4 require_once(
"Services/AccessControl/classes/class.ilAccessInfo.php");
29 global $rbacsystem,
$lng;
31 $this->rbacsystem =& $rbacsystem;
32 $this->results = array();
39 $this->condition =
true;
42 $this->obj_id_cache = array();
43 $this->obj_type_cache = array();
44 $this->obj_tree_cache=array();
57 function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id =
"",$a_info =
"")
63 $a_user_id = $ilUser->getId();
68 $a_info = $this->current_info;
75 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76 array(
"granted" => $a_access_granted,
"info" => $a_info,
79 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81 $this->last_info = $a_info;
96 $this->prevent_caching_last_result = $a_val;
106 return $this->prevent_caching_last_result;
125 if ($a_user_id ==
"")
127 $a_user_id = $ilUser->getId();
135 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
137 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
144 global
$ilDB, $ilUser;
146 $query =
"DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),
'integer');
149 $ilDB->insert(
'acc_cache', array(
150 'user_id' => array(
'integer',$ilUser->getId()),
151 'time' => array(
'integer',time()),
152 'result' => array(
'clob',serialize($this->results))
158 global $ilUser,
$ilDB;
162 $query =
"SELECT * FROM acc_cache WHERE user_id = ".
163 $ilDB->quote($ilUser->getId() ,
'integer');
164 $set = $ilDB->query(
$query);
166 if ((time() - $rec[
"time"]) < $a_secs)
168 $this->results = unserialize($rec[
"result"]);
183 $this->results = $a_results;
191 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
206 function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type =
"", $a_obj_id =
"", $a_tree_id=
"")
210 return $this->
checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
226 function checkAccessOfUser($a_user_id,$a_permission, $a_cmd, $a_ref_id, $a_type =
"", $a_obj_id =
"", $a_tree_id=
"")
232 $ilBench->start(
"AccessControl",
"0400_clear_info");
233 $this->current_info->clear();
234 $ilBench->stop(
"AccessControl",
"0400_clear_info");
238 $cached = $this->
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
242 if (!$cached[
"granted"])
244 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
246 if ($cached[
"prevent_db_cache"])
250 return $cached[
"granted"];
253 $ilBench->start(
"AccessControl",
"0500_lookup_id_and_type");
257 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
259 $a_obj_id = $this->obj_id_cache[$a_ref_id];
264 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
269 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] !=
"")
271 $a_type = $this->obj_type_cache[$a_ref_id];
276 $this->obj_type_cache[$a_ref_id] = $a_type;
280 $ilBench->stop(
"AccessControl",
"0500_lookup_id_and_type");
286 if ($a_tree_id != 1 &&
287 !$this->
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
289 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
295 if (!$this->
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
297 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
303 $par_check = $this->
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
307 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
313 if (!$this->
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
315 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
322 if (!$this->
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
324 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
331 if (!$this->
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
350 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
358 return $this->last_result;
368 return $this->results[$a_ref_id];
380 $ilBench->start(
"AccessControl",
"1000_checkAccess_get_cache_result");
383 if (is_array($stored_access))
385 $this->current_info = $stored_access[
"info"];
387 $ilBench->stop(
"AccessControl",
"1000_checkAccess_get_cache_result");
388 return array(
"hit" =>
true,
"granted" => $stored_access[
"granted"],
389 "prevent_db_cache" => $stored_access[
"prevent_db_cache"]);
393 $ilBench->stop(
"AccessControl",
"1000_checkAccess_get_cache_result");
394 return array(
"hit" =>
false,
"granted" =>
false,
395 "prevent_db_cache" =>
false);
402 function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
408 $tree_cache_key = $a_user_id.
':'.$a_ref_id;
409 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
411 if (!$this->obj_tree_cache[$tree_cache_key])
413 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
415 $this->
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
417 return $this->obj_tree_cache[$tree_cache_key];
420 $ilBench->start(
"AccessControl",
"2000_checkAccess_in_tree");
422 if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
428 if (count($this->obj_tree_cache) < 1000)
430 $this->obj_tree_cache[$tree_cache_key] =
false;
434 $this->current_info->addInfoItem(
IL_DELETED, $lng->txt(
"object_deleted"));
437 $ilBench->stop(
"AccessControl",
"2000_checkAccess_in_tree");
446 if (count($this->obj_tree_cache) < 1000)
448 $this->obj_tree_cache[$tree_cache_key] =
true;
454 $ilBench->stop(
"AccessControl",
"2000_checkAccess_in_tree");
462 function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
466 $ilBench->start(
"AccessControl",
"2500_checkAccess_rbac_check");
468 if ($a_permission ==
"")
470 $message = sprintf(
'%s::doRBACCheck(): No operations given! $a_ref_id: %s',
473 $ilLog->write($message,$ilLog->FATAL);
474 $ilErr->raiseError($message,$ilErr->MESSAGE);
477 if (isset($this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id]))
479 $access = $this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id];
483 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
484 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
486 if ($a_permission !=
"create")
488 $this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id] = $access;
496 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
498 if ($a_permission !=
"create")
502 $ilBench->stop(
"AccessControl",
"2500_checkAccess_rbac_check");
511 function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all =
false)
516 $ilBench->start(
"AccessControl",
"3100_checkAccess_check_parents_get_path");
524 $path = $tree->getPathId($a_ref_id);
527 $ilBench->stop(
"AccessControl",
"3100_checkAccess_check_parents_get_path");
529 foreach (
$path as $id)
531 if ($a_ref_id == $id)
537 if($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($id)) ==
'crs')
547 if ($access ==
false)
571 $ilBench->start(
"AccessControl",
"3150_checkAccess_check_course_activation");
573 $cache_perm = ($a_permission ==
"visible")
579 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
581 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
582 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
586 if($a_permission ==
'write')
588 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
591 include_once
'Modules/Course/classes/class.ilCourseItems.php';
594 if(isset($this->ac_times[$a_ref_id]))
597 $item_data = $this->ac_times[$a_ref_id];
602 $ilLog->write(__METHOD__.
': Error preloading activation times failed.');
604 $item_data = $item_data[$a_ref_id];
611 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
612 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
617 if((time() >= $item_data[
'timing_start']) and
618 (time() <= $item_data[
'timing_end']))
620 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
621 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
628 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
629 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
633 if($a_permission ==
'visible' and $item_data[
'visible'])
635 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
636 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
640 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
false;
641 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
655 include_once(
'Modules/Course/classes/class.ilCourseItems.php');
660 if(!isset($this->ac_times[$ref_id]))
680 if (($a_permission ==
"read" or $a_permission ==
'join') &&
681 !$this->
checkAccessOfUser($a_user_id,
"write",
"", $a_ref_id, $a_type, $a_obj_id))
683 $ilBench->start(
"AccessControl",
"4000_checkAccess_condition_check");
687 foreach ($conditions as $condition)
690 $lng->txt(
"missing_precondition").
": ".
692 $lng->txt(
"condition_".$condition[
"operator"]).
" ".
693 $condition[
"value"], $condition);
695 $ilBench->stop(
"AccessControl",
"4000_checkAccess_condition_check");
698 $ilBench->stop(
"AccessControl",
"4000_checkAccess_condition_check");
708 function doStatusCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
710 global $objDefinition,
$ilBench, $ilPluginAdmin;
712 $ilBench->start(
"AccessControl",
"5000_checkAccess_object_check");
715 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
724 $class = $objDefinition->getClassName($a_type);
725 $location = $objDefinition->getLocation($a_type);
726 $full_class =
"ilObj".$class.
"Access";
727 include_once(
$location.
"/class.".$full_class.
".php");
730 $ilBench->start(
"AccessControl",
"5001_checkAccess_".$full_class.
"_check");
731 $obj_access = call_user_func(array($full_class,
"_checkAccess"),
732 $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
733 $ilBench->stop(
"AccessControl",
"5001_checkAccess_".$full_class.
"_check");
734 if (!($obj_access ===
true))
742 $ilBench->stop(
"AccessControl",
"5000_checkAccess_object_check");
747 $ilBench->stop(
"AccessControl",
"5000_checkAccess_object_check");
754 function doLicenseCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
759 if (!in_array($a_type, array(
'sahs',
'htlm'))
760 or !in_array($a_permission, array(
'read')))
766 require_once(
"Services/License/classes/class.ilLicenseAccess.php");
795 $this->current_info->addInfoItem(
IL_NO_LICENSE, $lng->txt(
"no_license_available"));
803 $this->results = array();
804 $this->last_result =
"";
810 $this->$a_str = $a_bool;