api/app/V1Module/security/Policies/ExercisePermissionPolicy.php at b924d45623245b207211d4e4e1e6ec99dbed4383 · ReCodEx/api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<?php

namespace App\Security\Policies;

use App\Model\Entity\Exercise;
use App\Model\Entity\Group;
use App\Model\Entity\GroupMembership;
use App\Helpers\SubmissionConfigHelper;
use App\Security\Identity;

class ExercisePermissionPolicy extends BasePermissionPolicy implements IPermissionPolicy
{
    /** @var SubmissionConfigHelper */
    private $submissionHelper;

    public function __construct(SubmissionConfigHelper $submissionHelper)
    {
        $this->submissionHelper = $submissionHelper;
    }

    public function acceptsSubmissions(Identity $identity, Exercise $exercise)
    {
        return !$this->submissionHelper->isLocked();
    }

    public function getAssociatedClass()
    {
        return Exercise::class;
    }

    public function notArchived(Identity $identity, Exercise $exercise)
    {
        $user = $identity->getUserData();
        if ($user === null) {
            return false;
        }

        return !$exercise->isArchived();
    }

    /**
     * This is possibly deprecated as admins should have the same right as the author.
     * However, let's keep it for now and we shall see whether this holds (or not) in the future.
     */
    public function isAuthor(Identity $identity, Exercise $exercise)
    {
        $user = $identity->getUserData();
        if ($user === null) {
            return false;
        }

        return $user === $exercise->getAuthor();
    }

    public function isAuthorOrAdmin(Identity $identity, Exercise $exercise)
    {
        $user = $identity->getUserData();
        if ($user === null) {
            return false;
        }

        return $user === $exercise->getAuthor() || $exercise->getAdmins()->contains($user);
    }


    public function isSubGroupSupervisor(Identity $identity, Exercise $exercise)
    {
        $user = $identity->getUserData();

        if (
            $user === null || $exercise->getGroups()->isEmpty() ||
            $exercise->isPublic() === false
        ) {
            return false;
        }

        /** @var Group $group */
        foreach ($exercise->getGroups() as $group) {
            if ($group->isAdminOrSupervisorOfSubgroup($user)) {
                return true;
            }
        }

        return false;
    }

    /**
     * @var Array[]
     * A cache holding the result of isNonStudentMemberOfSubgroup invocation for given groups.
     * The cache is structures as [user-id][group-id] => boolean
     * Under normal circumstances, the cache should hold only one (logged in) user,
     * but it was written as generic cache just in case.
     */
    private $subgroupMembersCache = [];

    public function isSubGroupNonStudentMember(Identity $identity, Exercise $exercise)
    {
        $user = $identity->getUserData();

        if (
            $user === null || $exercise->getGroups()->isEmpty() ||
            $exercise->isPublic() === false
        ) {
            return false;
        }

        if (empty($this->subgroupMembersCache[$user->getId()])) {
            $this->subgroupMembersCache[$user->getId()] = [];
        }
        $subgroupCache = &$this->subgroupMembersCache[$user->getId()];

        /** @var Group $group */
        foreach ($exercise->getGroups() as $group) {
            if (!array_key_exists($group->getId(), $subgroupCache)) {
                $subgroupCache[$group->getId()] = $group->isNonStudentMemberOfSubgroup($user);
            }
            if ($subgroupCache[$group->getId()]) {
                return true;
            }
        }

        return false;
    }

    public function isSuperGroupAdmin(Identity $identity, Exercise $exercise)
    {
        $user = $identity->getUserData();

        if (
            $user === null || $exercise->getGroups()->isEmpty() ||
            $exercise->isPublic() === false
        ) {
            return false;
        }

        /** @var Group $group */
        foreach ($exercise->getGroups() as $group) {
            if ($this->checkMinimalMembership($user, $group, GroupMembership::TYPE_ADMIN)) {
                return true;
            }
        }
        return false;
    }

    public function isGloballyPublic(Identity $identity, Exercise $exercise)
    {
        return $exercise->isPublic() && $exercise->getGroups()->isEmpty();
    }

    public function hasAtLeastTwoAttachedGroups(Identity $identity, Exercise $exercise)
    {
        return $exercise->getGroups()->count() > 1;
    }
}