aboutsummaryrefslogtreecommitdiff
path: root/lib/phplib/Seminar_Perm.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/phplib/Seminar_Perm.php')
-rw-r--r--lib/phplib/Seminar_Perm.php350
1 files changed, 350 insertions, 0 deletions
diff --git a/lib/phplib/Seminar_Perm.php b/lib/phplib/Seminar_Perm.php
new file mode 100644
index 0000000..1c3a85e
--- /dev/null
+++ b/lib/phplib/Seminar_Perm.php
@@ -0,0 +1,350 @@
+<?php
+
+/**
+ * Seminar_Perm.php
+ *
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * @author André Noack <noack@data-quest.de>
+ * @copyright 2000 Stud.IP Core-Group
+ * @license http://www.gnu.org/licenses/gpl-2.0.html GPL version 2
+ */
+class Seminar_Perm
+{
+
+ /**
+ * @var array
+ */
+ public $permissions = [
+ "user" => 1,
+ "autor" => 3,
+ "tutor" => 7,
+ "dozent" => 15,
+ "admin" => 31,
+ "root" => 63
+ ];
+ /**
+ * @var array
+ */
+ private $studip_perms = [];
+ /**
+ * @var array
+ */
+ private $fak_admins = [];
+
+ /**
+ * @return Seminar_Perm
+ */
+ public static function get()
+ {
+ if (is_object($GLOBALS['perm'])) {
+ return $GLOBALS['perm'];
+ } else {
+ return new Seminar_Perm();
+ }
+ }
+
+ /**
+ * @param $must_have
+ * @throws AccessDeniedException
+ */
+ public function check($must_have)
+ {
+ if (!$this->have_perm($must_have)) {
+ if ($GLOBALS['user']->id === 'nobody') {
+ $message = _('Sie sind nicht im System angemeldet und können daher nicht auf diesen Teil des Systems zugreifen. '
+ . 'Um den vollen Funktionsumfang des Systems benutzen zu können, müssen Sie sich mit Ihrem Nutzernamen und Passwort anmelden.');
+ throw new AccessDeniedException($message);
+ } else {
+ throw new AccessDeniedException();
+ }
+ }
+ }
+
+ /**
+ * @param bool $user_id
+ * @return string|null
+ */
+ public function get_perm($user_id = false)
+ {
+ global $user;
+ if (!$user_id) {
+ $user_id = $user->id;
+ }
+ if ($user_id && $user_id == $user->id) {
+ return $user->perms;
+ }
+ if ($user_id && isset($this->studip_perms['studip'][$user_id])) {
+ return $this->studip_perms['studip'][$user_id];
+ }
+ if ($user_id && $user_id !== 'nobody') {
+ $query = "SELECT perms FROM auth_user_md5 WHERE user_id = :user_id";
+ $statement = DBManager::get()->prepare($query);
+ $statement->bindValue(':user_id', $user_id);
+ $statement->execute();
+ $perms = $statement->fetchColumn();
+
+ return $this->studip_perms['studip'][$user_id] = $perms;
+ }
+
+ return null;
+ }
+
+ /**
+ * @param $perm
+ * @param bool $user_id
+ * @return bool
+ */
+ public function have_perm($perm, $user_id = false)
+ {
+ $page_perm_value = $this->permissions[$perm] ?? 0;
+ $user_perm_value = $this->permissions[$this->get_perm($user_id)] ?? 0;
+
+ return $page_perm_value <= $user_perm_value;
+ }
+
+
+ /**
+ * @param $range_id
+ * @param bool $user_id
+ * @return mixed
+ */
+ public function get_studip_perm($range_id, $user_id = false)
+ {
+
+ if (!$user_id) {
+ $user_id = $GLOBALS['user']->id;
+ }
+
+ if (!isset($this->studip_perms[$range_id][$user_id])) {
+ $this->studip_perms[$range_id][$user_id] = $this->get_uncached_studip_perm($range_id, $user_id);
+ }
+ return $this->studip_perms[$range_id][$user_id];
+ }
+
+ /**
+ * @param $range_id
+ * @param $user_id
+ * @return bool|string
+ */
+ public function get_uncached_studip_perm($range_id, $user_id)
+ {
+ global $user;
+ $db = DBManager::get();
+ $status = false;
+ if ($user_id && $user_id == $user->id) {
+ $user_perm = $user->perms;
+ } else {
+ $user_perm = $this->get_perm($user_id);
+ if (!$user_perm) {
+ return false;
+ }
+ }
+ if ($user_perm == "root") {
+ $status = "root";
+ } elseif ($user_perm == "admin") {
+ if (Config::get()->ALLOW_ADMIN_RELATED_INST) {
+ $sem_inst = 'seminar_inst';
+ } else {
+ $sem_inst = 'seminare';
+ }
+ $st = $db->prepare("SELECT Seminar_id
+ FROM user_inst
+ LEFT JOIN $sem_inst USING (Institut_id)
+ WHERE inst_perms='admin' AND user_id = ? AND Seminar_id = ? LIMIT 1");
+ $st->execute([$user_id, $range_id]);
+ if ($st->fetchColumn()) {
+ $status = "admin";
+ } else {
+ $st = $db->prepare("SELECT Seminar_id FROM user_inst a
+ LEFT JOIN Institute b ON(a.Institut_id=b.Institut_id AND b.Institut_id=b.fakultaets_id)
+ LEFT JOIN Institute c ON (b.Institut_id=c.fakultaets_id)
+ LEFT JOIN $sem_inst d ON (d.Institut_id=c.Institut_id)
+ WHERE a.user_id = ? AND a.inst_perms='admin' AND d.Seminar_id = ? LIMIT 1");
+ $st->execute([$user_id, $range_id]);
+ if ($st->fetchColumn()) {
+ $status = "admin";
+ } else {
+ $st = $db->prepare("SELECT a.Institut_id FROM user_inst a
+ LEFT JOIN Institute b ON(a.Institut_id=b.fakultaets_id)
+ WHERE user_id = ? AND a.inst_perms='admin'
+ AND b.Institut_id = ? LIMIT 1");
+ $st->execute([$user_id, $range_id]);
+ if ($st->fetchColumn()) {
+ $status = "admin";
+ }
+ }
+ }
+ }
+
+ if (isset($_SESSION['seminar_change_view_' . $range_id])) {
+ $status = $_SESSION['seminar_change_view_' . $range_id];
+ }
+
+ if ($status) {
+ return $status;
+ }
+
+ if (Config::get()->DEPUTIES_ENABLE && Deputy::isDeputy($user_id, $range_id)) {
+ $status = 'dozent';
+ } else {
+ $st = $db->prepare("SELECT status FROM seminar_user
+ WHERE user_id = ? AND Seminar_id = ?");
+ $st->execute([$user_id, $range_id]);
+ $status = $st->fetchColumn();
+
+ if (!$status) {
+ $st = $db->prepare("SELECT inst_perms FROM user_inst
+ WHERE user_id = ? AND Institut_id = ?");
+ $st->execute([$user_id, $range_id]);
+ $status = $st->fetchColumn();
+ }
+ }
+ return $status;
+ }
+
+ /**
+ * @param $perm
+ * @param $range_id
+ * @param bool $user_id
+ * @return bool
+ */
+ public function have_studip_perm($perm, $range_id, $user_id = false)
+ {
+ $pageperm = $this->permissions[$perm] ?? 0;
+ $userperm = $this->permissions[$this->get_studip_perm($range_id, $user_id)] ?? 0;
+
+ return $pageperm <= $userperm;
+ }
+
+ /**
+ * @param $range_id
+ * @param bool $user_id
+ * @return mixed
+ */
+ public function get_profile_perm($range_id, $user_id = false)
+ {
+ if (!$user_id) {
+ $user_id = $GLOBALS['user']->id;
+ }
+
+ if (!isset($this->studip_perms[$range_id][$user_id])) {
+ $this->studip_perms[$range_id][$user_id] = $this->get_uncached_profile_perm($range_id, $user_id);
+ }
+ return $this->studip_perms[$range_id][$user_id];
+ }
+
+ /**
+ * @param $range_id
+ * @param $user_id
+ * @return bool|string
+ */
+ public function get_uncached_profile_perm($range_id, $user_id)
+ {
+ $status = false;
+
+ if ($range_id === $user_id && $this->have_perm('autor', $user_id)) {
+ // user on his own profile
+ $status = 'user';
+ } else if (Deputy::isEditActivated() && Deputy::isDeputy($user_id, $range_id, true)) {
+ // user is an assigned deputy
+ $status = 'user';
+ } else if ($this->have_perm('root', $user_id)) {
+ // respect root's authority
+ $status = 'admin';
+ } else if ($this->have_perm('admin', $user_id)) {
+ // institute admin may have permission
+ $db = DBManager::get();
+ $stmt = $db->prepare("SELECT a.inst_perms FROM user_inst AS a " .
