4 require_once(
"Services/AccessControl/classes/class.ilAccessInfo.php");
29 global $rbacsystem,
$lng;
31 $this->rbacsystem =& $rbacsystem;
32 $this->results = array();
39 $this->condition =
true;
42 $this->obj_id_cache = array();
43 $this->obj_type_cache = array();
44 $this->obj_tree_cache=array();
57 function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id =
"",$a_info =
"")
63 $a_user_id = $ilUser->getId();
68 $a_info = $this->current_info;
75 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76 array(
"granted" => $a_access_granted,
"info" => $a_info,
79 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81 $this->last_info = $a_info;
96 $this->prevent_caching_last_result = $a_val;
106 return $this->prevent_caching_last_result;
125 if ($a_user_id ==
"")
127 $a_user_id = $ilUser->getId();
135 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
137 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
146 $query =
"DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),
'integer');
149 $ilDB->insert(
'acc_cache', array(
150 'user_id' => array(
'integer',$ilUser->getId()),
151 'time' => array(
'integer',time()),
152 'result' => array(
'clob',serialize($this->results))
162 $query =
"SELECT * FROM acc_cache WHERE user_id = ".
163 $ilDB->quote($ilUser->getId() ,
'integer');
164 $set = $ilDB->query(
$query);
166 if ((time() - $rec[
"time"]) < $a_secs)
168 $this->results = unserialize($rec[
"result"]);
183 $this->results = $a_results;
191 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
206 function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type =
"", $a_obj_id =
"", $a_tree_id=
"")
210 return $this->
checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
226 function checkAccessOfUser($a_user_id,$a_permission, $a_cmd, $a_ref_id, $a_type =
"", $a_obj_id =
"", $a_tree_id=
"")
232 $ilBench->start(
"AccessControl",
"0400_clear_info");
233 $this->current_info->clear();
234 $ilBench->stop(
"AccessControl",
"0400_clear_info");
238 $cached = $this->
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
242 if (!$cached[
"granted"])
244 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
246 if ($cached[
"prevent_db_cache"])
250 return $cached[
"granted"];
253 $ilBench->start(
"AccessControl",
"0500_lookup_id_and_type");
257 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
259 $a_obj_id = $this->obj_id_cache[$a_ref_id];
264 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
269 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] !=
"")
271 $a_type = $this->obj_type_cache[$a_ref_id];
276 $this->obj_type_cache[$a_ref_id] = $a_type;
280 $ilBench->stop(
"AccessControl",
"0500_lookup_id_and_type");
286 if ($a_tree_id != 1 &&
287 !$this->
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
289 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
295 if (!$this->
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
297 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
303 $act_check = $this->
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
306 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
'status_no_permission'));
312 $par_check = $this->
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
316 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
322 if (!$this->
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
324 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
331 if (!$this->
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
333 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
340 if (!$this->
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
359 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
367 return $this->last_result;
377 return $this->results[$a_ref_id];
389 $ilBench->start(
"AccessControl",
"1000_checkAccess_get_cache_result");
392 if (is_array($stored_access))
394 $this->current_info = $stored_access[
"info"];
396 $ilBench->stop(
"AccessControl",
"1000_checkAccess_get_cache_result");
397 return array(
"hit" =>
true,
"granted" => $stored_access[
"granted"],
398 "prevent_db_cache" => $stored_access[
"prevent_db_cache"]);
402 $ilBench->stop(
"AccessControl",
"1000_checkAccess_get_cache_result");
403 return array(
"hit" =>
false,
"granted" =>
false,
404 "prevent_db_cache" =>
false);
411 function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
417 $tree_cache_key = $a_user_id.
