConditionHandling
26{
27 protected ilObjUser $user;
28 protected ilLanguage $lng;
29 protected ilRbacSystem $rbacsystem;
30 protected ilAccessHandler $access;
31
32 public function __construct()
33 {
34 global $DIC;
35
36 $this->user = $DIC->user();
37 $this->lng = $DIC->language();
38 $this->rbacsystem = $DIC->rbac()->system();
39 $this->access = $DIC->access();
40 }
41
42
43 public static function getConditionOperators(): array
44 {
45 return array(
46 ilConditionHandler::OPERATOR_FINISHED
47 );
48 }
49
50 public static function checkCondition(int $a_trigger_obj_id, string $a_operator, string $a_value, int $a_usr_id): bool
51 {
52 switch ($a_operator) {
53 case ilConditionHandler::OPERATOR_FINISHED:
54 if (self::_lookupFinished($a_trigger_obj_id, $a_usr_id)) {
55 return true;
56 } else {
57 return false;
58 }
59
60 // no break
61 default:
62 return true;
63 }
64 }
65
66 public function _checkAccess(string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id = null): bool
67 {
68 $ilUser = $this->user;
69 $lng = $this->lng;
70 $rbacsystem = $this->rbacsystem;
71 $ilAccess = $this->access;
72
73 if (is_null($user_id)) {
74 $user_id = $ilUser->getId();
75 }
76
77 $is_admin = $rbacsystem->checkAccessOfUser($user_id, 'write', $ref_id);
78
79 switch ($permission) {
80 case "visible":
81 case "read":
82 if (!self::_lookupCreationComplete($obj_id) &&
83 !$is_admin) {
84 $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
85 return false;
86 }
87 break;
88 }
89
90 switch ($cmd) {
91 case "run":
92 if (!self::_lookupCreationComplete($obj_id) &&
93 !$is_admin) {
94 $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
95 return false;
96 }
97 break;
98
99 case "evaluation":
100 if (!self::_lookupCreationComplete($obj_id)) {
101 $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("warning_survey_not_complete"));
102 return false;
103 }
104 if ($rbacsystem->checkAccess("write", $ref_id) || self::_hasEvaluationAccess($obj_id, $user_id)) {
105 return true;
106 } else {
107 $ilAccess->addInfoItem(ilAccessInfo::IL_NO_OBJECT_ACCESS, $lng->txt("status_no_permission"));
108 return false;
109 }
110 }
111
112 return true;
113 }
114
115
116 public static function _getCommands(): array
117 {
118 $commands = array(
119 array("permission" => "read", "cmd" => "run", "lang_var" => "svy_run", "default" => true),
120 array("permission" => "write", "cmd" => "questions", "lang_var" => "edit_questions"),
121 array("permission" => "write", "cmd" => "properties", "lang_var" => "settings"),
122 array("permission" => "read", "cmd" => "evaluation", "lang_var" => "svy_results")
123 );
124
125 return $commands;
126 }
127
128 //
129 // object specific access related methods
130 //
131
135 public static function _lookupCreationComplete(int $a_obj_id): bool
136 {
137 global $DIC;
138
139 $ilDB = $DIC->database();
140
141 $result = $ilDB->queryF(
142 "SELECT * FROM svy_svy WHERE obj_fi=%s",
143 array('integer'),
144 array($a_obj_id)
145 );
146
147 $row = null;
148 if ($result->numRows() === 1) {
149 $row = $ilDB->fetchAssoc($result);
150 }
151 if (is_null($row) || !$row["complete"]) {
152 return false;
153 }
154 return true;
155 }
156
160 public static function _lookupEvaluationAccess(int $a_obj_id): int
161 {
162 global $DIC;
163
164 $ilDB = $DIC->database();
165
166 $result = $ilDB->queryF(
167 "SELECT * FROM svy_svy WHERE obj_fi=%s",
168 array('integer'),
169 array($a_obj_id)
170 );
171 if ($result->numRows() === 1) {
172 $row = $ilDB->fetchAssoc($result);
173 return (int) $row["evaluation_access"];
