ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilWorkspaceAccessHandler.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once "Modules/Group/classes/class.ilGroupParticipants.php";
6include_once "Modules/Course/classes/class.ilCourseParticipants.php";
7include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
8
18{
19 protected $tree; // [ilTree]
20
21 public function __construct(ilTree $a_tree = null)
22 {
23 global $ilUser, $lng;
24
25 $lng->loadLanguageModule("wsp");
26
27 if(!$a_tree)
28 {
29 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceTree.php";
30 $a_tree = new ilWorkspaceTree($ilUser->getId());
31 }
32 $this->tree = $a_tree;
33 }
34
40 public function getTree()
41 {
42 return $this->tree;
43 }
44
54 public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
55 {
56 global $ilUser;
57
58 return $this->checkAccessOfUser($this->tree, $ilUser->getId(),$a_permission, $a_cmd, $a_node_id, $a_type);
59 }
60
72 public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
73 {
74 global $rbacreview, $ilUser, $ilSetting;
75
76 // :TODO: create permission for parent node with type ?!
77
78 // #20310
79 if(!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID)
80 {
81 return false;
82 }
83
84 // tree root is read-only
85 if($a_permission == "write")
86 {
87 if($a_tree->readRootId() == $a_node_id)
88 {
89 return false;
90 }
91 }
92
93 // node owner has all rights
94 if($a_tree->lookupOwner($a_node_id) == $a_user_id)
95 {
96 return true;
97 }
98
99 // other users can only read
100 if($a_permission == "read" || $a_permission == "visible")
101 {
102 // get all objects with explicit permission
103 $objects = $this->getPermissions($a_node_id);
104 if($objects)
105 {
106 // check if given user is member of object or has role
107 foreach($objects as $obj_id)
108 {
109 switch($obj_id)
110 {
112 return true;
113
115 // check against input kept in session
116 if(self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
117 $a_permission == "visible")
118 {
119 return true;
120 }
121 break;
122
124 if($ilUser->getId() != ANONYMOUS_USER_ID)
125 {
126 return true;
127 }
128 break;
129
130 default:
131 switch(ilObject::_lookupType($obj_id))
132 {
133 case "grp":
134 // member of group?
135 if(ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
136 {
137 return true;
138 }
139 break;
140
141 case "crs":
142 // member of course?
143 if(ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
144 {
145 return true;
146 }
147 break;
148
149 case "role":
150 // has role?
151 if($rbacreview->isAssigned($a_user_id, $obj_id))
152 {
153 return true;
154 }
155 break;
156
157 case "usr":
158 // direct assignment
159 if($a_user_id == $obj_id)
160 {
161 return true;
162 }
163 break;
164 }
165 break;
166 }
167 }
168 }
169 }
170
171 return false;
172 }
173
180 public function setPermissions($a_parent_node_id, $a_node_id)
181 {
182 // nothing to do as owner has irrefutable rights to any workspace object
183 }
184
193 public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
194 {
195 global $ilDB, $ilUser;
196
197 // tree owner must not be added
198 if($this->tree->getTreeId() == $ilUser->getId() &&
199 $a_object_id == $ilUser->getId())
200 {
201 return false;
202 }
203
204 $ilDB->manipulate("INSERT INTO acl_ws (node_id, object_id, extended_data, tstamp)".
205 " VALUES (".$ilDB->quote($a_node_id, "integer").", ".
206 $ilDB->quote($a_object_id, "integer").",".
207 $ilDB->quote($a_extended_data, "text").",".
208 $ilDB->quote(time(), "integer").")");
209 return true;
210 }
211
218 public function removePermission($a_node_id, $a_object_id = null)
219 {
220 global $ilDB;
221
222 $query = "DELETE FROM acl_ws".
223 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer");
224
225 if($a_object_id)
226 {
227 $query .= " AND object_id = ".$ilDB->quote($a_object_id, "integer");
228 }
229
230 return $ilDB->manipulate($query);
231 }
232
239 public static function getPermissions($a_node_id)
240 {
241 global $ilDB, $ilSetting;
242
243 $publish_enabled = $ilSetting->get("enable_global_profiles");
244 $publish_perm = array(ilWorkspaceAccessGUI::PERMISSION_ALL,
246
247 $set = $ilDB->query("SELECT object_id FROM acl_ws".
248 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer"));
249 $res = array();
250 while($row = $ilDB->fetchAssoc($set))
251 {
252 if($publish_enabled || !in_array($row["object_id"], $publish_perm))
253 {
254 $res[] = $row["object_id"];
255 }
256 }
257 return $res;
258 }
259
260 public function hasRegisteredPermission($a_node_id)
261 {
262 global $ilDB;
263
264 $set = $ilDB->query("SELECT object_id FROM acl_ws".
265 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
266 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
267 return (bool)$ilDB->numRows($set);
268 }
269
270 public function hasGlobalPermission($a_node_id)
271 {
272 global $ilDB, $ilSetting;
273
274 if(!$ilSetting->get("enable_global_profiles"))
275 {
276 return false;
277 }
278
279 $set = $ilDB->query("SELECT object_id FROM acl_ws".
280 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
281 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
282 return (bool)$ilDB->numRows($set);
283 }
284
285 public function hasGlobalPasswordPermission($a_node_id)
286 {
287 global $ilDB, $ilSetting;
288
289 if(!$ilSetting->get("enable_global_profiles"))
290 {
291 return false;
292 }
293
294 $set = $ilDB->query("SELECT object_id FROM acl_ws".
295 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
296 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
297 return (bool)$ilDB->numRows($set);
298 }
299
300 public static function getPossibleSharedTargets()
301 {
302 global $ilUser, $ilSetting;
303
304 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
305 include_once "Services/Membership/classes/class.ilParticipants.php";
306 $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
307 $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
308
309 $obj_ids = array_merge($grp_ids, $crs_ids);
310 $obj_ids[] = $ilUser->getId();
312
313 if($ilSetting->get("enable_global_profiles"))
314 {
317 }
318
319 return $obj_ids;
320 }
321
322 public function getSharedOwners()
323 {
324 global $ilUser, $ilDB;
325
326 $obj_ids = $this->getPossibleSharedTargets();
327
328 $user_ids = array();
329 $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title".
330 " FROM object_data obj".
331 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
332 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
333 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
334 " JOIN usr_data u on (u.usr_id = obj.owner)".
335 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
336 " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
337 " ORDER BY u.lastname, u.firstname, u.title");
338 while ($row = $ilDB->fetchAssoc($set))
339 {
340 $user_ids[$row["owner"]] = $row["lastname"].", ".$row["firstname"];
341 if($row["title"])
342 {
343 $user_ids[$row["owner"]] .= ", ".$row["title"];
344 }
345 }
346
347 return $user_ids;
348 }
349
350 public function getSharedObjects($a_owner_id)
351 {
352 global $ilDB;
353
354 $obj_ids = $this->getPossibleSharedTargets();
355
356 $res = array();
357 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id".
358 " FROM object_data obj".
359 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
360 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
361 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
362 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
363 " AND obj.owner = ".$ilDB->quote($a_owner_id, "integer"));
364 while ($row = $ilDB->fetchAssoc($set))
365 {
366 $res[$row["wsp_id"]] = $row["obj_id"];
367 }
368
369 return $res;
370 }
371
372 public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
373 {
374 global $ilDB, $ilUser;
375
376 if(!$a_filter["acl_type"])
377 {
378 $obj_ids = $this->getPossibleSharedTargets();
379 }
380 else
381 {
382 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
383
384 switch($a_filter["acl_type"])
385 {
386 case "all":
387 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
388 break;
389
390 case "password":
392 break;
393
394 case "registered":
396 break;
397
398 case "course":
399 $obj_ids = $a_crs_ids;
400 break;
401
402 case "group":
403 $obj_ids = $a_grp_ids;
404 break;
405
406 case "user":
407 $obj_ids = array($ilUser->getId());
408 break;
409 }
410 }
411
412 $res = array();
413
414 $sql = "SELECT ref.wsp_id,obj.obj_id,obj.type,obj.title,obj.owner,".
415 "acl.object_id acl_type, acl.tstamp acl_date".
416 " FROM object_data obj".
417 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
418 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
419 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
420 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
421 " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer");
422
423 if($a_filter["obj_type"])
424 {
425 $sql .= " AND obj.type = ".$ilDB->quote($a_filter["obj_type"], "text");
426 }
427 if($a_filter["title"] && strlen($a_filter["title"]) >= 3)
428 {
429 $sql .= " AND ".$ilDB->like("obj.title", "text", "%".$a_filter["title"]."%");
430 }
431 if($a_filter["user"] && strlen($a_filter["user"]) >= 3)
432 {
433 $usr_ids = array();
434 $set = $ilDB->query("SELECT usr_id FROM usr_data".
435 " WHERE (".$ilDB->like("login", "text", "%".$a_filter["user"]."%")." ".
436 "OR ".$ilDB->like("firstname", "text", "%".$a_filter["user"]."%")." ".
437 "OR ".$ilDB->like("lastname", "text", "%".$a_filter["user"]."%")." ".
438 "OR ".$ilDB->like("email", "text", "%".$a_filter["user"]."%").")");
439 while($row = $ilDB->fetchAssoc($set))
440 {
441 $usr_ids[] = $row["usr_id"];
442 }
443 if(!sizeof($usr_ids))
444 {
445 return;
446 }
447 $sql .= " AND ".$ilDB->in("obj.owner", $usr_ids, "", "integer");
448 }
449
450 if($a_filter["acl_date"])
451 {
452 $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
453 $dt = new ilDateTime($dt." 00:00:00", IL_CAL_DATETIME);
454 $sql .= " AND acl.tstamp > ".$ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
455 }
456
457 if($a_filter["crsgrp"])
458 {
459 include_once "Services/Membership/classes/class.ilParticipants.php";
460 $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
461 $part = $part->getParticipants();
462 if(!sizeof($part))
463 {
464 return;
465 }
466 $sql .= " AND ".$ilDB->in("obj.owner", $part, "", "integer");
467 }
468
469 // we use the oldest share date
470 $sql .= " ORDER BY acl.tstamp";
471
472 $set = $ilDB->query($sql);
473 while ($row = $ilDB->fetchAssoc($set))
474 {
475 if(!isset($res[$row["wsp_id"]]))
476 {
477 $row["acl_type"] = array($row["acl_type"]);
478 $res[$row["wsp_id"]] = $row;
479 }
480 else
481 {
482 $res[$row["wsp_id"]]["acl_type"][] = $row["acl_type"];
483 }
484 }
485
486 return $res;
487 }
488
489 public static function getSharedNodePassword($a_node_id)
490 {
491 global $ilDB;
492
493 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
494
495 $set = $ilDB->query("SELECT * FROM acl_ws".
496 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
497 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
498 $res = $ilDB->fetchAssoc($set);
499 if($res)
500 {
501 return $res["extended_data"];
502 }
503 }
504
505 public static function keepSharedSessionPassword($a_node_id, $a_password)
506 {
507 $_SESSION["ilshpw_".$a_node_id] = $a_password;
508 }
509
510 public static function getSharedSessionPassword($a_node_id)
511 {
512 return $_SESSION["ilshpw_".$a_node_id];
513 }
514
515 public static function getGotoLink($a_node_id, $a_obj_id, $a_additional = null)
516 {
517 include_once('./Services/Link/classes/class.ilLink.php');
518 return ilLink::_getStaticLink($a_node_id, ilObject::_lookupType($a_obj_id), true, $a_additional."_wsp");
519 }
520
521 public function getObjectsIShare()
522 {
523 global $ilDB, $ilUser;
524
525 $res = array();
526 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id".
527 " FROM object_data obj".
528 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
529 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
530 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
531 " WHERE obj.owner = ".$ilDB->quote($ilUser->getId(), "integer"));
532 while ($row = $ilDB->fetchAssoc($set))
533 {
534 $res[$row["wsp_id"]] = $row["obj_id"];
535 }
536
537 return $res;
538 }
539
540 public static function getObjectDataFromNode($a_node_id)
541 {
542 global $ilDB;
543
544 $set = $ilDB->query("SELECT obj.obj_id, obj.type, obj.title".
545 " FROM object_reference_ws ref".
546 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
547 " JOIN object_data obj ON (ref.obj_id = obj.obj_id)".
548 " WHERE ref.wsp_id = ".$ilDB->quote($a_node_id, "integer"));
549 return $ilDB->fetchAssoc($set);
550 }
551}
552
553?>
$_SESSION["AccountId"]
const IL_CAL_DATE
const IL_CAL_UNIX
const IL_CAL_DATETIME
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
@classDescription Date and time handling
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
static _lookupType($a_id, $a_reference=false)
lookup object type
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Tree class data representation in hierachical trees using the Nested Set Model with Gaps by Joe Celco...
readRootId()
read root id from database
Access handler for personal workspace.
static getGotoLink($a_node_id, $a_obj_id, $a_additional=null)
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
static keepSharedSessionPassword($a_node_id, $a_password)
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
static getPermissions($a_node_id)
Get all permissions to node.
checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Tree handler for personal workspace.
global $lng
Definition: privfeed.php:40
global $ilSetting
Definition: privfeed.php:40
global $ilDB
global $ilUser
Definition: imgupload.php:15