Public Member Functions

ilAccessHandler Class Reference
[Services/AccessControl]

Class ilAccessHandler. More...

Public Member Functions

 ilAccessHandler ()
 constructor
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access result
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
 getInfo ()
 get last info object
 getResultLast ()
 get last info object
 getResultAll ($a_ref_id="")
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 rbac check for current object
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check for course activation
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission)
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check
 clear ()
 enable ($a_str, $a_bool)

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author:
Alex Killing <alex.killing@gmx.de>
Sascha Hofmann <saschahofmann@gmx.de>
Version:
Id:
class.ilAccessHandler.php 11691 2006-07-29 17:23:20Z akill

Definition at line 40 of file class.ilAccessHandler.php.


Member Function Documentation

ilAccessHandler::addInfoItem ( a_type,
a_text,
a_data = "" 
)

add an info item to current info object

Definition at line 139 of file class.ilAccessHandler.php.

        {
                $this->current_info->addInfoItem($a_type, $a_text, $a_data);
        }

ilAccessHandler::checkAccess ( a_permission,
a_cmd,
a_ref_id,
a_type = "",
a_obj_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters:
string $a_permission
string $a_cmd
int $a_ref_id
string $a_type (optional)
int $a_obj_id (optional)

Definition at line 155 of file class.ilAccessHandler.php.

References checkAccessOfUser().

        {
                global $ilUser;

                return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id);
        }

Here is the call graph for this function:

ilAccessHandler::checkAccessOfUser ( a_user_id,
a_permission,
a_cmd,
a_ref_id,
a_type = "",
a_obj_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters:
integer $a_user_id
string $a_permission
string $a_cmd
int $a_ref_id
string $a_type (optional)
int $a_obj_id (optional)

Definition at line 174 of file class.ilAccessHandler.php.

References $ilBench, _lookupObjId(), ilObject::_lookupType(), doCacheCheck(), doConditionCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

Referenced by checkAccess(), doActivationCheck(), doConditionCheck(), and doPathCheck().

        {
                global $ilBench;
                
                $ilBench->start("AccessControl", "0400_clear_info");
                $this->current_info->clear();
                $ilBench->stop("AccessControl", "0400_clear_info");
                
                $ilBench->start("AccessControl", "0500_lookup_id_and_type");
                // get object id if not provided
                if ($a_obj_id == "")
                {
                        if ($this->obj_id_cache[$a_ref_id] > 0)
                        {
                                $a_obj_id = $this->obj_id_cache[$a_ref_id];
                        }
                        else
                        {
                                $a_obj_id = ilObject::_lookupObjId($a_ref_id);
                                $this->obj_id_cache[$a_ref_id] = $a_obj_id;
                        }
                }
                if ($a_type == "")
                {
                        if ($this->obj_type_cache[$a_ref_id] != "")
                        {
                                $a_type = $this->obj_type_cache[$a_ref_id];
                        }
                        else
                        {
                                $a_type = ilObject::_lookupType($a_ref_id, true);
                                $this->obj_type_cache[$a_ref_id] = $a_type;
                        }
                }
                $ilBench->stop("AccessControl", "0500_lookup_id_and_type");

                // get cache result
                if ($this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
                {
                        return true;
                }

                // to do: payment handling

                // check if object is in tree and not deleted
                if (!$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
                {
                        return false;
                }

                // rbac check for current object
                if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
                {
                        return false;
                }

                // check read permission for all parents
                $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
                if (!$par_check)
                {
                        return false;
                }

                // condition check (currently only implemented for read permission)
                if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
                {
                        return false;
                }

                // object type specific check
                if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
                {
                        return false;
                }

                // all checks passed
                return true;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

ilAccessHandler::clear (  ) 

Definition at line 537 of file class.ilAccessHandler.php.

        {
                $this->results = array();
                $this->last_result = "";
                $this->current_info = new ilAccessInfo();
        }

ilAccessHandler::doActivationCheck ( a_permission,
a_cmd,
a_ref_id,
a_user_id,
a_all = false 
)

check for course activation

Definition at line 426 of file class.ilAccessHandler.php.

References ilCourseItems::_getItem(), and checkAccessOfUser().

Referenced by doPathCheck().

        {
                // nothings needs to be done if current permission is write permission
                if($a_permission == 'write')
                {
                        return true;
                }

                include_once 'course/classes/class.ilCourseItems.php';
                $item_data = ilCourseItems::_getItem($a_ref_id);

                // if activation isn't enabled
                if($item_data['timing_type'] != IL_CRS_TIMINGS_ACTIVATION)
                {
                        return true;
                }
                // if within activation time
                if((time() >= $item_data['timing_start']) and
                   (time() <= $item_data['timing_end']))
                {
                        return true;
                }

                // if user has write permission
                if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
                {
                        return true;
                }
                // if current permission is visible and visible is set in activation
                if($a_permission == 'visible' and $item_data['visible'])
                {
                        return true;
                }

                // no access
                return false;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

ilAccessHandler::doCacheCheck ( a_permission,
a_cmd,
a_ref_id,
a_user_id 
)

look if result for current query is already in cache

Definition at line 286 of file class.ilAccessHandler.php.

