User: Restrict Access to Functions

chlulei · Oct 30, 2024 · e032226 · e032226
1 parent 09c132b
commit e032226
Showing 1 changed file with 50 additions and 7 deletions.
diff --git a/Services/User/classes/class.ilObjUserFolderGUI.php b/Services/User/classes/class.ilObjUserFolderGUI.php
@@ -155,9 +155,8 @@ public function executeCommand(): void
                 break;
 
             case 'ilrepositorysearchgui':
-
-                if (!$access->checkRbacOrPositionPermissionAccess(
-                    "read_users",
+                if (!$this->access->checkRbacOrPositionPermissionAccess(
+                    'read_users',
                     \ilObjUserFolder::ORG_OP_EDIT_USER_ACCOUNTS,
                     USER_FOLDER_ID
                 )) {
@@ -194,6 +193,7 @@ public function executeCommand(): void
                 break;
 
             case 'ilcustomuserfieldsgui':
+                $this->raiseErrorOnMissingWrite();
                 $this->tabs_gui->setTabActive('settings');
                 $this->setSubTabs("settings");
                 $ilTabs->activateSubTab("user_defined_fields");
@@ -205,6 +205,7 @@ public function executeCommand(): void
                 break;
 
             case 'iluserstartingpointgui':
+                $this->raiseErrorOnMissingWrite();
                 $this->tabs_gui->setTabActive('settings');
                 $this->setSubTabs("settings");
                 $ilTabs->activateSubTab("starting_points");
@@ -213,6 +214,7 @@ public function executeCommand(): void
                 break;
 
             case 'iluserprofileinfosettingsgui':
+                $this->raiseErrorOnMissingWrite();
                 $this->tabs_gui->setTabActive('settings');
                 $this->setSubTabs("settings");
                 $ilTabs->activateSubTab("user_profile_info");
@@ -981,6 +983,17 @@ public function showActionConfirmation(
 
     public function deleteUsersObject(): void
     {
+        if (!$this->access->checkRbacOrPositionPermissionAccess(
+            'delete',
+            \ilObjUserFolder::ORG_OP_EDIT_USER_ACCOUNTS,
+            USER_FOLDER_ID
+        )) {
+            $this->ilias->raiseError(
+                $this->lng->txt('permission_denied'),
+                $this->ilias->error_obj->MESSAGE
+            );
+        }
+
         if (in_array($this->user->getId(), $this->getActionUserIds())) {
             $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_delete_yourself'));
             $this->viewObject();
@@ -991,11 +1004,13 @@ public function deleteUsersObject(): void
 
     public function activateUsersObject(): void
     {
-        $this->showActionConfirmation("activate");
+        $this->raiseErrorOnMissingWrite();
+        $this->showActionConfirmation('activate');
     }
 
     public function deactivateUsersObject(): void
     {
+        $this->raiseErrorOnMissingWrite();
         if (in_array($this->user->getId(), $this->getActionUserIds())) {
             $this->tpl->setOnScreenMessage('failure', $this->lng->txt('no_deactivate_yourself'));
             $this->viewObject();
@@ -1006,19 +1021,22 @@ public function deactivateUsersObject(): void
 
     public function restrictAccessObject(): void
     {
-        $this->showActionConfirmation("accessRestrict");
+        $this->raiseErrorOnMissingWrite();
+        $this->showActionConfirmation('accessRestrict');
     }
 
     /**
      * Free access
      */
     public function freeAccessObject(): void
     {
-        $this->showActionConfirmation("accessFree");
+        $this->raiseErrorOnMissingWrite();
+        $this->showActionConfirmation('accessFree');
     }
 
     public function userActionObject(): void
     {
+        $this->raiseErrorOnMissingWrite();
         $this->showActionConfirmation($this->user_request->getSelectedAction());
     }
 
@@ -1835,6 +1853,7 @@ protected function generalSettingsObject(): void
 
         $ilSetting = $DIC['ilSetting'];
 
+        $this->raiseErrorOnMissingWrite();
         $this->initFormGeneralSettings();
 
         $aset = ilUserAccountSettings::getInstance();
@@ -1928,6 +1947,7 @@ public function saveGeneralSettingsObject(): void
 
         $ilSetting = $DIC['ilSetting'];
 
+        $this->raiseErrorOnMissingWrite();
         $this->initFormGeneralSettings();
         if ($this->form->checkInput()) {
             $valid = true;
@@ -2543,6 +2563,8 @@ public function settingsObject(): void
         $lng = $DIC['lng'];
         $ilTabs = $DIC['ilTabs'];
 
+        $this->raiseErrorOnMissingWrite();
+
         $lng->loadLanguageModule("administration");
         $lng->loadLanguageModule("mail");
         $lng->loadLanguageModule("chatroom");
@@ -2562,7 +2584,8 @@ public function settingsObject(): void
 
     public function confirmSavedObject(): void
     {
-        $this->saveGlobalUserSettingsObject("save");
+        $this->raiseErrorOnMissingWrite();
+        $this->saveGlobalUserSettingsObject('save');
     }
 
     public function saveGlobalUserSettingsObject(string $action = ""): void
@@ -2572,6 +2595,8 @@ public function saveGlobalUserSettingsObject(string $action = ""): void
         $ilias = $DIC['ilias'];
         $ilSetting = $DIC['ilSetting'];
 
+        $this->raiseErrorOnMissingWrite();
+
         $checked = $this->user_request->getChecked();
         $selected = $this->user_request->getSelect();
 
@@ -3054,6 +3079,7 @@ public function cancelDeleteExportFileObject(): void
      */
     public function deleteExportFileObject(): void
     {
+        $this->raiseErrorOnMissingWrite();
         $files = $this->user_request->getFiles();
         $export_dir = $this->object->getExportDirectory();
         foreach ($files as $file) {
@@ -3232,6 +3258,7 @@ public function newAccountMailObject(): void
 
         $lng = $DIC['lng'];
 
+        $this->raiseErrorOnMissingWrite();
         $this->setSubTabs('settings');
         $this->tabs_gui->setTabActive('settings');
         $this->tabs_gui->setSubTabActive('user_new_account_mail');
@@ -3341,6 +3368,8 @@ public function saveNewAccountMailObject(): void
 
         $lng = $DIC['lng'];
 
+        $this->raiseErrorOnMissingWrite();
+
         $langs = $lng->getInstalledLanguages();
         foreach ($langs as $lang_key) {
             ilObjUserFolder::_writeNewAccountMail(
@@ -4104,4 +4133,18 @@ protected function addToClipboardObject(): void
             'view'
         );
     }
+
+    private function raiseErrorOnMissingWrite(): void
+    {
+        if (!$this->access->checkRbacOrPositionPermissionAccess(
+            'write',
+            \ilObjUserFolder::ORG_OP_EDIT_USER_ACCOUNTS,
+            USER_FOLDER_ID
+        )) {
+            $this->ilias->raiseError(
+                $this->lng->txt('permission_denied'),
+                $this->ilias->error_obj->MESSAGE
+            );
+        }
+    }
 }