Update access checks

classes/UDFCheck/class.UDFCheckGUI.php

@@ -40,9 +40,9 @@ class UDFCheckGUI {
      */
 	public function __construct(UserSettingsGUI|UDFCheckGUI $parent_gui) {
         global $DIC;
-        //is Admin?
-        if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) {
-            echo "no Permission";
+        //check Access
+        if(!ilUserDefaultsPlugin::grantAccess()) {
+            echo "no UDFCheck Permission";
             exit;
         };
 
@@ -165,4 +165,4 @@ protected function getObject(): ?UDFCheck
     {
 		return UDFCheck::getCheckById((int) filter_input(INPUT_GET, UDFCheckGUI::IDENTIFIER_CATEGORY), (int) filter_input(INPUT_GET, UDFCheckGUI::IDENTIFIER));
 	}
-}
+}

classes/UserSearch/class.usrdefUserGUI.php

@@ -32,9 +32,9 @@ class usrdefUserGUI
     public function __construct()
     {
         global $DIC;
-        //is Admin?
-        if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) {
-            echo "no Permission";
+        //Check Access
+        if(!ilUserDefaultsPlugin::grantAccess()) {
+            echo "no Search Permission";
             exit;
         };
 
@@ -142,4 +142,4 @@ protected function selectUser(): void
         $this->tpl->setOnScreenMessage('success', $this->pl->txt('userdef_users_assigned', "", [count($usr_ids)]), true);
         $this->ctrl->redirect($this, self::CMD_INDEX);
     }
-}
+}

classes/UserSetting/class.UserSettingsGUI.php

@@ -55,9 +55,9 @@ class UserSettingsGUI
     public function __construct()
     {
         global $DIC;
-        //is Admin?
-        if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) {
-            echo "no Permission";
+        //is access granted
+        if(!ilUserDefaultsPlugin::grantAccess()) {
+            echo "no Settings Permission";
             exit;
         };
 
@@ -445,4 +445,4 @@ protected function deleteMultiple(): void
         }
         $this->ctrl->redirect($this, self::CMD_INDEX);
     }
-}
+}

classes/class.ilUserDefaultsConfigGUI.php

@@ -23,9 +23,9 @@ class ilUserDefaultsConfigGUI extends ilPluginConfigGUI {
 	 */
 	public function __construct() {
         global $DIC;
-        //is Admin?
-        if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) {
-            echo "no Permission";
+        //Access granted?
+        if(!ilUserDefaultsPlugin::grantAccess()) {
+            echo "no Plugin Permission";
             exit;
         };
 

classes/class.ilUserDefaultsPlugin.php

@@ -174,7 +174,13 @@ public function getImagePath(string $imageName): string {
         return $this->getDirectory()."/templates/images/".$imageName;
     }
 
-
+    	public static function grantAccess():bool {
+	    global $DIC;
+	 	// check if user is allowed to configure UserDefauts
+		// since major parts of the plugin assign roles to users the capability to assign roles in useradministration is checked
+		// write would check if user can edit settings
+	    return ($DIC->rbac()->system()->checkAccess("edit_roleassignment",USER_FOLDER_ID));
+    	}
     /**
      * @inheritDoc
      */

classes/class.ilUserDefaultsRestApiGUI.php

@@ -36,8 +36,8 @@ public function __construct()
     {
         global $DIC;
         $this->ctrl = $DIC->ctrl();
-        //is Admin?
-        if(in_array(2, $DIC->rbac()->review()->assignedGlobalRoles($DIC->user()->getId())) === false) {
+        // fix DH: Has permission
+        if (!ilUserDefaultsPlugin::grantAccess()) {
             echo "no Permission";
             exit;
         };
@@ -115,4 +115,4 @@ public function executeCommand(): void
         echo json_encode($this->userDefaultsApi->studyProgrammes->findAll());
         exit;
     }
-}
+}