MyStaff: Cache access checks for 'MyStaff' / Don't allow access on lo…

…gin page (#3768) Co-authored-by: Martin Studer <[email protected]>
ILIAS-eLearning · Feb 21, 2022 · 0c75b01 · 0c75b01
1 parent 9874c58
commit 0c75b01
Show file tree

Hide file tree

Showing 4 changed files with 311 additions and 11 deletions.
diff --git a/Services/MainMenu/classes/Provider/StandardTopItemsProvider.php b/Services/MainMenu/classes/Provider/StandardTopItemsProvider.php
@@ -5,6 +5,7 @@
 use ILIAS\GlobalScreen\Identification\IdentificationInterface;
 use ILIAS\GlobalScreen\Scope\MainMenu\Provider\AbstractStaticMainMenuProvider;
 use ILIAS\MyStaff\ilMyStaffAccess;
+use ILIAS\MyStaff\ilMyStaffCachedAccessDecorator;
 use ILIAS\UI\Component\Symbol\Icon\Standard;
 use ILIAS\GlobalScreen\Scope\MainMenu\Collector\Renderer\TopParentItemDrilldownRenderer;
 use ILIAS\GlobalScreen\Scope\MainMenu\Collector\Information\TypeInformation;
@@ -131,15 +132,21 @@ function () {
         $icon = $this->dic->ui()->factory()->symbol()->icon()->custom(\ilUtil::getImagePath("outlined/icon_orga.svg"), $title);
 
         $organisation = $this->mainmenu->topParentItem($this->getOrganisationIdentification())
-            ->withVisibilityCallable($this->basic_access_helper->isUserLoggedIn(static function () : bool {
-                return (bool) ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff();
+            ->withVisibilityCallable($this->basic_access_helper->isUserLoggedIn(function () : bool {
+                return (new ilMyStaffCachedAccessDecorator(
+                    $this->dic,
+                    ilMyStaffAccess::getInstance()
+                ))->hasCurrentUserAccessToMyStaff();
             }))
             ->withSymbol($icon)
             ->withTitle($title)
             ->withPosition(60)
             ->withAvailableCallable(
-                static function () : bool {
-                    return (bool) ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff();
+                function () : bool {
+                    return (new ilMyStaffCachedAccessDecorator(
+                        $this->dic,
+                        ilMyStaffAccess::getInstance()
+                    ))->hasCurrentUserAccessToMyStaff();
                 }
             );
 

diff --git a/Services/MyStaff/classes/Provider/StaffMainBarProvider.php b/Services/MyStaff/classes/Provider/StaffMainBarProvider.php
@@ -6,6 +6,7 @@
 use ILIAS\GlobalScreen\Scope\MainMenu\Provider\AbstractStaticMainMenuProvider;
 use ILIAS\MainMenu\Provider\StandardTopItemsProvider;
 use ILIAS\MyStaff\ilMyStaffAccess;
+use ILIAS\MyStaff\ilMyStaffCachedAccessDecorator;
 use ILIAS\MyStaff\ListUsers\ilMStListUsers;
 use ILIAS\UI\Component\Symbol\Icon\Standard;
 use ilMStListCertificatesGUI;
@@ -63,8 +64,10 @@ static function () use ($dic) {
                 }
             )
             ->withVisibilityCallable(
-                static function () {
-                    return (bool) ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff();
+                function () : bool {
+                    return (
+                        new ilMyStaffCachedAccessDecorator($this->dic, ilMyStaffAccess::getInstance())
+                    )->hasCurrentUserAccessToMyStaff();
                 }
             )->withNonAvailableReason($dic->ui()->factory()->legacy("{$dic->language()->txt('component_not_active')}"));
 
@@ -88,8 +91,10 @@ function () use ($dic) {
                 }
             )
             ->withVisibilityCallable(
-                function () {
-                    return (bool) ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff();
+                function () : bool {
+                    return (
+                        new ilMyStaffCachedAccessDecorator($this->dic, ilMyStaffAccess::getInstance())
+                    )->hasCurrentUserAccessToMyStaff();
                 }
             )->withNonAvailableReason($dic->ui()->factory()->legacy("{$dic->language()->txt('component_not_active')}"));
 
@@ -112,7 +117,9 @@ function () : bool {
             )
             ->withVisibilityCallable(
                 function () : bool {
-                    return boolval(ilMyStaffAccess::getInstance()->hasCurrentUserAccessToCertificates());
+                    return (
+                        new ilMyStaffCachedAccessDecorator($this->dic, ilMyStaffAccess::getInstance())
+                    )->hasCurrentUserAccessToCertificates();
                 }
             )->withNonAvailableReason($this->dic->ui()->factory()->legacy("{$this->dic->language()->txt("component_not_active")}"));
 
@@ -136,7 +143,9 @@ function () : bool {
             )
             ->withVisibilityCallable(
                 function () : bool {
-                    return boolval(ilMyStaffAccess::getInstance()->hasCurrentUserAccessToCompetences());
+                    return (
+                        new ilMyStaffCachedAccessDecorator($this->dic, ilMyStaffAccess::getInstance())
+                    )->hasCurrentUserAccessToCompetences();
                 }
             )->withNonAvailableReason($this->dic->ui()->factory()->legacy("{$this->dic->language()->txt("component_not_active")}"));
 

diff --git a/Services/MyStaff/classes/class.ilMyStaffCachedAccessDecorator.php b/Services/MyStaff/classes/class.ilMyStaffCachedAccessDecorator.php
@@ -0,0 +1,283 @@
+<?php declare(strict_types=1);
+
+namespace ILIAS\MyStaff;
+
+use ILIAS\DI\Container;
+use ilOrgUnitOperation;
+
+/**
+ * This file is part of ILIAS, a powerful learning management system
+ * published by ILIAS open source e-Learning e.V.
+ *
+ * ILIAS is licensed with the GPL-3.0,
+ * see https://www.gnu.org/licenses/gpl-3.0.en.html
+ * You should have received a copy of said license along with the
+ * source code, too.
+ *
+ * If this is not the case or you just want to try ILIAS, you'll find
+ * us at:
+ * https://www.ilias.de
+ * https://github.com/ILIAS-eLearning
+ *
+ ********************************************************************
+ */
+class ilMyStaffCachedAccessDecorator extends ilMyStaffAccess
+{
+    private Container $dic;
+    private ilMyStaffAccess $origin;
+
+    public function __construct(Container $dic, ilMyStaffAccess $origin)
+    {
+        $this->dic = $dic;
+        $this->origin = $origin;
+    }
+
+    public function hasCurrentUserAccessToMyStaff() : bool
+    {
+        static $cache = null;
+
+        if (null === $cache) {
+            $cache = (
+                (!$this->dic->user()->isAnonymous() && $this->dic->user()->getId() > 0) &&
+                $this->origin->hasCurrentUserAccessToMyStaff()
+            );
+        }
+
+        return $cache;
+    }
+
+    public function hasCurrentUserAccessToCertificates() : bool
+    {
+        static $cache = null;
+
+        if (null === $cache) {
+            $cache = $this->origin->hasCurrentUserAccessToCertificates();
+        }
+
+        return $cache;
+    }
+
+    public function hasCurrentUserAccessToCompetences() : bool
+    {
+        static $cache = null;
+
+        if (null === $cache) {
+            $cache = $this->origin->hasCurrentUserAccessToCompetences();
+        }
+
+        return $cache;
+    }
+
+    public function hasCurrentUserAccessToUser($usr_id = 0) : bool
+    {
+        static $cache = [];
+
+        if (!isset($cache[$usr_id])) {
+            $cache[$usr_id] = $this->origin->hasCurrentUserAccessToUser($usr_id);
+        }
+
+        return $cache[$usr_id];
+    }
+
+    public function hasCurrentUserAccessToLearningProgressInObject($ref_id = 0) : bool
+    {
+        static $cache = [];
+
+        if (!isset($cache[$ref_id])) {
+            $cache[$ref_id] = $this->origin->hasCurrentUserAccessToLearningProgressInObject($ref_id);
+        }
+
+        return $cache[$ref_id];
+    }
+
+    public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser() : bool
+    {
+        static $cache = null;
+
+        if (null === $cache) {
+            $cache = $this->origin->hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser();
+        }
+
+        return $cache;
+    }
+
+    public function hasPositionDefaultPermissionForOperationInContext(
+        int $position_id,
+        int $operation_id,
+        int $context_id
+    ) : bool {
+        static $cache = [];
+
+        $cache_key = implode('#', [$position_id, $operation_id, $context_id]);
+
+        if (!isset($cache[$cache_key])) {
+            $cache[$cache_key] = $this->origin->hasPositionDefaultPermissionForOperationInContext(
+                $position_id,
+                $operation_id,
+                $context_id
+            );
+        }
+
+        return $cache[$cache_key];
+    }
+
+    public function countOrgusOfUserWithAtLeastOneOperation($user_id) : int
+    {
+        return $this->origin->countOrgusOfUserWithAtLeastOneOperation($user_id);
+    }
+
+    public function countOrgusOfUserWithOperationAndContext(
+        $user_id,
+        $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
+        $context = self::DEFAULT_CONTEXT
+    ) : int {
+        return $this->origin->countOrgusOfUserWithOperationAndContext(
+            $user_id,
+            $org_unit_operation_string,
+            $context
+        );
+    }
+
+    public function getUsersForUserOperationAndContext(
+        $user_id,
+        $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
+        $context = self::DEFAULT_CONTEXT,
+        $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
+    ) : array {
+        return $this->origin->getUsersForUserOperationAndContext(
+            $user_id,
+            $org_unit_operation_string,
+            $context,
+            $tmp_table_name_prefix
+        );
+    }
+
+    public function getUsersForUserPerPosition($user_id) : array
+    {
+        return $this->origin->getUsersForUserPerPosition($user_id);
+    }
+
+    public function getUsersForUser($user_id, ?int $position_id = null) : array
+    {
+        return $this->origin->getUsersForUser($user_id, $position_id);
+    }
+
+    public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false) : array
+    {
+        return $this->origin->getIdsForUserAndOperation(
+            $user_id,
+            $operation,
+            $return_ref_id
+        );
+    }
+
+    public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id) : array
+    {
+        return $this->origin->getIdsForPositionAndOperation(
+            $position_id,
+            $operation,
+            $return_ref_id
+        );
+    }
+
+    public function getIdsForPositionAndOperationAndContext(
+        int $position_id,
+        string $operation,
+        string $context,
+        bool $return_ref_id
+    ) : array {
+        return $this->origin->getIdsForPositionAndOperationAndContext(
+            $position_id,
+            $operation,
+            $context,
+            $return_ref_id
+        );
+    }
+
+    public function getIlobjectsAndUsersForUserOperationAndContext(
+        $user_id,
+        $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
+        $context = self::DEFAULT_CONTEXT
+    ) : array {
+        return $this->origin->getIlobjectsAndUsersForUserOperationAndContext(
+            $user_id,
+            $org_unit_operation_string,
+            $context
+        );
+    }
+
+    public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
+        $user_id,
+        $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
+        $context = self::DEFAULT_CONTEXT,
+        $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX
+    ) : string {
+        return $this->origin->buildTempTableIlobjectsUserMatrixForUserOperationAndContext(
+            $user_id,
+            $org_unit_operation_string,
+            $context,
+            $temporary_table_name_prefix
+        );
+    }
+
+    public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
+        $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
+        $context = self::DEFAULT_CONTEXT,
+        $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS
+    ) : string {
+        return $this->origin->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext(
+            $org_unit_operation_string,
+            $context,
+            $temporary_table_name_prefix
+        );
+    }
+
+    public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
+        $org_unit_operation_string = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS,
+        $context = self::DEFAULT_CONTEXT,
+        $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS
+    ) : string {
+        return $this->origin->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext(
+            $org_unit_operation_string,
+            $context,
+            $temporary_table_name_prefix
+        );
+    }
+
+    public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
+        $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION,
+        $context = self::DEFAULT_CONTEXT,
+        $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS
+    ) : string {
+        return $this->origin->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext(
+            $org_unit_operation_string,
+            $context,
+            $temporary_table_name_prefix
+        );
+    }
+
+    public function buildTempTableCourseMemberships(
+        $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS,
+        array $only_courses_of_user_ids = []
+    ) : string {
+        return $this->origin->buildTempTableCourseMemberships(
+            $temporary_table_name_prefix,
+            $only_courses_of_user_ids
+        );
+    }
+
+    public function buildTempTableOrguMemberships(
+        $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS,
+        array $only_orgus_of_user_ids = []
+    ) : string {
+        return $this->origin->buildTempTableOrguMemberships(
+            $temporary_table_name_prefix,
+            $only_orgus_of_user_ids
+        );
+    }
+
+    public function dropTempTable($temporary_table_name) : bool
+    {
+        return $this->origin->dropTempTable($temporary_table_name);
+    }
+}
diff --git a/Services/User/classes/class.ilUserUtil.php b/Services/User/classes/class.ilUserUtil.php
@@ -14,6 +14,7 @@
  */
 
 use ILIAS\MyStaff\ilMyStaffAccess;
+use ILIAS\MyStaff\ilMyStaffCachedAccessDecorator;
 
 /**
  * Class ilUserUtil
@@ -238,7 +239,7 @@ public static function getPossibleStartingPoints(bool $a_force_all = false) : ar
             $all[self::START_PD_SUBSCRIPTION] = 'my_courses_groups';
         }
 
-        if (ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff()) {
+        if ((new ilMyStaffCachedAccessDecorator($DIC, ilMyStaffAccess::getInstance()))->hasCurrentUserAccessToMyStaff()) {
             $all[self::START_PD_MYSTAFF] = 'my_staff';
         }