174 }
175 return 0;
176 }
177
178 public static function _isSurveyParticipant(
179 int $user_id,
180 int $survey_id
181 ): bool {
182 global $DIC;
183
184 $ilDB = $DIC->database();
185
186 $result = $ilDB->queryF(
187 "SELECT finished_id FROM svy_finished WHERE user_fi = %s AND survey_fi = %s",
188 array('integer','integer'),
189 array($user_id, $survey_id)
190 );
191 return $result->numRows() === 1;
192 }
193
194 public static function _lookupAnonymize(
195 int $a_obj_id
196 ): bool {
197 global $DIC;
198
199 $ilDB = $DIC->database();
200
201 $result = $ilDB->queryF(
202 "SELECT anonymize FROM svy_svy WHERE obj_fi = %s",
203 array('integer'),
204 array($a_obj_id)
205 );
206 if ($result->numRows() === 1) {
207 $row = $ilDB->fetchAssoc($result);
208 return (bool) $row["anonymize"];
209 } else {
210 return false;
211 }
212 }
213
214 public static function _hasEvaluationAccess(
215 int $a_obj_id,
216 int $user_id
217 ): bool {
218 $evaluation_access = self::_lookupEvaluationAccess($a_obj_id);
219 $svy_mode = self::_lookupMode($a_obj_id);
220 if ($svy_mode === ilObjSurvey::MODE_IND_FEEDB) {
221 $svy = new ilObjSurvey($a_obj_id, false);
222 $svy->read();
223 switch ($svy->get360Results()) {
224 case ilObjSurvey::RESULTS_360_ALL:
225 case ilObjSurvey::RESULTS_360_NONE:
226 return false;
227
228 case ilObjSurvey::RESULTS_360_OWN:
229 return true;
230
231 // not applicable
232 }
233 }
234
235 switch ($evaluation_access) {
236 case 0:
237 // no evaluation access
238 return false;
239 case 1:
240 // evaluation access for all registered users
241 return ($user_id > 0) && ($user_id !== ANONYMOUS_USER_ID);
242 case 2:
243 switch ($svy_mode) {
244 case ilObjSurvey::MODE_360:
245 $svy = new ilObjSurvey($a_obj_id, false);
246 $svy->read();
247 switch ($svy->get360Results()) {
248 case ilObjSurvey::RESULTS_360_NONE:
249 return false;
250
251 case ilObjSurvey::RESULTS_360_OWN:
252 return $svy->isAppraiseeClosed($user_id);
253
254 case ilObjSurvey::RESULTS_360_ALL:
255 return $svy->isAppraisee($user_id);
256 }
257 break;
258
259 case ilObjSurvey::MODE_IND_FEEDB:
260 $svy = new ilObjSurvey($a_obj_id, false);
261 $svy->read();
262 switch ($svy->get360Results()) {
263 case ilObjSurvey::RESULTS_360_NONE:
264 return false;
265
266 case ilObjSurvey::RESULTS_360_OWN:
267 return true;
268
269 case ilObjSurvey::RESULTS_360_ALL:
270 return $svy->isAppraisee($user_id);
271 }
272 break;
273
274 case ilObjSurvey::MODE_SELF_EVAL:
275 $svy = new ilObjSurvey($a_obj_id, false);
276 $svy->read();
277 switch ($svy->getSelfEvaluationResults()) {
278 case ilObjSurvey::RESULTS_SELF_EVAL_NONE:
279 return false;
280 default:
281 global $DIC;
282 $run_manager = $DIC->survey()->internal()->domain()
283 ->execution()->run($svy, $user_id);
284 return $run_manager->hasFinished();
285 }
286
287 // no break
288 default:
289 // evaluation access for participants
290 // check if the user with the given id is a survey participant
291
292 // show the evaluation button for anonymized surveys for all users
293 // access is only granted with the survey access code
294 if (self::_lookupAnonymize($a_obj_id)) {
295 return true;
296 }
297
298 global $DIC;
299
300 $ilDB = $DIC->database();
301 $result = $ilDB->queryF(
302 "SELECT survey_id FROM svy_svy WHERE obj_fi = %s",
303 array('integer'),
304 array($a_obj_id)
305 );
306 if ($result->numRows() === 1) {
307 $row = $ilDB->fetchAssoc($result);
308
309 if (self::_isSurveyParticipant($user_id, $row["survey_id"])) {
310 $survey = new ilObjSurvey($a_obj_id, false);
