diff --git a/classes/Members/class.ilUserTakeOverMembersGUI.php b/classes/Members/class.ilUserTakeOverMembersGUI.php index 8855a58..3caf3d3 100644 --- a/classes/Members/class.ilUserTakeOverMembersGUI.php +++ b/classes/Members/class.ilUserTakeOverMembersGUI.php @@ -175,7 +175,9 @@ protected function fillForm(&$form) protected function searchUsers() { // Only Administrators - if (!in_array(2, self::dic()->rbacreview()->assignedGlobalRoles(self::dic()->user()->getId()))) { + + if (!usrtoHelper::getInstance()->checkPluginAccess(self::dic()->user()->getId())) + { //self::plugin()->output([], false); echo json_encode([]); exit; @@ -200,7 +202,7 @@ protected function searchUsers() ]; } - //self::plugin()->output($result, false); + echo json_encode($result); exit; } diff --git a/classes/class.ilUserTakeOverUIHookGUI.php b/classes/class.ilUserTakeOverUIHookGUI.php index 95c94bd..01db953 100644 --- a/classes/class.ilUserTakeOverUIHookGUI.php +++ b/classes/class.ilUserTakeOverUIHookGUI.php @@ -59,6 +59,7 @@ protected static function setLoaded($key) */ public function getHTML($a_comp, $a_part, $a_par = []) { + $user_id=self::dic()->user()->getId(); if ($a_comp == 'Services/MainMenu' && $a_part == 'main_menu_search') { if (!self::isLoaded('user_take_over')) { $html = ''; @@ -70,12 +71,12 @@ public function getHTML($a_comp, $a_part, $a_par = []) // If we are admin /** Some Async requests wont instanciate rbacreview. Thus we just terminate. */ if ((self::dic()->rbacreview() instanceof ilRbacReview) - && in_array(2, self::dic()->rbacreview()->assignedGlobalRoles(self::dic()->user()->getId())) + && usrtoHelper::getInstance()->checkPluginAccess($user_id) ) { ///////////////// IN THE USER ADMINISTRATION ///////////////// $this->initTakeOverToolbar(self::dic()->toolbar()); } - $html .= $this->getTopBarHtml(); + $html .= $this->getTopBarHtml($user_id); self::setLoaded('user_take_over'); // Main Menu gets called multiple times so we statically save that we already did all that is needed. @@ -104,10 +105,12 @@ public function gotoHook() * @return array * @internal param $a_comp */ - protected function getTopBarHtml() + protected function getTopBarHtml($user_id) { $template = self::plugin()->getPluginObject()->getTemplate("tpl.MMUserTakeOver.html", false, false); - if (in_array(2, self::dic()->rbacreview()->assignedGlobalRoles(self::dic()->user()->getId()))) { + + if (usrtoHelper::getInstance()->checkPluginAccess($user_id)){ + $template->setVariable("SEARCHUSERLINK", self::dic()->ctrl()->getLinkTargetByClass([ ilUIPluginRouterGUI::class, //ilUserTakeOverConfigGUI::class, @@ -129,14 +132,14 @@ protected function getTopBarHtml() } /////////// For the Groups ////////////////// - $group_ids = usrtoMember::where(["user_id" => self::dic()->user()->getId()], "=")->getArray(null, "group_id"); + $group_ids = usrtoMember::where(["user_id" => $user_id], "=")->getArray(null, "group_id"); //if the current user is member of at least one group render the groups html if (!empty($group_ids)) { $groups_html = $this->getGroupsHtml($group_ids, self::dic()->user()); } //only group members or user with admin role can use search - if (in_array(2, self::dic()->rbacreview()->assignedGlobalRoles(self::dic()->user()->getId())) || !empty($group_ids)) { + if (usrtoHelper::getInstance()->checkPluginAccess($user_id) || !empty($group_ids)) { $template->setCurrentBlock("DROPDOWN_TOGGLE"); $template->setVariable("TOGGLE", ""); $template->parseCurrentBlock(); diff --git a/classes/class.usrtoHelper.php b/classes/class.usrtoHelper.php index 6a228cf..e22fd8a 100644 --- a/classes/class.usrtoHelper.php +++ b/classes/class.usrtoHelper.php @@ -19,6 +19,7 @@ class usrtoHelper const USR_ID_BACKUP = 'usrtoOriginalAccountId'; const USR_ID = 'usr_id'; const PLUGIN_CLASS_NAME = ilUserTakeOverPlugin::class; + const USRTO_ROLE_NAME = 'UserTakeOver-User'; /** * @var usrtoHelper */ @@ -157,12 +158,34 @@ protected function checkAccess($usr_id, $take_over_id, $group_id) return true; } - // If the user taking over is of id 13? or is not in the admin role he does not have permission. - if (!isset($usr_id) || $usr_id == 13 || !in_array(2, self::dic()->rbacreview()->assignedGlobalRoles($usr_id))) { + if(!$this->checkPluginAccess($usr_id)){ ilUtil::sendFailure(self::plugin()->translate('no_permission'), true); ilUtil::redirect('login.php'); + } + } + public function checkPluginAccess($usr_id):bool{ + // if user has the correct global role or he is an Administrator, he has permission to use the Plugin + $allowed_role=$this->getRoleAllowed(); + + $global_roles_of_user = self::dic()->rbacreview()->assignedGlobalRoles($usr_id); + $needles=array("2", $allowed_role); + // If the user taking over is of id 13? or is not in the admin role he does not have permission. + if (!isset($usr_id) || $usr_id == 13 || empty(array_intersect($needles, $global_roles_of_user))) { return false; } + + return true; + + } + + protected function getRoleAllowed():string + { + // roles named UserTakeOver-User are allowed to use the plugin + if(self::dic()->rbacreview()->roleExists(self::USRTO_ROLE_NAME)){ + $roles= self::dic()->rbacreview()->getRolesByFilter(2,0, self::USRTO_ROLE_NAME); + } + return $roles[0]["obj_id"]; } + } \ No newline at end of file diff --git a/sql/dbupdate.php b/sql/dbupdate.php index cc8799f..957cdaa 100644 --- a/sql/dbupdate.php +++ b/sql/dbupdate.php @@ -44,6 +44,6 @@ <#5> database()->tableExists(ilUserTakeOverConfig::TABLE_NAME)) { - \ilUserTakeOverConfig::updateDB(); + \ilUserTakeOverConfig::updateDB(); } ?>