ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilWorkspaceAccessHandler.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once "Modules/Group/classes/class.ilGroupParticipants.php";
6include_once "Modules/Course/classes/class.ilCourseParticipants.php";
7include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
8
17class ilWorkspaceAccessHandler
18{
19 protected $tree; // [ilTree]
20
21 public function __construct(ilTree $a_tree = null)
22 {
23 global $ilUser, $lng;
24
25 $lng->loadLanguageModule("wsp");
26
27 if(!$a_tree)
28 {
29 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceTree.php";
30 $a_tree = new ilWorkspaceTree($ilUser->getId());
31 }
32 $this->tree = $a_tree;
33 }
34
40 public function getTree()
41 {
42 return $this->tree;
43 }
44
54 public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
55 {
56 global $ilUser;
57
58 return $this->checkAccessOfUser($this->tree, $ilUser->getId(),$a_permission, $a_cmd, $a_node_id, $a_type);
59 }
60
72 public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
73 {
74 global $rbacreview, $ilUser, $ilSetting;
75
76 // :TODO: create permission for parent node with type ?!
77
78 // #20310
79 if(!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID)
80 {
81 return false;
82 }
83
84 // tree root is read-only
85 if($a_permission == "write")
86 {
87 if($a_tree->readRootId() == $a_node_id)
88 {
89 return false;
90 }
91 }
92
93 // node owner has all rights
94 if($a_tree->lookupOwner($a_node_id) == $a_user_id)
95 {
96 return true;
97 }
98
99 // other users can only read
100 if($a_permission == "read" || $a_permission == "visible")
101 {
102 // get all objects with explicit permission
103 $objects = $this->getPermissions($a_node_id);
104 if($objects)
105 {
106 // check if given user is member of object or has role
107 foreach($objects as $obj_id)
108 {
109 switch($obj_id)
110 {
111 case ilWorkspaceAccessGUI::PERMISSION_ALL:
112 return true;
113
114 case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD:
115 // check against input kept in session
116 if(self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
117 $a_permission == "visible")
118 {
119 return true;
120 }
121 break;
122
123 case ilWorkspaceAccessGUI::PERMISSION_REGISTERED:
124 if($ilUser->getId() != ANONYMOUS_USER_ID)
125 {
126 return true;
127 }
128 break;
129
130 default:
131 switch(ilObject::_lookupType($obj_id))
132 {
133 case "grp":
134 // member of group?
135 if(ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
136 {
137 return true;
138 }
139 break;
140
141 case "crs":
142 // member of course?
143 if(ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
144 {
145 return true;
146 }
147 break;
148
149 case "role":
150 // has role?
151 if($rbacreview->isAssigned($a_user_id, $obj_id))
152 {
153 return true;
154 }
155 break;
156
157 case "usr":
158 // direct assignment
159 if($a_user_id == $obj_id)
160 {
161 return true;
162 }
163 break;
164 }
165 break;
166 }
167 }
168 }
169 }
170
171 return false;
172 }
173
180 public function setPermissions($a_parent_node_id, $a_node_id)
181 {
182 // nothing to do as owner has irrefutable rights to any workspace object
183 }
184
193 public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
194 {
195 global $ilDB, $ilUser;
196
197 // tree owner must not be added
198 if($this->tree->getTreeId() == $ilUser->getId() &&
199 $a_object_id == $ilUser->getId())
200 {
201 return false;
202 }
203
204 $ilDB->manipulate("INSERT INTO acl_ws (node_id, object_id, extended_data, tstamp)".
205 " VALUES (".$ilDB->quote($a_node_id, "integer").", ".
206 $ilDB->quote($a_object_id, "integer").",".
207 $ilDB->quote($a_extended_data, "text").",".
208 $ilDB->quote(time(), "integer").")");
209 return true;
210 }
211
218 public function removePermission($a_node_id, $a_object_id = null)
219 {
220 global $ilDB;
221
222 $query = "DELETE FROM acl_ws".
223 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer");
224
225 if($a_object_id)
226 {
227 $query .= " AND object_id = ".$ilDB->quote($a_object_id, "integer");
228 }
229
230 return $ilDB->manipulate($query);
231 }
232
239 public static function getPermissions($a_node_id)
240 {
241 global $ilDB, $ilSetting;
242
243 $publish_enabled = $ilSetting->get("enable_global_profiles");
244 $publish_perm = array(ilWorkspaceAccessGUI::PERMISSION_ALL,
245 ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
246
247 $set = $ilDB->query("SELECT object_id FROM acl_ws".
248 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer"));
249 $res = array();
250 while($row = $ilDB->fetchAssoc($set))
251 {
252 if($publish_enabled || !in_array($row["object_id"], $publish_perm))
253 {
254 $res[] = $row["object_id"];
255 }
256 }
257 return $res;
258 }
259
260 public function hasRegisteredPermission($a_node_id)
261 {
262 global $ilDB;
263
264 $set = $ilDB->query("SELECT object_id FROM acl_ws".
265 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
266 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
267 return (bool)$ilDB->numRows($set);
268 }
269
270 public function hasGlobalPermission($a_node_id)
271 {
272 global $ilDB, $ilSetting;
273
274 if(!$ilSetting->get("enable_global_profiles"))
275 {
276 return false;
277 }
278
279 $set = $ilDB->query("SELECT object_id FROM acl_ws".
280 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
281 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
282 return (bool)$ilDB->numRows($set);
283 }
284
285 public function hasGlobalPasswordPermission($a_node_id)
286 {
287 global $ilDB, $ilSetting;
288
289 if(!$ilSetting->get("enable_global_profiles"))
290 {
291 return false;
292 }
293
294 $set = $ilDB->query("SELECT object_id FROM acl_ws".
295 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
296 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
297 return (bool)$ilDB->numRows($set);
298 }
299
300 public static function getPossibleSharedTargets()
301 {
302 global $ilUser, $ilSetting;
303
304 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
305 include_once "Services/Membership/classes/class.ilParticipants.php";
306 $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
307 $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
308
309 $obj_ids = array_merge($grp_ids, $crs_ids);
310 $obj_ids[] = $ilUser->getId();
311 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_REGISTERED;
312
313 if($ilSetting->get("enable_global_profiles"))
314 {
315 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL;
316 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD;
317 }
318
319 return $obj_ids;
320 }
321
322 public function getSharedOwners()
323 {
324 global $ilUser, $ilDB;
325
326 $obj_ids = $this->getPossibleSharedTargets();
327
328 $user_ids = array();
329 $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title".
330 " FROM object_data obj".
331 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
332 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
333 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
334 " JOIN usr_data u on (u.usr_id = obj.owner)".
335 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
336 " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
337 " ORDER BY u.lastname, u.firstname, u.title");
338 while ($row = $ilDB->fetchAssoc($set))
339 {
340 $user_ids[$row["owner"]] = $row["lastname"].", ".$row["firstname"];
341 if($row["title"])
342 {
343 $user_ids[$row["owner"]] .= ", ".$row["title"];
344 }
345 }
346
347 return $user_ids;
348 }
349
350 public function getSharedObjects($a_owner_id)
351 {
352 global $ilDB;
353
354 $obj_ids = $this->getPossibleSharedTargets();
355
356 $res = array();
357 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id".
358 " FROM object_data obj".
359 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
360 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
361 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
362 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
363 " AND obj.owner = ".$ilDB->quote($a_owner_id, "integer"));
364 while ($row = $ilDB->fetchAssoc($set))
365 {
366 $res[$row["wsp_id"]] = $row["obj_id"];
367 }
368
369 return $res;
370 }
371
372 public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
373 {
374 global $ilDB, $ilUser;
375
376 if(!$a_filter["acl_type"])
377 {
378 $obj_ids = $this->getPossibleSharedTargets();
379 }
380 else
381 {
382 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
383
384 switch($a_filter["acl_type"])
385 {
386 case "all":
387 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
388 break;
389
390 case "password":
391 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
392 break;
393
394 case "registered":
395 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_REGISTERED);
396 break;
397
398 case "course":
399 $obj_ids = $a_crs_ids;
400 break;
401
402 case "group":
403 $obj_ids = $a_grp_ids;
404 break;
405
406 case "user":
407 $obj_ids = array($ilUser->getId());
408 break;
409 }
410 }
411
412 $res = array();
413
414 $sql = "SELECT ref.wsp_id,obj.obj_id,obj.type,obj.title,obj.owner,".
415 "acl.object_id acl_type, acl.tstamp acl_date".
416 " FROM object_data obj".
417 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
418 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
419 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
420 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
421 " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer");
422
423 if($a_filter["obj_type"])
424 {
425 $sql .= " AND obj.type = ".$ilDB->quote($a_filter["obj_type"], "text");
426 }
427 if($a_filter["title"] && strlen($a_filter["title"]) >= 3)
428 {
429 $sql .= " AND ".$ilDB->like("obj.title", "text", "%".$a_filter["title"]."%");
430 }
431 if($a_filter["user"] && strlen($a_filter["user"]) >= 3)
432 {
433 $usr_ids = array();
434 $set = $ilDB->query("SELECT usr_id FROM usr_data".
435 " WHERE (".$ilDB->like("login", "text", "%".$a_filter["user"]."%")." ".
436 "OR ".$ilDB->like("firstname", "text", "%".$a_filter["user"]."%")." ".
437 "OR ".$ilDB->like("lastname", "text", "%".$a_filter["user"]."%")." ".
