ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilWorkspaceAccessHandler.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 include_once "Modules/Group/classes/class.ilGroupParticipants.php";
6 include_once "Modules/Course/classes/class.ilCourseParticipants.php";
7 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
8 
17 class ilWorkspaceAccessHandler
18 {
19  protected $tree; // [ilTree]
20 
21  public function __construct(ilTree $a_tree = null)
22  {
23  global $ilUser, $lng;
24 
25  $lng->loadLanguageModule("wsp");
26 
27  if(!$a_tree)
28  {
29  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceTree.php";
30  $a_tree = new ilWorkspaceTree($ilUser->getId());
31  }
32  $this->tree = $a_tree;
33  }
34 
40  public function getTree()
41  {
42  return $this->tree;
43  }
44 
54  public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
55  {
56  global $ilUser;
57 
58  return $this->checkAccessOfUser($this->tree, $ilUser->getId(),$a_permission, $a_cmd, $a_node_id, $a_type);
59  }
60 
72  public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
73  {
74  global $rbacreview, $ilUser, $ilSetting;
75 
76  // :TODO: create permission for parent node with type ?!
77 
78  // #20310
79  if(!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID)
80  {
81  return false;
82  }
83 
84  // tree root is read-only
85  if($a_permission == "write")
86  {
87  if($a_tree->readRootId() == $a_node_id)
88  {
89  return false;
90  }
91  }
92 
93  // node owner has all rights
94  if($a_tree->lookupOwner($a_node_id) == $a_user_id)
95  {
96  return true;
97  }
98 
99  // other users can only read
100  if($a_permission == "read" || $a_permission == "visible")
101  {
102  // get all objects with explicit permission
103  $objects = $this->getPermissions($a_node_id);
104  if($objects)
105  {
106  // check if given user is member of object or has role
107  foreach($objects as $obj_id)
108  {
109  switch($obj_id)
110  {
111  case ilWorkspaceAccessGUI::PERMISSION_ALL:
112  return true;
113 
114  case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD:
115  // check against input kept in session
116  if(self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
117  $a_permission == "visible")
118  {
119  return true;
120  }
121  break;
122 
123  case ilWorkspaceAccessGUI::PERMISSION_REGISTERED:
124  if($ilUser->getId() != ANONYMOUS_USER_ID)
125  {
126  return true;
127  }
128  break;
129 
130  default:
131  switch(ilObject::_lookupType($obj_id))
132  {
133  case "grp":
134  // member of group?
135  if(ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
136  {
137  return true;
138  }
139  break;
140 
141  case "crs":
142  // member of course?
143  if(ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
144  {
145  return true;
146  }
147  break;
148 
149  case "role":
150  // has role?
151  if($rbacreview->isAssigned($a_user_id, $obj_id))
152  {
153  return true;
154  }
155  break;
156 
157  case "usr":
158  // direct assignment
159  if($a_user_id == $obj_id)
160  {
161  return true;
162  }
163  break;
164  }
165  break;
166  }
167  }
168  }
169  }
170 
171  return false;
172  }
173 
180  public function setPermissions($a_parent_node_id, $a_node_id)
181  {
182  // nothing to do as owner has irrefutable rights to any workspace object
183  }
184 
193  public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
194  {
195  global $ilDB, $ilUser;
196 
197  // tree owner must not be added
198  if($this->tree->getTreeId() == $ilUser->getId() &&
199  $a_object_id == $ilUser->getId())
200  {
201  return false;
202  }
203 
204  $ilDB->manipulate("INSERT INTO acl_ws (node_id, object_id, extended_data, tstamp)".
205  " VALUES (".$ilDB->quote($a_node_id, "integer").", ".
206  $ilDB->quote($a_object_id, "integer").",".
207  $ilDB->quote($a_extended_data, "text").",".
208  $ilDB->quote(time(), "integer").")");
209  return true;
210  }
211 
218  public function removePermission($a_node_id, $a_object_id = null)
219  {
220  global $ilDB;
221 
222  $query = "DELETE FROM acl_ws".
