diff --git a/classes/UDFCheck/class.UDFCheckGUI.php b/classes/UDFCheck/class.UDFCheckGUI.php index 6cfa23b..b76201b 100644 --- a/classes/UDFCheck/class.UDFCheckGUI.php +++ b/classes/UDFCheck/class.UDFCheckGUI.php @@ -40,9 +40,9 @@ class UDFCheckGUI { */ public function __construct(UserSettingsGUI|UDFCheckGUI $parent_gui) { global $DIC; - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { - echo "no Permission"; + //check Access + if(!ilUserDefaultsPlugin::grantAccess()) { + echo "no UDFCheck Permission"; exit; }; @@ -165,4 +165,4 @@ protected function getObject(): ?UDFCheck { return UDFCheck::getCheckById((int) filter_input(INPUT_GET, UDFCheckGUI::IDENTIFIER_CATEGORY), (int) filter_input(INPUT_GET, UDFCheckGUI::IDENTIFIER)); } -} \ No newline at end of file +} diff --git a/classes/UserSearch/class.usrdefUserGUI.php b/classes/UserSearch/class.usrdefUserGUI.php index 349cdce..841e4d6 100644 --- a/classes/UserSearch/class.usrdefUserGUI.php +++ b/classes/UserSearch/class.usrdefUserGUI.php @@ -32,9 +32,9 @@ class usrdefUserGUI public function __construct() { global $DIC; - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { - echo "no Permission"; + //Check Access + if(!ilUserDefaultsPlugin::grantAccess()) { + echo "no Search Permission"; exit; }; @@ -142,4 +142,4 @@ protected function selectUser(): void $this->tpl->setOnScreenMessage('success', $this->pl->txt('userdef_users_assigned', "", [count($usr_ids)]), true); $this->ctrl->redirect($this, self::CMD_INDEX); } -} \ No newline at end of file +} diff --git a/classes/UserSetting/class.UserSettingsGUI.php b/classes/UserSetting/class.UserSettingsGUI.php index 8fb8a8a..2075845 100644 --- a/classes/UserSetting/class.UserSettingsGUI.php +++ b/classes/UserSetting/class.UserSettingsGUI.php @@ -55,9 +55,9 @@ class UserSettingsGUI public function __construct() { global $DIC; - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { - echo "no Permission"; + //is access granted + if(!ilUserDefaultsPlugin::grantAccess()) { + echo "no Settings Permission"; exit; }; @@ -445,4 +445,4 @@ protected function deleteMultiple(): void } $this->ctrl->redirect($this, self::CMD_INDEX); } -} \ No newline at end of file +} diff --git a/classes/class.ilUserDefaultsConfigGUI.php b/classes/class.ilUserDefaultsConfigGUI.php index 27e0139..f497bdd 100644 --- a/classes/class.ilUserDefaultsConfigGUI.php +++ b/classes/class.ilUserDefaultsConfigGUI.php @@ -23,9 +23,9 @@ class ilUserDefaultsConfigGUI extends ilPluginConfigGUI { */ public function __construct() { global $DIC; - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { - echo "no Permission"; + //Access granted? + if(!ilUserDefaultsPlugin::grantAccess()) { + echo "no Plugin Permission"; exit; }; diff --git a/classes/class.ilUserDefaultsPlugin.php b/classes/class.ilUserDefaultsPlugin.php index 422a3a4..93f6315 100644 --- a/classes/class.ilUserDefaultsPlugin.php +++ b/classes/class.ilUserDefaultsPlugin.php @@ -174,7 +174,13 @@ public function getImagePath(string $imageName): string { return $this->getDirectory()."/templates/images/".$imageName; } - + public static function grantAccess():bool { + global $DIC; + // check if user is allowed to configure UserDefauts + // since major parts of the plugin assign roles to users the capability to assign roles in useradministration is checked + // write would check if user can edit settings + return ($DIC->rbac()->system()->checkAccess("edit_roleassignment",USER_FOLDER_ID)); + } /** * @inheritDoc */ diff --git a/classes/class.ilUserDefaultsRestApiGUI.php b/classes/class.ilUserDefaultsRestApiGUI.php index df508e8..9c5beb0 100644 --- a/classes/class.ilUserDefaultsRestApiGUI.php +++ b/classes/class.ilUserDefaultsRestApiGUI.php @@ -36,8 +36,8 @@ public function __construct() { global $DIC; $this->ctrl = $DIC->ctrl(); - //is Admin? - if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) { + // fix DH: Has permission + if (!ilUserDefaultsPlugin::grantAccess()) { echo "no Permission"; exit; }; @@ -115,4 +115,4 @@ public function executeCommand(): void echo json_encode($this->userDefaultsApi->studyProgrammes->findAll()); exit; } -} \ No newline at end of file +}