class ilRbacSystem system function like checkAccess, addActiveRole ... More...
Public Member Functions | |
| ilRbacSystem () | |
| Constructor public. | |
| checkAccess ($a_operations, $a_ref_id, $a_type="") | |
| checkAccess represents the main method of the RBAC-system in ILIAS3 developers want to use With this method you check the permissions a use may have due to its roles on an specific object. | |
| checkAccessOfUser ($a_user_id, $a_operations, $a_ref_id, $a_type="") | |
| checkPermission ($a_ref_id, $a_rol_id, $a_operation) | |
| check if a specific role has the permission '$a_operation' of an object public | |
| __filterOwnerPermissions ($a_user_id, $a_operations, $a_ref_id) | |
| saveAccessStatus ($a_obj_id) | |
| Store access status. | |
Data Fields | |
| $ilias | |
Detailed Description
class ilRbacSystem system function like checkAccess, addActiveRole ...
Supporting system functions are required for session management and in making access control decisions. This class depends on the session since we offer the possiblility to add or delete active roles during one session.
- Version:
- Id:
- class.ilRbacSystem.php 13517 2007-03-27 08:18:22Z smeyer
Definition at line 36 of file class.ilRbacSystem.php.
Member Function Documentation
| ilRbacSystem::__filterOwnerPermissions | ( | $ | a_user_id, | |
| $ | a_operations, | |||
| $ | a_ref_id | |||
| ) |
Definition at line 224 of file class.ilRbacSystem.php.
Referenced by checkAccessOfUser().
{
global $ilObjDataCache;
if($a_user_id != $ilObjDataCache->lookupOwner($ilObjDataCache->lookupObjId($a_ref_id)))
{
return $a_operations;
}
// Is owner
foreach(explode(",",$a_operations) as $operation)
{
if($operation != 'edit_permission' and !preg_match('/^create/',$operation))
{
continue;
}
if(!strlen($new_ops))
{
$new_ops = $operation;
}
else
{
$new_ops .= (','.$operation);
}
}
return $new_ops;
}
Here is the caller graph for this function:
| ilRbacSystem::checkAccess | ( | $ | a_operations, | |
| $ | a_ref_id, | |||
| $ | a_type = "" | |||
| ) |
checkAccess represents the main method of the RBAC-system in ILIAS3 developers want to use With this method you check the permissions a use may have due to its roles on an specific object.
The first parameter are the operation(s) the user must have The second & third parameter specifies the object where the operation(s) may apply to The last parameter is only required, if you ask for the 'create' operation. Here you specify the object type which you want to create.
example: $rbacSystem->checkAccess("visible,read",23); Here you ask if the user is allowed to see ('visible') and access the object by reading it ('read'). The reference_id is 23 in the tree structure.
public
- Parameters:
-
string one or more operations, separated by commas (i.e.: visible,read,join) integer the child_id in tree (usually a reference_id, no object_id !!) string the type definition abbreviation (i.e.: frm,grp,crs)
- Returns:
- boolean returns true if ALL passed operations are given, otherwise false
Definition at line 83 of file class.ilRbacSystem.php.
References $ilBench, $result, and checkAccessOfUser().
{
global $ilUser,$ilBench;
$ilBench->start("RBAC", "system_checkAccess");
$result = $this->checkAccessOfUser($ilUser->getId(), $a_operations, $a_ref_id, $a_type);
$ilBench->stop("RBAC", "system_checkAccess");
return $result;
}
Here is the call graph for this function:
| ilRbacSystem::checkAccessOfUser | ( | $ | a_user_id, | |
| $ | a_operations, | |||
| $ | a_ref_id, | |||
| $ | a_type = "" | |||
| ) |
Definition at line 96 of file class.ilRbacSystem.php.
References $_SESSION, $ops, $ops_id, $q, $rbacreview, $row, __filterOwnerPermissions(), and getOperationId().
Referenced by checkAccess().
{
global $ilUser, $rbacreview,$ilObjDataCache;
#echo ++$counter;
// DISABLED
// Check For owner
// Owners do always have full access to their objects
// Excluded are the permissions create and perm
// This method call return all operations that are NOT granted by the owner status
if(!$a_operations = $this->__filterOwnerPermissions($a_user_id,$a_operations,$a_ref_id))
{
return true;
}
// get roles
if ($a_user_id == $ilUser->getId())
{
$roles = $_SESSION["RoleId"] ? $_SESSION['RoleId'] : array();
}
else
{
$roles = $rbacreview->assignedRoles($a_user_id);
}
// exclude system role from rbac
if (in_array(SYSTEM_ROLE_ID, $roles))
{
return true;
}
if (!isset($a_operations) or !isset($a_ref_id))
{
$this->ilErr->raiseError(get_class($this)."::checkAccess(): Missing parameter! ".
"ref_id: ".$a_ref_id." operations: ".$a_operations,$this->ilErr->WARNING);
}
if (!is_string($a_operations))
{
$this->ilErr->raiseError(get_class($this)."::checkAccess(): Wrong datatype for operations!",$this->ilErr->WARNING);
}
$operations = explode(",",$a_operations);
foreach ($operations as $operation)
{
if ($operation == "create")
{
if (empty($a_type))
{
$this->ilErr->raiseError(get_class($this)."::CheckAccess(): Expect a type definition for checking a 'create' permission",
$this->ilErr->WARNING);
}
$ops_id = getOperationId($operation."_".$a_type);
}
else
{
$ops_id = getOperationId($operation);
}
// Um nur eine Abfrage zu haben
$in = " IN ('";
$in .= implode("','", $roles);
$in .= "')";
$q = "SELECT * FROM rbac_pa ".
"WHERE rol_id ".$in." ".
"AND ref_id = '".$a_ref_id."' ";
$r = $this->ilDB->query($q);
$ops = array();
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
}
if (in_array($ops_id,$ops))
{
continue;
}
else
{
return false;
}
}
return true;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilRbacSystem::checkPermission | ( | $ | a_ref_id, | |
| $ | a_rol_id, | |||
| $ | a_operation | |||
| ) |
check if a specific role has the permission '$a_operation' of an object public
- Parameters:
-
integer reference id of object integer role id string the permission to check
- Returns:
- boolean
Definition at line 197 of file class.ilRbacSystem.php.
References $ops, $ops_id, $q, and $row.
{
$ops = array();
$q = "SELECT ops_id FROM rbac_operations ".
"WHERE operation ='".$a_operation."'";
$r = $this->ilDB->query($q);
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops_id = $row->ops_id;
}
$q = "SELECT * FROM rbac_pa ".
"WHERE rol_id = '".$a_rol_id."' ".
"AND ref_id = '".$a_ref_id."' ";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
}
return in_array($ops_id,$ops);
}
| ilRbacSystem::ilRbacSystem | ( | ) |
Constructor public.
Definition at line 44 of file class.ilRbacSystem.php.
References $ilErr, $ilias, and if.
{
global $ilDB,$ilErr,$ilias;
$this->ilias =& $ilias;
// set db & error handler
(isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
if (!isset($ilErr))
{
$ilErr = new ilErrorHandling();
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
}
else
{
$this->ilErr =& $ilErr;
}
}
| ilRbacSystem::saveAccessStatus | ( | $ | a_obj_id | ) |
Store access status.
This method stores obj_ids in the session array. This information is used to check access for e.g files of HTML-Learning modules in the data-Directory.
public
- Parameters:
-
int object id of object in question
Definition at line 260 of file class.ilRbacSystem.php.
References $_SESSION, and db_session_write().
{
if(isset($_SESSION['perm_granted'][$a_obj_id]))
{
return;
}
$_SESSION['perm_granted'][$a_obj_id] = true;
db_session_write($_COOKIE['PHPSESSID'],$_SESSION);
}
Here is the call graph for this function:
Field Documentation
| ilRbacSystem::$ilias |
Definition at line 38 of file class.ilRbacSystem.php.
Referenced by ilRbacSystem().
The documentation for this class was generated from the following file:
- classes/class.ilRbacSystem.php
