ILIAS  trunk Revision v11.0_alpha-1723-g8e69f309bab
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilOrgUnitPositionAccess.php
Go to the documentation of this file.
1 <?php
2 
23 class ilOrgUnitPositionAccess implements ilOrgUnitPositionAccessHandler, ilOrgUnitPositionAndRBACAccessHandler
24 {
25  protected static array $ref_id_obj_type_map = array();
26  private \ilOrgUnitGlobalSettings $set;
27  private ilAccess $access;
28  private ilObjUser $user;
29  protected \ilOrgUnitUserAssignmentDBRepository $assignmentRepo;
30  protected \ilOrgUnitOperationDBRepository $operationRepo;
31  protected \ilOrgUnitPermissionDBRepository $permissionRepo;
32 
33  public function __construct(ilAccess $access)
34  {
35  global $DIC;
36  $this->set = ilOrgUnitGlobalSettings::getInstance();
37  $this->access = $access;
38  $this->user = $DIC->user();
39 
40  $dic = \ilOrgUnitLocalDIC::dic();
41  $this->assignmentRepo = $dic["repo.UserAssignments"];
42  $this->operationRepo = $dic["repo.Operations"];
43  $this->permissionRepo = $dic["repo.Permissions"];
44  }
45 
46 
48  public function filterUserIdsForCurrentUsersPositionsAndPermission(
49  array $user_ids,
50  string $permission
51  ): array {
52  $current_user_id = $this->getCurrentUsersId();
53  return $this->filterUserIdsForUsersPositionsAndPermission($user_ids, $current_user_id, $permission);
54  }
55 
56 
57 
59  public function filterUserIdsForUsersPositionsAndPermission(
60  array $user_ids,
61  int $for_user_id,
62  string $permission
63  ): array {
64  $assignment_of_user = $this->assignmentRepo->getByUsers([$for_user_id]);
65  $other_users_in_same_org_units = [];
66  foreach ($assignment_of_user as $assignment) {
67  $other_users_in_same_org_units += $this->assignmentRepo->getUsersByOrgUnits([$assignment->getOrguId()]);
68  }
69 
70  return array_intersect($user_ids, $other_users_in_same_org_units);
71  }
72 
74  public function isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids): bool
75  {
76  $current_user_id = $this->getCurrentUsersId();
77 
78  return $this->isUserBasedOnPositionsAllowedTo($current_user_id, $permission, $on_user_ids);
79  }
80 
81 
83  public function isUserBasedOnPositionsAllowedTo(
84  int $which_user_id,
85  string $permission,
86  array $on_user_ids
87  ): bool {
88  $filtered_user_ids = $this->filterUserIdsForUsersPositionsAndPermission(
89  $on_user_ids,
90  $which_user_id,
91  $permission
92  );
93 
94  return ($on_user_ids === array_intersect($on_user_ids, $filtered_user_ids)
95  && $filtered_user_ids === array_intersect($filtered_user_ids, $on_user_ids));
96  }
97 
98 
100  public function filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids): array
101  {
102  $current_user_id = $this->getCurrentUsersId();
103 
104  return $this->filterUserIdsByPositionOfUser($current_user_id, $pos_perm, $ref_id, $user_ids);
105  }
106 
107 
109  public function filterUserIdsByPositionOfUser(
110  int $user_id,
111  string $pos_perm,
112  int $ref_id,
113  array $user_ids
114  ): array {
115  if (!$this->isPositionActiveForRefId($ref_id)) {
116  return [];
117  }
118 
119  $operation = $this->operationRepo->find($pos_perm, $this->getTypeForRefId($ref_id));
120  if (!$operation) {
121  return [];
122  }
123 
124  $allowed_user_ids = [];
125  foreach ($this->assignmentRepo->getPositionsByUser($user_id) as $position) {
126  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
127  if (!$permissions->isOperationIdSelected($operation->getOperationId())) {
128  continue;
129  }
130 
131  foreach ($position->getAuthorities() as $authority) {
132  switch ($authority->getOver()) {
133  case ilOrgUnitAuthority::OVER_EVERYONE:
134  switch ($authority->getScope()) {
135  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
136  $allowed = $this->assignmentRepo->getUsersByUserAndPosition(
137  $user_id,
138  $position->getId(),
139  false
140  );
141  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
142  break;
143  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
144  $allowed = $this->assignmentRepo->getUsersByUserAndPosition(
145  $user_id,
146  $position->getId(),
147  true
148  );
149  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
150  break;
151  }
152  break;
153  default:
154  switch ($authority->getScope()) {
155  case ilOrgUnitAuthority::SCOPE_SAME_ORGU:
156  $allowed = $this->assignmentRepo->getFilteredUsersByUserAndPosition(
157  $user_id,
158  $authority->getPositionId(),
159  $authority->getOver(),
160  false
161  );
162  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
163  break;
164  case ilOrgUnitAuthority::SCOPE_SUBSEQUENT_ORGUS:
165  $allowed = $this->assignmentRepo->getFilteredUsersByUserAndPosition(
166  $user_id,
167  $authority->getPositionId(),
168  $authority->getOver(),
169  true
170  );
171  $allowed_user_ids = array_merge($allowed_user_ids, $allowed);
172  break;
173  }
174  break;
175  }
176  }
177  }
178  $allowed_user_ids[] = $this->user->getId();
179  return array_intersect($user_ids, $allowed_user_ids);
180  }
181 
182 
183  public function checkPositionAccess(string $pos_perm, int $ref_id): bool
184  {
185  if (!$this->isPositionActiveForRefId($ref_id)) {
186  return false;
187  }
188 
189  $operation = $this->operationRepo->find($pos_perm, $this->getTypeForRefId($ref_id));
190  if (!$operation) {
191  return false;
192  }
193  $current_user_id = $this->getCurrentUsersId();
194 
195  foreach ($this->assignmentRepo->getPositionsByUser($current_user_id) as $position) {
196  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
197  if ($permissions->isOperationIdSelected($operation->getOperationId())) {
198  return true;
199  }
200  }
201 
202  return false;
203  }
204 
205 
206  public function hasCurrentUserAnyPositionAccess(int $ref_id): bool
207  {
208  if (!$this->isPositionActiveForRefId($ref_id)) {
209  return false;
210  }
211 
212  $current_user_id = $this->getCurrentUsersId();
213 
214  foreach ($this->assignmentRepo->getPositionsByUser($current_user_id) as $position) {
215  $permissions = $this->permissionRepo->getLocalorDefault($ref_id, $position->getId());
216  if (count($permissions->getOperations()) > 0) {
217  return true;
218  }
219  }
220 
221  return false;
222  }
223 
224 
225  public function checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id): bool
226  {
227  // If RBAC allows, just return true
228  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
229  return true;
230  }
231 
232  if (!$this->isPositionActiveForRefId($ref_id)) {
233  return false;
234  }
235 
236  return $this->checkPositionAccess($pos_perm, $ref_id);
237  }
238 
239 
240  public function filterUserIdsByRbacOrPositionOfCurrentUser(
241  string $rbac_perm,
242  string $pos_perm,
243  int $ref_id,
244  array $user_ids
245  ): array {
246  global $DIC;
247 
248  // If RBAC allows, just return true
249  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
250  return $user_ids;
251  }
252 
253  return $this->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
254  }
255 
256 
257  public function hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id): bool
258  {
259  if ($this->access->checkAccess($rbac_perm, '', $ref_id)) {
260  return true;
261  }
262 
263  return $this->hasCurrentUserAnyPositionAccess($ref_id);
264  }
265 
266 
267  //
268  // Helpers
269  //
270 
271  private function getCurrentUsersId(): int
272  {
273  return $this->user->getId();
274  }
275 
276 
277  private function getTypeForRefId(int $ref_id): string
278  {
279  if (!isset(self::$ref_id_obj_type_map[$ref_id])) {
280  self::$ref_id_obj_type_map[$ref_id] = ilObject2::_lookupType($ref_id, true);
281  }
282 
283  return self::$ref_id_obj_type_map[$ref_id];
284  }
285 
286  private function getObjIdForRefId(int $ref_id): int
287  {
288  return ilObject2::_lookupObjectId($ref_id);
289  }
290 
291  private function isPositionActiveForRefId(int $ref_id): bool
292  {
293  $obj_id = $this->getObjIdForRefId($ref_id); // TODO this will change to ref_id!!
294 
295  return $this->set->isPositionAccessActiveForObject($obj_id);
296  }
297 }
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:83
ilOrgUnitPositionAccess\$permissionRepo
ilOrgUnitPermissionDBRepository $permissionRepo
Definition: class.ilOrgUnitPositionAccess.php:31
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:257
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:183
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:100
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:23
ilOrgUnitPositionAndRBACAccessHandler
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAndRBACAccessHandler.php:24
ilOrgUnitPositionAccess\$assignmentRepo
ilOrgUnitUserAssignmentDBRepository $assignmentRepo
Definition: class.ilOrgUnitPositionAccess.php:29
$ref_id
$ref_id
Definition: ltiauth.php:65
$DIC
global $DIC
Definition: shib_login.php:22
ilObject\_lookupObjectId
static _lookupObjectId(int $ref_id)
Definition: class.ilObject.php:1116
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:109
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:225
ilOrgUnitPositionAccessHandler
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccessHandler.php:24
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:48
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:240
$dic
$dic
Definition: result.php:31
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:59
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:74
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
ilOrgUnitPositionAccess\$operationRepo
ilOrgUnitOperationDBRepository $operationRepo
Definition: class.ilOrgUnitPositionAccess.php:30