ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilPortfolioAccessHandler.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 include_once "Modules/Portfolio/classes/class.ilObjPortfolio.php";
6 include_once "Modules/Group/classes/class.ilGroupParticipants.php";
7 include_once "Modules/Course/classes/class.ilCourseParticipants.php";
8 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
9 
18 class ilPortfolioAccessHandler
19 {
20  public function __construct()
21  {
22  global $lng;
23  $lng->loadLanguageModule("wsp");
24  }
25 
35  public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
36  {
37  global $ilUser;
38 
39  return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_node_id, $a_type);
40  }
41 
52  public function checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
53  {
54  global $rbacreview, $ilUser, $ilSetting;
55 
56  // #20310
57  if(!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID)
58  {
59  return false;
60  }
61 
62  // #12059
63  if (!$ilSetting->get('user_portfolios'))
64  {
65  return false;
66  }
67 
68  // :TODO: create permission for parent node with type ?!
69 
70  $pf = new ilObjPortfolio($a_node_id, false);
71  if(!$pf->getId())
72  {
73  return false;
74  }
75 
76  // portfolio owner has all rights
77  if($pf->getOwner() == $a_user_id)
78  {
79  return true;
80  }
81 
82  // #11921
83  if(!$pf->isOnline())
84  {
85  return false;
86  }
87 
88  // other users can only read
89  if($a_permission == "read" || $a_permission == "visible")
90  {
91  // get all objects with explicit permission
92  $objects = $this->getPermissions($a_node_id);
93  if($objects)
94  {
95  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
96 
97  // check if given user is member of object or has role
98  foreach($objects as $obj_id)
99  {
100  switch($obj_id)
101  {
102  case ilWorkspaceAccessGUI::PERMISSION_ALL:
103  return true;
104 
105  case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD:
106  // check against input kept in session
107  if(self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
108  $a_permission == "visible")
109  {
110  return true;
111  }
112  break;
113 
114  case ilWorkspaceAccessGUI::PERMISSION_REGISTERED:
115  if($ilUser->getId() != ANONYMOUS_USER_ID)
116  {
117  return true;
118  }
119  break;
120 
121  default:
122  switch(ilObject::_lookupType($obj_id))
123  {
124  case "grp":
125  // member of group?
126  if(ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
127  {
128  return true;
129  }
130  break;
131 
132  case "crs":
133  // member of course?
134  if(ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
135  {
136  return true;
137  }
138  break;
139 
140  case "role":
141  // has role?
142  if($rbacreview->isAssigned($a_user_id, $obj_id))
143  {
144  return true;
145  }
146  break;
147 
148  case "usr":
149  // direct assignment
150  if($a_user_id == $obj_id)
151  {
152  return true;
153  }
154  break;
155  }
156  break;
157  }
158  }
159  }
160  }
161 
162  return false;
163  }
164 
171  public function setPermissions($a_parent_node_id, $a_node_id)
172  {
173  // nothing to do as owner has irrefutable rights to any portfolio object
174  }
175 
183  public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
184  {
185  global $ilDB, $ilUser;
186 
187  // current owner must not be added
188  if($a_object_id == $ilUser->getId())
189  {
190  return;
191  }
192 
193  $ilDB->manipulate("INSERT INTO usr_portf_acl (node_id, object_id, extended_data, tstamp)".
194  " VALUES (".$ilDB->quote($a_node_id, "integer").", ".
195  $ilDB->quote($a_object_id, "integer").",".
196  $ilDB->quote($a_extended_data, "text").",".
197  $ilDB->quote(time(), "integer").")");
198 
199  // portfolio as profile
200  $this->syncProfile($a_node_id);
201  }
202 
209  public function removePermission($a_node_id, $a_object_id = null)
210  {
211  global $ilDB;
212 
213  $query = "DELETE FROM usr_portf_acl".
214  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer");
215 
216  if($a_object_id)
217  {
218  $query .= " AND object_id = ".$ilDB->quote($a_object_id, "integer");
219  }
220 
221  $ilDB->manipulate($query);
222 
223  // portfolio as profile
224  $this->syncProfile($a_node_id);
225  }
226 
233  public function getPermissions($a_node_id)
234  {
235  global $ilDB;
236 
237  $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
238  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer"));
239  $res = array();
240  while($row = $ilDB->fetchAssoc($set))
241  {
242  $res[] = $row["object_id"];
243  }
244  return $res;
245  }
246 
247  public function hasRegisteredPermission($a_node_id)
248  {
249  global $ilDB;
250 
251  $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
252  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
253  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
254  return (bool)$ilDB->numRows($set);
255  }
256 
257  public function hasGlobalPermission($a_node_id)
258  {
259  global $ilDB;
260 
261  $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
262  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
263  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
264  return (bool)$ilDB->numRows($set);
265  }
266 
267  public function hasGlobalPasswordPermission($a_node_id)
268  {
269  global $ilDB;
270 
271  $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
272  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
273  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
274  return (bool)$ilDB->numRows($set);
275  }
276 
277  public function getObjectsIShare($a_online_only = true)
278  {
279  global $ilDB, $ilUser;
280 
281  $res = array();
282 
283  $sql = "SELECT obj.obj_id".
284  " FROM object_data obj".
285  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
286  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
287  " WHERE obj.owner = ".$ilDB->quote($ilUser->getId(), "integer");
288 
289  if($a_online_only)
290  {
291  $sql .= " AND prtf.is_online = ".$ilDB->quote(1, "integer");
292  }
293 
294  $set = $ilDB->query($sql);
295  while ($row = $ilDB->fetchAssoc($set))
296  {
297  $res[] = $row["obj_id"];
298  }
299 
300  return $res;
301  }
302 
303  public static function getPossibleSharedTargets()
304  {
305  global $ilUser;
306 
307  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
308  include_once "Services/Membership/classes/class.ilParticipants.php";
309  $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
310  $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
311 
312  $obj_ids = array_merge($grp_ids, $crs_ids);
313  $obj_ids[] = $ilUser->getId();
314  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_REGISTERED;
315  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL;
316  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD;
317 
318  return $obj_ids;
319  }
320 
321  public function getSharedOwners()
322  {
323  global $ilUser, $ilDB;
324 
325  $obj_ids = $this->getPossibleSharedTargets();
326 
327  $user_ids = array();
328  $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title".
329  " FROM object_data obj".
330  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
331  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
332  " JOIN usr_data u on (u.usr_id = obj.owner)".
333  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
334  " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
335  " AND prtf.is_online = ".$ilDB->quote(1, "integer").
336  " ORDER BY u.lastname, u.firstname, u.title");
337  while ($row = $ilDB->fetchAssoc($set))
338  {
339  $user_ids[$row["owner"]] = $row["lastname"].", ".$row["firstname"];
340  if($row["title"])
341  {
342  $user_ids[$row["owner"]] .= ", ".$row["title"];
343  }
344  }
345 
346  return $user_ids;
347  }
348 
349  public function getSharedObjects($a_owner_id)
350  {
351  global $ilDB;
352 
353  $obj_ids = $this->getPossibleSharedTargets();
354 
355  $res = array();
356  $set = $ilDB->query("SELECT obj.obj_id, obj.owner".
357  " FROM object_data obj".
358  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
359  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
360  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
361  " AND obj.owner = ".$ilDB->quote($a_owner_id, "integer").
362  " AND prtf.is_online = ".$ilDB->quote(1, "integer"));
363  while ($row = $ilDB->fetchAssoc($set))
364  {
365  $res[$row["obj_id"]] = $row["obj_id"];
366  }
367 
368  return $res;
369  }
370 
371  public function getShardObjectsDataForUserIds(array $a_owner_ids)
372  {
373  global $ilDB;
374 
375  $obj_ids = $this->getPossibleSharedTargets();
376 
377  $res = array();
378 
379  $set = $ilDB->query("SELECT obj.obj_id, obj.owner, obj.title".
380  " FROM object_data obj".
381  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
382  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
383  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
384  " AND ".$ilDB->in("obj.owner", $a_owner_ids, "", "integer").
385  " AND prtf.is_online = ".$ilDB->quote(1, "integer"));
386  while ($row = $ilDB->fetchAssoc($set))
387  {
388  $res[$row["owner"]][$row["obj_id"]] = $row["title"];
389  }
390 
391  return $res;
392  }
393 
394  public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
395  {
396  global $ilDB, $ilUser;
397 
398  if(!$a_filter["acl_type"])
399  {
400  $obj_ids = $this->getPossibleSharedTargets();
401  }
402  else
403  {
404  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
405 
406  switch($a_filter["acl_type"])
407  {
408  case "all":
409  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
410  break;
411 
412  case "password":
413  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
414  break;
415 
416  case "registered":
417  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_REGISTERED);
418  break;
419 
420  case "course":
421  $obj_ids = $a_crs_ids;
422  break;
423 
424  case "group":
425  $obj_ids = $a_grp_ids;
426  break;
427 
428  case "user":
429  $obj_ids = array($ilUser->getId());
430  break;
431  }
432  }
433 
434  $res = array();
435 
436  $sql = "SELECT obj.obj_id,obj.title,obj.owner".
437  ",acl.object_id acl_type, acl.tstamp acl_date".
438  " FROM object_data obj".
439  " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
440  " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
441  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
442  " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
443  " AND obj.type = ".$ilDB->quote("prtf", "text").
444  " AND prtf.is_online = ".$ilDB->quote(1, "integer");
445 
446  if($a_filter["title"] && strlen($a_filter["title"]) >= 3)
447  {
448  $sql .= " AND ".$ilDB->like("obj.title", "text", "%".$a_filter["title"]."%");
449  }
450  if($a_filter["user"] && strlen($a_filter["user"]) >= 3)
451  {
452  $usr_ids = array();
453  $set = $ilDB->query("SELECT usr_id FROM usr_data".
454  " WHERE (".$ilDB->like("login", "text", "%".$a_filter["user"]."%")." ".
455  "OR ".$ilDB->like("firstname", "text", "%".$a_filter["user"]."%")." ".
456  "OR ".$ilDB->like("lastname", "text", "%".$a_filter["user"]."%")." ".
457  "OR ".$ilDB->like("email", "text", "%".$a_filter["user"]."%").")");
458  while($row = $ilDB->fetchAssoc($set))
459  {
460  $usr_ids[] = $row["usr_id"];
461  }
462  if(!sizeof($usr_ids))
463  {
464  return;
465  }
466  $sql .= " AND ".$ilDB->in("obj.owner", $usr_ids, "", "integer");
467  }
468 
469  if($a_filter["acl_date"])
470  {
471  $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
472  $dt = new ilDateTime($dt." 00:00:00", IL_CAL_DATETIME);
473  $sql .= " AND acl.tstamp > ".$ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
474  }
475 
476  if($a_filter["crsgrp"])
477  {
478  include_once "Services/Membership/classes/class.ilParticipants.php";
479  $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
480  $part = $part->getParticipants();
481  if(!sizeof($part))
482  {
483  return;
484  }
485  $sql .= " AND ".$ilDB->in("obj.owner", $part, "", "integer");
486  }
487 
488  // we use the oldest share date
489  $sql .= " ORDER BY acl.tstamp";
490 
491  $set = $ilDB->query($sql);
492  while ($row = $ilDB->fetchAssoc($set))
493  {
494  if(!isset($res[$row["obj_id"]]))
495  {
496  $row["acl_type"] = array($row["acl_type"]);
497  $res[$row["obj_id"]] = $row;
498  }
499  else
500  {
501  $res[$row["obj_id"]]["acl_type"][] = $row["acl_type"];
502  }
503  }
504 
505  return $res;
506  }
507 
508  public static function getSharedNodePassword($a_node_id)
509  {
510  global $ilDB;
511 
512  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
513 
514  $set = $ilDB->query("SELECT extended_data FROM usr_portf_acl".
515  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
516  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
517  $res = $ilDB->fetchAssoc($set);
518  if($res)
519  {
520  return $res["extended_data"];
521  }
522  }
523 
524  public static function keepSharedSessionPassword($a_node_id, $a_password)
525  {
526  $_SESSION["ilshpw_".$a_node_id] = $a_password;
527  }
528 
529  public static function getSharedSessionPassword($a_node_id)
530  {
531  return $_SESSION["ilshpw_".$a_node_id];
532  }
533 
534  protected function syncProfile($a_node_id)
535  {
536  global $ilUser;
537 
538  // #12845
539  include_once "Modules/Portfolio/classes/class.ilObjPortfolio.php";
540  if(ilObjPortfolio::getDefaultPortfolio($ilUser->getId()) == $a_node_id)
541  {
542  $has_registered = $this->hasRegisteredPermission($a_node_id);
543  $has_global = $this->hasGlobalPermission($a_node_id);
544 
545  // not published anymore - remove portfolio as profile
546  if(!$has_registered && !$has_global)
547  {
548  $ilUser->setPref("public_profile", "n");
549  $ilUser->writePrefs();
550  ilObjPortfolio::setUserDefault($ilUser->getId());
551  }
552  // adapt profile setting
553  else
554  {
555  $new_pref = "y";
556  if($has_global)
557  {
558  $new_pref = "g";
559  }
560  if($ilUser->getPref("public_profile") != $new_pref)
561  {
562  $ilUser->setPref("public_profile", $new_pref);
563  $ilUser->writePrefs();
564  }
565  }
566  }
567  }
568 }
569 
570 ?>
$_SESSION
< a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false">< img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0"/></a >< br/>< strong > Enter Code *if($_SERVER['REQUEST_METHOD']=='POST' &&@ $_POST['do']=='contact') $_SESSION['ctform']['success']
Definition: example_form.php:192
IL_CAL_DATETIME
const IL_CAL_DATETIME
Definition: class.ilDateTime.php:9
ilPortfolioAccessHandler\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilPortfolioAccessHandler.php:52
ilPortfolioAccessHandler\setPermissions
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
Definition: class.ilPortfolioAccessHandler.php:171
ilParticipants\_getMembershipByType
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Definition: class.ilParticipants.php:159
ilCourseParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilCourseParticipants.php:77
ilPortfolioAccessHandler\addPermission
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
Definition: class.ilPortfolioAccessHandler.php:183
IL_CAL_UNIX
const IL_CAL_UNIX
Definition: class.ilDateTime.php:11
ilPortfolioAccessHandler\keepSharedSessionPassword
static keepSharedSessionPassword($a_node_id, $a_password)
Definition: class.ilPortfolioAccessHandler.php:524
ilObjPortfolio\setUserDefault
static setUserDefault($a_user_id, $a_portfolio_id=null)
Set the user default portfolio.
Definition: class.ilObjPortfolio.php:97
ilDateTime
Date and time handling
Definition: class.ilDateTime.php:32
ilPortfolioAccessHandler\findSharedObjects
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
Definition: class.ilPortfolioAccessHandler.php:394
ilGroupParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilGroupParticipants.php:63
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1183
ilPortfolioAccessHandler\getPermissions
getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilPortfolioAccessHandler.php:233
ilPortfolioAccessHandler\removePermission
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Definition: class.ilPortfolioAccessHandler.php:209
IL_CAL_DATE
const IL_CAL_DATE
Definition: class.ilDateTime.php:10
$ilUser
global $ilUser
Definition: imgupload.php:15
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$lng
global $lng
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilPortfolioAccessHandler
Access handler for portfolio.
Definition: class.ilPortfolioAccessHandler.php:18
ilObjPortfolio\getDefaultPortfolio
static getDefaultPortfolio($a_user_id)
Get default portfolio of user.
Definition: class.ilObjPortfolio.php:151
ilParticipants\getInstanceByObjId
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
Definition: class.ilParticipants.php:75
ilPortfolioAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilPortfolioAccessHandler.php:35