d9/d2d/class_8ilTestAccess_8php_source.html

<?php


declare(strict_types=1);


use ILIAS\Test\Participants\ParticipantRepository;

use ILIAS\Test\Participants\Participant;

use ILIAS\Test\TestDIC;

use ILIAS\Test\Access\ParticipantAccess;

use ILIAS\Test\Settings\MainSettings\MainSettingsDatabaseRepository;

use ILIAS\Test\Settings\MainSettings\SettingsAccess;


class ilTestAccess

{

    protected ilAccessHandler $access;

    protected ilDBInterface $db;

    protected ilLanguage $lng;

    protected MainSettingsDatabaseRepository $main_settings_repository;


    protected ilTestParticipantAccessFilterFactory $participant_access_filter;

    protected ParticipantRepository $participant_repository;


    public function __construct(

        protected int $ref_id

    ) {

        global $DIC;

        $this->db = $DIC['ilDB'];

        $this->lng = $DIC['lng'];

        $this->participant_access_filter = new ilTestParticipantAccessFilterFactory($DIC['ilAccess']);

        $this->participant_repository = TestDIC::dic()['participant.repository'];

        $this->access = $DIC->access();

        $this->main_settings_repository = TestDIC::dic()['settings.main.repository'];

    }


    public function getAccess(): ilAccessHandler

    {

        return $this->access;

    }


    public function setAccess(ilAccessHandler $access)

    {

        $this->access = $access;

    }


    public function getRefId(): int

    {

        return $this->ref_id;

    }


    public function checkCorrectionsAccess(): bool

    {

        return $this->getAccess()->checkAccess('write', '', $this->getRefId());

    }


    public function checkScoreParticipantsAccess(): bool

    {

        if (!$this->getAccess()->checkAccess('read', '', $this->getRefId())) {

            return false;

        }

        return

            $this->getAccess()->checkAccess('write', '', $this->getRefId())

            || $this->getAccess()->checkPositionAccess(ilOrgUnitOperation::OP_SCORE_PARTICIPANTS, $this->getRefId())

        ;

    }


    public function checkScoreParticipantsAccessAnon(): bool

    {

        return $this->getAccess()->checkAccess('score_anon', '', $this->getRefId());

    }


    public function checkManageParticipantsAccess(): bool

    {

        if ($this->getAccess()->checkAccess('write', '', $this->getRefId())) {

            return true;

        }


        if (!$this->getAccess()->checkAccess('read', '', $this->getRefId())) {

            return false;

        }


        if ($this->getAccess()->checkPositionAccess(ilOrgUnitOperation::OP_MANAGE_PARTICIPANTS, $this->getRefId())) {

            return true;

        }


        return false;

    }


    public function checkParticipantsResultsAccess(): bool

    {

        if ($this->getAccess()->checkAccess('write', '', $this->getRefId())) {

            return true;

        }


        if ($this->getAccess()->checkAccess('tst_results', '', $this->getRefId())) {

            return true;

        }


        if (!$this->getAccess()->checkAccess('read', '', $this->getRefId())) {

            return false;

        }


        if ($this->getAccess()->checkPositionAccess(ilOrgUnitOperation::OP_MANAGE_PARTICIPANTS, $this->getRefId())) {

            return true;

        }


        if ($this->getAccess()->checkPositionAccess(ilOrgUnitOperation::OP_ACCESS_RESULTS, $this->getRefId())) {

            return true;

        }


        return false;

    }


    public function checkOtherParticipantsLearningProgressAccess(): bool

    {

        if ($this->getAccess()->checkAccess('write', '', $this->getRefId())) {

            return true;

        }


        if ($this->getAccess()->checkRbacOrPositionPermissionAccess(

            'read_learning_progress',

            ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,

            $this->getRefId()

        )) {

            return true;

        }


        return false;

    }


    protected function checkAccessForActiveId(Closure $access_filter, int $active_id, int $test_id): bool

    {

        $participantData = new ilTestParticipantData($this->db, $this->lng);

        $participantData->setActiveIdsFilter([$active_id]);

        $participantData->setParticipantAccessFilter($access_filter);

        $participantData->load($test_id);


        return in_array($active_id, $participantData->getActiveIds());

    }


    public function checkResultsAccessForActiveId(int $active_id, int $test_id): bool

    {

        $access_filter = $this->participant_access_filter->getAccessResultsUserFilter($this->getRefId());

        return $this->checkAccessForActiveId($access_filter, $active_id, $test_id);

    }


    public function checkScoreParticipantsAccessForActiveId(int $active_id, int $test_id): bool

    {

        $access_filter = $this->participant_access_filter->getScoreParticipantsUserFilter($this->getRefId());

        return $this->checkAccessForActiveId($access_filter, $active_id, $test_id);

    }


    public function isParticipantAllowed(int $obj_id, int $user_id): ParticipantAccess

    {

        try {

            $access_settings = $this->main_settings_repository->getForObjFi($obj_id)

                ->getAccessSettings();

        } catch (\Exception $e) {

            return ParticipantAccess::BROKEN_TEST;

        }


        $participant = $this->participant_repository->getParticipantByUserId(

            ilObjTest::_getTestIDFromObjectID(

                ilObjTest::_lookupObjId($this->getRefId())

            ),

            $user_id

        );


        if ($access_settings->getFixedParticipants()

            && ($participant === null || !$participant->isInvitedParticipant())) {

            return ParticipantAccess::NOT_INVITED;

        }


        $ip = $_SERVER['REMOTE_ADDR'];


        $allowed_individual = $this->isParticipantExplicitelyAllowedByIndividualIPRange($participant, $ip);

        if ($allowed_individual === false) {

            return ParticipantAccess::INDIVIDUAL_CLIENT_IP_MISMATCH;

        }


        if ($allowed_individual === true

            || !$access_settings->isIpRangeEnabled()) {

            return ParticipantAccess::ALLOWED;

        }


        if (!$this->isIpAllowedToAccessTest($ip, $access_settings)) {

            return ParticipantAccess::TEST_LEVEL_CLIENT_IP_MISMATCH;

        }


        return ParticipantAccess::ALLOWED;

    }


    private function isParticipantExplicitelyAllowedByIndividualIPRange(

        ?Participant $participant,

        string $ip

    ): ?bool {

        $range_start = $participant?->getClientIpFrom();

        $range_end = $participant?->getClientIpTo();


        if ($range_start === null && $range_end === null) {

            return null;

        }


        if ($this->isIpTypeOf(FILTER_FLAG_IPV4, $ip, $range_start, $range_end)) {

            return $this->isIpv4Between($ip, $range_start, $range_end);

        }


        if ($this->isIpTypeOf(FILTER_FLAG_IPV6, $ip, $range_start, $range_end)) {

            return $this->isIpv6Between($ip, $range_start, $range_end);

        }


        return false;

    }


    private function isIpAllowedToAccessTest(

        string $ip,

        SettingsAccess $access_settings

    ): bool {

        if (!$access_settings->isIpRangeEnabled()) {

            return true;

        }


        $range_start = $access_settings->getIpRangeFrom();

        $range_end = $access_settings->getIpRangeTo();


        if ($this->isIpTypeOf(FILTER_FLAG_IPV4, $ip, $range_start, $range_end)) {

            return $this->isIpv4Between($ip, $range_start, $range_end);

        }


        if ($this->isIpTypeOf(FILTER_FLAG_IPV6, $ip, $range_start, $range_end)) {

            return $this->isIpv6Between($ip, $range_start, $range_end);

        }


        return false;

    }


    private function isIpTypeOf(int $ip_type_flag, string $ip, string $range_start, string $range_end): bool

    {

        return filter_var($ip, FILTER_VALIDATE_IP, $ip_type_flag) !== false

            && filter_var($range_start, FILTER_VALIDATE_IP, $ip_type_flag) !== false

            && filter_var($range_end, FILTER_VALIDATE_IP, $ip_type_flag) !== false;

    }


    private function isIpv4Between(string $ip, string $range_start, string $range_end): bool

    {

        return ip2long($range_start) <= ip2long($ip)

            && ip2long($ip) <= ip2long($range_end);

    }


    private function isIpv6Between(string $ip, string $range_start, string $range_end): bool

    {

        return bin2hex(inet_pton($range_start)) <= bin2hex(inet_pton($ip))

            && bin2hex(inet_pton($ip)) <= bin2hex(inet_pton($range_end));

    }

}

ILIAS\Test\Participants\ParticipantRepository
Definition: ParticipantRepository.php:27

ILIAS\Test\Participants\Participant
Definition: Participant.php:26

ILIAS\Test\Participants\Participant\getClientIpTo
getClientIpTo()
Definition: Participant.php:126

ILIAS\Test\Settings\MainSettings\MainSettingsDatabaseRepository
Definition: MainSettingsDatabaseRepository.php:26

ILIAS\Test\Settings\MainSettings\SettingsAccess
Definition: SettingsAccess.php:32

ILIAS\Test\TestDIC
Definition: TestDIC.php:52

ilLanguage
language handling
Definition: class.ilLanguage.php:43

ilObjTest\_getTestIDFromObjectID
static _getTestIDFromObjectID($object_id)
Returns the ILIAS test id for a given object id.
Definition: class.ilObjTest.php:4189

ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940

ilOrgUnitOperation\OP_READ_LEARNING_PROGRESS
const OP_READ_LEARNING_PROGRESS
Definition: class.ilOrgUnitOperation.php:25

ilOrgUnitOperation\OP_SCORE_PARTICIPANTS
const OP_SCORE_PARTICIPANTS
Definition: class.ilOrgUnitOperation.php:32

ilOrgUnitOperation\OP_MANAGE_PARTICIPANTS
const OP_MANAGE_PARTICIPANTS
Definition: class.ilOrgUnitOperation.php:31

ilOrgUnitOperation\OP_ACCESS_RESULTS
const OP_ACCESS_RESULTS
Definition: class.ilOrgUnitOperation.php:28

ilTestAccess
Definition: class.ilTestAccess.php:37

ilTestAccess\isIpv6Between
isIpv6Between(string $ip, string $range_start, string $range_end)
Definition: class.ilTestAccess.php:283

ilTestAccess\$main_settings_repository
MainSettingsDatabaseRepository $main_settings_repository
Definition: class.ilTestAccess.php:41

ilTestAccess\checkScoreParticipantsAccessAnon
checkScoreParticipantsAccessAnon()
Definition: class.ilTestAccess.php:96

ilTestAccess\$lng
ilLanguage $lng
Definition: class.ilTestAccess.php:40

ilTestAccess\checkResultsAccessForActiveId
checkResultsAccessForActiveId(int $active_id, int $test_id)
Definition: class.ilTestAccess.php:173

ilTestAccess\checkParticipantsResultsAccess
checkParticipantsResultsAccess()
Definition: class.ilTestAccess.php:121

ilTestAccess\getAccess
getAccess()
Definition: class.ilTestAccess.php:59

ilTestAccess\isParticipantExplicitelyAllowedByIndividualIPRange
isParticipantExplicitelyAllowedByIndividualIPRange(?Participant $participant, string $ip)
Definition: class.ilTestAccess.php:226

ilTestAccess\isIpTypeOf
isIpTypeOf(int $ip_type_flag, string $ip, string $range_start, string $range_end)
Definition: class.ilTestAccess.php:270

ilTestAccess\checkOtherParticipantsLearningProgressAccess
checkOtherParticipantsLearningProgressAccess()
Definition: class.ilTestAccess.php:146

ilTestAccess\checkScoreParticipantsAccess
checkScoreParticipantsAccess()
Definition: class.ilTestAccess.php:85

ilTestAccess\checkCorrectionsAccess
checkCorrectionsAccess()
Definition: class.ilTestAccess.php:77

ilTestAccess\checkAccessForActiveId
checkAccessForActiveId(Closure $access_filter, int $active_id, int $test_id)
Definition: class.ilTestAccess.php:163

ilTestAccess\isIpv4Between
isIpv4Between(string $ip, string $range_start, string $range_end)
Definition: class.ilTestAccess.php:277

ilTestAccess\$participant_repository
ParticipantRepository $participant_repository
Definition: class.ilTestAccess.php:44

ilTestAccess\checkScoreParticipantsAccessForActiveId
checkScoreParticipantsAccessForActiveId(int $active_id, int $test_id)
Definition: class.ilTestAccess.php:179

ilTestAccess\$db
ilDBInterface $db
Definition: class.ilTestAccess.php:39

ilTestAccess\isIpAllowedToAccessTest
isIpAllowedToAccessTest(string $ip, SettingsAccess $access_settings)
Definition: class.ilTestAccess.php:248

ilTestAccess\getRefId
getRefId()
Definition: class.ilTestAccess.php:69

ilTestAccess\checkManageParticipantsAccess
checkManageParticipantsAccess()
Definition: class.ilTestAccess.php:104

ilTestAccess\$access
ilAccessHandler $access
Definition: class.ilTestAccess.php:38

ilTestAccess\isParticipantAllowed
isParticipantAllowed(int $obj_id, int $user_id)
Definition: class.ilTestAccess.php:185

ilTestAccess\setAccess
setAccess(ilAccessHandler $access)
Definition: class.ilTestAccess.php:64

ilTestAccess\$participant_access_filter
ilTestParticipantAccessFilterFactory $participant_access_filter
Definition: class.ilTestAccess.php:43

ilTestParticipantAccessFilterFactory
Definition: class.ilTestParticipantAccessFilter.php:22

ilTestParticipantData
Definition: class.ilTestParticipantData.php:28

ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27

ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:30

$ref_id
$ref_id
Definition: ltiauth.php:66

ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38

ILIAS\Repository\int
int(string $key)
Definition: trait.BaseGUIRequest.php:61

ILIAS\Repository\access
access()
Definition: trait.GlobalDICDomainServices.php:51

ILIAS\Repository\lng
lng()
Definition: trait.GlobalDICDomainServices.php:61

ILIAS\Test\Access\ParticipantAccess
ParticipantAccess
Definition: ParticipantAccess.php:26

Vendor\Package\$e
$e
Definition: example_cleaned.php:49

$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:26

if
if(!file_exists('../ilias.ini.php'))
Definition: sessioncheck.php:23

$DIC
global $DIC
Definition: shib_login.php:26

$user_id
int $user_id
Definition: trait.ilExAssignmentTypeGUIBase.php:38