ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAccessHandler.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 require_once("Services/AccessControl/classes/class.ilAccessInfo.php");
5 
20 class ilAccessHandler
21 {
22  protected $stored_rbac_access = array();
23 
27  function ilAccessHandler()
28  {
29  global $rbacsystem,$lng;
30 
31  $this->rbacsystem =& $rbacsystem;
32  $this->results = array();
33  $this->current_info = new ilAccessInfo();
34 
35  // use function enable to switch on/off tests (only cache is used so far)
36  $this->cache = true;
37  $this->rbac = true;
38  $this->tree = true;
39  $this->condition = true;
40  $this->path = true;
41  $this->status = true;
42  $this->obj_id_cache = array();
43  $this->obj_type_cache = array();
44  $this->obj_tree_cache=array();
45  }
46 
57  function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "",$a_info = "")
58  {
59  global $ilUser;
60 
61  if ($a_user_id == "")
62  {
63  $a_user_id = $ilUser->getId();
64  }
65 
66  if ($a_info == "")
67  {
68  $a_info = $this->current_info;
69  }
70 
71  //var_dump("<pre>",$a_permission,"</pre>");
72 
73  if ($this->cache)
74  {
75  $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76  array("granted" => $a_access_granted, "info" => $a_info,
77  "prevent_db_cache" => $this->getPreventCachingLastResult());
78 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
79  $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80  $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81  $this->last_info = $a_info;
82  }
83 
84  // get new info object
85  $this->current_info = new ilAccessInfo();
86 
87  }
88 
94  function setPreventCachingLastResult($a_val)
95  {
96  $this->prevent_caching_last_result = $a_val;
97  }
98 
104  function getPreventCachingLastResult()
105  {
106  return $this->prevent_caching_last_result;
107  }
108 
121  function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
122  {
123  global $ilUser;
124 
125  if ($a_user_id == "")
126  {
127  $a_user_id = $ilUser->getId();
128  }
129 
130  /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
131  {
132  $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
133  }*/
134 
135  if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
136  {
137  return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138  }
139  return false;
140  }
141 
142  function storeCache()
143  {
144  global $ilDB, $ilUser;
145 
146  $query = "DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),'integer');
147  $res = $ilDB->manipulate($query);
148 
149  $ilDB->insert('acc_cache', array(
150  'user_id' => array('integer',$ilUser->getId()),
151  'time' => array('integer',time()),
152  'result' => array('clob',serialize($this->results))
153  ));
154  }
155 
156  function readCache($a_secs = 0)
157  {
158  global $ilUser, $ilDB;
159 
160  if ($a_secs > 0)
161  {
162  $query = "SELECT * FROM acc_cache WHERE user_id = ".
163  $ilDB->quote($ilUser->getId() ,'integer');
164  $set = $ilDB->query($query);
165  $rec = $set->fetchRow(DB_FETCHMODE_ASSOC);
166  if ((time() - $rec["time"]) < $a_secs)
167  {
168  $this->results = unserialize($rec["result"]);
169 //var_dump($this->results);
170  return true;
171  }
172  }
173  return false;
174  }
175 
176  function getResults()
177  {
178  return $this->results;
179  }
180 
181  function setResults($a_results)
182  {
183  $this->results = $a_results;
184  }
185 
189  function addInfoItem($a_type, $a_text, $a_data = "")
190  {
191  $this->current_info->addInfoItem($a_type, $a_text, $a_data);
192  }
193 
206  function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
207  {
208  global $ilUser;
209 
210  return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
211  }
212 
226  function checkAccessOfUser($a_user_id,$a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
227  {
228  global $ilBench, $lng;
229 
230  $this->setPreventCachingLastResult(false); // for external db based caches
231 
232  $ilBench->start("AccessControl", "0400_clear_info");
233  $this->current_info->clear();
234  $ilBench->stop("AccessControl", "0400_clear_info");
235 
236 
237  // get stored result (internal memory based cache)
238  $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
239  if ($cached["hit"])
240  {
241  // Store access result
242  if (!$cached["granted"])
243  {
244  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
245  }
246  if ($cached["prevent_db_cache"])
247  {
248  $this->setPreventCachingLastResult(true); // should have been saved in previous call already
249  }
250  return $cached["granted"];
251  }
252 
253  $ilBench->start("AccessControl", "0500_lookup_id_and_type");
254  // get object id if not provided
255  if ($a_obj_id == "")
256  {
257  if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
258  {
259  $a_obj_id = $this->obj_id_cache[$a_ref_id];
260  }
261  else
262  {
263  $a_obj_id = ilObject::_lookupObjId($a_ref_id);
264  $this->obj_id_cache[$a_ref_id] = $a_obj_id;
265  }
266  }
267  if ($a_type == "")
268  {
269  if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "")
270  {
