ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAccessHandler.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4require_once("Services/AccessControl/classes/class.ilAccessInfo.php");
5
21{
22 protected $stored_rbac_access = array();
23
27 function ilAccessHandler()
28 {
29 global $rbacsystem,$lng;
30
31 $this->rbacsystem =& $rbacsystem;
32 $this->results = array();
33 $this->current_info = new ilAccessInfo();
34
35 // use function enable to switch on/off tests (only cache is used so far)
36 $this->cache = true;
37 $this->rbac = true;
38 $this->tree = true;
39 $this->condition = true;
40 $this->path = true;
41 $this->status = true;
42 $this->obj_id_cache = array();
43 $this->obj_type_cache = array();
44 $this->obj_tree_cache=array();
45 }
46
57 function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "",$a_info = "")
58 {
59 global $ilUser;
60
61 if ($a_user_id == "")
62 {
63 $a_user_id = $ilUser->getId();
64 }
65
66 if ($a_info == "")
67 {
68 $a_info = $this->current_info;
69 }
70
71 //var_dump("<pre>",$a_permission,"</pre>");
72
73 if ($this->cache)
74 {
75 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76 array("granted" => $a_access_granted, "info" => $a_info,
77 "prevent_db_cache" => $this->getPreventCachingLastResult());
78//echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
79 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81 $this->last_info = $a_info;
82 }
83
84 // get new info object
85 $this->current_info = new ilAccessInfo();
86
87 }
88
95 {
96 $this->prevent_caching_last_result = $a_val;
97 }
98
105 {
106 return $this->prevent_caching_last_result;
107 }
108
121 function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
122 {
123 global $ilUser;
124
125 if ($a_user_id == "")
126 {
127 $a_user_id = $ilUser->getId();
128 }
129
130 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
131 {
132 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
133 }*/
134
135 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
136 {
137 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138 }
139 return false;
140 }
141
142 function storeCache()
143 {
144 global $ilDB, $ilUser;
145
146 $query = "DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),'integer');
147 $res = $ilDB->manipulate($query);
148
149 $ilDB->insert('acc_cache', array(
150 'user_id' => array('integer',$ilUser->getId()),
151 'time' => array('integer',time()),
152 'result' => array('clob',serialize($this->results))
153 ));
154 }
155
156 function readCache($a_secs = 0)
157 {
158 global $ilUser, $ilDB;
159
160 if ($a_secs > 0)
161 {
162 $query = "SELECT * FROM acc_cache WHERE user_id = ".
163 $ilDB->quote($ilUser->getId() ,'integer');
164 $set = $ilDB->query($query);
165 $rec = $set->fetchRow(DB_FETCHMODE_ASSOC);
166 if ((time() - $rec["time"]) < $a_secs)
167 {
168 $this->results = unserialize($rec["result"]);
169//var_dump($this->results);
170 return true;
171 }
172 }
173 return false;
174 }
175
176 function getResults()
177 {
178 return $this->results;
179 }
180
181 function setResults($a_results)
182 {
183 $this->results = $a_results;
184 }
185
189 function addInfoItem($a_type, $a_text, $a_data = "")
190 {
191 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
192 }
193
206 function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
207 {
208 global $ilUser;
209
210 return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
211 }
212
226 function checkAccessOfUser($a_user_id,$a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
227 {
228 global $ilBench, $lng;
229
230 $this->setPreventCachingLastResult(false); // for external db based caches
231
232 $ilBench->start("AccessControl", "0400_clear_info");
233 $this->current_info->clear();
234 $ilBench->stop("AccessControl", "0400_clear_info");
235
236
237 // get stored result (internal memory based cache)
238 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
239 if ($cached["hit"])
240 {
241 // Store access result
242 if (!$cached["granted"])
243 {
244 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
245 }
246 if ($cached["prevent_db_cache"])
247 {
248 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
249 }
250 return $cached["granted"];
251 }
252
253 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
254 // get object id if not provided
255 if ($a_obj_id == "")
256 {
257 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
258 {
259 $a_obj_id = $this->obj_id_cache[$a_ref_id];
260 }
261 else
262 {
263 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
264 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
265 }
266 }
267 if ($a_type == "")
268 {
269 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "")
270 {
271 $a_type = $this->obj_type_cache[$a_ref_id];
272 }
273 else
274 {
275 $a_type = ilObject::_lookupType($a_ref_id, true);
276 $this->obj_type_cache[$a_ref_id] = $a_type;
277 }
278 }
279
280 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
281
282 // to do: payment handling
283
284 // if supplied tree id is not = 1 (= repository main tree),
285 // check if object is in tree and not deleted
286 if ($a_tree_id != 1 &&
287 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
288 {
289 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
290 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
291 return false;
292 }
293
294 // rbac check for current object
295 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
296 {
297 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
298 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
299 return false;
300 }
301
302 // Check object activation
303 $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
304 if(!$act_check)
305 {
306 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
307 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
308 return false;
309 }
310
311 // check read permission for all parents
312 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
313 if (!$par_check)
314 {
315
316 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
317 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
318 return false;
319 }
320
321 // condition check (currently only implemented for read permission)
322 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
323 {
324 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
325 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
326 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
327 return false;
328 }
329
330 // object type specific check
331 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
332 {
333 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
334 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
335 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
336 return false;
337 }
338
339 // check for available licenses
340 if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
341 {
342 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
343 return false;
344 }
345
346 // all checks passed
347 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
348 return true;
349 }
350
354 function getInfo()
355 {
356 //return $this->last_result;
357 //$this->last_info->setQueryData($this->current_result_element);
358 //var_dump("<pre>",$this->results,"</pre>");
359 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
360 }
361
365 function getResultLast()
366 {
367 return $this->last_result;
368 }
369
370 function getResultAll($a_ref_id = "")
371 {
372 if ($a_ref_id == "")
373 {
374 return $this->results;
375 }
