1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
accessmanager.php
См. документацию.
1<?php
2
9namespace Bitrix\Socialnetwork\Item\Workgroup;
10
11use Bitrix\Main\ArgumentException;
12use Bitrix\Main\Loader;
13use Bitrix\Socialnetwork\Collab\Converter\ConverterFeature;
14use Bitrix\Socialnetwork\EO_UserToGroup;
15use Bitrix\Socialnetwork\EO_Workgroup;
16use Bitrix\Socialnetwork\EO_WorkgroupFavorites;
17use Bitrix\Socialnetwork\Permission\User\UserModel;
18use Bitrix\Socialnetwork\UserToGroupTable;
19
20class AccessManager
21{
22 protected EO_Workgroup $group;
23 protected ?EO_UserToGroup $targetUserRelation = null;
24 protected ?EO_UserToGroup $currentUserRelation = null;
25 protected ?EO_WorkgroupFavorites $currentUserFavorites = null;
26 protected bool $isCurrentUserModuleAdmin = false;
27 protected int $currentUserId = 0;
28 private UserModel $user;
29
30 public function __construct(
31 EO_Workgroup $group,
32 ?EO_UserToGroup $targetUserRelation,
33 ?EO_UserToGroup $currentUserRelation,
34 ?array $additionalEntityList = [],
35 ?array $additionalParams = []
36 )
37 {
38 $this->group = $group;
39 $this->targetUserRelation = $targetUserRelation;
40 $this->currentUserRelation = $currentUserRelation;
41
42 if (isset($additionalParams['userId']))
43 {
44 $this->currentUserId = (int)$additionalParams['userId'];
45 $this->isCurrentUserModuleAdmin = \CSocNetUser::IsUserModuleAdmin($this->currentUserId);
46
47 }
48 else
49 {
50 $this->isCurrentUserModuleAdmin = self::isCurrentUserModuleAdmin((bool)($additionalParams['checkAdminSession'] ?? true));
51 $this->currentUserId = \Bitrix\Socialnetwork\Helper\User::getCurrentUserId();
52 }
53
54 $this->user = UserModel::createFromId($this->currentUserId);
55
56 if (is_array($additionalEntityList) && !empty($additionalEntityList))
57 {
58 if (
59 $additionalEntityList['currentUserFavorites']
60 && get_class($additionalEntityList['currentUserFavorites']) === EO_WorkgroupFavorites::class
61 )
62 {
63 $this->currentUserFavorites = $additionalEntityList['currentUserFavorites'];
64 }
65 }
66 }
67
68 private static function isCurrentUserModuleAdmin(bool $checkSession = false): bool
69 {
70 static $result = [
71 'Y' => null,
72 'N' => null
73 ];
74 $cacheKey = ($checkSession ? 'Y' : 'N');
75
76 if ($result[$cacheKey] === null)
77 {
78 $result[$cacheKey] = \CSocNetUser::isCurrentUserModuleAdmin(SITE_ID, $checkSession);
79 }
80
81 return $result[$cacheKey];
82 }
83
84 public function canView(): bool
85 {
86 $this->checkGroupEntityFields([
87 'ID',
88 'VISIBLE',
89 ]);
90
91 $this->checkRelationEntityFields($this->currentUserRelation, [
92 'GROUP_ID',
93 'ROLE',
94 ]);
95
96 static $visibilityCache = [];
97
98 $groupId = $this->group->getId();
99
100 if (!isset($visibilityCache[$groupId]))
101 {
102 $isVisible = $this->group->get('VISIBLE');
103 if (!$this->isExtranetGroup($groupId))
104 {
105 $isVisible = ($isVisible && !$this->user->isExtranet());
106 }
107 $visibilityCache[$groupId] = $isVisible;
108 }
109 else
110 {
111 $isVisible = $visibilityCache[$groupId];
112 }
113
114 return (
115 $this->isCurrentUserModuleAdmin
116 || $isVisible
117 || (
118 $this->currentUserRelation
119 && in_array(
120 $this->currentUserRelation->get('ROLE'),
121 UserToGroupTable::getRolesMember(),
122 true,
123 )
124 )
125 );
126 }
127
128 public function canModify(): bool
129 {