References $ilBench, and getStoredAccessResult().

Referenced by checkAccessOfUser().

        {
                global $ilBench;
                //echo "cacheCheck<br/>";

                $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
                $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
                //var_dump($stored_access);
                if (is_array($stored_access))
                {
                        $this->current_info = $stored_access["info"];
                        //var_dump("cache-treffer:");
                        $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
                        return $stored_access["granted"];
                }
                
                // not in cache
                $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
                return false;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

ilAccessHandler::doConditionCheck ( a_permission,
a_cmd,
a_ref_id,
a_user_id,
a_obj_id,
a_type 
)

condition check (currently only implemented for read permission)

Definition at line 468 of file class.ilAccessHandler.php.

References $ilBench, $lng, ilConditionHandler::_checkAllConditionsOfTarget(), ilConditionHandler::_getConditionsOfTarget(), ilObject::_lookupTitle(), checkAccessOfUser(), and storeAccessResult().

Referenced by checkAccessOfUser().

        {
                //echo "conditionCheck<br/>";
                global $lng, $ilBench;

                $ilBench->start("AccessControl", "4000_checkAccess_condition_check");

                if ($a_permission == "read" &&
                        !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
                {
                        if(!ilConditionHandler::_checkAllConditionsOfTarget($a_obj_id))
                        {
                                $conditions = ilConditionHandler::_getConditionsOfTarget($a_obj_id, $a_type);
                                
                                foreach ($conditions as $condition)
                                {
                                        $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
                                                $lng->txt("missing_precondition").": ".
                                                ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
                                                $lng->txt("condition_".$condition["operator"])." ".
                                                $condition["value"], $condition);
                                }
                                
                                $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
                                $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
                                return false;
                        }
                }

                $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
                $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
                return true;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

ilAccessHandler::doPathCheck ( a_permission,
a_cmd,
a_ref_id,
a_user_id,
a_all = false 
)

check read permission for all parents

Definition at line 368 of file class.ilAccessHandler.php.

References $id, $ilBench, $lng, $tree, checkAccessOfUser(), doActivationCheck(), and storeAccessResult().

Referenced by checkAccessOfUser().

        {
                global $tree, $lng, $ilBench,$ilObjDataCache;

                //echo "pathCheck<br/>";
                $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
                $path = $tree->getPathId($a_ref_id);
                $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");

                $tmp_info = $this->current_info;
                //var_dump($this->tmp_info);
                                        
                foreach ($path as $id)
                {
                        if ($a_ref_id == $id)
                        {
                                continue;
                        }

                        // Check course activation
                        if($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($id)) == 'crs')
                        {
                                if(!$this->doActivationCheck($a_permission,$a_cmd,$a_ref_id,$a_user_id,$a_all))
                                {
                                        $this->storeAccessResult($a_permission,$a_cmd,$a_ref_id,false,$a_user_id);
                                        return false;
                                }
                        }
                        
                        $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);

                        if ($access == false)
                        {
                                
                                //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
                                $tmp_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);

                                if ($a_all == false)
                                {
                                        $ilBench->start("AccessControl", "3200_checkAccess_check_parents_store_result");
                                        $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id,$tmp_info);
                                        $ilBench->stop("AccessControl", "3200_checkAccess_check_parents_store_result");
                                        return false;
                                }
                        }
                }
                
                $ilBench->start("AccessControl", "3200_checkAccess_check_parents_store_result");
                $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id,$tmp_info);
                $ilBench->stop("AccessControl", "3200_checkAccess_check_parents_store_result");
                
                return true;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

ilAccessHandler::doRBACCheck ( a_permission,
a_cmd,
a_ref_id,
a_user_id 
)

rbac check for current object

Definition at line 336 of file class.ilAccessHandler.php.

References $ilBench, $ilErr, $ilLog, $lng, and storeAccessResult().

Referenced by checkAccessOfUser().

        {
                global $lng, $ilBench, $ilErr, $ilLog;
                //echo "rbacCheck<br/>";
                $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");

                if ($a_permission == "")
                {
                                $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
                                                                   get_class($this),
                                                                   $a_ref_id);
                                $ilLog->write($message,$ilLog->FATAL);
                                $ilErr->raiseError($message,$ilErr->MESSAGE);
                }
                
                $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id);

                if (!$access)
                {
                        $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("no_permission"));
                }
                
                $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id);
                $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");

                return $access;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

ilAccessHandler::doStatusCheck ( a_permission,
a_cmd,
a_ref_id,
a_user_id,
a_obj_id,
a_type 
)

object type specific check

Definition at line 506 of file class.ilAccessHandler.php.

