Go to the documentation of this file.00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00036 class ilRbacSystem
00037 {
00038 protected static $user_role_cache = array();
00039 var $ilias;
00040
00045 function ilRbacSystem()
00046 {
00047 global $ilDB,$ilErr,$ilias;
00048
00049 $this->ilias =& $ilias;
00050
00051
00052 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00053
00054 if (!isset($ilErr))
00055 {
00056 $ilErr = new ilErrorHandling();
00057 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00058 }
00059 else
00060 {
00061 $this->ilErr =& $ilErr;
00062 }
00063 }
00064
00084 function checkAccess($a_operations,$a_ref_id,$a_type = "")
00085 {
00086 global $ilUser,$ilBench;
00087
00088 $ilBench->start("RBAC", "system_checkAccess");
00089
00090 $result = $this->checkAccessOfUser($ilUser->getId(), $a_operations, $a_ref_id, $a_type);
00091
00092 $ilBench->stop("RBAC", "system_checkAccess");
00093
00094 return $result;
00095 }
00096
00097 function checkAccessOfUser($a_user_id, $a_operations, $a_ref_id, $a_type = "")
00098 {
00099 global $ilUser, $rbacreview,$ilObjDataCache,$ilDB;
00100
00101 #echo ++$counter;
00102
00103
00104
00105
00106
00107
00108 if(!$a_operations = $this->__filterOwnerPermissions($a_user_id,$a_operations,$a_ref_id))
00109 {
00110 return true;
00111 }
00112
00113
00114
00115 $roles = $this->fetchAssignedRoles($a_user_id);
00116
00117
00118
00119 if (in_array(SYSTEM_ROLE_ID, $roles))
00120 {
00121 return true;
00122 }
00123
00124 if (!isset($a_operations) or !isset($a_ref_id))
00125 {
00126 $this->ilErr->raiseError(get_class($this)."::checkAccess(): Missing parameter! ".
00127 "ref_id: ".$a_ref_id." operations: ".$a_operations,$this->ilErr->WARNING);
00128 }
00129
00130 if (!is_string($a_operations))
00131 {
00132 $this->ilErr->raiseError(get_class($this)."::checkAccess(): Wrong datatype for operations!",$this->ilErr->WARNING);
00133 }
00134
00135 $operations = explode(",",$a_operations);
00136
00137
00138 foreach ($operations as $operation)
00139 {
00140 if ($operation == "create")
00141 {
00142 if (empty($a_type))
00143 {
00144 $this->ilErr->raiseError(get_class($this)."::CheckAccess(): Expect a type definition for checking a 'create' permission",
00145 $this->ilErr->WARNING);
00146 }
00147
00148 $ops_id = ilRbacReview::_getOperationIdByName($operation."_".$a_type);
00149 }
00150 else
00151 {
00152 $ops_id = ilRbacReview::_getOperationIdByName($operation);
00153 }
00154
00155
00156 $in = " IN (";
00157 $in .= implode(",",ilUtil::quoteArray($roles));
00158 $in .= ")";
00159
00160 $q = "SELECT * FROM rbac_pa ".
00161 "WHERE rol_id ".$in." ".
00162 "AND ref_id = ".$ilDB->quote($a_ref_id)." ";
00163 $r = $this->ilDB->query($q);
00164
00165 $ops = array();
00166
00167 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00168 {
00169 $ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
00170 }
00171 if (in_array($ops_id,$ops))
00172 {
00173 continue;
00174 }
00175 else
00176 {
00177 return false;
00178 }
00179 }
00180
00181 return true;
00182 }
00183
00192 function checkPermission($a_ref_id,$a_rol_id,$a_operation)
00193 {
00194 global $ilDB;
00195
00196 $ops = array();
00197
00198 $q = "SELECT ops_id FROM rbac_operations ".
00199 "WHERE operation = ".$ilDB->quote($a_operation)." ";
00200
00201 $r = $this->ilDB->query($q);
00202
00203 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00204 {
00205 $ops_id = $row->ops_id;
00206 }
00207
00208 $q = "SELECT * FROM rbac_pa ".
00209 "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".
00210 "AND ref_id = ".$ilDB->quote($a_ref_id)." ";
00211
00212 $r = $this->ilDB->query($q);
00213
00214 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00215 {
00216 $ops = array_merge($ops,unserialize(stripslashes($row->ops_id)));
00217 }
00218 return in_array($ops_id,$ops);
00219 }
00220
00221 function __filterOwnerPermissions($a_user_id,$a_operations,$a_ref_id)
00222 {
00223 global $ilObjDataCache;
00224
00225 if($a_user_id != $ilObjDataCache->lookupOwner($ilObjDataCache->lookupObjId($a_ref_id)))
00226 {
00227 return $a_operations;
00228 }
00229
00230 foreach(explode(",",$a_operations) as $operation)
00231 {
00232 if($operation != 'edit_permission' and !preg_match('/^create/',$operation))
00233 {
00234 continue;
00235 }
00236 if(!strlen($new_ops))
00237 {
00238 $new_ops = $operation;
00239 }
00240 else
00241 {
00242 $new_ops .= (','.$operation);
00243 }
00244 }
00245 return $new_ops;
00246 }
00247
00256 private function fetchAssignedRoles($a_usr_id)
00257 {
00258 global $ilUser,$rbacreview;
00259
00260 if(isset(self::$user_role_cache[$a_usr_id]) and is_array(self::$user_role_cache))
00261 {
00262 return self::$user_role_cache[$a_usr_id];
00263 }
00264 return self::$user_role_cache[$a_usr_id] = $rbacreview->assignedRoles($a_usr_id);
00265 }
00266
00267 }
00268 ?>