376
377 return $this->results[$a_ref_id];
378 }
379
384 function doCacheCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id)
385 {
386 global $ilBench;
387 //echo "cacheCheck<br/>";
388
389 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
390 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
391 //var_dump($stored_access);
392 if (is_array($stored_access))
393 {
394 $this->current_info = $stored_access["info"];
395 //var_dump("cache-treffer:");
396 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
397 return array("hit" => true, "granted" => $stored_access["granted"],
398 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
399 }
400
401 // not in cache
402 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
403 return array("hit" => false, "granted" => false,
404 "prevent_db_cache" => false);
405 }
406
411 function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
412 {
413 global $tree, $lng, $ilBench;
414 //echo "treeCheck<br/>";
415
416 // Get stored result
417 $tree_cache_key = $a_user_id.':'.$a_ref_id;
418 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
419 // Store access result
420 if (!$this->obj_tree_cache[$tree_cache_key])
421 {
422 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
423 }
424 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
425
426 return $this->obj_tree_cache[$tree_cache_key];
427 }
428
429 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
430
431 if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
432 {
433 // Store negative access results
434
435 // Store in tree cache
436 // Note, we only store up to 1000 results to avoid memory overflow.
437 if (count($this->obj_tree_cache) < 1000)
438 {
439 $this->obj_tree_cache[$tree_cache_key] = false;
440 }
441
442 // Store in result cache
443 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
444 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
445
446 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
447
448 return false;
449 }
450
451 // Store positive access result.
452
453 // Store in tree cache
454 // Note, we only store up to 1000 results to avoid memory overflow.
455 if (count($this->obj_tree_cache) < 1000)
456 {
457 $this->obj_tree_cache[$tree_cache_key] = true;
458 }
459
460 // Store in result cache
461 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
462
463 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
464 return true;
465 }
466
471 function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
472 {
473 global $lng, $ilBench, $ilErr, $ilLog;
474
475 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
476
477 if ($a_permission == "")
478 {
479 $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
480 get_class($this),
481 $a_ref_id);
482 $ilLog->write($message,$ilLog->FATAL);
483 $ilErr->raiseError($message,$ilErr->MESSAGE);
484 }
485
486 if (isset($this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id]))
487 {
488 $access = $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id];
489 }
490 else
491 {
492 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
493 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
494 {
495 if ($a_permission != "create")
496 {
497 $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id] = $access;
498 }
499 }
500 }
501
502 // Store in result cache
503 if (!$access)
504 {
505 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
506 }
507 if ($a_permission != "create")
508 {
509 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
510 }
511 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
512
513 return $access;
514 }
515
520 function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
521 {
522 global $tree, $lng, $ilBench,$ilObjDataCache;
523//echo "<br>dopathcheck";
524 //echo "pathCheck<br/>";
525 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
526
527// if (isset($this->stored_path[$a_ref_id]))
528// {
529// $path = $this->stored_path[$a_ref_id];
530// }
531// else
532// {
533 $path = $tree->getPathId($a_ref_id);
534// $this->stored_path[$a_ref_id] = $path;
535// }
536 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
537
538 foreach ($path as $id)
539 {
540 if ($a_ref_id == $id)
541 {
542 continue;
543 }
544
545 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
546
547 if ($access == false)
548 {
549
550 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
551 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
552
553 if ($a_all == false)
554 {
555 return false;
556 }
557 }
558 }
559
560 return true;
561 }
562
567 function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
568 {
569 global $ilBench,$ilUser;
570
571 $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
572
573 $cache_perm = ($a_permission == "visible")
574 ? "visible"
575 : "other";
576
577//echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
578
579 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
580 {
581 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
582 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
583 }
584
585 // nothings needs to be done if current permission is write permission
586 if($a_permission == 'write')
587 {
588 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
589 return true;
590 }
591
592 // #10852 - member view check
593 if($a_user_id == $ilUser->getId())
594 {
595 // #10905 - activate parent container ONLY
596 include_once './Services/Container/classes/class.ilMemberViewSettings.php';
598 if($memview->isActiveForRefId($a_ref_id) &&
599 $memview->getContainer() == $a_ref_id)
600 {
601 return true;
602 }
603 }
604
605 include_once 'Services/Object/classes/class.ilObjectActivation.php';
606 $item_data = ilObjectActivation::getItem($a_ref_id);
607
608 // if activation isn't enabled
609 if($item_data === NULL ||
610 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION)
611 {
612 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
613 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
614 return true;
615 }
616
617 // if within activation time
618 if((time() >= $item_data['timing_start']) and
619 (time() <= $item_data['timing_end']))
620 {
621 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
622 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
623 return true;
624 }
625
626 // if user has write permission
627 if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
628 {
629 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
630 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
631 return true;
632 }
633 // if current permission is visible and visible is set in activation
634 if($a_permission == 'visible' and $item_data['visible'])
635 {
636 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
637 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
638 return true;
639 }
640 // no access
641 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
642 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
643 return false;
644 }
645
650 function doConditionCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
651 {
652 //echo "conditionCheck<br/>";
653 global $lng, $ilBench;
654
655 if(
656 ($a_permission == 'visible') and
657 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
658 )
659 {
661 {
662 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
663 {
664 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
665 foreach ($conditions as $condition)
666 {
667 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
668 $lng->txt("missing_precondition").": ".
