ILIAS  release_4-4 Revision
class.ilPortfolioAccessHandler.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 include_once "Modules/Portfolio/classes/class.ilObjPortfolio.php";
6 include_once "Modules/Group/classes/class.ilGroupParticipants.php";
7 include_once "Modules/Course/classes/class.ilCourseParticipants.php";
8 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
9 
18 class ilPortfolioAccessHandler
19 {
20  public function __construct()
21  {
22  global $lng;
23  $lng->loadLanguageModule("wsp");
24  }
25 
35  public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
36  {
37  global $ilUser;
38 
39  return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_node_id, $a_type);
40  }
41 
52  public function checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
53  {
54  global $rbacreview, $ilUser, $ilSetting;
55 
56  // #12059
57  if (!$ilSetting->get('user_portfolios'))
58  {
59  return false;
60  }
61 
62  // :TODO: create permission for parent node with type ?!
63 
64  $pf = new ilObjPortfolio($a_node_id, false);
65  if(!$pf->getId())
66  {
67  return false;
68  }
69 
70  // portfolio owner has all rights
71  if($pf->getOwner() == $a_user_id)
72  {
73  return true;
74  }
75 
76  // #11921
77  if(!$pf->isOnline())
78  {
79  return false;
80  }
81 
82  // other users can only read
83  if($a_permission == "read" || $a_permission == "visible")
84  {
85  // get all objects with explicit permission
86  $objects = $this->getPermissions($a_node_id);
87  if($objects)
88  {
89  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
90 
91  // check if given user is member of object or has role
92  foreach($objects as $obj_id)
93  {
94  switch($obj_id)
95  {
96  case ilWorkspaceAccessGUI::PERMISSION_ALL:
97  return true;
98 
99  case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD:
100  // check against input kept in session
101  if(self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
102  $a_permission == "visible")
103  {
104  return true;
105  }
106  break;
107 
108  case ilWorkspaceAccessGUI::PERMISSION_REGISTERED:
109  if($ilUser->getId() != ANONYMOUS_USER_ID)
110  {
111  return true;
112  }
113  break;
114 
115  default:
116  switch(ilObject::_lookupType($obj_id))
117  {
118  case "grp":
119  // member of group?
120  if(ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
121  {
122  return true;
123  }
124  break;
125 
126  case "crs":
127  // member of course?
128  if(ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
129  {
130  return true;
131  }
132  break;
133 
134  case "role":
135  // has role?
136  if($rbacreview->isAssigned($a_user_id, $obj_id))
137  {
138  return true;
139  }
140  break;
141 
142  case "usr":
143  // direct assignment
144  if($a_user_id == $obj_id)
145  {
146  return true;
147  }
148  break;
149  }
150  break;
151  }
152  }
153  }
154  }
155 
156  return false;
157  }
158 
165  public function setPermissions($a_parent_node_id, $a_node_id)
166  {
167  // nothing to do as owner has irrefutable rights to any portfolio object
168  }
169 
177  public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
178  {
179  global $ilDB, $ilUser;
180 
181  // current owner must not be added
182  if($a_object_id == $ilUser->getId())
183  {
184  return;
185  }
186 
187  $ilDB->manipulate("INSERT INTO usr_portf_acl (node_id, object_id, extended_data, tstamp)".
188  " VALUES (".$ilDB->quote($a_node_id, "integer").", ".
189  $ilDB->quote($a_object_id, "integer").",".
190  $ilDB->quote($a_extended_data, "text").",".
191  $ilDB->quote(time(), "integer").")");
192 
193  // portfolio as profile
194  $this->syncProfile($a_node_id);
195  }
196 
203  public function removePermission($a_node_id, $a_object_id = null)
204  {
205  global $ilDB;
206 
207  $query = "DELETE FROM usr_portf_acl".
