<?php
/**
* Seminar_Perm.class.php
*
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
*
* @author André Noack <noack@data-quest.de>
* @copyright 2000 Stud.IP Core-Group
* @license http://www.gnu.org/licenses/gpl-2.0.html GPL version 2
*/
class Seminar_Perm
{
/**
* @var array
*/
public $permissions = [
"user" => 1,
"autor" => 3,
"tutor" => 7,
"dozent" => 15,
"admin" => 31,
"root" => 63
];
/**
* @var array
*/
private $studip_perms = [];
/**
* @var array
*/
private $fak_admins = [];
/**
* @return Seminar_Perm
*/
public static function get()
{
if (is_object($GLOBALS['perm'])) {
return $GLOBALS['perm'];
} else {
return new Seminar_Perm();
}
}
/**
* @param $must_have
* @throws AccessDeniedException
*/
public function check($must_have)
{
if (!$this->have_perm($must_have)) {
if ($GLOBALS['user']->id === 'nobody') {
$message = _('Sie sind nicht im System angemeldet und können daher nicht auf diesen Teil des Systems zugreifen. '
. 'Um den vollen Funktionsumfang des Systems benutzen zu können, müssen Sie sich mit Ihrem Nutzernamen und Passwort anmelden.');
throw new AccessDeniedException($message);
} else {
throw new AccessDeniedException();
}
}
}
/**
* @param bool $user_id
* @return string
*/
public function get_perm($user_id = false)
{
global $user;
if (!$user_id) {
$user_id = $user->id;
}
if ($user_id && $user_id == $user->id) {
return $user->perms;
}
if ($user_id && isset($this->studip_perms['studip'][$user_id])) {
return $this->studip_perms['studip'][$user_id];
}
if ($user_id && $user_id !== 'nobody') {
$query = "SELECT perms FROM auth_user_md5 WHERE user_id = :user_id";
$statement = DBManager::get()->prepare($query);
$statement->bindValue(':user_id', $user_id);
$statement->execute();
$perms = $statement->fetchColumn();
return $this->studip_perms['studip'][$user_id] = $perms;
}
}
/**
* @param $perm
* @param bool $user_id
* @return bool
*/
public function have_perm($perm, $user_id = false)
{
$page_perm_value = $this->permissions[$perm] ?? 0;
$user_perm_value = $this->permissions[$this->get_perm($user_id)] ?? 0;
return $page_perm_value <= $user_perm_value;
}
/**
* @param $range_id
* @param bool $user_id
* @return mixed
*/
public function get_studip_perm($range_id, $user_id = false)
{
if (!$user_id) {
$user_id = $GLOBALS['user']->id;
}
if (!isset($this->studip_perms[$range_id][$user_id])) {
$this->studip_perms[$range_id][$user_id] = $this->get_uncached_studip_perm($range_id, $user_id);
}
return $this->studip_perms[$range_id][$user_id];
}
/**
* @param $range_id
* @param $user_id
* @return bool|string
*/
public function get_uncached_studip_perm($range_id, $user_id)
{
global $user;
$db = DBManager::get();
$status = false;
if ($user_id && $user_id == $user->id) {
$user_perm = $user->perms;
} else {
$user_perm = $this->get_perm($user_id);
if (!$user_perm) {
return false;
}
}
if ($user_perm == "root") {
$status = "root";
} elseif ($user_perm == "admin") {
if (Config::get()->ALLOW_ADMIN_RELATED_INST) {
$sem_inst = 'seminar_inst';
} else {
$sem_inst = 'seminare';
}
$st = $db->prepare("SELECT Seminar_id
FROM user_inst
LEFT JOIN $sem_inst USING (Institut_id)
WHERE inst_perms='admin' AND user_id = ? AND Seminar_id = ? LIMIT 1");
$st->execute([$user_id, $range_id]);
if ($st->fetchColumn()) {
$status = "admin";
} else {
$st = $db->prepare("SELECT Seminar_id FROM user_inst a
LEFT JOIN Institute b ON(a.Institut_id=b.Institut_id AND b.Institut_id=b.fakultaets_id)
LEFT JOIN Institute c ON (b.Institut_id=c.fakultaets_id)
LEFT JOIN $sem_inst d ON (d.Institut_id=c.Institut_id)
WHERE a.user_id = ? AND a.inst_perms='admin' AND d.Seminar_id = ? LIMIT 1");
$st->execute([$user_id, $range_id]);
if ($st->fetchColumn()) {
$status = "admin";
} else {
$st = $db->prepare("SELECT a.Institut_id FROM user_inst a
LEFT JOIN Institute b ON(a.Institut_id=b.fakultaets_id)
WHERE user_id = ? AND a.inst_perms='admin'
AND b.Institut_id = ? LIMIT 1");
$st->execute([$user_id, $range_id]);
if ($st->fetchColumn()) {
$status = "admin";
}
}
}
}
if (isset($_SESSION['seminar_change_view_' . $range_id])) {
$status = $_SESSION['seminar_change_view_' . $range_id];
}
if ($status) {
return $status;
}
if (Config::get()->DEPUTIES_ENABLE && Deputy::isDeputy($user_id, $range_id)) {
$status = 'dozent';
} else {
$st = $db->prepare("SELECT status FROM seminar_user
WHERE user_id = ? AND Seminar_id = ?");
$st->execute([$user_id, $range_id]);
$status = $st->fetchColumn();
if (!$status) {
$st = $db->prepare("SELECT inst_perms FROM user_inst
WHERE user_id = ? AND Institut_id = ?");
$st->execute([$user_id, $range_id]);
$status = $st->fetchColumn();
}
}
return $status;
}
/**
* @param $perm
* @param $range_id
* @param bool $user_id
* @return bool
*/
public function have_studip_perm($perm, $range_id, $user_id = false)
{
$pageperm = $this->permissions[$perm] ?? 0;
$userperm = $this->permissions[$this->get_studip_perm($range_id, $user_id)] ?? 0;
return $pageperm <= $userperm;
}
/**
* @param $range_id
* @param bool $user_id
* @return mixed
*/
public function get_profile_perm($range_id, $user_id = false)
{
if (!$user_id) {
$user_id = $GLOBALS['user']->id;
}
if (!isset($this->studip_perms[$range_id][$user_id])) {
$this->studip_perms[$range_id][$user_id] = $this->get_uncached_profile_perm($range_id, $user_id);
}
return $this->studip_perms[$range_id][$user_id];
}
/**
* @param $range_id
* @param $user_id
* @return bool|string
*/
public function get_uncached_profile_perm($range_id, $user_id)
{
$status = false;
if ($range_id === $user_id && $this->have_perm('autor', $user_id)) {
// user on his own profile
$status = 'user';
} else if (Deputy::isEditActivated() && Deputy::isDeputy($user_id, $range_id, true)) {
// user is an assigned deputy
$status = 'user';
} else if ($this->have_perm('root', $user_id)) {
// respect root's authority
$status = 'admin';
} else if ($this->have_perm('admin', $user_id)) {
// institute admin may have permission
$db = DBManager::get();
$stmt = $db->prepare("SELECT a.inst_perms FROM user_inst AS a " .
"LEFT JOIN user_inst AS b USING (Institut_id) " .
"WHERE a.user_id = ? AND a.inst_perms = 'admin' " .
" AND b.user_id = ? AND b.inst_perms IN ('autor', 'tutor', 'dozent')");
$stmt->execute([$user_id, $range_id]);
if ($stmt->fetchColumn()) {
$status = 'admin';
} else if ($this->is_fak_admin($user_id)) {
$stmt = $db->prepare("SELECT a.inst_perms FROM user_inst a " .
"LEFT JOIN Institute i ON a.Institut_id = i.fakultaets_id " .
"LEFT JOIN user_inst b ON b.Institut_id = i.Institut_id " .
"WHERE a.user_id = ? AND a.inst_perms = 'admin' " .
" AND b.user_id = ? AND b.inst_perms != 'user'");
$stmt->execute([$user_id, $range_id]);
if ($stmt->fetchColumn()) {
$status = 'admin';
}
}
}
return $status;
}
/**
* @param $perm
* @param $range_id
* @param bool $user_id
* @return bool
*/
public function have_profile_perm($perm, $range_id, $user_id = false)
{
$pageperm = $this->permissions[$perm] ?? 0;
$userperm = $this->permissions[$this->get_profile_perm($range_id, $user_id)] ?? 0;
return $pageperm <= $userperm;
}
/**
* @param bool $user_id
* @return bool
*/
public function is_fak_admin($user_id = false)
{
global $user;
if (!$user_id) $user_id = $user->id;
$user_perm = $this->get_perm($user_id);
if ($user_perm == "root") {
return true;
}
if ($user_perm != "admin") {
return false;
}
if (isset($this->fak_admins[$user_id])) {
return $this->fak_admins[$user_id];
} else {
$db = DBManager::get();
$st = $db->prepare("SELECT a.Institut_id FROM user_inst a
LEFT JOIN Institute b ON(a.Institut_id=b.Institut_id AND b.Institut_id=b.fakultaets_id)
WHERE a.user_id = ? AND a.inst_perms='admin' AND NOT ISNULL(b.Institut_id) LIMIT 1");
$st->execute([$user_id]);
return $this->fak_admins[$user_id] = (bool)$st->fetchColumn();
}
}
/**
* @param bool $user_id
* @return bool
*/
public function is_staff_member($user_id = false)
{
global $user;
if (!$user_id) $user_id = $user->id;
$user_perm = $this->get_perm($user_id);
if ($user_perm == "root") {
return true;
}
if (!$this->have_perm('autor', $user_id)) {
return false;
}
$db = DBManager::get();
$st = $db->prepare("SELECT 1 FROM user_inst
WHERE user_id = ? AND inst_perms <> 'user' LIMIT 1");
$st->execute([$user_id]);
return (bool)$st->fetchColumn();
}
}