ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
ilAccessHandler Class Reference

Class ilAccessHandler. More...

+ Collaboration diagram for ilAccessHandler:

Public Member Functions

 __construct ()
 constructor More...
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access result More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result. More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result. More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents More...
 
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check for course activation More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission) More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check More...
 
 doLicenseCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for available licenses More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 

Protected Attributes

 $stored_rbac_access = array()
 

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author
Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 20 of file class.ilAccessHandler.php.

Constructor & Destructor Documentation

◆ __construct()

ilAccessHandler::__construct ( )

constructor

Definition at line 27 of file class.ilAccessHandler.php.

28 {
29 global $rbacsystem;
30
31 $this->rbacsystem = $rbacsystem;
32 $this->results = array();
33 $this->current_info = new ilAccessInfo();
34
35 // use function enable to switch on/off tests (only cache is used so far)
36 $this->cache = true;
37 $this->rbac = true;
38 $this->tree = true;
39 $this->condition = true;
40 $this->path = true;
41 $this->status = true;
42 $this->obj_id_cache = array();
43 $this->obj_type_cache = array();
44 $this->obj_tree_cache=array();
45 }
class ilAccessInfo

Member Function Documentation

◆ addInfoItem()

ilAccessHandler::addInfoItem (   $a_type,
  $a_text,
  $a_data = "" 
)

add an info item to current info object

Definition at line 189 of file class.ilAccessHandler.php.

190 {
191 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
192 }
$a_type
Definition: workflow.php:93

References $a_type.

◆ checkAccess()

ilAccessHandler::checkAccess (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Definition at line 206 of file class.ilAccessHandler.php.

207 {
208 global $ilUser;
209
210 return $this->checkAccessOfUser($ilUser->getId(),$a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
211 }
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
$ilUser
Definition: imgupload.php:18

References $a_type, $ilUser, and checkAccessOfUser().

+ Here is the call graph for this function:

◆ checkAccessOfUser()

ilAccessHandler::checkAccessOfUser (   $a_user_id,
  $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Definition at line 226 of file class.ilAccessHandler.php.

227 {
228 global $ilBench, $lng;
229
230 $this->setPreventCachingLastResult(false); // for external db based caches
231
232 $ilBench->start("AccessControl", "0400_clear_info");
233 $this->current_info->clear();
234 $ilBench->stop("AccessControl", "0400_clear_info");
235
236
237 // get stored result (internal memory based cache)
238 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
239 if ($cached["hit"])
240 {
241 // Store access result
242 if (!$cached["granted"])
243 {
244 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
245 }
246 if ($cached["prevent_db_cache"])
247 {
248 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
249 }
250 return $cached["granted"];
251 }
252
253 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
254 // get object id if not provided
255 if ($a_obj_id == "")
256 {
257 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0)
258 {
259 $a_obj_id = $this->obj_id_cache[$a_ref_id];
260 }
261 else
262 {
263 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
264 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
265 }
266 }
267 if ($a_type == "")
268 {
269 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "")
270 {
271 $a_type = $this->obj_type_cache[$a_ref_id];
272 }
273 else
274 {
275 $a_type = ilObject::_lookupType($a_ref_id, true);
276 $this->obj_type_cache[$a_ref_id] = $a_type;
277 }
278 }
279
280 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
281
282 // if supplied tree id is not = 1 (= repository main tree),
283 // check if object is in tree and not deleted
284 if ($a_tree_id != 1 &&
285 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id))
286 {
287 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
288 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
289 return false;
290 }
291
292 // rbac check for current object
293 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type))
294 {
295 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
296 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
297 return false;
298 }
299
300 // Check object activation
301 $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
302 if(!$act_check)
303 {
304 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
305 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
306 return false;
307 }
308
309 // check read permission for all parents
310 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
311 if (!$par_check)
312 {
313
314 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
315 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
316 return false;
317 }
318
319 // condition check (currently only implemented for read permission)
320 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
321 {
322 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
323 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
324 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
325 return false;
326 }
327
328 // object type specific check
329 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
330 {
331 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
332 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
333 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
334 return false;
335 }
336
337 // check for available licenses
338 if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type))
339 {
340 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
341 return false;
342 }
343
344 // all checks passed
345 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
346 return true;
347 }
const IL_NO_PERMISSION
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licenses
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activation
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permission
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deleted
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parents
setPreventCachingLastResult($a_val)
Set prevent caching last result.
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cache
static _lookupObjId($a_id)
static _lookupType($a_id, $a_reference=false)
lookup object type
global $ilBench
Definition: ilias.php:18
global $lng
Definition: privfeed.php:17

References $a_type, $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), doActivationCheck(), doCacheCheck(), doConditionCheck(), doLicenseCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doActivationCheck(), doConditionCheck(), and doPathCheck().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ clear()

ilAccessHandler::clear ( )

Definition at line 799 of file class.ilAccessHandler.php.

800 {
801 $this->results = array();
802 $this->last_result = "";
803 $this->current_info = new ilAccessInfo();
804 }

◆ doActivationCheck()

ilAccessHandler::doActivationCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check for course activation

Definition at line 565 of file class.ilAccessHandler.php.

566 {
567 global $ilBench,$ilUser;
568
569 $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
570
571 $cache_perm = ($a_permission == "visible")
572 ? "visible"
573 : "other";
574
575//echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
576
577 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id]))
578 {
579 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
580 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
581 }
582
583 // nothings needs to be done if current permission is write permission
584 if($a_permission == 'write')
585 {
586 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
587 return true;
588 }
589
590 // #10852 - member view check
591 if($a_user_id == $ilUser->getId())
592 {
593 // #10905 - activate parent container ONLY
594 include_once './Services/Container/classes/class.ilMemberViewSettings.php';
596 if($memview->isActiveForRefId($a_ref_id) &&
597 $memview->getContainer() == $a_ref_id)
598 {
599 return true;
600 }
601 }
602
603 include_once 'Services/Object/classes/class.ilObjectActivation.php';
604 $item_data = ilObjectActivation::getItem($a_ref_id);
605
606 // if activation isn't enabled
607 if($item_data === NULL ||
608 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION)
609 {
610 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
611 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
612 return true;
613 }
614
615 // if within activation time
616 if((time() >= $item_data['timing_start']) and
617 (time() <= $item_data['timing_end']))
618 {
619 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
620 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
621 return true;
622 }
623
624 // if user has write permission
625 if($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id))
626 {
627 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
628 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
629 return true;
630 }
631 // if current permission is visible and visible is set in activation
632 if($a_permission == 'visible' and $item_data['visible'])
633 {
634 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
635 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
636 return true;
637 }
638 // no access
639 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
640 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
641 return false;
642 }
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.

References $ilBench, $ilUser, checkAccessOfUser(), ilMemberViewSettings\getInstance(), ilObjectActivation\getItem(), and ilObjectActivation\TIMINGS_ACTIVATION.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doCacheCheck()

ilAccessHandler::doCacheCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

look if result for current query is already in cache

Definition at line 382 of file class.ilAccessHandler.php.

383 {
384 global $ilBench;
385 //echo "cacheCheck<br/>";
386
387 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
388 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id,$a_user_id);
389 //var_dump($stored_access);
390 if (is_array($stored_access))
391 {
392 $this->current_info = $stored_access["info"];
393 //var_dump("cache-treffer:");
394 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
395 return array("hit" => true, "granted" => $stored_access["granted"],
396 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
397 }
398
399 // not in cache
400 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
401 return array("hit" => false, "granted" => false,
402 "prevent_db_cache" => false);
403 }
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result

References $ilBench, and getStoredAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doConditionCheck()

ilAccessHandler::doConditionCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

condition check (currently only implemented for read permission)

Definition at line 648 of file class.ilAccessHandler.php.

649 {
650 //echo "conditionCheck<br/>";
651 global $lng, $ilBench;
652
653 if(
654 ($a_permission == 'visible') and
655 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
656 )
657 {
659 {
660 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
661 {
662 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
663 foreach ($conditions as $condition)
664 {
665 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
666 $lng->txt("missing_precondition").": ".
667 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
668 $lng->txt("condition_".$condition["operator"])." ".
669 $condition["value"], $condition);
670 }
671 return FALSE;
672 }
673 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
674 }
675 }
676
677
678 if (($a_permission == "read" or $a_permission == 'join') &&
679 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id))
680 {
681 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
682 if(!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id,$a_obj_id,$a_type,$a_user_id))
683 {
684 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id,$a_obj_id, $a_type);
685 foreach ($conditions as $condition)
686 {
687 $this->current_info->addInfoItem(IL_MISSING_PRECONDITION,
688 $lng->txt("missing_precondition").": ".
689 ilObject::_lookupTitle($condition["trigger_obj_id"])." ".
690 $lng->txt("condition_".$condition["operator"])." ".
691 $condition["value"], $condition);
692 }
693 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
694 return false;
695 }
696 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
697 }
698
699 return true;
700 }
const IL_MISSING_PRECONDITION
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
static _lookupTitle($a_id)
lookup object title

References $a_type, $ilBench, $lng, ilConditionHandler\_checkAllConditionsOfTarget(), ilConditionHandler\_getConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), IL_MISSING_PRECONDITION, and ilConditionHandler\lookupHiddenStatusByTarget().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doLicenseCheck()

ilAccessHandler::doLicenseCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

check for available licenses

Definition at line 752 of file class.ilAccessHandler.php.

753 {
754 global $lng;
755
756 // simple checks first
757 if (!in_array($a_type, array('sahs','htlm'))
758 or !in_array($a_permission, array('read')))
759 {
760 $has_access = true;
761 }
762 else
763 {
764 require_once("Services/License/classes/class.ilLicenseAccess.php");
765
766 // licensing globally disabled => access granted
768 {
769 $has_access = true;
770 }
771 /* resolved mantis issue #5288:
772 * admins should not automatically have read access!
773 * their read access will also be noted and consume a license
774 elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
775 {
776 $has_access = true;
777 }
778 */
779 // now do the real check
780 else
781 {
782 $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
783 }
784 }
785
786 if ($has_access)
787 {
788 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
789 return true;
790 }
791 else
792 {
793 $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
794 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
795 return false;
796 }
797 }
const IL_NO_LICENSE
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.

References $a_type, $lng, ilLicenseAccess\_checkAccess(), ilLicenseAccess\_isEnabled(), IL_NO_LICENSE, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doPathCheck()

ilAccessHandler::doPathCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check read permission for all parents

Definition at line 518 of file class.ilAccessHandler.php.

519 {
520 global $tree, $lng, $ilBench,$ilObjDataCache;
521//echo "<br>dopathcheck";
522 //echo "pathCheck<br/>";
523 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
524
525// if (isset($this->stored_path[$a_ref_id]))
526// {
527// $path = $this->stored_path[$a_ref_id];
528// }
529// else
530// {
531 $path = $tree->getPathId($a_ref_id);
532// $this->stored_path[$a_ref_id] = $path;
533// }
534 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
535
536 foreach ($path as $id)
537 {
538 if ($a_ref_id == $id)
539 {
540 continue;
541 }
542
543 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
544
545 if ($access == false)
546 {
547
548 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
549 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"),$id);
550
551 if ($a_all == false)
552 {
553 return false;
554 }
555 }
556 }
557
558 return true;
559 }
$path
Definition: aliased.php:25
const IL_NO_PARENT_ACCESS

References $ilBench, $lng, $path, checkAccessOfUser(), and IL_NO_PARENT_ACCESS.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doRBACCheck()

ilAccessHandler::doRBACCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_type 
)

rbac check for current object -> type should be used for create permission

Definition at line 469 of file class.ilAccessHandler.php.

470 {
471 global $lng, $ilBench, $ilErr, $ilLog;
472
473 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
474
475 if ($a_permission == "")
476 {
477 $message = sprintf('%s::doRBACCheck(): No operations given! $a_ref_id: %s',
478 get_class($this),
479 $a_ref_id);
480 $ilLog->write($message,$ilLog->FATAL);
481 $ilErr->raiseError($message,$ilErr->MESSAGE);
482 }
483
484 if (isset($this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id]))
485 {
486 $access = $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id];
487 }
488 else
489 {
490 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
491 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000)
492 {
493 if ($a_permission != "create")
494 {
495 $this->stored_rbac_access[$a_user_id."-".$a_permission."-".$a_ref_id] = $access;
496 }
497 }
498 }
499
500 // Store in result cache
501 if (!$access)
502 {
503 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
504 }
505 if ($a_permission != "create")
506 {
507 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
508 }
509 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
510
511 return $access;
512 }
sprintf('%.4f', $callTime)
global $ilErr
Definition: raiseError.php:16

References $a_type, $ilBench, $ilErr, $ilLog, $lng, IL_NO_PERMISSION, sprintf, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doStatusCheck()

ilAccessHandler::doStatusCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

object type specific check

Definition at line 706 of file class.ilAccessHandler.php.

707 {
708 global $objDefinition, $ilBench, $ilPluginAdmin;
709 //echo "statusCheck<br/>";
710 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
711
712 // check for a deactivated plugin
713 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type))
714 {
715 return false;
716 }
717 if(!$a_type)
718 {
719 return false;
720 }
721
722 $class = $objDefinition->getClassName($a_type);
723 $location = $objDefinition->getLocation($a_type);
724 $full_class = "ilObj".$class."Access";
725 include_once($location."/class.".$full_class.".php");
726 // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
727
728 $full_class = new $full_class();
729
730 $obj_access = call_user_func(array($full_class, "_checkAccess"),
731 $a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id);
732 if (!($obj_access === true))
733 {
734 //Note: We must not add an info item here, because one is going
735 // to be added by the user function we just called a few
736 // lines above.
737 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
738
739 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
740 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
741 return false;
742 }
743
744 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
745 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
746 return true;
747 }
$location
Definition: buildRTE.php:44

References $a_type, $ilBench, $location, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doTreeCheck()

ilAccessHandler::doTreeCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

check if object is in tree and not deleted

Definition at line 409 of file class.ilAccessHandler.php.

410 {
411 global $tree, $lng, $ilBench;
412 //echo "treeCheck<br/>";
413
414 // Get stored result
415 $tree_cache_key = $a_user_id.':'.$a_ref_id;
416 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
417 // Store access result
418 if (!$this->obj_tree_cache[$tree_cache_key])
419 {
420 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
421 }
422 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
423
424 return $this->obj_tree_cache[$tree_cache_key];
425 }
426
427 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
428
429 if(!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id))
430 {
431 // Store negative access results
432
433 // Store in tree cache
434 // Note, we only store up to 1000 results to avoid memory overflow.
435 if (count($this->obj_tree_cache) < 1000)
436 {
437 $this->obj_tree_cache[$tree_cache_key] = false;
438 }
439
440 // Store in result cache
441 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
442 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
443
444 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
445
446 return false;
447 }
448
449 // Store positive access result.
450
451 // Store in tree cache
452 // Note, we only store up to 1000 results to avoid memory overflow.
453 if (count($this->obj_tree_cache) < 1000)
454 {
455 $this->obj_tree_cache[$tree_cache_key] = true;
456 }
457
458 // Store in result cache
459 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
460
461 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
462 return true;
463 }
const IL_DELETED

References $ilBench, $lng, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ enable()

ilAccessHandler::enable (   $a_str,
  $a_bool 
)

Definition at line 806 of file class.ilAccessHandler.php.

807 {
808 $this->$a_str = $a_bool;
809 }

◆ getInfo()

ilAccessHandler::getInfo ( )

get last info object

Definition at line 352 of file class.ilAccessHandler.php.

353 {
354 //return $this->last_result;
355 //$this->last_info->setQueryData($this->current_result_element);
356 //var_dump("<pre>",$this->results,"</pre>");
357 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
358 }

◆ getPreventCachingLastResult()

ilAccessHandler::getPreventCachingLastResult ( )

Get prevent caching last result.

Returns
boolean true if last result should not be cached

Definition at line 104 of file class.ilAccessHandler.php.

105 {
106 return $this->prevent_caching_last_result;
107 }

Referenced by storeAccessResult().

+ Here is the caller graph for this function:

◆ getResultAll()

ilAccessHandler::getResultAll (   $a_ref_id = "")

Definition at line 368 of file class.ilAccessHandler.php.

369 {
370 if ($a_ref_id == "")
371 {
372 return $this->results;
373 }
374
375 return $this->results[$a_ref_id];
376 }
$results

References $results.

◆ getResultLast()

ilAccessHandler::getResultLast ( )

get last info object

Definition at line 363 of file class.ilAccessHandler.php.

364 {
365 return $this->last_result;
366 }

◆ getResults()

ilAccessHandler::getResults ( )

Definition at line 176 of file class.ilAccessHandler.php.

177 {
178 return $this->results;
179 }

References $results.

◆ getStoredAccessResult()

ilAccessHandler::getStoredAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id = "" 
)

get stored access result

@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Definition at line 121 of file class.ilAccessHandler.php.

122 {
123 global $ilUser;
124
125 if ($a_user_id == "")
126 {
127 $a_user_id = $ilUser->getId();
128 }
129
130 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
131 {
132 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
133 }*/
134
135 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]))
136 {
137 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138 }
139 return false;
140 }

References $ilUser.

Referenced by doCacheCheck().

+ Here is the caller graph for this function:

◆ readCache()

ilAccessHandler::readCache (   $a_secs = 0)

Definition at line 156 of file class.ilAccessHandler.php.

157 {
158 global $ilUser, $ilDB;
159
160 if ($a_secs > 0)
161 {
162 $query = "SELECT * FROM acc_cache WHERE user_id = ".
163 $ilDB->quote($ilUser->getId() ,'integer');
164 $set = $ilDB->query($query);
165 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
166 if ((time() - $rec["time"]) < $a_secs)
167 {
168 $this->results = unserialize($rec["result"]);
169//var_dump($this->results);
170 return true;
171 }
172 }
173 return false;
174 }
global $ilDB

References $ilDB, $ilUser, $query, and ilDBConstants\FETCHMODE_ASSOC.

◆ setPreventCachingLastResult()

ilAccessHandler::setPreventCachingLastResult (   $a_val)

Set prevent caching last result.

Parameters
booleantrue if last result should not be cached

Definition at line 94 of file class.ilAccessHandler.php.

95 {
96 $this->prevent_caching_last_result = $a_val;
97 }

Referenced by checkAccessOfUser().

+ Here is the caller graph for this function:

◆ setResults()

ilAccessHandler::setResults (   $a_results)

Definition at line 181 of file class.ilAccessHandler.php.

182 {
183 $this->results = $a_results;
184 }

◆ storeAccessResult()

ilAccessHandler::storeAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_access_granted,
  $a_user_id = "",
  $a_info = "" 
)

store access result

@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)

Definition at line 57 of file class.ilAccessHandler.php.

58 {
59 global $ilUser;
60
61 if ($a_user_id == "")
62 {
63 $a_user_id = $ilUser->getId();
64 }
65
66 if ($a_info == "")
67 {
68 $a_info = $this->current_info;
69 }
70
71 //var_dump("<pre>",$a_permission,"</pre>");
72
73 if ($this->cache)
74 {
75 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
76 array("granted" => $a_access_granted, "info" => $a_info,
77 "prevent_db_cache" => $this->getPreventCachingLastResult());
78//echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
79 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
80 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
81 $this->last_info = $a_info;
82 }
83
84 // get new info object
85 $this->current_info = new ilAccessInfo();
86
87 }
getPreventCachingLastResult()
Get prevent caching last result.

References $ilUser, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doLicenseCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCache()

ilAccessHandler::storeCache ( )

Definition at line 142 of file class.ilAccessHandler.php.

143 {
144 global $ilDB, $ilUser;
145
146 $query = "DELETE FROM acc_cache WHERE user_id = ".$ilDB->quote($ilUser->getId(),'integer');
147 $res = $ilDB->manipulate($query);
148
149 $ilDB->insert('acc_cache', array(
150 'user_id' => array('integer',$ilUser->getId()),
151 'time' => array('integer',time()),
152 'result' => array('clob',serialize($this->results))
153 ));
154 }

References $ilDB, $ilUser, $query, and $res.

Field Documentation

◆ $stored_rbac_access

ilAccessHandler::$stored_rbac_access = array()
protected

Definition at line 22 of file class.ilAccessHandler.php.


The documentation for this class was generated from the following file: