Give Permission for Plugin over Role

classes/Members/class.ilUserTakeOverMembersGUI.php

@@ -175,7 +175,9 @@ protected function fillForm(&$form)
     protected function searchUsers()
     {
         // Only Administrators
-        if (!in_array(2, self::dic()->rbacreview()->assignedGlobalRoles(self::dic()->user()->getId()))) {
+
+        if (!usrtoHelper::getInstance()->checkPluginAccess(self::dic()->user()->getId()))
+        {
             //self::plugin()->output([], false);
             echo json_encode([]);
             exit;
@@ -200,7 +202,7 @@ protected function searchUsers()
             ];
         }
 
-        //self::plugin()->output($result, false);
+
         echo json_encode($result);
         exit;
     }

classes/class.ilUserTakeOverUIHookGUI.php

@@ -59,6 +59,7 @@ protected static function setLoaded($key)
      */
     public function getHTML($a_comp, $a_part, $a_par = [])
     {
+        $user_id=self::dic()->user()->getId();
         if ($a_comp == 'Services/MainMenu' && $a_part == 'main_menu_search') {
             if (!self::isLoaded('user_take_over')) {
                 $html = '';
@@ -70,12 +71,12 @@ public function getHTML($a_comp, $a_part, $a_par = [])
                 // If we are admin
                 /** Some Async requests wont instanciate rbacreview. Thus we just terminate. */
                 if ((self::dic()->rbacreview() instanceof ilRbacReview)
-                    && in_array(2, self::dic()->rbacreview()->assignedGlobalRoles(self::dic()->user()->getId()))
+                    && usrtoHelper::getInstance()->checkPluginAccess($user_id)
                 ) {
                     ///////////////// IN THE USER ADMINISTRATION /////////////////
                     $this->initTakeOverToolbar(self::dic()->toolbar());
                 }
-                $html .= $this->getTopBarHtml();
+                $html .= $this->getTopBarHtml($user_id);
 
                 self::setLoaded('user_take_over'); // Main Menu gets called multiple times so we statically save that we already did all that is needed.
 
@@ -104,10 +105,12 @@ public function gotoHook()
      * @return array
      * @internal param $a_comp
      */
-    protected function getTopBarHtml()
+    protected function getTopBarHtml($user_id)
     {
         $template = self::plugin()->getPluginObject()->getTemplate("tpl.MMUserTakeOver.html", false, false);
-        if (in_array(2, self::dic()->rbacreview()->assignedGlobalRoles(self::dic()->user()->getId()))) {
+
+       if (usrtoHelper::getInstance()->checkPluginAccess($user_id)){
+
             $template->setVariable("SEARCHUSERLINK", self::dic()->ctrl()->getLinkTargetByClass([
                 ilUIPluginRouterGUI::class,
                 //ilUserTakeOverConfigGUI::class,
@@ -129,14 +132,14 @@ protected function getTopBarHtml()
         }
 
         /////////// For the Groups //////////////////
-        $group_ids = usrtoMember::where(["user_id" => self::dic()->user()->getId()], "=")->getArray(null, "group_id");
+        $group_ids = usrtoMember::where(["user_id" => $user_id], "=")->getArray(null, "group_id");
 
         //if the current user is member of at least one group render the groups html
         if (!empty($group_ids)) {
             $groups_html = $this->getGroupsHtml($group_ids, self::dic()->user());
         }
         //only group members or user with admin role can use search
-        if (in_array(2, self::dic()->rbacreview()->assignedGlobalRoles(self::dic()->user()->getId())) || !empty($group_ids)) {
+        if (usrtoHelper::getInstance()->checkPluginAccess($user_id) || !empty($group_ids)) {
             $template->setCurrentBlock("DROPDOWN_TOGGLE");
             $template->setVariable("TOGGLE", "<a id=\"srag-toggle\" class=\"dropdown-toggle\"><span class=\"glyphicon glyphicon-eye-open\"><span class=\"caret\"></span></span></a>");
             $template->parseCurrentBlock();

classes/class.usrtoHelper.php

@@ -19,6 +19,7 @@ class usrtoHelper
     const USR_ID_BACKUP = 'usrtoOriginalAccountId';
     const USR_ID = 'usr_id';
     const PLUGIN_CLASS_NAME = ilUserTakeOverPlugin::class;
+    const USRTO_ROLE_NAME = 'UserTakeOver-User';
     /**
      * @var usrtoHelper
      */
@@ -157,12 +158,34 @@ protected function checkAccess($usr_id, $take_over_id, $group_id)
             return true;
         }
 
-        // If the user taking over is of id 13? or is not in the admin role he does not have permission.
-        if (!isset($usr_id) || $usr_id == 13 || !in_array(2, self::dic()->rbacreview()->assignedGlobalRoles($usr_id))) {
+        if(!$this->checkPluginAccess($usr_id)){
             ilUtil::sendFailure(self::plugin()->translate('no_permission'), true);
             ilUtil::redirect('login.php');
+        }
+    }
 
+    public  function checkPluginAccess($usr_id):bool{
+        // if user has the correct global role or he is an Administrator, he has permission to use the Plugin
+        $allowed_role=$this->getRoleAllowed();
+
+        $global_roles_of_user = self::dic()->rbacreview()->assignedGlobalRoles($usr_id);
+        $needles=array("2", $allowed_role);
+        // If the user taking over is of id 13? or is not in the admin role he does not have permission.
+        if (!isset($usr_id) || $usr_id == 13 || empty(array_intersect($needles, $global_roles_of_user))) {
             return false;
         }
+
+        return true;
+
+    }
+
+    protected function getRoleAllowed():string
+    {
+        // roles named UserTakeOver-User are allowed to use the plugin
+        if(self::dic()->rbacreview()->roleExists(self::USRTO_ROLE_NAME)){
+            $roles= self::dic()->rbacreview()->getRolesByFilter(2,0, self::USRTO_ROLE_NAME);
+        }
+        return $roles[0]["obj_id"];
     }
+
 }

sql/dbupdate.php

@@ -44,6 +44,6 @@
 <#5>
 <?php
 if(!\srag\DIC\UserTakeOver\DICStatic::dic()->database()->tableExists(ilUserTakeOverConfig::TABLE_NAME)) {
-	\ilUserTakeOverConfig::updateDB();
+    \ilUserTakeOverConfig::updateDB();
 }
 ?>