00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 require_once("Services/AccessControl/classes/class.ilAccessInfo.php");
00025
00040 class ilAccessHandler
00041 {
00045 function ilAccessHandler()
00046 {
00047 global $rbacsystem;
00048
00049 $this->rbacsystem =& $rbacsystem;
00050 $this->results = array();
00051 $this->current_info = new ilAccessInfo();
00052
00053
00054 $this->cache = true;
00055 $this->rbac = true;
00056 $this->tree = true;
00057 $this->condition = true;
00058 $this->path = true;
00059 $this->status = true;
00060 $this->obj_id_cache = array();
00061 $this->obj_type_cache = array();
00062 }
00063
00074 function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "",$a_info = "")
00075 {
00076 global $ilUser;
00077
00078 if ($a_user_id == "")
00079 {
00080 $a_user_id = $ilUser->getId();
00081 }
00082
00083 if ($a_info == "")
00084 {
00085 $a_info = $this->current_info;
00086 }
00087
00088
00089
00090 if ($this->cache)
00091 {
00092 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
00093 array("granted" => $a_access_granted, "info" => $a_info);
00094
00095 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
00096 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
00097 $this->last_info = $a_info;
00098 }
00099
00100
00101 $this->current_info = new ilAccessInfo();
00102
00103 }
00104
00105
00118 function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
00119 {
00120 global $ilUser;
00121
00122 if ($a_user_id == "")
00123 {
00124 $a_user_id = $ilUser->getId();
00125 }
00126
00127
00128
00129
00130
00131
00132 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
00133 }
00134
00135
00139 function addInfoItem($a_type, $a_text, $a_data = "")
00140 {
00141 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
00142 }
00143
00155 function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "")
00156 {
00157 global $ilUser;
00158
00159 return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id);
00160 }
00161
00174 function checkAccessOfUser($a_user_id,$a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "")
00175 {
00176 global $ilBench;
00177
00178 $ilBench->start("AccessControl", "0400_clear_info");
00179 $this->current_info->clear();
00180 $ilBench->stop("AccessControl", "0400_clear_info");
00181
00182 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
00183
00184 if ($a_obj_id == "")
00185 {
00186 if ($this->obj_id_cache[$a_ref_id] > 0)
00187 {
00188 $a_obj_id = $this->obj_id_cache[$a_ref_id];
00189 }
00190 else
00191 {
00192 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
00193 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
00194 }
00195 }
00196 if ($a_type == "")
00197 {
00198 if ($this->obj_type_cache[$a_ref_id] != "")
00199 {
00200 $a_type = $this->obj_type_cache[$a_ref_id];
00201 }
00202 else
00203 {
00204 $a_type = ilObject::_lookupType($a_ref_id, true);
00205 $this->obj_type_cache[$a_ref_id] = $a_type;
00206 }
00207 }
00208 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
00209
00210
00211 if ($this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
00212 {
00213 return true;
00214 }
00215
00216
00217
00218
00219 if (!$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
00220 {
00221 return false;
00222 }
00223
00224
00225 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
00226 {
00227 return false;
00228 }
00229
00230
00231 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
00232 if (!$par_check)
00233 {
00234 return false;
00235 }
00236
00237
00238 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
00239 {
00240 return false;
00241 }
00242
00243
00244 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
00245 {
00246 return false;
00247 }
00248
00249
00250 return true;
00251 }
00252
00256 function getInfo()
00257 {
00258
00259
00260
00261 return $this->last_info->getInfoItems();
00262 }
00263
00267 function getResultLast()
00268 {
00269 return $this->last_result;
00270 }
00271
00272 function getResultAll($a_ref_id = "")
00273 {
00274 if ($a_ref_id == "")
00275 {
00276 return $this->results;
00277 }
00278
00279 return $this->results[$a_ref_id];
00280 }
00281
00286 function doCacheCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id)
00287 {
00288 global $ilBench;
00289
00290
00291 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
00292 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
00293
00294 if (is_array($stored_access))
00295 {
00296 $this->current_info = $stored_access["info"];
00297
00298 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
00299 return $stored_access["granted"];
00300 }
00301
00302
00303 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
00304 return false;
00305 }
00306
00311 function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
00312 {
00313 global $tree, $lng, $ilBench;
00314
00315
00316 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
00317
00318 if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
00319 {
00320 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
00321 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false,$a_user_id);
00322 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
00323
00324 return false;
00325 }
00326
00327 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true,$a_user_id);
00328 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
00329 return true;
00330 }
00331
00336 function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
00337 {
00338 global $lng, $ilBench, $ilErr, $ilLog;
00339
00340 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
00341
00342 if ($a_permission == "")
00343 {
00344 $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
00345 get_class($this),
00346 $a_ref_id);
00347 $ilLog->write($message,$ilLog->FATAL);
00348 $ilErr->raiseError($message,$ilErr->MESSAGE);
00349 }
00350
00351 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id);
00352
00353 if (!$access)
00354 {
00355 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("no_permission"));
00356 }
00357
00358 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id);
00359 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
00360
00361 return $access;
00362 }
00363
00368 function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
00369 {
00370 global $tree, $lng, $ilBench,$ilObjDataCache;
00371
00372
00373 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
00374 $path = $tree->getPathId($a_ref_id);
00375 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
00376
00377 $tmp_info = $this->current_info;
00378
00379
00380 foreach ($path as $id)
00381 {
00382 if ($a_ref_id == $id)
00383 {
00384 continue;
00385 }
00386
00387
00388 if($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($id)) == 'crs')
00389 {
00390 if(!$this->doActivationCheck($a_permission,$a_cmd,$a_ref_id,$a_user_id,$a_all))
00391 {
00392 $this->storeAccessResult($a_permission,$a_cmd,$a_ref_id,false,$a_user_id);
00393 return false;
00394 }
00395 }
00396
00397 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
00398
00399 if ($access == false)
00400 {
00401
00402
00403 $tmp_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
00404
00405 if ($a_all == false)
00406 {
00407 $ilBench->start("AccessControl", "3200_checkAccess_check_parents_store_result");
00408 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id,$tmp_info);
00409 $ilBench->stop("AccessControl", "3200_checkAccess_check_parents_store_result");
00410 return false;
00411 }
00412 }
00413 }
00414
00415 $ilBench->start("AccessControl", "3200_checkAccess_check_parents_store_result");
00416 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id,$tmp_info);
00417 $ilBench->stop("AccessControl", "3200_checkAccess_check_parents_store_result");
00418
00419 return true;
00420 }
00421
00426 function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
00427 {
00428
00429 if($a_permission == 'write')
00430 {
00431 return true;
00432 }
00433
00434 include_once 'course/classes/class.ilCourseItems.php';
00435 $item_data = ilCourseItems::_getItem($a_ref_id);
00436
00437
00438 if($item_data['timing_type'] != IL_CRS_TIMINGS_ACTIVATION)
00439 {
00440 return true;
00441 }
00442
00443 if((time() >= $item_data['timing_start']) and
00444 (time() <= $item_data['timing_end']))
00445 {
00446 return true;
00447 }
00448
00449
00450 if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
00451 {
00452 return true;
00453 }
00454
00455 if($a_permission == 'visible' and $item_data['visible'])
00456 {
00457 return true;
00458 }
00459
00460
00461 return false;
00462 }
00463
00468 function doConditionCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
00469 {
00470
00471 global $lng, $ilBench;
00472
00473 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
00474
00475 if ($a_permission == "read" &&
00476 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
00477 {
00478 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_obj_id))
00479 {
00480 $conditions = ilConditionHandler::_getConditionsOfTarget($a_obj_id, $a_type);
00481
00482 foreach ($conditions as $condition)
00483 {
00484 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
00485 $lng->txt("missing_precondition").": ".
00486 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
00487 $lng->txt("condition_".$condition["operator"])." ".
00488 $condition["value"], $condition);
00489 }
00490
00491 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
00492 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
00493 return false;
00494 }
00495 }
00496
00497 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
00498 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
00499 return true;
00500 }
00501
00506 function doStatusCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
00507 {
00508 global $objDefinition, $ilBench;
00509
00510 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
00511
00512 $class = $objDefinition->getClassName($a_type);
00513 $location = $objDefinition->getLocation($a_type);
00514 $full_class = "ilObj".$class."Access";
00515 include_once($location."/class.".$full_class.".php");
00516
00517
00518 $obj_access = call_user_func(array($full_class, "_checkAccess"),
00519 $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
00520
00521 if (!($obj_access === true))
00522 {
00523
00524 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
00525 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
00526 return false;
00527 }
00528
00529 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
00530
00531 $ilBench->start("AccessControl", "6000_checkAccess_store_access");
00532 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
00533 $ilBench->stop("AccessControl", "6000_checkAccess_store_access");
00534 return true;
00535 }
00536
00537 function clear()
00538 {
00539 $this->results = array();
00540 $this->last_result = "";
00541 $this->current_info = new ilAccessInfo();
00542 }
00543
00544 function enable($a_str,$a_bool)
00545 {
00546 $this->$a_str = $a_bool;
00547 }
00548 }
