Public Member Functions | |
| ilAccessHandler () | |
| constructor | |
| storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="") | |
| store access result | |
| getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="") | |
| get stored access result | |
| addInfoItem ($a_type, $a_text, $a_data="") | |
| add an info item to current info object | |
| checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="") | |
| check access for an object (provide $a_type and $a_obj_id if available for better performance) | |
| checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="") | |
| check access for an object (provide $a_type and $a_obj_id if available for better performance) | |
| getInfo () | |
| get last info object | |
| getResultLast () | |
| get last info object | |
| getResultAll ($a_ref_id="") | |
| doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id) | |
| look if result for current query is already in cache | |
| doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id) | |
| check if object is in tree and not deleted | |
| doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id) | |
| rbac check for current object | |
| doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false) | |
| check read permission for all parents | |
| doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type) | |
| condition check (currently only implemented for read permission) | |
| doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type) | |
| object type specific check | |
| clear () | |
| enable ($a_str, $a_bool) | |
Detailed Description
Definition at line 36 of file class.ilAccessHandler.php.
Member Function Documentation
| ilAccessHandler::addInfoItem | ( | $ | a_type, | |
| $ | a_text, | |||
| $ | a_data = "" | |||
| ) |
add an info item to current info object
Definition at line 135 of file class.ilAccessHandler.php.
{
$this->current_info->addInfoItem($a_type, $a_text, $a_data);
}
| ilAccessHandler::checkAccess | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_type = "", |
|||
| $ | a_obj_id = "" | |||
| ) |
check access for an object (provide $a_type and $a_obj_id if available for better performance)
- Parameters:
-
string $a_permission string $a_cmd int $a_ref_id string $a_type (optional) int $a_obj_id (optional)
Definition at line 151 of file class.ilAccessHandler.php.
References $ilUser, and checkAccessOfUser().
{
global $ilUser;
return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id);
}
Here is the call graph for this function:
| ilAccessHandler::checkAccessOfUser | ( | $ | a_user_id, | |
| $ | a_permission, | |||
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_type = "", |
|||
| $ | a_obj_id = "" | |||
| ) |
check access for an object (provide $a_type and $a_obj_id if available for better performance)
- Parameters:
-
integer $a_user_id string $a_permission string $a_cmd int $a_ref_id string $a_type (optional) int $a_obj_id (optional)
Definition at line 170 of file class.ilAccessHandler.php.
References $ilBench, ilObject::_lookupObjId(), ilObject::_lookupType(), doCacheCheck(), doConditionCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().
Referenced by checkAccess(), doConditionCheck(), and doPathCheck().
{
global $ilBench;
$ilBench->start("AccessControl", "0400_clear_info");
$this->current_info->clear();
$ilBench->stop("AccessControl", "0400_clear_info");
$ilBench->start("AccessControl", "0500_lookup_id_and_type");
// get object id if not provided
if ($a_obj_id == "")
{
if ($this->obj_id_cache[$a_ref_id] > 0)
{
$a_obj_id = $this->obj_id_cache[$a_ref_id];
}
else
{
$a_obj_id = ilObject::_lookupObjId($a_ref_id);
$this->obj_id_cache[$a_ref_id] = $a_obj_id;
}
}
if ($a_type == "")
{
if ($this->obj_type_cache[$a_ref_id] != "")
{
$a_type = $this->obj_type_cache[$a_ref_id];
}
else
{
$a_type = ilObject::_lookupType($a_ref_id, true);
$this->obj_type_cache[$a_ref_id] = $a_type;
}
}
$ilBench->stop("AccessControl", "0500_lookup_id_and_type");
// get cache result
if ($this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
{
return true;
}
// to do: payment handling
// check if object is in tree and not deleted
if (!$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
{
return false;
}
// rbac check for current object
if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
{
return false;
}
// check read permission for all parents
if (!$this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
{
return false;
}
// condition check (currently only implemented for read permission)
if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
{
return false;
}
// object type specific check
if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
{
return false;
}
// all checks passed
return true;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAccessHandler::clear | ( | ) |
Definition at line 479 of file class.ilAccessHandler.php.
{
$this->results = array();
$this->last_result = "";
$this->current_info = new ilAccessInfo();
}
| ilAccessHandler::doCacheCheck | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_user_id | |||
| ) |
look if result for current query is already in cache
Definition at line 281 of file class.ilAccessHandler.php.
References $ilBench, and getStoredAccessResult().
Referenced by checkAccessOfUser().
{
global $ilBench;
//echo "cacheCheck<br/>";
$ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
$stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
//var_dump($stored_access);
if (is_array($stored_access))
{
$this->current_info = $stored_access["info"];
//var_dump("cache-treffer:");
$ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
return $stored_access["granted"];
}
// not in cache
$ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
return false;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAccessHandler::doConditionCheck | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_user_id, | |||
| $ | a_obj_id, | |||
| $ | a_type | |||
| ) |
condition check (currently only implemented for read permission)
Definition at line 410 of file class.ilAccessHandler.php.
References $ilBench, $lng, ilConditionHandler::_checkAllConditionsOfTarget(), ilConditionHandler::_getConditionsOfTarget(), ilObject::_lookupTitle(), checkAccessOfUser(), and storeAccessResult().
Referenced by checkAccessOfUser().
{
//echo "conditionCheck<br/>";
global $lng, $ilBench;
$ilBench->start("AccessControl", "4000_checkAccess_condition_check");
if ($a_permission == "read" &&
!$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
{
if(!ilConditionHandler::_checkAllConditionsOfTarget($a_obj_id))
{
$conditions = ilConditionHandler::_getConditionsOfTarget($a_obj_id, $a_type);
foreach ($conditions as $condition)
{
$this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
$lng->txt("missing_precondition").": ".
ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
$lng->txt("condition_".$condition["operator"])." ".
$condition["value"], $condition);
}
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
$ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
return false;
}
}
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
$ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
return true;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAccessHandler::doPathCheck | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_user_id, | |||
| $ | a_all = false | |||
| ) |
check read permission for all parents
Definition at line 363 of file class.ilAccessHandler.php.
References $id, $ilBench, $lng, $path, $tree, checkAccessOfUser(), and storeAccessResult().
Referenced by checkAccessOfUser().
{
global $tree, $lng, $ilBench;
//echo "pathCheck<br/>";
$ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
$path = $tree->getPathId($a_ref_id);
$ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
$tmp_info = $this->current_info;
//var_dump($this->tmp_info);
foreach ($path as $id)
{
if ($a_ref_id == $id)
{
continue;
}
$access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
if ($access == false)
{
//$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
$tmp_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
if ($a_all == false)
{
$ilBench->start("AccessControl", "3200_checkAccess_check_parents_store_result");
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id,$tmp_info);
$ilBench->stop("AccessControl", "3200_checkAccess_check_parents_store_result");
return false;
}
}
}
$ilBench->start("AccessControl", "3200_checkAccess_check_parents_store_result");
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id,$tmp_info);
$ilBench->stop("AccessControl", "3200_checkAccess_check_parents_store_result");
return true;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAccessHandler::doRBACCheck | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_user_id | |||
| ) |
rbac check for current object
Definition at line 331 of file class.ilAccessHandler.php.
References $ilBench, $ilErr, $ilLog, $lng, and storeAccessResult().
Referenced by checkAccessOfUser().
{
global $lng, $ilBench, $ilErr, $ilLog;
//echo "rbacCheck<br/>";
$ilBench->start("AccessControl", "2000_checkAccess_rbac_check");
if ($a_permission == "")
{
$message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
get_class($this),
$a_ref_id);
$ilLog->write($message,$ilLog->FATAL);
$ilErr->raiseError($message,$ilErr->MESSAGE);
}
$access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id);
if (!$access)
{
$this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("no_permission"));
}
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $access,$a_user_id);
$ilBench->stop("AccessControl", "2000_checkAccess_rbac_check");
return $access;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAccessHandler::doStatusCheck | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_user_id, | |||
| $ | a_obj_id, | |||
| $ | a_type | |||
| ) |
object type specific check
Definition at line 448 of file class.ilAccessHandler.php.
References $ilBench, $objDefinition, and storeAccessResult().
Referenced by checkAccessOfUser().
{
global $objDefinition, $ilBench;
//echo "statusCheck<br/>";
$ilBench->start("AccessControl", "5000_checkAccess_object_check");
$class = $objDefinition->getClassName($a_type);
$location = $objDefinition->getLocation($a_type);
$full_class = "ilObj".$class."Access";
include_once($location."/class.".$full_class.".php");
// static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
$obj_access = call_user_func(array($full_class, "_checkAccess"),
$a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
if (!($obj_access === true))
{
//$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_acess);
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
$ilBench->stop("AccessControl", "5000_checkAccess_object_check");
return false;
}
$ilBench->stop("AccessControl", "5000_checkAccess_object_check");
$ilBench->start("AccessControl", "6000_checkAccess_store_access");
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
$ilBench->stop("AccessControl", "6000_checkAccess_store_access");
return true;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAccessHandler::doTreeCheck | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_user_id | |||
| ) |
check if object is in tree and not deleted
Definition at line 306 of file class.ilAccessHandler.php.
References $ilBench, $lng, $tree, and storeAccessResult().
Referenced by checkAccessOfUser().
{
global $tree, $lng, $ilBench;
//echo "treeCheck<br/>";
$ilBench->start("AccessControl", "2000_checkAccess_in_tree");
if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
{
$this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false,$a_user_id);
$ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
return false;
}
$this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true,$a_user_id);
$ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
return true;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAccessHandler::enable | ( | $ | a_str, | |
| $ | a_bool | |||
| ) |
Definition at line 486 of file class.ilAccessHandler.php.
{
$this->$a_str = $a_bool;
}
| ilAccessHandler::getInfo | ( | ) |
get last info object
Definition at line 251 of file class.ilAccessHandler.php.
{
//return $this->last_result;
//$this->last_info->setQueryData($this->current_result_element);
//var_dump("<pre>",$this->results,"</pre>");
return $this->last_info->getInfoItems();
}
| ilAccessHandler::getResultAll | ( | $ | a_ref_id = "" |
) |
Definition at line 267 of file class.ilAccessHandler.php.
{
if ($a_ref_id == "")
{
return $this->results;
}
return $this->results[$a_ref_id];
}
| ilAccessHandler::getResultLast | ( | ) |
get last info object
Definition at line 262 of file class.ilAccessHandler.php.
{
return $this->last_result;
}
| ilAccessHandler::getStoredAccessResult | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_user_id = "" | |||
| ) |
get stored access result
private
- Parameters:
-
string $a_permission permission string $a_cmd command string int $a_ref_id reference id int $a_user_id user id (if no id passed, current user id)
- Returns:
- array result array: "granted" (boolean) => true if access is granted "info" (object) => info object
Definition at line 114 of file class.ilAccessHandler.php.
References $ilUser.
Referenced by doCacheCheck().
{
global $ilUser;
if ($a_user_id == "")
{
$a_user_id = $ilUser->getId();
}
/*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
{
$this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
}*/
return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
}
Here is the caller graph for this function:
| ilAccessHandler::ilAccessHandler | ( | ) |
constructor
Definition at line 41 of file class.ilAccessHandler.php.
References $rbacsystem.
{
global $rbacsystem;
$this->rbacsystem =& $rbacsystem;
$this->results = array();
$this->current_info = new ilAccessInfo();
// use function enable to switch on/off tests (only cache is used so far)
$this->cache = true;
$this->rbac = true;
$this->tree = true;
$this->condition = true;
$this->path = true;
$this->status = true;
$this->obj_id_cache = array();
$this->obj_type_cache = array();
}
| ilAccessHandler::storeAccessResult | ( | $ | a_permission, | |
| $ | a_cmd, | |||
| $ | a_ref_id, | |||
| $ | a_access_granted, | |||
| $ | a_user_id = "", |
|||
| $ | a_info = "" | |||
| ) |
store access result
private
- Parameters:
-
string $a_permission permission string $a_cmd command string int $a_ref_id reference id boolean $a_access_granted true if access is granted int $a_user_id user id (if no id passed, current user id)
Definition at line 70 of file class.ilAccessHandler.php.
References $ilUser.
Referenced by doConditionCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().
{
global $ilUser;
if ($a_user_id == "")
{
$a_user_id = $ilUser->getId();
}
if ($a_info == "")
{
$a_info = $this->current_info;
}
//var_dump("<pre>",$a_permission,"</pre>");
if ($this->cache)
{
$this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
array("granted" => $a_access_granted, "info" => $a_info);
$this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
$this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
$this->last_info = $a_info;
}
// get new info object
$this->current_info = new ilAccessInfo();
}
Here is the caller graph for this function:
The documentation for this class was generated from the following file:
- Services/AccessControl/classes/class.ilAccessHandler.php
