ILIAS  trunk Revision v12.0_alpha-377-g3641b37b9db
Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes
ilIndividualAssessmentAccessHandler Class Reference

Deal with ilias rbac-system. More...

+ Inheritance diagram for ilIndividualAssessmentAccessHandler:
+ Collaboration diagram for ilIndividualAssessmentAccessHandler:

Public Member Functions

 __construct (ilObjIndividualAssessment $iass, ilAccessHandler $handler, ilRbacAdmin $admin, ilRbacReview $review, ilObjUser $usr)
 
 checkRBACAccessToObj (string $operation)
 
 checkRBACOrPositionAccessToObj (string $operation)
 
 simulateMember ()
 
 initDefaultRolesForObject (ilObjIndividualAssessment $iass)
 Create default roles at an object. More...
 
 assignUserToMemberRole (ilObjUser $usr, ilObjIndividualAssessment $iass)
 Assign a user to the member role at an Individual assessment. More...
 
 deassignUserFromMemberRole (ilObjUser $usr, ilObjIndividualAssessment $iass)
 Deasign a user from the member role at an Individual assessment. More...
 
 mayReadObject ()
 
 mayEditObject ()
 
 mayEditPermissions ()
 
 mayEditMembers ()
 
 mayViewAnyUser ()
 
 mayViewAllUsers ()
 
 mayGradeAnyUser ()
 
 mayGradeUser (int $user_id)
 
 mayViewUser (int $user_id)
 
 mayAmendAllUsers ()
 
 isSystemAdmin ()
 
 mayEditLearningProgressSettings ()
 
 initDefaultRolesForObject (ilObjIndividualAssessment $iass)
 Create default roles at an object. More...
 
 assignUserToMemberRole (ilObjUser $usr, ilObjIndividualAssessment $iass)
 Assign a user to the member role at an Individual assessment. More...
 
 deassignUserFromMemberRole (ilObjUser $usr, ilObjIndividualAssessment $iass)
 Deasign a user from the member role at an Individual assessment. More...
 
 mayReadObject ()
 
 mayEditObject ()
 
 mayEditPermissions ()
 
 mayEditMembers ()
 
 mayViewAnyUser ()
 
 mayViewAllUsers ()
 
 mayGradeAnyUser ()
 
 mayGradeUser (int $user_id)
 
 mayViewUser (int $user_id)
 
 mayAmendAllUsers ()
 
 isSystemAdmin ()
 
 mayEditLearningProgressSettings ()
 

Data Fields

const DEFAULT_ROLE = 'il_iass_member'
 

Protected Member Functions

 checkMemberRoleForPermission (string $operation)
 
 getRoleTitleByObj (ilObjIndividualAssessment $iass)
 
 getMemberRoleIdForObj (ilObjIndividualAssessment $iass)
 

Protected Attributes

ilObjIndividualAssessment $iass
 
ilAccessHandler $handler
 
ilRbacAdmin $admin
 
ilRbacReview $review
 
ilObjUser $usr
 

Detailed Description

Deal with ilias rbac-system.

Definition at line 24 of file class.ilIndividualAssessmentAccessHandler.php.

Constructor & Destructor Documentation

◆ __construct()

ilIndividualAssessmentAccessHandler::__construct ( ilObjIndividualAssessment  $iass,
ilAccessHandler  $handler,
ilRbacAdmin  $admin,
ilRbacReview  $review,
ilObjUser  $usr 
)

Definition at line 34 of file class.ilIndividualAssessmentAccessHandler.php.

40 {
41 $this->iass = $iass;
42 $this->handler = $handler;
43 $this->admin = $admin;
44 $this->review = $review;
45 $this->usr = $usr;
46 }

References $admin, $handler, $iass, $review, and $usr.

Member Function Documentation

◆ assignUserToMemberRole()

ilIndividualAssessmentAccessHandler::assignUserToMemberRole ( ilObjUser  $usr,
ilObjIndividualAssessment  $iass 
)

Assign a user to the member role at an Individual assessment.

Implements IndividualAssessmentAccessHandler.

Definition at line 132 of file class.ilIndividualAssessmentAccessHandler.php.

132 : bool
133 {
134 $this->admin->assignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
135 return true;
136 }

References $usr, ilObject\getId(), and getMemberRoleIdForObj().

+ Here is the call graph for this function:

◆ checkMemberRoleForPermission()

ilIndividualAssessmentAccessHandler::checkMemberRoleForPermission ( string  $operation)
protected

Definition at line 96 of file class.ilIndividualAssessmentAccessHandler.php.

96 : bool
97 {
98 $ref_id = $this->iass->getRefId();
99 $roles = array_filter(
100 $this->review->getParentRoleIds($ref_id),
101 static fn(array $role): bool => str_starts_with($role['title'], 'il_crs_member_')
102 );
103 if($roles === []) {
104 return false;
105 }
106 $role = array_shift($roles);
107 $active_ops = $this->review->getActiveOperationsOfRole($ref_id, $role['rol_id']);
108 foreach($active_ops as $op) {
109 if($this->review->getOperation($op)['operation'] === $operation) {
110 return true;
111 }
112 }
113 return false;
114 }
$ref_id
$ref_id
Definition: ltiauth.php:66

References $ref_id.

Referenced by checkRBACAccessToObj().

+ Here is the caller graph for this function:

◆ checkRBACAccessToObj()

ilIndividualAssessmentAccessHandler::checkRBACAccessToObj ( string  $operation)

Definition at line 51 of file class.ilIndividualAssessmentAccessHandler.php.

51 : bool
52 {
53 if($this->simulateMember()) {
54 return $this->checkMemberRoleForPermission($operation);
55 } else {
56 return $this->isSystemAdmin() ||
57 $this->handler->checkAccessOfUser($this->usr->getId(), $operation, '', $this->iass->getRefId(), 'iass');
58 }
59 }

References checkMemberRoleForPermission(), isSystemAdmin(), and simulateMember().

Referenced by mayAmendAllUsers(), mayEditLearningProgressSettings(), mayEditMembers(), mayEditObject(), mayEditPermissions(), mayReadObject(), and mayViewAllUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkRBACOrPositionAccessToObj()

ilIndividualAssessmentAccessHandler::checkRBACOrPositionAccessToObj ( string  $operation)

Definition at line 61 of file class.ilIndividualAssessmentAccessHandler.php.

62 {
63 if ($this->isSystemAdmin()) {
64 return true;
65 }
66
67 if ($operation == "read_learning_progress") {
68 return $this->handler->checkRbacOrPositionPermissionAccess(
69 "read_learning_progress",
70 "read_learning_progress",
71 $this->iass->getRefId()
72 );
73 }
74
75 if ($operation == "write_learning_progress") {
76 return $this->handler->checkRbacOrPositionPermissionAccess(
77 // This feels super odd, but this is actually ok because we do not have
78 // a dedicated RBAC permission to write_learning_progress.
79 // See: https://mantis.ilias.de/view.php?id=36056#c89865
80 "read_learning_progress",
81 "write_learning_progress",
82 $this->iass->getRefId()
83 );
84 }
85
86 throw new \LogicException("Unknown rbac/position-operation: $operation");
87 }

References isSystemAdmin().

Referenced by mayGradeAnyUser(), and mayViewAnyUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ deassignUserFromMemberRole()

ilIndividualAssessmentAccessHandler::deassignUserFromMemberRole ( ilObjUser  $usr,
ilObjIndividualAssessment  $iass 
)

Deasign a user from the member role at an Individual assessment.

Implements IndividualAssessmentAccessHandler.

Definition at line 141 of file class.ilIndividualAssessmentAccessHandler.php.

141 : bool
142 {
143 $this->admin->deassignUser($this->getMemberRoleIdForObj($iass), $usr->getId());
144 return true;
145 }

References $usr, ilObject\getId(), and getMemberRoleIdForObj().

+ Here is the call graph for this function:

◆ getMemberRoleIdForObj()

ilIndividualAssessmentAccessHandler::getMemberRoleIdForObj ( ilObjIndividualAssessment  $iass)
protected
Returns
false|mixed

Definition at line 155 of file class.ilIndividualAssessmentAccessHandler.php.

156 {
157 return current($this->review->getLocalRoles($iass->getRefId()));
158 }

References $iass, and ilObject\getRefId().

Referenced by assignUserToMemberRole(), and deassignUserFromMemberRole().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getRoleTitleByObj()

ilIndividualAssessmentAccessHandler::getRoleTitleByObj ( ilObjIndividualAssessment  $iass)
protected

Definition at line 147 of file class.ilIndividualAssessmentAccessHandler.php.

147 : string
148 {
149 return self::DEFAULT_ROLE . '_' . $iass->getRefId();
150 }

References $iass, and ilObject\getRefId().

Referenced by initDefaultRolesForObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initDefaultRolesForObject()

ilIndividualAssessmentAccessHandler::initDefaultRolesForObject ( ilObjIndividualAssessment  $iass)

Create default roles at an object.

Implements IndividualAssessmentAccessHandler.

Definition at line 119 of file class.ilIndividualAssessmentAccessHandler.php.

119 : void
120 {
121 ilObjRole::createDefaultRole(
122 $this->getRoleTitleByObj($iass),
123 "Admin of iass obj_no." . $iass->getId(),
124 self::DEFAULT_ROLE,
125 $iass->getRefId()
126 );
127 }
ilObjRole\createDefaultRole
static createDefaultRole(string $a_title, string $a_description, string $a_tpl_name, int $a_ref_id)
Definition: class.ilObjRole.php:59

References $iass, ilObjRole\createDefaultRole(), ilObject\getId(), ilObject\getRefId(), and getRoleTitleByObj().

+ Here is the call graph for this function:

◆ isSystemAdmin()

ilIndividualAssessmentAccessHandler::isSystemAdmin ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 230 of file class.ilIndividualAssessmentAccessHandler.php.

230 : bool
231 {
232 return $this->review->isAssigned($this->usr->getId(), SYSTEM_ROLE_ID);
233 }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29

References SYSTEM_ROLE_ID.

Referenced by checkRBACAccessToObj(), and checkRBACOrPositionAccessToObj().

+ Here is the caller graph for this function:

◆ mayAmendAllUsers()

ilIndividualAssessmentAccessHandler::mayAmendAllUsers ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 225 of file class.ilIndividualAssessmentAccessHandler.php.

225 : bool
226 {
227 return $this->checkRBACAccessToObj('amend_grading');
228 }

References checkRBACAccessToObj().

+ Here is the call graph for this function:

◆ mayEditLearningProgressSettings()

ilIndividualAssessmentAccessHandler::mayEditLearningProgressSettings ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 235 of file class.ilIndividualAssessmentAccessHandler.php.

235 : bool
236 {
237 return $this->checkRBACAccessToObj('edit_learning_progress');
238 }

References checkRBACAccessToObj().

+ Here is the call graph for this function:

◆ mayEditMembers()

ilIndividualAssessmentAccessHandler::mayEditMembers ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 175 of file class.ilIndividualAssessmentAccessHandler.php.

175 : bool
176 {
177 return $this->checkRBACAccessToObj('edit_members');
178 }

References checkRBACAccessToObj().

+ Here is the call graph for this function:

◆ mayEditObject()

ilIndividualAssessmentAccessHandler::mayEditObject ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 165 of file class.ilIndividualAssessmentAccessHandler.php.

165 : bool
166 {
167 return $this->checkRBACAccessToObj('write');
168 }

References checkRBACAccessToObj().

+ Here is the call graph for this function:

◆ mayEditPermissions()

ilIndividualAssessmentAccessHandler::mayEditPermissions ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 170 of file class.ilIndividualAssessmentAccessHandler.php.

170 : bool
171 {
172 return $this->checkRBACAccessToObj('edit_permission');
173 }

References checkRBACAccessToObj().

+ Here is the call graph for this function:

◆ mayGradeAnyUser()

ilIndividualAssessmentAccessHandler::mayGradeAnyUser ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 190 of file class.ilIndividualAssessmentAccessHandler.php.

190 : bool
191 {
192 return $this->checkRBACOrPositionAccessToObj('write_learning_progress');
193 }

References checkRBACOrPositionAccessToObj().

+ Here is the call graph for this function:

◆ mayGradeUser()

ilIndividualAssessmentAccessHandler::mayGradeUser ( int  $user_id)

Implements IndividualAssessmentAccessHandler.

Definition at line 195 of file class.ilIndividualAssessmentAccessHandler.php.

195 : bool
196 {
197 return
198 (count(
199 $this->handler->filterUserIdsByRbacOrPositionOfCurrentUser(
200 // This feels super odd, but this is actually ok because we do not have
201 // a dedicated RBAC permission to write_learning_progress.
202 // See: https://mantis.ilias.de/view.php?id=36056#c89865
203 "read_learning_progress",
204 "write_learning_progress",
205 $this->iass->getRefId(),
206 [$user_id]
207 )
208 ) > 0);
209 }

References $user_id.

◆ mayReadObject()

ilIndividualAssessmentAccessHandler::mayReadObject ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 160 of file class.ilIndividualAssessmentAccessHandler.php.

160 : bool
161 {
162 return $this->checkRBACAccessToObj('read');
163 }

References checkRBACAccessToObj().

+ Here is the call graph for this function:

◆ mayViewAllUsers()

ilIndividualAssessmentAccessHandler::mayViewAllUsers ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 185 of file class.ilIndividualAssessmentAccessHandler.php.

185 : bool
186 {
187 return $this->checkRBACAccessToObj('read_learning_progress');
188 }

References checkRBACAccessToObj().

Referenced by mayViewUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mayViewAnyUser()

ilIndividualAssessmentAccessHandler::mayViewAnyUser ( )

Implements IndividualAssessmentAccessHandler.

Definition at line 180 of file class.ilIndividualAssessmentAccessHandler.php.

180 : bool
181 {
182 return $this->checkRBACOrPositionAccessToObj('read_learning_progress');
183 }

References checkRBACOrPositionAccessToObj().

+ Here is the call graph for this function:

◆ mayViewUser()

ilIndividualAssessmentAccessHandler::mayViewUser ( int  $user_id)

Implements IndividualAssessmentAccessHandler.

Definition at line 211 of file class.ilIndividualAssessmentAccessHandler.php.

211 : bool
212 {
213 return
214 $this->mayViewAllUsers() ||
215 (count(
216 $this->handler->filterUserIdsByRbacOrPositionOfCurrentUser(
217 "read_learning_progress",
218 "read_learning_progress",
219 $this->iass->getRefId(),
220 [$user_id]
221 )
222 ) > 0);
223 }

References $user_id, and mayViewAllUsers().

+ Here is the call graph for this function:

◆ simulateMember()

ilIndividualAssessmentAccessHandler::simulateMember ( )

Definition at line 89 of file class.ilIndividualAssessmentAccessHandler.php.

89 : bool
90 {
91 $settings = ilMemberViewSettings::getInstance();
92 return $settings->isActive() &&
93 $settings->getContainer() === $this->iass->getParentContainerIdByType($this->iass->getRefId(), ['crs']);
94 }

References ilMemberViewSettings\getInstance().

Referenced by checkRBACAccessToObj().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $admin

ilRbacAdmin ilIndividualAssessmentAccessHandler::$admin
protected

Definition at line 30 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct().

◆ $handler

ilAccessHandler ilIndividualAssessmentAccessHandler::$handler
protected

Definition at line 29 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct().

◆ $iass

ilObjIndividualAssessment ilIndividualAssessmentAccessHandler::$iass
protected

Definition at line 28 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct(), getMemberRoleIdForObj(), getRoleTitleByObj(), and initDefaultRolesForObject().

◆ $review

ilRbacReview ilIndividualAssessmentAccessHandler::$review
protected

Definition at line 31 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct().

◆ $usr

ilObjUser ilIndividualAssessmentAccessHandler::$usr
protected

Definition at line 32 of file class.ilIndividualAssessmentAccessHandler.php.

Referenced by __construct(), assignUserToMemberRole(), and deassignUserFromMemberRole().

◆ DEFAULT_ROLE

const ilIndividualAssessmentAccessHandler::DEFAULT_ROLE = 'il_iass_member'

Definition at line 26 of file class.ilIndividualAssessmentAccessHandler.php.

The documentation for this class was generated from the following file: