ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Attributes
ilAccess Class Reference
Services/AccessControl

Class ilAccessHandler. More...

+ Inheritance diagram for ilAccess:
+ Collaboration diagram for ilAccess:

Public Member Functions

 __construct ()
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access resultprivate
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)
More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result.
Parameters
booleantrue if last result should not be cached
More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result.
Returns
boolean true if last result should not be cached
More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access resultprivate
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object
More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool
More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool
More...
 
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check for course activation
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool
More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 doLicenseCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for available licenses
Parameters
$a_permission
$a_cmd
$a_ref_id
$a_user_id
$a_obj_id
$a_type
Deprecated:
Returns
mixed
More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 
Parameters
$a_str
$a_bool
More...
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
 
Parameters
int[]$user_ids List of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions
More...
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
 
Parameters
int[]$user_ids List of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions
More...
 
 isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
 
Parameters
string$permission
int[]$on_user_ids List of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
 
Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_ids List of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkPositionAccess ($pos_perm, $ref_id)
 
Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool
More...
 
 filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
 
Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
 
Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]
More...
 
 hasCurrentUserAnyPositionAccess ($ref_id)
 
Parameters
int$ref_id
Returns
bool
More...
 
 hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
 
Parameters
string$rbac_perm
int$ref_id
Returns
bool
More...
 

Protected Attributes

 $ilOrgUnitPositionAccess
 
 $obj_tree_cache
 
 $obj_type_cache
 
 $obj_id_cache
 
 $status
 
 $path
 
 $condition
 
 $tree
 
 $rbac
 
 $cache
 
 $current_info
 
 $results
 
 $rbacsystem
 
 $stored_rbac_access = array()
 
 $ac_logger
 

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author
Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 19 of file class.ilAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilAccess::__construct ( )

Definition at line 85 of file class.ilAccess.php.

References $rbacsystem, array, and ilLoggerFactory\getLogger().

86  {
87  global $rbacsystem;
88 
89  $this->rbacsystem = $rbacsystem;
90  $this->results = array();
91  $this->current_info = new ilAccessInfo();
92 
93  // use function enable to switch on/off tests (only cache is used so far)
94  $this->cache = true;
95  $this->rbac = true;
96  $this->tree = true;
97  $this->condition = true;
98  $this->path = true;
99  $this->status = true;
100  $this->obj_id_cache = array();
101  $this->obj_type_cache = array();
102  $this->obj_tree_cache = array();
103 
104  $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();
105 
106  $this->ac_logger = ilLoggerFactory::getLogger('ac');
107  }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
+ Here is the call graph for this function:

Member Function Documentation

◆ addInfoItem()

ilAccess::addInfoItem (   $a_type,
  $a_text,
  $a_data = "" 
)

add an info item to current info object

Implements ilRBACAccessHandler.

Definition at line 232 of file class.ilAccess.php.

References $a_type.

233  {
234  $this->current_info->addInfoItem($a_type, $a_text, $a_data);
235  }
$a_type
$a_type
Definition: workflow.php:92

◆ checkAccess()

ilAccess::checkAccess (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 240 of file class.ilAccess.php.

References $a_type, $ilUser, and checkAccessOfUser().

Referenced by ilLocalUserGUI\__checkGlobalRoles(), ilLocalUserGUI\__showRolesTable(), ilOrgUnitStaffGUI\addOtherRoles(), ilOrgUnitStaffGUI\addStaff(), ilObjStudyProgrammeGUI\addToNavigationHistory(), ilLocalUserGUI\assignRoles(), ilLocalUserGUI\assignSave(), ilObjStudyProgrammeGUI\checkAccess(), ilLocalUserGUI\checkPermission(), ilOrgUnitSimpleImportGUI\chooseImport(), ilOrgUnitStaffGUI\confirmRemoveUser(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editSettings(), ilObjOrgUnitGUI\executeCommand(), ilOrgUnitStaffGUI\fromEmployeeToSuperior(), ilOrgUnitStaffGUI\fromSuperiorToEmployee(), ilObjStudyProgrammeAdminGUI\initFormSettings(), ilOrgUnitStaffGUI\removeFromEmployees(), ilOrgUnitStaffGUI\removeFromRole(), ilOrgUnitStaffGUI\removeFromSuperiors(), ilOrgUnitStaffGUI\setTabs(), ilOrgUnitStaffGUI\showOtherRoles(), ilOrgUnitStaffGUI\showStaff(), ilObjStudyProgrammeGUI\updateAdvancedSettings(), ilObjOrgUnitGUI\updateAdvancedSettings(), and ilObjOrgUnitGUI\updateSettings().

