tao-test/app/taoQtiTest/models/classes/creator/PermissionLookupTrait.php

125 lines
3.8 KiB
PHP
Raw Normal View History

2022-08-29 20:14:13 +02:00
<?php
/**
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; under version 2
* of the License (non-upgradable).
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* Copyright (c) 2020 (original work) Open Assessment Technologies SA;
*/
declare(strict_types=1);
namespace oat\taoQtiTest\models\creator;
use common_exception_Error;
use common_session_AnonymousSession;
use common_session_Session;
use oat\oatbox\session\SessionService;
use oat\tao\model\resources\ResourceService;
trait PermissionLookupTrait
{
/**
* @var array
*/
private $permissions;
/**
* @param array $nodes
* @return array
* @throws common_exception_Error
*/
protected function fillPermissions(array $nodes): array
{
$permissions = $this->getPermissions($nodes);
if (is_array($permissions) && array_key_exists('data', $permissions) && is_array($permissions['data'])) {
$rules = $permissions['data'];
$rights = isset($permissions['supportedRights']) && count($permissions['supportedRights']) ? $permissions['supportedRights'] : false;
if ($rights) {
$self = $this;
$nodes = array_map(static function ($node) use ($rules, $self, $rights) {
if (is_array($node)) {
if (array_key_exists('children', $node)) {
$node['children'] = $self->fillPermissions($node['children']);
}
if (array_key_exists('uri', $node)) {
$node['accessMode'] = $self->getAccessMode($rules, $rights, $node['uri']);
}
}
return $node;
}, $nodes);
}
}
return $nodes;
}
/**
* partial|denied|allowed
* @param array $rules
* @param array $supportedRights
* @param string $uri
* @return string
*/
private function getAccessMode(array $rules, array $supportedRights, string $uri): string
{
$itemRules = array_key_exists($uri, $rules) ? $rules[$uri] : [];
if (
count($supportedRights) === 0
|| $itemRules == $supportedRights
|| (in_array('GRANT', $itemRules, true))
) {
return 'allowed';
}
if (!count($itemRules)) {
return 'denied';
}
return 'partial';
}
/**
* @param array $resources
* @return array
*/
private function getPermissions(array $resources): array
{
if (!$this->permissions) {
//retrieve resources permissions
$user = $this->getSession() ? $this->getSession()->getUser() : null;
$this->permissions = $user ? $this->getResourceService()->getResourcesPermissions($user, $resources) : [];
}
return $this->permissions;
}
/**
* @return common_session_AnonymousSession|common_session_Session|null
*/
private function getSession(): common_session_Session
{
return $this->getServiceLocator()->get(SessionService::SERVICE_ID)->getCurrentSession();
}
/**
* @return ResourceService|object
*/
protected function getResourceService(): ResourceService
{
return $this->getServiceLocator()->get(ResourceService::SERVICE_ID);
}
}