311 $run_manager = $DIC->survey()->internal()->domain()
312 ->execution()->run($survey, $user_id);
313 return $run_manager->hasFinished();
314 }
315 }
316 return false;
317 }
318 }
319 return false;
320 }
321
322
328 public static function _lookupFinished(
329 int $a_obj_id,
330 int $a_user_id = 0
331 ): ?int {
332 global $DIC;
333
334 $ilDB = $DIC->database();
335 $ilUser = $DIC->user();
336
337 $finished = null;
338 if ($a_user_id === 0) {
339 $a_user_id = $ilUser->getId();
340 }
341
342 $result = $ilDB->queryF(
343 "SELECT * FROM svy_svy WHERE obj_fi = %s",
344 array('integer'),
345 array($a_obj_id)
346 );
347 if ($result->numRows() === 1) {
348 $row = $ilDB->fetchObject($result);
349 if ((int) $row->anonymize === 1) {
350 $result = $ilDB->queryF(
351 "SELECT * FROM svy_finished, svy_anonymous WHERE svy_finished.survey_fi = %s " .
352 "AND svy_finished.survey_fi = svy_anonymous.survey_fi AND svy_anonymous.user_key = %s " .
353 "AND svy_anonymous.survey_key = svy_finished.anonymous_id",
354 array('integer','text'),
355 array($row->survey_id, md5($a_user_id))
356 );
357 } else {
358 $result = $ilDB->queryF(
359 "SELECT * FROM svy_finished WHERE survey_fi = %s AND user_fi = %s",
360 array('integer','integer'),
361 array($row->survey_id, $a_user_id)
362 );
363 }
364 if ($result->numRows() === 1) {
365 $foundrow = $ilDB->fetchAssoc($result);
366 $finished = (int) $foundrow["state"];
367 }
368 }
369
370 return $finished;
371 }
372
376 public static function _lookupMode(
377 int $a_obj_id
378 ): int {
379 global $DIC;
380 $ilDB = $DIC->database();
381
382 $result = $ilDB->queryF(
383 "SELECT mode FROM svy_svy" .
384 " WHERE obj_fi = %s",
385 array('integer'),
386 array($a_obj_id)
387 );
388
389 if ($result->numRows() === 1) {
390 $row = $ilDB->fetchAssoc($result);
391 return (int) $row["mode"];
392 }
393
394 return 0;
395 }
396
397 public static function _lookup360Mode(
398 int $a_obj_id
399 ): bool {
400 global $DIC;
401
402 $ilDB = $DIC->database();
403
404 $result = $ilDB->queryF(
405 "SELECT mode FROM svy_svy" .
406 " WHERE obj_fi = %s AND mode = %s",
407 array('integer','integer'),
408 array($a_obj_id, ilObjSurvey::MODE_360)
409 );
410 return (bool) $ilDB->numRows($result);
411 }
412
416 public static function _checkGoto(string $target): bool
417 {
418 global $DIC;
419
420 $request = $DIC->survey()
421 ->internal()
422 ->gui()
423 ->execution()
424 ->request();
425
426 $ilAccess = $DIC->access();
427
428 $t_arr = explode("_", $target);
429 if ($t_arr[0] !== "svy" || ((int) $t_arr[1]) <= 0) {
430 return false;
431 }
432
433 // 360° external raters
434 $access_code = ($request->getAccessCode() !== "")
435 ? $request->getAccessCode()
436 : ($t_arr[2] ?? "");
437 if ($access_code !== "") {
438 $survey = new ilObjSurvey((int) $t_arr[1]);
439 $run_manager = $DIC->survey()->internal()->domain()->execution()->run($survey, $DIC->user()->getId());
440 try {
441 $run_manager->initSession($access_code);
442 } catch (Exception $e) {
443 return false;
444 }
445 if (ilObjSurvey::validateExternalRaterCode((int) $t_arr[1], $access_code)) {
446 return true;
447 }
448 }
449
450 if ($ilAccess->checkAccess("visible", "", $t_arr[1]) ||
451 $ilAccess->checkAccess("read", "", $t_arr[1])) {
452 return true;
453 }
454 return false;
455 }
456}
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLanguage\txt
txt(string $a_topic, string $a_default_lang_fallback_mod="")
gets the text for a given topic if the topic is not in the list, the topic itself with "-" will be re...
