ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilAccessHandler.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 require_once("Services/AccessControl/classes/class.ilAccessInfo.php");
5 
20 class ilAccessHandler
21 {
22  protected $stored_rbac_access = array();
23 
27  function __construct()
28  {
29  global $rbacsystem;
30 
31  $this->rbacsystem = $rbacsystem;
32  $this->results = array();
33  $this->current_info = new ilAccessInfo();
34 
35  // use function enable to switch on/off tests (only cache is used so far)
36  $this->cache = true;
37  $this->rbac = true;
38  $this->tree = true;
39  $this->condition = true;
40  $this->path = true;
41  $this->status = true;
42  $this->obj_id_cache = array();
43  $this->obj_type_cache = array();
44  $this->obj_tree_cache=array();
45  }
46 
57  function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "",$a_info = "")
58  {
59  global $ilUser;
60 
61  if ($a_user_id == "")
62  {
63  $a_user_id = $ilUser->getId();
64  }
65 
66  if ($a_info == "")
67  {
68  $a_info = $this->current_info;
69  }
70 
71  //var_dump("<pre>",$a_permission,"</pre>");
72 
73  if ($this->cache)
74  {
75  $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76  array("granted" => $a_access_granted, "info" => $a_info,
77  "prevent_db_cache" => $this->getPreventCachingLastResult());
78 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
79  $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80  $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81  $this->last_info = $a_info;
82  }
83 
84  // get new info object
85  $this->current_info = new ilAccessInfo();
86 
87  }
88 
94  function setPreventCachingLastResult($a_val)
95  {
96  $this->prevent_caching_last_result = $a_val;
97  }
98 
104  function getPreventCachingLastResult()
105  {
106  return $this->prevent_caching_last_result;
107  }
108 
121  function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
122  {
123  global $ilUser;
124 
125  if ($a_user_id == "")
126  {
127  $a_user_id = $ilUser->getId();
128  }
129 
130  /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
131  {
132  $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
133  }*/
134 
135  if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
136  {
137  return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138  }
139  return false;
140  }
141 
142  function storeCache()
143  {
144  global $ilDB, $ilUser;
145 
146  $query = "DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),'integer');
147  $res = $ilDB->manipulate($query);
148 
149  $ilDB->insert('acc_cache', array(
150  'user_id' => array('integer',$ilUser->getId()),
151  'time' => array('integer',time()),
152  'result' => array('clob',serialize($this->results))
153  ));
154  }
155 
156  function readCache($a_secs = 0)
157  {
158  global $ilUser, $ilDB;
159 
160  if ($a_secs > 0)
161  {
162  $query = "SELECT * FROM acc_cache WHERE user_id = ".
163  $ilDB->quote($ilUser->getId() ,'integer');
164  $set = $ilDB->query($query);
165  $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
166  if ((time() - $rec["time"]) < $a_secs)
167  {
168  $this->results = unserialize($rec["result"]);
169 //var_dump($this->results);
170  return true;
171  }
172  }
173  return false;
174  }
175 
176  function getResults()
177  {
178  return $this->results;
179  }
180 
181  function setResults($a_results)
182  {
183  $this->results = $a_results;
184  }
185 
189  function addInfoItem($a_type, $a_text, $a_data = "")
190  {
191  $this->current_info->addInfoItem($a_type, $a_text, $a_data);
192  }
193 
206  function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
207  {
208  global $ilUser;
209 
210  return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
211  }
212 
226  function checkAccessOfUser($a_user_id,$a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
227  {
228  global $ilBench, $lng;
229 
230  $this->setPreventCachingLastResult(false); // for external db based caches
231 
232  $ilBench->start("AccessControl", "0400_clear_info");
233  $this->current_info->clear();
234  $ilBench->stop("AccessControl", "0400_clear_info");
235 
236 
237  // get stored result (internal memory based cache)
238  $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
239  if ($cached["hit"])
240  {
241  // Store access result
242  if (!$cached["granted"])
243  {
244  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
245  }
246  if ($cached["prevent_db_cache"])
247  {
248  $this->setPreventCachingLastResult(true); // should have been saved in previous call already
249  }
250  return $cached["granted"];
251  }
252 
253  $ilBench->start("AccessControl", "0500_lookup_id_and_type");
254  // get object id if not provided
255  if ($a_obj_id == "")
256  {
257  if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
258  {
259  $a_obj_id = $this->obj_id_cache[$a_ref_id];
260  }
261  else
262  {
263  $a_obj_id = ilObject::_lookupObjId($a_ref_id);
264  $this->obj_id_cache[$a_ref_id] = $a_obj_id;
265  }
266  }
267  if ($a_type == "")
268  {
269  if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "")