241  {
242  global $ilUser;
243 
244  return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
245  }
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:250
$a_type
$a_type
Definition: workflow.php:92
$ilUser
$ilUser
Definition: imgupload.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkAccessOfUser()

ilAccess::checkAccessOfUser (   $a_user_id,
  $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 250 of file class.ilAccess.php.

References $a_type, $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), doActivationCheck(), doCacheCheck(), doConditionCheck(), doLicenseCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doActivationCheck(), doConditionCheck(), doPathCheck(), and ilSearchResult\filter().

251  {
252  global $ilBench, $lng;
253 
254  $this->setPreventCachingLastResult(false); // for external db based caches
255 
256  $ilBench->start("AccessControl", "0400_clear_info");
257  $this->current_info->clear();
258  $ilBench->stop("AccessControl", "0400_clear_info");
259 
260 
261  // get stored result (internal memory based cache)
262  $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
263  if ($cached["hit"]) {
264  // Store access result
265  if (!$cached["granted"]) {
266  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
267  }
268  if ($cached["prevent_db_cache"]) {
269  $this->setPreventCachingLastResult(true); // should have been saved in previous call already
270  }
271  return $cached["granted"];
272  }
273 
274  $ilBench->start("AccessControl", "0500_lookup_id_and_type");
275  // get object id if not provided
276  if ($a_obj_id == "") {
277  if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
278  $a_obj_id = $this->obj_id_cache[$a_ref_id];
279  } else {
280  $a_obj_id = ilObject::_lookupObjId($a_ref_id);
281  $this->obj_id_cache[$a_ref_id] = $a_obj_id;
282  }
283  }
284  if ($a_type == "") {
285  if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
286  $a_type = $this->obj_type_cache[$a_ref_id];
287  } else {
288  $a_type = ilObject::_lookupType($a_ref_id, true);
289  $this->obj_type_cache[$a_ref_id] = $a_type;
290  }
291  }
292 
293  $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
294 
295  // if supplied tree id is not = 1 (= repository main tree),
296  // check if object is in tree and not deleted
297  if ($a_tree_id != 1 &&
298  !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
299  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
300  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
301  return false;
302  }
303 
304  // rbac check for current object
305  if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
306  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
307  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
308  return false;
309  }
310 
311  // Check object activation
312  $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
313  if (!$act_check) {
314  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
315  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
316  return false;
317  }
318 
319  // check read permission for all parents
320  $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
321  if (!$par_check) {
322  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
323  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
324  return false;
325  }
326 
327  // condition check (currently only implemented for read permission)
328  if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
329  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
330  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
331  $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
332  return false;
333  }
334 
335  // object type specific check
336  if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
337  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
338  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
339  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
340  return false;
341  }
342 
343  // check for available licenses
344  if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
345  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
346  return false;
347  }
348 
349  // all checks passed
350  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
351  return true;
352  }
ilAccess\doLicenseCheck
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licensesmixed
Definition: class.ilAccess.php:745
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.true if last result should not be cached
Definition: class.ilAccess.php:144
ilAccess\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
Definition: class.ilAccess.php:690
$a_type
$a_type
Definition: workflow.php:92
ilAccess\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
Definition: class.ilAccess.php:634
ilAccess\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
Definition: class.ilAccess.php:387
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1036
ilAccess\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
Definition: class.ilAccess.php:509
ilAccess\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activationbool
Definition: class.ilAccess.php:551
ilAccess\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
Definition: class.ilAccess.php:467
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccess\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
Definition: class.ilAccess.php:412
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:113
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPositionAccess()

ilAccess::checkPositionAccess (   $pos_perm,
  $ref_id 
)

Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 842 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\checkPositionAccess().