Definition: class.ilLanguage.php:170
ilObjSurveyAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjSurveyAccess.php:26
ilObjSurveyAccess\_checkAccess
_checkAccess(string $cmd, string $permission, int $ref_id, int $obj_id, ?int $user_id=null)
Checks whether a user may invoke a command or not (this method is called by ilAccessHandler::checkAcc...
Definition: class.ilObjSurveyAccess.php:66
ilObjSurveyAccess\_lookupAnonymize
static _lookupAnonymize(int $a_obj_id)
Definition: class.ilObjSurveyAccess.php:194
ilObjSurveyAccess\_checkGoto
static _checkGoto(string $target)
check whether goto script will succeed
Definition: class.ilObjSurveyAccess.php:416
ilObjSurveyAccess\_lookupMode
static _lookupMode(int $a_obj_id)
Get survey mode (see ilObjSurvey::MODE_... constants)
Definition: class.ilObjSurveyAccess.php:376
ilObjSurveyAccess\_lookupFinished
static _lookupFinished(int $a_obj_id, int $a_user_id=0)
get finished status
Definition: class.ilObjSurveyAccess.php:328
ilObjSurveyAccess\_lookup360Mode
static _lookup360Mode(int $a_obj_id)
Definition: class.ilObjSurveyAccess.php:397
ilObjSurveyAccess\getConditionOperators
static getConditionOperators()
Returns an array with valid operators for the specific object type.
Definition: class.ilObjSurveyAccess.php:43
ilObjSurveyAccess\_getCommands
static _getCommands()
get commands
Definition: class.ilObjSurveyAccess.php:116
ilObjSurveyAccess\_lookupEvaluationAccess
static _lookupEvaluationAccess(int $a_obj_id)
get evaluation access
Definition: class.ilObjSurveyAccess.php:160
ilObjSurveyAccess\_isSurveyParticipant
static _isSurveyParticipant(int $user_id, int $survey_id)
Definition: class.ilObjSurveyAccess.php:178
ilObjSurveyAccess\_lookupCreationComplete
static _lookupCreationComplete(int $a_obj_id)
checks whether all necessary parts of the survey are given
Definition: class.ilObjSurveyAccess.php:135
ilObjSurveyAccess\_hasEvaluationAccess
static _hasEvaluationAccess(int $a_obj_id, int $user_id)
Definition: class.ilObjSurveyAccess.php:214
ilObjSurveyAccess\checkCondition
static checkCondition(int $a_trigger_obj_id, string $a_operator, string $a_value, int $a_usr_id)
check condition for a specific user and object
Definition: class.ilObjSurveyAccess.php:50
ilObjSurvey\RESULTS_SELF_EVAL_NONE
const RESULTS_SELF_EVAL_NONE
Definition: class.ilObjSurvey.php:51
ilObjUser
User class.
Definition: class.ilObjUser.php:46
ilObjectAccess
Class ilObjectAccess.
Definition: class.ilObjectAccess.php:32
ilRbacSystem
class ilRbacSystem system function like checkAccess, addActiveRole ... Supporting system functions ar...
Definition: class.ilRbacSystem.php:34
ilRbacSystem\checkAccess
checkAccess(string $a_operations, int $a_ref_id, string $a_type="")
checkAccess represents the main method of the RBAC-system in ILIAS3 developers want to use With this ...
Definition: class.ilRbacSystem.php:108
ilRbacSystem\checkAccessOfUser
checkAccessOfUser(int $a_user_id, string $a_operations, int $a_ref_id, string $a_type="")
Definition: class.ilRbacSystem.php:113
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilConditionHandling
Interface for condition handling.
Definition: interface.ilConditionHandling.php:26
$ref_id
$ref_id
Definition: ltiauth.php:66
$DIC
global $DIC
Definition: shib_login.php:26