270  {
271  $a_type = $this->obj_type_cache[$a_ref_id];
272  }
273  else
274  {
275  $a_type = ilObject::_lookupType($a_ref_id, true);
276  $this->obj_type_cache[$a_ref_id] = $a_type;
277  }
278  }
279 
280  $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
281 
282  // if supplied tree id is not = 1 (= repository main tree),
283  // check if object is in tree and not deleted
284  if ($a_tree_id != 1 &&
285  !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
286  {
287  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
288  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
289  return false;
290  }
291 
292  // rbac check for current object
293  if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
294  {
295  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
296  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
297  return false;
298  }
299 
300  // Check object activation
301  $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
302  if(!$act_check)
303  {
304  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
305  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
306  return false;
307  }
308 
309  // check read permission for all parents
310  $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
311  if (!$par_check)
312  {
313 
314  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
315  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
316  return false;
317  }
318 
319  // condition check (currently only implemented for read permission)
320  if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
321  {
322  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
323  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
324  $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
325  return false;
326  }
327 
328  // object type specific check
329  if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
330  {
331  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
332  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
333  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
334  return false;
335  }
336 
337  // check for available licenses
338  if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
339  {
340  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
341  return false;
342  }
343 
344  // all checks passed
345  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
346  return true;
347  }
348 
352  function getInfo()
353  {
354  //return $this->last_result;
355  //$this->last_info->setQueryData($this->current_result_element);
356  //var_dump("<pre>",$this->results,"</pre>");
357  return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
358  }
359 
363  function getResultLast()
364  {
365  return $this->last_result;
366  }
367 
368  function getResultAll($a_ref_id = "")
369  {
370  if ($a_ref_id == "")
371  {
372  return $this->results;
373  }
374 
375  return $this->results[$a_ref_id];
376  }
377 
382  function doCacheCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id)
383  {
384  global $ilBench;
385  //echo "cacheCheck<br/>";
386 
387  $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
388  $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
389  //var_dump($stored_access);
390  if (is_array($stored_access))
391  {
392  $this->current_info = $stored_access["info"];
393  //var_dump("cache-treffer:");
394  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
395  return array("hit" => true, "granted" => $stored_access["granted"],
396  "prevent_db_cache" => $stored_access["prevent_db_cache"]);
397  }
398 
399  // not in cache
400  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
401  return array("hit" => false, "granted" => false,
402  "prevent_db_cache" => false);
403  }
404 
409  function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
410  {
411  global $tree, $lng, $ilBench;
412  //echo "treeCheck<br/>";
413 
414  // Get stored result
415  $tree_cache_key = $a_user_id.':'.$a_ref_id;
416  if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
417  // Store access result
418  if (!$this->obj_tree_cache[$tree_cache_key])
419  {
420  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
421  }
422  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
423 
424  return $this->obj_tree_cache[$tree_cache_key];
425  }
426 
427  $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
428 
429  if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
430  {
431  // Store negative access results
432 
433  // Store in tree cache
434  // Note, we only store up to 1000 results to avoid memory overflow.
435  if (count($this->obj_tree_cache) < 1000)
436  {
437  $this->obj_tree_cache[$tree_cache_key] = false;
438  }
439 
440  // Store in result cache
441  $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
442  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
443 
444  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
445 
446  return false;
447  }
448 
449  // Store positive access result.
450 
451  // Store in tree cache
452  // Note, we only store up to 1000 results to avoid memory overflow.
453  if (count($this->obj_tree_cache) < 1000)
454  {
455  $this->obj_tree_cache[$tree_cache_key] = true;
456  }
457 
458  // Store in result cache
459  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
460 
461  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
462  return true;
463  }
464 
469  function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
470  {
471  global $lng, $ilBench, $ilErr, $ilLog;
472 
473  $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
474 
475  if ($a_permission == "")
476  {
477  $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
478  get_class($this),
479  $a_ref_id);
480  $ilLog->write($message,$ilLog->FATAL);
481  $ilErr->raiseError($message,$ilErr->MESSAGE);
482  }
483 
484  if (isset($this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id]))
485  {
486  $access = $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id];
487  }
488  else
489  {
490  $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
491  if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
492  {
493  if ($a_permission != "create")
494  {
495  $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id] = $access;
496  }
497  }
498  }
499 
500  // Store in result cache
501  if (!$access)
502  {
503  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
504  }
505  if ($a_permission != "create")
506  {
507  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
508  }
509  $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
510 
511  return $access;
512  }
513 
518  function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
519  {
520  global $tree, $lng, $ilBench,$ilObjDataCache;
521 //echo "<br>dopathcheck";
522  //echo "pathCheck<br/>";
523  $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
524 
525 // if (isset($this->stored_path[$a_ref_id]))
526 // {
527 // $path = $this->stored_path[$a_ref_id];
528 // }
529 // else
530 // {
531  $path = $tree->getPathId($a_ref_id);
532 // $this->stored_path[$a_ref_id] = $path;
533 // }
534  $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
535 
536  foreach ($path as $id)
537  {
538  if ($a_ref_id == $id)
539  {
540  continue;
541  }
542 
543  $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
544 
545  if ($access == false)
546  {
547 
548  //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
549  $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
550 
551  if ($a_all == false)
552  {
553  return false;
554  }
555  }
556  }
557 
558  return true;
559  }
560 
565  function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
566  {
567  global $ilBench,$ilUser;
568 
569  $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
570 
571  $cache_perm = ($a_permission == "visible")
572  ? "visible"
573  : "other";
574 
575 //echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
576 
577  if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
578  {
579  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
580  return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
581  }
582 
583  // nothings needs to be done if current permission is write permission
584  if($a_permission == 'write')
585  {
586  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
587  return true;
588  }
589 
590  // #10852 - member view check
591  if($a_user_id == $ilUser->getId())
592  {
593  // #10905 - activate parent container ONLY
594  include_once './Services/Container/classes/class.ilMemberViewSettings.php';
595  $memview = ilMemberViewSettings::getInstance();
596  if($memview->isActiveForRefId($a_ref_id) &&
597  $memview->getContainer() == $a_ref_id)
598  {
599  return true;
600  }
601  }
602 
603  include_once 'Services/Object/classes/class.ilObjectActivation.php';
604  $item_data = ilObjectActivation::getItem($a_ref_id);
605 
606  // if activation isn't enabled
607  if($item_data === NULL ||
608  $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION)
609  {
610  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
611  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
612  return true;
613  }
614 
615  // if within activation time
616  if((time() >= $item_data['timing_start']) and
617  (time() <= $item_data['timing_end']))
618  {
619  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
620  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
621  return true;
622  }
623 
624  // if user has write permission
625  if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
626  {
627  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
628  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
629  return true;
630  }
631  // if current permission is visible and visible is set in activation
632  if($a_permission == 'visible' and $item_data['visible'])
633  {
634  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
635  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
636  return true;
637  }
638  // no access
639  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
640  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
641  return false;
642  }
643 
648  function doConditionCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
649  {
650  //echo "conditionCheck<br/>";
651  global $lng, $ilBench;
652 
653  if(
654  ($a_permission == 'visible') and
655  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
656  )
657  {
658  if(ilConditionHandler::lookupHiddenStatusByTarget($a_ref_id))
659  {
660  if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
661  {
662  $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
663  foreach ($conditions as $condition)
664  {
665  $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
666  $lng->txt("missing_precondition").": ".
667  ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
668  $lng->txt("condition_".$condition["operator"])." ".
669  $condition["value"], $condition);
670  }
671  return FALSE;
672  }
673  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
674  }
675  }
676 
677 
678  if (($a_permission == "read" or $a_permission == 'join') &&
679  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
680  {
681  $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
682  if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
683  {
684  $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
685  foreach ($conditions as $condition)
686  {
687  $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
688  $lng->txt("missing_precondition").": ".
689  ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
690  $lng->txt("condition_".$condition["operator"])." ".
691  $condition["value"], $condition);
692  }
693  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
694  return false;
695  }
696  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
697  }
698 
699  return true;
700  }
701 
706  function doStatusCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
707  {
708  global $objDefinition, $ilBench, $ilPluginAdmin;
709  //echo "statusCheck<br/>";
710  $ilBench->start("AccessControl", "5000_checkAccess_object_check");
711 
712  // check for a deactivated plugin
713  if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
714  {
715  return false;
716  }
717  if(!$a_type)
718  {
719  return false;
720  }
721 
722  $class = $objDefinition->getClassName($a_type);
723  $location = $objDefinition->getLocation($a_type);
724  $full_class = "ilObj".$class."Access";
725  include_once($location."/class.".$full_class.".php");
726  // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
727 
728  $full_class = new $full_class();
729 
730  $obj_access = call_user_func(array($full_class, "_checkAccess"),
731  $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
732  if (!($obj_access === true))
733  {
734  //Note: We must not add an info item here, because one is going
735  // to be added by the user function we just called a few
736  // lines above.
737  //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
738 
739  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
740  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
741  return false;
742  }
743 
744  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
745  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
746  return true;
747  }
748 
752  function doLicenseCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
753  {
754  global $lng;
755 
756  // simple checks first
757  if (!in_array($a_type, array('sahs','htlm'))
758  or !in_array($a_permission, array('read')))
759  {
760  $has_access = true;
761  }
762  else
763  {
764  require_once("Services/License/classes/class.ilLicenseAccess.php");
765 
766  // licensing globally disabled => access granted
767  if (!ilLicenseAccess::_isEnabled())
768  {
769  $has_access = true;
770  }
771  /* resolved mantis issue #5288:
772  * admins should not automatically have read access!
773  * their read access will also be noted and consume a license
774  elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
775  {
776  $has_access = true;
777  }
778  */
779  // now do the real check
780  else
781  {
782  $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
783  }
784  }
785 
786  if ($has_access)
787  {
788  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
789  return true;
790  }
791  else
792  {
793  $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
794  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
795  return false;
796  }
797  }
798 
799  function clear()
800  {
801  $this->results = array();
802  $this->last_result = "";
803  $this->current_info = new ilAccessInfo();
804  }
805 
806  function enable($a_str,$a_bool)
807  {
808  $this->$a_str = $a_bool;
809  }
810 }
$ilErr
global $ilErr
Definition: raiseError.php:16
ilAccessHandler\addInfoItem
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
Definition: class.ilAccessHandler.php:189
$path
$path
Definition: aliased.php:25
ilConditionHandler\_getConditionsOfTarget
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
Definition: class.ilConditionHandler.php:715
IL_NO_LICENSE
const IL_NO_LICENSE
Definition: class.ilAccessInfo.php:30
$location
$location
Definition: buildRTE.php:44
ilConditionHandler\lookupHiddenStatusByTarget
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status type $ilDB.
Definition: class.ilConditionHandler.php:141
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
ilAccessHandler\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.
Definition: class.ilAccessHandler.php:94
ilLicenseAccess\_isEnabled
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
Definition: class.ilLicenseAccess.php:20
ilObjectActivation\getItem
static getItem($a_ref_id)
Get item data.
Definition: class.ilObjectActivation.php:310
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
ilAccessHandler\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)
Definition: class.ilAccessHandler.php:648
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
ilAccessHandler\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
Definition: class.ilAccessHandler.php:57
ilAccessHandler\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.
Definition: class.ilAccessHandler.php:104
ilAccessHandler\__construct
__construct()
constructor
Definition: class.ilAccessHandler.php:27
ilAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccessHandler.php:206
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28
$a_type
$a_type
Definition: workflow.php:93
ilAccessHandler\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccessHandler.php:226
ilAccessHandler\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cache
Definition: class.ilAccessHandler.php:382
ilAccessHandler\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parents
Definition: class.ilAccessHandler.php:518
ilAccessHandler\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
Definition: class.ilAccessHandler.php:706
ilAccessHandler\getInfo
getInfo()
get last info object
Definition: class.ilAccessHandler.php:352
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1021
$ilUser
$ilUser
Definition: imgupload.php:18
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:988
$results
$results
Definition: save_question_post_data.php:7
ilAccessHandler\getResultLast
getResultLast()
get last info object
Definition: class.ilAccessHandler.php:363
$ilLog
$ilLog
Definition: inc.setup_header.php:130
ilAccessHandler\enable
enable($a_str, $a_bool)
Definition: class.ilAccessHandler.php:806
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1176
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
ilLicenseAccess\_checkAccess
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
Definition: class.ilLicenseAccess.php:52
ilAccessHandler\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deleted
Definition: class.ilAccessHandler.php:409
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
ilMemberViewSettings\getInstance
static getInstance()
Get instance.
Definition: class.ilMemberViewSettings.php:53
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilAccessHandler\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permission
Definition: class.ilAccessHandler.php:469
ilAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activation
Definition: class.ilAccessHandler.php:565
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
ilAccessHandler\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result
Definition: class.ilAccessHandler.php:121
ilAccessHandler\doLicenseCheck
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licenses
Definition: class.ilAccessHandler.php:752
ilAccessHandler
Class ilAccessHandler.
Definition: class.ilAccessHandler.php:20
ilAccessHandler\getResultAll
getResultAll($a_ref_id="")
Definition: class.ilAccessHandler.php:368