Skip to content

Commit

Permalink
[Statistics] Fix permission
Browse files Browse the repository at this point in the history
  • Loading branch information
laemtl committed Jun 2, 2020
1 parent f349d11 commit 977bc1a
Showing 1 changed file with 88 additions and 3 deletions.
91 changes: 88 additions & 3 deletions modules/statistics/php/statistics_dd_site.class.inc
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,58 @@ namespace LORIS\statistics;
*/
class Statistics_DD_Site extends statistics_site
{

var $query_criteria = '';
var $query_vars = array();

/**
* Checking user's permission
*
* @param \User $user The user whose access is being checked
*
* @return bool
*/
function _hasAccess(\User $user) : bool
{
//TODO: Create a permission specific to statistics
$hasAccessToAllProfiles = $user->hasAllPermissions(
array(
'access_all_profiles',
'data_entry',
)
);
$hasCenterPermission = false;
// TODO: There are no means of set permissions per site
// for a given user right now: (e.g.) The user X can have
// the permission data_entry on site Y but not on site Z.
// Currently, hasCenterPermission() function is only checking
// if the user have a given center AND a given permission
// not if it have the permission for this specific center.
// This logic will be implemented in hasCenterPermission()
// in near versions when the permission framework allow it.
// If a CenterID is passed in the request, check if the user has the
// data_entry permission at the site/center specified by CenterID.
if (!empty($_REQUEST['CenterID'])) {
$hasCenterPermission = $user->hasCenterPermission(
'data_entry',
intval($_REQUEST['CenterID'])
);
} else {
// For the short term the user we'll be granted access
// if at least have permission AND one of the centers
// The filter _checkCriteria() (please see bellow)
// takes care of restricting access to sites the user belongs to.
// When logic reimplemented on hasCenterPermission(),
// _checkCriteria() will take care of retriving information
// only for those centers the user has the specific permission.
// (please see notes about hasCenterPermission() above)
foreach ($user->getCenterIDs() as $centerID) {
if ($user->hasCenterPermission('data_entry', intval($centerID))) {
$hasCenterPermission = true;
break;
}
}
}
return $hasAccessToAllProfiles || $hasCenterPermission;
}
/**
* CheckCriteria function
*
Expand All @@ -39,16 +87,53 @@ class Statistics_DD_Site extends statistics_site
*/
function _checkCriteria($centerID, $projectID)
{
// TODO: There are no means of set permissions per site
// for a given user right now: (e.g.) The user X can have
// the permission data_entry on site Y but not on site Z.
// Currently, hasCenterPermission() function is only checking
// if the user have a given center AND a given permission
// not if it have the permission for this specific center.
// This logic will be implemented in hasCenterPermission()
// in near versions when the permission framework allow it
// The filter _checkCriteria() takes care of restricting
// the user access only to the sites it belongs to.
// When logic reimplemented on hasCenterPermission(),
// _checkCriteria() will take care of retriving information
// only for those centers the user has the specific permission.
if (!empty($centerID)) {
$this->query_criteria .= " AND s.CenterID =:cid ";
$this->query_vars['cid'] = $centerID;
} else {
$list_of_permitted_sites = (array) null;
$currentUser = \User::singleton();
if ($currentUser->hasPermission('access_all_profiles')) {
$list_of_permitted_sites = array_keys(\Utility::getSiteList());
} else {
foreach ($currentUser->getCenterIDs() as $centerID) {
if ($currentUser->hasCenterPermission(
'data_entry',
intval($centerID)
)
) {
array_push($list_of_permitted_sites, $centerID);
}
}
}
$params = array();
$centerIDs = array();
foreach ($list_of_permitted_sites as $key => $siteID) {
$params[] = ":id$key";
$centerIDs["id$key"] = $siteID;
}
$this->query_criteria .=
" AND s.CenterID IN (" . implode(',', $params) . ")";
$this->query_vars += $centerIDs;
}
if (!empty($projectID)) {
$this->query_criteria .= " AND s.ProjectID =:pid ";
$this->query_vars['pid'] = $projectID;
}
}

/**
* Notexcluded function
*
Expand Down

0 comments on commit 977bc1a

Please sign in to comment.