diff --git a/Modules/IndividualAssessment/classes/AccessControl/class.ilIndividualAssessmentAccessHandler.php b/Modules/IndividualAssessment/classes/AccessControl/class.ilIndividualAssessmentAccessHandler.php
index 34626dfbb27d..c5f765fe4040 100644
--- a/Modules/IndividualAssessment/classes/AccessControl/class.ilIndividualAssessmentAccessHandler.php
+++ b/Modules/IndividualAssessment/classes/AccessControl/class.ilIndividualAssessmentAccessHandler.php
@@ -25,6 +25,11 @@ class ilIndividualAssessmentAccessHandler implements IndividualAssessmentAccessH
{
public const DEFAULT_ROLE = 'il_iass_member';
+ public const RBAC_OP_CREATE_RECORDS = 'create_records';
+ public const ORGU_OP_CREATE_RECORDS = 'ou_create_records';
+ public const RBAC_OP_PUBLISH_RECORDS = 'publish_records';
+ public const ORGU_OP_PUBLISH_RECORDS = 'ou_publish_records';
+
protected ilObjIndividualAssessment $iass;
protected ilAccessHandler $handler;
protected ilRbacAdmin $admin;
@@ -50,7 +55,7 @@ public function __construct(
*/
public function checkRBACAccessToObj(string $operation): bool
{
- if($this->simulateMember()) {
+ if ($this->simulateMember()) {
return $this->checkMemberRoleForPermission($operation);
} else {
return $this->isSystemAdmin() ||
@@ -72,6 +77,7 @@ public function checkRBACOrPositionAccessToObj(string $operation)
);
}
+ /*
if ($operation == "write_learning_progress") {
return $this->handler->checkRbacOrPositionPermissionAccess(
// This feels super odd, but this is actually ok because we do not have
@@ -82,6 +88,7 @@ public function checkRBACOrPositionAccessToObj(string $operation)
$this->iass->getRefId()
);
}
+ */
throw new \LogicException("Unknown rbac/position-operation: $operation");
}
@@ -100,13 +107,13 @@ protected function checkMemberRoleForPermission(string $operation): bool
$this->review->getParentRoleIds($ref_id),
static fn(array $role): bool => str_starts_with($role['title'], 'il_crs_member_')
);
- if($roles === []) {
+ if ($roles === []) {
return false;
}
$role = array_shift($roles);
$active_ops = $this->review->getActiveOperationsOfRole($ref_id, $role['rol_id']);
- foreach($active_ops as $op) {
- if($this->review->getOperation($op)['operation'] === $operation) {
+ foreach ($active_ops as $op) {
+ if ($this->review->getOperation($op)['operation'] === $operation) {
return true;
}
}
@@ -189,7 +196,13 @@ public function mayViewAllUsers(): bool
public function mayGradeAnyUser(): bool
{
- return $this->checkRBACOrPositionAccessToObj('write_learning_progress');
+ //return $this->checkRBACOrPositionAccessToObj('write_learning_progress');
+ return $this->handler->checkRbacOrPositionPermissionAccess(
+ self::RBAC_OP_CREATE_RECORDS,
+ self::ORGU_OP_CREATE_RECORDS,
+ $this->iass->getRefId()
+ );
+
}
public function mayGradeUser(int $user_id): bool
@@ -197,11 +210,8 @@ public function mayGradeUser(int $user_id): bool
return
(count(
$this->handler->filterUserIdsByRbacOrPositionOfCurrentUser(
- // This feels super odd, but this is actually ok because we do not have
- // a dedicated RBAC permission to write_learning_progress.
- // See: https://mantis.ilias.de/view.php?id=36056#c89865
- "read_learning_progress",
- "write_learning_progress",
+ self::RBAC_OP_CREATE_RECORDS,
+ self::ORGU_OP_CREATE_RECORDS,
$this->iass->getRefId(),
[$user_id]
)
diff --git a/Modules/IndividualAssessment/classes/Setup/class.ilIndividualAssessmentSetupAgent.php b/Modules/IndividualAssessment/classes/Setup/class.ilIndividualAssessmentSetupAgent.php
index 42d626ef729d..c266e7655a74 100644
--- a/Modules/IndividualAssessment/classes/Setup/class.ilIndividualAssessmentSetupAgent.php
+++ b/Modules/IndividualAssessment/classes/Setup/class.ilIndividualAssessmentSetupAgent.php
@@ -54,9 +54,16 @@ public function getInstallObjective(Setup\Config $config = null): Setup\Objectiv
*/
public function getUpdateObjective(Setup\Config $config = null): Setup\Objective
{
- return new ilDatabaseUpdateStepsExecutedObjective(
- new ilIndividualAssessmentRectifyMembersTableDBUpdateSteps()
+ return new Setup\ObjectiveCollection(
+ 'Indivial Asessment',
+ true,
+ new ilDatabaseUpdateStepsExecutedObjective(
+ new ilIndividualAssessmentRectifyMembersTableDBUpdateSteps(),
+ ),
+ ...$this->getPermissionObjectives()
);
+
+
}
/**
@@ -82,4 +89,36 @@ public function getMigrations(): array
{
return [];
}
+
+
+ protected function getPermissionObjectives(): array
+ {
+ return [
+ new ilAccessCustomRBACOperationAddedObjective(
+ ilIndividualAssessmentAccessHandler::RBAC_OP_CREATE_RECORDS,
+ "Create Records for Users",
+ "object",
+ 9010,
+ ["iass"]
+ ),
+ new \ilOrgUnitOperationRegisteredObjective(
+ ilIndividualAssessmentAccessHandler::ORGU_OP_CREATE_RECORDS,
+ 'Create Records for Users',
+ ilOrgUnitOperationContext::CONTEXT_IASS
+ ),
+ new ilAccessCustomRBACOperationAddedObjective(
+ ilIndividualAssessmentAccessHandler::RBAC_OP_PUBLISH_RECORDS,
+ "Publish Records",
+ "object",
+ 9020,
+ ["iass"]
+ ),
+ new \ilOrgUnitOperationRegisteredObjective(
+ ilIndividualAssessmentAccessHandler::ORGU_OP_PUBLISH_RECORDS,
+ 'Publish Records',
+ ilOrgUnitOperationContext::CONTEXT_IASS
+ )
+ ];
+ }
+
}
diff --git a/Modules/IndividualAssessment/classes/class.ilIndividualAssessmentMemberGUI.php b/Modules/IndividualAssessment/classes/class.ilIndividualAssessmentMemberGUI.php
index b43cfd895d94..1763a4b410ac 100644
--- a/Modules/IndividualAssessment/classes/class.ilIndividualAssessmentMemberGUI.php
+++ b/Modules/IndividualAssessment/classes/class.ilIndividualAssessmentMemberGUI.php
@@ -177,7 +177,7 @@ protected function downloadFile(): void
{
$identifier = $this->getMember()->getGrading()->getFile();
$resource_id = $this->irss->manage()->find($identifier);
- if($resource_id) {
+ if ($resource_id) {
$this->irss->consume()->download($resource_id)->run();
}
}
@@ -353,7 +353,7 @@ protected function getUploadResult(): HandlerResult
protected function getRemoveResult(string $identifier): HandlerResult
{
$resource_id = $this->irss->manage()->find($identifier);
- if($resource_id) {
+ if ($resource_id) {
$this->irss->manage()->remove($resource_id, $this->stakeholder);
$status = HandlerResult::STATUS_OK;
$message = $this->lng->txt('iass_file_deleted');
@@ -368,7 +368,7 @@ protected function getRemoveResult(string $identifier): HandlerResult
public function getInfoResult(string $identifier): ?FileInfoResult
{
$resource_id = $this->irss->manage()->find($identifier);
- if(! $resource_id) {
+ if (! $resource_id) {
return null;
}
$resource = $this->irss->manage()->getResource($resource_id);
@@ -388,7 +388,7 @@ public function getInfoForExistingFiles(array $file_ids): array
$file_ids = array_filter($file_ids, fn($id) => $id !== "");
return array_map(function ($id) {
$resource_id = $this->irss->manage()->find($identifier);
- if(! $resource_id) {
+ if (! $resource_id) {
return null;
}
$resource = $this->irss->manage()->getResource($resource_id);
@@ -510,7 +510,7 @@ protected function userMayGrade(): bool
{
return
$this->getAccessHandler()->isSystemAdmin() ||
- (!$this->targetWasEditedByOtherUser($this->getMember()) && $this->getAccessHandler()->mayGradeUser($this->getMember()->id()))
+ ($this->getAccessHandler()->mayGradeUser($this->getMember()->id()))
;
}
@@ -524,14 +524,6 @@ protected function userMayAmend(): bool
return $this->getAccessHandler()->mayAmendAllUsers();
}
- protected function targetWasEditedByOtherUser(ilIndividualAssessmentMember $member): bool
- {
- return
- (int) $member->examinerId() !== $this->user->getId() &&
- 0 !== (int) $member->examinerId()
- ;
- }
-
protected function isFinalized(): bool
{
return $this->getMember()->finalized();
diff --git a/lang/ilias_de.lang b/lang/ilias_de.lang
index 629f6f4da4ba..1d9aa9b1e64d 100644
--- a/lang/ilias_de.lang
+++ b/lang/ilias_de.lang
@@ -10407,7 +10407,7 @@ iass#:#iass_amend_saved#:#Geänderte Prüfungsdaten wurden gespeichert.
iass#:#iass_assessment_not_completed#:#Noch nicht abgeschlossen
iass#:#iass_cancel#:#Abbrechen
iass#:#iass_changed_by#:#Nachträglich geändert
-iass#:#iass_confirm_finalize#:#Abschließen
+iass#:#iass_confirm_finalize#:#Abschließen und veröffentlichen
iass#:#iass_consultation_hours#:#Sprechstunden
iass#:#iass_contact#:#Name
iass#:#iass_contact_info#:#Kontaktinformationen
@@ -10431,7 +10431,7 @@ iass#:#iass_filter_failed#:#Nur nicht bestanden
iass#:#iass_filter_finalized#:#Nur bestandene
iass#:#iass_filter_not_finalized#:#Nur nicht abgeschlossene
iass#:#iass_filter_not_started#:#Nur nicht bewertete
-iass#:#iass_finalize#:#Abschließen
+iass#:#iass_finalize#:#Abschließen und veröffentlichen
iass#:#iass_finalize_info#:#Die Individuelle Bewertung wird abgeschlossen.
iass#:#iass_finalize_user_qst#:#Soll die Bewertung des Teilnehmers wirklich final abgeschlossen werden? Änderungen an der Bewertung sind hinterher nicht mehr möglich.
iass#:#iass_further_field_headline#:#Detaillierte Informationen
@@ -10442,8 +10442,8 @@ iass#:#iass_internal_note_info#:#Dieser Text ist nur für Personen sichtbar, die
iass#:#iass_location#:#Ort
iass#:#iass_mails#:#E-Mail
iass#:#iass_may_not_finalize#:#Prüfung kann noch nicht abschließend bewertet werden. Bitte geben Sie eine Bewertung ab.
-iass#:#iass_membership_finalized#:#Bewertung abgeschlossen.
-iass#:#iass_membership_saved#:#Bewertung wurde gespeichert aber noch nicht final abgeschlossen.
+iass#:#iass_membership_finalized#:#Bewertung veröffentlicht.
+iass#:#iass_membership_saved#:#Bewertung wurde gespeichert aber noch nicht veröffentlicht.
iass#:#iass_mess_notification_completed#:#Sie haben die Prüfung „%s“ bestanden. Beachten Sie bitte auch die folgende Notiz zur Prüfung.
iass#:#iass_mess_notification_failed#:#Sie haben die Prüfung „%s“ leider nicht bestanden. Beachten Sie bitte auch die folgende Notiz zur Prüfung.
iass#:#iass_notify#:#Ergebnis dem Teilnehmer zugänglich machen
@@ -12938,6 +12938,8 @@ orgu#:#org_op_edit_individual_plan#:#Individuellen Plan bearbeiten
orgu#:#org_op_edit_submissions_grades#:#Abgaben von anderen Benutzern bearbeiten
orgu#:#org_op_manage_members#:#Mitglieder bearbeiten
orgu#:#org_op_manage_participants#:#Teilnehmer verwalten
+orgu#:#org_op_ou_create_records#:#Bewertungen vornehmen
+orgu#:#org_op_ou_publish_records#:#Bewertungen veröffentlichen und abschließen
orgu#:#org_op_read_employee_talk#:#Auf Gespräche lesend zugreifen
orgu#:#org_op_read_learning_progress#:#Lernfortschritt von anderen Benutzern einsehen
orgu#:#org_op_score_participants#:#Teilnehmer bewerten
@@ -14194,6 +14196,7 @@ rbac#:#nwss_edit_permission#:#Rechteeinstellungen in der News- und Webfeeds-Admi
rbac#:#nwss_read#:#Lesezugriff auf News- und Webfeeds-Administration
rbac#:#nwss_visible#:#News- und Webfeeds-Administration ist sichtbar
rbac#:#nwss_write#:#Einstellungen in der News- und Webfeeds-Administration bearbeiten
+rbac#:#obj_records#:#Bewertungen vornehmen
rbac#:#obj_skee#:#Kompetenzbaum
rbac#:#org_op_access_results#:#Zugriff auf Ergebnisse untergeordneter Benutzer
rbac#:#org_op_edit_submissions_grades#:#Abgaben von anderen Benutzern bearbeiten
@@ -14278,6 +14281,7 @@ rbac#:#ps_export_member_data#:#Export von Mitgliederdaten in Gruppen und Kursen
rbac#:#ps_read#:#Lesezugriff auf Datenschutz- und Sicherheitseinstellungen
rbac#:#ps_visible#:#Datenschutz- und Sicherheitseinstellungen sind sichtbar
rbac#:#ps_write#:#Bearbeiten der Datenschutz- und Sicherheitseinstellungen erlauben
+rbac#:#publish_records#:#Bewertungen veröffentlichen und abschließen
rbac#:#push_desktop_items#:#Inhalte empfehlen
rbac#:#qpl_copy#:#Fragenpool kopieren
rbac#:#qpl_delete#:#Fragenpool löschen oder verschieben
diff --git a/lang/ilias_en.lang b/lang/ilias_en.lang
index 334c82a11491..be2697af697a 100644
--- a/lang/ilias_en.lang
+++ b/lang/ilias_en.lang
@@ -10407,7 +10407,7 @@ iass#:#iass_amend_saved#:#Amended record has been saved.
iass#:#iass_assessment_not_completed#:#Not completed yet
iass#:#iass_cancel#:#Cancel
iass#:#iass_changed_by#:#Changed after finalization
-iass#:#iass_confirm_finalize#:#Finalize
+iass#:#iass_confirm_finalize#:#Publish and freeze
iass#:#iass_consultation_hours#:#Consultation hours
iass#:#iass_contact#:#Name
iass#:#iass_contact_info#:#Contact information
@@ -10431,9 +10431,9 @@ iass#:#iass_filter_failed#:#Failed only
iass#:#iass_filter_finalized#:#Completed only
iass#:#iass_filter_not_finalized#:#Drafts only
iass#:#iass_filter_not_started#:#Not started only
-iass#:#iass_finalize#:#Finalize
-iass#:#iass_finalize_info#:#Individual Assessment will be finalized.
-iass#:#iass_finalize_user_qst#:#Should the participant's status really be finalised? No changes possible thereafter.
+iass#:#iass_finalize#:#Publish and freeze
+iass#:#iass_finalize_info#:#Individual Assessment will be published and frozen.
+iass#:#iass_finalize_user_qst#:#Should the participant's status really be published? No changes possible thereafter.
iass#:#iass_further_field_headline#:#Detailed Information
iass#:#iass_graded_by#:#Graded by
iass#:#iass_info_emails_expl#:#You may provide several addresses separated by comma.
@@ -10442,8 +10442,8 @@ iass#:#iass_internal_note_info#:#Internal notes are only visible for tutors but
iass#:#iass_location#:#Location
iass#:#iass_mails#:#E-Mail
iass#:#iass_may_not_finalize#:#Examinee may not be finalised. Please grade the user first.
-iass#:#iass_membership_finalized#:#Record finalised
-iass#:#iass_membership_saved#:#Record saved, not yet finalised
+iass#:#iass_membership_finalized#:#Record published and frozen
+iass#:#iass_membership_saved#:#Record saved, not yet published
iass#:#iass_mess_notification_completed#:#You passed the assessment %s. Please check the following grading record for details:
iass#:#iass_mess_notification_failed#:#You failed the assessment %s. Please check the following grading record for details:
iass#:#iass_notify#:#Make Result available to Participant
@@ -12938,6 +12938,8 @@ orgu#:#org_op_edit_individual_plan#:#Edit Individual Plan
orgu#:#org_op_edit_submissions_grades#:#Edit submissions of other users
orgu#:#org_op_manage_members#:#Manage Members
orgu#:#org_op_manage_participants#:#Manage Participants
+orgu#:#org_op_ou_create_records#:#Create Records for Users
+orgu#:#org_op_ou_publish_records#:#Publish and freeze Records
orgu#:#org_op_read_employee_talk#:#Read access talk appointments
orgu#:#org_op_read_learning_progress#:#View learning progress of other users
orgu#:#org_op_score_participants#:#Score Participants
@@ -14194,6 +14196,7 @@ rbac#:#nwss_edit_permission#:#User can change permission settings in News and We
rbac#:#nwss_read#:#User has read access to ews and Web Feeds administration
rbac#:#nwss_visible#:#News and Web Feeds administration is visible
rbac#:#nwss_write#:#User can edit settings in News and Web Feeds administration
+rbac#:#obj_records#:#Create Records for Users
rbac#:#obj_skee#:#Competence Tree
rbac#:#org_op_access_results#:#Access Results of Subordinated Users
rbac#:#org_op_edit_submissions_grades#:#Edit submissions of other users
@@ -14278,6 +14281,7 @@ rbac#:#ps_export_member_data#:#User can export member data in courses and groups
rbac#:#ps_read#:#User has read access to Privacy/Security administration
rbac#:#ps_visible#:#Privacy/Security administration is visible
rbac#:#ps_write#:#User can edit settings in Privacy/Security administration
+rbac#:#publish_records#:#Publish and freeze Records
rbac#:#push_desktop_items#:#Recommend Content
rbac#:#qpl_copy#:#User can copy question pool for tests
rbac#:#qpl_delete#:#User can move or delete question pool