ILIAS  trunk Revision v12.0_alpha-377-g3641b37b9db
Public Member Functions | Protected Member Functions | Protected Attributes | Private Member Functions
ilTestAccess Class Reference
+ Collaboration diagram for ilTestAccess:

Public Member Functions

 getAccess ()
 
 setAccess (ilAccessHandler $access)
 
 getRefId ()
 
 checkCorrectionsAccess ()
 
 checkScoreParticipantsAccess ()
 
 checkScoreParticipantsAccessAnon ()
 
 checkManageParticipantsAccess ()
 
 checkParticipantsResultsAccess ()
 
 checkOtherParticipantsLearningProgressAccess ()
 
 checkResultsAccessForActiveId (int $active_id, int $test_id)
 
 checkScoreParticipantsAccessForActiveId (int $active_id, int $test_id)
 
 isParticipantAllowed (int $obj_id, int $user_id)
 

Protected Member Functions

 checkAccessForActiveId (Closure $access_filter, int $active_id, int $test_id)
 

Protected Attributes

ilAccessHandler $access
 
ilDBInterface $db
 
ilLanguage $lng
 
MainSettingsDatabaseRepository $main_settings_repository
 
ilTestParticipantAccessFilterFactory $participant_access_filter
 
ParticipantRepository $participant_repository
 

Private Member Functions

 isParticipantExplicitelyAllowedByIndividualIPRange (?Participant $participant, string $ip)
 
 isIpAllowedToAccessTest (string $ip, SettingsAccess $access_settings)
 
 isIpTypeOf (int $ip_type_flag, string $ip, string $range_start, string $range_end)
 
 isIpv4Between (string $ip, string $range_start, string $range_end)
 
 isIpv6Between (string $ip, string $range_start, string $range_end)
 

Detailed Description

Definition at line 37 of file class.ilTestAccess.php.

Member Function Documentation

◆ checkAccessForActiveId()

ilTestAccess::checkAccessForActiveId ( Closure  $access_filter,
int  $active_id,
int  $test_id 
)
protected

Definition at line 164 of file class.ilTestAccess.php.

164 : bool
165 {
166 $participantData = new ilTestParticipantData($this->db, $this->lng);
167 $participantData->setActiveIdsFilter([$active_id]);
168 $participantData->setParticipantAccessFilter($access_filter);
169 $participantData->load($test_id);
170
171 return in_array($active_id, $participantData->getActiveIds());
172 }

References ILIAS\Repository\lng().

Referenced by checkResultsAccessForActiveId(), and checkScoreParticipantsAccessForActiveId().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkCorrectionsAccess()

ilTestAccess::checkCorrectionsAccess ( )
Returns
bool

Definition at line 78 of file class.ilTestAccess.php.

78 : bool
79 {
80 return $this->getAccess()->checkAccess('write', '', $this->getRefId());
81 }

References getAccess(), and getRefId().

+ Here is the call graph for this function:

◆ checkManageParticipantsAccess()

ilTestAccess::checkManageParticipantsAccess ( )
Returns
bool

Definition at line 105 of file class.ilTestAccess.php.

105 : bool
106 {
107 if ($this->getAccess()->checkAccess('write', '', $this->getRefId())) {
108 return true;
109 }
110
111 if (!$this->getAccess()->checkAccess('read', '', $this->getRefId())) {
112 return false;
113 }
114
115 if ($this->getAccess()->checkPositionAccess(ilOrgUnitOperation::OP_MANAGE_PARTICIPANTS, $this->getRefId())) {
116 return true;
117 }
118
119 return false;
120 }

References getAccess(), getRefId(), and ilOrgUnitOperation\OP_MANAGE_PARTICIPANTS.

+ Here is the call graph for this function:

◆ checkOtherParticipantsLearningProgressAccess()

ilTestAccess::checkOtherParticipantsLearningProgressAccess ( )

Definition at line 147 of file class.ilTestAccess.php.

147 : bool
148 {
149 if ($this->getAccess()->checkAccess('write', '', $this->getRefId())) {
150 return true;
151 }
152
153 if ($this->getAccess()->checkRbacOrPositionPermissionAccess(
154 'read_learning_progress',
155 ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
156 $this->getRefId()
157 )) {
158 return true;
159 }
160
161 return false;
162 }

References getAccess(), getRefId(), and ilOrgUnitOperation\OP_READ_LEARNING_PROGRESS.

+ Here is the call graph for this function:

◆ checkParticipantsResultsAccess()

ilTestAccess::checkParticipantsResultsAccess ( )

Definition at line 122 of file class.ilTestAccess.php.

122 : bool
123 {
124 if ($this->getAccess()->checkAccess('write', '', $this->getRefId())) {
125 return true;
126 }
127
128 if ($this->getAccess()->checkAccess('tst_results', '', $this->getRefId())) {
129 return true;
130 }
131
132 if (!$this->getAccess()->checkAccess('read', '', $this->getRefId())) {
133 return false;
134 }
135
136 if ($this->getAccess()->checkPositionAccess(ilOrgUnitOperation::OP_MANAGE_PARTICIPANTS, $this->getRefId())) {
137 return true;
138 }
139
140 if ($this->getAccess()->checkPositionAccess(ilOrgUnitOperation::OP_ACCESS_RESULTS, $this->getRefId())) {
141 return true;
142 }
143
144 return false;
145 }

References getAccess(), getRefId(), ilOrgUnitOperation\OP_ACCESS_RESULTS, and ilOrgUnitOperation\OP_MANAGE_PARTICIPANTS.

+ Here is the call graph for this function:

◆ checkResultsAccessForActiveId()

ilTestAccess::checkResultsAccessForActiveId ( int  $active_id,
int  $test_id 
)

Definition at line 174 of file class.ilTestAccess.php.

174 : bool
175 {
176 $access_filter = $this->participant_access_filter->getAccessResultsUserFilter($this->getRefId());
177 return $this->checkAccessForActiveId($access_filter, $active_id, $test_id);
178 }
ilTestAccess\checkAccessForActiveId
checkAccessForActiveId(Closure $access_filter, int $active_id, int $test_id)
Definition: class.ilTestAccess.php:164

References checkAccessForActiveId(), and getRefId().

+ Here is the call graph for this function:

◆ checkScoreParticipantsAccess()

ilTestAccess::checkScoreParticipantsAccess ( )
Returns
bool

Definition at line 86 of file class.ilTestAccess.php.

86 : bool
87 {
88 if (!$this->getAccess()->checkAccess('read', '', $this->getRefId())) {
89 return false;
90 }
91 return
92 $this->getAccess()->checkAccess('write', '', $this->getRefId())
93 || $this->getAccess()->checkPositionAccess(ilOrgUnitOperation::OP_SCORE_PARTICIPANTS, $this->getRefId())
94 ;
95 }

References getAccess(), getRefId(), and ilOrgUnitOperation\OP_SCORE_PARTICIPANTS.

+ Here is the call graph for this function:

◆ checkScoreParticipantsAccessAnon()

ilTestAccess::checkScoreParticipantsAccessAnon ( )

Definition at line 97 of file class.ilTestAccess.php.

97 : bool
98 {
99 return $this->getAccess()->checkAccess('score_anon', '', $this->getRefId());
100 }

References getAccess(), and getRefId().

+ Here is the call graph for this function:

◆ checkScoreParticipantsAccessForActiveId()

ilTestAccess::checkScoreParticipantsAccessForActiveId ( int  $active_id,
int  $test_id 
)

Definition at line 180 of file class.ilTestAccess.php.

180 : bool
181 {
182 $access_filter = $this->participant_access_filter->getScoreParticipantsUserFilter($this->getRefId());
183 return $this->checkAccessForActiveId($access_filter, $active_id, $test_id);
184 }

References checkAccessForActiveId(), and getRefId().

+ Here is the call graph for this function:

◆ getAccess()

ilTestAccess::getAccess ( )

Definition at line 60 of file class.ilTestAccess.php.

60 : ilAccessHandler
61 {
62 return $this->access;
63 }
ilTestAccess\$access
ilAccessHandler $access
Definition: class.ilTestAccess.php:39
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27

References $access.

Referenced by checkCorrectionsAccess(), checkManageParticipantsAccess(), checkOtherParticipantsLearningProgressAccess(), checkParticipantsResultsAccess(), checkScoreParticipantsAccess(), and checkScoreParticipantsAccessAnon().

+ Here is the caller graph for this function:

◆ getRefId()

ilTestAccess::getRefId ( )

Definition at line 70 of file class.ilTestAccess.php.

70 : int
71 {
72 return $this->ref_id;
73 }
$ref_id
$ref_id
Definition: ltiauth.php:66

References $ref_id.

Referenced by checkCorrectionsAccess(), checkManageParticipantsAccess(), checkOtherParticipantsLearningProgressAccess(), checkParticipantsResultsAccess(), checkResultsAccessForActiveId(), checkScoreParticipantsAccess(), checkScoreParticipantsAccessAnon(), checkScoreParticipantsAccessForActiveId(), and isParticipantAllowed().

+ Here is the caller graph for this function:

◆ isIpAllowedToAccessTest()

ilTestAccess::isIpAllowedToAccessTest ( string  $ip,
SettingsAccess  $access_settings 
)
private

Definition at line 251 of file class.ilTestAccess.php.

254 : bool {
255 if (!$access_settings->isIpRangeEnabled()) {
256 return true;
257 }
258
259 $range_start = $access_settings->getIpRangeFrom();
260 $range_end = $access_settings->getIpRangeTo();
261
262 if ($this->isIpTypeOf(FILTER_FLAG_IPV4, $ip, $range_start, $range_end)) {
263 return $this->isIpv4Between($ip, $range_start, $range_end);
264 }
265
266 if ($this->isIpTypeOf(FILTER_FLAG_IPV6, $ip, $range_start, $range_end)) {
267 return $this->isIpv6Between($ip, $range_start, $range_end);
268 }
269
270 return false;
271 }
ilTestAccess\isIpv6Between
isIpv6Between(string $ip, string $range_start, string $range_end)
Definition: class.ilTestAccess.php:286
ilTestAccess\isIpTypeOf
isIpTypeOf(int $ip_type_flag, string $ip, string $range_start, string $range_end)
Definition: class.ilTestAccess.php:273
ilTestAccess\isIpv4Between
isIpv4Between(string $ip, string $range_start, string $range_end)
Definition: class.ilTestAccess.php:280

Referenced by isParticipantAllowed().

+ Here is the caller graph for this function:

◆ isIpTypeOf()

ilTestAccess::isIpTypeOf ( int  $ip_type_flag,
string  $ip,
string  $range_start,
string  $range_end 
)
private

Definition at line 273 of file class.ilTestAccess.php.

273 : bool
274 {
275 return filter_var($ip, FILTER_VALIDATE_IP, $ip_type_flag) !== false
276 && filter_var($range_start, FILTER_VALIDATE_IP, $ip_type_flag) !== false
277 && filter_var($range_end, FILTER_VALIDATE_IP, $ip_type_flag) !== false;
278 }

◆ isIpv4Between()

ilTestAccess::isIpv4Between ( string  $ip,
string  $range_start,
string  $range_end 
)
private

Definition at line 280 of file class.ilTestAccess.php.

280 : bool
281 {
282 return ip2long($range_start) <= ip2long($ip)
283 && ip2long($ip) <= ip2long($range_end);
284 }

◆ isIpv6Between()

ilTestAccess::isIpv6Between ( string  $ip,
string  $range_start,
string  $range_end 
)
private

Definition at line 286 of file class.ilTestAccess.php.

286 : bool
287 {
288 return bin2hex(inet_pton($range_start)) <= bin2hex(inet_pton($ip))
289 && bin2hex(inet_pton($ip)) <= bin2hex(inet_pton($range_end));
290 }

◆ isParticipantAllowed()

ilTestAccess::isParticipantAllowed ( int  $obj_id,
int  $user_id 
)

Definition at line 186 of file class.ilTestAccess.php.

