ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilWorkspaceAccessHandler.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once "Modules/Group/classes/class.ilGroupParticipants.php";
6include_once "Modules/Course/classes/class.ilCourseParticipants.php";
7include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
8
17class ilWorkspaceAccessHandler
18{
19 protected $tree; // [ilTree]
20
21 public function __construct(ilTree $a_tree = null)
22 {
23 global $ilUser, $lng;
24
25 $lng->loadLanguageModule("wsp");
26
27 if(!$a_tree)
28 {
29 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceTree.php";
30 $a_tree = new ilWorkspaceTree($ilUser->getId());
31 }
32 $this->tree = $a_tree;
33 }
34
40 public function getTree()
41 {
42 return $this->tree;
43 }
44
54 public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
55 {
56 global $ilUser;
57
58 return $this->checkAccessOfUser($this->tree, $ilUser->getId(),$a_permission, $a_cmd, $a_node_id, $a_type);
59 }
60
72 public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
73 {
74 global $rbacreview, $ilUser, $ilSetting;
75
76 // :TODO: create permission for parent node with type ?!
77
78 // #20310
79 if(!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID)
80 {
81 return false;
82 }
83
84 // tree root is read-only
85 if($a_permission == "write")
86 {
87 if($a_tree->readRootId() == $a_node_id)
88 {
89 return false;
90 }
91 }
92
93 // node owner has all rights
94 if($a_tree->lookupOwner($a_node_id) == $a_user_id)
95 {
96 return true;
97 }
98
99 // other users can only read
100 if($a_permission == "read" || $a_permission == "visible")
101 {
102 // get all objects with explicit permission
103 $objects = $this->getPermissions($a_node_id);
104 if($objects)
105 {
106 // check if given user is member of object or has role
107 foreach($objects as $obj_id)
108 {
109 switch($obj_id)
110 {
111 case ilWorkspaceAccessGUI::PERMISSION_ALL:
112 return true;
113
114 case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD:
115 // check against input kept in session
116 if(self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
117 $a_permission == "visible")
118 {
119 return true;
120 }
121 break;
122
123 case ilWorkspaceAccessGUI::PERMISSION_REGISTERED:
124 if($ilUser->getId() != ANONYMOUS_USER_ID)
125 {
126 return true;
127 }
128 break;
129
130 default:
131 switch(ilObject::_lookupType($obj_id))
132 {
133 case "grp":
134 // member of group?
135 if(ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
136 {
137 return true;
138 }
139 break;
140
141 case "crs":
142 // member of course?
143 if(ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id))
144 {
145 return true;
146 }
147 break;
148
149 case "role":
150 // has role?
151 if($rbacreview->isAssigned($a_user_id, $obj_id))
152 {
153 return true;
154 }
155 break;
156
157 case "usr":
158 // direct assignment
159 if($a_user_id == $obj_id)
160 {
161 return true;
162 }
163 break;
164 }
165 break;
166 }
167 }
168 }
169 }
170
171 return false;
172 }
173
180 public function setPermissions($a_parent_node_id, $a_node_id)
181 {
182 // nothing to do as owner has irrefutable rights to any workspace object
183 }
184
193 public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
194 {
195 global $ilDB, $ilUser;
196
197 // tree owner must not be added
198 if($this->tree->getTreeId() == $ilUser->getId() &&
199 $a_object_id == $ilUser->getId())
200 {
201 return false;
202 }
203
204 $ilDB->manipulate("INSERT INTO acl_ws (node_id, object_id, extended_data, tstamp)".
205 " VALUES (".$ilDB->quote($a_node_id, "integer").", ".
206 $ilDB->quote($a_object_id, "integer").",".
207 $ilDB->quote($a_extended_data, "text").",".
208 $ilDB->quote(time(), "integer").")");
209 return true;
210 }
211
218 public function removePermission($a_node_id, $a_object_id = null)
219 {
220 global $ilDB;
221
222 $query = "DELETE FROM acl_ws".
223 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer");
224
225 if($a_object_id)
226 {
227 $query .= " AND object_id = ".$ilDB->quote($a_object_id, "integer");
228 }
229
230 return $ilDB->manipulate($query);
231 }
232
239 public function getPermissions($a_node_id)
240 {
241 return self::_getPermissions($a_node_id);
242 }
243
250 public static function _getPermissions($a_node_id)
251 {
252 global $ilDB, $ilSetting;
253
254 $publish_enabled = $ilSetting->get("enable_global_profiles");
255 $publish_perm = array(ilWorkspaceAccessGUI::PERMISSION_ALL,
256 ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
257
258 $set = $ilDB->query("SELECT object_id FROM acl_ws".
259 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer"));
260 $res = array();
261 while($row = $ilDB->fetchAssoc($set))
262 {
263 if($publish_enabled || !in_array($row["object_id"], $publish_perm))
264 {
265 $res[] = $row["object_id"];
266 }
267 }
268 return $res;
269 }
270
271 public function hasRegisteredPermission($a_node_id)
272 {
273 global $ilDB;
274
275 $set = $ilDB->query("SELECT object_id FROM acl_ws".
276 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
277 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
278 return (bool)$ilDB->numRows($set);
279 }
280
281 public function hasGlobalPermission($a_node_id)
282 {
283 global $ilDB, $ilSetting;
284
285 if(!$ilSetting->get("enable_global_profiles"))
286 {
287 return false;
288 }
289
290 $set = $ilDB->query("SELECT object_id FROM acl_ws".
291 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
292 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
293 return (bool)$ilDB->numRows($set);
294 }
295
296 public function hasGlobalPasswordPermission($a_node_id)
297 {
298 global $ilDB, $ilSetting;
299
300 if(!$ilSetting->get("enable_global_profiles"))
301 {
302 return false;
303 }
304
305 $set = $ilDB->query("SELECT object_id FROM acl_ws".
306 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
307 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
308 return (bool)$ilDB->numRows($set);
309 }
310
311 public static function getPossibleSharedTargets()
312 {
313 global $ilUser, $ilSetting;
314
315 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
316 include_once "Services/Membership/classes/class.ilParticipants.php";
317 $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
318 $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
319
320 $obj_ids = array_merge($grp_ids, $crs_ids);
321 $obj_ids[] = $ilUser->getId();
322 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_REGISTERED;
323
324 if($ilSetting->get("enable_global_profiles"))
325 {
326 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL;
327 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD;
328 }
329
330 return $obj_ids;
331 }
332
333 public function getSharedOwners()
334 {
335 global $ilUser, $ilDB;
336
337 $obj_ids = $this->getPossibleSharedTargets();
338
339 $user_ids = array();
340 $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title".
341 " FROM object_data obj".
342 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
343 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
344 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
345 " JOIN usr_data u on (u.usr_id = obj.owner)".
346 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
347 " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer").
348 " ORDER BY u.lastname, u.firstname, u.title");
349 while ($row = $ilDB->fetchAssoc($set))
350 {
351 $user_ids[$row["owner"]] = $row["lastname"].", ".$row["firstname"];
352 if($row["title"])
353 {
354 $user_ids[$row["owner"]] .= ", ".$row["title"];
355 }
356 }
357
358 return $user_ids;
359 }
360
361 public function getSharedObjects($a_owner_id)
362 {
363 global $ilDB;
364
365 $obj_ids = $this->getPossibleSharedTargets();
366
367 $res = array();
368 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id".
369 " FROM object_data obj".
370 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
371 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
372 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
373 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
374 " AND obj.owner = ".$ilDB->quote($a_owner_id, "integer"));
375 while ($row = $ilDB->fetchAssoc($set))
376 {
377 $res[$row["wsp_id"]] = $row["obj_id"];
378 }
379
380 return $res;
381 }
382
383 public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
384 {
385 global $ilDB, $ilUser;
386
387 if(!$a_filter["acl_type"])
388 {
389 $obj_ids = $this->getPossibleSharedTargets();
390 }
391 else
392 {
393 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
394
395 switch($a_filter["acl_type"])
396 {
397 case "all":
398 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
399 break;
400
401 case "password":
402 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
403 break;
404
405 case "registered":
406 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_REGISTERED);
407 break;
408
409 case "course":
410 $obj_ids = $a_crs_ids;
411 break;
412
413 case "group":
414 $obj_ids = $a_grp_ids;
415 break;
416
417 case "user":
418 $obj_ids = array($ilUser->getId());
419 break;
420 }
421 }
422
423 $res = array();
424
425 $sql = "SELECT ref.wsp_id,obj.obj_id,obj.type,obj.title,obj.owner,".
426 "acl.object_id acl_type, acl.tstamp acl_date".
427 " FROM object_data obj".
428 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
429 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
430 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
431 " WHERE ".$ilDB->in("acl.object_id", $obj_ids, "", "integer").
432 " AND obj.owner <> ".$ilDB->quote($ilUser->getId(), "integer");
433
434 if($a_filter["obj_type"])
435 {
436 $sql .= " AND obj.type = ".$ilDB->quote($a_filter["obj_type"], "text");
437 }
438 if($a_filter["title"] && strlen($a_filter["title"]) >= 3)
439 {
440 $sql .= " AND ".$ilDB->like("obj.title", "text", "%".$a_filter["title"]."%");
441 }
442 if($a_filter["user"] && strlen($a_filter["user"]) >= 3)
443 {
444 $usr_ids = array();
445 $set = $ilDB->query("SELECT usr_id FROM usr_data".
446 " WHERE (".$ilDB->like("login", "text", "%".$a_filter["user"]."%")." ".
447 "OR ".$ilDB->like("firstname", "text", "%".$a_filter["user"]."%")." ".
448 "OR ".$ilDB->like("lastname", "text", "%".$a_filter["user"]."%")." ".
449 "OR ".$ilDB->like("email", "text", "%".$a_filter["user"]."%").")");
450 while($row = $ilDB->fetchAssoc($set))
451 {
452 $usr_ids[] = $row["usr_id"];
453 }
454 if(!sizeof($usr_ids))
455 {
456 return;
457 }
458 $sql .= " AND ".$ilDB->in("obj.owner", $usr_ids, "", "integer");
459 }
460
461 if($a_filter["acl_date"])
462 {
463 $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
464 $dt = new ilDateTime($dt." 00:00:00", IL_CAL_DATETIME);
465 $sql .= " AND acl.tstamp > ".$ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
466 }
467
468 if($a_filter["crsgrp"])
469 {
470 include_once "Services/Membership/classes/class.ilParticipants.php";
471 $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
472 $part = $part->getParticipants();
473 if(!sizeof($part))
474 {
475 return;
476 }
477 $sql .= " AND ".$ilDB->in("obj.owner", $part, "", "integer");
478 }
479
480 // we use the oldest share date
481 $sql .= " ORDER BY acl.tstamp";
482
483 $set = $ilDB->query($sql);
484 while ($row = $ilDB->fetchAssoc($set))
485 {
486 if(!isset($res[$row["wsp_id"]]))
487 {
488 $row["acl_type"] = array($row["acl_type"]);
489 $res[$row["wsp_id"]] = $row;
490 }
491 else
492 {
493 $res[$row["wsp_id"]]["acl_type"][] = $row["acl_type"];
494 }
495 }
496
497 return $res;
498 }
499
500 public static function getSharedNodePassword($a_node_id)
501 {
502 global $ilDB;
503
504 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
505
506 $set = $ilDB->query("SELECT * FROM acl_ws".
507 " WHERE node_id = ".$ilDB->quote($a_node_id, "integer").
508 " AND object_id = ".$ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
509 $res = $ilDB->fetchAssoc($set);
510 if($res)
511 {
512 return $res["extended_data"];
513 }
514 }
515
516 public static function keepSharedSessionPassword($a_node_id, $a_password)
517 {
518 $_SESSION["ilshpw_".$a_node_id] = $a_password;
519 }
520
521 public static function getSharedSessionPassword($a_node_id)
522 {
523 return $_SESSION["ilshpw_".$a_node_id];
524 }
525
526 public static function getGotoLink($a_node_id, $a_obj_id, $a_additional = null)
527 {
528 include_once('./Services/Link/classes/class.ilLink.php');
529 return ilLink::_getStaticLink($a_node_id, ilObject::_lookupType($a_obj_id), true, $a_additional."_wsp");
530 }
531
532 public function getObjectsIShare()
533 {
534 global $ilDB, $ilUser;
535
536 $res = array();
537 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id".
538 " FROM object_data obj".
539 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)".
540 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
541 " JOIN acl_ws acl ON (acl.node_id = tree.child)".
542 " WHERE obj.owner = ".$ilDB->quote($ilUser->getId(), "integer"));
543 while ($row = $ilDB->fetchAssoc($set))
544 {
545 $res[$row["wsp_id"]] = $row["obj_id"];
546 }
547
548 return $res;
549 }
550
551 public static function getObjectDataFromNode($a_node_id)
552 {
553 global $ilDB;
554
555 $set = $ilDB->query("SELECT obj.obj_id, obj.type, obj.title".
556 " FROM object_reference_ws ref".
557 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)".
558 " JOIN object_data obj ON (ref.obj_id = obj.obj_id)".
559 " WHERE ref.wsp_id = ".$ilDB->quote($a_node_id, "integer"));
560 return $ilDB->fetchAssoc($set);
561 }
562}
563
564?>
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
php
An exception for terminatinating execution or to throw for unit testing.
IL_CAL_DATE
const IL_CAL_DATE
Definition: class.ilDateTime.php:10
IL_CAL_UNIX
const IL_CAL_UNIX
Definition: class.ilDateTime.php:11
IL_CAL_DATETIME
const IL_CAL_DATETIME
Definition: class.ilDateTime.php:9
ilCourseParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilCourseParticipants.php:77
ilDateTime
@classDescription Date and time handling
Definition: class.ilDateTime.php:33
ilGroupParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilGroupParticipants.php:63
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1176
ilParticipants\getInstanceByObjId
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
Definition: class.ilParticipants.php:81
ilParticipants\_getMembershipByType
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Definition: class.ilParticipants.php:165
ilTree
Tree class data representation in hierachical trees using the Nested Set Model with Gaps by Joe Celco...
Definition: class.ilTree.php:25
ilTree\readRootId
readRootId()
read root id from database
Definition: class.ilTree.php:2211
ilWorkspaceAccessHandler
Access handler for personal workspace.
Definition: class.ilWorkspaceAccessHandler.php:18
ilWorkspaceAccessHandler\getGotoLink
static getGotoLink($a_node_id, $a_obj_id, $a_additional=null)
Definition: class.ilWorkspaceAccessHandler.php:526
ilWorkspaceAccessHandler\addPermission
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
Definition: class.ilWorkspaceAccessHandler.php:193
ilWorkspaceAccessHandler\keepSharedSessionPassword
static keepSharedSessionPassword($a_node_id, $a_password)
Definition: class.ilWorkspaceAccessHandler.php:516
ilWorkspaceAccessHandler\findSharedObjects
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
Definition: class.ilWorkspaceAccessHandler.php:383
ilWorkspaceAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:54
ilWorkspaceAccessHandler\setPermissions
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
Definition: class.ilWorkspaceAccessHandler.php:180
ilWorkspaceAccessHandler\_getPermissions
static _getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:250
ilWorkspaceAccessHandler\getPermissions
getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:239
ilWorkspaceAccessHandler\checkAccessOfUser
checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:72
ilWorkspaceAccessHandler\removePermission
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Definition: class.ilWorkspaceAccessHandler.php:218
ilWorkspaceTree
Tree handler for personal workspace.
Definition: class.ilWorkspaceTree.php:14
$lng
global $lng
Definition: privfeed.php:17
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
$ilUser
Definition: imgupload.php:18
$a_type
$a_type
Definition: workflow.php:93