Code Coverage for /home/runner/work/tao-community/tao-community/taoDacSimple/model/PermissionProvider.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	6.06% covered (danger)	6.06%	2 / 33	28.57% covered (danger)	28.57%	2 / 7	CRAP	0.00% covered (danger)	0.00%	0 / 1
PermissionProvider	6.06% covered (danger)	6.06%	2 / 33	28.57% covered (danger)	28.57%	2 / 7	131.37	0.00% covered (danger)	0.00%	0 / 1
getPermissions	0.00% covered (danger)	0.00%	0 / 9	0.00% covered (danger)	0.00%	0 / 1	12
onResourceCreated	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	20
getSupportedRights	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	2
getRightLabels	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	2
getSupportedRootClasses	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	2
getResourceAccessData	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
getRolePrivilegeRetriever	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1

1	<?php
2
3	/**
4	* This program is free software; you can redistribute it and/or
5	* modify it under the terms of the GNU General Public License
6	* as published by the Free Software Foundation; under version 2
7	* of the License (non-upgradable).
8	*
9	* This program is distributed in the hope that it will be useful,
10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	* GNU General Public License for more details.
13	*
14	* You should have received a copy of the GNU General Public License
15	* along with this program; if not, write to the Free Software
16	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17	*
18	* Copyright (c) 2020 (original work) Open Assessment Technologies SA (under the project TAO-PRODUCT);
19	*
20	*/
21
22	declare(strict_types=1);
23
24	namespace oat\taoDacSimple\model;
25
26	use common_exception_Error;
27	use core_kernel_classes_Class;
28	use core_kernel_classes_Resource;
29	use oat\generis\model\data\permission\PermissionInterface;
30	use oat\generis\model\data\permission\ReverseRightLookupInterface;
31	use oat\generis\model\GenerisRdf;
32	use oat\oatbox\service\ConfigurableService;
33	use oat\oatbox\service\exception\InvalidServiceManagerException;
34	use oat\oatbox\user\User;
35	use oat\tao\model\TaoOntology;
36
37	/**
38	* Simple permissible Permission model
39	*
40	* does not require privileges
41	* does not grant privileges
42	*
43	* @access public
44	* @author Joel Bout, <joel@taotesting.com>
45	*/
46	class PermissionProvider extends ConfigurableService implements PermissionInterface, ReverseRightLookupInterface
47	{
48	public const PERMISSION_GRANT = 'GRANT';
49	public const PERMISSION_READ = 'READ';
50	public const PERMISSION_WRITE = 'WRITE';
51	public const ALLOWED_PERMISSIONS = [
52	PermissionProvider::PERMISSION_READ,
53	PermissionProvider::PERMISSION_GRANT,
54	PermissionProvider::PERMISSION_WRITE,
55	];
56
57	/**
58	* (non-PHPdoc)
59	* @param User $user
60	* @param array $resourceIds
61	*
62	* @return array
63	* @throws InvalidServiceManagerException
64	* @see \oat\generis\model\data\PermissionInterface::getPermissions()
65	*/
66	public function getPermissions(User $user, array $resourceIds)
67	{
68	if (in_array(DacRoles::DAC_ADMINISTRATOR, $user->getRoles(), true)) {
69	$permissions = [];
70	foreach ($resourceIds as $id) {
71	$permissions[$id] = $this->getSupportedRights();
72	}
73
74	return $permissions;
75	}
76
77	$dbAccess = $this->getServiceManager()->get(DataBaseAccess::SERVICE_ID);
78	$userIds = $user->getRoles();
79	$userIds[] = $user->getIdentifier();
80
81	return $dbAccess->getPermissions($userIds, $resourceIds);
82	}
83
84	/**
85	* (non-PHPdoc)
86	* @param core_kernel_classes_Resource $resource
87	*
88	* @throws common_exception_Error
89	*
90	* @see \oat\generis\model\data\PermissionInterface::onResourceCreated()
91	*/
92	public function onResourceCreated(core_kernel_classes_Resource $resource)
93	{
94	$dbAccess = $this->getServiceLocator()->get(DataBaseAccess::SERVICE_ID);
95	// verify resource is created
96	$permissions = $dbAccess->getResourcePermissions($resource->getUri());
97	if (empty($permissions)) {
98	// treat resources as classes without parent classes
99	$class = new core_kernel_classes_Class($resource);
100	foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) {
101	foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) {
102	$dbAccess->addPermissions($userUri, $resource->getUri(), $rights);
103	}
104	}
105	}
106	}
107
108	/**
109	* (non-PHPdoc)
110	* @see \oat\generis\model\data\permission\PermissionInterface::getSupportedRights()
111	*/
112	public function getSupportedRights()
113	{
114	return [
115	self::PERMISSION_GRANT,
116	self::PERMISSION_WRITE,
117	self::PERMISSION_READ
118	];
119	}
120
121
122	/**
123	* Returns an associativ array with permission ids as keys
124	* and labels as values
125	*
126	* @return array
127	*/
128	public static function getRightLabels()
129	{
130	return [
131	self::PERMISSION_GRANT => __('grant'),
132	self::PERMISSION_WRITE => __('write'),
133	self::PERMISSION_READ => __('read')
134	];
135	}
136
137	public static function getSupportedRootClasses()
138	{
139	return [
140	new core_kernel_classes_Class(TaoOntology::OBJECT_CLASS_URI),
141	new core_kernel_classes_Class(GenerisRdf::CLASS_GENERIS_USER),
142	new core_kernel_classes_Class(GenerisRdf::CLASS_ROLE)
143	];
144	}
145
146	/**
147	* @deprecated Use RolePrivilegeRetriever::retrieveByResourceIds()
148	*/
149	public function getResourceAccessData(string $resourceId): array
150	{
151	return $this->getRolePrivilegeRetriever()->retrieveByResourceIds([$resourceId]);
152	}
153
154	private function getRolePrivilegeRetriever(): RolePrivilegeRetriever
155	{
156	return $this->getServiceLocator()->get(RolePrivilegeRetriever::class);
157	}
158	}