ilIndividualAssessmentAccessHandler Class Reference

Deal with ilias rbac-system. More...

Inheritance diagram for ilIndividualAssessmentAccessHandler:

Collaboration diagram for ilIndividualAssessmentAccessHandler:

Public Member Functions
	__construct (ilObjIndividualAssessment $iass, ilAccessHandler $handler, ilRbacAdmin $admin, ilRbacReview $review, ilObjUser $usr)
	checkRBACAccessToObj (string $operation)
	checkRBACOrPositionAccessToObj (string $operation)
	simulateMember ()
	initDefaultRolesForObject (ilObjIndividualAssessment $iass)
	Create default roles at an object. More...
	assignUserToMemberRole (ilObjUser $usr, ilObjIndividualAssessment $iass)
	Assign a user to the member role at an Individual assessment. More...
	deassignUserFromMemberRole (ilObjUser $usr, ilObjIndividualAssessment $iass)
	Deasign a user from the member role at an Individual assessment. More...
	mayReadObject ()
	mayEditObject ()
	mayEditPermissions ()
	mayEditMembers ()
	mayViewAnyUser ()
	mayViewAllUsers ()
	mayGradeAnyUser ()
	mayGradeUser (int $user_id)
	mayViewUser (int $user_id)
	mayAmendAllUsers ()
	isSystemAdmin ()
	mayEditLearningProgressSettings ()

Data Fields
const	DEFAULT_ROLE = 'il_iass_member'

Protected Member Functions
	checkMemberRoleForPermission (string $operation)
	getRoleTitleByObj (ilObjIndividualAssessment $iass)
	getMemberRoleIdForObj (ilObjIndividualAssessment $iass)

Protected Attributes
ilObjIndividualAssessment	$iass
ilAccessHandler	$handler
ilRbacAdmin	$admin
ilRbacReview	$review
ilObjUser	$usr

Detailed Description

Deal with ilias rbac-system.

Definition at line 24 of file class.ilIndividualAssessmentAccessHandler.php.

Constructor & Destructor Documentation

__construct()

ilIndividualAssessmentAccessHandler::__construct	(	ilObjIndividualAssessment	$iass,
		ilAccessHandler	$handler,
		ilRbacAdmin	$admin,
		ilRbacReview	$review,
		ilObjUser	$usr
	)

Definition at line 34 of file class.ilIndividualAssessmentAccessHandler.php.

References $admin, $handler, $iass, $review, and $usr.

      {
        $this->iass = $iass;
        $this->handler = $handler;
        $this->admin = $admin;
        $this->review = $review;
        $this->usr = $usr;
    }

Member Function Documentation

assignUserToMemberRole()

ilIndividualAssessmentAccessHandler::assignUserToMemberRole	(	ilObjUser	$usr,
		ilObjIndividualAssessment	$iass
	)

Assign a user to the member role at an Individual assessment.

Implements IndividualAssessmentAccessHandler.

Definition at line 132 of file class.ilIndividualAssessmentAccessHandler.php.

References ilObject\getId(), and getMemberRoleIdForObj().

                                                                                           : bool
    {
        $this->admin->assignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
        return true;
    }

Here is the call graph for this function:

checkMemberRoleForPermission()

ilIndividualAssessmentAccessHandler::checkMemberRoleForPermission ( string  $operation )

protected

Definition at line 96 of file class.ilIndividualAssessmentAccessHandler.php.

References $ref_id.

Referenced by checkRBACAccessToObj().

                                                                      : bool
    {
        $ref_id = $this->iass->getRefId();
        $roles = array_filter(
            $this->review->getParentRoleIds($ref_id),
            static fn(array $role): bool => str_starts_with($role['title'], 'il_crs_member_')
        );
        if($roles === []) {
            return false;
        }
        $role = array_shift($roles);
        $active_ops = $this->review->getActiveOperationsOfRole($ref_id, $role['rol_id']);
        foreach($active_ops as $op) {
            if($this->review->getOperation($op)['operation'] === $operation) {
                return true;
            }
        }
        return false;
    }

Here is the caller graph for this function:

checkRBACAccessToObj()

ilIndividualAssessmentAccessHandler::checkRBACAccessToObj

(

string

$operation

)

Definition at line 51 of file class.ilIndividualAssessmentAccessHandler.php.

References checkMemberRoleForPermission(), isSystemAdmin(), and simulateMember().

Referenced by mayAmendAllUsers(), mayEditLearningProgressSettings(), mayEditMembers(), mayEditObject(), mayEditPermissions(), mayReadObject(), and mayViewAllUsers().

                                                           : bool
    {
        if($this->simulateMember()) {
            return $this->checkMemberRoleForPermission($operation);
        } else {
            return $this->isSystemAdmin() ||
                $this->handler->checkAccessOfUser($this->usr->getId(), $operation, '', $this->iass->getRefId(), 'iass');
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

checkRBACOrPositionAccessToObj()

ilIndividualAssessmentAccessHandler::checkRBACOrPositionAccessToObj

(

string

$operation

)

Definition at line 61 of file class.ilIndividualAssessmentAccessHandler.php.

References isSystemAdmin().

Referenced by mayGradeAnyUser(), and mayViewAnyUser().

    {
        if ($this->isSystemAdmin()) {
            return true;
        }

        if ($operation == "read_learning_progress") {
            return $this->handler->checkRbacOrPositionPermissionAccess(
                "read_learning_progress",
                "read_learning_progress",
                $this->iass->getRefId()
            );
        }

        if ($operation == "write_learning_progress") {
            return $this->handler->checkRbacOrPositionPermissionAccess(
                // This feels super odd, but this is actually ok because we do not have
                // a dedicated RBAC permission to write_learning_progress.
                // See: https://mantis.ilias.de/view.php?id=36056#c89865
                "read_learning_progress",
                "write_learning_progress",
                $this->iass->getRefId()
            );
        }

        throw new \LogicException("Unknown rbac/position-operation: $operation");
    }

Here is the call graph for this function:

Here is the caller graph for this function:

deassignUserFromMemberRole()

ilIndividualAssessmentAccessHandler::deassignUserFromMemberRole	(	ilObjUser	$usr,
		ilObjIndividualAssessment	$iass
	)

Deasign a user from the member role at an Individual assessment.

Implements IndividualAssessmentAccessHandler.

Definition at line 141 of file class.ilIndividualAssessmentAccessHandler.php.

References ilObject\getId(), and getMemberRoleIdForObj().

                                                                                               : bool
    {
        $this->admin->deassignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
        return true;
    }

Here is the call graph for this function:

getMemberRoleIdForObj()

ilIndividualAssessmentAccessHandler::getMemberRoleIdForObj ( ilObjIndividualAssessment  $iass )

protected

Returns

false|mixed

Definition at line 155 of file class.ilIndividualAssessmentAccessHandler.php.

References ilObject\getRefId().

Referenced by assignUserToMemberRole(), and deassignUserFromMemberRole().

    {
        return current($this->review->getLocalRoles($iass->getRefId()));
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getRoleTitleByObj()

ilIndividualAssessmentAccessHandler::getRoleTitleByObj ( ilObjIndividualAssessment  $iass )

protected

Definition at line 147 of file class.ilIndividualAssessmentAccessHandler.php.

References ilObject\getRefId().

Referenced by initDefaultRolesForObject().

                                                                         : string
    {
        return self::DEFAULT_ROLE . '_' . $iass->getRefId();
    }

Here is the call graph for this function:

Here is the caller graph for this function:

initDefaultRolesForObject()

ilIndividualAssessmentAccessHandler::initDefaultRolesForObject

(

ilObjIndividualAssessment

$iass

)

Create default roles at an object.

Implements IndividualAssessmentAccessHandler.

Definition at line 119 of file class.ilIndividualAssessmentAccessHandler.php.

References ilObjRole\createDefaultRole(), ilObject\getId(), ilObject\getRefId(), and getRoleTitleByObj().

                                                                              : void
    {
        ilObjRole::createDefaultRole(
            $this->getRoleTitleByObj($iass),
            "Admin of iass obj_no." . $iass->getId(),
            self::DEFAULT_ROLE,
            $iass->getRefId()
        );
    }

Here is the call graph for this function:

isSystemAdmin()

ilIndividualAssessmentAccessHandler::isSystemAdmin

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 230 of file class.ilIndividualAssessmentAccessHandler.php.

References SYSTEM_ROLE_ID.

Referenced by checkRBACAccessToObj(), and checkRBACOrPositionAccessToObj().

                                   : bool
    {
        return $this->review->isAssigned($this->usr->getId(), SYSTEM_ROLE_ID);
    }

Here is the caller graph for this function:

mayAmendAllUsers()

ilIndividualAssessmentAccessHandler::mayAmendAllUsers

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 225 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACAccessToObj().

                                      : bool
    {
        return $this->checkRBACAccessToObj('amend_grading');
    }

Here is the call graph for this function:

mayEditLearningProgressSettings()

ilIndividualAssessmentAccessHandler::mayEditLearningProgressSettings

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 235 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACAccessToObj().

                                                     : bool
    {
        return $this->checkRBACAccessToObj('edit_learning_progress');
    }

Here is the call graph for this function:

mayEditMembers()

ilIndividualAssessmentAccessHandler::mayEditMembers

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 175 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACAccessToObj().

                                    : bool
    {
        return $this->checkRBACAccessToObj('edit_members');
    }

Here is the call graph for this function:

mayEditObject()

ilIndividualAssessmentAccessHandler::mayEditObject

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 165 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACAccessToObj().

                                   : bool
    {
        return $this->checkRBACAccessToObj('write');
    }

Here is the call graph for this function:

mayEditPermissions()

ilIndividualAssessmentAccessHandler::mayEditPermissions

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 170 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACAccessToObj().

                                        : bool
    {
        return $this->checkRBACAccessToObj('edit_permission');
    }

Here is the call graph for this function:

mayGradeAnyUser()

ilIndividualAssessmentAccessHandler::mayGradeAnyUser

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 190 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACOrPositionAccessToObj().

                                     : bool
    {
        return $this->checkRBACOrPositionAccessToObj('write_learning_progress');
    }

Here is the call graph for this function:

mayGradeUser()

ilIndividualAssessmentAccessHandler::mayGradeUser

(

int

$user_id

)

Implements IndividualAssessmentAccessHandler.

Definition at line 195 of file class.ilIndividualAssessmentAccessHandler.php.

References $user_id.

                                              : bool
    {
        return
            (count(
                $this->handler->filterUserIdsByRbacOrPositionOfCurrentUser(
                    // This feels super odd, but this is actually ok because we do not have
                    // a dedicated RBAC permission to write_learning_progress.
                    // See: https://mantis.ilias.de/view.php?id=36056#c89865
                    "read_learning_progress",
                    "write_learning_progress",
                    $this->iass->getRefId(),
                    [$user_id]
                )
            ) > 0);
    }

mayReadObject()

ilIndividualAssessmentAccessHandler::mayReadObject

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 160 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACAccessToObj().

                                   : bool
    {
        return $this->checkRBACAccessToObj('read');
    }

Here is the call graph for this function:

mayViewAllUsers()

ilIndividualAssessmentAccessHandler::mayViewAllUsers

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 185 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACAccessToObj().

Referenced by mayViewUser().

                                     : bool
    {
        return $this->checkRBACAccessToObj('read_learning_progress');
    }

Here is the call graph for this function:

Here is the caller graph for this function:

mayViewAnyUser()

ilIndividualAssessmentAccessHandler::mayViewAnyUser

(

)

Implements IndividualAssessmentAccessHandler.

Definition at line 180 of file class.ilIndividualAssessmentAccessHandler.php.

References checkRBACOrPositionAccessToObj().

                                    : bool
    {
        return $this->checkRBACOrPositionAccessToObj('read_learning_progress');
    }

Here is the call graph for this function:

mayViewUser()

ilIndividualAssessmentAccessHandler::mayViewUser

(

int

$user_id

)

Implements IndividualAssessmentAccessHandler.

Definition at line 211 of file class.ilIndividualAssessmentAccessHandler.php.

References $user_id, and mayViewAllUsers().

                                             : bool
    {
        return
            $this->mayViewAllUsers() ||
            (count(
                $this->handler->filterUserIdsByRbacOrPositionOfCurrentUser(
                    "read_learning_progress",
                    "read_learning_progress",
                    $this->iass->getRefId(),
                    [$user_id]
                )
            ) > 0);
    }

Here is the call graph for this function:

simulateMember()

ilIndividualAssessmentAccessHandler::simulateMember

(

)

Definition at line 89 of file class.ilIndividualAssessmentAccessHandler.php.

References ilMemberViewSettings\getInstance().

Referenced by checkRBACAccessToObj().

                                    : bool
    {
        $settings = ilMemberViewSettings::getInstance();
        return $settings->isActive() &&
            $settings->getContainer() === $this->iass->getParentContainerIdByType($this->iass->getRefId(), ['crs']);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

$admin

ilRbacAdmin ilIndividualAssessmentAccessHandler::$admin

protected

Definition at line 30 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct().

$handler

ilAccessHandler ilIndividualAssessmentAccessHandler::$handler

protected

Definition at line 29 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct().

$iass

ilObjIndividualAssessment ilIndividualAssessmentAccessHandler::$iass

protected

Definition at line 28 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct().

$review

ilRbacReview ilIndividualAssessmentAccessHandler::$review

protected

Definition at line 31 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct().

$usr

ilObjUser ilIndividualAssessmentAccessHandler::$usr

protected

Definition at line 32 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct().

DEFAULT_ROLE

const ilIndividualAssessmentAccessHandler::DEFAULT_ROLE = 'il_iass_member'

Definition at line 26 of file class.ilIndividualAssessmentAccessHandler.php.

---

The documentation for this class was generated from the following file:

• components/ILIAS/IndividualAssessment/classes/AccessControl/class.ilIndividualAssessmentAccessHandler.php