843  {
844  return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
845  }
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
Reference-ID of the desired Object in the treegetAvailablePositionRelatedPermissions for available pe...
Definition: class.ilOrgUnitPositionAccess.php:161
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ checkRbacOrPositionPermissionAccess()

ilAccess::checkRbacOrPositionPermissionAccess (   $rbac_perm,
  $pos_perm,
  $ref_id 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 850 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess().

851  {
852  return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
853  }
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilOrgUnitPositionAccess.php:211
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ clear()

ilAccess::clear ( )

Implements ilRBACAccessHandler.

Definition at line 786 of file class.ilAccess.php.

References array.

787  {
788  $this->results = array();
789  $this->last_result = "";
790  $this->current_info = new ilAccessInfo();
791  $this->stored_rbac_access = [];
792  }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ doActivationCheck()

ilAccess::doActivationCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check for course activation

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 551 of file class.ilAccess.php.

References $ilBench, $ilUser, checkAccessOfUser(), ilMemberViewSettings\getInstance(), ilObjectActivation\getItem(), time, and ilObjectActivation\TIMINGS_ACTIVATION.

Referenced by checkAccessOfUser().

552  {
553  global $ilBench,$ilUser;
554 
555  $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
556 
557  $cache_perm = ($a_permission == "visible")
558  ? "visible"
559  : "other";
560 
561  //echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
562 
563  if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
564  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
565  return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
566  }
567 
568  // nothings needs to be done if current permission is write permission
569  if ($a_permission == 'write') {
570  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
571  return true;
572  }
573 
574  // #10852 - member view check
575  if ($a_user_id == $ilUser->getId()) {
576  // #10905 - activate parent container ONLY
577  include_once './Services/Container/classes/class.ilMemberViewSettings.php';
578  $memview = ilMemberViewSettings::getInstance();
579  if ($memview->isActiveForRefId($a_ref_id) &&
580  $memview->getContainer() == $a_ref_id) {
581  return true;
582  }
583  }
584 
585  include_once 'Services/Object/classes/class.ilObjectActivation.php';
586  $item_data = ilObjectActivation::getItem($a_ref_id);
587 
588  // if activation isn't enabled
589  if ($item_data === null ||
590  $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
591  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
592  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
593  return true;
594  }
595 
596  // if within activation time
597  if ((time() >= $item_data['timing_start']) and
598  (time() <= $item_data['timing_end'])) {
599  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
600  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
601  return true;
602  }
603 
604  // if user has write permission
605  if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
606  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
607  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
608  return true;
609  }
610 
611  // if current permission is visible and visible is set in activation
612  if ($a_permission == 'visible' and $item_data['visible']) {
613  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
614  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
615  return true;
616  }
617 
618  // learning progress must be readable, regardless of the activation
619  if ($a_permission == 'read_learning_progress') {
620  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
621  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
622  return true;
623  }
624 
625  // no access
626  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
627  $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
628  return false;
629  }
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:250
ilObjectActivation\getItem
static getItem($a_ref_id)
Get item data.
Definition: class.ilObjectActivation.php:324
$ilUser
$ilUser
Definition: imgupload.php:18
ilMemberViewSettings\getInstance
static getInstance()
Get instance.
Definition: class.ilMemberViewSettings.php:67
$ilBench
global $ilBench
Definition: ilias.php:18
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doCacheCheck()

ilAccess::doCacheCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

look if result for current query is already in cache

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 387 of file class.ilAccess.php.

References $ilBench, array, and getStoredAccessResult().

Referenced by checkAccessOfUser().

