ILIAS Release_3_7_x_branch .rev 46817: classes/class.ilRbacSystem.php Source File

Go to the documentation of this file.
00001 <?php
00002 /*
00003         +-----------------------------------------------------------------------------+
00004         | ILIAS open source                                                           |
00005         +-----------------------------------------------------------------------------+
00006         | Copyright (c) 1998-2001 ILIAS open source, University of Cologne            |
00007         |                                                                             |
00008         | This program is free software; you can redistribute it and/or               |
00009         | modify it under the terms of the GNU General Public License                 |
00010         | as published by the Free Software Foundation; either version 2              |
00011         | of the License, or (at your option) any later version.                      |
00012         |                                                                             |
00013         | This program is distributed in the hope that it will be useful,             |
00014         | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
00015         | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
00016         | GNU General Public License for more details.                                |
00017         |                                                                             |
00018         | You should have received a copy of the GNU General Public License           |
00019         | along with this program; if not, write to the Free Software                 |
00020         | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
00021         +-----------------------------------------------------------------------------+
00022 */
00023 
00024 
00036 class ilRbacSystem
00037 {
00038         var $ilias;
00039 
00044         function ilRbacSystem()
00045         {
00046                 global $ilDB,$ilErr,$ilias;
00047 
00048                 $this->ilias =& $ilias;
00049 
00050                 // set db & error handler
00051                 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00052                 
00053                 if (!isset($ilErr))
00054                 {
00055                         $ilErr = new ilErrorHandling();
00056                         $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00057                 }
00058                 else
00059                 {
00060                         $this->ilErr =& $ilErr;
00061                 }
00062         }
00063         
00083         function checkAccess($a_operations,$a_ref_id,$a_type = "")
00084         {
00085                 global $ilUser,$ilBench;
00086                 
00087                 $ilBench->start("RBAC", "system_checkAccess");
00088 
00089                 $result = $this->checkAccessOfUser($ilUser->getId(), $a_operations, $a_ref_id, $a_type);
00090 
00091                 $ilBench->stop("RBAC", "system_checkAccess");
00092                 
00093                 return $result;
00094         }
00095         
00096         function checkAccessOfUser($a_user_id, $a_operations, $a_ref_id, $a_type = "")
00097         {
00098                 global $ilUser, $rbacreview,$ilObjDataCache;
00099 
00100                 #echo ++$counter;
00101 
00102                 // DISABLED 
00103                 // Check For owner
00104                 // Owners do always have full access to their objects
00105                 // Excluded are the permissions create and perm
00106                 // This method call return all operations that are NOT granted by the owner status 
00107                 if(!$a_operations = $this->__filterOwnerPermissions($a_user_id,$a_operations,$a_ref_id))
00108                 {
00109                         return true;
00110                 }
00111 
00112                 
00113                 // get roles
00114                 if ($a_user_id == $ilUser->getId())
00115                 {
00116                         $roles = $_SESSION["RoleId"] ? $_SESSION['RoleId'] : array();
00117                 }
00118                 else
00119                 {
00120                         $roles = $rbacreview->assignedRoles($a_user_id);
00121                 }
00122                 
00123                 // exclude system role from rbac
00124                 if (in_array(SYSTEM_ROLE_ID, $roles))
00125                 {
00126                         return true;            
00127                 }
00128 
00129                 if (!isset($a_operations) or !isset($a_ref_id))
00130                 {
00131                         $this->ilErr->raiseError(get_class($this)."::checkAccess(): Missing parameter! ".
00132                                                         "ref_id: ".$a_ref_id." operations: ".$a_operations,$this->ilErr->WARNING);
00133                 }
00134 
00135                 if (!is_string($a_operations))
00136                 {
00137                         $this->ilErr->raiseError(get_class($this)."::checkAccess(): Wrong datatype for operations!",$this->ilErr->WARNING);
00138                 }
00139 
00140                 $operations = explode(",",$a_operations);
00141 
00142 
00143                 foreach ($operations as $operation)
00144                 {
00145                         if ($operation == "create")
00146                         {
00147                                 if (empty($a_type))
00148                                 {
00149                                         $this->ilErr->raiseError(get_class($this)."::CheckAccess(): Expect a type definition for checking a 'create' permission",
00150                                                                                          $this->ilErr->WARNING);
00151                                 }
00152                                 
00153                                 $ops_id = getOperationId($operation."_".$a_type);
00154                         }
00155                         else
00156                         {
00157                                 $ops_id = getOperationId($operation);
00158                         }
00159                         
00160                         // Um nur eine Abfrage zu haben
00161                         $in = " IN ('";
00162                         $in .= implode("','", $roles);
00163                         $in .= "')";
00164 
00165                         $q = "SELECT * FROM rbac_pa ".
00166                                  "WHERE rol_id ".$in." ".
00167                                  "AND ref_id = '".$a_ref_id."' ";
00168                         $r = $this->ilDB->query($q);
00169 
00170                         $ops = array();
00171 
00172                         while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00173                         {
00174                                 $ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
00175                         }
00176                         if (in_array($ops_id,$ops))
00177                         {
00178                                 continue;
00179                         }
00180                         else
00181                         {
00182                                 return false;
00183                         }
00184                 }
00185                 
00186                 return true;
00187     }
00188         
00197         function checkPermission($a_ref_id,$a_rol_id,$a_operation)
00198         {
00199                 $ops = array();
00200 
00201                 $q = "SELECT ops_id FROM rbac_operations ".
00202                                  "WHERE operation ='".$a_operation."'";
00203                 
00204                 $r = $this->ilDB->query($q);
00205 
00206                 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00207                 {
00208                         $ops_id = $row->ops_id;
00209                 }
00210         
00211                 $q = "SELECT * FROM rbac_pa ".
00212                          "WHERE rol_id = '".$a_rol_id."' ".
00213                          "AND ref_id = '".$a_ref_id."' ";
00214                 
00215                 $r = $this->ilDB->query($q);
00216 
00217                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00218                 {
00219                         $ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
00220                 }
00221                 return in_array($ops_id,$ops);
00222         }
00223 
00224         function __filterOwnerPermissions($a_user_id,$a_operations,$a_ref_id)
00225         {
00226                 global $ilObjDataCache;
00227 
00228                 if($a_user_id != $ilObjDataCache->lookupOwner($ilObjDataCache->lookupObjId($a_ref_id)))
00229                 {
00230                         return $a_operations;
00231                 }
00232                 // Is owner
00233                 foreach(explode(",",$a_operations) as $operation)
00234                 {
00235                         if($operation != 'edit_permission' and !preg_match('/^create/',$operation))
00236                         {
00237                                 continue;
00238                         }
00239                         if(!strlen($new_ops))
00240                         {
00241                                 $new_ops = $operation;
00242                         }
00243                         else
00244                         {
00245                                 $new_ops .= (','.$operation);
00246                         }
00247                 }
00248                 return $new_ops;
00249         }
00250         
00260         function saveAccessStatus($a_obj_id)
00261         {
00262                 if(isset($_SESSION['perm_granted'][$a_obj_id]))
00263                 {
00264                         return;
00265                 }
00266                 $_SESSION['perm_granted'][$a_obj_id] = true;
00267                 db_session_write($_COOKIE['PHPSESSID'],$_SESSION);
00268         }
00269 
00270 } // END class.RbacSystem
00271 ?>