ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilClaimingPermissionHelper.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
12 abstract class ilClaimingPermissionHelper
13 {
14  protected $user_id; // [int]
15  protected $ref_id; // [int]
16  protected $map; // [array]
17  protected $context_ids; // [array]
18  protected $plugins; // [array]
19 
20  protected static $instances; // [array]
21 
22 
23  // constructor
24 
32  protected function __construct($a_user_id, $a_ref_id)
33  {
34  $this->setUserId($a_user_id);
35  $this->setRefId($a_ref_id);
36  $this->map = $this->buildPermissionMap();
37  $this->reset();
38  }
39 
47  public static function getInstance($a_user_id = null, $a_ref_id = null)
48  {
49  global $ilUser;
50 
51  if(!$a_user_id)
52  {
53  $a_user_id = $ilUser->getId();
54  }
55  if(!$a_ref_id)
56  {
57  $a_ref_id = (int)$_REQUEST["ref_id"];
58  }
59  if(!isset(self::$instances[$a_user_id][$a_ref_id]))
60  {
61  self::$instances[$a_user_id][$a_ref_id] = new static($a_user_id, $a_ref_id);
62  }
63  return self::$instances[$a_user_id][$a_ref_id];
64  }
65 
69  public function reset()
70  {
71  $this->context_ids = array();
72  }
73 
74 
75  // properties
76 
82  protected function setUserId($a_value)
83  {
84  $this->user_id = (int)$a_value;
85  }
86 
92  protected function getUserId()
93  {
94  return $this->user_id;
95  }
96 
102  protected function setRefId($a_value)
103  {
104  $this->ref_id = (int)$a_value;
105  }
106 
112  protected function getRefId()
113  {
114  return $this->ref_id;
115  }
116 
117 
118  // caching
119 
127  abstract protected function readContextIds($a_context_type);
128 
129 
130  // permissions
131 
137  abstract protected function buildPermissionMap();
138 
148  protected function isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
149  {
150  $valid = false;
151 
152  if(array_key_exists($a_context_type, $this->map))
153  {
154  if(!$a_action_sub_id)
155  {
156  if(in_array($a_action_id, $this->map[$a_context_type]["actions"]))
157  {
158  $valid = true;
159  }
160  }
161  else
162  {
163  if(array_key_exists($a_action_id, $this->map[$a_context_type]["subactions"]) &&
164  in_array($a_action_sub_id, $this->map[$a_context_type]["subactions"][$a_action_id]))
165  {
166  $valid = true;
167  }
168  }
169  }
170 
171  if($valid &&
172  $a_context_id &&
173  !in_array($a_context_id, $this->getValidContextIds($a_context_type)))
174  {
175  $valid = false;
176  }
177 
178  if(DEVMODE && !$valid)
179  {
180  trigger_error("INVALID permission context - ".$a_context_type.":".$a_context_id.":".$a_action_id.":".$a_action_sub_id, E_USER_WARNING);
181  }
182 
183  return $valid;
184  }
185 
193  protected function getValidContextIds($a_context_type)
194  {
195  if(!array_key_exists($a_context_type, $this->context_ids))
196  {
197  $this->context_ids[$a_context_type] = $this->readContextIds($a_context_type);
198  }
199  return (array)$this->context_ids[$a_context_type];
200  }
201 
211  public function hasPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
212  {
213  if($this->isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id))
214  {
215  return $this->checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id);
216  }
217  // :TODO: exception?
218  }
219 
228  public function hasPermissions($a_context_type, $a_context_id, array $a_action_ids)
229  {
230  $res = array();
231 
232  foreach($a_action_ids as $action_id)
233  {
234  if(is_array($action_id))
235  {
236  $action_sub_id = $action_id[1];
237  $action_id = $action_id[0];
238 
239  $res[$action_id][$action_sub_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id, $action_sub_id);
240  }
241  else
242  {
243  $res[$action_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id);
244  }
245  }
246 
247  return $res;
248  }
249 
259  protected function checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
260  {
261  return ($this->checkRBAC() &&
262  $this->checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id));
263  }
264 
270  protected function checkRBAC()
271  {
272  global $ilAccess;
273 
274  // we are currently only supporting write operations
275  return $ilAccess->checkAccessOfUser($this->getUserId(), "write", "", $this->getRefId());
276  }
277 
283  abstract protected function getActivePlugins();
284 
294  protected function checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
295  {
296  $valid = true;
297 
298  if(!is_array($this->plugins))
299  {
300  $this->plugins = (array)$this->getActivePlugins();
301  }
302 
303  foreach($this->plugins as $plugin)
304  {
305  if(!$plugin->checkPermission($this->getUserId(), $a_context_type, $a_context_id, $a_action_id, $a_action_sub_id))
306  {
307  $valid = false;
308  break;
309  }
310  }
311 
312  return $valid;
313  }
314 }
315 
316 ?>
ilClaimingPermissionHelper\getInstance
static getInstance($a_user_id=null, $a_ref_id=null)
Factory.
Definition: class.ilClaimingPermissionHelper.php:47
ilClaimingPermissionHelper\hasPermissions
hasPermissions($a_context_type, $a_context_id, array $a_action_ids)
Check permissions.
Definition: class.ilClaimingPermissionHelper.php:228
ilClaimingPermissionHelper
Claiming permission helper base class.
Definition: class.ilClaimingPermissionHelper.php:12
ilClaimingPermissionHelper\checkPermission
checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission (helper: rbac, plugins)
Definition: class.ilClaimingPermissionHelper.php:259
$valid
$valid
Definition: dummy_client.php:53
ilClaimingPermissionHelper\readContextIds
readContextIds($a_context_type)
Get all context ids for context type (from DB, is cached)
ilClaimingPermissionHelper\getActivePlugins
getActivePlugins()
Get active plugins (for current slot)
ilClaimingPermissionHelper\buildPermissionMap
buildPermissionMap()
Build map of context and actions.
ilClaimingPermissionHelper\hasPermission
hasPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission.
Definition: class.ilClaimingPermissionHelper.php:211
ilClaimingPermissionHelper\checkRBAC
checkRBAC()
Check permission against RBAC.
Definition: class.ilClaimingPermissionHelper.php:270
ilClaimingPermissionHelper\isValidContextAndAction
isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check if given combination of context and action is valid.
Definition: class.ilClaimingPermissionHelper.php:148
ilClaimingPermissionHelper\checkPlugins
checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission against plugins.
Definition: class.ilClaimingPermissionHelper.php:294
$ilUser
global $ilUser
Definition: imgupload.php:15
ilClaimingPermissionHelper\__construct
__construct($a_user_id, $a_ref_id)
Constructor.
Definition: class.ilClaimingPermissionHelper.php:32
$_REQUEST
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
ilClaimingPermissionHelper\getValidContextIds
getValidContextIds($a_context_type)
Get context ids for context type (uses cache)
Definition: class.ilClaimingPermissionHelper.php:193