tao-test/app/tao/models/classes/search/ResultAccessChecker.php

94 lines
2.8 KiB
PHP
Raw Normal View History

2022-08-29 20:14:13 +02:00
<?php
/**
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; under version 2
* of the License (non-upgradable).
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (c) 2021 (original work) Open Assessment Technologies SA;
*/
declare(strict_types=1);
namespace oat\tao\model\search;
use core_kernel_classes_Class;
use oat\generis\model\data\permission\PermissionHelper;
use oat\generis\model\data\permission\PermissionInterface;
use oat\generis\model\OntologyAwareTrait;
use oat\oatbox\service\ConfigurableService;
use oat\tao\model\TaoOntology;
class ResultAccessChecker extends ConfigurableService
{
use OntologyAwareTrait;
public function hasReadAccess(array $content): bool
{
$resource = $this->getResource($content['id']);
$topLevelClass = $this->getClass(TaoOntology::CLASS_URI_OBJECT);
$permissionHelper = $this->getPermissionHelper();
foreach ($resource->getTypes() as $type) {
$accessibleResources = $permissionHelper->filterByPermission(
[$type->getUri()],
PermissionInterface::RIGHT_READ
);
if (empty($accessibleResources)) {
return false;
}
$class = $this->getClass($type->getUri());
if (!$this->hasReadPermissionForClass($class, $permissionHelper, $topLevelClass)) {
return false;
}
}
return true;
}
private function hasReadPermissionForClass(
core_kernel_classes_Class $class,
PermissionHelper $permissionHelper,
core_kernel_classes_Class $topLevelClass
): bool {
$parentClasses = $class->getParentClasses(true);
foreach ($parentClasses as $parentClass) {
$accessibleResource = $permissionHelper
->filterByPermission(
[$parentClass->getUri()],
PermissionInterface::RIGHT_READ
);
if (empty($accessibleResource)) {
return false;
}
if ($parentClass->getUri() === $topLevelClass->getUri()) {
return true;
}
}
return true;
}
private function getPermissionHelper(): PermissionHelper
{
return $this->getServiceLocator()->get(PermissionHelper::class);
}
}