References $ilBench, and storeAccessResult().

Referenced by checkAccessOfUser().

        {
                global $objDefinition, $ilBench;
                //echo "statusCheck<br/>";
                $ilBench->start("AccessControl", "5000_checkAccess_object_check");
                                
                $class = $objDefinition->getClassName($a_type);
                $location = $objDefinition->getLocation($a_type);
                $full_class = "ilObj".$class."Access";
                include_once($location."/class.".$full_class.".php");
                // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)

                $obj_access = call_user_func(array($full_class, "_checkAccess"),
                        $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);

                if (!($obj_access === true))
                {
                        //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_acess);
                        $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
                        $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
                        return false;
                }
                
                $ilBench->stop("AccessControl", "5000_checkAccess_object_check");

                $ilBench->start("AccessControl", "6000_checkAccess_store_access");
                $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
                $ilBench->stop("AccessControl", "6000_checkAccess_store_access");
                return true;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

ilAccessHandler::doTreeCheck ( a_permission,
a_cmd,
a_ref_id,
a_user_id 
)

check if object is in tree and not deleted

Definition at line 311 of file class.ilAccessHandler.php.

References $ilBench, $lng, $tree, and storeAccessResult().

Referenced by checkAccessOfUser().

        {
                global $tree, $lng, $ilBench;
                //echo "treeCheck<br/>";

                $ilBench->start("AccessControl", "2000_checkAccess_in_tree");

                if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
                {
                        $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
                        $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false,$a_user_id);
                        $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");

                        return false;
                }

                $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true,$a_user_id);            
                $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
                return true;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

ilAccessHandler::enable ( a_str,
a_bool 
)

Definition at line 544 of file class.ilAccessHandler.php.

        {
                $this->$a_str = $a_bool;
        }

ilAccessHandler::getInfo (  ) 

get last info object

Definition at line 256 of file class.ilAccessHandler.php.

        {
                //return $this->last_result;
                //$this->last_info->setQueryData($this->current_result_element);
                //var_dump("<pre>",$this->results,"</pre>");
                return $this->last_info->getInfoItems();
        }

ilAccessHandler::getResultAll ( a_ref_id = ""  ) 

Definition at line 272 of file class.ilAccessHandler.php.

        {
                if ($a_ref_id == "")
                {
                        return $this->results;
                }
                
                return $this->results[$a_ref_id];
        }

ilAccessHandler::getResultLast (  ) 

get last info object

Definition at line 267 of file class.ilAccessHandler.php.

        {
                return $this->last_result;
        }

ilAccessHandler::getStoredAccessResult ( a_permission,
a_cmd,
a_ref_id,
a_user_id = "" 
)

get stored access result

private

Parameters:
string $a_permission permission
string $a_cmd command string
int $a_ref_id reference id
int $a_user_id user id (if no id passed, current user id)
Returns:
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Definition at line 118 of file class.ilAccessHandler.php.

Referenced by doCacheCheck().

        {
                global $ilUser;

                if ($a_user_id == "")
                {
                        $a_user_id = $ilUser->getId();
                }
                
                /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
                {
                        $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
                }*/

                return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
        }

Here is the caller graph for this function:

ilAccessHandler::ilAccessHandler (  ) 

constructor

Definition at line 45 of file class.ilAccessHandler.php.

References $rbacsystem.

        {
                global $rbacsystem;

                $this->rbacsystem =& $rbacsystem;
                $this->results = array();
                $this->current_info = new ilAccessInfo();
                
                // use function enable to switch on/off tests (only cache is used so far)
                $this->cache = true;
                $this->rbac = true;
                $this->tree = true;
                $this->condition = true;
                $this->path = true;
                $this->status = true;
                $this->obj_id_cache = array();
                $this->obj_type_cache = array();
        }

ilAccessHandler::storeAccessResult ( a_permission,
a_cmd,
a_ref_id,
a_access_granted,
a_user_id = "",
a_info = "" 
)

store access result

private

Parameters:
string $a_permission permission
string $a_cmd command string
int $a_ref_id reference id
boolean $a_access_granted true if access is granted
int $a_user_id user id (if no id passed, current user id)

Definition at line 74 of file class.ilAccessHandler.php.

Referenced by doConditionCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

        {
                global $ilUser;

                if ($a_user_id == "")
                {
                        $a_user_id = $ilUser->getId();
                }
                
                if ($a_info == "")
                {
                        $a_info = $this->current_info;
                }

                //var_dump("<pre>",$a_permission,"</pre>");

                if ($this->cache)
                {
                        $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] = 
                                        array("granted" => $a_access_granted, "info" => $a_info);
                                                
                        $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);                     
                        $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
                        $this->last_info = $a_info;
                }

                // get new info object
                $this->current_info = new ilAccessInfo();

        }

Here is the caller graph for this function:


The documentation for this class was generated from the following file: