Bitrix-D7 23.9
 
Загрузка...
Поиск...
Не найдено
accessmanager.php
1<?php
2
9namespace Bitrix\Socialnetwork\Item\Workgroup;
10
11use Bitrix\Main\ArgumentException;
12use Bitrix\Socialnetwork\EO_UserToGroup;
13use Bitrix\Socialnetwork\EO_Workgroup;
14use Bitrix\Socialnetwork\EO_WorkgroupFavorites;
15use Bitrix\Socialnetwork\UserToGroupTable;
16
17class AccessManager
18{
19 protected EO_Workgroup $group;
20 protected ?EO_UserToGroup $targetUserRelation = null;
21 protected ?EO_UserToGroup $currentUserRelation = null;
22 protected ?EO_WorkgroupFavorites $currentUserFavorites = null;
23 protected bool $isCurrentUserModuleAdmin = false;
24 protected int $currentUserId = 0;
25
26 public function __construct(
27 EO_Workgroup $group,
28 ?EO_UserToGroup $targetUserRelation,
29 ?EO_UserToGroup $currentUserRelation,
30 ?array $additionalEntityList = [],
31 ?array $additionalParams = []
32 )
33 {
34 $this->group = $group;
35 $this->targetUserRelation = $targetUserRelation;
36 $this->currentUserRelation = $currentUserRelation;
37 $this->isCurrentUserModuleAdmin = self::isCurrentUserModuleAdmin((bool)($additionalParams['checkAdminSession'] ?? true));
38 $this->currentUserId = \Bitrix\Socialnetwork\Helper\User::getCurrentUserId();
39 if (is_array($additionalEntityList) && !empty($additionalEntityList))
40 {
41 if (
42 $additionalEntityList['currentUserFavorites']
43 && get_class($additionalEntityList['currentUserFavorites']) === EO_WorkgroupFavorites::class
44 )
45 {
46 $this->currentUserFavorites = $additionalEntityList['currentUserFavorites'];
47 }
48 }
49 }
50
51 private static function isCurrentUserModuleAdmin(bool $checkSession = false): bool
52 {
53 static $result = [
54 'Y' => null,
55 'N' => null
56 ];
57 $cacheKey = ($checkSession ? 'Y' : 'N');
58
59 if ($result[$cacheKey] === null)
60 {
61 $result[$cacheKey] = \CSocNetUser::isCurrentUserModuleAdmin(SITE_ID, $checkSession);
62 }
63
64 return $result[$cacheKey];
65 }
66
67 public function canView(): bool
68 {
69 $this->checkGroupEntityFields([
70 'ID',
71 'VISIBLE',
72 ]);
73
74 $this->checkRelationEntityFields($this->currentUserRelation, [
75 'GROUP_ID',
76 'ROLE',
77 ]);
78
79 return (
80 $this->isCurrentUserModuleAdmin
81 || $this->group->get('VISIBLE')
82 || (
83 $this->currentUserRelation
84 && in_array($this->currentUserRelation->get('ROLE'), UserToGroupTable::getRolesMember(), true)
85 )
86 );
87 }
88
89 public function canModify(): bool
90 {
91 $this->checkGroupEntityFields([
92 'ID',
93 'CLOSED',
94 'PROJECT',
95 'SCRUM_MASTER_ID',
96 ]);
97
98 $this->checkRelationEntityFields($this->currentUserRelation, [
99 'GROUP_ID',
100 'USER_ID',
101 'ROLE',
102 ]);
103
104 if (
105 !$this->isCurrentUserModuleAdmin
106 && !$this->checkRelationGroupId($this->currentUserRelation)
107 )
108 {
109 return false;
110 }
111
112 if (!$this->canCurrentUserModify())
113 {
114 return false;
115 }
116
117 return true;
118 }
119
120 public function canEdit(): bool
121 {
122 return $this->canModify();
123 }
124
125 public function canDelete(): bool
126 {
127 return $this->canModify();
128 }
129
130 public function canAddToArchive(): bool
131 {
132 if (!$this->canModify())
133 {
134 return false;
135 }
136
137 return !$this->group->get('CLOSED');
138 }
139
140 public function canRemoveFromArchive(): bool
141 {
142 if (!$this->canModify())
143 {
144 return false;
145 }
146
147 return $this->group->get('CLOSED');
148 }
149
150 public function canAddToFavorites(): bool
151 {
152 if (!$this->canView())
153 {
154 return false;
155 }
156
157 return ($this->currentUserFavorites === null);
158 }
159
160 public function canRemoveFromFavorites(): bool
161 {
162 if (!$this->canView())
163 {
164 return false;
165 }
166
167 return ($this->currentUserFavorites !== null);
168 }
169
170 public function canSetOwner(): bool
171 {
172 if (!$this->canModify())
173 {
174 return false;
175 }
176
177 $this->checkRelationEntityFields($this->targetUserRelation, [
178 'GROUP_ID',
179 'ROLE',
180 ]);
181
182 if (
183 $this->targetUserRelation
184 && (
185 !$this->checkRelationGroupId($this->targetUserRelation)
186 || !in_array($this->targetUserRelation->get('ROLE'), [
187 UserToGroupTable::ROLE_USER,
188 UserToGroupTable::ROLE_MODERATOR
189 ], true)
190 )
191 )
192 {
193 return false;
194 }
195
196 if (
197 !$this->isCurrentUserModuleAdmin
198 && !$this->checkClosedGroup()
199 )
200 {
201 return false;
202 }
203
204 return true;
205 }
206
207 public function canSetScrumMaster(): bool
208 {
209 if (!$this->canModify())
210 {
211 return false;
212 }
213
214 $this->checkRelationEntityFields($this->targetUserRelation, [
215 'GROUP_ID',
216 'ROLE',
217 ]);
218
219 if (!$this->checkScrum())
220 {
221 return false;
222 }
223
224 if ($this->checkScrumMaster($this->targetUserRelation))
225 {
226 return false;
227 }
228
229 if (
230 $this->targetUserRelation
231 && (
232 !$this->checkRelationGroupId($this->targetUserRelation)
233 || !in_array($this->targetUserRelation->get('ROLE'), UserToGroupTable::getRolesMember(), true)
234 )
235 )
236 {
237 return false;
238 }
239
240 if (
241 !$this->isCurrentUserModuleAdmin
242 && !$this->checkClosedGroup()
243 )
244 {
245 return false;
246 }
247
248 return true;
249 }
250
251 public function canSetModerator(): bool
252 {
253 if (!$this->canModify())
254 {
255 return false;
256 }
257
258 $this->checkRelationEntityFields($this->targetUserRelation, [
259 'GROUP_ID',
260 'ROLE',
261 ]);
262
263 if (
264 !$this->targetUserRelation
265 || !$this->checkRelationGroupId($this->targetUserRelation)
266 || $this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_USER
267 )
268 {
269 return false;
270 }
271
272 if (
273 !$this->isCurrentUserModuleAdmin
274 && !$this->checkClosedGroup()
275 )
276 {
277 return false;
278 }
279
280 return true;
281 }
282
283 public function canRemoveModerator(): bool
284 {
285 if (!$this->canModify())
286 {
287 return false;
288 }
289
290 $this->checkRelationEntityFields($this->targetUserRelation, [
291 'GROUP_ID',
292 'USER_ID',
293 'ROLE',
294 ]);
295
296 if (
297 !$this->targetUserRelation
298 || !$this->checkRelationGroupId($this->targetUserRelation)
299 || $this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_MODERATOR
300 || $this->targetUserRelation->get('USER_ID') === $this->currentUserId
301 )
302 {
303 return false;
304 }
305
306 if ($this->checkScrumMaster($this->targetUserRelation))
307 {
308 return false;
309 }
310
311 if (
312 !$this->isCurrentUserModuleAdmin
313 && !$this->checkClosedGroup()
314 )
315 {
316 return false;
317 }
318
319 return true;
320 }
321
322 public function canJoin(): bool
323 {
324 $this->checkGroupEntityFields([
325 'ID',
326 'CLOSED',
327 'VISIBLE',
328 ]);
329 $this->checkRelationEntityFields($this->currentUserRelation, [
330 'GROUP_ID',
331 'INITIATED_BY_TYPE',
332 'ROLE',
333 ]);
334
335 if (
336 !$this->isCurrentUserModuleAdmin
337 && !$this->group->get('VISIBLE')
338 )
339 {
340 return false;
341 }
342
343 if (
344 $this->currentUserRelation
345 && (
346 $this->currentUserRelation->get('ROLE') !== UserToGroupTable::ROLE_REQUEST
347 || $this->currentUserRelation->get('INITIATED_BY_TYPE') !== UserToGroupTable::INITIATED_BY_GROUP
348 )
349 )
350 {
351 return false;
352 }
353
354 if (
355 !$this->isCurrentUserModuleAdmin
356 && !$this->checkClosedGroup()
357 )
358 {
359 return false;
360 }
361
362 return true;
363 }
364
365 public function canLeave(): bool
366 {
367 $this->checkGroupEntityFields([
368 'ID',
369 'PROJECT',
370 'SCRUM_MASTER_ID',
371 ]);
372 $this->checkRelationEntityFields($this->currentUserRelation, [
373 'GROUP_ID',
374 'USER_ID',
375 'ROLE',
376 'AUTO_MEMBER',
377 ]);
378
379 if (
380 !$this->currentUserRelation
381 || !$this->checkRelationGroupId($this->currentUserRelation)
382 )
383 {
384 return false;
385 }
386
387 if (!in_array($this->currentUserRelation->get('ROLE'), [
388 UserToGroupTable::ROLE_USER ,
389 UserToGroupTable::ROLE_MODERATOR
390 ], true))
391 {
392 return false;
393 }
394
395 if ($this->currentUserRelation->get('AUTO_MEMBER'))
396 {
397 return false;
398 }
399
400 if ($this->checkScrumMaster($this->currentUserRelation))
401 {
402 return false;
403 }
404
405 return true;
406 }
407
408 public function canDeleteOutgoingRequest(): bool
409 {
410 $this->checkGroupEntityFields([
411 'ID',
412 'CLOSED',
413 'PROJECT',
414 'SCRUM_MASTER_ID',
415 'INITIATE_PERMS',
416 ]);
417 $this->checkRelationEntityFields($this->currentUserRelation, [
418 'GROUP_ID',
419 'USER_ID',
420 'ROLE',
421 ]);
422 $this->checkRelationEntityFields($this->targetUserRelation, [
423 'GROUP_ID',
424 'ROLE',
425 'INITIATED_BY_TYPE',
426 'INITIATED_BY_USER_ID',
427 ]);
428
429 if (
430 !$this->isCurrentUserModuleAdmin
431 && !$this->checkRelationGroupId($this->currentUserRelation)
432 )
433 {
434 return false;
435 }
436
437 if (
438 !$this->targetUserRelation
439 || !$this->checkRelationGroupId($this->targetUserRelation)
440 )
441 {
442 return false;
443 }
444
445 if (
446 $this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_REQUEST
447 || $this->targetUserRelation->get('INITIATED_BY_TYPE') !== UserToGroupTable::INITIATED_BY_GROUP
448 )
449 {
450 return false;
451 }
452
453 if (
454 !$this->canCurrentUserInitiate()
455 && (int)$this->targetUserRelation->get('INITIATED_BY_USER_ID') !== $this->currentUserId
456 )
457 {
458 return false;
459 }
460
461 return true;
462 }
463
464 public function canExclude(): bool
465 {
466 $this->checkGroupEntityFields([
467 'ID',
468 'CLOSED',
469 'PROJECT',
470 'SCRUM_MASTER_ID',
471 ]);
472 $this->checkRelationEntityFields($this->currentUserRelation, [
473 'GROUP_ID',
474 'USER_ID',
475 'ROLE',
476 ]);
477 $this->checkRelationEntityFields($this->targetUserRelation, [
478 'GROUP_ID',
479 'ROLE',
480 'AUTO_MEMBER',
481 ]);
482
483 if (
484 !$this->isCurrentUserModuleAdmin
485 && !$this->checkRelationGroupId($this->currentUserRelation)
486 )
487 {
488 return false;
489 }
490
491 if (!$this->canCurrentUserModify())
492 {
493 return false;
494 }
495
496 if (
497 !$this->targetUserRelation
498 || !$this->checkRelationGroupId($this->targetUserRelation)
499 || $this->targetUserRelation->get('AUTO_MEMBER')
500 || $this->targetUserRelation->get('USER_ID') === $this->currentUserId
501 || !in_array($this->targetUserRelation->get('ROLE'), [
502 UserToGroupTable::ROLE_MODERATOR,
503 UserToGroupTable::ROLE_USER,
504 ], true)
505 )
506 {
507 return false;
508 }
509
510 if ($this->checkScrumMaster($this->targetUserRelation))
511 {
512 return false;
513 }
514
515 if (
516 !$this->isCurrentUserModuleAdmin
517 && !$this->checkClosedGroup()
518 )
519 {
520 return false;
521 }
522
523 return true;
524 }
525
526 public function canProcessIncomingRequest(): bool
527 {
528 $this->checkGroupEntityFields([
529 'ID',
530 'CLOSED',
531 'PROJECT',
532 'SCRUM_MASTER_ID',
533 'INITIATE_PERMS',
534 ]);
535 $this->checkRelationEntityFields($this->currentUserRelation, [
536 'GROUP_ID',
537 'USER_ID',
538 'ROLE',
539 ]);
540 $this->checkRelationEntityFields($this->targetUserRelation, [
541 'GROUP_ID',
542 'ROLE',
543 'INITIATED_BY_TYPE',
544 ]);
545
546 if (
547 !$this->isCurrentUserModuleAdmin
548 && !$this->checkRelationGroupId($this->currentUserRelation)
549 )
550 {
551 return false;
552 }
553
554 if (
555 !$this->targetUserRelation
556 || !$this->checkRelationGroupId($this->targetUserRelation)
557 )
558 {
559 return false;
560 }
561
562 if ($this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_REQUEST)
563 {
564 return false;
565 }
566
567 if (
568 !$this->canCurrentProcessRequestsIn()
569 || $this->targetUserRelation->get('INITIATED_BY_TYPE') !== UserToGroupTable::INITIATED_BY_USER
570 )
571 {
572 return false;
573 }
574
575 return true;
576 }
577
578 public function canDeleteIncomingRequest(): bool
579 {
580 $this->checkRelationEntityFields($this->currentUserRelation, [
581 'GROUP_ID',
582 ]);
583 $this->checkRelationEntityFields($this->targetUserRelation, [
584 'GROUP_ID',
585 'ROLE',
586 'INITIATED_BY_TYPE',
587 'INITIATED_BY_USER_ID',
588 ]);
589
590 if (
591 !$this->isCurrentUserModuleAdmin
592 && !$this->checkRelationGroupId($this->currentUserRelation)
593 )
594 {
595 return false;
596 }
597
598 if (
599 !$this->targetUserRelation
600 || !$this->checkRelationGroupId($this->targetUserRelation)
601 )
602 {
603 return false;
604 }
605
606 if (
607 $this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_REQUEST
608 || $this->targetUserRelation->get('INITIATED_BY_TYPE') !== UserToGroupTable::INITIATED_BY_USER
609
610 )
611 {
612 return false;
613 }
614
615 if (
616 !$this->isCurrentUserModuleAdmin
617 && (int)$this->targetUserRelation->get('INITIATED_BY_USER_ID') !== $this->currentUserId
618 )
619 {
620 return false;
621 }
622
623 return true;
624 }
625
626 protected function checkGroupEntityFields(array $fieldsList = []): void
627 {
628 if (!$this->group)
629 {
630 return;
631 }
632
633 $this->checkEntityFields($this->group, $fieldsList);
634 }
635
636 protected function checkRelationEntityFields(?EO_UserToGroup $relation, array $fieldsList = []): void
637 {
638 if (!$relation)
639 {
640 return;
641 }
642
643 $this->checkEntityFields($relation, $fieldsList);
644 }
645
646 protected function checkFavoritesEntityFields(?EO_WorkgroupFavorites $favoritesEntity, array $fieldsList = []): void
647 {
648 if (!$favoritesEntity)
649 {
650 return;
651 }
652
653 $this->checkEntityFields($favoritesEntity, $fieldsList);
654 }
655
656 protected function checkEntityFields(\Bitrix\Main\ORM\Objectify\EntityObject $entityObject, array $fieldsList = []): void
657 {
658 foreach ($fieldsList as $field)
659 {
660 if (!$entityObject->has($field))
661 {
662 throw new ArgumentException('Entity has no '. $field . ' field.');
663 }
664 }
665 }
666
667 protected function checkRelationGroupId(
668 ?EO_UserToGroup $relation
669 ): bool
670 {
671 return (
672 $relation
673 && (int)$this->group->get('ID') === (int)$relation->get('GROUP_ID')
674 );
675 }
676
677 protected function checkFavoritesEntityGroupId(
678 ?EO_WorkgroupFavorites $favoritesEntity
679 ): bool
680 {
681 return (
682 $favoritesEntity
683 && (int)$this->group->get('ID') === (int)$favoritesEntity->get('GROUP_ID')
684 );
685 }
686
687 protected function checkOwnerOrScrumMaster(
688 ?EO_UserToGroup $relation
689 ): bool
690 {
691 return (
692 $relation
693 && (
694 $this->checkOwner($relation)
695 || $this->checkScrumMaster($relation)
696 )
697 );
698 }
699
700 protected function checkOwner(
701 EO_UserToGroup $relation
702 ): bool
703 {
704 return ($relation->get('ROLE') === UserToGroupTable::ROLE_OWNER);
705 }
706
707 protected function checkScrumMaster(
708 ?EO_UserToGroup $relation
709 ): bool
710 {
711 return (
712 $this->group->get('PROJECT')
713 && $relation
714 && (int)$this->group->get('SCRUM_MASTER_ID') === (int)$relation->get('USER_ID')
715 );
716 }
717
718 protected function checkScrum(): bool
719 {
720 return (
721 $this->group->get('PROJECT')
722 && (int)$this->group->get('SCRUM_MASTER_ID') > 0
723 );
724 }
725
726 protected function checkClosedGroup(): bool
727 {
728 return (
729 !$this->group->get('CLOSED')
730 || \Bitrix\Socialnetwork\Item\Workgroup::canWorkWithClosedWorkgroups()
731 );
732 }
733
734 protected function canCurrentUserModify(): bool
735 {
736 return (
737 $this->isCurrentUserModuleAdmin
738 || $this->checkOwnerOrScrumMaster($this->currentUserRelation)
739 );
740 }
741
742 protected function canCurrentUserInitiate(): bool
743 {
744 return (
745 $this->isCurrentUserModuleAdmin
746 || (
747 $this->group->get('INITIATE_PERMS') === UserToGroupTable::ROLE_OWNER
748 && $this->currentUserRelation->get('ROLE') === UserToGroupTable::ROLE_OWNER
749 )
750 || (
751 $this->group->get('INITIATE_PERMS') === UserToGroupTable::ROLE_MODERATOR
752 && in_array($this->currentUserRelation->get('ROLE'), [
753 UserToGroupTable::ROLE_OWNER,
754 UserToGroupTable::ROLE_MODERATOR
755 ], true)
756 )
757 || (
758 $this->group->get('INITIATE_PERMS') === UserToGroupTable::ROLE_USER
759 && in_array($this->currentUserRelation->get('ROLE'), UserToGroupTable::getRolesMember(), true)
760 )
761 || $this->checkScrumMaster($this->currentUserRelation)
762 );
763 }
764
765 protected function canCurrentProcessRequestsIn(): bool
766 {
767 return (
768 $this->canCurrentUserInitiate()
769 || (
770 $this->currentUserRelation
771 && in_array($this->currentUserRelation->get('ROLE'), [
772 UserToGroupTable::ROLE_OWNER,
773 UserToGroupTable::ROLE_MODERATOR
774 ], true)
775 )
776 );
777 }
778
779}
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkEntityFields
checkEntityFields(\Bitrix\Main\ORM\Objectify\EntityObject $entityObject, array $fieldsList=[])
Definition accessmanager.php:656
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkFavoritesEntityGroupId
checkFavoritesEntityGroupId(?EO_WorkgroupFavorites $favoritesEntity)
Definition accessmanager.php:677
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\__construct
__construct(EO_Workgroup $group, ?EO_UserToGroup $targetUserRelation, ?EO_UserToGroup $currentUserRelation, ?array $additionalEntityList=[], ?array $additionalParams=[])
Definition accessmanager.php:26
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkFavoritesEntityFields
checkFavoritesEntityFields(?EO_WorkgroupFavorites $favoritesEntity, array $fieldsList=[])
Definition accessmanager.php:646
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkRelationEntityFields
checkRelationEntityFields(?EO_UserToGroup $relation, array $fieldsList=[])
Definition accessmanager.php:636