ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilPortfolioAccessHandler.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once "Modules/Portfolio/classes/class.ilObjPortfolio.php";
6include_once "Modules/Group/classes/class.ilGroupParticipants.php";
7include_once "Modules/Course/classes/class.ilCourseParticipants.php";
8include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
9require_once('./Services/WebAccessChecker/interfaces/interface.ilWACCheckingClass.php');
10
20{
21 public function __construct()
22 {
23 global $lng;
24 $lng->loadLanguageModule("wsp");
25 }
26
36 public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
37 {
38 global $ilUser;
39
40 return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_node_id, $a_type);
41 }
42
53 public function checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
54 {
55 global $rbacreview, $ilUser, $ilSetting;
56
57 // #20310
58 if(!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID)
59 {
60 return false;
61 }
62
63 // #12059
64 if (!$ilSetting->get('user_portfolios'))
65 {
66 return false;
67 }
68
69 // :TODO: create permission for parent node with type ?!
70
71 $pf = new ilObjPortfolio($a_node_id, false);
72 if(!$pf->getId())
73 {
74 return false;
75 }
76
77 // portfolio owner has all rights
78 if($pf->getOwner() == $a_user_id)
79 {
80 return true;
81 }
82
83 // #11921
84 if(!$pf->isOnline())
85 {
86 return false;
87 }
88
89 // other users can only read
90 if($a_permission == "read" || $a_permission == "visible")
91 {
92 // get all objects with explicit permission
93 $objects = $this->getPermissions($a_node_id);
94 if($objects)
95 {
96 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
97
98 // check if given user is member of object or has role
99 foreach($objects as $obj_id)
100 {
101 switch($obj_id)
102 {
104 return true;
105
107 // check against input kept in session
108 if(self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
109 $a_permission == "visible")
110 {
111 return true;
112 }
113 break;
114
116 if($ilUser->getId() != ANONYMOUS_USER_ID)
117 {
118 return true;
119 }
120 break;
121
122 default:
123 switch(ilObject::_lookupType($obj_id))
124 {
125 case "grp":
126 // member of group?
127 if(ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
128 {
129 return true;
130 }
131 break;
132
133 case "crs":
134 // member of course?
135 if(ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
136 {
137 return true;
138 }
139 break;
140
141 case "role":
142 // has role?
143 if($rbacreview->isAssigned($a_user_id, $obj_id))
144 {
145 return true;
146 }
147 break;
148
149 case "usr":
150 // direct assignment
151 if($a_user_id == $obj_id)
152 {
153 return true;
154 }
155 break;
156 }
157 break;
158 }
159 }
160 }
161 }
162
163 return false;
164 }
165
172 public function setPermissions($a_parent_node_id, $a_node_id)
173 {
174 // nothing to do as owner has irrefutable rights to any portfolio object
175 }
176
184 public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
185 {
186 global $ilDB, $ilUser;
187
188 // current owner must not be added
189 if($a_object_id == $ilUser->getId())
190 {
191 return;
192 }
193
194 $ilDB->manipulate("INSERT INTO usr_portf_acl (node_id, object_id, extended_data, tstamp)".
195 " VALUES (".$ilDB->quote($a_node_id, "integer").", ".
196 $ilDB->quote($a_object_id, "integer").",".
197 $ilDB->quote($a_extended_data, "text").",".
198 $ilDB->quote(time(), "integer").")");
199
200 // portfolio as profile
201 $this->syncProfile($a_node_id);
202 }
203
210 public function removePermission($a_node_id, $a_object_id = null)
211 {
212 global $ilDB;
213
214 $query = "DELETE FROM usr_portf_acl".
215 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer");
216
217 if($a_object_id)
218 {
219 $query .= " AND object_id = ".$ilDB->quote($a_object_id, "integer");
220 }
221
222 $ilDB->manipulate($query);
223
224 // portfolio as profile
225 $this->syncProfile($a_node_id);
226 }
227
234 public function getPermissions($a_node_id)
235 {
236 global $ilDB;
237
238 $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
239 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer"));
240 $res = array();
241 while($row = $ilDB->fetchAssoc($set))
242 {
243 $res[] = $row["object_id"];
244 }
245 return $res;
246 }
247
248 public function hasRegisteredPermission($a_node_id)
249 {
250 global $ilDB;
251
252 $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
253 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
254 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
255 return (bool)$ilDB->numRows($set);
256 }
257
258 public function hasGlobalPermission($a_node_id)
259 {
260 global $ilDB;
261
262 $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
263 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
264 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
265 return (bool)$ilDB->numRows($set);
266 }
267
268 public function hasGlobalPasswordPermission($a_node_id)
269 {
270 global $ilDB;
271
272 $set = $ilDB->query("SELECT object_id FROM usr_portf_acl".
273 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
274 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
275 return (bool)$ilDB->numRows($set);
276 }
277
278 public function getObjectsIShare($a_online_only = true)
279 {
280 global $ilDB, $ilUser;
281
282 $res = array();
283
284 $sql = "SELECT obj.obj_id".
285 " FROM object_data obj".
286 " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
287 " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
288 " WHERE obj.owner = ".$ilDB->quote($ilUser->getId(), "integer");
289
290 if($a_online_only)
291 {
292 $sql .= " AND prtf.is_online = ".$ilDB->quote(1, "integer");
293 }
294
295 $set = $ilDB->query($sql);
296 while ($row = $ilDB->fetchAssoc($set))
297 {
298 $res[] = $row["obj_id"];
299 }
300
301 return $res;
302 }
303
304 public static function getPossibleSharedTargets()
305 {
306 global $ilUser;
307
308 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
309 include_once "Services/Membership/classes/class.ilParticipants.php";
310 $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
311 $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
312
313 $obj_ids = array_merge($grp_ids, $crs_ids);
314 $obj_ids[] = $ilUser->getId();
318
319 return $obj_ids;
320 }
321
322 public function getSharedOwners()
323 {
324 global $ilUser, $ilDB;
325
326 $obj_ids = $this->getPossibleSharedTargets();
327
328 $user_ids = array();
329 $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title".
330 " FROM object_data obj".
331 " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
332 " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
333 " JOIN usr_data u on (u.usr_id = obj.owner)".
334 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
335 " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
336 " AND prtf.is_online = ".$ilDB->quote(1, "integer").
337 " ORDER BY u.lastname, u.firstname, u.title");
338 while ($row = $ilDB->fetchAssoc($set))
339 {
340 $user_ids[$row["owner"]] = $row["lastname"].", ".$row["firstname"];
341 if($row["title"])
342 {
343 $user_ids[$row["owner"]] .= ", ".$row["title"];
344 }
345 }
346
347 return $user_ids;
348 }
349
350 public function getSharedObjects($a_owner_id)
351 {
352 global $ilDB;
353
354 $obj_ids = $this->getPossibleSharedTargets();
355
356 $res = array();
357 $set = $ilDB->query("SELECT obj.obj_id, obj.owner".
358 " FROM object_data obj".
359 " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
360 " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
361 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
362 " AND obj.owner = ".$ilDB->quote($a_owner_id, "integer").
363 " AND prtf.is_online = ".$ilDB->quote(1, "integer"));
364 while ($row = $ilDB->fetchAssoc($set))
365 {
366 $res[$row["obj_id"]] = $row["obj_id"];
367 }
368
369 return $res;
370 }
371
372 public function getShardObjectsDataForUserIds(array $a_owner_ids)
373 {
374 global $ilDB;
375
376 $obj_ids = $this->getPossibleSharedTargets();
377
378 $res = array();
379
380 $set = $ilDB->query("SELECT obj.obj_id, obj.owner, obj.title".
381 " FROM object_data obj".
382 " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
383 " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
384 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
385 " AND ".$ilDB->in("obj.owner", $a_owner_ids, "", "integer").
386 " AND prtf.is_online = ".$ilDB->quote(1, "integer"));
387 while ($row = $ilDB->fetchAssoc($set))
388 {
389 $res[$row["owner"]][$row["obj_id"]] = $row["title"];
390 }
391
392 return $res;
393 }
394
395 public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
396 {
397 global $ilDB, $ilUser;
398 if(!$a_filter["acl_type"])
399 {
400 $obj_ids = $this->getPossibleSharedTargets();
401 }
402 else
403 {
404 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
405
406 switch($a_filter["acl_type"])
407 {
408 case "all":
409 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
410 break;
411
412 case "password":
414 break;
415
416 case "registered":
418 break;
419
420 case "course":
421 $obj_ids = $a_crs_ids;
422 break;
423
424 case "group":
425 $obj_ids = $a_grp_ids;
426 break;
427
428 case "user":
429 $obj_ids = array($ilUser->getId());
430 break;
431 }
432 }
433
434 $res = array();
435
436 $sql = "SELECT obj.obj_id,obj.title,obj.owner".
437 ",acl.object_id acl_type, acl.tstamp acl_date".
438 " FROM object_data obj".
439 " JOIN usr_portfolio prtf ON (prtf.id = obj.obj_id)".
440 " JOIN usr_portf_acl acl ON (acl.node_id = obj.obj_id)".
441 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
442 " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
443 " AND obj.type = ".$ilDB->quote("prtf", "text").
444 " AND prtf.is_online = ".$ilDB->quote(1, "integer");
445
446 if($a_filter["title"] && strlen($a_filter["title"]) >= 3)
447 {
448 $sql .= " AND ".$ilDB->like("obj.title", "text", "%".$a_filter["title"]."%");
449 }
450 if($a_filter["user"] && strlen($a_filter["user"]) >= 3)
451 {
452 $usr_ids = array();
453 $set = $ilDB->query("SELECT usr_id FROM usr_data".
454 " WHERE (".$ilDB->like("login", "text", "%".$a_filter["user"]."%")." ".
455 "OR ".$ilDB->like("firstname", "text", "%".$a_filter["user"]."%")." ".
456 "OR ".$ilDB->like("lastname", "text", "%".$a_filter["user"]."%")." ".
457 "OR ".$ilDB->like("email", "text", "%".$a_filter["user"]."%").")");
458 while($row = $ilDB->fetchAssoc($set))
459 {
460 $usr_ids[] = $row["usr_id"];
461 }
462 if(!sizeof($usr_ids))
463 {
464 return;
465 }
466 $sql .= " AND ".$ilDB->in("obj.owner", $usr_ids, "", "integer");
467 }
468
469 if($a_filter["acl_date"])
470 {
471 $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
472 $dt = new ilDateTime($dt." 00:00:00", IL_CAL_DATETIME);
473 $sql .= " AND acl.tstamp > ".$ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
474 }
475
476 if($a_filter["crsgrp"])
477 {
478 include_once "Services/Membership/classes/class.ilParticipants.php";
479 $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
480 $part = $part->getParticipants();
481 if(!sizeof($part))
482 {
483 return;
484 }
485 $sql .= " AND ".$ilDB->in("obj.owner", $part, "", "integer");
486 }
487
488 // we use the oldest share date
489 $sql .= " ORDER BY acl.tstamp";
490
491 $set = $ilDB->query($sql);
492 while ($row = $ilDB->fetchAssoc($set))
493 {
494 if(!isset($res[$row["obj_id"]]))
495 {
496 $row["acl_type"] = array($row["acl_type"]);
497 $res[$row["obj_id"]] = $row;
498 }
499 else
500 {
501 $res[$row["obj_id"]]["acl_type"][] = $row["acl_type"];
502 }
503 }
504
505 return $res;
506 }
507
508 public static function getSharedNodePassword($a_node_id)
509 {
510 global $ilDB;
511
512 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
513
514 $set = $ilDB->query("SELECT extended_data FROM usr_portf_acl".
515 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
516 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
517 $res = $ilDB->fetchAssoc($set);
518 if($res)
519 {
520 return $res["extended_data"];
521 }
522 }
523
524 public static function keepSharedSessionPassword($a_node_id, $a_password)
525 {
526 $_SESSION["ilshpw_".$a_node_id] = $a_password;
527 }
528
529 public static function getSharedSessionPassword($a_node_id)
530 {
531 return $_SESSION["ilshpw_".$a_node_id];
532 }
533
534 protected function syncProfile($a_node_id)
535 {
536 global $ilUser;
537
538 // #12845
539 include_once "Modules/Portfolio/classes/class.ilObjPortfolio.php";
540 if(ilObjPortfolio::getDefaultPortfolio($ilUser->getId()) == $a_node_id)
541 {
542 $has_registered = $this->hasRegisteredPermission($a_node_id);
543 $has_global = $this->hasGlobalPermission($a_node_id);
544
545 // not published anymore - remove portfolio as profile
546 if(!$has_registered && !$has_global)
547 {
548 $ilUser->setPref("public_profile", "n");
549 $ilUser->writePrefs();
551 }
552 // adapt profile setting
553 else
554 {
555 $new_pref = "y";
556 if($has_global)
557 {
558 $new_pref = "g";
559 }
560 if($ilUser->getPref("public_profile") != $new_pref)
561 {
562 $ilUser->setPref("public_profile", $new_pref);
563 $ilUser->writePrefs();
564 }
565 }
566 }
567 }
568
569
575 public function canBeDelivered(ilWACPath $ilWACPath) {
576 global $ilUser, $ilAccess;
577
578 if (preg_match("/\\/prtf_([\\d]*)\\//uism", $ilWACPath->getPath(), $results))
579 {
580 // portfolio (custom)
581 $obj_id = $results[1];
582 if(ilObject::_lookupType($obj_id) == "prtf")
583 {
584 if ($this->checkAccessOfUser($ilUser->getId(), "read", "view", $obj_id, "prtf")) {
585 return true;
586 }
587 }
588 // portfolio template (RBAC)
589 else
590 {
591 $ref_ids = ilObject::_getAllReferences($obj_id);
592 foreach($ref_ids as $ref_id)
593 {
594 if ($ilAccess->checkAccessOfUser($ilUser->getId(), "read", "view", $ref_id, "prtt", $obj_id))
595 {
596 return true;
597 }
598 }
599 }
600 }
601
602 return false;
603 }
604}
605
606?>
$_SESSION["AccountId"]
const IL_CAL_DATE
const IL_CAL_UNIX
const IL_CAL_DATETIME
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
@classDescription Date and time handling
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
static setUserDefault($a_user_id, $a_portfolio_id=null)
Set the user default portfolio.
static getDefaultPortfolio($a_user_id)
Get default portfolio of user.
static _getAllReferences($a_id)
get all reference ids of object
static _lookupType($a_id, $a_reference=false)
lookup object type
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Access handler for portfolio.
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
static keepSharedSessionPassword($a_node_id, $a_password)
getPermissions($a_node_id)
Get all permissions to node.
Class ilWACPath.
Class ilWACCheckingClass.
global $lng
Definition: privfeed.php:40
global $ilSetting
Definition: privfeed.php:40
$ref_id
Definition: sahs_server.php:39
$results
global $ilDB
global $ilUser
Definition: imgupload.php:15