1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
AccessService.php
См. документацию.
1<?php
2
3namespace Bitrix\Lists\Api\Service;
4
5use Bitrix\Lists\Api\Response\CheckPermissionsResponse;
6use Bitrix\Lists\Security\ElementRight;
7use Bitrix\Lists\Security\IblockRight;
8use Bitrix\Lists\Security\Right;
9use Bitrix\Lists\Security\RightParam;
10use Bitrix\Lists\Service\Param;
11use Bitrix\Main\ArgumentException;
12use Bitrix\Main\Error;
13use Bitrix\Main\Localization\Loc;
14
15class AccessService
16{
17 protected string $iBlockTypeId;
18 protected int $iBlockId = 0;
19 protected int $socNetGroupId = 0;
20 protected int $userId;
21 protected bool $isCurrentUser = false;
22
26 public function __construct(int $userId, Param $param)
27 {
28 $param->checkRequiredInputParams(['IBLOCK_TYPE_ID', 'IBLOCK_ID', 'SOCNET_GROUP_ID']);
29 if ($param->hasErrors())
30 {
31 $firstError = $param->getErrors()[0];
32
33 throw new ArgumentException($firstError->getMessage());
34 }
35
36 $paramValues = $param->getParams();
37 $this->iBlockTypeId = (string)$paramValues['IBLOCK_TYPE_ID'];
38 if ((int)$paramValues['IBLOCK_ID'] > 0)
39 {
40 $this->iBlockId = (int)$paramValues['IBLOCK_ID'];
41 }
42 if ((int)$paramValues['SOCNET_GROUP_ID'] > 0)
43 {
44 $this->socNetGroupId = (int)$paramValues['SOCNET_GROUP_ID'];
45 }
46
47 $this->userId = $userId;
48 GLOBAL $USER;
49 if ($userId > 0 && $userId === (int)$USER->GetID())
50 {
51 $this->isCurrentUser = true;
52 }
53 }
54
58 public function getUserId(): int
59 {
60 return $this->userId;
61 }
62
66 public function checkPermissions(): CheckPermissionsResponse
67 {
68 $response = new CheckPermissionsResponse();
69 if ($this->userId === 0 || !$this->isCurrentUser)
70 {
71 return $response->addError(static::getNotSupportedUserIdError());
72 }
73
74 GLOBAL $USER;
75 $param = new Param([
76 'IBLOCK_TYPE_ID' => $this->iBlockTypeId,
77 'IBLOCK_ID' => $this->iBlockId > 0 ? $this->iBlockId : false,
78 'SOCNET_GROUP_ID' => $this->socNetGroupId,
79 ]);
80 $rightParam = new RightParam($param);
81 $rightParam->setUser($USER);
82
83 $right = new Right($rightParam, new IblockRight($rightParam));
84
85 $response
86 ->setRightParam($rightParam)
87 ->setPermission($right->getPermission())
88 ;
89
90 if (!$right->checkPermission())
91 {
92 $response->addErrors($right->getErrors());
93 }
94
95 return $response;
96 }
97
105 public function checkElementPermission(
106 int $elementId = 0,
107 int $sectionId = 0,
108 string $entityMethod = null,
109 int $iBlockId = null,
110 ): CheckPermissionsResponse
111 {
112 $response = new CheckPermissionsResponse();
113 if ($this->userId === 0 || !$this->isCurrentUser)
114 {
115 return $response->addError(static::getNotSupportedUserIdError());
116 }
117
118 $iBlockId = ((int)$iBlockId > 0) ? (int)$iBlockId : $this->iBlockId;
119
120 GLOBAL $USER;
121 $param = new Param([
122 'IBLOCK_TYPE_ID' => $this->iBlockTypeId,
123 'IBLOCK_ID' => $iBlockId > 0 ? $iBlockId : false,
124 'SOCNET_GROUP_ID' => $this->socNetGroupId,
125 ]);
126 $rightParam = new RightParam($param);
127 $rightParam->setUser($USER);
128 $rightParam->setEntityId($elementId);
129 $rightParam->setSectionId(max($sectionId, 0));
130
131 $elementRight = new ElementRight($rightParam);
132 $right = new Right($rightParam, $elementRight);
133
134 $response
135 ->setRightParam($rightParam)
136 ->setElementRight($elementRight)
137 ->setPermission($right->getPermission())
138 ;
139
140 if (!$right->checkPermission($entityMethod ?? ''))
141 {
142 $response->addErrors($right->getErrors());
143 }
144
145 return $response;
146 }
147
153 public function checkIBlockPermission(int $iBlockId = null, string $entityMethod = null): CheckPermissionsResponse
154 {
155 $response = new CheckPermissionsResponse();
156 if ($this->userId === 0 || !$this->isCurrentUser)
157 {
158 return $response->addError(static::getNotSupportedUserIdError());
159 }
160
161 $iBlockId = $iBlockId ?? $this->iBlockId;
162
163 GLOBAL $USER;
164 $param = new Param([
165 'IBLOCK_TYPE_ID' => $this->iBlockTypeId,