186 : ParticipantAccess
187 {
188 try {
189 $access_settings = $this->main_settings_repository->getForObjFi($obj_id)
190 ->getAccessSettings();
191 } catch (SettingsNotFoundException $e) {
192 return ParticipantAccess::MISSING_SETTINGS;
193 } catch (\Exception $e) {
194 return ParticipantAccess::BROKEN_TEST;
195 }
196
197 $participant = $this->participant_repository->getParticipantByUserId(
198 ilObjTest::_getTestIDFromObjectID(
199 ilObjTest::_lookupObjId($this->getRefId())
200 ),
201 $user_id
202 );
203
204 if ($access_settings->getFixedParticipants()
205 && ($participant === null || !$participant->isInvitedParticipant())) {
206 return ParticipantAccess::NOT_INVITED;
207 }
208
209 $ip = $_SERVER['REMOTE_ADDR'];
210
211 $allowed_individual = $this->isParticipantExplicitelyAllowedByIndividualIPRange($participant, $ip);
212 if ($allowed_individual === false) {
213 return ParticipantAccess::INDIVIDUAL_CLIENT_IP_MISMATCH;
214 }
215
216
217 if ($allowed_individual === true
218 || !$access_settings->isIpRangeEnabled()) {
219 return ParticipantAccess::ALLOWED;
220 }
221
222 if (!$this->isIpAllowedToAccessTest($ip, $access_settings)) {
223 return ParticipantAccess::TEST_LEVEL_CLIENT_IP_MISMATCH;
224 }
225
226 return ParticipantAccess::ALLOWED;
227 }
ILIAS\Test\Settings\SettingsNotFoundException
@depracated This is only a temporary exception to identify missing migrations and will be removed in ...
Definition: SettingsNotFoundException.php:25
ilObjTest\_getTestIDFromObjectID
static _getTestIDFromObjectID($object_id)
Returns the ILIAS test id for a given object id.
Definition: class.ilObjTest.php:4091
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilTestAccess\isParticipantExplicitelyAllowedByIndividualIPRange
isParticipantExplicitelyAllowedByIndividualIPRange(?Participant $participant, string $ip)
Definition: class.ilTestAccess.php:229
ilTestAccess\isIpAllowedToAccessTest
isIpAllowedToAccessTest(string $ip, SettingsAccess $access_settings)
Definition: class.ilTestAccess.php:251
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26

References $_SERVER, Vendor\Package\$e, ilObjTest\_getTestIDFromObjectID(), ilObject\_lookupObjId(), getRefId(), isIpAllowedToAccessTest(), and isParticipantExplicitelyAllowedByIndividualIPRange().

+ Here is the call graph for this function:

◆ isParticipantExplicitelyAllowedByIndividualIPRange()

ilTestAccess::isParticipantExplicitelyAllowedByIndividualIPRange ( ?Participant  $participant,
string  $ip 
)
private

Definition at line 229 of file class.ilTestAccess.php.

232 : ?bool {
233 $range_start = $participant?->getClientIpFrom();
234 $range_end = $participant?->getClientIpTo();
235
236 if ($range_start === null && $range_end === null) {
237 return null;
238 }
239
240 if ($this->isIpTypeOf(FILTER_FLAG_IPV4, $ip, $range_start, $range_end)) {
241 return $this->isIpv4Between($ip, $range_start, $range_end);
242 }
243
244 if ($this->isIpTypeOf(FILTER_FLAG_IPV6, $ip, $range_start, $range_end)) {
245 return $this->isIpv6Between($ip, $range_start, $range_end);
246 }
247
248 return false;
249 }

Referenced by isParticipantAllowed().

+ Here is the caller graph for this function:

◆ setAccess()

ilTestAccess::setAccess ( ilAccessHandler  $access)

Definition at line 65 of file class.ilTestAccess.php.

66 {
67 $this->access = $access;
68 }

References $access, and ILIAS\Repository\access().

+ Here is the call graph for this function:

Field Documentation

◆ $access

ilAccessHandler ilTestAccess::$access
protected

Definition at line 39 of file class.ilTestAccess.php.

Referenced by getAccess(), and setAccess().

◆ $db

ilDBInterface ilTestAccess::$db
protected

Definition at line 40 of file class.ilTestAccess.php.

◆ $lng

ilLanguage ilTestAccess::$lng
protected

Definition at line 41 of file class.ilTestAccess.php.

◆ $main_settings_repository

MainSettingsDatabaseRepository ilTestAccess::$main_settings_repository
protected

Definition at line 42 of file class.ilTestAccess.php.

◆ $participant_access_filter

ilTestParticipantAccessFilterFactory ilTestAccess::$participant_access_filter
protected

Definition at line 44 of file class.ilTestAccess.php.

◆ $participant_repository

ParticipantRepository ilTestAccess::$participant_repository
protected

Definition at line 45 of file class.ilTestAccess.php.

The documentation for this class was generated from the following file: