Пример #1
0
 /**
  * @param string $attribute
  * @param TopicInterface $topic
  * @param UserInterface $user
  * @return bool
  */
 protected function isGranted($attribute, $topic, $user = null)
 {
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         // grant VIEW privileges
         // if the user's primary school is the the topic's owning school
         // - or -
         // if the user has READ rights on the topic's owning school
         // via the permissions system.
         case self::VIEW:
             return $this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $topic->getSchool());
             break;
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             // grant CREATE, EDIT and DELETE privileges
             // if the user has the 'Developer' role
             // - and -
             //   if the user's primary school is the the topic's owning school
             //   - or -
             //   if the user has WRITE rights on the topic's owning school
             // via the permissions system.
             return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($topic->getSchool(), $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $topic->getSchool()));
             break;
     }
     return false;
 }
Пример #2
0
 /**
  * @param string $attribute
  * @param SchoolInterface $school
  * @param UserInterface|null $user
  * @return bool
  */
 protected function isGranted($attribute, $school, $user = null)
 {
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // Only grant VIEW permissions if the given school is the given user's
             // primary school
             // - or -
             // if the given user has been granted READ right on the given school
             // via the permissions system.
             return $this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $school);
             break;
         case self::CREATE:
             // only developers can create schools.
             return $this->userHasRole($user, ['Developer']);
             break;
         case self::EDIT:
         case self::DELETE:
             // Only grant EDIT and DELETE permissions if the user has the 'Developer' role.
             // - and -
             // the user must be associated with the given school,
             // either by its primary school attribute
             //     - or - by WRITE rights for the school
             // via the permissions system.
             return $this->userHasRole($user, ['Developer']) && ($this->schoolsAreIdentical($school, $user->getSchool()) || $this->permissionManager->userHasWritePermissionToSchool($user, $school));
             break;
     }
     return false;
 }
Пример #3
0
 /**
  * @param string $attribute
  * @param UserInterface $requestedUser
  * @param TokenInterface $token
  * @return bool
  */
 protected function voteOnAttribute($attribute, $requestedUser, TokenInterface $token)
 {
     $user = $token->getUser();
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         // at least one of these must be true.
         // 1. the requested user is the current user
         // 2. the current user has faculty/course director/developer role
         case self::VIEW:
             return $user->getId() === $requestedUser->getId() || $this->userHasRole($user, ['Course Director', 'Faculty', 'Developer']);
             break;
             // at least one of these must be true.
             // 1. the current user has developer role
             //    and has the same primary school affiliation as the given user
             // 2. the current user has developer role
             //    and has WRITE rights to one of the users affiliated schools.
         // at least one of these must be true.
         // 1. the current user has developer role
         //    and has the same primary school affiliation as the given user
         // 2. the current user has developer role
         //    and has WRITE rights to one of the users affiliated schools.
         case self::CREATE:
         case self::EDIT:
         case self::DELETE:
             return $this->userHasRole($user, ['Developer']) && ($requestedUser->getAllSchools()->contains($user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchools($user, $requestedUser->getAllSchools()));
             break;
     }
     return false;
 }
Пример #4
0
 /**
  * Utility method, determines if a given user has any of the given roles.
  * @param UserInterface $user the user object
  * @param array $eligibleRoles a list of role names
  * @return bool TRUE if the user has at least one of the roles, FALSE otherwise.
  */
 public function userHasRole(UserInterface $user, $eligibleRoles = array())
 {
     $roles = array_map(function (UserRoleInterface $role) {
         return $role->getTitle();
     }, $user->getRoles()->toArray());
     $intersection = array_intersect($eligibleRoles, $roles);
     return !empty($intersection);
 }
Пример #5
0
 /**
  * @param CourseInterface $course
  * @param UserInterface $user
  * @return bool
  */
 protected function isViewGranted($course, $user)
 {
     // grant VIEW privileges if at least one of the following
     // statements is true:
     // 1. the user's primary school is the course's owning school
     // 2. the user has READ rights on the course's owning school via the permissions system
     // 3. the user has READ rights on the course via the permissions system
     return $this->schoolsAreIdentical($course->getSchool(), $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $course->getSchool()) || $this->permissionManager->userHasReadPermissionToCourse($user, $course);
 }
Пример #6
0
 /**
  * @param int $courseId
  * @param int $owningSchoolId
  * @param UserInterface $user
  *
  * @return bool
  */
 protected function isViewGranted($courseId, $owningSchoolId, UserInterface $user)
 {
     // grant VIEW privileges if at least one of the following
     // statements is true:
     // 1. the user's primary school is the course's owning school
     // 2. the user is instructing ILMs or offerings in this course
     // 3. the user is directing this course
     // 4. the user has READ rights on the course's owning school via the permissions system
     // 5. the user has READ rights on the course via the permissions system
     return $owningSchoolId === $user->getSchool()->getId() || $this->courseManager->isUserInstructingInCourse($user, $courseId) || $user->isDirectingCourse($courseId) || $this->permissionManager->userHasReadPermissionToSchool($user, $owningSchoolId) || $this->permissionManager->userHasReadPermissionToCourse($user, $courseId);
 }
Пример #7
0
 /**
  * Build a token from a user
  * @param  UserInterface $user
  * @param string $timeToLive PHP DateInterval notation for the length of time the token shoud be valid
  * @return string
  */
 public function createJwtFromUser(UserInterface $user, $timeToLive = 'PT8H')
 {
     $requestedInterval = new \DateInterval($timeToLive);
     $maximumInterval = new \DateInterval('P364D');
     $interval = $requestedInterval > $maximumInterval ? $maximumInterval : $requestedInterval;
     $now = new DateTime();
     $expires = clone $now;
     $expires->add($interval);
     $arr = array('iss' => self::TOKEN_ISS, 'aud' => self::TOKEN_AUD, 'iat' => $now->format('U'), 'exp' => $expires->format('U'), 'user_id' => $user->getId());
     return JWT::encode($arr, $this->jwtKey);
 }
Пример #8
0
 /**
  * @param string $attribute
  * @param UserEvent $event
  * @param UserInterface|null $user
  * @return bool
  */
 protected function isGranted($attribute, $event, $user = null)
 {
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // check if the event-owning user is the given user
             return $user->getId() === $event->user;
             break;
     }
     return false;
 }
Пример #9
0
 /**
  * @param string $attribute
  * @param SchoolEvent $event
  * @param UserInterface|null $user
  * @return bool
  */
 protected function isGranted($attribute, $event, $user = null)
 {
     // make sure there is a user object (i.e. that the user is logged in)
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         case self::VIEW:
             // grant VIEW permissions if the event-owning school matches any of the given user's schools.
             $eventOwningSchool = $this->schoolManager->findSchoolBy(['id' => $event->school]);
             return $this->schoolsAreIdentical($eventOwningSchool, $user->getSchool()) || $this->permissionManager->userHasReadPermissionToSchool($user, $eventOwningSchool);
             break;
     }
     return false;
 }
Пример #10
0
 /**
  * @param string $attribute
  * @param UserMadeReminderInterface $reminder
  * @param UserInterface $user
  * @return bool
  */
 protected function isGranted($attribute, $reminder, $user = null)
 {
     if (!$user instanceof UserInterface) {
         return false;
     }
     switch ($attribute) {
         // Users can perform any CRUD operations on their own reminders.
         // Check if the given reminder's owning user is the given user.
         case self::CREATE:
         case self::VIEW:
         case self::EDIT:
         case self::DELETE:
             return $user->getId() === $reminder->getUser()->getId();
             break;
     }
     return false;
 }
Пример #11
0
 public function getJwt()
 {
     if (!$this->user) {
         throw new \Exception('Can not build a JWT, we have no user');
     }
     $now = new \DateTime();
     $expires = new \Datetime();
     $expires->add(new \DateInterval("PT8H"));
     $arr = array('iss' => 'ilios', 'aud' => 'ilios', 'iat' => $now->format('U'), 'exp' => $expires->format('U'), 'user_id' => $this->user->getId());
     return TokenLib::encode($arr, $this->key);
 }
Пример #12
0
    /**
     * Finds all courses associated with a given user.
     * A user can be associated as either course director, learner or instructor with a given course.
     *
     * @param UserInterface $user
     * @param array $criteria
     * @param array|null $orderBy
     * @param null $limit
     * @param null $offset
     * @return CourseInterface[]
     * @throws \Exception
     */
    public function findByUser(UserInterface $user, array $criteria, array $orderBy = null, $limit = null, $offset = null)
    {
        $rsm = new ResultSetMappingBuilder($this->_em);
        $rsm->addRootEntityFromClassMetadata('IliosCoreBundle:Course', 'c');
        $meta = $this->_em->getClassMetadata('IliosCoreBundle:Course');
        if (empty($orderBy)) {
            $orderBy = ['id' => 'ASC'];
        }
        $sql = <<<EOL
SELECT * FROM (
  SELECT c.* FROM course c
    JOIN course_director cd ON cd.course_id = c.course_id
    JOIN user u ON u.user_id = cd.user_id
    WHERE u.user_id = :user_id
  UNION
  SELECT c.* FROM course c
    JOIN `session` s ON s.course_id = c.course_id
    JOIN offering o ON o.session_id = s.session_id
    JOIN offering_x_learner oxl ON oxl.offering_id = o.offering_id
    JOIN user u ON u.user_id = oxl.user_id
    WHERE u.user_id = :user_id
  UNION
  SELECT c.* FROM course c
    JOIN `session` s ON s.course_id = c.course_id
    JOIN offering o ON o.session_id = s.session_id
    JOIN offering_x_group oxg ON oxg.offering_id = o.offering_id
    JOIN `group` g ON g.group_id = oxg.group_id
    JOIN group_x_user gxu ON gxu.group_id = g.group_id
    JOIN user u ON u.user_id = gxu.user_id
    WHERE u.user_id = :user_id
  UNION
  SELECT c.* FROM course c
    JOIN `session` s ON s.course_id = c.course_id
    JOIN ilm_session_facet ilm ON ilm.session_id = s.session_id
    JOIN ilm_session_facet_x_learner ilmxl ON ilmxl.ilm_session_facet_id = ilm.ilm_session_facet_id
    JOIN user u ON u.user_id = ilmxl.user_id
    WHERE u.user_id = :user_id
  UNION
  SELECT c.* FROM course c
    JOIN `session` s ON s.course_id = c.course_id
    JOIN ilm_session_facet ilm ON ilm.session_id = s.session_id
    JOIN ilm_session_facet_x_group ilmxg ON ilmxg.ilm_session_facet_id = ilm.ilm_session_facet_id
    JOIN `group` g ON g.group_id = ilmxg.group_id
    JOIN group_x_user gxu ON gxu.group_id = g.group_id
    JOIN user u ON u.user_id = gxu.user_id
    WHERE u.user_id = :user_id
  UNION
  SELECT c.* FROM course c
    JOIN `session` s ON s.course_id = c.course_id
    JOIN offering o ON o.session_id = s.session_id
    JOIN offering_x_instructor oxi ON oxi.offering_id = o.offering_id
    JOIN user u ON u.user_id = oxi.user_id
    WHERE u.user_id = :user_id
  UNION
  SELECT c.* FROM course c
    JOIN `session` s ON s.course_id = c.course_id
    JOIN offering o ON o.session_id = s.session_id
    JOIN offering_x_instructor_group oxig ON oxig.offering_id = o.offering_id
    JOIN instructor_group ig ON ig.instructor_group_id = oxig.instructor_group_id
    JOIN instructor_group_x_user igxu ON igxu.instructor_group_id = ig.instructor_group_id
    JOIN user u ON u.user_id = igxu.user_id
    WHERE u.user_id = :user_id
  UNION
  SELECT c.* FROM course c
    JOIN `session` s ON s.course_id = c.course_id
    JOIN ilm_session_facet ilm ON ilm.session_id = s.session_id
    JOIN ilm_session_facet_x_instructor ilmxi ON ilmxi.ilm_session_facet_id = ilm.ilm_session_facet_id
    JOIN user u ON u.user_id = ilmxi.user_id
    WHERE u.user_id = :user_id
  UNION
  SELECT c.* FROM course c
    JOIN `session` s ON s.course_id = c.course_id
    JOIN ilm_session_facet ilm ON ilm.session_id = s.session_id
    JOIN ilm_session_facet_x_instructor_group ilmxig ON ilmxig.ilm_session_facet_id = ilm.ilm_session_facet_id
    JOIN instructor_group ig ON ig.instructor_group_id = ilmxig.instructor_group_id
    JOIN instructor_group_x_user igxu ON igxu.instructor_group_id = ig.instructor_group_id
    JOIN user u ON u.user_id = igxu.user_id
    WHERE u.user_id = :user_id
) AS my_courses
EOL;
        $params = [];
        $i = 0;
        $sqlFragments = [];
        foreach ($criteria as $name => $value) {
            $i++;
            if (!$meta->hasField($name)) {
                throw new \Exception(sprintf('"%s" is not a property of the Course entity.', $name));
            }
            $column = $meta->getColumnName($name);
            $label = 'param' . $i;
            $params[$name] = $label;
            if (is_array($value)) {
                $sqlFragments[] = "{$column} IN (:{$label})";
            } else {
                $sqlFragments[] = "{$column} = :{$label}";
            }
        }
        if (count($sqlFragments)) {
            $sql .= ' WHERE ' . implode(' AND ', $sqlFragments);
        }
        if (is_array($orderBy)) {
            $sqlFragments = [];
            foreach ($orderBy as $sort => $order) {
                if (!$meta->hasField($sort)) {
                    throw new \Exception(sprintf('"%s" is not a property of the Course entity.', $sort));
                }
                $column = $meta->getColumnName($sort);
                $sqlFragments[] = "{$column} " . ('desc' === strtolower($order) ? 'DESC' : 'ASC');
            }
            $sql .= ' ORDER BY ';
            $sql .= implode(', ', $sqlFragments);
        }
        if (isset($limit)) {
            $sql .= ' LIMIT :limit';
        }
        if (isset($offset)) {
            $sql .= ' OFFSET :offset';
        }
        $query = $this->_em->createNativeQuery($sql, $rsm);
        $query->setParameter('user_id', $user->getId());
        foreach ($params as $field => $label) {
            $value = $criteria[$field];
            $query->setParameter($label, $value);
        }
        if (isset($limit)) {
            $query->setParameter('limit', (int) $limit);
        }
        if (isset($offset)) {
            $query->setParameter('offset', (int) $offset);
        }
        return $query->getResult();
    }
Пример #13
0
 /**
  * Build a token from a user
  * @param  UserInterface $user
  * @param string $timeToLive PHP DateInterval notation for the length of time the token shoud be valid
  * @return string
  */
 public function createJwtFromUser(UserInterface $user, $timeToLive = 'PT8H')
 {
     return $this->createJwtFromUserId($user->getId(), $timeToLive);
 }
Пример #14
0
 /**
  * Checks if two given users are the same.
  * @param UserInterface|null $userA
  * @param UserInterface|null $userB
  * @return bool
  */
 public function usersAreIdentical(UserInterface $userA = null, UserInterface $userB = null)
 {
     return $userA instanceof UserInterface && $userB instanceof UserInterface && $userA->getId() === $userB->getId();
 }
Пример #15
0
 /**
  * @param UserInterface $instructorUser
  */
 public function addInstructorUser(UserInterface $instructorUser)
 {
     $this->instructorUsers->add($instructorUser);
 }