208  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer");
209 
210  if($a_object_id)
211  {
212  $query .= " AND object_id = ".$ilDB->quote($a_object_id, "integer");
213  }
214 
215  $ilDB->manipulate($query);
216 
217  // portfolio as profile
218  $this->syncProfile($a_node_id);
219  }
220 
227  public function getPermissions($a_node_id)
228  {
229  global $ilDB;
230 
231  $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
232  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer"));
233  $res = array();
234  while($row = $ilDB->fetchAssoc($set))
235  {
236  $res[] = $row["object_id"];
237  }
238  return $res;
239  }
240 
241  public function hasRegisteredPermission($a_node_id)
242  {
243  global $ilDB;
244 
245  $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
246  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
247  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
248  return (bool)$ilDB->numRows($set);
249  }
250 
251  public function hasGlobalPermission($a_node_id)
252  {
253  global $ilDB;
254 
255  $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
256  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
257  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
258  return (bool)$ilDB->numRows($set);
259  }
260 
261  public function hasGlobalPasswordPermission($a_node_id)
262  {
263  global $ilDB;
264 
265  $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
266  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
267  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
268  return (bool)$ilDB->numRows($set);
269  }
270 
271  public function getObjectsIShare($a_online_only = true)
272  {
273  global $ilDB, $ilUser;
274 
275  $res = array();
276 
277  $sql = "SELECT obj.obj_id".
278  " FROM object_data obj".
279  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
280  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
281  " WHERE obj.owner = ".$ilDB->quote($ilUser->getId(), "integer");
282 
283  if($a_online_only)
284  {
285  $sql .= " AND prtf.is_online = ".$ilDB->quote(1, "integer");
286  }
287 
288  $set = $ilDB->query($sql);
289  while ($row = $ilDB->fetchAssoc($set))
290  {
291  $res[] = $row["obj_id"];
292  }
293 
294  return $res;
295  }
296 
297  public static function getPossibleSharedTargets()
298  {
299  global $ilUser;
300 
301  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
302  include_once "Services/Membership/classes/class.ilParticipants.php";
303  $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
304  $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
305 
306  $obj_ids = array_merge($grp_ids, $crs_ids);
307  $obj_ids[] = $ilUser->getId();
308  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_REGISTERED;
309  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL;
310  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD;
311 
312  return $obj_ids;
313  }
314 
315  public function getSharedOwners()
316  {
317  global $ilUser, $ilDB;
318 
319  $obj_ids = $this->getPossibleSharedTargets();
320 
321  $user_ids = array();
322  $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title".
323  " FROM object_data obj".
324  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
325  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
326  " JOIN usr_data u on (u.usr_id = obj.owner)".
327  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
328  " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
329  " AND prtf.is_online = ".$ilDB->quote(1, "integer").
330  " ORDER BY u.lastname, u.firstname, u.title");
331  while ($row = $ilDB->fetchAssoc($set))
332  {
333  $user_ids[$row["owner"]] = $row["lastname"].", ".$row["firstname"];
334  if($row["title"])
335  {
336  $user_ids[$row["owner"]] .= ", ".$row["title"];
337  }
338  }
339 
340  return $user_ids;
341  }
342 
343  public function getSharedObjects($a_owner_id)
344  {
345  global $ilDB;
346 
347  $obj_ids = $this->getPossibleSharedTargets();
348 
349  $res = array();
350  $set = $ilDB->query("SELECT obj.obj_id, obj.owner".
351  " FROM object_data obj".
352  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
353  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
354  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
355  " AND obj.owner = ".$ilDB->quote($a_owner_id, "integer").
356  " AND prtf.is_online = ".$ilDB->quote(1, "integer"));
357  while ($row = $ilDB->fetchAssoc($set))
358  {
359  $res[$row["obj_id"]] = $row["obj_id"];
360  }
361 
362  return $res;
363  }
364 
365  public function getShardObjectsDataForUserIds(array $a_owner_ids)
366  {
367  global $ilDB;
368 
369  $obj_ids = $this->getPossibleSharedTargets();
370 
371  $res = array();
372 
373  $set = $ilDB->query("SELECT obj.obj_id, obj.owner, obj.title".
374  " FROM object_data obj".