271  $a_type = $this->obj_type_cache[$a_ref_id];
272  }
273  else
274  {
275  $a_type = ilObject::_lookupType($a_ref_id, true);
276  $this->obj_type_cache[$a_ref_id] = $a_type;
277  }
278  }
279 
280  $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
281 
282  // to do: payment handling
283 
284  // if supplied tree id is not = 1 (= repository main tree),
285  // check if object is in tree and not deleted
286  if ($a_tree_id != 1 &&
287  !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
288  {
289  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
290  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
291  return false;
292  }
293 
294  // rbac check for current object
295  if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
296  {
297  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
298  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
299  return false;
300  }
301 
302  // Check object activation
303  $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
304  if(!$act_check)
305  {
306  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
307  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
308  return false;
309  }
310 
311  // check read permission for all parents
312  $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
313  if (!$par_check)
314  {
315 
316  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
317  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
318  return false;
319  }
320 
321  // condition check (currently only implemented for read permission)
322  if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
323  {
324  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
325  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
326  $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
327  return false;
328  }
329 
330  // object type specific check
331  if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
332  {
333  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
334  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
335  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
336  return false;
337  }
338 
339  // check for available licenses
340  if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
341  {
342  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
343  return false;
344  }
345 
346  // all checks passed
347  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
348  return true;
349  }
350 
354  function getInfo()
355  {
356  //return $this->last_result;
357  //$this->last_info->setQueryData($this->current_result_element);
358  //var_dump("<pre>",$this->results,"</pre>");
359  return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
360  }
361 
365  function getResultLast()
366  {
367  return $this->last_result;
368  }
369 
370  function getResultAll($a_ref_id = "")
371  {
372  if ($a_ref_id == "")
373  {
374  return $this->results;
375  }
376 
377  return $this->results[$a_ref_id];
378  }
379 
384  function doCacheCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id)
385  {
386  global $ilBench;
387  //echo "cacheCheck<br/>";
388 
389  $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
390  $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
391  //var_dump($stored_access);
392  if (is_array($stored_access))
393  {
394  $this->current_info = $stored_access["info"];
395  //var_dump("cache-treffer:");
396  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
397  return array("hit" => true, "granted" => $stored_access["granted"],
398  "prevent_db_cache" => $stored_access["prevent_db_cache"]);
399  }
400 
401  // not in cache
402  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
403  return array("hit" => false, "granted" => false,
404  "prevent_db_cache" => false);
405  }
406 
411  function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
412  {
413  global $tree, $lng, $ilBench;
414  //echo "treeCheck<br/>";
415 
416  // Get stored result
417  $tree_cache_key = $a_user_id.':'.$a_ref_id;
418  if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
419  // Store access result
420  if (!$this->obj_tree_cache[$tree_cache_key])
421  {
422  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
423  }
424  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
425 
426  return $this->obj_tree_cache[$tree_cache_key];
427  }
428 
429  $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
430 
431  if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
432  {
433  // Store negative access results
434 
435  // Store in tree cache
436  // Note, we only store up to 1000 results to avoid memory overflow.
437  if (count($this->obj_tree_cache) < 1000)
438  {
439  $this->obj_tree_cache[$tree_cache_key] = false;
440  }
441 
442  // Store in result cache
443  $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
444  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
445 
446  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
447 
448  return false;
449  }
450 
451  // Store positive access result.
452 
453  // Store in tree cache
454  // Note, we only store up to 1000 results to avoid memory overflow.
455  if (count($this->obj_tree_cache) < 1000)
456  {
457  $this->obj_tree_cache[$tree_cache_key] = true;
458  }
459 
460  // Store in result cache
461  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
462 
463  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
464  return true;
465  }
466 
471  function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
472  {
473  global $lng, $ilBench, $ilErr, $ilLog;
474 
475  $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
476 
477  if ($a_permission == "")
478  {
479  $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
480  get_class($this),
481  $a_ref_id);
482  $ilLog->write($message,$ilLog->FATAL);
483  $ilErr->raiseError($message,$ilErr->MESSAGE);
484  }
485 
486  if (isset($this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id]))
487  {
488  $access = $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id];
489  }
490  else
491  {
492  $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
493  if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
494  {
495  if ($a_permission != "create")
496  {
497  $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id] = $access;
498  }
499  }
500  }
501 
502  // Store in result cache
503  if (!$access)
504  {
505  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
506  }
507  if ($a_permission != "create")
508  {
509  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
510  }
511  $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
512 
513  return $access;
514  }
515 
520  function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
521  {
522  global $tree, $lng, $ilBench,$ilObjDataCache;
523 //echo "<br>dopathcheck";
524  //echo "pathCheck<br/>";
525  $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
526 
527 // if (isset($this->stored_path[$a_ref_id]))
528 // {
529 // $path = $this->stored_path[$a_ref_id];
530 // }
531 // else
532 // {
533  $path = $tree->getPathId($a_ref_id);
534 // $this->stored_path[$a_ref_id] = $path;
535 // }
536  $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
537 
538  foreach ($path as $id)
539  {
540  if ($a_ref_id == $id)
541  {
542  continue;
543  }
544 
545  $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
546 
547  if ($access == false)
548  {
549 
550  //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
551  $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
552 
553  if ($a_all == false)
554  {
555  return false;
556  }
557  }
558  }
559 
560  return true;
561  }
562 
567  function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
568  {
569  global $ilBench,$ilUser;
570 
571  $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
572 
573  $cache_perm = ($a_permission == "visible")
574  ? "visible"
575  : "other";
576 
577 //echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
578 
579  if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
580  {
581  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
582  return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
583  }
584 
585  // nothings needs to be done if current permission is write permission
586  if($a_permission == 'write')
587  {
588  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
589  return true;
590  }
591 
592  // #10852 - member view check
593  if($a_user_id == $ilUser->getId())
594  {
595  // #10905 - activate parent container ONLY
596  include_once './Services/Container/classes/class.ilMemberViewSettings.php';
597  $memview = ilMemberViewSettings::getInstance();
598  if($memview->isActiveForRefId($a_ref_id) &&
599  $memview->getContainer() == $a_ref_id)
600  {
601  return true;
602  }
603  }
604 
605  include_once 'Services/Object/classes/class.ilObjectActivation.php';
606  $item_data = ilObjectActivation::getItem($a_ref_id);
607 
608  // if activation isn't enabled
609  if($item_data === NULL ||
610  $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION)
611  {
612  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
613  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
614  return true;
615  }
616 
617  // if within activation time
618  if((time() >= $item_data['timing_start']) and
619  (time() <= $item_data['timing_end']))
620  {
621  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
622  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
623  return true;
624  }
625 
626  // if user has write permission
627  if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
628  {
629  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
630  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
631  return true;
632  }
633  // if current permission is visible and visible is set in activation
634  if($a_permission == 'visible' and $item_data['visible'])
635  {
636  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
637  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
638  return true;
639  }
640  // no access
641  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
642  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
643  return false;
644  }
645 
650  function doConditionCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
651  {
652  //echo "conditionCheck<br/>";
653  global $lng, $ilBench;
654 
655  if(
656  ($a_permission == 'visible') and
657  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
658  )
659  {
660  if(ilConditionHandler::lookupHiddenStatusByTarget($a_ref_id))
661  {
662  if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
663  {
664  $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
665  foreach ($conditions as $condition)
666  {
667  $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
668  $lng->txt("missing_precondition").": ".
669  ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
670  $lng->txt("condition_".$condition["operator"])." ".
671  $condition["value"], $condition);
672  }
673  return FALSE;
674  }
675  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
676  }
677  }
678 
679 
680  if (($a_permission == "read" or $a_permission == 'join') &&
681  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
682  {
683  $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
684  if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
685  {
686  $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
687  foreach ($conditions as $condition)
688  {
689  $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
690  $lng->txt("missing_precondition").": ".
691  ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
692  $lng->txt("condition_".$condition["operator"])." ".
693  $condition["value"], $condition);
694  }
695  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
696  return false;
697  }
698  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
699  }
700 
701  return true;
702  }
703 
708  function doStatusCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
709  {
710  global $objDefinition, $ilBench, $ilPluginAdmin;
711  //echo "statusCheck<br/>";
712  $ilBench->start("AccessControl", "5000_checkAccess_object_check");
713 
714  // check for a deactivated plugin
715  if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
716  {
717  return false;
718  }
719  if(!$a_type)
720  {
721  return false;
722  }
723 
724  $class = $objDefinition->getClassName($a_type);
725  $location = $objDefinition->getLocation($a_type);
726  $full_class = "ilObj".$class."Access";
727  include_once($location."/class.".$full_class.".php");
728  // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
729 
730  $ilBench->start("AccessControl", "5001_checkAccess_".$full_class."_check");
731  $obj_access = call_user_func(array($full_class, "_checkAccess"),
732  $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
733  $ilBench->stop("AccessControl", "5001_checkAccess_".$full_class."_check");
734  if (!($obj_access === true))
735  {
736  //Note: We must not add an info item here, because one is going
737  // to be added by the user function we just called a few
738  // lines above.
739  //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
740 
741  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
742  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
743  return false;
744  }
745 
746  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
747  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
748  return true;
749  }
750 
754  function doLicenseCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
755  {
756  global $lng;
757 
758  // simple checks first
759  if (!in_array($a_type, array('sahs','htlm'))
760  or !in_array($a_permission, array('read')))
761  {
762  $has_access = true;
763  }
764  else
765  {
766  require_once("Services/License/classes/class.ilLicenseAccess.php");
767 
768  // licensing globally disabled => access granted
769  if (!ilLicenseAccess::_isEnabled())
770  {
771  $has_access = true;
772  }
773  /* resolved mantis issue #5288:
774  * admins should not automatically have read access!
775  * their read access will also be noted and consume a license
776  elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
777  {
778  $has_access = true;
779  }
780  */
781  // now do the real check
782  else
783  {
784  $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
785  }
786  }
787 
788  if ($has_access)
789  {
790  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
791  return true;
792  }
793  else
794  {
795  $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
796  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
797  return false;
798  }
799  }
800 
801  function clear()
802  {
803  $this->results = array();
804  $this->last_result = "";
805  $this->current_info = new ilAccessInfo();
806  }
807 
808  function enable($a_str,$a_bool)
809  {
810  $this->$a_str = $a_bool;
811  }
812 }
ilAccessHandler\addInfoItem
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
Definition: class.ilAccessHandler.php:189
ilConditionHandler\_getConditionsOfTarget
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
Definition: class.ilConditionHandler.php:715
IL_NO_LICENSE
const IL_NO_LICENSE
Definition: class.ilAccessInfo.php:30
$location
$location
Definition: buildRTE.php:44
ilConditionHandler\lookupHiddenStatusByTarget
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status type $ilDB.
Definition: class.ilConditionHandler.php:141
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
ilAccessHandler\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.
Definition: class.ilAccessHandler.php:94
ilLicenseAccess\_isEnabled
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
Definition: class.ilLicenseAccess.php:22
ilObjectActivation\getItem
static getItem($a_ref_id)
Get item data.
Definition: class.ilObjectActivation.php:310
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
ilAccessHandler\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)
Definition: class.ilAccessHandler.php:650
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
ilAccessHandler\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
Definition: class.ilAccessHandler.php:57
ilAccessHandler\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.
Definition: class.ilAccessHandler.php:104
ilAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccessHandler.php:206
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28
ilConditionHandler\_checkAllConditionsOfTarget
_checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:965
ilAccessHandler\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccessHandler.php:226
ilAccessHandler\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cache
Definition: class.ilAccessHandler.php:384
ilAccessHandler\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parents
Definition: class.ilAccessHandler.php:520
ilAccessHandler\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
Definition: class.ilAccessHandler.php:708
ilAccessHandler\getInfo
getInfo()
get last info object
Definition: class.ilAccessHandler.php:354
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1041
DB_FETCHMODE_ASSOC
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
$results
$results
Definition: save_question_post_data.php:7
ilAccessHandler\getResultLast
getResultLast()
get last info object
Definition: class.ilAccessHandler.php:365
$ilLog
$ilLog
Definition: inc.setup_header.php:136
ilAccessHandler\enable
enable($a_str, $a_bool)
Definition: class.ilAccessHandler.php:808
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1196
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
ilLicenseAccess\_checkAccess
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
Definition: class.ilLicenseAccess.php:57
ilAccessHandler\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deleted
Definition: class.ilAccessHandler.php:411
$ilUser
global $ilUser
Definition: imgupload.php:15
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
ilMemberViewSettings\getInstance
static getInstance()
Get instance.
Definition: class.ilMemberViewSettings.php:53
$lng
global $lng
Definition: privfeed.php:40
$path
$path
Definition: index.php:22
$ilBench
global $ilBench
Definition: ilias.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilAccessHandler\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permission
Definition: class.ilAccessHandler.php:471
ilAccessHandler\ilAccessHandler
ilAccessHandler()
constructor
Definition: class.ilAccessHandler.php:27
ilAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activation
Definition: class.ilAccessHandler.php:567
ilAccessHandler\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result
Definition: class.ilAccessHandler.php:121
ilAccessHandler\doLicenseCheck
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licenses
Definition: class.ilAccessHandler.php:754
$ilErr
$ilErr
Definition: inc.setup_header.php:67
ilAccessHandler
Class ilAccessHandler.
Definition: class.ilAccessHandler.php:20
ilAccessHandler\getResultAll
getResultAll($a_ref_id="")
Definition: class.ilAccessHandler.php:370