ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilAccessHandler.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4require_once("Services/AccessControl/classes/class.ilAccessInfo.php");
5
21{
22 protected $stored_rbac_access = array();
23
27 function __construct()
28 {
29 global $rbacsystem;
30
31 $this->rbacsystem = $rbacsystem;
32 $this->results = array();
33 $this->current_info = new ilAccessInfo();
34
35 // use function enable to switch on/off tests (only cache is used so far)
36 $this->cache = true;
37 $this->rbac = true;
38 $this->tree = true;
39 $this->condition = true;
40 $this->path = true;
41 $this->status = true;
42 $this->obj_id_cache = array();
43 $this->obj_type_cache = array();
44 $this->obj_tree_cache=array();
45 }
46
57 function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "",$a_info = "")
58 {
59 global $ilUser;
60
61 if ($a_user_id == "")
62 {
63 $a_user_id = $ilUser->getId();
64 }
65
66 if ($a_info == "")
67 {
68 $a_info = $this->current_info;
69 }
70
71 //var_dump("<pre>",$a_permission,"</pre>");
72
73 if ($this->cache)
74 {
75 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76 array("granted" => $a_access_granted, "info" => $a_info,
77 "prevent_db_cache" => $this->getPreventCachingLastResult());
78//echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
79 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81 $this->last_info = $a_info;
82 }
83
84 // get new info object
85 $this->current_info = new ilAccessInfo();
86
87 }
88
95 {
96 $this->prevent_caching_last_result = $a_val;
97 }
98
105 {
106 return $this->prevent_caching_last_result;
107 }
108
121 function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
122 {
123 global $ilUser;
124
125 if ($a_user_id == "")
126 {
127 $a_user_id = $ilUser->getId();
128 }
129
130 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
131 {
132 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
133 }*/
134
135 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
136 {
137 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138 }
139 return false;
140 }
141
142 function storeCache()
143 {
144 global $ilDB, $ilUser;
145
146 $query = "DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),'integer');
147 $res = $ilDB->manipulate($query);
148
149 $ilDB->insert('acc_cache', array(
150 'user_id' => array('integer',$ilUser->getId()),
151 'time' => array('integer',time()),
152 'result' => array('clob',serialize($this->results))
153 ));
154 }
155
156 function readCache($a_secs = 0)
157 {
158 global $ilUser, $ilDB;
159
160 if ($a_secs > 0)
161 {
162 $query = "SELECT * FROM acc_cache WHERE user_id = ".
163 $ilDB->quote($ilUser->getId() ,'integer');
164 $set = $ilDB->query($query);
165 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
166 if ((time() - $rec["time"]) < $a_secs)
167 {
168 $this->results = unserialize($rec["result"]);
169//var_dump($this->results);
170 return true;
171 }
172 }
173 return false;
174 }
175
176 function getResults()
177 {
178 return $this->results;
179 }
180
181 function setResults($a_results)
182 {
183 $this->results = $a_results;
184 }
185
189 function addInfoItem($a_type, $a_text, $a_data = "")
190 {
191 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
192 }
193
206 function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
207 {
208 global $ilUser;
209
210 return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
211 }
212
226 function checkAccessOfUser($a_user_id,$a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
227 {
228 global $ilBench, $lng;
229
230 $this->setPreventCachingLastResult(false); // for external db based caches
231
232 $ilBench->start("AccessControl", "0400_clear_info");
233 $this->current_info->clear();
234 $ilBench->stop("AccessControl", "0400_clear_info");
235
236
237 // get stored result (internal memory based cache)
238 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
239 if ($cached["hit"])
240 {
241 // Store access result
242 if (!$cached["granted"])
243 {
244 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
245 }
246 if ($cached["prevent_db_cache"])
247 {
248 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
249 }
250 return $cached["granted"];
251 }
252
253 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
254 // get object id if not provided
255 if ($a_obj_id == "")
256 {
257 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
258 {
259 $a_obj_id = $this->obj_id_cache[$a_ref_id];
260 }
261 else
262 {
263 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
264 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
265 }
266 }
267 if ($a_type == "")
268 {
269 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "")
270 {
271 $a_type = $this->obj_type_cache[$a_ref_id];
272 }
273 else
274 {
275 $a_type = ilObject::_lookupType($a_ref_id, true);
276 $this->obj_type_cache[$a_ref_id] = $a_type;
277 }
278 }
279
280 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
281
282 // if supplied tree id is not = 1 (= repository main tree),
283 // check if object is in tree and not deleted
284 if ($a_tree_id != 1 &&
285 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
286 {
287 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
288 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
289 return false;
290 }
291
292 // rbac check for current object
293 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
294 {
295 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
296 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
297 return false;
298 }
299
300 // Check object activation
301 $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
302 if(!$act_check)
303 {
304 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
305 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
306 return false;
307 }
308
309 // check read permission for all parents
310 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
311 if (!$par_check)
312 {
313
314 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
315 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
316 return false;
317 }
318
319 // condition check (currently only implemented for read permission)
320 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
321 {
322 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
323 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
324 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
325 return false;
326 }
327
328 // object type specific check
329 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
330 {
331 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
332 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
333 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
334 return false;
335 }
336
337 // check for available licenses
338 if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
339 {
340 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
341 return false;
342 }
343
344 // all checks passed
345 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
346 return true;
347 }
348
352 function getInfo()
353 {
354 //return $this->last_result;
355 //$this->last_info->setQueryData($this->current_result_element);
356 //var_dump("<pre>",$this->results,"</pre>");
357 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
358 }
359
363 function getResultLast()
364 {
365 return $this->last_result;
366 }
367
368 function getResultAll($a_ref_id = "")
369 {
370 if ($a_ref_id == "")
371 {
372 return $this->results;
373 }
374