130 $this->checkGroupEntityFields([
131 'ID',
132 'CLOSED',
133 'PROJECT',
134 'SCRUM_MASTER_ID',
135 ]);
136
137 $this->checkRelationEntityFields($this->currentUserRelation, [
138 'GROUP_ID',
139 'USER_ID',
140 'ROLE',
141 ]);
142
143 if (
144 !$this->isCurrentUserModuleAdmin
145 && !$this->checkRelationGroupId($this->currentUserRelation)
146 )
147 {
148 return false;
149 }
150
151 if (!$this->canCurrentUserModify())
152 {
153 return false;
154 }
155
156 return true;
157 }
158
159 public function canEdit(): bool
160 {
161 return $this->canModify();
162 }
163
164 public function canDelete(): bool
165 {
166 return $this->canModify();
167 }
168
169 public function canAddToArchive(): bool
170 {
171 if (!$this->canModify())
172 {
173 return false;
174 }
175
176 return !$this->group->get('CLOSED');
177 }
178
179 public function canRemoveFromArchive(): bool
180 {
181 if (!$this->canModify())
182 {
183 return false;
184 }
185
186 return $this->group->get('CLOSED');
187 }
188
189 public function canAddToFavorites(): bool
190 {
191 if (!$this->canView())
192 {
193 return false;
194 }
195
196 return ($this->currentUserFavorites === null);
197 }
198
199 public function canRemoveFromFavorites(): bool
200 {
201 if (!$this->canView())
202 {
203 return false;
204 }
205
206 return ($this->currentUserFavorites !== null);
207 }
208
209 public function canSetOwner(): bool
210 {
211 if (!$this->canModify())
212 {
213 return false;
214 }
215
216 $this->checkRelationEntityFields($this->targetUserRelation, [
217 'GROUP_ID',
218 'ROLE',
219 ]);
220
221 if (
222 $this->targetUserRelation
223 && (
224 !$this->checkRelationGroupId($this->targetUserRelation)
225 || !in_array($this->targetUserRelation->get('ROLE'), [
226 UserToGroupTable::ROLE_USER,
227 UserToGroupTable::ROLE_MODERATOR
228 ], true)
229 )
230 )
231 {
232 return false;
233 }
234
235 if (
236 !$this->isCurrentUserModuleAdmin
237 && !$this->checkClosedGroup()
238 )
239 {
240 return false;
241 }
242
243 return true;
244 }
245
246 public function canSetScrumMaster(): bool
247 {
248 if (!$this->canModify())
249 {
250 return false;
251 }
252
253 $this->checkRelationEntityFields($this->targetUserRelation, [
254 'GROUP_ID',
255 'ROLE',
256 ]);
257
258 if (!$this->checkScrum())
259 {
260 return false;
261 }
262
263 if ($this->checkScrumMaster($this->targetUserRelation))
264 {
265 return false;
266 }
267
268 if (
269 $this->targetUserRelation
270 && (
271 !$this->checkRelationGroupId($this->targetUserRelation)
272 || !in_array($this->targetUserRelation->get('ROLE'), UserToGroupTable::getRolesMember(), true)
273 )
274 )
275 {
276 return false;
277 }
278
279 if (
280 !$this->isCurrentUserModuleAdmin
281 && !$this->checkClosedGroup()
282 )
283 {
284 return false;
285 }
286
287 return true;
288 }
289
290 public function canSetModerator(): bool
291 {
292 if (!$this->canModify())
293 {
294 return false;
295 }
296
297 $this->checkRelationEntityFields($this->targetUserRelation, [
298 'GROUP_ID',
299 'ROLE',
300 ]);
301
302 if (
303 !$this->targetUserRelation
304 || !$this->checkRelationGroupId($this->targetUserRelation)
305 || $this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_USER
306 )
307 {
308 return false;
309 }
310
311 if (
312 !$this->isCurrentUserModuleAdmin
313 && !$this->checkClosedGroup()
314 )
315 {
316 return false;
317 }
318
319 return true;
320 }
321
322 public function canRemoveModerator(): bool
323 {
324 if (!$this->canModify())
325 {
326 return false;
327 }
328
329 $this->checkRelationEntityFields($this->targetUserRelation, [
330 'GROUP_ID',
331 'USER_ID',
332 'ROLE',
333 ]);
334
335 if (
336 !$this->targetUserRelation
337 || !$this->checkRelationGroupId($this->targetUserRelation)
338 || $this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_MODERATOR
339 || $this->targetUserRelation->get('USER_ID') === $this->currentUserId
340 )
341 {
342 return false;
343 }
344
345 if ($this->checkScrumMaster($this->targetUserRelation))
346 {
347 return false;
348 }
349
350 if (
351 !$this->isCurrentUserModuleAdmin
352 && !$this->checkClosedGroup()
353 )
354 {
355 return false;
356 }
357
358 return true;
359 }
360
361 public function canJoin(): bool
362 {
363 $this->checkGroupEntityFields([
364 'ID',
365 'CLOSED',
366 'VISIBLE',
367 ]);
368 $this->checkRelationEntityFields($this->currentUserRelation, [
369 'GROUP_ID',
370 'INITIATED_BY_TYPE',
371 'ROLE',
372 ]);
373
374 if (
375 !$this->isCurrentUserModuleAdmin
376 && !$this->group->get('VISIBLE')
377 )
378 {
379 return false;
380 }
381
382 if (
383 $this->currentUserRelation
384 && (
385 $this->currentUserRelation->get('ROLE') !== UserToGroupTable::ROLE_REQUEST
386 || $this->currentUserRelation->get('INITIATED_BY_TYPE') !== UserToGroupTable::INITIATED_BY_GROUP
387 )
388 )
389 {
390 return false;
391 }
392
393 if (
394 !$this->isCurrentUserModuleAdmin
395 && !$this->checkClosedGroup()
396 )
397 {
398 return false;
399 }
400
401 return true;
402 }
403
404 public function canLeave(): bool
405 {
406 $this->checkGroupEntityFields([
407 'ID',
408 'PROJECT',
409 'SCRUM_MASTER_ID',
410 ]);
411 $this->checkRelationEntityFields($this->currentUserRelation, [
412 'GROUP_ID',
413 'USER_ID',
414 'ROLE',
415 'AUTO_MEMBER',
416 ]);
417
418 if (
419 !$this->currentUserRelation
420 || !$this->checkRelationGroupId($this->currentUserRelation)
421 )
422 {
423 return false;
424 }
425
426 if (!in_array($this->currentUserRelation->get('ROLE'), [
427 UserToGroupTable::ROLE_USER ,
428 UserToGroupTable::ROLE_MODERATOR
429 ], true))
430 {
431 return false;
432 }
433
434 if ($this->currentUserRelation->get('AUTO_MEMBER'))
435 {
436 return false;
437 }
438
439 if ($this->checkScrumMaster($this->currentUserRelation))
440 {
441 return false;
442 }
443
444 return true;
445 }
446
447 public function canDeleteOutgoingRequest(): bool
448 {
449 $this->checkGroupEntityFields([
450 'ID',
451 'CLOSED',
452 'PROJECT',
453 'SCRUM_MASTER_ID',
454 'INITIATE_PERMS',
455 ]);
456 $this->checkRelationEntityFields($this->currentUserRelation, [
457 'GROUP_ID',
458 'USER_ID',
459 'ROLE',
460 ]);
461 $this->checkRelationEntityFields($this->targetUserRelation, [
462 'GROUP_ID',
463 'ROLE',
464 'INITIATED_BY_TYPE',
465 'INITIATED_BY_USER_ID',
466 ]);
467
468 if (
469 !$this->isCurrentUserModuleAdmin
470 && !$this->checkRelationGroupId($this->currentUserRelation)
471 )
472 {
473 return false;
474 }
475
476 if (
477 !$this->targetUserRelation
478 || !$this->checkRelationGroupId($this->targetUserRelation)
479 )
480 {
481 return false;
482 }
483
484 if (
485 $this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_REQUEST
486 || $this->targetUserRelation->get('INITIATED_BY_TYPE') !== UserToGroupTable::INITIATED_BY_GROUP
487 )
488 {
489 return false;
490 }
491
492 if (
493 !$this->canCurrentUserInitiate()
494 && (int)$this->targetUserRelation->get('INITIATED_BY_USER_ID') !== $this->currentUserId
495 )
496 {
497 return false;
498 }
499
500 return true;
501 }
502
503 public function canExclude(): bool
504 {
505 $this->checkGroupEntityFields([
506 'ID',
507 'CLOSED',
508 'PROJECT',
509 'SCRUM_MASTER_ID',
510 ]);
511 $this->checkRelationEntityFields($this->currentUserRelation, [
512 'GROUP_ID',
513 'USER_ID',
514 'ROLE',
515 ]);
516 $this->checkRelationEntityFields($this->targetUserRelation, [
517 'GROUP_ID',
518 'ROLE',
519 'AUTO_MEMBER',
520 ]);
521
522 if (
523 !$this->isCurrentUserModuleAdmin
524 && !$this->checkRelationGroupId($this->currentUserRelation)
525 )
526 {
527 return false;
528 }
529
530 if (!$this->canCurrentUserModify())
531 {
532 return false;
533 }
534
535 if (
536 !$this->targetUserRelation
537 || !$this->checkRelationGroupId($this->targetUserRelation)
538 || $this->targetUserRelation->get('AUTO_MEMBER')
539 || $this->targetUserRelation->get('USER_ID') === $this->currentUserId
540 || !in_array($this->targetUserRelation->get('ROLE'), [
541 UserToGroupTable::ROLE_MODERATOR,
542 UserToGroupTable::ROLE_USER,
543 ], true)
544 )
545 {
546 return false;
547 }
548
549 if ($this->checkScrumMaster($this->targetUserRelation))
550 {
551 return false;
552 }
553
554 if (
555 !$this->isCurrentUserModuleAdmin
556 && !$this->checkClosedGroup()
557 )
558 {
559 return false;
560 }
561
562 return true;
563 }
564
565 public function canProcessIncomingRequest(): bool
566 {
567 $this->checkGroupEntityFields([
568 'ID',
569 'CLOSED',
570 'PROJECT',
571 'SCRUM_MASTER_ID',
572 'INITIATE_PERMS',
573 ]);
574 $this->checkRelationEntityFields($this->currentUserRelation, [
575 'GROUP_ID',
576 'USER_ID',
577 'ROLE',
578 ]);
579 $this->checkRelationEntityFields($this->targetUserRelation, [
580 'GROUP_ID',
581 'ROLE',
582 'INITIATED_BY_TYPE',
583 ]);
584
585 if (
586 !$this->isCurrentUserModuleAdmin
587 && !$this->checkRelationGroupId($this->currentUserRelation)
588 )
589 {
590 return false;
591 }
592
593 if (
594 !$this->targetUserRelation
595 || !$this->checkRelationGroupId($this->targetUserRelation)
596 )
597 {
598 return false;
599 }
600
601 if ($this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_REQUEST)
602 {
603 return false;
604 }
605
606 if (
607 !$this->canCurrentProcessRequestsIn()
608 || $this->targetUserRelation->get('INITIATED_BY_TYPE') !== UserToGroupTable::INITIATED_BY_USER
609 )
610 {
611 return false;
612 }
613
614 return true;
615 }
616
617 public function canDeleteIncomingRequest(): bool
618 {
619 $this->checkRelationEntityFields($this->currentUserRelation, [
620 'GROUP_ID',
621 ]);
622 $this->checkRelationEntityFields($this->targetUserRelation, [
623 'GROUP_ID',
624 'ROLE',
625 'INITIATED_BY_TYPE',
626 'INITIATED_BY_USER_ID',
627 ]);
628
629 if (
630 !$this->isCurrentUserModuleAdmin
631 && !$this->checkRelationGroupId($this->currentUserRelation)
632 )
633 {
634 return false;
635 }
636
637 if (
638 !$this->targetUserRelation
639 || !$this->checkRelationGroupId($this->targetUserRelation)
640 )
641 {
642 return false;
643 }
644
645 if (
646 $this->targetUserRelation->get('ROLE') !== UserToGroupTable::ROLE_REQUEST
647 || $this->targetUserRelation->get('INITIATED_BY_TYPE') !== UserToGroupTable::INITIATED_BY_USER
648
649 )
650 {
651 return false;
652 }
653
654 if (
655 !$this->isCurrentUserModuleAdmin
656 && (int)$this->targetUserRelation->get('INITIATED_BY_USER_ID') !== $this->currentUserId
657 )
658 {
659 return false;
660 }
661
662 return true;
663 }
664
665 public function canConvertToCollab(): bool
666 {
667 return
668 ConverterFeature::isOn()
669 && $this->currentUserRelation
670 && $this->group->getType() === Type::Group->value
671 && $this->checkOwner($this->currentUserRelation)
672 ;
673 }
674
675 protected function checkGroupEntityFields(array $fieldsList = []): void
676 {
677 if (!$this->group)
678 {
679 return;
680 }
681
682 $this->checkEntityFields($this->group, $fieldsList);
683 }
684
685 protected function checkRelationEntityFields(?EO_UserToGroup $relation, array $fieldsList = []): void
686 {
687 if (!$relation)
688 {
689 return;
690 }
691
692 $this->checkEntityFields($relation, $fieldsList);
693 }
694
695 protected function checkFavoritesEntityFields(?EO_WorkgroupFavorites $favoritesEntity, array $fieldsList = []): void
696 {
697 if (!$favoritesEntity)
698 {
699 return;
700 }
701
702 $this->checkEntityFields($favoritesEntity, $fieldsList);
703 }
704
705 protected function checkEntityFields(\Bitrix\Main\ORM\Objectify\EntityObject $entityObject, array $fieldsList = []): void
706 {
707 foreach ($fieldsList as $field)
708 {
709 if (!$entityObject->has($field))
710 {
711 throw new ArgumentException('Entity has no '. $field . ' field.');
712 }
713 }
714 }
715
716 protected function checkRelationGroupId(
717 ?EO_UserToGroup $relation
718 ): bool
719 {
720 return (
721 $relation
722 && (int)$this->group->get('ID') === (int)$relation->get('GROUP_ID')
723 );
724 }
725
726 protected function checkFavoritesEntityGroupId(
727 ?EO_WorkgroupFavorites $favoritesEntity
728 ): bool
729 {
730 return (
731 $favoritesEntity
732 && (int)$this->group->get('ID') === (int)$favoritesEntity->get('GROUP_ID')
733 );
734 }
735
736 protected function checkOwnerOrScrumMaster(
737 ?EO_UserToGroup $relation
738 ): bool
739 {
740 return (
741 $relation
742 && (
743 $this->checkOwner($relation)
744 || $this->checkScrumMaster($relation)
745 )
746 );
747 }
748
749 protected function checkOwner(
750 EO_UserToGroup $relation
751 ): bool
752 {
753 return ($relation->get('ROLE') === UserToGroupTable::ROLE_OWNER);
754 }
755
756 protected function checkScrumMaster(
757 ?EO_UserToGroup $relation
758 ): bool
759 {
760 return (
761 $this->group->get('PROJECT')
762 && $relation
763 && (int)$this->group->get('SCRUM_MASTER_ID') === (int)$relation->get('USER_ID')
764 );
765 }
766
767 protected function checkScrum(): bool
768 {
769 return (
770 $this->group->get('PROJECT')
771 && (int)$this->group->get('SCRUM_MASTER_ID') > 0
772 );
773 }
774
775 protected function checkClosedGroup(): bool
776 {
777 return (
778 !$this->group->get('CLOSED')
779 || \Bitrix\Socialnetwork\Item\Workgroup::canWorkWithClosedWorkgroups()
780 );
781 }
782
783 protected function canCurrentUserModify(): bool
784 {
785 return (
786 $this->isCurrentUserModuleAdmin
787 || $this->checkOwnerOrScrumMaster($this->currentUserRelation)
788 );
789 }
790
791 protected function canCurrentUserInitiate(): bool
792 {
793 return (
794 $this->isCurrentUserModuleAdmin
795 || (
796 $this->group->get('INITIATE_PERMS') === UserToGroupTable::ROLE_OWNER
797 && $this->currentUserRelation->get('ROLE') === UserToGroupTable::ROLE_OWNER
798 )
799 || (
800 $this->group->get('INITIATE_PERMS') === UserToGroupTable::ROLE_MODERATOR
801 && in_array($this->currentUserRelation->get('ROLE'), [
802 UserToGroupTable::ROLE_OWNER,
803 UserToGroupTable::ROLE_MODERATOR
804 ], true)
805 )
806 || (
807 $this->group->get('INITIATE_PERMS') === UserToGroupTable::ROLE_USER
808 && in_array($this->currentUserRelation->get('ROLE'), UserToGroupTable::getRolesMember(), true)
809 )
810 || $this->checkScrumMaster($this->currentUserRelation)
811 );
812 }
813
814 protected function canCurrentProcessRequestsIn(): bool
815 {
816 return (
817 $this->canCurrentUserInitiate()
818 || (
819 $this->currentUserRelation
820 && in_array($this->currentUserRelation->get('ROLE'), [
821 UserToGroupTable::ROLE_OWNER,
822 UserToGroupTable::ROLE_MODERATOR
823 ], true)
824 )
825 );
826 }
827
828 private function isExtranetGroup(int $groupId): bool
829 {
830 if (!Loader::includeModule('extranet'))
831 {
832 return false;
833 }
834
835 return \CExtranet::IsExtranetSocNetGroup($groupId);
836 }
837}
Bitrix\Main\Loader
Определения loader.php:13
Bitrix\Socialnetwork\EO_WorkgroupFavorites
Определения orm.php:4229
Bitrix\Socialnetwork\EO_Workgroup
Определения orm.php:2751
Bitrix\Socialnetwork\Helper\User\getCurrentUserId
static getCurrentUserId()
Определения user.php:18
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkScrumMaster
checkScrumMaster(?EO_UserToGroup $relation)
Определения accessmanager.php:756
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkEntityFields
checkEntityFields(\Bitrix\Main\ORM\Objectify\EntityObject $entityObject, array $fieldsList=[])
Определения accessmanager.php:705
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkFavoritesEntityGroupId
checkFavoritesEntityGroupId(?EO_WorkgroupFavorites $favoritesEntity)
Определения accessmanager.php:726
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkOwner
checkOwner(EO_UserToGroup $relation)
Определения accessmanager.php:749
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkOwnerOrScrumMaster
checkOwnerOrScrumMaster(?EO_UserToGroup $relation)
Определения accessmanager.php:736
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\$currentUserFavorites
EO_WorkgroupFavorites $currentUserFavorites
Определения accessmanager.php:25
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\__construct
__construct(EO_Workgroup $group, ?EO_UserToGroup $targetUserRelation, ?EO_UserToGroup $currentUserRelation, ?array $additionalEntityList=[], ?array $additionalParams=[])
Определения accessmanager.php:30
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkRelationGroupId
checkRelationGroupId(?EO_UserToGroup $relation)
Определения accessmanager.php:716
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkFavoritesEntityFields
checkFavoritesEntityFields(?EO_WorkgroupFavorites $favoritesEntity, array $fieldsList=[])
Определения accessmanager.php:695
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkGroupEntityFields
checkGroupEntityFields(array $fieldsList=[])
Определения accessmanager.php:675
Bitrix\Socialnetwork\Item\Workgroup\AccessManager\checkRelationEntityFields
checkRelationEntityFields(?EO_UserToGroup $relation, array $fieldsList=[])
Определения accessmanager.php:685
array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804
$result
$result
Определения get_property_values.php:14
SITE_ID
const SITE_ID
Определения sonet_set_content_view.php:12