+ "LEFT JOIN user_inst AS b USING (Institut_id) " .
+ "WHERE a.user_id = ? AND a.inst_perms = 'admin' " .
+ " AND b.user_id = ? AND b.inst_perms IN ('autor', 'tutor', 'dozent')");
+ $stmt->execute([$user_id, $range_id]);
+
+ if ($stmt->fetchColumn()) {
+ $status = 'admin';
+ } else if ($this->is_fak_admin($user_id)) {
+ $stmt = $db->prepare("SELECT a.inst_perms FROM user_inst a " .
+ "LEFT JOIN Institute i ON a.Institut_id = i.fakultaets_id " .
+ "LEFT JOIN user_inst b ON b.Institut_id = i.Institut_id " .
+ "WHERE a.user_id = ? AND a.inst_perms = 'admin' " .
+ " AND b.user_id = ? AND b.inst_perms != 'user'");
+ $stmt->execute([$user_id, $range_id]);
+
+ if ($stmt->fetchColumn()) {
+ $status = 'admin';
+ }
+ }
+ }
+
+ return $status;
+ }
+
+ /**
+ * @param $perm
+ * @param $range_id
+ * @param bool $user_id
+ * @return bool
+ */
+ public function have_profile_perm($perm, $range_id, $user_id = false)
+ {
+
+ $pageperm = $this->permissions[$perm] ?? 0;
+ $userperm = $this->permissions[$this->get_profile_perm($range_id, $user_id)] ?? 0;
+
+ return $pageperm <= $userperm;
+ }
+
+ /**
+ * @param bool $user_id
+ * @return bool
+ */
+ public function is_fak_admin($user_id = false)
+ {
+ global $user;
+ if (!$user_id) $user_id = $user->id;
+ $user_perm = $this->get_perm($user_id);
+ if ($user_perm == "root") {
+ return true;
+ }
+ if ($user_perm != "admin") {
+ return false;
+ }
+ if (isset($this->fak_admins[$user_id])) {
+ return $this->fak_admins[$user_id];
+ } else {
+ $db = DBManager::get();
+ $st = $db->prepare("SELECT a.Institut_id FROM user_inst a
+ LEFT JOIN Institute b ON(a.Institut_id=b.Institut_id AND b.Institut_id=b.fakultaets_id)
+ WHERE a.user_id = ? AND a.inst_perms='admin' AND NOT ISNULL(b.Institut_id) LIMIT 1");
+ $st->execute([$user_id]);
+ return $this->fak_admins[$user_id] = (bool)$st->fetchColumn();
+ }
+ }
+
+ /**
+ * @param bool $user_id
+ * @return bool
+ */
+ public function is_staff_member($user_id = false)
+ {
+ global $user;
+ if (!$user_id) $user_id = $user->id;
+ $user_perm = $this->get_perm($user_id);
+ if ($user_perm == "root") {
+ return true;
+ }
+ if (!$this->have_perm('autor', $user_id)) {
+ return false;
+ }
+ $db = DBManager::get();
+ $st = $db->prepare("SELECT 1 FROM user_inst
+ WHERE user_id = ? AND inst_perms <> 'user' LIMIT 1");
+ $st->execute([$user_id]);
+ return (bool)$st->fetchColumn();
+ }
+}
generated by cgit v1.0 at 2026-05-28 15:00:11 +0000