':'.$a_ref_id;
418 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
420 if (!$this->obj_tree_cache[$tree_cache_key])
422 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
424 $this->
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
426 return $this->obj_tree_cache[$tree_cache_key];
429 $ilBench->start(
"AccessControl",
"2000_checkAccess_in_tree");
431 if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
437 if (count($this->obj_tree_cache) < 1000)
439 $this->obj_tree_cache[$tree_cache_key] =
false;
443 $this->current_info->addInfoItem(
IL_DELETED, $lng->txt(
"object_deleted"));
446 $ilBench->stop(
"AccessControl",
"2000_checkAccess_in_tree");
455 if (count($this->obj_tree_cache) < 1000)
457 $this->obj_tree_cache[$tree_cache_key] =
true;
463 $ilBench->stop(
"AccessControl",
"2000_checkAccess_in_tree");
471 function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
475 $ilBench->start(
"AccessControl",
"2500_checkAccess_rbac_check");
477 if ($a_permission ==
"")
479 $message = sprintf(
'%s::doRBACCheck(): No operations given! $a_ref_id: %s',
482 $ilLog->write($message,$ilLog->FATAL);
483 $ilErr->raiseError($message,$ilErr->MESSAGE);
486 if (isset($this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id]))
488 $access = $this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id];
492 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
493 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
495 if ($a_permission !=
"create")
497 $this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id] = $access;
505 $this->current_info->addInfoItem(
IL_NO_PERMISSION, $lng->txt(
"status_no_permission"));
507 if ($a_permission !=
"create")
511 $ilBench->stop(
"AccessControl",
"2500_checkAccess_rbac_check");
520 function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all =
false)
525 $ilBench->start(
"AccessControl",
"3100_checkAccess_check_parents_get_path");
533 $path = $tree->getPathId($a_ref_id);
536 $ilBench->stop(
"AccessControl",
"3100_checkAccess_check_parents_get_path");
538 foreach (
$path as $id)
540 if ($a_ref_id == $id)
547 if ($access ==
false)
571 $ilBench->start(
"AccessControl",
"3150_checkAccess_check_course_activation");
573 $cache_perm = ($a_permission ==
"visible")
579 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
581 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
582 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
586 if($a_permission ==
'write')
588 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
593 if($a_user_id == $ilUser->getId())
596 include_once
'./Services/Container/classes/class.ilMemberViewSettings.php';
598 if($memview->isActiveForRefId($a_ref_id) &&
599 $memview->getContainer() == $a_ref_id)
605 include_once
'Services/Object/classes/class.ilObjectActivation.php';
609 if($item_data === NULL ||
612 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
613 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
618 if((time() >= $item_data[
'timing_start']) and
619 (time() <= $item_data[
'timing_end']))
621 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
622 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
629 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
630 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
634 if($a_permission ==
'visible' and $item_data[
'visible'])
636 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
637 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
641 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
false;
642 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
656 ($a_permission ==
'visible') and
657 !$this->
checkAccessOfUser($a_user_id,
"write",
"", $a_ref_id, $a_type, $a_obj_id)
665 foreach ($conditions as $condition)
668 $lng->txt(
"missing_precondition").
": ".
670 $lng->txt(
"condition_".$condition[
"operator"]).
" ".
671 $condition[
"value"], $condition);
675 $ilBench->stop(
"AccessControl",
"4000_checkAccess_condition_check");
680 if (($a_permission ==
"read" or $a_permission ==
'join') &&
681 !$this->
checkAccessOfUser($a_user_id,
"write",
"", $a_ref_id, $a_type, $a_obj_id))
683 $ilBench->start(
"AccessControl",
"4000_checkAccess_condition_check");
687 foreach ($conditions as $condition)
690 $lng->txt(
"missing_precondition").
": ".
692 $lng->txt(
"condition_".$condition[
"operator"]).
" ".
693 $condition[
"value"], $condition);
695 $ilBench->stop(
"AccessControl",
"4000_checkAccess_condition_check");
698 $ilBench->stop(
"AccessControl",
"4000_checkAccess_condition_check");
708 function doStatusCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
710 global $objDefinition,
$ilBench, $ilPluginAdmin;
712 $ilBench->start(
"AccessControl",
"5000_checkAccess_object_check");
715 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
724 $class = $objDefinition->getClassName($a_type);
725 $location = $objDefinition->getLocation($a_type);
726 $full_class =
"ilObj".$class.
"Access";
727 include_once(
$location.
"/class.".$full_class.
".php");
730 $ilBench->start(
"AccessControl",
"5001_checkAccess_".$full_class.
"_check");
731 $obj_access = call_user_func(array($full_class,
"_checkAccess"),
732 $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
733 $ilBench->stop(
"AccessControl",
"5001_checkAccess_".$full_class.
"_check");
734 if (!($obj_access ===
true))
742 $ilBench->stop(
"AccessControl",
"5000_checkAccess_object_check");
747 $ilBench->stop(
"AccessControl",
"5000_checkAccess_object_check");
754 function doLicenseCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
759 if (!in_array($a_type, array(
'sahs',
'htlm'))
760 or !in_array($a_permission, array(
'read')))
766 require_once(
"Services/License/classes/class.ilLicenseAccess.php");
795 $this->current_info->addInfoItem(
IL_NO_LICENSE, $lng->txt(
"no_license_available"));
803 $this->results = array();
804 $this->last_result =
"";
810 $this->$a_str = $a_bool;
1.8.1.2 (using Doxyfile)
