api/app/V1Module/security/Policies/GroupPermissionPolicy.php at b924d45623245b207211d4e4e1e6ec99dbed4383 · ReCodEx/api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?php

namespace App\Security\Policies;

use App\Model\Entity\Group;
use App\Model\Entity\GroupMembership;
use App\Model\Entity\Instance;
use App\Security\Identity;
use DateTIme;

class GroupPermissionPolicy extends BasePermissionPolicy implements IPermissionPolicy
{
    public function getAssociatedClass()
    {
        return Group::class;
    }

    public function isMember(Identity $identity, Group $group): bool
    {
        $user = $identity->getUserData();
        if (!$user) {
            return false;
        }

        return $group->isMemberOf($user) || $this->checkMinimalMembership(
            $identity->getUserData(),
            $group,
            GroupMembership::TYPE_ADMIN
        );
    }

    public function isSupervisorOrAdmin(Identity $identity, Group $group): bool
    {
        return $this->checkMinimalMembership(
            $identity->getUserData(),
            $group,
            GroupMembership::TYPE_SUPERVISOR
        );
    }

    public function isObserver(Identity $identity, Group $group): bool
    {
        $user = $identity->getUserData();
        if (!$user) {
            return false;
        }

        return $group->isObserverOf($user);
    }

    public function isAdmin(Identity $identity, Group $group): bool
    {
        return $this->checkMinimalMembership(
            $identity->getUserData(),
            $group,
            GroupMembership::TYPE_ADMIN
        );
    }

    public function isPublic(Identity $identity, Group $group): bool
    {
        return $group->isPublic();
    }

    public function isNotDetainingStudents(Identity $identity, Group $group): bool
    {
        return !$group->isDetaining();
    }

    public function isNotArchived(Identity $identity, Group $group): bool
    {
        return !$group->isArchived();
    }

    public function isNotOrganizational(Identity $identity, Group $group): bool
    {
        return !$group->isOrganizational();
    }

    public function areStatsPublic(Identity $identity, Group $group): bool
    {
        return $group->statsArePublic();
    }

    public function isRootGroupOfInstance(Identity $identity, Group $group)
    {
        return $group->getInstance() && $group->getId() === $group->getInstance()->getId();
    }

    public function isInSameInstance(Identity $identity, Group $group): bool
    {
        $user = $identity->getUserData();
        if ($user === null) {
            return false;
        }

        if ($group->getInstance() === null) {
            return false;
        }

        return $user->getInstances()->exists(
            function ($key, Instance $instance) use ($group) {
                return $instance->getId() === $group->getInstance()->getId();
            }
        );
    }

    public function isNotExam(Identity $identity, Group $group): bool
    {
        return !$group->isExam();
    }

    public function hasNoExamPeriod(Identity $identity, Group $group): bool
    {
        return !$group->hasExamPeriodSet(); // the period is not set or is in the past
    }

    public function isBeforeExamPeriod(Identity $identity, Group $group): bool
    {
        $now = new DateTime();
        return $group->hasExamPeriodSet($now) && $now < $group->getExamBegin();
    }

    public function isExamInProgress(Identity $identity, Group $group): bool
    {
        $now = new DateTime();
        return $group->hasExamPeriodSet($now) && $group->getExamBegin() <= $now && $now <= $group->getExamEnd();
    }

    /**
     * Current user is either not locked at all, or locked to this group.
     */
    public function userIsNotLockedElsewhere(Identity $identity, Group $group): bool
    {
        $user = $identity->getUserData();
        if ($user === null) {
            return false;
        }

        return !$user->isGroupLocked() || $user->getGroupLock()->getId() === $group->getId();
    }

    /**
     * Current user is either not locked at all, or locked to this group, or the current lock is not strict.
     */
    public function userIsNotLockedElsewhereStrictly(Identity $identity, Group $group): bool
    {
        $user = $identity->getUserData();
        if ($user === null) {
            return false;
        }

        return !$user->isGroupLocked() || $user->getGroupLock()->getId() === $group->getId()
            || !$user->isGroupLockStrict();
    }
}