ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Protected Attributes
ilAccessHandler Class Reference
Services/AccessControl

Class ilAccessHandler. More...

+ Collaboration diagram for ilAccessHandler:

Public Member Functions

 __construct ()
 constructor More...
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access result More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result. More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result. More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents More...
 
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check for course activation More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission) More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check More...
 
 doLicenseCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for available licenses More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 

Protected Attributes

 $stored_rbac_access = array()
 

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author
Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 20 of file class.ilAccessHandler.php.

Constructor & Destructor Documentation

◆ __construct()

ilAccessHandler::__construct ( )

constructor

Definition at line 27 of file class.ilAccessHandler.php.

References array.

28  {
29  global $rbacsystem;
30 
31  $this->rbacsystem = $rbacsystem;
32  $this->results = array();
33  $this->current_info = new ilAccessInfo();
34 
35  // use function enable to switch on/off tests (only cache is used so far)
36  $this->cache = true;
37  $this->rbac = true;
38  $this->tree = true;
39  $this->condition = true;
40  $this->path = true;
41  $this->status = true;
42  $this->obj_id_cache = array();
43  $this->obj_type_cache = array();
44  $this->obj_tree_cache=array();
45  }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

Member Function Documentation

◆ addInfoItem()

ilAccessHandler::addInfoItem (   $a_type,
  $a_text,
  $a_data = "" 
)

add an info item to current info object

Definition at line 189 of file class.ilAccessHandler.php.

References $a_type.

190  {
191  $this->current_info->addInfoItem($a_type, $a_text, $a_data);
192  }
$a_type
$a_type
Definition: workflow.php:93

◆ checkAccess()

ilAccessHandler::checkAccess (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Definition at line 206 of file class.ilAccessHandler.php.

References $a_type, $ilUser, and checkAccessOfUser().

207  {
208  global $ilUser;
209 
210  return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
211  }
$a_type
$a_type
Definition: workflow.php:93
ilAccessHandler\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccessHandler.php:226
$ilUser
$ilUser
Definition: imgupload.php:18
+ Here is the call graph for this function:

◆ checkAccessOfUser()

ilAccessHandler::checkAccessOfUser (   $a_user_id,
  $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Definition at line 226 of file class.ilAccessHandler.php.

References $a_type, $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), doActivationCheck(), doCacheCheck(), doConditionCheck(), doLicenseCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doActivationCheck(), doConditionCheck(), and doPathCheck().

227  {
228  global $ilBench, $lng;
229 
230  $this->setPreventCachingLastResult(false); // for external db based caches
231 
232  $ilBench->start("AccessControl", "0400_clear_info");
233  $this->current_info->clear();
234  $ilBench->stop("AccessControl", "0400_clear_info");
235 
236 
237  // get stored result (internal memory based cache)
238  $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
239  if ($cached["hit"])
240  {
241  // Store access result
242  if (!$cached["granted"])
243  {
244  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
245  }
246  if ($cached["prevent_db_cache"])
247  {
248  $this->setPreventCachingLastResult(true); // should have been saved in previous call already
249  }
250  return $cached["granted"];
251  }
252 
253  $ilBench->start("AccessControl", "0500_lookup_id_and_type");
254  // get object id if not provided
255  if ($a_obj_id == "")
256  {
257  if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
258  {
259  $a_obj_id = $this->obj_id_cache[$a_ref_id];
260  }
261  else
262  {
263  $a_obj_id = ilObject::_lookupObjId($a_ref_id);
264  $this->obj_id_cache[$a_ref_id] = $a_obj_id;
265  }
266  }
267  if ($a_type == "")
268  {
269  if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "")
270  {
271  $a_type = $this->obj_type_cache[$a_ref_id];
272  }
273  else
274  {
275  $a_type = ilObject::_lookupType($a_ref_id, true);
276  $this->obj_type_cache[$a_ref_id] = $a_type;
277  }
278  }
279 
280  $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
281 
282  // if supplied tree id is not = 1 (= repository main tree),
283  // check if object is in tree and not deleted
284  if ($a_tree_id != 1 &&
285  !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
286  {
287  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
288  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
289  return false;
290  }
291 
292  // rbac check for current object
293  if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
294  {
295  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
296  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
297  return false;
298  }
299 
300  // Check object activation
301  $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
302  if(!$act_check)
303  {
304  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
305  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
306  return false;
307  }
308 
309  // check read permission for all parents
310  $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
311  if (!$par_check)
312  {
313 
314  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
315  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
316  return false;
317  }
318 
319  // condition check (currently only implemented for read permission)
320  if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
321  {
322  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
323  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
324  $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
325  return false;
326  }
327 
328  // object type specific check
329  if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
330  {
331  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
332  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
333  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
334  return false;
335  }
336 
337  // check for available licenses
338  if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
339  {
340  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
341  return false;
342  }
343 
344  // all checks passed
345  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
346  return true;
347  }
ilAccessHandler\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.
Definition: class.ilAccessHandler.php:94
ilAccessHandler\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)
Definition: class.ilAccessHandler.php:648
ilAccessHandler\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
Definition: class.ilAccessHandler.php:57
$a_type
$a_type
Definition: workflow.php:93
ilAccessHandler\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cache
Definition: class.ilAccessHandler.php:382
ilAccessHandler\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parents
Definition: class.ilAccessHandler.php:518
ilAccessHandler\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
Definition: class.ilAccessHandler.php:706
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1021
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1176
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
ilAccessHandler\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deleted
Definition: class.ilAccessHandler.php:409
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccessHandler\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permission
Definition: class.ilAccessHandler.php:469
ilAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activation
Definition: class.ilAccessHandler.php:565
ilAccessHandler\doLicenseCheck
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licenses
Definition: class.ilAccessHandler.php:752
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ clear()

ilAccessHandler::clear ( )

Definition at line 799 of file class.ilAccessHandler.php.

References array.

800  {
801  $this->results = array();
802  $this->last_result = "";
803  $this->current_info = new ilAccessInfo();
804  }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ doActivationCheck()

ilAccessHandler::doActivationCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check for course activation

Definition at line 565 of file class.ilAccessHandler.php.

References $ilBench, $ilUser, checkAccessOfUser(), ilMemberViewSettings\getInstance(), ilObjectActivation\getItem(), time, and ilObjectActivation\TIMINGS_ACTIVATION.

Referenced by checkAccessOfUser().

566  {
567  global $ilBench,$ilUser;
568 
569  $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
570 
571  $cache_perm = ($a_permission == "visible")
572  ? "visible"
573  : "other";
574 
575 //echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
576 
577  if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
578  {
579  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
580  return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
581  }
582 
583  // nothings needs to be done if current permission is write permission
584  if($a_permission == 'write')
585  {
586  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
587  return true;
588  }
589 
590  // #10852 - member view check
591  if($a_user_id == $ilUser->getId())
592  {
593  // #10905 - activate parent container ONLY
594  include_once './Services/Container/classes/class.ilMemberViewSettings.php';
595  $memview = ilMemberViewSettings::getInstance();
596  if($memview->isActiveForRefId($a_ref_id) &&
597  $memview->getContainer() == $a_ref_id)
598  {
599  return true;
600  }
601  }
602 
603  include_once 'Services/Object/classes/class.ilObjectActivation.php';
604  $item_data = ilObjectActivation::getItem($a_ref_id);
605 
606  // if activation isn't enabled
607  if($item_data === NULL ||
608  $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION)
609  {
610  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
611  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
612  return true;
613  }
614 
615  // if within activation time
616  if((time() >= $item_data['timing_start']) and
617  (time() <= $item_data['timing_end']))
618  {
619  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
620  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
621  return true;
622  }
623 
624  // if user has write permission
625  if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
626  {
627  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
628  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
629  return true;
630  }
631  // if current permission is visible and visible is set in activation
632  if($a_permission == 'visible' and $item_data['visible'])
633  {
634  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
635  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
636  return true;
637  }
638  // no access
639  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
640  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
641  return false;
642  }
ilObjectActivation\getItem
static getItem($a_ref_id)
Get item data.
Definition: class.ilObjectActivation.php:310
ilAccessHandler\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccessHandler.php:226
$ilUser
$ilUser
Definition: imgupload.php:18
ilMemberViewSettings\getInstance
static getInstance()
Get instance.
Definition: class.ilMemberViewSettings.php:53
$ilBench
global $ilBench
Definition: ilias.php:18
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doCacheCheck()

ilAccessHandler::doCacheCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

look if result for current query is already in cache

Definition at line 382 of file class.ilAccessHandler.php.

References $ilBench, array, and getStoredAccessResult().

Referenced by checkAccessOfUser().

383  {
384  global $ilBench;
385  //echo "cacheCheck<br/>";
386 
387  $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
388  $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
389  //var_dump($stored_access);
390  if (is_array($stored_access))
391  {
392  $this->current_info = $stored_access["info"];
393  //var_dump("cache-treffer:");
394  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
395  return array("hit" => true, "granted" => $stored_access["granted"],
396  "prevent_db_cache" => $stored_access["prevent_db_cache"]);
397  }
398 
399  // not in cache
400  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
401  return array("hit" => false, "granted" => false,
402  "prevent_db_cache" => false);
403  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccessHandler\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result
Definition: class.ilAccessHandler.php:121
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doConditionCheck()

ilAccessHandler::doConditionCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

condition check (currently only implemented for read permission)

Definition at line 648 of file class.ilAccessHandler.php.

References $a_type, $ilBench, $lng, ilConditionHandler\_checkAllConditionsOfTarget(), ilConditionHandler\_getConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), IL_MISSING_PRECONDITION, and ilConditionHandler\lookupHiddenStatusByTarget().

Referenced by checkAccessOfUser().

649  {
650  //echo "conditionCheck<br/>";
651  global $lng, $ilBench;
652 
653  if(
654  ($a_permission == 'visible') and
655  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
656  )
657  {
658  if(ilConditionHandler::lookupHiddenStatusByTarget($a_ref_id))
659  {
660  if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
661  {
662  $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
663  foreach ($conditions as $condition)
664  {
665  $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
666  $lng->txt("missing_precondition").": ".
667  ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
668  $lng->txt("condition_".$condition["operator"])." ".
669  $condition["value"], $condition);
670  }
671  return FALSE;
672  }
673  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
674  }
675  }
676 
677 
678  if (($a_permission == "read" or $a_permission == 'join') &&
679  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
680  {
681  $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
682  if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
683  {
684  $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
685  foreach ($conditions as $condition)
686  {
687  $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
688  $lng->txt("missing_precondition").": ".
689  ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
690  $lng->txt("condition_".$condition["operator"])." ".
691  $condition["value"], $condition);
692  }
693  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
694  return false;
695  }
696  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
697  }
698 
699  return true;
700  }
ilConditionHandler\_getConditionsOfTarget
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
Definition: class.ilConditionHandler.php:715
ilConditionHandler\lookupHiddenStatusByTarget
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status type $ilDB.
Definition: class.ilConditionHandler.php:141
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
$a_type
$a_type
Definition: workflow.php:93
ilAccessHandler\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccessHandler.php:226
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:988
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doLicenseCheck()

ilAccessHandler::doLicenseCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

check for available licenses

Definition at line 752 of file class.ilAccessHandler.php.

References $a_type, $lng, ilLicenseAccess\_checkAccess(), ilLicenseAccess\_isEnabled(), array, IL_NO_LICENSE, and storeAccessResult().

Referenced by checkAccessOfUser().

753  {
754  global $lng;
755 
756  // simple checks first
757  if (!in_array($a_type, array('sahs','htlm'))
758  or !in_array($a_permission, array('read')))
759  {
760  $has_access = true;
761  }
762  else
763  {
764  require_once("Services/License/classes/class.ilLicenseAccess.php");
765 
766  // licensing globally disabled => access granted
767  if (!ilLicenseAccess::_isEnabled())
768  {
769  $has_access = true;
770  }
771  /* resolved mantis issue #5288:
772  * admins should not automatically have read access!
773  * their read access will also be noted and consume a license
774  elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
775  {
776  $has_access = true;
777  }
778  */
779  // now do the real check
780  else
781  {
782  $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
783  }
784  }
785 
786  if ($has_access)
787  {
788  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
789  return true;
790  }
791  else
792  {
793  $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
794  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
795  return false;
796  }
797  }
IL_NO_LICENSE
const IL_NO_LICENSE
Definition: class.ilAccessInfo.php:30
ilLicenseAccess\_isEnabled
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
Definition: class.ilLicenseAccess.php:20
ilAccessHandler\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
Definition: class.ilAccessHandler.php:57
$a_type
$a_type
Definition: workflow.php:93
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilLicenseAccess\_checkAccess
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
Definition: class.ilLicenseAccess.php:52
$lng
global $lng
Definition: privfeed.php:17
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doPathCheck()

ilAccessHandler::doPathCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check read permission for all parents

Definition at line 518 of file class.ilAccessHandler.php.

References $ilBench, $lng, $path, checkAccessOfUser(), and IL_NO_PARENT_ACCESS.

Referenced by checkAccessOfUser().

519  {
520  global $tree, $lng, $ilBench,$ilObjDataCache;
521 //echo "<br>dopathcheck";
522  //echo "pathCheck<br/>";
523  $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
524 
525 // if (isset($this->stored_path[$a_ref_id]))
526 // {
527 // $path = $this->stored_path[$a_ref_id];
528 // }
529 // else
530 // {
531  $path = $tree->getPathId($a_ref_id);
532 // $this->stored_path[$a_ref_id] = $path;
533 // }
534  $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
535 
536  foreach ($path as $id)
537  {
538  if ($a_ref_id == $id)
539  {
540  continue;
541  }
542 
543  $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
544 
545  if ($access == false)
546  {
547 
548  //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
549  $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
550 
551  if ($a_all == false)
552  {
553  return false;
554  }
555  }
556  }
557 
558  return true;
559  }
$path
$path
Definition: aliased.php:25
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
ilAccessHandler\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccessHandler.php:226
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doRBACCheck()

ilAccessHandler::doRBACCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_type 
)

rbac check for current object -> type should be used for create permission

Definition at line 469 of file class.ilAccessHandler.php.

References $a_type, $ilBench, $ilErr, $ilLog, $lng, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

470  {
471  global $lng, $ilBench, $ilErr, $ilLog;
472 
473  $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
474 
475  if ($a_permission == "")
476  {
477  $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
478  get_class($this),
479  $a_ref_id);
480  $ilLog->write($message,$ilLog->FATAL);
481  $ilErr->raiseError($message,$ilErr->MESSAGE);
482  }
483 
484  if (isset($this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id]))
485  {
486  $access = $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id];
487  }
488  else
489  {
490  $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
491  if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
492  {
493  if ($a_permission != "create")
494  {
495  $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id] = $access;
496  }
497  }
498  }
499 
500  // Store in result cache
501  if (!$access)
502  {
503  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
504  }
505  if ($a_permission != "create")
506  {
507  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
508  }
509  $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
510 
511  return $access;
512  }
$ilErr
global $ilErr
Definition: raiseError.php:16
ilAccessHandler\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
Definition: class.ilAccessHandler.php:57
$a_type
$a_type
Definition: workflow.php:93
$ilLog
$ilLog
Definition: inc.setup_header.php:130
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doStatusCheck()

ilAccessHandler::doStatusCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

object type specific check

Definition at line 706 of file class.ilAccessHandler.php.

References $a_type, $ilBench, $location, array, and storeAccessResult().

Referenced by checkAccessOfUser().

707  {
708  global $objDefinition, $ilBench, $ilPluginAdmin;
709  //echo "statusCheck<br/>";
710  $ilBench->start("AccessControl", "5000_checkAccess_object_check");
711 
712  // check for a deactivated plugin
713  if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
714  {
715  return false;
716  }
717  if(!$a_type)
718  {
719  return false;
720  }
721 
722  $class = $objDefinition->getClassName($a_type);
723  $location = $objDefinition->getLocation($a_type);
724  $full_class = "ilObj".$class."Access";
725  include_once($location."/class.".$full_class.".php");
726  // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
727 
728  $full_class = new $full_class();
729 
730  $obj_access = call_user_func(array($full_class, "_checkAccess"),
731  $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
732  if (!($obj_access === true))
733  {
734  //Note: We must not add an info item here, because one is going
735  // to be added by the user function we just called a few
736  // lines above.
737  //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
738 
739  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
740  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
741  return false;
742  }
743 
744  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
745  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
746  return true;
747  }
$location
$location
Definition: buildRTE.php:44
ilAccessHandler\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
Definition: class.ilAccessHandler.php:57
$a_type
$a_type
Definition: workflow.php:93
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doTreeCheck()

ilAccessHandler::doTreeCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

check if object is in tree and not deleted

Definition at line 409 of file class.ilAccessHandler.php.

References $ilBench, $lng, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

410  {
411  global $tree, $lng, $ilBench;
412  //echo "treeCheck<br/>";
413 
414  // Get stored result
415  $tree_cache_key = $a_user_id.':'.$a_ref_id;
416  if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
417  // Store access result
418  if (!$this->obj_tree_cache[$tree_cache_key])
419  {
420  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
421  }
422  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
423 
424  return $this->obj_tree_cache[$tree_cache_key];
425  }
426 
427  $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
428 
429  if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
430  {
431  // Store negative access results
432 
433  // Store in tree cache
434  // Note, we only store up to 1000 results to avoid memory overflow.
435  if (count($this->obj_tree_cache) < 1000)
436  {
437  $this->obj_tree_cache[$tree_cache_key] = false;
438  }
439 
440  // Store in result cache
441  $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
442  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
443 
444  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
445 
446  return false;
447  }
448 
449  // Store positive access result.
450 
451  // Store in tree cache
452  // Note, we only store up to 1000 results to avoid memory overflow.
453  if (count($this->obj_tree_cache) < 1000)
454  {
455  $this->obj_tree_cache[$tree_cache_key] = true;
456  }
457 
458  // Store in result cache
459  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
460 
461  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
462  return true;
463  }
ilAccessHandler\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
Definition: class.ilAccessHandler.php:57
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ enable()

ilAccessHandler::enable (   $a_str,
  $a_bool 
)

Definition at line 806 of file class.ilAccessHandler.php.

807  {
808  $this->$a_str = $a_bool;
809  }

◆ getInfo()

ilAccessHandler::getInfo ( )

get last info object

Definition at line 352 of file class.ilAccessHandler.php.

References array.

353  {
354  //return $this->last_result;
355  //$this->last_info->setQueryData($this->current_result_element);
356  //var_dump("<pre>",$this->results,"</pre>");
357  return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
358  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ getPreventCachingLastResult()

ilAccessHandler::getPreventCachingLastResult ( )

Get prevent caching last result.

Returns
boolean true if last result should not be cached

Definition at line 104 of file class.ilAccessHandler.php.

Referenced by storeAccessResult().

105  {
106  return $this->prevent_caching_last_result;
107  }
+ Here is the caller graph for this function:

◆ getResultAll()

ilAccessHandler::getResultAll (   $a_ref_id = "")

Definition at line 368 of file class.ilAccessHandler.php.

References $results.

369  {
370  if ($a_ref_id == "")
371  {
372  return $this->results;
373  }
374 
375  return $this->results[$a_ref_id];
376  }
$results
$results
Definition: save_question_post_data.php:7

◆ getResultLast()

ilAccessHandler::getResultLast ( )

get last info object

Definition at line 363 of file class.ilAccessHandler.php.

364  {
365  return $this->last_result;
366  }

◆ getResults()

ilAccessHandler::getResults ( )

Definition at line 176 of file class.ilAccessHandler.php.

References $results.

177  {
178  return $this->results;
179  }
$results
$results
Definition: save_question_post_data.php:7

◆ getStoredAccessResult()

ilAccessHandler::getStoredAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id = "" 
)

get stored access result

private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Definition at line 121 of file class.ilAccessHandler.php.

References $ilUser.

Referenced by doCacheCheck().

122  {
123  global $ilUser;
124 
125  if ($a_user_id == "")
126  {
127  $a_user_id = $ilUser->getId();
128  }
129 
130  /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
131  {
132  $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
133  }*/
134 
135  if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
136  {
137  return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138  }
139  return false;
140  }
$ilUser
$ilUser
Definition: imgupload.php:18
+ Here is the caller graph for this function:

◆ readCache()

ilAccessHandler::readCache (   $a_secs = 0)

Definition at line 156 of file class.ilAccessHandler.php.

References $ilDB, $ilUser, $query, ilDBConstants\FETCHMODE_ASSOC, and time.

157  {
158  global $ilUser, $ilDB;
159 
160  if ($a_secs > 0)
161  {
162  $query = "SELECT * FROM acc_cache WHERE user_id = ".
163  $ilDB->quote($ilUser->getId() ,'integer');
164  $set = $ilDB->query($query);
165  $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
166  if ((time() - $rec["time"]) < $a_secs)
167  {
168  $this->results = unserialize($rec["result"]);
169 //var_dump($this->results);
170  return true;
171  }
172  }
173  return false;
174  }
$ilUser
$ilUser
Definition: imgupload.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39

◆ setPreventCachingLastResult()

ilAccessHandler::setPreventCachingLastResult (   $a_val)

Set prevent caching last result.

Parameters
booleantrue if last result should not be cached

Definition at line 94 of file class.ilAccessHandler.php.

Referenced by checkAccessOfUser().

95  {
96  $this->prevent_caching_last_result = $a_val;
97  }
+ Here is the caller graph for this function:

◆ setResults()

ilAccessHandler::setResults (   $a_results)

Definition at line 181 of file class.ilAccessHandler.php.

182  {
183  $this->results = $a_results;
184  }

◆ storeAccessResult()

ilAccessHandler::storeAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_access_granted,
  $a_user_id = "",
  $a_info = "" 
)

store access result

private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)

Definition at line 57 of file class.ilAccessHandler.php.

References $ilUser, array, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doLicenseCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

58  {
59  global $ilUser;
60 
61  if ($a_user_id == "")
62  {
63  $a_user_id = $ilUser->getId();
64  }
65 
66  if ($a_info == "")
67  {
68  $a_info = $this->current_info;
69  }
70 
71  //var_dump("<pre>",$a_permission,"</pre>");
72 
73  if ($this->cache)
74  {
75  $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76  array("granted" => $a_access_granted, "info" => $a_info,
77  "prevent_db_cache" => $this->getPreventCachingLastResult());
78 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
79  $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80  $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81  $this->last_info = $a_info;
82  }
83 
84  // get new info object
85  $this->current_info = new ilAccessInfo();
86 
87  }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
ilAccessHandler\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.
Definition: class.ilAccessHandler.php:104
$ilUser
$ilUser
Definition: imgupload.php:18
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCache()

ilAccessHandler::storeCache ( )

Definition at line 142 of file class.ilAccessHandler.php.

References $ilDB, $ilUser, $query, $res, array, and time.

143  {
144  global $ilDB, $ilUser;
145 
146  $query = "DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),'integer');
147  $res = $ilDB->manipulate($query);
148 
149  $ilDB->insert('acc_cache', array(
150  'user_id' => array('integer',$ilUser->getId()),
151  'time' => array('integer',time()),
152  'result' => array('clob',serialize($this->results))
153  ));
154  }
$ilUser
$ilUser
Definition: imgupload.php:18
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39

Field Documentation

◆ $stored_rbac_access

ilAccessHandler::$stored_rbac_access = array()
protected

Definition at line 22 of file class.ilAccessHandler.php.

The documentation for this class was generated from the following file: