ILIAS Release_3_4_x_branch .rev 46804: classes/class.ilRbacSystem.php Source File

Go to the documentation of this file.
00001 <?php
00002 /*
00003         +-----------------------------------------------------------------------------+
00004         | ILIAS open source                                                           |
00005         +-----------------------------------------------------------------------------+
00006         | Copyright (c) 1998-2001 ILIAS open source, University of Cologne            |
00007         |                                                                             |
00008         | This program is free software; you can redistribute it and/or               |
00009         | modify it under the terms of the GNU General Public License                 |
00010         | as published by the Free Software Foundation; either version 2              |
00011         | of the License, or (at your option) any later version.                      |
00012         |                                                                             |
00013         | This program is distributed in the hope that it will be useful,             |
00014         | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
00015         | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
00016         | GNU General Public License for more details.                                |
00017         |                                                                             |
00018         | You should have received a copy of the GNU General Public License           |
00019         | along with this program; if not, write to the Free Software                 |
00020         | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
00021         +-----------------------------------------------------------------------------+
00022 */
00023 
00024 
00036 class ilRbacSystem
00037 {
00038         var $ilias;
00039 
00044         function ilRbacSystem()
00045         {
00046                 global $ilDB,$ilErr,$ilias;
00047 
00048                 $this->ilias =& $ilias;
00049 
00050                 // set db & error handler
00051                 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00052                 
00053                 if (!isset($ilErr))
00054                 {
00055                         $ilErr = new ilErrorHandling();
00056                         $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00057                 }
00058                 else
00059                 {
00060                         $this->ilErr =& $ilErr;
00061                 }
00062         }
00063         
00083         function checkAccess($a_operations,$a_ref_id,$a_type = "")
00084         {
00085                 global $ilUser,$ilBench;
00086                 
00087                 $ilBench->start("RBAC", "system_checkAccess");
00088 
00089                 $result = $this->checkAccessOfUser($ilUser->getId(), $a_operations, $a_ref_id, $a_type);
00090 
00091                 $ilBench->stop("RBAC", "system_checkAccess");
00092                 
00093                 return $result;
00094         }
00095         
00096         function checkAccessOfUser($a_user_id, $a_operations, $a_ref_id, $a_type = "")
00097         {
00098                 global $ilUser, $rbacreview;
00099                 
00100                 // get roles
00101                 if ($a_user_id == $ilUser->getId())
00102                 {
00103                         $roles = $_SESSION["RoleId"];
00104                 }
00105                 else
00106                 {
00107                         $roles = $rbacreview->assignedRoles($a_user_id);
00108                 }
00109                 
00110                 // exclude system role from rbac
00111                 if (in_array(SYSTEM_ROLE_ID, $roles))
00112                 {
00113                         return true;            
00114                 }
00115 
00116                 if (!isset($a_operations) or !isset($a_ref_id))
00117                 {
00118                         $this->ilErr->raiseError(get_class($this)."::checkAccess(): Missing parameter! ".
00119                                                         "ref_id: ".$a_ref_id." operations: ".$a_operations,$this->ilErr->WARNING);
00120                 }
00121 
00122                 if (!is_string($a_operations))
00123                 {
00124                         $this->ilErr->raiseError(get_class($this)."::checkAccess(): Wrong datatype for operations!",$this->ilErr->WARNING);
00125                 }
00126 
00127                 $operations = explode(",",$a_operations);
00128 
00129                 if(!$this->checkPreconditions($operations, $a_ref_id, $a_user_id))
00130                 {
00131                         return false;
00132                 }
00133 
00134                 foreach ($operations as $operation)
00135                 {
00136                         if ($operation == "create")
00137                         {
00138                                 if (empty($a_type))
00139                                 {
00140                                         $this->ilErr->raiseError(get_class($this)."::CheckAccess(): Expect a type definition for checking a 'create' permission",
00141                                                                                          $this->ilErr->WARNING);
00142                                 }
00143                                 
00144                                 $ops_id = getOperationId($operation."_".$a_type);
00145                         }
00146                         else
00147                         {
00148                                 $ops_id = getOperationId($operation);
00149                         }
00150                         
00151                         // Um nur eine Abfrage zu haben
00152                         $in = " IN ('";
00153                         $in .= implode("','", $roles);
00154                         $in .= "')";
00155 
00156                         $q = "SELECT * FROM rbac_pa ".
00157                                  "WHERE rol_id ".$in." ".
00158                                  "AND ref_id = '".$a_ref_id."' ";
00159                         $r = $this->ilDB->query($q);
00160 
00161                         $ops = array();
00162 
00163                         while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00164                         {
00165                                 $ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
00166                         }
00167                         if (in_array($ops_id,$ops))
00168                         {
00169                                 continue;
00170                         }
00171                         else
00172                         {
00173                                 return false;
00174                         }
00175                 }
00176                 
00177                 return true;
00178     }
00179         
00188         function checkPermission($a_ref_id,$a_rol_id,$a_operation)
00189         {
00190                 $ops = array();
00191 
00192                 $q = "SELECT ops_id FROM rbac_operations ".
00193                                  "WHERE operation ='".$a_operation."'";
00194                 
00195                 $r = $this->ilDB->query($q);
00196 
00197                 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00198                 {
00199                         $ops_id = $row->ops_id;
00200                 }
00201         
00202                 $q = "SELECT * FROM rbac_pa ".
00203                          "WHERE rol_id = '".$a_rol_id."' ".
00204                          "AND ref_id = '".$a_ref_id."' ";
00205                 
00206                 $r = $this->ilDB->query($q);
00207 
00208                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00209                 {
00210                         $ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
00211                 }
00212                 return in_array($ops_id,$ops);
00213         }
00214 
00215         function checkPreconditions($a_operations,$a_ref_id, $a_user_id = "")
00216         {
00217                 if ($a_user_id == "")
00218                 {
00219                         $a_user_id = $this->ilias->account->getId();
00220                 }
00221                 
00222                 // get obj_type 
00223                 $query = "SELECT type FROM object_data AS obd,object_reference AS obr ".
00224                         "WHERE obd.obj_id = obr.obj_id AND ".
00225                         "obr.ref_id = '".$a_ref_id."'";
00226                 
00227                 $res = $this->ilDB->query($query);
00228                 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00229                 {
00230                         $type = $row->type;
00231                 }
00232                 switch($type)
00233                 {
00234                         case "crs":
00235                                 if(in_array('visible',$a_operations) or in_array('join',$a_operations) or in_array('leave',$a_operations))
00236                                 {
00237                                         return true;
00238                                 }
00239                                 $tmp_obj =& ilObjectFactory::getInstanceByRefId($a_ref_id);
00240                                 $tmp_obj->initCourseMemberObject();
00241 
00242                                 // CHECK COURSE SPECIFIC THINGS
00243                                 if(!$tmp_obj->members_obj->hasAccess($a_user_id))
00244                                 {
00245                                         unset($tmp_obj);
00246                                         return false;
00247                                 }
00248                                 unset($tmp_obj);
00249                                 return true;
00250 
00251                         default:
00252                                 return true;
00253                 }
00254         }
00255 } // END class.RbacSystem
00256 ?>