diff options
| author | Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> | 2024-09-24 10:53:31 +0200 |
|---|---|---|
| committer | Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> | 2024-09-24 10:53:31 +0200 |
| commit | 4459dd7917f4d1c34f40bb68f0e991e9c3d53e4c (patch) | |
| tree | 5c07151ae61276d334e88f6309c30d439a85c12e /lib/phplib/Seminar_Perm.class.php | |
| parent | da0022e5c1abbf9825ae76debaabdff7e8623bb4 (diff) | |
| parent | 97a188592c679890a25c37ab78463add76a52ff7 (diff) | |
Merge branch 'main' into issue-3911issue-3911
Diffstat (limited to 'lib/phplib/Seminar_Perm.class.php')
| -rw-r--r-- | lib/phplib/Seminar_Perm.class.php | 350 |
1 files changed, 0 insertions, 350 deletions
diff --git a/lib/phplib/Seminar_Perm.class.php b/lib/phplib/Seminar_Perm.class.php deleted file mode 100644 index a116938..0000000 --- a/lib/phplib/Seminar_Perm.class.php +++ /dev/null @@ -1,350 +0,0 @@ -<?php - -/** - * Seminar_Perm.class.php - * - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of - * the License, or (at your option) any later version. - * - * @author André Noack <noack@data-quest.de> - * @copyright 2000 Stud.IP Core-Group - * @license http://www.gnu.org/licenses/gpl-2.0.html GPL version 2 - */ -class Seminar_Perm -{ - - /** - * @var array - */ - public $permissions = [ - "user" => 1, - "autor" => 3, - "tutor" => 7, - "dozent" => 15, - "admin" => 31, - "root" => 63 - ]; - /** - * @var array - */ - private $studip_perms = []; - /** - * @var array - */ - private $fak_admins = []; - - /** - * @return Seminar_Perm - */ - public static function get() - { - if (is_object($GLOBALS['perm'])) { - return $GLOBALS['perm']; - } else { - return new Seminar_Perm(); - } - } - - /** - * @param $must_have - * @throws AccessDeniedException - */ - public function check($must_have) - { - if (!$this->have_perm($must_have)) { - if ($GLOBALS['user']->id === 'nobody') { - $message = _('Sie sind nicht im System angemeldet und können daher nicht auf diesen Teil des Systems zugreifen. ' - . 'Um den vollen Funktionsumfang des Systems benutzen zu können, müssen Sie sich mit Ihrem Nutzernamen und Passwort anmelden.'); - throw new AccessDeniedException($message); - } else { - throw new AccessDeniedException(); - } - } - } - - /** - * @param bool $user_id - * @return string|null - */ - public function get_perm($user_id = false) - { - global $user; - if (!$user_id) { - $user_id = $user->id; - } - if ($user_id && $user_id == $user->id) { - return $user->perms; - } - if ($user_id && isset($this->studip_perms['studip'][$user_id])) { - return $this->studip_perms['studip'][$user_id]; - } - if ($user_id && $user_id !== 'nobody') { - $query = "SELECT perms FROM auth_user_md5 WHERE user_id = :user_id"; - $statement = DBManager::get()->prepare($query); - $statement->bindValue(':user_id', $user_id); - $statement->execute(); - $perms = $statement->fetchColumn(); - - return $this->studip_perms['studip'][$user_id] = $perms; - } - - return null; - } - - /** - * @param $perm - * @param bool $user_id - * @return bool - */ - public function have_perm($perm, $user_id = false) - { - $page_perm_value = $this->permissions[$perm] ?? 0; - $user_perm_value = $this->permissions[$this->get_perm($user_id)] ?? 0; - - return $page_perm_value <= $user_perm_value; - } - - - /** - * @param $range_id - * @param bool $user_id - * @return mixed - */ - public function get_studip_perm($range_id, $user_id = false) - { - - if (!$user_id) { - $user_id = $GLOBALS['user']->id; - } - - if (!isset($this->studip_perms[$range_id][$user_id])) { - $this->studip_perms[$range_id][$user_id] = $this->get_uncached_studip_perm($range_id, $user_id); - } - return $this->studip_perms[$range_id][$user_id]; - } - - /** - * @param $range_id - * @param $user_id - * @return bool|string - */ - public function get_uncached_studip_perm($range_id, $user_id) - { - global $user; - $db = DBManager::get(); - $status = false; - if ($user_id && $user_id == $user->id) { - $user_perm = $user->perms; - } else { - $user_perm = $this->get_perm($user_id); - if (!$user_perm) { - return false; - } - } - if ($user_perm == "root") { - $status = "root"; - } elseif ($user_perm == "admin") { - if (Config::get()->ALLOW_ADMIN_RELATED_INST) { - $sem_inst = 'seminar_inst'; - } else { - $sem_inst = 'seminare'; - } - $st = $db->prepare("SELECT Seminar_id - FROM user_inst - LEFT JOIN $sem_inst USING (Institut_id) - WHERE inst_perms='admin' AND user_id = ? AND Seminar_id = ? LIMIT 1"); - $st->execute([$user_id, $range_id]); - if ($st->fetchColumn()) { - $status = "admin"; - } else { - $st = $db->prepare("SELECT Seminar_id FROM user_inst a - LEFT JOIN Institute b ON(a.Institut_id=b.Institut_id AND b.Institut_id=b.fakultaets_id) - LEFT JOIN Institute c ON (b.Institut_id=c.fakultaets_id) - LEFT JOIN $sem_inst d ON (d.Institut_id=c.Institut_id) - WHERE a.user_id = ? AND a.inst_perms='admin' AND d.Seminar_id = ? LIMIT 1"); - $st->execute([$user_id, $range_id]); - if ($st->fetchColumn()) { - $status = "admin"; - } else { - $st = $db->prepare("SELECT a.Institut_id FROM user_inst a - LEFT JOIN Institute b ON(a.Institut_id=b.fakultaets_id) - WHERE user_id = ? AND a.inst_perms='admin' - AND b.Institut_id = ? LIMIT 1"); - $st->execute([$user_id, $range_id]); - if ($st->fetchColumn()) { - $status = "admin"; - } - } - } - } - - if (isset($_SESSION['seminar_change_view_' . $range_id])) { - $status = $_SESSION['seminar_change_view_' . $range_id]; - } - - if ($status) { - return $status; - } - - if (Config::get()->DEPUTIES_ENABLE && Deputy::isDeputy($user_id, $range_id)) { - $status = 'dozent'; - } else { - $st = $db->prepare("SELECT status FROM seminar_user - WHERE user_id = ? AND Seminar_id = ?"); - $st->execute([$user_id, $range_id]); - $status = $st->fetchColumn(); - - if (!$status) { - $st = $db->prepare("SELECT inst_perms FROM user_inst - WHERE user_id = ? AND Institut_id = ?"); - $st->execute([$user_id, $range_id]); - $status = $st->fetchColumn(); - } - } - return $status; - } - - /** - * @param $perm - * @param $range_id - * @param bool $user_id - * @return bool - */ - public function have_studip_perm($perm, $range_id, $user_id = false) - { - $pageperm = $this->permissions[$perm] ?? 0; - $userperm = $this->permissions[$this->get_studip_perm($range_id, $user_id)] ?? 0; - - return $pageperm <= $userperm; - } - - /** - * @param $range_id - * @param bool $user_id - * @return mixed - */ - public function get_profile_perm($range_id, $user_id = false) - { - if (!$user_id) { - $user_id = $GLOBALS['user']->id; - } - - if (!isset($this->studip_perms[$range_id][$user_id])) { - $this->studip_perms[$range_id][$user_id] = $this->get_uncached_profile_perm($range_id, $user_id); - } - return $this->studip_perms[$range_id][$user_id]; - } - - /** - * @param $range_id - * @param $user_id - * @return bool|string - */ - public function get_uncached_profile_perm($range_id, $user_id) - { - $status = false; - - if ($range_id === $user_id && $this->have_perm('autor', $user_id)) { - // user on his own profile - $status = 'user'; - } else if (Deputy::isEditActivated() && Deputy::isDeputy($user_id, $range_id, true)) { - // user is an assigned deputy - $status = 'user'; - } else if ($this->have_perm('root', $user_id)) { - // respect root's authority - $status = 'admin'; - } else if ($this->have_perm('admin', $user_id)) { - // institute admin may have permission - $db = DBManager::get(); - $stmt = $db->prepare("SELECT a.inst_perms FROM user_inst AS a " . - "LEFT JOIN user_inst AS b USING (Institut_id) " . - "WHERE a.user_id = ? AND a.inst_perms = 'admin' " . - " AND b.user_id = ? AND b.inst_perms IN ('autor', 'tutor', 'dozent')"); - $stmt->execute([$user_id, $range_id]); - - if ($stmt->fetchColumn()) { - $status = 'admin'; - } else if ($this->is_fak_admin($user_id)) { - $stmt = $db->prepare("SELECT a.inst_perms FROM user_inst a " . - "LEFT JOIN Institute i ON a.Institut_id = i.fakultaets_id " . - "LEFT JOIN user_inst b ON b.Institut_id = i.Institut_id " . - "WHERE a.user_id = ? AND a.inst_perms = 'admin' " . - " AND b.user_id = ? AND b.inst_perms != 'user'"); - $stmt->execute([$user_id, $range_id]); - - if ($stmt->fetchColumn()) { - $status = 'admin'; - } - } - } - - return $status; - } - - /** - * @param $perm - * @param $range_id - * @param bool $user_id - * @return bool - */ - public function have_profile_perm($perm, $range_id, $user_id = false) - { - - $pageperm = $this->permissions[$perm] ?? 0; - $userperm = $this->permissions[$this->get_profile_perm($range_id, $user_id)] ?? 0; - - return $pageperm <= $userperm; - } - - /** - * @param bool $user_id - * @return bool - */ - public function is_fak_admin($user_id = false) - { - global $user; - if (!$user_id) $user_id = $user->id; - $user_perm = $this->get_perm($user_id); - if ($user_perm == "root") { - return true; - } - if ($user_perm != "admin") { - return false; - } - if (isset($this->fak_admins[$user_id])) { - return $this->fak_admins[$user_id]; - } else { - $db = DBManager::get(); - $st = $db->prepare("SELECT a.Institut_id FROM user_inst a - LEFT JOIN Institute b ON(a.Institut_id=b.Institut_id AND b.Institut_id=b.fakultaets_id) - WHERE a.user_id = ? AND a.inst_perms='admin' AND NOT ISNULL(b.Institut_id) LIMIT 1"); - $st->execute([$user_id]); - return $this->fak_admins[$user_id] = (bool)$st->fetchColumn(); - } - } - - /** - * @param bool $user_id - * @return bool - */ - public function is_staff_member($user_id = false) - { - global $user; - if (!$user_id) $user_id = $user->id; - $user_perm = $this->get_perm($user_id); - if ($user_perm == "root") { - return true; - } - if (!$this->have_perm('autor', $user_id)) { - return false; - } - $db = DBManager::get(); - $st = $db->prepare("SELECT 1 FROM user_inst - WHERE user_id = ? AND inst_perms <> 'user' LIMIT 1"); - $st->execute([$user_id]); - return (bool)$st->fetchColumn(); - } -} |