669 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
670 $lng->txt("condition_".$condition["operator"])." ".
671 $condition["value"], $condition);
672 }
673 return FALSE;
674 }
675 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
676 }
677 }
678
679
680 if (($a_permission == "read" or $a_permission == 'join') &&
681 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
682 {
683 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
684 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
685 {
686 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
687 foreach ($conditions as $condition)
688 {
689 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
690 $lng->txt("missing_precondition").": ".
691 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
692 $lng->txt("condition_".$condition["operator"])." ".
693 $condition["value"], $condition);
694 }
695 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
696 return false;
697 }
698 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
699 }
700
701 return true;
702 }
703
708 function doStatusCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
709 {
710 global $objDefinition, $ilBench, $ilPluginAdmin;
711 //echo "statusCheck<br/>";
712 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
713
714 // check for a deactivated plugin
715 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
716 {
717 return false;
718 }
719 if(!$a_type)
720 {
721 return false;
722 }
723
724 $class = $objDefinition->getClassName($a_type);
725 $location = $objDefinition->getLocation($a_type);
726 $full_class = "ilObj".$class."Access";
727 include_once($location."/class.".$full_class.".php");
728 // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
729
730 $ilBench->start("AccessControl", "5001_checkAccess_".$full_class."_check");
731 $obj_access = call_user_func(array($full_class, "_checkAccess"),
732 $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
733 $ilBench->stop("AccessControl", "5001_checkAccess_".$full_class."_check");
734 if (!($obj_access === true))
735 {
736 //Note: We must not add an info item here, because one is going
737 // to be added by the user function we just called a few
738 // lines above.
739 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
740
741 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
742 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
743 return false;
744 }
745
746 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
747 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
748 return true;
749 }
750
754 function doLicenseCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
755 {
756 global $lng;
757
758 // simple checks first
759 if (!in_array($a_type, array('sahs','htlm'))
760 or !in_array($a_permission, array('read')))
761 {
762 $has_access = true;
763 }
764 else
765 {
766 require_once("Services/License/classes/class.ilLicenseAccess.php");
767
768 // licensing globally disabled => access granted
770 {
771 $has_access = true;
772 }
773 /* resolved mantis issue #5288:
774 * admins should not automatically have read access!
775 * their read access will also be noted and consume a license
776 elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
777 {
778 $has_access = true;
779 }
780 */
781 // now do the real check
782 else
783 {
784 $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
785 }
786 }
787
788 if ($has_access)
789 {
790 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
791 return true;
792 }
793 else
794 {
795 $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
796 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
797 return false;
798 }
799 }
800
801 function clear()
802 {
803 $this->results = array();
804 $this->last_result = "";
805 $this->current_info = new ilAccessInfo();
806 }
807
808 function enable($a_str,$a_bool)
809 {
810 $this->$a_str = $a_bool;
811 }
812}
$location
Definition: buildRTE.php:44
const IL_MISSING_PRECONDITION
const IL_NO_PARENT_ACCESS
const IL_NO_PERMISSION
const IL_NO_LICENSE
const IL_DELETED
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
Class ilAccessHandler.
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licenses
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activation
getPreventCachingLastResult()
Get prevent caching last result.
ilAccessHandler()
constructor
enable($a_str, $a_bool)
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)
getResultLast()
get last info object
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
getInfo()
get last info object
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permission
getResultAll($a_ref_id="")
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deleted
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parents
setPreventCachingLastResult($a_val)
Set prevent caching last result.
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cache
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
class ilAccessInfo
_checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
global $ilBench
Definition: ilias.php:18
global $lng
Definition: privfeed.php:40
$results
$path
Definition: index.php:22
global $ilDB
global $ilUser
Definition: imgupload.php:15