ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
ilPRGPermissionsHelper Class Reference

Both role and OrgU-based permissions are relevant in many places of the PRG. More...

+ Collaboration diagram for ilPRGPermissionsHelper:

Public Member Functions

 __construct (ilAccess $access, ilOrgUnitGlobalSettings $orgu_settings, ilObjectDataCache $data_cache, ilOrgUnitPositionAccess $orgu_access, int $prg_ref_id)
 
 may (string $operation)
 
 mayAnyOf (array $operations)
 
 getUserIdsSusceptibleTo (string $operation)
 
 filterUserIds (array $user_ids, string $operation)
 
 isOrguAccessEnabledGlobally ()
 

Data Fields

const ORGU_OPERATIONS
 
const ROLEPERM_VIEW = 'rp_visible'
 
const ROLEPERM_READ = 'rp_read'
 
const ROLEPERM_WRITE = 'rp_write'
 
const ROLEPERM_MANAGE_MEMBERS = 'rp_manage_members'
 

Protected Member Functions

 throwForInvalidOperation (string $operation)
 
 getUserIdsInPrgAccessibleForOperation (string $orgu_operation)
 
 getAllAssignedUserIds ()
 
 getProgrammeRefId ()
 

Protected Attributes

ilAccess $access
 
ilOrgUnitGlobalSettings $orgu_settings
 
ilObjectDataCache $data_cache
 
ilOrgUnitPositionAccess $orgu_access
 
int $prg_ref_id
 
array $cache = []
 
array $user_id_cache
 

Private Attributes

const ROLEMAPPINGS
 

Detailed Description

Both role and OrgU-based permissions are relevant in many places of the PRG.

This is to bundle permission-checks.

Please note that the 'manage_members'-permission granted via global or local roles will include all the ORGU_OPERATIONS listed here and is thus very different from the OrgUnitOperation 'manage_members'.

Definition at line 29 of file ilPRGPermissionsHelper.php.

Constructor & Destructor Documentation

◆ __construct()

ilPRGPermissionsHelper::__construct ( ilAccess  $access,
ilOrgUnitGlobalSettings  $orgu_settings,
ilObjectDataCache  $data_cache,
ilOrgUnitPositionAccess  $orgu_access,
int  $prg_ref_id 
)

Definition at line 65 of file ilPRGPermissionsHelper.php.

71 {
72 $this->access = $access;
73 $this->orgu_settings = $orgu_settings;
74 $this->data_cache = $data_cache;
75 $this->orgu_access = $orgu_access;
76 $this->prg_ref_id = $prg_ref_id;
77 }
ilPRGPermissionsHelper\$orgu_access
ilOrgUnitPositionAccess $orgu_access
Definition: ilPRGPermissionsHelper.php:56
ilPRGPermissionsHelper\$orgu_settings
ilOrgUnitGlobalSettings $orgu_settings
Definition: ilPRGPermissionsHelper.php:54

References $access, $data_cache, $orgu_access, $orgu_settings, $prg_ref_id, and ILIAS\Repository\access().

+ Here is the call graph for this function:

Member Function Documentation

◆ filterUserIds()

ilPRGPermissionsHelper::filterUserIds ( array  $user_ids,
string  $operation 
)
Parameters
int[]$user_ids

Definition at line 128 of file ilPRGPermissionsHelper.php.

128 : array
129 {
130 if ($this->may(self::ROLEPERM_MANAGE_MEMBERS)) { //RBAC overrides OrgUs
131 return $user_ids;
132 }
133
134 return $this->orgu_access->filterUserIdsByPositionOfCurrentUser(
135 $operation,
136 $this->getProgrammeRefId(),
137 $user_ids
138 );
139 }

References getProgrammeRefId(), and may().

+ Here is the call graph for this function:

◆ getAllAssignedUserIds()

ilPRGPermissionsHelper::getAllAssignedUserIds ( )
protected
Returns
int[]

Definition at line 177 of file ilPRGPermissionsHelper.php.

177 : array
178 {
179 if (!isset($this->cache[self::ROLEPERM_MANAGE_MEMBERS])) {
180 $prg = ilObjStudyProgramme::getInstanceByRefId($this->getProgrammeRefId());
181 $this->cache[self::ROLEPERM_MANAGE_MEMBERS] = array_unique($prg->getMembers());
182 }
183 return $this->cache[self::ROLEPERM_MANAGE_MEMBERS];
184 }

References ilObjStudyProgramme\getInstanceByRefId(), getProgrammeRefId(), and ROLEPERM_MANAGE_MEMBERS.

Referenced by getUserIdsSusceptibleTo().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getProgrammeRefId()

ilPRGPermissionsHelper::getProgrammeRefId ( )
protected

Definition at line 186 of file ilPRGPermissionsHelper.php.

186 : int
187 {
188 return $this->prg_ref_id;
189 }

References $prg_ref_id.

Referenced by filterUserIds(), getAllAssignedUserIds(), isOrguAccessEnabledGlobally(), and may().

+ Here is the caller graph for this function:

◆ getUserIdsInPrgAccessibleForOperation()

ilPRGPermissionsHelper::getUserIdsInPrgAccessibleForOperation ( string  $orgu_operation)
protected

Definition at line 158 of file ilPRGPermissionsHelper.php.

158 : array
159 {
160 if (!isset($this->cache[$orgu_operation])) {
161 $user_ids = array_map(
162 'intval',
163 $this->orgu_access->filterUserIdsByPositionOfCurrentUser(
164 $orgu_operation,
165 $this->getProgrammeRefId(),
166 $this->getAllAssignedUserIds()
167 )
168 );
169 $this->cache[$orgu_operation] = array_unique($user_ids);
170 }
171 return $this->cache[$orgu_operation];
172 }

Referenced by getUserIdsSusceptibleTo().

+ Here is the caller graph for this function:

◆ getUserIdsSusceptibleTo()

ilPRGPermissionsHelper::getUserIdsSusceptibleTo ( string  $operation)
Returns
int[]

Definition at line 111 of file ilPRGPermissionsHelper.php.

111 : array
112 {
113 $this->throwForInvalidOperation($operation);
114
115 if ($this->may(self::ROLEPERM_MANAGE_MEMBERS)) { //RBAC overrides OrgUs
116 return $this->getAllAssignedUserIds();
117 }
118
119 if (in_array($operation, self::ORGU_OPERATIONS) && $this->may($operation)) {
120 return $this->getUserIdsInPrgAccessibleForOperation($operation);
121 }
122 return [];
123 }
ilPRGPermissionsHelper\throwForInvalidOperation
throwForInvalidOperation(string $operation)
Definition: ilPRGPermissionsHelper.php:141
ilPRGPermissionsHelper\getUserIdsInPrgAccessibleForOperation
getUserIdsInPrgAccessibleForOperation(string $orgu_operation)
Definition: ilPRGPermissionsHelper.php:158

References getAllAssignedUserIds(), getUserIdsInPrgAccessibleForOperation(), may(), and throwForInvalidOperation().

+ Here is the call graph for this function:

◆ isOrguAccessEnabledGlobally()

ilPRGPermissionsHelper::isOrguAccessEnabledGlobally ( )

Definition at line 191 of file ilPRGPermissionsHelper.php.

191 : bool
192 {
193 $obj_id = $this->data_cache->lookupObjId($this->getProgrammeRefId());
194 $type_settings = $this->orgu_settings->getObjectPositionSettingsByType('prg');
195
196 return $type_settings->isActive() && $type_settings->isChangeableForObject();
197 }

References getProgrammeRefId().

+ Here is the call graph for this function:

◆ may()

ilPRGPermissionsHelper::may ( string  $operation)

Definition at line 79 of file ilPRGPermissionsHelper.php.

79 : bool
80 {
81 $this->throwForInvalidOperation($operation);
82 if (in_array($operation, self::ORGU_OPERATIONS)) {
83 return
84 $this->access->checkAccess( //RBAC overrides OrgUs
85 self::ROLEMAPPINGS[self::ROLEPERM_MANAGE_MEMBERS],
86 '',
87 $this->getProgrammeRefId()
88 )
89 || $this->access->checkPositionAccess($operation, $this->getProgrammeRefId());
90 }
91
92 return $this->access->checkAccess(self::ROLEMAPPINGS[$operation], '', $this->getProgrammeRefId());
93 }

References ILIAS\Repository\access(), getProgrammeRefId(), and throwForInvalidOperation().

Referenced by filterUserIds(), getUserIdsSusceptibleTo(), and mayAnyOf().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mayAnyOf()

ilPRGPermissionsHelper::mayAnyOf ( array  $operations)
Parameters
string[]$operations

Definition at line 98 of file ilPRGPermissionsHelper.php.

98 : bool
99 {
100 foreach ($operations as $operation) {
101 if ($this->may($operation)) {
102 return true;
103 }
104 }
105 return false;
106 }

References may().

Referenced by ilStudyProgrammeMembersTableGUI\__construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ throwForInvalidOperation()

ilPRGPermissionsHelper::throwForInvalidOperation ( string  $operation)
protected

Definition at line 141 of file ilPRGPermissionsHelper.php.

141 : void
142 {
143 $valid = array_merge(
144 self::ORGU_OPERATIONS,
145 [
146 self::ROLEPERM_VIEW,
147 self::ROLEPERM_READ,
148 self::ROLEPERM_WRITE,
149 self::ROLEPERM_MANAGE_MEMBERS
150 ]
151 );
152
153 if (!in_array($operation, $valid)) {
154 throw new ilException('prg does not provide this permission: ' . $operation);
155 }
156 }
ilException
Base class for ILIAS Exception handling.
Definition: class.ilException.php:26
$valid
$valid
Definition: dummy_client.php:59

References $valid.

Referenced by getUserIdsSusceptibleTo(), and may().

+ Here is the caller graph for this function:

Field Documentation

◆ $access

ilAccess ilPRGPermissionsHelper::$access
protected

Definition at line 53 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $cache

array ilPRGPermissionsHelper::$cache = []
protected

Definition at line 58 of file ilPRGPermissionsHelper.php.

◆ $data_cache

ilObjectDataCache ilPRGPermissionsHelper::$data_cache
protected

Definition at line 55 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $orgu_access

ilOrgUnitPositionAccess ilPRGPermissionsHelper::$orgu_access
protected

Definition at line 56 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $orgu_settings

ilOrgUnitGlobalSettings ilPRGPermissionsHelper::$orgu_settings
protected

Definition at line 54 of file ilPRGPermissionsHelper.php.

Referenced by __construct().

◆ $prg_ref_id

int ilPRGPermissionsHelper::$prg_ref_id
protected

Definition at line 57 of file ilPRGPermissionsHelper.php.

Referenced by __construct(), and getProgrammeRefId().

◆ $user_id_cache

array ilPRGPermissionsHelper::$user_id_cache
protected

Definition at line 63 of file ilPRGPermissionsHelper.php.

◆ ORGU_OPERATIONS

const ilPRGPermissionsHelper::ORGU_OPERATIONS
Initial value:
= [
ilOrgUnitOperation::OP_VIEW_MEMBERS,
ilOrgUnitOperation::OP_READ_LEARNING_PROGRESS,
ilOrgUnitOperation::OP_VIEW_INDIVIDUAL_PLAN,
ilOrgUnitOperation::OP_EDIT_INDIVIDUAL_PLAN,
ilOrgUnitOperation::OP_MANAGE_MEMBERS
]

Definition at line 31 of file ilPRGPermissionsHelper.php.

◆ ROLEMAPPINGS

const ilPRGPermissionsHelper::ROLEMAPPINGS
private
Initial value:
= [
'rp_visible' => 'visible',
'rp_read' => 'read',
'rp_write' => 'write',
'rp_manage_members' => 'manage_members'
]

Definition at line 46 of file ilPRGPermissionsHelper.php.

◆ ROLEPERM_MANAGE_MEMBERS

const ilPRGPermissionsHelper::ROLEPERM_MANAGE_MEMBERS = 'rp_manage_members'

Definition at line 44 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\executeCommand(), getAllAssignedUserIds(), and ilObjStudyProgrammeGUI\getSubTabs().

◆ ROLEPERM_READ

const ilPRGPermissionsHelper::ROLEPERM_READ = 'rp_read'

Definition at line 40 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\addToNavigationHistory(), ilObjStudyProgrammeGUI\executeCommand(), ilObjStudyProgrammeGUI\getTabs(), and ilObjStudyProgrammeGUI\view().

◆ ROLEPERM_VIEW

const ilPRGPermissionsHelper::ROLEPERM_VIEW = 'rp_visible'

Definition at line 39 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\denyAccessIfNotAnyOf(), and ilObjStudyProgrammeGUI\executeCommand().

◆ ROLEPERM_WRITE

const ilPRGPermissionsHelper::ROLEPERM_WRITE = 'rp_write'

Definition at line 41 of file ilPRGPermissionsHelper.php.

Referenced by ilObjStudyProgrammeGUI\edit(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjStudyProgrammeGUI\executeCommand(), ilObjStudyProgrammeGUI\getTabs(), and ilObjStudyProgrammeGUI\updateAdvancedSettings().

The documentation for this class was generated from the following file: