Go to the documentation of this file.00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00036 class ilRbacSystem
00037 {
00038 var $ilias;
00039
00044 function ilRbacSystem()
00045 {
00046 global $ilDB,$ilErr,$ilias;
00047
00048 $this->ilias =& $ilias;
00049
00050
00051 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00052
00053 if (!isset($ilErr))
00054 {
00055 $ilErr = new ilErrorHandling();
00056 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00057 }
00058 else
00059 {
00060 $this->ilErr =& $ilErr;
00061 }
00062 }
00063
00083 function checkAccess($a_operations,$a_ref_id,$a_type = "")
00084 {
00085 global $ilUser,$ilBench;
00086
00087 $ilBench->start("RBAC", "system_checkAccess");
00088
00089 $result = $this->checkAccessOfUser($ilUser->getId(), $a_operations, $a_ref_id, $a_type);
00090
00091 $ilBench->stop("RBAC", "system_checkAccess");
00092
00093 return $result;
00094 }
00095
00096 function checkAccessOfUser($a_user_id, $a_operations, $a_ref_id, $a_type = "")
00097 {
00098 global $ilUser, $rbacreview,$ilObjDataCache;
00099
00100 #echo ++$counter;
00101
00102
00103
00104
00105
00106
00107 if(!$a_operations = $this->__filterOwnerPermissions($a_user_id,$a_operations,$a_ref_id))
00108 {
00109 return true;
00110 }
00111
00112
00113
00114 if ($a_user_id == $ilUser->getId())
00115 {
00116 $roles = $_SESSION["RoleId"] ? $_SESSION['RoleId'] : array();
00117 }
00118 else
00119 {
00120 $roles = $rbacreview->assignedRoles($a_user_id);
00121 }
00122
00123
00124 if (in_array(SYSTEM_ROLE_ID, $roles))
00125 {
00126 return true;
00127 }
00128
00129 if (!isset($a_operations) or !isset($a_ref_id))
00130 {
00131 $this->ilErr->raiseError(get_class($this)."::checkAccess(): Missing parameter! ".
00132 "ref_id: ".$a_ref_id." operations: ".$a_operations,$this->ilErr->WARNING);
00133 }
00134
00135 if (!is_string($a_operations))
00136 {
00137 $this->ilErr->raiseError(get_class($this)."::checkAccess(): Wrong datatype for operations!",$this->ilErr->WARNING);
00138 }
00139
00140 $operations = explode(",",$a_operations);
00141
00142
00143 foreach ($operations as $operation)
00144 {
00145 if ($operation == "create")
00146 {
00147 if (empty($a_type))
00148 {
00149 $this->ilErr->raiseError(get_class($this)."::CheckAccess(): Expect a type definition for checking a 'create' permission",
00150 $this->ilErr->WARNING);
00151 }
00152
00153 $ops_id = getOperationId($operation."_".$a_type);
00154 }
00155 else
00156 {
00157 $ops_id = getOperationId($operation);
00158 }
00159
00160
00161 $in = " IN ('";
00162 $in .= implode("','", $roles);
00163 $in .= "')";
00164
00165 $q = "SELECT * FROM rbac_pa ".
00166 "WHERE rol_id ".$in." ".
00167 "AND ref_id = '".$a_ref_id."' ";
00168 $r = $this->ilDB->query($q);
00169
00170 $ops = array();
00171
00172 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00173 {
00174 $ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
00175 }
00176 if (in_array($ops_id,$ops))
00177 {
00178 continue;
00179 }
00180 else
00181 {
00182 return false;
00183 }
00184 }
00185
00186 return true;
00187 }
00188
00197 function checkPermission($a_ref_id,$a_rol_id,$a_operation)
00198 {
00199 $ops = array();
00200
00201 $q = "SELECT ops_id FROM rbac_operations ".
00202 "WHERE operation ='".$a_operation."'";
00203
00204 $r = $this->ilDB->query($q);
00205
00206 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00207 {
00208 $ops_id = $row->ops_id;
00209 }
00210
00211 $q = "SELECT * FROM rbac_pa ".
00212 "WHERE rol_id = '".$a_rol_id."' ".
00213 "AND ref_id = '".$a_ref_id."' ";
00214
00215 $r = $this->ilDB->query($q);
00216
00217 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00218 {
00219 $ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
00220 }
00221 return in_array($ops_id,$ops);
00222 }
00223
00224 function __filterOwnerPermissions($a_user_id,$a_operations,$a_ref_id)
00225 {
00226 global $ilObjDataCache;
00227
00228 if($a_user_id != $ilObjDataCache->lookupOwner($ilObjDataCache->lookupObjId($a_ref_id)))
00229 {
00230 return $a_operations;
00231 }
00232
00233 foreach(explode(",",$a_operations) as $operation)
00234 {
00235 if($operation != 'edit_permission' and !preg_match('/^create/',$operation))
00236 {
00237 continue;
00238 }
00239 if(!strlen($new_ops))
00240 {
00241 $new_ops = $operation;
00242 }
00243 else
00244 {
00245 $new_ops .= (','.$operation);
00246 }
00247 }
00248 return $new_ops;
00249 }
00250
00260 function saveAccessStatus($a_obj_id)
00261 {
00262 if(isset($_SESSION['perm_granted'][$a_obj_id]))
00263 {
00264 return;
00265 }
00266 $_SESSION['perm_granted'][$a_obj_id] = true;
00267 db_session_write($_COOKIE['PHPSESSID'],$_SESSION);
00268 }
00269
00270 }
00271 ?>