ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
ilAccessHandler Class Reference

Class ilAccessHandler. More...

+ Collaboration diagram for ilAccessHandler:

Public Member Functions

 ilAccessHandler ()
 constructor More...
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access result More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result. More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result. More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents More...
 
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check for course activation More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission) More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check More...
 
 doLicenseCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for available licenses More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 

Protected Attributes

 $stored_rbac_access = array()
 

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author
Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 20 of file class.ilAccessHandler.php.

Member Function Documentation

◆ addInfoItem()

ilAccessHandler::addInfoItem (   $a_type,
  $a_text,
  $a_data = "" 
)

add an info item to current info object

Definition at line 189 of file class.ilAccessHandler.php.

190 {
191 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
192 }

◆ checkAccess()

ilAccessHandler::checkAccess (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Definition at line 206 of file class.ilAccessHandler.php.

207 {
208 global $ilUser;
209
210 return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
211 }
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
global $ilUser
Definition: imgupload.php:15

References $ilUser, and checkAccessOfUser().

+ Here is the call graph for this function:

◆ checkAccessOfUser()

ilAccessHandler::checkAccessOfUser (   $a_user_id,
  $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Definition at line 226 of file class.ilAccessHandler.php.

227 {
228 global $ilBench, $lng;
229
230 $this->setPreventCachingLastResult(false); // for external db based caches
231
232 $ilBench->start("AccessControl", "0400_clear_info");
233 $this->current_info->clear();
234 $ilBench->stop("AccessControl", "0400_clear_info");
235
236
237 // get stored result (internal memory based cache)
238 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
239 if ($cached["hit"])
240 {
241 // Store access result
242 if (!$cached["granted"])
243 {
244 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
245 }
246 if ($cached["prevent_db_cache"])
247 {
248 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
249 }
250 return $cached["granted"];
251 }
252
253 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
254 // get object id if not provided
255 if ($a_obj_id == "")
256 {
257 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
258 {
259 $a_obj_id = $this->obj_id_cache[$a_ref_id];
260 }
261 else
262 {
263 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
264 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
265 }
266 }
267 if ($a_type == "")
268 {
269 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "")
270 {
271 $a_type = $this->obj_type_cache[$a_ref_id];
272 }
273 else
274 {
275 $a_type = ilObject::_lookupType($a_ref_id, true);
276 $this->obj_type_cache[$a_ref_id] = $a_type;
277 }
278 }
279
280 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
281
282 // to do: payment handling
283
284 // if supplied tree id is not = 1 (= repository main tree),
285 // check if object is in tree and not deleted
286 if ($a_tree_id != 1 &&
287 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
288 {
289 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
290 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
291 return false;
292 }
293
294 // rbac check for current object
295 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
296 {
297 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
298 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
299 return false;
300 }
301
302 // Check object activation
303 $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
304 if(!$act_check)
305 {
306 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
307 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
308 return false;
309 }
310
311 // check read permission for all parents
312 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
313 if (!$par_check)
314 {
315
316 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
317 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
318 return false;
319 }
320
321 // condition check (currently only implemented for read permission)
322 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
323 {
324 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
325 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
326 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
327 return false;
328 }
329
330 // object type specific check
331 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
332 {
333 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
334 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
335 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
336 return false;
337 }
338
339 // check for available licenses
340 if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
341 {
342 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
343 return false;
344 }
345
346 // all checks passed
347 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
348 return true;
349 }
const IL_NO_PERMISSION
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licenses
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activation
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permission
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deleted
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parents
setPreventCachingLastResult($a_val)
Set prevent caching last result.
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cache
static _lookupObjId($a_id)
static _lookupType($a_id, $a_reference=false)
lookup object type
global $ilBench
Definition: ilias.php:18
global $lng
Definition: privfeed.php:40

References $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), doActivationCheck(), doCacheCheck(), doConditionCheck(), doLicenseCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doActivationCheck(), doConditionCheck(), and doPathCheck().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ clear()

ilAccessHandler::clear ( )

Definition at line 801 of file class.ilAccessHandler.php.

802 {
803 $this->results = array();
804 $this->last_result = "";
805 $this->current_info = new ilAccessInfo();
806 }
class ilAccessInfo

◆ doActivationCheck()

ilAccessHandler::doActivationCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check for course activation

Definition at line 567 of file class.ilAccessHandler.php.

568 {
569 global $ilBench,$ilUser;
570
571 $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
572
573 $cache_perm = ($a_permission == "visible")
574 ? "visible"
575 : "other";
576
577//echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
578
579 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
580 {
581 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
582 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
583 }
584
585 // nothings needs to be done if current permission is write permission
586 if($a_permission == 'write')
587 {
588 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
589 return true;
590 }
591
592 // #10852 - member view check
593 if($a_user_id == $ilUser->getId())
594 {
595 // #10905 - activate parent container ONLY
596 include_once './Services/Container/classes/class.ilMemberViewSettings.php';
598 if($memview->isActiveForRefId($a_ref_id) &&
599 $memview->getContainer() == $a_ref_id)
600 {
601 return true;
602 }
603 }
604
605 include_once 'Services/Object/classes/class.ilObjectActivation.php';
606 $item_data = ilObjectActivation::getItem($a_ref_id);
607
608 // if activation isn't enabled
609 if($item_data === NULL ||
610 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION)
611 {
612 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
613 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
614 return true;
615 }
616
617 // if within activation time
618 if((time() >= $item_data['timing_start']) and
619 (time() <= $item_data['timing_end']))
620 {
621 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
622 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
623 return true;
624 }
625
626 // if user has write permission
627 if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
628 {
629 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
630 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
631 return true;
632 }
633 // if current permission is visible and visible is set in activation
634 if($a_permission == 'visible' and $item_data['visible'])
635 {
636 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
637 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
638 return true;
639 }
640 // no access
641 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
642 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
643 return false;
644 }
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.

References $ilBench, $ilUser, checkAccessOfUser(), ilMemberViewSettings\getInstance(), ilObjectActivation\getItem(), and ilObjectActivation\TIMINGS_ACTIVATION.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doCacheCheck()

ilAccessHandler::doCacheCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

look if result for current query is already in cache

Definition at line 384 of file class.ilAccessHandler.php.

385 {
386 global $ilBench;
387 //echo "cacheCheck<br/>";
388
389 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
390 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
391 //var_dump($stored_access);
392 if (is_array($stored_access))
393 {
394 $this->current_info = $stored_access["info"];
395 //var_dump("cache-treffer:");
396 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
397 return array("hit" => true, "granted" => $stored_access["granted"],
398 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
399 }
400
401 // not in cache
402 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
403 return array("hit" => false, "granted" => false,
404 "prevent_db_cache" => false);
405 }
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result

References $ilBench, and getStoredAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doConditionCheck()

ilAccessHandler::doConditionCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

condition check (currently only implemented for read permission)

Definition at line 650 of file class.ilAccessHandler.php.

651 {
652 //echo "conditionCheck<br/>";
653 global $lng, $ilBench;
654
655 if(
656 ($a_permission == 'visible') and
657 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
658 )
659 {
661 {
662 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
663 {
664 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
665 foreach ($conditions as $condition)
666 {
667 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
668 $lng->txt("missing_precondition").": ".
669 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
670 $lng->txt("condition_".$condition["operator"])." ".
671 $condition["value"], $condition);
672 }
673 return FALSE;
674 }
675 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
676 }
677 }
678
679
680 if (($a_permission == "read" or $a_permission == 'join') &&
681 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
682 {
683 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
684 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
685 {
686 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
687 foreach ($conditions as $condition)
688 {
689 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
690 $lng->txt("missing_precondition").": ".
691 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
692 $lng->txt("condition_".$condition["operator"])." ".
693 $condition["value"], $condition);
694 }
695 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
696 return false;
697 }
698 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
699 }
700
701 return true;
702 }
const IL_MISSING_PRECONDITION
_checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
static _lookupTitle($a_id)
lookup object title

References $ilBench, $lng, ilConditionHandler\_checkAllConditionsOfTarget(), ilConditionHandler\_getConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), IL_MISSING_PRECONDITION, and ilConditionHandler\lookupHiddenStatusByTarget().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doLicenseCheck()

ilAccessHandler::doLicenseCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

check for available licenses

Definition at line 754 of file class.ilAccessHandler.php.

755 {
756 global $lng;
757
758 // simple checks first
759 if (!in_array($a_type, array('sahs','htlm'))
760 or !in_array($a_permission, array('read')))
761 {
762 $has_access = true;
763 }
764 else
765 {
766 require_once("Services/License/classes/class.ilLicenseAccess.php");
767
768 // licensing globally disabled => access granted
770 {
771 $has_access = true;
772 }
773 /* resolved mantis issue #5288:
774 * admins should not automatically have read access!
775 * their read access will also be noted and consume a license
776 elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
777 {
778 $has_access = true;
779 }
780 */
781 // now do the real check
782 else
783 {
784 $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
785 }
786 }
787
788 if ($has_access)
789 {
790 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
791 return true;
792 }
793 else
794 {
795 $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
796 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
797 return false;
798 }
799 }
const IL_NO_LICENSE
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.

References $lng, ilLicenseAccess\_checkAccess(), ilLicenseAccess\_isEnabled(), IL_NO_LICENSE, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doPathCheck()

ilAccessHandler::doPathCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check read permission for all parents

Definition at line 520 of file class.ilAccessHandler.php.

521 {
522 global $tree, $lng, $ilBench,$ilObjDataCache;
523//echo "<br>dopathcheck";
524 //echo "pathCheck<br/>";
525 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
526
527// if (isset($this->stored_path[$a_ref_id]))
528// {
529// $path = $this->stored_path[$a_ref_id];
530// }
531// else
532// {
533 $path = $tree->getPathId($a_ref_id);
534// $this->stored_path[$a_ref_id] = $path;
535// }
536 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
537
538 foreach ($path as $id)
539 {
540 if ($a_ref_id == $id)
541 {
542 continue;
543 }
544
545 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
546
547 if ($access == false)
548 {
549
550 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
551 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
552
553 if ($a_all == false)
554 {
555 return false;
556 }
557 }
558 }
559
560 return true;
561 }
const IL_NO_PARENT_ACCESS
$path
Definition: index.php:22

References $ilBench, $lng, $path, checkAccessOfUser(), and IL_NO_PARENT_ACCESS.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doRBACCheck()

ilAccessHandler::doRBACCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_type 
)

rbac check for current object -> type should be used for create permission

Definition at line 471 of file class.ilAccessHandler.php.

472 {
473 global $lng, $ilBench, $ilErr, $ilLog;
474
475 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
476
477 if ($a_permission == "")
478 {
479 $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
480 get_class($this),
481 $a_ref_id);
482 $ilLog->write($message,$ilLog->FATAL);
483 $ilErr->raiseError($message,$ilErr->MESSAGE);
484 }
485
486 if (isset($this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id]))
487 {
488 $access = $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id];
489 }
490 else
491 {
492 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
493 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
494 {
495 if ($a_permission != "create")
496 {
497 $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id] = $access;
498 }
499 }
500 }
501
502 // Store in result cache
503 if (!$access)
504 {
505 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
506 }
507 if ($a_permission != "create")
508 {
509 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
510 }
511 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
512
513 return $access;
514 }

References $ilBench, $ilErr, $ilLog, $lng, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doStatusCheck()

ilAccessHandler::doStatusCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

object type specific check

Definition at line 708 of file class.ilAccessHandler.php.

709 {
710 global $objDefinition, $ilBench, $ilPluginAdmin;
711 //echo "statusCheck<br/>";
712 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
713
714 // check for a deactivated plugin
715 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
716 {
717 return false;
718 }
719 if(!$a_type)
720 {
721 return false;
722 }
723
724 $class = $objDefinition->getClassName($a_type);
725 $location = $objDefinition->getLocation($a_type);
726 $full_class = "ilObj".$class."Access";
727 include_once($location."/class.".$full_class.".php");
728 // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
729
730 $ilBench->start("AccessControl", "5001_checkAccess_".$full_class."_check");
731 $obj_access = call_user_func(array($full_class, "_checkAccess"),
732 $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
733 $ilBench->stop("AccessControl", "5001_checkAccess_".$full_class."_check");
734 if (!($obj_access === true))
735 {
736 //Note: We must not add an info item here, because one is going
737 // to be added by the user function we just called a few
738 // lines above.
739 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
740
741 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
742 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
743 return false;
744 }
745
746 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
747 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
748 return true;
749 }
$location
Definition: buildRTE.php:44

References $ilBench, $location, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doTreeCheck()

ilAccessHandler::doTreeCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

check if object is in tree and not deleted

Definition at line 411 of file class.ilAccessHandler.php.

412 {
413 global $tree, $lng, $ilBench;
414 //echo "treeCheck<br/>";
415
416 // Get stored result
417 $tree_cache_key = $a_user_id.':'.$a_ref_id;
418 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
419 // Store access result
420 if (!$this->obj_tree_cache[$tree_cache_key])
421 {
422 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
423 }
424 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
425
426 return $this->obj_tree_cache[$tree_cache_key];
427 }
428
429 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
430
431 if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
432 {
433 // Store negative access results
434
435 // Store in tree cache
436 // Note, we only store up to 1000 results to avoid memory overflow.
437 if (count($this->obj_tree_cache) < 1000)
438 {
439 $this->obj_tree_cache[$tree_cache_key] = false;
440 }
441
442 // Store in result cache
443 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
444 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
445
446 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
447
448 return false;
449 }
450
451 // Store positive access result.
452
453 // Store in tree cache
454 // Note, we only store up to 1000 results to avoid memory overflow.
455 if (count($this->obj_tree_cache) < 1000)
456 {
457 $this->obj_tree_cache[$tree_cache_key] = true;
458 }
459
460 // Store in result cache
461 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
462
463 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
464 return true;
465 }
const IL_DELETED

References $ilBench, $lng, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ enable()

ilAccessHandler::enable (   $a_str,
  $a_bool 
)

Definition at line 808 of file class.ilAccessHandler.php.

809 {
810 $this->$a_str = $a_bool;
811 }

◆ getInfo()

ilAccessHandler::getInfo ( )

get last info object

Definition at line 354 of file class.ilAccessHandler.php.

355 {
356 //return $this->last_result;
357 //$this->last_info->setQueryData($this->current_result_element);
358 //var_dump("<pre>",$this->results,"</pre>");
359 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
360 }

◆ getPreventCachingLastResult()

ilAccessHandler::getPreventCachingLastResult ( )

Get prevent caching last result.

Returns
boolean true if last result should not be cached

Definition at line 104 of file class.ilAccessHandler.php.

105 {
106 return $this->prevent_caching_last_result;
107 }

Referenced by storeAccessResult().

+ Here is the caller graph for this function:

◆ getResultAll()

ilAccessHandler::getResultAll (   $a_ref_id = "")

Definition at line 370 of file class.ilAccessHandler.php.

371 {
372 if ($a_ref_id == "")
373 {
374 return $this->results;
375 }
376
377 return $this->results[$a_ref_id];
378 }
$results

References $results.

◆ getResultLast()

ilAccessHandler::getResultLast ( )

get last info object

Definition at line 365 of file class.ilAccessHandler.php.

366 {
367 return $this->last_result;
368 }

◆ getResults()

ilAccessHandler::getResults ( )

Definition at line 176 of file class.ilAccessHandler.php.

177 {
178 return $this->results;
179 }

References $results.

◆ getStoredAccessResult()

ilAccessHandler::getStoredAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id = "" 
)

get stored access result

@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Definition at line 121 of file class.ilAccessHandler.php.

122 {
123 global $ilUser;
124
125 if ($a_user_id == "")
126 {
127 $a_user_id = $ilUser->getId();
128 }
129
130 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
131 {
132 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
133 }*/
134
135 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
136 {
137 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138 }
139 return false;
140 }

References $ilUser.

Referenced by doCacheCheck().

+ Here is the caller graph for this function:

◆ ilAccessHandler()

ilAccessHandler::ilAccessHandler ( )

constructor

Definition at line 27 of file class.ilAccessHandler.php.

28 {
29 global $rbacsystem,$lng;
30
31 $this->rbacsystem =& $rbacsystem;
32 $this->results = array();
33 $this->current_info = new ilAccessInfo();
34
35 // use function enable to switch on/off tests (only cache is used so far)
36 $this->cache = true;
37 $this->rbac = true;
38 $this->tree = true;
39 $this->condition = true;
40 $this->path = true;
41 $this->status = true;
42 $this->obj_id_cache = array();
43 $this->obj_type_cache = array();
44 $this->obj_tree_cache=array();
45 }

References $lng.

◆ readCache()

ilAccessHandler::readCache (   $a_secs = 0)

Definition at line 156 of file class.ilAccessHandler.php.

157 {
158 global $ilUser, $ilDB;
159
160 if ($a_secs > 0)
161 {
162 $query = "SELECT * FROM acc_cache WHERE user_id = ".
163 $ilDB->quote($ilUser->getId() ,'integer');
164 $set = $ilDB->query($query);
165 $rec = $set->fetchRow(DB_FETCHMODE_ASSOC);
166 if ((time() - $rec["time"]) < $a_secs)
167 {
168 $this->results = unserialize($rec["result"]);
169//var_dump($this->results);
170 return true;
171 }
172 }
173 return false;
174 }
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
global $ilDB

References $ilDB, $ilUser, $query, and DB_FETCHMODE_ASSOC.

◆ setPreventCachingLastResult()

ilAccessHandler::setPreventCachingLastResult (   $a_val)

Set prevent caching last result.

Parameters
booleantrue if last result should not be cached

Definition at line 94 of file class.ilAccessHandler.php.

95 {
96 $this->prevent_caching_last_result = $a_val;
97 }

Referenced by checkAccessOfUser().

+ Here is the caller graph for this function:

◆ setResults()

ilAccessHandler::setResults (   $a_results)

Definition at line 181 of file class.ilAccessHandler.php.

182 {
183 $this->results = $a_results;
184 }

◆ storeAccessResult()

ilAccessHandler::storeAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_access_granted,
  $a_user_id = "",
  $a_info = "" 
)

store access result

@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)

Definition at line 57 of file class.ilAccessHandler.php.

58 {
59 global $ilUser;
60
61 if ($a_user_id == "")
62 {
63 $a_user_id = $ilUser->getId();
64 }
65
66 if ($a_info == "")
67 {
68 $a_info = $this->current_info;
69 }
70
71 //var_dump("<pre>",$a_permission,"</pre>");
72
73 if ($this->cache)
74 {
75 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76 array("granted" => $a_access_granted, "info" => $a_info,
77 "prevent_db_cache" => $this->getPreventCachingLastResult());
78//echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
79 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81 $this->last_info = $a_info;
82 }
83
84 // get new info object
85 $this->current_info = new ilAccessInfo();
86
87 }
getPreventCachingLastResult()
Get prevent caching last result.

References $ilUser, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doLicenseCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCache()

ilAccessHandler::storeCache ( )

Definition at line 142 of file class.ilAccessHandler.php.

143 {
144 global $ilDB, $ilUser;
145
146 $query = "DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),'integer');
147 $res = $ilDB->manipulate($query);
148
149 $ilDB->insert('acc_cache', array(
150 'user_id' => array('integer',$ilUser->getId()),
151 'time' => array('integer',time()),
152 'result' => array('clob',serialize($this->results))
153 ));
154 }

References $ilDB, $ilUser, $query, and $res.

Field Documentation

◆ $stored_rbac_access

ilAccessHandler::$stored_rbac_access = array()
protected

Definition at line 22 of file class.ilAccessHandler.php.


The documentation for this class was generated from the following file: