Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
6.06% covered (danger)
6.06%
2 / 33
28.57% covered (danger)
28.57%
2 / 7
CRAP
0.00% covered (danger)
0.00%
0 / 1
PermissionProvider
6.06% covered (danger)
6.06%
2 / 33
28.57% covered (danger)
28.57%
2 / 7
131.37
0.00% covered (danger)
0.00%
0 / 1
 getPermissions
0.00% covered (danger)
0.00%
0 / 9
0.00% covered (danger)
0.00%
0 / 1
12
 onResourceCreated
0.00% covered (danger)
0.00%
0 / 7
0.00% covered (danger)
0.00%
0 / 1
20
 getSupportedRights
0.00% covered (danger)
0.00%
0 / 5
0.00% covered (danger)
0.00%
0 / 1
2
 getRightLabels
0.00% covered (danger)
0.00%
0 / 5
0.00% covered (danger)
0.00%
0 / 1
2
 getSupportedRootClasses
0.00% covered (danger)
0.00%
0 / 5
0.00% covered (danger)
0.00%
0 / 1
2
 getResourceAccessData
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
 getRolePrivilegeRetriever
100.00% covered (success)
100.00%
1 / 1
100.00% covered (success)
100.00%
1 / 1
1
1<?php
2
3/**
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; under version 2
7 * of the License (non-upgradable).
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 *
18 * Copyright (c) 2020 (original work) Open Assessment Technologies SA (under the project TAO-PRODUCT);
19 *
20 */
21
22declare(strict_types=1);
23
24namespace oat\taoDacSimple\model;
25
26use common_exception_Error;
27use core_kernel_classes_Class;
28use core_kernel_classes_Resource;
29use oat\generis\model\data\permission\PermissionInterface;
30use oat\generis\model\data\permission\ReverseRightLookupInterface;
31use oat\generis\model\GenerisRdf;
32use oat\oatbox\service\ConfigurableService;
33use oat\oatbox\service\exception\InvalidServiceManagerException;
34use oat\oatbox\user\User;
35use oat\tao\model\TaoOntology;
36
37/**
38 * Simple permissible Permission model
39 *
40 * does not require privileges
41 * does not grant privileges
42 *
43 * @access public
44 * @author Joel Bout, <joel@taotesting.com>
45 */
46class PermissionProvider extends ConfigurableService implements PermissionInterface, ReverseRightLookupInterface
47{
48    public const PERMISSION_GRANT = 'GRANT';
49    public const PERMISSION_READ = 'READ';
50    public const PERMISSION_WRITE = 'WRITE';
51    public const ALLOWED_PERMISSIONS = [
52        PermissionProvider::PERMISSION_READ,
53        PermissionProvider::PERMISSION_GRANT,
54        PermissionProvider::PERMISSION_WRITE,
55    ];
56
57    /**
58     * (non-PHPdoc)
59     * @param User  $user
60     * @param array $resourceIds
61     *
62     * @return array
63     * @throws InvalidServiceManagerException
64     * @see \oat\generis\model\data\PermissionInterface::getPermissions()
65     */
66    public function getPermissions(User $user, array $resourceIds)
67    {
68        if (in_array(DacRoles::DAC_ADMINISTRATOR, $user->getRoles(), true)) {
69            $permissions = [];
70            foreach ($resourceIds as $id) {
71                $permissions[$id] = $this->getSupportedRights();
72            }
73
74            return $permissions;
75        }
76
77        $dbAccess = $this->getServiceManager()->get(DataBaseAccess::SERVICE_ID);
78        $userIds = $user->getRoles();
79        $userIds[] = $user->getIdentifier();
80
81        return $dbAccess->getPermissions($userIds, $resourceIds);
82    }
83
84    /**
85     * (non-PHPdoc)
86     * @param core_kernel_classes_Resource $resource
87     *
88     * @throws common_exception_Error
89     *
90     * @see \oat\generis\model\data\PermissionInterface::onResourceCreated()
91     */
92    public function onResourceCreated(core_kernel_classes_Resource $resource)
93    {
94        $dbAccess = $this->getServiceLocator()->get(DataBaseAccess::SERVICE_ID);
95        // verify resource is created
96        $permissions = $dbAccess->getResourcePermissions($resource->getUri());
97        if (empty($permissions)) {
98            // treat resources as classes without parent classes
99            $class = new core_kernel_classes_Class($resource);
100            foreach (array_merge($resource->getTypes(), $class->getParentClasses()) as $parent) {
101                foreach (AdminService::getUsersPermissions($parent->getUri()) as $userUri => $rights) {
102                    $dbAccess->addPermissions($userUri, $resource->getUri(), $rights);
103                }
104            }
105        }
106    }
107
108    /**
109     * (non-PHPdoc)
110     * @see \oat\generis\model\data\permission\PermissionInterface::getSupportedRights()
111     */
112    public function getSupportedRights()
113    {
114        return [
115            self::PERMISSION_GRANT,
116            self::PERMISSION_WRITE,
117            self::PERMISSION_READ
118        ];
119    }
120
121
122    /**
123     * Returns an associativ array with permission ids as keys
124     * and labels as values
125     *
126     * @return array
127     */
128    public static function getRightLabels()
129    {
130        return [
131            self::PERMISSION_GRANT => __('grant'),
132            self::PERMISSION_WRITE => __('write'),
133            self::PERMISSION_READ  => __('read')
134        ];
135    }
136
137    public static function getSupportedRootClasses()
138    {
139        return [
140            new core_kernel_classes_Class(TaoOntology::OBJECT_CLASS_URI),
141            new core_kernel_classes_Class(GenerisRdf::CLASS_GENERIS_USER),
142            new core_kernel_classes_Class(GenerisRdf::CLASS_ROLE)
143        ];
144    }
145
146    /**
147     * @deprecated Use RolePrivilegeRetriever::retrieveByResourceIds()
148     */
149    public function getResourceAccessData(string $resourceId): array
150    {
151        return $this->getRolePrivilegeRetriever()->retrieveByResourceIds([$resourceId]);
152    }
153
154    private function getRolePrivilegeRetriever(): RolePrivilegeRetriever
155    {
156        return $this->getServiceLocator()->get(RolePrivilegeRetriever::class);
157    }
158}