388  {
389  global $ilBench;
390  //echo "cacheCheck<br/>";
391 
392  $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
393  $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
394  //var_dump($stored_access);
395  if (is_array($stored_access)) {
396  $this->current_info = $stored_access["info"];
397  //var_dump("cache-treffer:");
398  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
399  return array("hit" => true, "granted" => $stored_access["granted"],
400  "prevent_db_cache" => $stored_access["prevent_db_cache"]);
401  }
402 
403  // not in cache
404  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
405  return array("hit" => false, "granted" => false,
406  "prevent_db_cache" => false);
407  }
ilAccess\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access resultprivatepermission command string reference id user id (if no id passed...
Definition: class.ilAccess.php:160
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doConditionCheck()

ilAccess::doConditionCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

condition check (currently only implemented for read permission)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 634 of file class.ilAccess.php.

References $a_type, $condition, $ilBench, $lng, ilConditionHandler\_checkAllConditionsOfTarget(), ilConditionHandler\_getConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), IL_MISSING_PRECONDITION, and ilConditionHandler\lookupHiddenStatusByTarget().

Referenced by checkAccessOfUser().

635  {
636  //echo "conditionCheck<br/>";
637  global $lng, $ilBench;
638 
639  if (
640  ($a_permission == 'visible') and
641  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
642  ) {
643  if (ilConditionHandler::lookupHiddenStatusByTarget($a_ref_id)) {
644  if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
645  $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
646  foreach ($conditions as $condition) {
647  $this->current_info->addInfoItem(
648  IL_MISSING_PRECONDITION,
649  $lng->txt("missing_precondition") . ": " .
650  ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
651  $lng->txt("condition_" . $condition["operator"]) . " " .
652  $condition["value"],
653  $condition
654  );
655  }
656  return false;
657  }
658  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
659  }
660  }
661 
662 
663  if (($a_permission == "read" or $a_permission == 'join') &&
664  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
665  $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
666  if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
667  $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
668  foreach ($conditions as $condition) {
669  $this->current_info->addInfoItem(
670  IL_MISSING_PRECONDITION,
671  $lng->txt("missing_precondition") . ": " .
672  ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
673  $lng->txt("condition_" . $condition["operator"]) . " " .
674  $condition["value"],
675  $condition
676  );
677  }
678  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
679  return false;
680  }
681  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
682  }
683 
684  return true;
685  }
ilConditionHandler\_getConditionsOfTarget
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
Definition: class.ilConditionHandler.php:718
ilConditionHandler\lookupHiddenStatusByTarget
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status type $ilDB.
Definition: class.ilConditionHandler.php:141
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:250
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
$a_type
$a_type
Definition: workflow.php:92
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:966
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doLicenseCheck()

ilAccess::doLicenseCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

check for available licenses

Parameters
$a_permission
$a_cmd
$a_ref_id
$a_user_id
$a_obj_id
$a_type
Deprecated:
Returns
mixed

Implements ilRBACAccessHandler.

Definition at line 745 of file class.ilAccess.php.

References $a_type, $lng, ilLicenseAccess\_checkAccess(), ilLicenseAccess\_isEnabled(), array, and storeAccessResult().

Referenced by checkAccessOfUser().

746  {
747  global $lng;
748 
749  // simple checks first
750  if (!in_array($a_type, array('sahs','htlm'))
751  or !in_array($a_permission, array('read'))) {
752  $has_access = true;
753  } else {
754  require_once("Services/License/classes/class.ilLicenseAccess.php");
755 
756  // licensing globally disabled => access granted
757  if (!ilLicenseAccess::_isEnabled()) {
758  $has_access = true;
759  }
760  /* resolved mantis issue #5288:
761  * admins should not automatically have read access!
762  * their read access will also be noted and consume a license
763  elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
764  {
765  $has_access = true;
766  }
767  */
768  // now do the real check
769  else {
770  $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
771  }
772  }
773 
774  if ($has_access) {
775  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
776  return true;
777  } else {
778  $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
779  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
780  return false;
781  }
782  }
ilLicenseAccess\_isEnabled
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
Definition: class.ilLicenseAccess.php:21
$a_type
$a_type
Definition: workflow.php:92
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilLicenseAccess\_checkAccess
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
Definition: class.ilLicenseAccess.php:54
$lng
global $lng
Definition: privfeed.php:17
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:113
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doPathCheck()

ilAccess::doPathCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check read permission for all parents

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 509 of file class.ilAccess.php.