166 'IBLOCK_ID' => $iBlockId > 0 ? $iBlockId : false,
167 'SOCNET_GROUP_ID' => $this->socNetGroupId,
168 ]);
169 $rightParam = new RightParam($param);
170 $rightParam->setUser($USER);
171
172 $iBlockRight = new IblockRight($rightParam);
173 $right = new Right($rightParam, $iBlockRight);
174
175 $response
176 ->setRightParam($rightParam)
177 ->setIBlockRight($iBlockRight)
178 ->setPermission($right->getPermission())
179 ;
180
181 if (!$right->checkPermission($entityMethod ?? ''))
182 {
183 $response->addErrors($right->getErrors());
184 }
185
186 return $response;
187 }
188
193 public function checkIBlockTypePermission(string $iBlockTypeId = null): CheckPermissionsResponse
194 {
195 $response = new CheckPermissionsResponse();
196 if ($this->userId === 0 || !$this->isCurrentUser)
197 {
198 return $response->addError(static::getNotSupportedUserIdError());
199 }
200
201 $iBlockTypeId = $iBlockTypeId ?? $this->iBlockTypeId;
202
203 GLOBAL $USER;
204 $param = new Param([
205 'IBLOCK_TYPE_ID' => $iBlockTypeId,
206 'IBLOCK_ID' => false,
207 'SOCNET_GROUP_ID' => $this->socNetGroupId,
208 ]);
209 $rightParam = new RightParam($param);
210 $rightParam->setUser($USER);
211
212 $right = new Right($rightParam, new IblockRight($rightParam)); // any RightEntity
213
214 $response
215 ->setRightParam($rightParam)
216 ->setPermission($right->getPermission())
217 ;
218
219 if (!$right->checkPermission())
220 {
221 $response->addErrors($right->getErrors());
222 }
223
224 return $response;
225 }
226
231 public function isAccessDeniedPermission(string | int $permission): bool
232 {
233 return $permission <= \CListPermissions::ACCESS_DENIED;
234 }
235
240 public function isAdminPermission(string | int $permission): bool
241 {
242 return $permission >= \CListPermissions::IS_ADMIN;
243 }
244
249 public function isCanReadPermission(string | int $permission): bool
250 {
251 return $permission >= \CListPermissions::CAN_READ;
252 }
253
257 public static function getAccessDeniedError(): Error
258 {
259 return new Error(Loc::getMessage('LISTS_LIB_API_ACCESS_SERVICE_ERROR_ACCESS_DENIED'));
260 }
261
265 protected static function getNotSupportedUserIdError(): Error
266 {
267 return new Error(Loc::getMessage('LISTS_LIB_API_ACCESS_SERVICE_ERROR_NOT_SUPPORTED_USER_ID'));
268 }
269}
Bitrix\Lists\Api\Service\AccessService\isAdminPermission
isAdminPermission(string|int $permission)
Определения AccessService.php:240
Bitrix\Lists\Api\Service\AccessService\getNotSupportedUserIdError
static getNotSupportedUserIdError()
Определения AccessService.php:265
Bitrix\Lists\Api\Service\AccessService\__construct
__construct(int $userId, Param $param)
Определения AccessService.php:26
Bitrix\Lists\Api\Service\AccessService\isCanReadPermission
isCanReadPermission(string|int $permission)
Определения AccessService.php:249
Bitrix\Lists\Api\Service\AccessService\checkIBlockPermission
checkIBlockPermission(int $iBlockId=null, string $entityMethod=null)
Определения AccessService.php:153
Bitrix\Lists\Api\Service\AccessService\isAccessDeniedPermission
isAccessDeniedPermission(string|int $permission)
Определения AccessService.php:231
Bitrix\Lists\Api\Service\AccessService\checkIBlockTypePermission
checkIBlockTypePermission(string $iBlockTypeId=null)
Определения AccessService.php:193
Bitrix\Lists\Api\Service\AccessService\checkElementPermission
checkElementPermission(int $elementId=0, int $sectionId=0, string $entityMethod=null, int $iBlockId=null,)
Определения AccessService.php:105
Bitrix\Lists\Service\Param\checkRequiredInputParams
checkRequiredInputParams(array $requiredInputParams)
Определения param.php:39
Bitrix\Lists\Service\Param\getParams
getParams()
Определения param.php:70
Bitrix\Main\Error
Определения error.php:15
CListPermissions\ACCESS_DENIED
const ACCESS_DENIED
Определения listperm.php:10
CListPermissions\CAN_READ
const CAN_READ
Определения listperm.php:11
CListPermissions\IS_ADMIN
const IS_ADMIN
Определения listperm.php:14
$right
$right
Определения options.php:8
$USER
global $USER
Определения csv_new_run.php:40
$response
$response
Определения result.php:21