438 "OR ".$ilDB->like("email", "text", "%".$a_filter["user"]."%").")");
439 while($row = $ilDB->fetchAssoc($set))
440 {
441 $usr_ids[] = $row["usr_id"];
442 }
443 if(!sizeof($usr_ids))
444 {
445 return;
446 }
447 $sql .= " AND ".$ilDB->in("obj.owner", $usr_ids, "", "integer");
448 }
449
450 if($a_filter["acl_date"])
451 {
452 $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
453 $dt = new ilDateTime($dt." 00:00:00", IL_CAL_DATETIME);
454 $sql .= " AND acl.tstamp > ".$ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
455 }
456
457 if($a_filter["crsgrp"])
458 {
459 include_once "Services/Membership/classes/class.ilParticipants.php";
460 $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
461 $part = $part->getParticipants();
462 if(!sizeof($part))
463 {
464 return;
465 }
466 $sql .= " AND ".$ilDB->in("obj.owner", $part, "", "integer");
467 }
468
469 // we use the oldest share date
470 $sql .= " ORDER BY acl.tstamp";
471
472 $set = $ilDB->query($sql);
473 while ($row = $ilDB->fetchAssoc($set))
474 {
475 if(!isset($res[$row["wsp_id"]]))
476 {
477 $row["acl_type"] = array($row["acl_type"]);
478 $res[$row["wsp_id"]] = $row;
479 }
480 else
481 {
482 $res[$row["wsp_id"]]["acl_type"][] = $row["acl_type"];
483 }
484 }
485
486 return $res;
487 }
488
489 public static function getSharedNodePassword($a_node_id)
490 {
491 global $ilDB;
492
493 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
494
495 $set = $ilDB->query("SELECT * FROM acl_ws".
496 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
497 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
498 $res = $ilDB->fetchAssoc($set);
499 if($res)
500 {
501 return $res["extended_data"];
502 }
503 }
504
505 public static function keepSharedSessionPassword($a_node_id, $a_password)
506 {
507 $_SESSION["ilshpw_".$a_node_id] = $a_password;
508 }
509
510 public static function getSharedSessionPassword($a_node_id)
511 {
512 return $_SESSION["ilshpw_".$a_node_id];
513 }
514
515 public static function getGotoLink($a_node_id, $a_obj_id, $a_additional = null)
516 {
517 include_once('./Services/Link/classes/class.ilLink.php');
518 return ilLink::_getStaticLink($a_node_id, ilObject::_lookupType($a_obj_id), true, $a_additional."_wsp");
519 }
520
521 public function getObjectsIShare()
522 {
523 global $ilDB, $ilUser;
524
525 $res = array();
526 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id".
527 " FROM object_data obj".
528 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
529 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
530 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
531 " WHERE obj.owner = ".$ilDB->quote($ilUser->getId(), "integer"));
532 while ($row = $ilDB->fetchAssoc($set))
533 {
534 $res[$row["wsp_id"]] = $row["obj_id"];
535 }
536
537 return $res;
538 }
539
540 public static function getObjectDataFromNode($a_node_id)
541 {
542 global $ilDB;
543
544 $set = $ilDB->query("SELECT obj.obj_id, obj.type, obj.title".
545 " FROM object_reference_ws ref".
546 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
547 " JOIN object_data obj ON (ref.obj_id = obj.obj_id)".
548 " WHERE ref.wsp_id = ".$ilDB->quote($a_node_id, "integer"));
549 return $ilDB->fetchAssoc($set);
550 }
551}
552
553?>
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
IL_CAL_DATE
const IL_CAL_DATE
Definition: class.ilDateTime.php:10
IL_CAL_UNIX
const IL_CAL_UNIX
Definition: class.ilDateTime.php:11
IL_CAL_DATETIME
const IL_CAL_DATETIME
Definition: class.ilDateTime.php:9
ilCourseParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilCourseParticipants.php:77
ilDateTime
@classDescription Date and time handling
Definition: class.ilDateTime.php:33
ilGroupParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilGroupParticipants.php:63
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1196
ilParticipants\getInstanceByObjId
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
Definition: class.ilParticipants.php:75
ilParticipants\_getMembershipByType
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Definition: class.ilParticipants.php:159
ilTree
Tree class data representation in hierachical trees using the Nested Set Model with Gaps by Joe Celco...
Definition: class.ilTree.php:25
ilTree\readRootId
readRootId()
read root id from database
Definition: class.ilTree.php:2187
ilWorkspaceAccessHandler
Access handler for personal workspace.
Definition: class.ilWorkspaceAccessHandler.php:18
ilWorkspaceAccessHandler\getGotoLink
static getGotoLink($a_node_id, $a_obj_id, $a_additional=null)
Definition: class.ilWorkspaceAccessHandler.php:515
ilWorkspaceAccessHandler\addPermission
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
Definition: class.ilWorkspaceAccessHandler.php:193
ilWorkspaceAccessHandler\keepSharedSessionPassword
static keepSharedSessionPassword($a_node_id, $a_password)
Definition: class.ilWorkspaceAccessHandler.php:505
ilWorkspaceAccessHandler\findSharedObjects
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
Definition: class.ilWorkspaceAccessHandler.php:372
ilWorkspaceAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:54
ilWorkspaceAccessHandler\setPermissions
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
Definition: class.ilWorkspaceAccessHandler.php:180
ilWorkspaceAccessHandler\getPermissions
static getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:239
ilWorkspaceAccessHandler\checkAccessOfUser
checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:72
ilWorkspaceAccessHandler\removePermission
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Definition: class.ilWorkspaceAccessHandler.php:218
ilWorkspaceTree
Tree handler for personal workspace.
Definition: class.ilWorkspaceTree.php:14
$lng
global $lng
Definition: privfeed.php:40
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
global $ilUser
Definition: imgupload.php:15