References $id, $ilBench, $lng, $path, $tree, checkAccessOfUser(), and IL_NO_PARENT_ACCESS.

Referenced by checkAccessOfUser().

510  {
511  global $tree, $lng, $ilBench,$ilObjDataCache;
512  //echo "<br>dopathcheck";
513  //echo "pathCheck<br/>";
514  $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
515 
516  // if (isset($this->stored_path[$a_ref_id]))
517  // {
518  // $path = $this->stored_path[$a_ref_id];
519  // }
520  // else
521  // {
522  $path = $tree->getPathId($a_ref_id);
523  // $this->stored_path[$a_ref_id] = $path;
524  // }
525  $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
526 
527  foreach ($path as $id) {
528  if ($a_ref_id == $id) {
529  continue;
530  }
531 
532  $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
533 
534  if ($access == false) {
535 
536  //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
537  $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);
538 
539  if ($a_all == false) {
540  return false;
541  }
542  }
543  }
544 
545  return true;
546  }
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:250
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doRBACCheck()

ilAccess::doRBACCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_type 
)

rbac check for current object -> type should be used for create permission

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 467 of file class.ilAccess.php.

References $a_type, $ilBench, $ilErr, $ilLog, $lng, $message, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

468  {
469  global $lng, $ilBench, $ilErr, $ilLog;
470 
471  $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
472 
473  if ($a_permission == "") {
474  $message = sprintf(
475  '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
476  get_class($this),
477  $a_ref_id
478  );
479  $ilLog->write($message, $ilLog->FATAL);
480  $ilErr->raiseError($message, $ilErr->MESSAGE);
481  }
482 
483  if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
484  $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
485  } else {
486  $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
487  if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
488  if ($a_permission != "create") {
489  $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
490  }
491  }
492  }
493 
494  // Store in result cache
495  if (!$access) {
496  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
497  }
498  if ($a_permission != "create") {
499  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
500  }
501  $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
502 
503  return $access;
504  }
$ilErr
global $ilErr
Definition: raiseError.php:16
$a_type
$a_type
Definition: workflow.php:92
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$ilLog
$ilLog
Definition: inc.setup_header.php:129
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:113
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doStatusCheck()

ilAccess::doStatusCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

object type specific check

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 690 of file class.ilAccess.php.

References $a_type, $ilBench, $location, array, and storeAccessResult().

Referenced by checkAccessOfUser().

691  {
692  global $objDefinition, $ilBench, $ilPluginAdmin;
693  //echo "statusCheck<br/>";
694  $ilBench->start("AccessControl", "5000_checkAccess_object_check");
695 
696  // check for a deactivated plugin
697  if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type)) {
698  return false;
699  }
700  if (!$a_type) {
701  return false;
702  }
703 
704  $class = $objDefinition->getClassName($a_type);
705  $location = $objDefinition->getLocation($a_type);
706  $full_class = "ilObj" . $class . "Access";
707 
708  if ($class == "") {
709  $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
710  return false;
711  }
712 
713  include_once($location . "/class." . $full_class . ".php");
714  // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
715 
716  $full_class = new $full_class();
717 
718  $obj_access = call_user_func(
719  array($full_class, "_checkAccess"),
720  $a_cmd,
721  $a_permission,
722  $a_ref_id,
723  $a_obj_id,
724  $a_user_id
725  );
726  if (!($obj_access === true)) {
727  //Note: We must not add an info item here, because one is going
728  // to be added by the user function we just called a few
729  // lines above.
730  //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
731 
732  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
733  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
734  return false;
735  }
736 
737  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
738  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
739  return true;
740  }
$location
$location
Definition: buildRTE.php:44
$a_type
$a_type
Definition: workflow.php:92
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:113
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doTreeCheck()

ilAccess::doTreeCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

check if object is in tree and not deleted

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 412 of file class.ilAccess.php.

References $ilBench, $lng, $tree, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

413  {
414  global $tree, $lng, $ilBench;
415  //echo "treeCheck<br/>";
416 
417  // Get stored result
418  $tree_cache_key = $a_user_id . ':' . $a_ref_id;
419  if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
420  // Store access result
421  if (!$this->obj_tree_cache[$tree_cache_key]) {
422  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
423  }
424  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
425 
426  return $this->obj_tree_cache[$tree_cache_key];
427  }
428 
429  $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
430 
431  if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
432  // Store negative access results
433 
434  // Store in tree cache
435  // Note, we only store up to 1000 results to avoid memory overflow.
436  if (count($this->obj_tree_cache) < 1000) {
437  $this->obj_tree_cache[$tree_cache_key] = false;
438  }
439 
440  // Store in result cache
441  $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
442  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
443 
444  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
445 
446  return false;
447  }
448 
449  // Store positive access result.
450 
451  // Store in tree cache
452  // Note, we only store up to 1000 results to avoid memory overflow.
453  if (count($this->obj_tree_cache) < 1000) {
454  $this->obj_tree_cache[$tree_cache_key] = true;
455  }
456 
457  // Store in result cache
458  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
459 
460  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
461  return true;
462  }
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
$lng
global $lng
Definition: privfeed.php:17
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:113
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ enable()

ilAccess::enable (   $a_str,
  $a_bool 
)

Parameters
$a_str
$a_bool

Implements ilRBACAccessHandler.

Definition at line 796 of file class.ilAccess.php.

797  {
798  $this->$a_str = $a_bool;
799  }

◆ filterUserIdsByPositionOfCurrentUser()

ilAccess::filterUserIdsByPositionOfCurrentUser (   $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 858 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser().

859  {
860  return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
861  }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ filterUserIdsByPositionOfUser()

ilAccess::filterUserIdsByPositionOfUser (   $user_id,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 866 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser().

867  {
868  return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
869  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104
+ Here is the call graph for this function:

◆ filterUserIdsByRbacOrPositionOfCurrentUser()

ilAccess::filterUserIdsByRbacOrPositionOfCurrentUser (   $rbac_perm,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 874 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

875  {
876  return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
877  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilOrgUnitPositionAccess.php:231
+ Here is the call graph for this function:

◆ filterUserIdsForCurrentUsersPositionsAndPermission()

ilAccess::filterUserIdsForCurrentUsersPositionsAndPermission ( array  $user_ids,
  $permission 
)

Parameters
int[]$user_ids List of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 810 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

811  {
812  return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
813  }
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
$user_ids List of ILIAS-User-IDs which shall be filteredgetAvailablePositionRelatedPermissions for av...
Definition: class.ilOrgUnitPositionAccess.php:38
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ filterUserIdsForUsersPositionsAndPermission()

ilAccess::filterUserIdsForUsersPositionsAndPermission ( array  $user_ids,
  $for_user_id,
  $permission 
)

Parameters
int[]$user_ids List of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 818 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission().

819  {
820  return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
821  }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered getAvailablePositionRelatedPermissions for a...
Definition: class.ilOrgUnitPositionAccess.php:49
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ getInfo()

ilAccess::getInfo ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 357 of file class.ilAccess.php.

References array.

358  {
359  //return $this->last_result;
360  //$this->last_info->setQueryData($this->current_result_element);
361  //var_dump("<pre>",$this->results,"</pre>");
362  return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
363  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

◆ getPreventCachingLastResult()

ilAccess::getPreventCachingLastResult ( )

Get prevent caching last result.

Returns
boolean true if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 152 of file class.ilAccess.php.

Referenced by storeAccessResult().

153  {
154  return $this->prevent_caching_last_result;
155  }
+ Here is the caller graph for this function:

◆ getResultAll()

ilAccess::getResultAll (   $a_ref_id = "")

Implements ilRBACAccessHandler.

Definition at line 375 of file class.ilAccess.php.

References $results.

376  {
377  if ($a_ref_id == "") {
378  return $this->results;
379  }
380 
381  return $this->results[$a_ref_id];
382  }

◆ getResultLast()

ilAccess::getResultLast ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 368 of file class.ilAccess.php.

369  {
370  return $this->last_result;
371  }

◆ getResults()

ilAccess::getResults ( )

Implements ilRBACAccessHandler.

Definition at line 217 of file class.ilAccess.php.

References $results.

218  {
219  return $this->results;
220  }

◆ getStoredAccessResult()

ilAccess::getStoredAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id = "" 
)

get stored access resultprivate

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Implements ilRBACAccessHandler.

Definition at line 160 of file class.ilAccess.php.

References $ilUser.

Referenced by doCacheCheck().

161  {
162  global $ilUser;
163 
164  if ($a_user_id == "") {
165  $a_user_id = $ilUser->getId();
166  }
167 
168  /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
169  {
170  $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
171  }*/
172 
173  if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
174  return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
175  }
176  return false;
177  }
$ilUser
$ilUser
Definition: imgupload.php:18
+ Here is the caller graph for this function:

◆ hasCurrentUserAnyPositionAccess()

ilAccess::hasCurrentUserAnyPositionAccess (   $ref_id)

Parameters
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 882 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\hasCurrentUserAnyPositionAccess().

883  {
884  return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
885  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ hasUserRBACorAnyPositionAccess()

ilAccess::hasUserRBACorAnyPositionAccess (   $rbac_perm,
  $ref_id 
)

Parameters
string$rbac_perm
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 890 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess().

891  {
892  return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
893  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250
+ Here is the call graph for this function:

◆ isCurrentUserBasedOnPositionsAllowedTo()

ilAccess::isCurrentUserBasedOnPositionsAllowedTo (   $permission,
array  $on_user_ids 
)

Parameters
string$permission
int[]$on_user_ids List of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 826 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo().

827  {
828  return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
829  }
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
$on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelatedPermissions for available permissionsbo...
Definition: class.ilOrgUnitPositionAccess.php:65
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ isUserBasedOnPositionsAllowedTo()

ilAccess::isUserBasedOnPositionsAllowedTo (   $which_user_id,
  $permission,
array  $on_user_ids 
)

Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_ids List of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 834 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo().

835  {
836  return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
837  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
Permission check for this ILIAS-User-ID $on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelate...
Definition: class.ilOrgUnitPositionAccess.php:76
+ Here is the call graph for this function:

◆ readCache()

ilAccess::readCache (   $a_secs = 0)

Implements ilRBACAccessHandler.

Definition at line 197 of file class.ilAccess.php.

References $ilDB, $ilUser, $query, ilDBConstants\FETCHMODE_ASSOC, and time.

198  {
199  global $ilUser, $ilDB;
200 
201  if ($a_secs > 0) {
202  $query = "SELECT * FROM acc_cache WHERE user_id = " .
203  $ilDB->quote($ilUser->getId(), 'integer');
204  $set = $ilDB->query($query);
205  $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
206  if ((time() - $rec["time"]) < $a_secs) {
207  $this->results = unserialize($rec["result"]);
208  //var_dump($this->results);
209  return true;
210  }
211  }
212  return false;
213  }
$ilUser
$ilUser
Definition: imgupload.php:18
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39

◆ setPreventCachingLastResult()

ilAccess::setPreventCachingLastResult (   $a_val)

Set prevent caching last result.

Parameters
booleantrue if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 144 of file class.ilAccess.php.

Referenced by checkAccessOfUser().

145  {
146  $this->prevent_caching_last_result = $a_val;
147  }
+ Here is the caller graph for this function:

◆ setResults()

ilAccess::setResults (   $a_results)

Implements ilRBACAccessHandler.

Definition at line 224 of file class.ilAccess.php.

225  {
226  $this->results = $a_results;
227  }

◆ storeAccessResult()

ilAccess::storeAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_access_granted,
  $a_user_id = "",
  $a_info = "" 
)

store access resultprivate

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)

Implements ilRBACAccessHandler.

Definition at line 113 of file class.ilAccess.php.

References $current_info, $ilUser, array, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doLicenseCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

114  {
115  global $ilUser;
116 
117  if ($a_user_id == "") {
118  $a_user_id = $ilUser->getId();
119  }
120 
121  if ($a_info == "") {
122  $a_info = $this->current_info;
123  }
124 
125  //var_dump("<pre>",$a_permission,"</pre>");
126 
127  if ($this->cache) {
128  $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
129  array("granted" => $a_access_granted, "info" => $a_info,
130  "prevent_db_cache" => $this->getPreventCachingLastResult());
131  //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
132  $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
133  $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
134  $this->last_info = $a_info;
135  }
136 
137  // get new info object
138  $this->current_info = new ilAccessInfo();
139  }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
Definition: class.ilAccess.php:152
$ilUser
$ilUser
Definition: imgupload.php:18
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCache()

ilAccess::storeCache ( )

Implements ilRBACAccessHandler.

Definition at line 181 of file class.ilAccess.php.

References $ilDB, $ilUser, $query, $res, array, and time.

182  {
183  global $ilDB, $ilUser;
184 
185  $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
186  $res = $ilDB->manipulate($query);
187 
188  $ilDB->insert('acc_cache', array(
189  'user_id' => array('integer',$ilUser->getId()),
190  'time' => array('integer',time()),
191  'result' => array('clob',serialize($this->results))
192  ));
193  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilUser
$ilUser
Definition: imgupload.php:18
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39

Field Documentation

◆ $ac_logger

ilAccess::$ac_logger
protected

Definition at line 83 of file class.ilAccess.php.

◆ $cache

ilAccess::$cache
protected

Definition at line 61 of file class.ilAccess.php.

◆ $condition

ilAccess::$condition
protected

Definition at line 49 of file class.ilAccess.php.

Referenced by doConditionCheck().

◆ $current_info

ilAccess::$current_info
protected

Definition at line 65 of file class.ilAccess.php.

Referenced by storeAccessResult().

◆ $ilOrgUnitPositionAccess

ilAccess::$ilOrgUnitPositionAccess
protected

Definition at line 25 of file class.ilAccess.php.

◆ $obj_id_cache

ilAccess::$obj_id_cache
protected

Definition at line 37 of file class.ilAccess.php.

◆ $obj_tree_cache

ilAccess::$obj_tree_cache
protected

Definition at line 29 of file class.ilAccess.php.

◆ $obj_type_cache

ilAccess::$obj_type_cache
protected

Definition at line 33 of file class.ilAccess.php.

◆ $path

ilAccess::$path
protected

Definition at line 45 of file class.ilAccess.php.

Referenced by doPathCheck().

◆ $rbac

ilAccess::$rbac
protected

Definition at line 57 of file class.ilAccess.php.

◆ $rbacsystem

ilAccess::$rbacsystem
protected

Definition at line 73 of file class.ilAccess.php.

Referenced by __construct().

◆ $results

ilAccess::$results
protected

Definition at line 69 of file class.ilAccess.php.

Referenced by getResultAll(), and getResults().

◆ $status

ilAccess::$status
protected

Definition at line 41 of file class.ilAccess.php.

◆ $stored_rbac_access

ilAccess::$stored_rbac_access = array()
protected

Definition at line 77 of file class.ilAccess.php.

◆ $tree

ilAccess::$tree
protected

Definition at line 53 of file class.ilAccess.php.

Referenced by doPathCheck(), and doTreeCheck().

The documentation for this class was generated from the following file: