ILIAS  trunk Revision v11.0_alpha-1749-g1a06bdef097
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
ilPRGPermissionsHelper Class Reference

Both role and OrgU-based permissions are relevant in many places of the PRG. More...

+ Collaboration diagram for ilPRGPermissionsHelper:

Public Member Functions

 __construct (ilAccess $access, ilOrgUnitGlobalSettings $orgu_settings, ilObjectDataCache $data_cache, ilOrgUnitPositionAccess $orgu_access, int $prg_ref_id)
 
 may (string $operation)
 
 mayAnyOf (array $operations)
 
 getUserIdsSusceptibleTo (string $operation)
 
 filterUserIds (array $user_ids, string $operation)
 
 isOrguAccessEnabledGlobally ()
 

Data Fields

const ORGU_OPERATIONS
 
const ROLEPERM_VIEW = 'rp_visible'
 
const ROLEPERM_READ = 'rp_read'
 
const ROLEPERM_WRITE = 'rp_write'
 
const ROLEPERM_MANAGE_MEMBERS = 'rp_manage_members'
 

Protected Member Functions

 throwForInvalidOperation (string $operation)
 
 getUserIdsInPrgAccessibleForOperation (string $orgu_operation)
 
 getAllAssignedUserIds ()
 
 getProgrammeRefId ()
 

Protected Attributes

const ilAccess $access
 
ilOrgUnitGlobalSettings $orgu_settings
 
ilObjectDataCache $data_cache
 
ilOrgUnitPositionAccess $orgu_access
 
int $prg_ref_id
 
array $cache = []
 
array $user_id_cache
 

Private Attributes

const ROLEMAPPINGS
 

Detailed Description

Both role and OrgU-based permissions are relevant in many places of the PRG.

This is to bundle permission-checks.

Please note that the 'manage_members'-permission granted via global or local roles will include all the ORGU_OPERATIONS listed here and is thus very different from the OrgUnitOperation 'manage_members'.

Definition at line 29 of file ilPRGPermissionsHelper.php.

Constructor & Destructor Documentation

◆ __construct()

ilPRGPermissionsHelper::__construct ( ilAccess  $access,
ilOrgUnitGlobalSettings  $orgu_settings,
ilObjectDataCache  $data_cache,
ilOrgUnitPositionAccess  $orgu_access,
int  $prg_ref_id 
)

Definition at line 65 of file ilPRGPermissionsHelper.php.

References $access, $data_cache, $orgu_access, $orgu_settings, $prg_ref_id, and ILIAS\Repository\access().

71  {
72  $this->access = $access;
73  $this->orgu_settings = $orgu_settings;
74  $this->data_cache = $data_cache;
75  $this->orgu_access = $orgu_access;
76  $this->prg_ref_id = $prg_ref_id;
77  }
ilPRGPermissionsHelper\$orgu_access
ilOrgUnitPositionAccess $orgu_access
Definition: ilPRGPermissionsHelper.php:56
ilPRGPermissionsHelper\$orgu_settings
ilOrgUnitGlobalSettings $orgu_settings
Definition: ilPRGPermissionsHelper.php:54
+ Here is the call graph for this function:

Member Function Documentation

◆ filterUserIds()

ilPRGPermissionsHelper::filterUserIds ( array  $user_ids,
string  $operation 
)
Parameters
int[]$user_ids

Definition at line 128 of file ilPRGPermissionsHelper.php.

References getProgrammeRefId(), and may().

128  : array
129  {
130  if ($this->may(self::ROLEPERM_MANAGE_MEMBERS)) { //RBAC overrides OrgUs
131  return $user_ids;
132  }
133 
134  return $this->orgu_access->filterUserIdsByPositionOfCurrentUser(
135  $operation,
136  $this->getProgrammeRefId(),
137  $user_ids
138  );
139  }
+ Here is the call graph for this function:

◆ getAllAssignedUserIds()

ilPRGPermissionsHelper::getAllAssignedUserIds ( )
protected
Returns
int[]

Definition at line 177 of file ilPRGPermissionsHelper.php.

References ilObjStudyProgramme\getInstanceByRefId(), and getProgrammeRefId().

Referenced by getUserIdsInPrgAccessibleForOperation(), and getUserIdsSusceptibleTo().

177  : array
178  {
179  if (!isset($this->cache[self::ROLEPERM_MANAGE_MEMBERS])) {
180  $prg = ilObjStudyProgramme::getInstanceByRefId($this->getProgrammeRefId());
181  $this->cache[self::ROLEPERM_MANAGE_MEMBERS] = array_unique($prg->getMembers());
182  }
183  return $this->cache[self::ROLEPERM_MANAGE_MEMBERS];
184  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getProgrammeRefId()

ilPRGPermissionsHelper::getProgrammeRefId ( )
protected

Definition at line 186 of file ilPRGPermissionsHelper.php.

References $prg_ref_id.

Referenced by filterUserIds(), getAllAssignedUserIds(), isOrguAccessEnabledGlobally(), and may().

186  : int
187  {
188  return $this->prg_ref_id;
189  }
+ Here is the caller graph for this function:

◆ getUserIdsInPrgAccessibleForOperation()

ilPRGPermissionsHelper::getUserIdsInPrgAccessibleForOperation ( string  $orgu_operation)
protected

Definition at line 158 of file ilPRGPermissionsHelper.php.

References getAllAssignedUserIds().

Referenced by getUserIdsSusceptibleTo().

158  : array
159  {
160  if (!isset($this->cache[$orgu_operation])) {
161  $user_ids = array_map(
162  'intval',
163  $this->orgu_access->filterUserIdsByPositionOfCurrentUser(
164  $orgu_operation,
165  $this->getProgrammeRefId(),
166  $this->getAllAssignedUserIds()
167  )
168  );
169  $this->cache[$orgu_operation] = array_unique($user_ids);
170  }
171  return $this->cache[$orgu_operation];
172  }
array_map
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUserIdsSusceptibleTo()

ilPRGPermissionsHelper::getUserIdsSusceptibleTo ( string  $operation)
Returns
int[]

Definition at line 111 of file ilPRGPermissionsHelper.php.

References getAllAssignedUserIds(), getUserIdsInPrgAccessibleForOperation(), may(), and throwForInvalidOperation().

Referenced by ilStudyProgrammeUserTable\__construct().

111  : array
112  {
113  $this->throwForInvalidOperation($operation);
114 
115  if ($this->may(self::ROLEPERM_MANAGE_MEMBERS)) { //RBAC overrides OrgUs
116  return $this->getAllAssignedUserIds();
117  }
118 
119  if (in_array($operation, self::ORGU_OPERATIONS) && $this->may($operation)) {
120  return $this->getUserIdsInPrgAccessibleForOperation($operation);
121  }
122  return [];
123  }
ilPRGPermissionsHelper\getUserIdsInPrgAccessibleForOperation
getUserIdsInPrgAccessibleForOperation(string $orgu_operation)
Definition: ilPRGPermissionsHelper.php:158
ilPRGPermissionsHelper\throwForInvalidOperation
throwForInvalidOperation(string $operation)
Definition: ilPRGPermissionsHelper.php:141
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isOrguAccessEnabledGlobally()

ilPRGPermissionsHelper::isOrguAccessEnabledGlobally ( )

Definition at line 191 of file ilPRGPermissionsHelper.php.

References getProgrammeRefId().

191  : bool
192  {
193  $obj_id = $this->data_cache->lookupObjId($this->getProgrammeRefId());
194  $type_settings = $this->orgu_settings->getObjectPositionSettingsByType('prg');
195 
196  return $type_settings->isActive() && $type_settings->isChangeableForObject();
197  }
+ Here is the call graph for this function:

◆ may()

ilPRGPermissionsHelper::may ( string  $operation)

Definition at line 79 of file ilPRGPermissionsHelper.php.

References ILIAS\Repository\access(), getProgrammeRefId(), and throwForInvalidOperation().

Referenced by filterUserIds(), getUserIdsSusceptibleTo(), and mayAnyOf().

79  : bool
80  {
81  $this->throwForInvalidOperation($operation);
82  if (in_array($operation, self::ORGU_OPERATIONS)) {
83  return
84  $this->access->checkAccess( //RBAC overrides OrgUs
85  self::ROLEMAPPINGS[self::ROLEPERM_MANAGE_MEMBERS],
86  '',
87  $this->getProgrammeRefId()
88  )
89  || $this->access->checkPositionAccess($operation, $this->getProgrammeRefId());
90  }
91 
92  return $this->access->checkAccess(self::ROLEMAPPINGS[$operation], '', $this->getProgrammeRefId());
93  }
ilPRGPermissionsHelper\throwForInvalidOperation
throwForInvalidOperation(string $operation)
Definition: ilPRGPermissionsHelper.php:141
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mayAnyOf()

ilPRGPermissionsHelper::mayAnyOf ( array  $operations)
Parameters
string[]$operations

Definition at line 98 of file ilPRGPermissionsHelper.php.

References may().

Referenced by ilStudyProgrammeMembersTableGUI\__construct().

98  : bool
99  {
100  foreach ($operations as $operation) {
101  if ($this->may($operation)) {
102  return true;
103  }
104  }
105  return false;
106  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ throwForInvalidOperation()

ilPRGPermissionsHelper::throwForInvalidOperation ( string  $operation)
protected

Definition at line 141 of file ilPRGPermissionsHelper.php.

References $valid.

Referenced by getUserIdsSusceptibleTo(), and may().

141  : void
142  {
143  $valid = array_merge(
144  self::ORGU_OPERATIONS,
145  [
146  self::ROLEPERM_VIEW,
147  self::ROLEPERM_READ,
148  self::ROLEPERM_WRITE,
149  self::ROLEPERM_MANAGE_MEMBERS
150  ]
151  );
152 
153  if (!in_array($operation, $valid)) {
154  throw new ilException('prg does not provide this permission: ' . $operation);
155  }
156  }
$valid
$valid
Definition: dummy_client.php:59
+ Here is the caller graph for this function:

Field Documentation

◆ $access

const ilAccess ilPRGPermissionsHelper::$access
protected
Initial value:
=> 'read',
'rp_write' => 'write',
'rp_manage_members' => 'manage_members'
]

Definition at line 48 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $cache

array ilPRGPermissionsHelper::$cache = []
protected

Definition at line 58 of file ilPRGPermissionsHelper.php.

◆ $data_cache

ilObjectDataCache ilPRGPermissionsHelper::$data_cache
protected

Definition at line 55 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $orgu_access

ilOrgUnitPositionAccess ilPRGPermissionsHelper::$orgu_access
protected

Definition at line 56 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $orgu_settings

ilOrgUnitGlobalSettings ilPRGPermissionsHelper::$orgu_settings
protected

Definition at line 54 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $prg_ref_id

int ilPRGPermissionsHelper::$prg_ref_id
protected

Definition at line 57 of file ilPRGPermissionsHelper.php.

Referenced by __construct(), and getProgrammeRefId().

◆ $user_id_cache

array ilPRGPermissionsHelper::$user_id_cache
protected

Definition at line 63 of file ilPRGPermissionsHelper.php.

◆ ORGU_OPERATIONS

const ilPRGPermissionsHelper::ORGU_OPERATIONS
Initial value:
= [
ilOrgUnitOperation::OP_VIEW_MEMBERS,
ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
ilOrgUnitOperation::OP_VIEW_INDIVIDUAL_PLAN,
ilOrgUnitOperation::OP_EDIT_INDIVIDUAL_PLAN,
ilOrgUnitOperation::OP_MANAGE_MEMBERS
]

Definition at line 31 of file ilPRGPermissionsHelper.php.

◆ ROLEMAPPINGS

const ilPRGPermissionsHelper::ROLEMAPPINGS
private
Initial value:
= [
'rp_visible' => 'visible'

Definition at line 46 of file ilPRGPermissionsHelper.php.

◆ ROLEPERM_MANAGE_MEMBERS

const ilPRGPermissionsHelper::ROLEPERM_MANAGE_MEMBERS = 'rp_manage_members'

Definition at line 44 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\executeCommand(), and ilObjStudyProgrammeGUI\getSubTabs().

◆ ROLEPERM_READ

const ilPRGPermissionsHelper::ROLEPERM_READ = 'rp_read'

Definition at line 40 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\addToNavigationHistory(), ilObjStudyProgrammeGUI\executeCommand(), ilObjStudyProgrammeGUI\getTabs(), and ilObjStudyProgrammeGUI\view().

◆ ROLEPERM_VIEW

const ilPRGPermissionsHelper::ROLEPERM_VIEW = 'rp_visible'

Definition at line 39 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\denyAccessIfNotAnyOf(), and ilObjStudyProgrammeGUI\executeCommand().

◆ ROLEPERM_WRITE

const ilPRGPermissionsHelper::ROLEPERM_WRITE = 'rp_write'

Definition at line 41 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\edit(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjStudyProgrammeGUI\executeCommand(), ilObjStudyProgrammeGUI\getTabs(), and ilObjStudyProgrammeGUI\updateAdvancedSettings().

The documentation for this class was generated from the following file: