4require_once(
"Services/AccessControl/classes/class.ilAccessInfo.php");
 
   31                $this->rbacsystem = $rbacsystem;
 
   32                $this->results = array();
 
   39                $this->condition = 
true;
 
   42                $this->obj_id_cache = array();
 
   43                $this->obj_type_cache = array();
 
   44        $this->obj_tree_cache=array();
 
   57        function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = 
"",$a_info = 
"")
 
   68                        $a_info = $this->current_info;
 
   75                        $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] = 
 
   76                                        array(
"granted" => $a_access_granted, 
"info" => $a_info,
 
   79                        $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);                     
 
   80                        $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
 
   81                        $this->last_info = $a_info;
 
   96                $this->prevent_caching_last_result = $a_val;
 
  106                return $this->prevent_caching_last_result;
 
  125                if ($a_user_id == 
"")
 
  135                if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
 
  137                        return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
 
  146                $query = 
"DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote(
$ilUser->getId(),
'integer');
 
  149                $ilDB->insert(
'acc_cache', array(
 
  150                        'user_id'       =>      array(
'integer',
$ilUser->getId()),
 
  151                        'time'          =>      array(
'integer',time()),
 
  152                        'result'        =>      array(
'clob',serialize($this->results))
 
  162                        $query = 
"SELECT * FROM acc_cache WHERE user_id = ".
 
  166                        if ((time() - $rec[
"time"]) < $a_secs)
 
  168                                $this->results = unserialize($rec[
"result"]);
 
  183                $this->results = $a_results;
 
  191                $this->current_info->addInfoItem(
$a_type, $a_text, $a_data);
 
  232                $ilBench->start(
"AccessControl", 
"0400_clear_info");
 
  233                $this->current_info->clear();
 
  234                $ilBench->stop(
"AccessControl", 
"0400_clear_info");
 
  238                $cached = $this->
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
 
  242                        if (!$cached[
"granted"])
 
  246                        if ($cached[
"prevent_db_cache"])
 
  250                        return $cached[
"granted"];
 
  253                $ilBench->start(
"AccessControl", 
"0500_lookup_id_and_type");
 
  257                        if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
 
  259                                $a_obj_id = $this->obj_id_cache[$a_ref_id];
 
  264                                $this->obj_id_cache[$a_ref_id] = $a_obj_id;
 
  269                        if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != 
"")
 
  271                                $a_type = $this->obj_type_cache[$a_ref_id];
 
  276                                $this->obj_type_cache[$a_ref_id] = 
$a_type;
 
  280                $ilBench->stop(
"AccessControl", 
"0500_lookup_id_and_type");
 
  284                if ($a_tree_id != 1 &&
 
  285            !$this->
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
 
  301                $act_check = $this->
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
 
  310                $par_check = $this->
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
 
  357                return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
 
  365                return $this->last_result;
 
  375                return $this->results[$a_ref_id];
 
  387                $ilBench->start(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  390                if (is_array($stored_access))
 
  392                        $this->current_info = $stored_access[
"info"];
 
  394                        $ilBench->stop(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  395                        return array(
"hit" => 
true, 
"granted" => $stored_access[
"granted"],
 
  396                                "prevent_db_cache" => $stored_access[
"prevent_db_cache"]);
 
  400                $ilBench->stop(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  401                return array(
"hit" => 
false, 
"granted" => 
false,
 
  402                        "prevent_db_cache" => 
false);
 
  409        function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 
  415                $tree_cache_key = $a_user_id.
':'.$a_ref_id;
 
  416        if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
 
  418                        if (!$this->obj_tree_cache[$tree_cache_key])
 
  422                        $this->
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
 
  424            return $this->obj_tree_cache[$tree_cache_key];
 
  427                $ilBench->start(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  429                if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
 
  435            if (count($this->obj_tree_cache) < 1000) 
 
  437                $this->obj_tree_cache[$tree_cache_key] = 
false;
 
  441                        $this->current_info->addInfoItem(
IL_DELETED, 
$lng->txt(
"object_deleted"));
 
  444                        $ilBench->stop(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  453        if (count($this->obj_tree_cache) < 1000)
 
  455            $this->obj_tree_cache[$tree_cache_key] = 
true;
 
  461                $ilBench->stop(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  473                $ilBench->start(
"AccessControl", 
"2500_checkAccess_rbac_check");
 
  475                if ($a_permission == 
"")
 
  477                                $message = 
sprintf(
'%s::doRBACCheck(): No operations given! $a_ref_id: %s',
 
  484                if (isset($this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id]))
 
  486                        $access = $this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id];
 
  490                        $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, 
$a_type);
 
  491                        if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
 
  493                                if ($a_permission != 
"create")
 
  495                                        $this->stored_rbac_access[$a_user_id.
"-".$a_permission.
"-".$a_ref_id] = $access;
 
  505                if ($a_permission != 
"create")
 
  509                $ilBench->stop(
"AccessControl", 
"2500_checkAccess_rbac_check");
 
  518        function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = 
false)
 
  523        $ilBench->start(
"AccessControl", 
"3100_checkAccess_check_parents_get_path");
 
  531                $path = $tree->getPathId($a_ref_id);
 
  534                $ilBench->stop(
"AccessControl", 
"3100_checkAccess_check_parents_get_path");
 
  536                foreach (
$path as $id)
 
  538                        if ($a_ref_id == $id)
 
  545                        if ($access == 
false)
 
  569                $ilBench->start(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  571                $cache_perm = ($a_permission == 
"visible")
 
  577                if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
 
  579                        $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  580                        return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
 
  584                if($a_permission == 
'write')
 
  586                        $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  591                if($a_user_id == 
$ilUser->getId())
 
  594                        include_once 
'./Services/Container/classes/class.ilMemberViewSettings.php';
 
  596                        if($memview->isActiveForRefId($a_ref_id) &&
 
  597                                $memview->getContainer() == $a_ref_id)
 
  603                include_once 
'Services/Object/classes/class.ilObjectActivation.php';    
 
  607                if($item_data === NULL ||
 
  610                        $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  611                        $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  616                if((time() >= $item_data[
'timing_start']) and
 
  617                   (time() <= $item_data[
'timing_end']))
 
  619                        $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  620                        $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  627                        $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  628                        $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  632                if($a_permission == 
'visible' and $item_data[
'visible'])
 
  634                        $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  635                        $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  639                $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
false;
 
  640                $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  654                        ($a_permission == 
'visible') and 
 
  663                                        foreach ($conditions as $condition)
 
  666                                                        $lng->txt(
"missing_precondition").
": ".
 
  668                                                        $lng->txt(
"condition_".$condition[
"operator"]).
" ".
 
  669                                                        $condition[
"value"], $condition);
 
  673                                $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  678                if (($a_permission == 
"read" or $a_permission == 
'join') &&
 
  681                        $ilBench->start(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  685                                foreach ($conditions as $condition)
 
  688                                                $lng->txt(
"missing_precondition").
": ".
 
  690                                                $lng->txt(
"condition_".$condition[
"operator"]).
" ".
 
  691                                                $condition[
"value"], $condition);
 
  693                                $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  696                        $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  708                global $objDefinition, 
$ilBench, $ilPluginAdmin;
 
  710                $ilBench->start(
"AccessControl", 
"5000_checkAccess_object_check");
 
  713                if ($objDefinition->isPluginTypeName(
$a_type) && !$objDefinition->isPlugin(
$a_type))
 
  722                $class = $objDefinition->getClassName(
$a_type);
 
  724                $full_class = 
"ilObj".$class.
"Access";          
 
  725                include_once(
$location.
"/class.".$full_class.
".php");
 
  728                $full_class = 
new $full_class();
 
  730                $obj_access = call_user_func(array($full_class, 
"_checkAccess"),
 
  731                        $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
 
  732                if (!($obj_access === 
true))
 
  740                        $ilBench->stop(
"AccessControl", 
"5000_checkAccess_object_check");
 
  745                $ilBench->stop(
"AccessControl", 
"5000_checkAccess_object_check");
 
  757                if (!in_array(
$a_type, array(
'sahs',
'htlm'))
 
  758                or  !in_array($a_permission, array(
'read')))
 
  764                        require_once(
"Services/License/classes/class.ilLicenseAccess.php");
 
  793                        $this->current_info->addInfoItem(
IL_NO_LICENSE, 
$lng->txt(
"no_license_available"));
 
  801                $this->results = array();
 
  802                $this->last_result = 
"";
 
  808                $this->$a_str = $a_bool;
 
sprintf('%.4f', $callTime)
An exception for terminatinating execution or to throw for unit testing.
const IL_MISSING_PRECONDITION
const IL_NO_PARENT_ACCESS
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licenses
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activation
getPreventCachingLastResult()
Get prevent caching last result.
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)
getResultLast()
get last info object
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
getInfo()
get last info object
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permission
getResultAll($a_ref_id="")
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deleted
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parents
setPreventCachingLastResult($a_val)
Set prevent caching last result.
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cache
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type