From 0c75b01e4ca45659bf448d25a355511fd01c63ad Mon Sep 17 00:00:00 2001 From: Michael Jansen Date: Mon, 21 Feb 2022 13:21:58 +0100 Subject: [PATCH] MyStaff: Cache access checks for 'MyStaff' / Don't allow access on login page (#3768) Co-authored-by: Martin Studer --- .../Provider/StandardTopItemsProvider.php | 15 +- .../classes/Provider/StaffMainBarProvider.php | 21 +- .../class.ilMyStaffCachedAccessDecorator.php | 283 ++++++++++++++++++ Services/User/classes/class.ilUserUtil.php | 3 +- 4 files changed, 311 insertions(+), 11 deletions(-) create mode 100644 Services/MyStaff/classes/class.ilMyStaffCachedAccessDecorator.php diff --git a/Services/MainMenu/classes/Provider/StandardTopItemsProvider.php b/Services/MainMenu/classes/Provider/StandardTopItemsProvider.php index 33815dc8a786..c186dfeaf240 100644 --- a/Services/MainMenu/classes/Provider/StandardTopItemsProvider.php +++ b/Services/MainMenu/classes/Provider/StandardTopItemsProvider.php @@ -5,6 +5,7 @@ use ILIAS\GlobalScreen\Identification\IdentificationInterface; use ILIAS\GlobalScreen\Scope\MainMenu\Provider\AbstractStaticMainMenuProvider; use ILIAS\MyStaff\ilMyStaffAccess; +use ILIAS\MyStaff\ilMyStaffCachedAccessDecorator; use ILIAS\UI\Component\Symbol\Icon\Standard; use ILIAS\GlobalScreen\Scope\MainMenu\Collector\Renderer\TopParentItemDrilldownRenderer; use ILIAS\GlobalScreen\Scope\MainMenu\Collector\Information\TypeInformation; @@ -131,15 +132,21 @@ function () { $icon = $this->dic->ui()->factory()->symbol()->icon()->custom(\ilUtil::getImagePath("outlined/icon_orga.svg"), $title); $organisation = $this->mainmenu->topParentItem($this->getOrganisationIdentification()) - ->withVisibilityCallable($this->basic_access_helper->isUserLoggedIn(static function () : bool { - return (bool) ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff(); + ->withVisibilityCallable($this->basic_access_helper->isUserLoggedIn(function () : bool { + return (new ilMyStaffCachedAccessDecorator( + $this->dic, + ilMyStaffAccess::getInstance() + ))->hasCurrentUserAccessToMyStaff(); })) ->withSymbol($icon) ->withTitle($title) ->withPosition(60) ->withAvailableCallable( - static function () : bool { - return (bool) ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff(); + function () : bool { + return (new ilMyStaffCachedAccessDecorator( + $this->dic, + ilMyStaffAccess::getInstance() + ))->hasCurrentUserAccessToMyStaff(); } ); diff --git a/Services/MyStaff/classes/Provider/StaffMainBarProvider.php b/Services/MyStaff/classes/Provider/StaffMainBarProvider.php index a1cb8bd21256..11788594d4be 100644 --- a/Services/MyStaff/classes/Provider/StaffMainBarProvider.php +++ b/Services/MyStaff/classes/Provider/StaffMainBarProvider.php @@ -6,6 +6,7 @@ use ILIAS\GlobalScreen\Scope\MainMenu\Provider\AbstractStaticMainMenuProvider; use ILIAS\MainMenu\Provider\StandardTopItemsProvider; use ILIAS\MyStaff\ilMyStaffAccess; +use ILIAS\MyStaff\ilMyStaffCachedAccessDecorator; use ILIAS\MyStaff\ListUsers\ilMStListUsers; use ILIAS\UI\Component\Symbol\Icon\Standard; use ilMStListCertificatesGUI; @@ -63,8 +64,10 @@ static function () use ($dic) { } ) ->withVisibilityCallable( - static function () { - return (bool) ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff(); + function () : bool { + return ( + new ilMyStaffCachedAccessDecorator($this->dic, ilMyStaffAccess::getInstance()) + )->hasCurrentUserAccessToMyStaff(); } )->withNonAvailableReason($dic->ui()->factory()->legacy("{$dic->language()->txt('component_not_active')}")); @@ -88,8 +91,10 @@ function () use ($dic) { } ) ->withVisibilityCallable( - function () { - return (bool) ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff(); + function () : bool { + return ( + new ilMyStaffCachedAccessDecorator($this->dic, ilMyStaffAccess::getInstance()) + )->hasCurrentUserAccessToMyStaff(); } )->withNonAvailableReason($dic->ui()->factory()->legacy("{$dic->language()->txt('component_not_active')}")); @@ -112,7 +117,9 @@ function () : bool { ) ->withVisibilityCallable( function () : bool { - return boolval(ilMyStaffAccess::getInstance()->hasCurrentUserAccessToCertificates()); + return ( + new ilMyStaffCachedAccessDecorator($this->dic, ilMyStaffAccess::getInstance()) + )->hasCurrentUserAccessToCertificates(); } )->withNonAvailableReason($this->dic->ui()->factory()->legacy("{$this->dic->language()->txt("component_not_active")}")); @@ -136,7 +143,9 @@ function () : bool { ) ->withVisibilityCallable( function () : bool { - return boolval(ilMyStaffAccess::getInstance()->hasCurrentUserAccessToCompetences()); + return ( + new ilMyStaffCachedAccessDecorator($this->dic, ilMyStaffAccess::getInstance()) + )->hasCurrentUserAccessToCompetences(); } )->withNonAvailableReason($this->dic->ui()->factory()->legacy("{$this->dic->language()->txt("component_not_active")}")); diff --git a/Services/MyStaff/classes/class.ilMyStaffCachedAccessDecorator.php b/Services/MyStaff/classes/class.ilMyStaffCachedAccessDecorator.php new file mode 100644 index 000000000000..d8905693173a --- /dev/null +++ b/Services/MyStaff/classes/class.ilMyStaffCachedAccessDecorator.php @@ -0,0 +1,283 @@ +dic = $dic; + $this->origin = $origin; + } + + public function hasCurrentUserAccessToMyStaff() : bool + { + static $cache = null; + + if (null === $cache) { + $cache = ( + (!$this->dic->user()->isAnonymous() && $this->dic->user()->getId() > 0) && + $this->origin->hasCurrentUserAccessToMyStaff() + ); + } + + return $cache; + } + + public function hasCurrentUserAccessToCertificates() : bool + { + static $cache = null; + + if (null === $cache) { + $cache = $this->origin->hasCurrentUserAccessToCertificates(); + } + + return $cache; + } + + public function hasCurrentUserAccessToCompetences() : bool + { + static $cache = null; + + if (null === $cache) { + $cache = $this->origin->hasCurrentUserAccessToCompetences(); + } + + return $cache; + } + + public function hasCurrentUserAccessToUser($usr_id = 0) : bool + { + static $cache = []; + + if (!isset($cache[$usr_id])) { + $cache[$usr_id] = $this->origin->hasCurrentUserAccessToUser($usr_id); + } + + return $cache[$usr_id]; + } + + public function hasCurrentUserAccessToLearningProgressInObject($ref_id = 0) : bool + { + static $cache = []; + + if (!isset($cache[$ref_id])) { + $cache[$ref_id] = $this->origin->hasCurrentUserAccessToLearningProgressInObject($ref_id); + } + + return $cache[$ref_id]; + } + + public function hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser() : bool + { + static $cache = null; + + if (null === $cache) { + $cache = $this->origin->hasCurrentUserAccessToCourseLearningProgressForAtLeastOneUser(); + } + + return $cache; + } + + public function hasPositionDefaultPermissionForOperationInContext( + int $position_id, + int $operation_id, + int $context_id + ) : bool { + static $cache = []; + + $cache_key = implode('#', [$position_id, $operation_id, $context_id]); + + if (!isset($cache[$cache_key])) { + $cache[$cache_key] = $this->origin->hasPositionDefaultPermissionForOperationInContext( + $position_id, + $operation_id, + $context_id + ); + } + + return $cache[$cache_key]; + } + + public function countOrgusOfUserWithAtLeastOneOperation($user_id) : int + { + return $this->origin->countOrgusOfUserWithAtLeastOneOperation($user_id); + } + + public function countOrgusOfUserWithOperationAndContext( + $user_id, + $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, + $context = self::DEFAULT_CONTEXT + ) : int { + return $this->origin->countOrgusOfUserWithOperationAndContext( + $user_id, + $org_unit_operation_string, + $context + ); + } + + public function getUsersForUserOperationAndContext( + $user_id, + $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, + $context = self::DEFAULT_CONTEXT, + $tmp_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX + ) : array { + return $this->origin->getUsersForUserOperationAndContext( + $user_id, + $org_unit_operation_string, + $context, + $tmp_table_name_prefix + ); + } + + public function getUsersForUserPerPosition($user_id) : array + { + return $this->origin->getUsersForUserPerPosition($user_id); + } + + public function getUsersForUser($user_id, ?int $position_id = null) : array + { + return $this->origin->getUsersForUser($user_id, $position_id); + } + + public function getIdsForUserAndOperation(int $user_id, string $operation, bool $return_ref_id = false) : array + { + return $this->origin->getIdsForUserAndOperation( + $user_id, + $operation, + $return_ref_id + ); + } + + public function getIdsForPositionAndOperation(int $position_id, string $operation, bool $return_ref_id) : array + { + return $this->origin->getIdsForPositionAndOperation( + $position_id, + $operation, + $return_ref_id + ); + } + + public function getIdsForPositionAndOperationAndContext( + int $position_id, + string $operation, + string $context, + bool $return_ref_id + ) : array { + return $this->origin->getIdsForPositionAndOperationAndContext( + $position_id, + $operation, + $context, + $return_ref_id + ); + } + + public function getIlobjectsAndUsersForUserOperationAndContext( + $user_id, + $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, + $context = self::DEFAULT_CONTEXT + ) : array { + return $this->origin->getIlobjectsAndUsersForUserOperationAndContext( + $user_id, + $org_unit_operation_string, + $context + ); + } + + public function buildTempTableIlobjectsUserMatrixForUserOperationAndContext( + $user_id, + $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, + $context = self::DEFAULT_CONTEXT, + $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_USER_MATRIX + ) : string { + return $this->origin->buildTempTableIlobjectsUserMatrixForUserOperationAndContext( + $user_id, + $org_unit_operation_string, + $context, + $temporary_table_name_prefix + ); + } + + public function buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext( + $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, + $context = self::DEFAULT_CONTEXT, + $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_SPEC_PERMISSIONS + ) : string { + return $this->origin->buildTempTableIlobjectsSpecificPermissionSetForOperationAndContext( + $org_unit_operation_string, + $context, + $temporary_table_name_prefix + ); + } + + public function buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext( + $org_unit_operation_string = ilOrgUnitOperation::OP_ACCESS_ENROLMENTS, + $context = self::DEFAULT_CONTEXT, + $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_OBJ_DEFAULT_PERMISSIONS + ) : string { + return $this->origin->buildTempTableIlobjectsDefaultPermissionSetForOperationAndContext( + $org_unit_operation_string, + $context, + $temporary_table_name_prefix + ); + } + + public function buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext( + $org_unit_operation_string = self::DEFAULT_ORG_UNIT_OPERATION, + $context = self::DEFAULT_CONTEXT, + $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_IL_ORGU_DEFAULT_PERMISSIONS + ) : string { + return $this->origin->buildTempTableIlorgunitDefaultPermissionSetForOperationAndContext( + $org_unit_operation_string, + $context, + $temporary_table_name_prefix + ); + } + + public function buildTempTableCourseMemberships( + $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_CRS_MEMBERS, + array $only_courses_of_user_ids = [] + ) : string { + return $this->origin->buildTempTableCourseMemberships( + $temporary_table_name_prefix, + $only_courses_of_user_ids + ); + } + + public function buildTempTableOrguMemberships( + $temporary_table_name_prefix = self::TMP_DEFAULT_TABLE_NAME_PREFIX_ORGU_MEMBERS, + array $only_orgus_of_user_ids = [] + ) : string { + return $this->origin->buildTempTableOrguMemberships( + $temporary_table_name_prefix, + $only_orgus_of_user_ids + ); + } + + public function dropTempTable($temporary_table_name) : bool + { + return $this->origin->dropTempTable($temporary_table_name); + } +} diff --git a/Services/User/classes/class.ilUserUtil.php b/Services/User/classes/class.ilUserUtil.php index 6c233c31dea9..938a00b22093 100755 --- a/Services/User/classes/class.ilUserUtil.php +++ b/Services/User/classes/class.ilUserUtil.php @@ -14,6 +14,7 @@ */ use ILIAS\MyStaff\ilMyStaffAccess; +use ILIAS\MyStaff\ilMyStaffCachedAccessDecorator; /** * Class ilUserUtil @@ -238,7 +239,7 @@ public static function getPossibleStartingPoints(bool $a_force_all = false) : ar $all[self::START_PD_SUBSCRIPTION] = 'my_courses_groups'; } - if (ilMyStaffAccess::getInstance()->hasCurrentUserAccessToMyStaff()) { + if ((new ilMyStaffCachedAccessDecorator($DIC, ilMyStaffAccess::getInstance()))->hasCurrentUserAccessToMyStaff()) { $all[self::START_PD_MYSTAFF] = 'my_staff'; }