223  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer");
224 
225  if($a_object_id)
226  {
227  $query .= " AND object_id = ".$ilDB->quote($a_object_id, "integer");
228  }
229 
230  return $ilDB->manipulate($query);
231  }
232 
239  public function getPermissions($a_node_id)
240  {
241  return self::_getPermissions($a_node_id);
242  }
243 
250  public static function _getPermissions($a_node_id)
251  {
252  global $ilDB, $ilSetting;
253 
254  $publish_enabled = $ilSetting->get("enable_global_profiles");
255  $publish_perm = array(ilWorkspaceAccessGUI::PERMISSION_ALL,
256  ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
257 
258  $set = $ilDB->query("SELECT object_id FROM acl_ws".
259  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer"));
260  $res = array();
261  while($row = $ilDB->fetchAssoc($set))
262  {
263  if($publish_enabled || !in_array($row["object_id"], $publish_perm))
264  {
265  $res[] = $row["object_id"];
266  }
267  }
268  return $res;
269  }
270 
271  public function hasRegisteredPermission($a_node_id)
272  {
273  global $ilDB;
274 
275  $set = $ilDB->query("SELECT object_id FROM acl_ws".
276  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
277  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
278  return (bool)$ilDB->numRows($set);
279  }
280 
281  public function hasGlobalPermission($a_node_id)
282  {
283  global $ilDB, $ilSetting;
284 
285  if(!$ilSetting->get("enable_global_profiles"))
286  {
287  return false;
288  }
289 
290  $set = $ilDB->query("SELECT object_id FROM acl_ws".
291  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
292  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
293  return (bool)$ilDB->numRows($set);
294  }
295 
296  public function hasGlobalPasswordPermission($a_node_id)
297  {
298  global $ilDB, $ilSetting;
299 
300  if(!$ilSetting->get("enable_global_profiles"))
301  {
302  return false;
303  }
304 
305  $set = $ilDB->query("SELECT object_id FROM acl_ws".
306  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
307  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
308  return (bool)$ilDB->numRows($set);
309  }
310 
311  public static function getPossibleSharedTargets()
312  {
313  global $ilUser, $ilSetting;
314 
315  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
316  include_once "Services/Membership/classes/class.ilParticipants.php";
317  $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
318  $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
319 
320  $obj_ids = array_merge($grp_ids, $crs_ids);
321  $obj_ids[] = $ilUser->getId();
322  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_REGISTERED;
323 
324  if($ilSetting->get("enable_global_profiles"))
325  {
326  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL;
327  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD;
328  }
329 
330  return $obj_ids;
331  }
332 
333  public function getSharedOwners()
334  {
335  global $ilUser, $ilDB;
336 
337  $obj_ids = $this->getPossibleSharedTargets();
338 
339  $user_ids = array();
340  $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title".
341  " FROM object_data obj".
342  " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
343  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
344  " JOIN acl_ws acl ON (acl.node_id = tree.child)".
345  " JOIN usr_data u on (u.usr_id = obj.owner)".
346  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
347  " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
348  " ORDER BY u.lastname, u.firstname, u.title");
349  while ($row = $ilDB->fetchAssoc($set))
350  {
351  $user_ids[$row["owner"]] = $row["lastname"].", ".$row["firstname"];
352  if($row["title"])
353  {
354  $user_ids[$row["owner"]] .= ", ".$row["title"];
355  }
356  }
357 
358  return $user_ids;
359  }
360 
361  public function getSharedObjects($a_owner_id)
362  {
363  global $ilDB;
364 
365  $obj_ids = $this->getPossibleSharedTargets();
366 
367  $res = array();
368  $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id".
369  " FROM object_data obj".
370  " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
371  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
372  " JOIN acl_ws acl ON (acl.node_id = tree.child)".
373  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
374  " AND obj.owner = ".$ilDB->quote($a_owner_id, "integer"));
375  while ($row = $ilDB->fetchAssoc($set))
376  {
377  $res[$row["wsp_id"]] = $row["obj_id"];
378  }
379 
380  return $res;
381  }
382 
383  public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
384  {
385  global $ilDB, $ilUser;
386 
387  if(!$a_filter["acl_type"])
388  {
389  $obj_ids = $this->getPossibleSharedTargets();
390  }
391  else
392  {
393  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
394 
395  switch($a_filter["acl_type"])
396  {
397  case "all":
398  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
399  break;
400 
401  case "password":
402  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
403  break;
404 
405  case "registered":
406  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_REGISTERED);
407  break;
408 
409  case "course":
410  $obj_ids = $a_crs_ids;
411  break;
412 
413  case "group":
414  $obj_ids = $a_grp_ids;
415  break;
416 
417  case "user":
418  $obj_ids = array($ilUser->getId());
419  break;
420  }
421  }
422 
423  $res = array();
424 
425  $sql = "SELECT ref.wsp_id,obj.obj_id,obj.type,obj.title,obj.owner,".
426  "acl.object_id acl_type, acl.tstamp acl_date".
427  " FROM object_data obj".
428  " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
429  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
430  " JOIN acl_ws acl ON (acl.node_id = tree.child)".
431  " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
432  " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer");
433 
434  if($a_filter["obj_type"])
435  {
436  $sql .= " AND obj.type = ".$ilDB->quote($a_filter["obj_type"], "text");
437  }
438  if($a_filter["title"] && strlen($a_filter["title"]) >= 3)
439  {
440  $sql .= " AND ".$ilDB->like("obj.title", "text", "%".$a_filter["title"]."%");
441  }
442  if($a_filter["user"] && strlen($a_filter["user"]) >= 3)
443  {
444  $usr_ids = array();
445  $set = $ilDB->query("SELECT usr_id FROM usr_data".
446  " WHERE (".$ilDB->like("login", "text", "%".$a_filter["user"]."%")." ".
447  "OR ".$ilDB->like("firstname", "text", "%".$a_filter["user"]."%")." ".
448  "OR ".$ilDB->like("lastname", "text", "%".$a_filter["user"]."%")." ".
449  "OR ".$ilDB->like("email", "text", "%".$a_filter["user"]."%").")");
450  while($row = $ilDB->fetchAssoc($set))
451  {
452  $usr_ids[] = $row["usr_id"];
453  }
454  if(!sizeof($usr_ids))
455  {
456  return;
457  }
458  $sql .= " AND ".$ilDB->in("obj.owner", $usr_ids, "", "integer");
459  }
460 
461  if($a_filter["acl_date"])
462  {
463  $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
464  $dt = new ilDateTime($dt." 00:00:00", IL_CAL_DATETIME);
465  $sql .= " AND acl.tstamp > ".$ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
466  }
467 
468  if($a_filter["crsgrp"])
469  {
470  include_once "Services/Membership/classes/class.ilParticipants.php";
471  $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
472  $part = $part->getParticipants();
473  if(!sizeof($part))
474  {
475  return;
476  }
477  $sql .= " AND ".$ilDB->in("obj.owner", $part, "", "integer");
478  }
479 
480  // we use the oldest share date
481  $sql .= " ORDER BY acl.tstamp";
482 
483  $set = $ilDB->query($sql);
484  while ($row = $ilDB->fetchAssoc($set))
485  {
486  if(!isset($res[$row["wsp_id"]]))
487  {
488  $row["acl_type"] = array($row["acl_type"]);
489  $res[$row["wsp_id"]] = $row;
490  }
491  else
492  {
493  $res[$row["wsp_id"]]["acl_type"][] = $row["acl_type"];
494  }
495  }
496 
497  return $res;
498  }
499 
500  public static function getSharedNodePassword($a_node_id)
501  {
502  global $ilDB;
503 
504  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
505 
506  $set = $ilDB->query("SELECT * FROM acl_ws".
507  " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
508  " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
509  $res = $ilDB->fetchAssoc($set);
510  if($res)
511  {
512  return $res["extended_data"];
513  }
514  }
515 
516  public static function keepSharedSessionPassword($a_node_id, $a_password)
517  {
518  $_SESSION["ilshpw_".$a_node_id] = $a_password;
519  }
520 
521  public static function getSharedSessionPassword($a_node_id)
522  {
523  return $_SESSION["ilshpw_".$a_node_id];
524  }
525 
526  public static function getGotoLink($a_node_id, $a_obj_id, $a_additional = null)
527  {
528  include_once('./Services/Link/classes/class.ilLink.php');
529  return ilLink::_getStaticLink($a_node_id, ilObject::_lookupType($a_obj_id), true, $a_additional."_wsp");
530  }
531 
532  public function getObjectsIShare()
533  {
534  global $ilDB, $ilUser;
535 
536  $res = array();
537  $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id".
538  " FROM object_data obj".
539  " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
540  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
541  " JOIN acl_ws acl ON (acl.node_id = tree.child)".
542  " WHERE obj.owner = ".$ilDB->quote($ilUser->getId(), "integer"));
543  while ($row = $ilDB->fetchAssoc($set))
544  {
545  $res[$row["wsp_id"]] = $row["obj_id"];
546  }
547 
548  return $res;
549  }
550 
551  public static function getObjectDataFromNode($a_node_id)
552  {
553  global $ilDB;
554 
555  $set = $ilDB->query("SELECT obj.obj_id, obj.type, obj.title".
556  " FROM object_reference_ws ref".
557  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
558  " JOIN object_data obj ON (ref.obj_id = obj.obj_id)".
559  " WHERE ref.wsp_id = ".$ilDB->quote($a_node_id, "integer"));
560  return $ilDB->fetchAssoc($set);
561  }
562 }
563 
564 ?>
IL_CAL_DATETIME
const IL_CAL_DATETIME
Definition: class.ilDateTime.php:9
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilParticipants\_getMembershipByType
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Definition: class.ilParticipants.php:165
ilCourseParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilCourseParticipants.php:77
ilWorkspaceAccessHandler
Access handler for personal workspace.
Definition: class.ilWorkspaceAccessHandler.php:17
ilWorkspaceAccessHandler\removePermission
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Definition: class.ilWorkspaceAccessHandler.php:218
IL_CAL_UNIX
const IL_CAL_UNIX
Definition: class.ilDateTime.php:11
ilWorkspaceTree
Tree handler for personal workspace.
Definition: class.ilWorkspaceTree.php:13
ilWorkspaceAccessHandler\getPermissions
getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:239
$a_type
$a_type
Definition: workflow.php:93
ilWorkspaceAccessHandler\findSharedObjects
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
Definition: class.ilWorkspaceAccessHandler.php:383
ilWorkspaceAccessHandler\getGotoLink
static getGotoLink($a_node_id, $a_obj_id, $a_additional=null)
Definition: class.ilWorkspaceAccessHandler.php:526
ilDateTime
Date and time handling
Definition: class.ilDateTime.php:32
$ilUser
$ilUser
Definition: imgupload.php:18
ilTree
Tree class data representation in hierachical trees using the Nested Set Model with Gaps by Joe Celco...
Definition: class.ilTree.php:24
ilWorkspaceAccessHandler\setPermissions
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
Definition: class.ilWorkspaceAccessHandler.php:180
ilGroupParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilGroupParticipants.php:63
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1176
ilWorkspaceAccessHandler\keepSharedSessionPassword
static keepSharedSessionPassword($a_node_id, $a_password)
Definition: class.ilWorkspaceAccessHandler.php:516
IL_CAL_DATE
const IL_CAL_DATE
Definition: class.ilDateTime.php:10
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilWorkspaceAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:54
$lng
global $lng
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilWorkspaceAccessHandler\_getPermissions
static _getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:250
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
ilWorkspaceAccessHandler\checkAccessOfUser
checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:72
ilWorkspaceAccessHandler\addPermission
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
Definition: class.ilWorkspaceAccessHandler.php:193
ilParticipants\getInstanceByObjId
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
Definition: class.ilParticipants.php:81
ilTree\readRootId
readRootId()
read root id from database
Definition: class.ilTree.php:2211