375  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
376  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
377  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
378  " AND ".$ilDB->in("obj.owner", $a_owner_ids, "", "integer").
379  " AND prtf.is_online = ".$ilDB->quote(1, "integer"));
380  while ($row = $ilDB->fetchAssoc($set))
381  {
382  $res[$row["owner"]][$row["obj_id"]] = $row["title"];
383  }
384 
385  return $res;
386  }
387 
388  public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
389  {
390  global $ilDB, $ilUser;
391 
392  if(!$a_filter["acl_type"])
393  {
394  $obj_ids = $this->getPossibleSharedTargets();
395  }
396  else
397  {
398  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
399 
400  switch($a_filter["acl_type"])
401  {
402  case "all":
403  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
404  break;
405 
406  case "password":
407  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
408  break;
409 
410  case "registered":
411  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_REGISTERED);
412  break;
413 
414  case "course":
415  $obj_ids = $a_crs_ids;
416  break;
417 
418  case "group":
419  $obj_ids = $a_grp_ids;
420  break;
421 
422  case "user":
423  $obj_ids = array($ilUser->getId());
424  break;
425  }
426  }
427 
428  $res = array();
429 
430  $sql = "SELECT obj.obj_id,obj.title,obj.owner".
431  ",acl.object_id acl_type, acl.tstamp acl_date".
432  " FROM object_data obj".
433  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
434  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
435  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
436  " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
437  " AND obj.type = ".$ilDB->quote("prtf", "text").
438  " AND prtf.is_online = ".$ilDB->quote(1, "integer");
439 
440  if($a_filter["title"] && strlen($a_filter["title"]) >= 3)
441  {
442  $sql .= " AND ".$ilDB->like("obj.title", "text", "%".$a_filter["title"]."%");
443  }
444  if($a_filter["user"] && strlen($a_filter["user"]) >= 3)
445  {
446  $usr_ids = array();
447  $set = $ilDB->query("SELECT usr_id FROM usr_data".
448  " WHERE (".$ilDB->like("login", "text", "%".$a_filter["user"]."%")." ".
449  "OR ".$ilDB->like("firstname", "text", "%".$a_filter["user"]."%")." ".
450  "OR ".$ilDB->like("lastname", "text", "%".$a_filter["user"]."%")." ".
451  "OR ".$ilDB->like("email", "text", "%".$a_filter["user"]."%").")");
452  while($row = $ilDB->fetchAssoc($set))
453  {
454  $usr_ids[] = $row["usr_id"];
455  }
456  if(!sizeof($usr_ids))
457  {
458  return;
459  }
460  $sql .= " AND ".$ilDB->in("obj.owner", $usr_ids, "", "integer");
461  }
462 
463  if($a_filter["acl_date"])
464  {
465  $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
466  $dt = new ilDateTime($dt." 00:00:00", IL_CAL_DATETIME);
467  $sql .= " AND acl.tstamp > ".$ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
468  }
469 
470  if($a_filter["crsgrp"])
471  {
472  include_once "Services/Membership/classes/class.ilParticipants.php";
473  $part = new ilParticipants($a_filter["crsgrp"]);
474  $part = $part->getParticipants();
475  if(!sizeof($part))
476  {
477  return;
478  }
479  $sql .= " AND ".$ilDB->in("obj.owner", $part, "", "integer");
480  }
481 
482  // we use the oldest share date
483  $sql .= " ORDER BY acl.tstamp";
484 
485  $set = $ilDB->query($sql);
486  while ($row = $ilDB->fetchAssoc($set))
487  {
488  if(!isset($res[$row["obj_id"]]))
489  {
490  $row["acl_type"] = array($row["acl_type"]);
491  $res[$row["obj_id"]] = $row;
492  }
493  else
494  {
495  $res[$row["obj_id"]]["acl_type"][] = $row["acl_type"];
496  }
497  }
498 
499  return $res;
500  }
501 
502  public static function getSharedNodePassword($a_node_id)
503  {
504  global $ilDB;
505 
506  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
507 
508  $set = $ilDB->query("SELECT extended_data FROM usr_portf_acl".
509  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
510  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
511  $res = $ilDB->fetchAssoc($set);
512  if($res)
513  {
514  return $res["extended_data"];
515  }
516  }
517 
518  public static function keepSharedSessionPassword($a_node_id, $a_password)
519  {
520  $_SESSION["ilshpw_".$a_node_id] = $a_password;
521  }
522 
523  public static function getSharedSessionPassword($a_node_id)
524  {
525  return $_SESSION["ilshpw_".$a_node_id];
526  }
527 
528  protected function syncProfile($a_node_id)
529  {
530  global $ilUser;
531 
532  // #12845
533  include_once "Modules/Portfolio/classes/class.ilObjPortfolio.php";
534  if(ilObjPortfolio::getDefaultPortfolio($ilUser->getId()) == $a_node_id)
535  {
536  $has_registered = $this->hasRegisteredPermission($a_node_id);
537  $has_global = $this->hasGlobalPermission($a_node_id);
538 
539  // not published anymore - remove portfolio as profile
540  if(!$has_registered && !$has_global)
541  {
542  $ilUser->setPref("public_profile", "n");
543  $ilUser->writePrefs();
544  ilObjPortfolio::setUserDefault($ilUser->getId());
545  }
546  // adapt profile setting
547  else
548  {
549  $new_pref = "y";
550  if($has_global)
551  {
552  $new_pref = "g";
553  }
554  if($ilUser->getPref("public_profile") != $new_pref)
555  {
556  $ilUser->setPref("public_profile", $new_pref);
557  $ilUser->writePrefs();
558  }
559  }
560  }
561  }
562 }
563 
564 ?>
$_SESSION
< a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false">< img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0"/></a >< br/>< strong > Enter Code *if($_SERVER['REQUEST_METHOD']=='POST' &&@ $_POST['do']=='contact') $_SESSION['ctform']['success']
Definition: example_form.php:192
IL_CAL_DATETIME
const IL_CAL_DATETIME
Definition: class.ilDateTime.php:9
ilPortfolioAccessHandler\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilPortfolioAccessHandler.php:52
ilPortfolioAccessHandler\setPermissions
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
Definition: class.ilPortfolioAccessHandler.php:165
ilParticipants\_getMembershipByType
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Definition: class.ilParticipants.php:137
ilCourseParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilCourseParticipants.php:74
ilPortfolioAccessHandler\addPermission
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
Definition: class.ilPortfolioAccessHandler.php:177
IL_CAL_UNIX
const IL_CAL_UNIX
Definition: class.ilDateTime.php:11
ilPortfolioAccessHandler\keepSharedSessionPassword
static keepSharedSessionPassword($a_node_id, $a_password)
Definition: class.ilPortfolioAccessHandler.php:518
ilObjPortfolio\setUserDefault
static setUserDefault($a_user_id, $a_portfolio_id=null)
Set the user default portfolio.
Definition: class.ilObjPortfolio.php:97
ilDateTime
Date and time handling
Definition: class.ilDateTime.php:32
ilPortfolioAccessHandler\findSharedObjects
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
Definition: class.ilPortfolioAccessHandler.php:388
ilGroupParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilGroupParticipants.php:61
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1183
ilPortfolioAccessHandler\getPermissions
getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilPortfolioAccessHandler.php:227
ilPortfolioAccessHandler\removePermission
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Definition: class.ilPortfolioAccessHandler.php:203
IL_CAL_DATE
const IL_CAL_DATE
Definition: class.ilDateTime.php:10
$ilUser
global $ilUser
Definition: imgupload.php:15
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$lng
global $lng
Definition: privfeed.php:40
ilPortfolioAccessHandler
Access handler for portfolio.
Definition: class.ilPortfolioAccessHandler.php:18
ilObjPortfolio\getDefaultPortfolio
static getDefaultPortfolio($a_user_id)
Get default portfolio of user.
Definition: class.ilObjPortfolio.php:151
ilPortfolioAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilPortfolioAccessHandler.php:35