375 return $this->results[$a_ref_id];
376 }
377
382 function doCacheCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id)
383 {
384 global $ilBench;
385 //echo "cacheCheck<br/>";
386
387 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
388 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
389 //var_dump($stored_access);
390 if (is_array($stored_access))
391 {
392 $this->current_info = $stored_access["info"];
393 //var_dump("cache-treffer:");
394 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
395 return array("hit" => true, "granted" => $stored_access["granted"],
396 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
397 }
398
399 // not in cache
400 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
401 return array("hit" => false, "granted" => false,
402 "prevent_db_cache" => false);
403 }
404
409 function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
410 {
411 global $tree, $lng, $ilBench;
412 //echo "treeCheck<br/>";
413
414 // Get stored result
415 $tree_cache_key = $a_user_id.':'.$a_ref_id;
416 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
417 // Store access result
418 if (!$this->obj_tree_cache[$tree_cache_key])
419 {
420 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
421 }
422 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
423
424 return $this->obj_tree_cache[$tree_cache_key];
425 }
426
427 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
428
429 if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
430 {
431 // Store negative access results
432
433 // Store in tree cache
434 // Note, we only store up to 1000 results to avoid memory overflow.
435 if (count($this->obj_tree_cache) < 1000)
436 {
437 $this->obj_tree_cache[$tree_cache_key] = false;
438 }
439
440 // Store in result cache
441 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
442 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
443
444 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
445
446 return false;
447 }
448
449 // Store positive access result.
450
451 // Store in tree cache
452 // Note, we only store up to 1000 results to avoid memory overflow.
453 if (count($this->obj_tree_cache) < 1000)
454 {
455 $this->obj_tree_cache[$tree_cache_key] = true;
456 }
457
458 // Store in result cache
459 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
460
461 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
462 return true;
463 }
464
469 function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
470 {
471 global $lng, $ilBench, $ilErr, $ilLog;
472
473 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
474
475 if ($a_permission == "")
476 {
477 $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
478 get_class($this),
479 $a_ref_id);
480 $ilLog->write($message,$ilLog->FATAL);
481 $ilErr->raiseError($message,$ilErr->MESSAGE);
482 }
483
484 if (isset($this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id]))
485 {
486 $access = $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id];
487 }
488 else
489 {
490 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
491 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
492 {
493 if ($a_permission != "create")
494 {
495 $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id] = $access;
496 }
497 }
498 }
499
500 // Store in result cache
501 if (!$access)
502 {
503 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
504 }
505 if ($a_permission != "create")
506 {
507 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
508 }
509 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
510
511 return $access;
512 }
513
518 function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
519 {
520 global $tree, $lng, $ilBench,$ilObjDataCache;
521//echo "<br>dopathcheck";
522 //echo "pathCheck<br/>";
523 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
524
525// if (isset($this->stored_path[$a_ref_id]))
526// {
527// $path = $this->stored_path[$a_ref_id];
528// }
529// else
530// {
531 $path = $tree->getPathId($a_ref_id);
532// $this->stored_path[$a_ref_id] = $path;
533// }
534 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
535
536 foreach ($path as $id)
537 {
538 if ($a_ref_id == $id)
539 {
540 continue;
541 }
542
543 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
544
545 if ($access == false)
546 {
547
548 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
549 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
550
551 if ($a_all == false)
552 {
553 return false;
554 }
555 }
556 }
557
558 return true;
559 }
560
565 function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
566 {
567 global $ilBench,$ilUser;
568
569 $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
570
571 $cache_perm = ($a_permission == "visible")
572 ? "visible"
573 : "other";
574
575//echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
576
577 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
578 {
579 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
580 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
581 }
582
583 // nothings needs to be done if current permission is write permission
584 if($a_permission == 'write')
585 {
586 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
587 return true;
588 }
589
590 // #10852 - member view check
591 if($a_user_id == $ilUser->getId())
592 {
593 // #10905 - activate parent container ONLY
594 include_once './Services/Container/classes/class.ilMemberViewSettings.php';
596 if($memview->isActiveForRefId($a_ref_id) &&
597 $memview->getContainer() == $a_ref_id)
598 {
599 return true;
600 }
601 }
602
603 include_once 'Services/Object/classes/class.ilObjectActivation.php';
604 $item_data = ilObjectActivation::getItem($a_ref_id);
605
606 // if activation isn't enabled
607 if($item_data === NULL ||
608 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION)
609 {
610 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
611 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
612 return true;
613 }
614
615 // if within activation time
616 if((time() >= $item_data['timing_start']) and
617 (time() <= $item_data['timing_end']))
618 {
619 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
620 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
621 return true;
622 }
623
624 // if user has write permission
625 if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
626 {
627 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
628 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
629 return true;
630 }
631 // if current permission is visible and visible is set in activation
632 if($a_permission == 'visible' and $item_data['visible'])
633 {
634 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
635 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
636 return true;
637 }
638 // no access
639 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
640 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
641 return false;
642 }
643
648 function doConditionCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
649 {
650 //echo "conditionCheck<br/>";
651 global $lng, $ilBench;
652
653 if(
654 ($a_permission == 'visible') and
655 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
656 )
657 {
659 {
660 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
661 {
662 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
663 foreach ($conditions as $condition)
664 {
665 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
666 $lng->txt("missing_precondition").": ".
667 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
668 $lng->txt("condition_".$condition["operator"])." ".
669 $condition["value"], $condition);
670 }
671 return FALSE;
672 }
673 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
674 }
675 }
676
677
678 if (($a_permission == "read" or $a_permission == 'join') &&
679 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
680 {
681 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
682 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
683 {
684 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
685 foreach ($conditions as $condition)
686 {
687 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
688 $lng->txt("missing_precondition").": ".
689 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
690 $lng->txt("condition_".$condition["operator"])." ".
691 $condition["value"], $condition);
692 }
693 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
694 return false;
695 }
696 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
697 }
698
699 return true;
700 }
701
706 function doStatusCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
707 {
708 global $objDefinition, $ilBench, $ilPluginAdmin;
709 //echo "statusCheck<br/>";
710 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
711
712 // check for a deactivated plugin
713 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
714 {
715 return false;
716 }
717 if(!$a_type)
718 {
719 return false;
720 }
721
722 $class = $objDefinition->getClassName($a_type);
723 $location = $objDefinition->getLocation($a_type);
724 $full_class = "ilObj".$class."Access";
725 include_once($location."/class.".$full_class.".php");
726 // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
727
728 $full_class = new $full_class();
729
730 $obj_access = call_user_func(array($full_class, "_checkAccess"),
731 $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
732 if (!($obj_access === true))
733 {
734 //Note: We must not add an info item here, because one is going
735 // to be added by the user function we just called a few
736 // lines above.
737 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
738
739 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
740 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
741 return false;
742 }
743
744 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
745 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
746 return true;
747 }
748
752 function doLicenseCheck($a_permission, $a_cmd, $a_ref_id,$a_user_id, $a_obj_id, $a_type)
753 {
754 global $lng;
755
756 // simple checks first
757 if (!in_array($a_type, array('sahs','htlm'))
758 or !in_array($a_permission, array('read')))
759 {
760 $has_access = true;
761 }
762 else
763 {
764 require_once("Services/License/classes/class.ilLicenseAccess.php");
765
766 // licensing globally disabled => access granted
768 {
769 $has_access = true;
770 }
771 /* resolved mantis issue #5288:
772 * admins should not automatically have read access!
773 * their read access will also be noted and consume a license
774 elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
775 {
776 $has_access = true;
777 }
778 */
779 // now do the real check
780 else
781 {
782 $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
783 }
784 }
785
786 if ($has_access)
787 {
788 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
789 return true;
790 }
791 else
792 {
793 $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
794 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
795 return false;
796 }
797 }
798
799 function clear()
800 {
801 $this->results = array();
802 $this->last_result = "";
803 $this->current_info = new ilAccessInfo();
804 }
805
806 function enable($a_str,$a_bool)
807 {
808 $this->$a_str = $a_bool;
809 }
810}
sprintf('%.4f', $callTime)
$path
Definition: aliased.php:25
$location
Definition: buildRTE.php:44
An exception for terminatinating execution or to throw for unit testing.
const IL_MISSING_PRECONDITION
const IL_NO_PARENT_ACCESS
const IL_NO_PERMISSION
const IL_NO_LICENSE
const IL_DELETED
Class ilAccessHandler.
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licenses
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activation
getPreventCachingLastResult()
Get prevent caching last result.
enable($a_str, $a_bool)
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)
getResultLast()
get last info object
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
getInfo()
get last info object
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permission
getResultAll($a_ref_id="")
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deleted
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parents
setPreventCachingLastResult($a_val)
Set prevent caching last result.
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cache
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
class ilAccessInfo
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
global $ilBench
Definition: ilias.php:18
global $lng
Definition: privfeed.php:17
global $ilErr
Definition: raiseError.php:16
$results
global $ilDB
$ilUser
Definition: imgupload.php:18
$a_type
Definition: workflow.php:93