ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Attributes
ilAccess Class Reference
Services/AccessControl

Class ilAccessHandler. More...

+ Inheritance diagram for ilAccess:
+ Collaboration diagram for ilAccess:

Public Member Functions

 __construct ()
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access result@access private
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)
More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result.
Parameters
booleantrue if last result should not be cached
More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result.
Returns
boolean true if last result should not be cached
More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result@access private
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object
More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool
More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool
More...
 
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check for course activation
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool
More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 doLicenseCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for available licenses
Parameters
$a_permission
$a_cmd
$a_ref_id
$a_user_id
$a_obj_id
$a_type
Deprecated:
Returns
mixed
More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 
Parameters
$a_str
$a_bool
More...
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
 
Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs
More...
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
 
Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs
More...
 
 isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
 
Parameters
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
 
Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkPositionAccess ($pos_perm, $ref_id)
 
Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool
More...
 
 filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
 
Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
 
Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]
More...
 
 hasCurrentUserAnyPositionAccess ($ref_id)
 
Parameters
int$ref_id
Returns
bool
More...
 
 hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
 
Parameters
string$rbac_perm
int$ref_id
Returns
bool
More...
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id=null, $a_info="")
 store access result More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result. More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result. More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id=null, $a_tree_id=null)
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id=null, $a_tree_id=null)
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents More...
 
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check for course activation More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission) More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check More...
 
 doLicenseCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for available licenses More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
 
 isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
 
 isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
 
 checkPositionAccess ($pos_perm, $ref_id)
 
 hasCurrentUserAnyPositionAccess ($ref_id)
 
 filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
 
 filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
 
 checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
 
 filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
 
 hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
 

Protected Attributes

 $ilOrgUnitPositionAccess
 
 $obj_tree_cache
 
 $obj_type_cache
 
 $obj_id_cache
 
 $status
 
 $path
 
 $condition
 
 $tree
 
 $rbac
 
 $cache
 
 $current_info
 
 $results
 
 $rbacsystem
 
 $stored_rbac_access = array()
 
 $ac_logger
 

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author
Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 19 of file class.ilAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilAccess::__construct ( )

Definition at line 85 of file class.ilAccess.php.

86 {
87 global $rbacsystem;
88
89 $this->rbacsystem = $rbacsystem;
90 $this->results = array();
91 $this->current_info = new ilAccessInfo();
92
93 // use function enable to switch on/off tests (only cache is used so far)
94 $this->cache = true;
95 $this->rbac = true;
96 $this->tree = true;
97 $this->condition = true;
98 $this->path = true;
99 $this->status = true;
100 $this->obj_id_cache = array();
101 $this->obj_type_cache = array();
102 $this->obj_tree_cache = array();
103
104 $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();
105
106 $this->ac_logger = ilLoggerFactory::getLogger('ac');
107 }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:40
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:9

References $rbacsystem, and ilLoggerFactory\getLogger().

+ Here is the call graph for this function:

Member Function Documentation

◆ addInfoItem()

ilAccess::addInfoItem (   $a_type,
  $a_text,
  $a_data = "" 
)

add an info item to current info object

Implements ilRBACAccessHandler.

Definition at line 232 of file class.ilAccess.php.

233 {
234 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
235 }
$a_type
$a_type
Definition: workflow.php:92

References $a_type.

◆ checkAccess()

ilAccess::checkAccess (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 240 of file class.ilAccess.php.

241 {
242 global $ilUser;
243
244 return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
245 }
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:250
$ilUser
$ilUser
Definition: imgupload.php:18

References $a_type, $ilUser, and checkAccessOfUser().

Referenced by ilLocalUserGUI\__checkGlobalRoles(), ilLocalUserGUI\__showRolesTable(), ilOrgUnitStaffGUI\addOtherRoles(), ilOrgUnitStaffGUI\addStaff(), ilObjStudyProgrammeGUI\addToNavigationHistory(), ilLocalUserGUI\assignRoles(), ilLocalUserGUI\assignSave(), ilObjStudyProgrammeGUI\checkAccess(), ilLocalUserGUI\checkPermission(), ilOrgUnitSimpleImportGUI\chooseImport(), ilOrgUnitStaffGUI\confirmRemoveUser(), ilObjOrgUnitGUI\editAdvancedSettings(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editSettings(), ilObjOrgUnitGUI\executeCommand(), ilOrgUnitStaffGUI\fromEmployeeToSuperior(), ilOrgUnitStaffGUI\fromSuperiorToEmployee(), ilObjStudyProgrammeAdminGUI\initFormSettings(), ilOrgUnitStaffGUI\removeFromEmployees(), ilOrgUnitStaffGUI\removeFromRole(), ilOrgUnitStaffGUI\removeFromSuperiors(), ilOrgUnitStaffGUI\setTabs(), ilOrgUnitStaffGUI\showOtherRoles(), ilOrgUnitStaffGUI\showStaff(), ilObjOrgUnitGUI\updateAdvancedSettings(), ilObjStudyProgrammeGUI\updateAdvancedSettings(), and ilObjOrgUnitGUI\updateSettings().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkAccessOfUser()

ilAccess::checkAccessOfUser (   $a_user_id,
  $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 250 of file class.ilAccess.php.

251 {
252 global $ilBench, $lng;
253
254 $this->setPreventCachingLastResult(false); // for external db based caches
255
256 $ilBench->start("AccessControl", "0400_clear_info");
257 $this->current_info->clear();
258 $ilBench->stop("AccessControl", "0400_clear_info");
259
260
261 // get stored result (internal memory based cache)
262 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
263 if ($cached["hit"]) {
264 // Store access result
265 if (!$cached["granted"]) {
266 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
267 }
268 if ($cached["prevent_db_cache"]) {
269 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
270 }
271 return $cached["granted"];
272 }
273
274 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
275 // get object id if not provided
276 if ($a_obj_id == "") {
277 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
278 $a_obj_id = $this->obj_id_cache[$a_ref_id];
279 } else {
280 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
281 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
282 }
283 }
284 if ($a_type == "") {
285 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
286 $a_type = $this->obj_type_cache[$a_ref_id];
287 } else {
288 $a_type = ilObject::_lookupType($a_ref_id, true);
289 $this->obj_type_cache[$a_ref_id] = $a_type;
290 }
291 }
292
293 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
294
295 // if supplied tree id is not = 1 (= repository main tree),
296 // check if object is in tree and not deleted
297 if ($a_tree_id != 1 &&
298 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
299 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
300 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
301 return false;
302 }
303
304 // rbac check for current object
305 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
306 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
307 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
308 return false;
309 }
310
311 // Check object activation
312 $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
313 if (!$act_check) {
314 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
315 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
316 return false;
317 }
318
319 // check read permission for all parents
320 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
321 if (!$par_check) {
322 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
323 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
324 return false;
325 }
326
327 // condition check (currently only implemented for read permission)
328 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
329 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
330 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
331 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
332 return false;
333 }
334
335 // object type specific check
336 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
337 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
338 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
339 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
340 return false;
341 }
342
343 // check for available licenses
344 if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
345 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
346 return false;
347 }
348
349 // all checks passed
350 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
351 return true;
352 }
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
ilAccess\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
Definition: class.ilAccess.php:634
ilAccess\doLicenseCheck
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licensesmixed
Definition: class.ilAccess.php:745
ilAccess\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activationbool
Definition: class.ilAccess.php:551
ilAccess\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
Definition: class.ilAccess.php:387
ilAccess\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
Definition: class.ilAccess.php:412
ilAccess\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
Definition: class.ilAccess.php:690
ilAccess\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
Definition: class.ilAccess.php:509
ilAccess\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
Definition: class.ilAccess.php:467
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:144
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
Definition: class.ilAccess.php:113
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1036
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
$ilBench
global $ilBench
Definition: ilias.php:18
$lng
global $lng
Definition: privfeed.php:17

References $a_type, $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), doActivationCheck(), doCacheCheck(), doConditionCheck(), doLicenseCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doActivationCheck(), doConditionCheck(), doPathCheck(), and ilSearchResult\filter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPositionAccess()

ilAccess::checkPositionAccess (   $pos_perm,
  $ref_id 
)

Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 842 of file class.ilAccess.php.

843 {
844 return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
845 }
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:161

References ilOrgUnitPositionAccess\checkPositionAccess().

+ Here is the call graph for this function:

◆ checkRbacOrPositionPermissionAccess()

ilAccess::checkRbacOrPositionPermissionAccess (   $rbac_perm,
  $pos_perm,
  $ref_id 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 850 of file class.ilAccess.php.

851 {
852 return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
853 }
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:211

References ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess().

+ Here is the call graph for this function:

◆ clear()

ilAccess::clear ( )

Implements ilRBACAccessHandler.

Definition at line 786 of file class.ilAccess.php.

787 {
788 $this->results = array();
789 $this->last_result = "";
790 $this->current_info = new ilAccessInfo();
791 $this->stored_rbac_access = [];
792 }

◆ doActivationCheck()

ilAccess::doActivationCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check for course activation

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 551 of file class.ilAccess.php.

552 {
553 global $ilBench,$ilUser;
554
555 $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
556
557 $cache_perm = ($a_permission == "visible")
558 ? "visible"
559 : "other";
560
561 //echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
562
563 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
564 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
565 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
566 }
567
568 // nothings needs to be done if current permission is write permission
569 if ($a_permission == 'write') {
570 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
571 return true;
572 }
573
574 // #10852 - member view check
575 if ($a_user_id == $ilUser->getId()) {
576 // #10905 - activate parent container ONLY
577 include_once './Services/Container/classes/class.ilMemberViewSettings.php';
578 $memview = ilMemberViewSettings::getInstance();
579 if ($memview->isActiveForRefId($a_ref_id) &&
580 $memview->getContainer() == $a_ref_id) {
581 return true;
582 }
583 }
584
585 include_once 'Services/Object/classes/class.ilObjectActivation.php';
586 $item_data = ilObjectActivation::getItem($a_ref_id);
587
588 // if activation isn't enabled
589 if ($item_data === null ||
590 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
591 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
592 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
593 return true;
594 }
595
596 // if within activation time
597 if ((time() >= $item_data['timing_start']) and
598 (time() <= $item_data['timing_end'])) {
599 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
600 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
601 return true;
602 }
603
604 // if user has write permission
605 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
606 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
607 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
608 return true;
609 }
610
611 // if current permission is visible and visible is set in activation
612 if ($a_permission == 'visible' and $item_data['visible']) {
613 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
614 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
615 return true;
616 }
617
618 // learning progress must be readable, regardless of the activation
619 if ($a_permission == 'read_learning_progress') {
620 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
621 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
622 return true;
623 }
624
625 // no access
626 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
627 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
628 return false;
629 }
ilMemberViewSettings\getInstance
static getInstance()
Get instance.
Definition: class.ilMemberViewSettings.php:67
ilObjectActivation\getItem
static getItem($a_ref_id)
Get item data.
Definition: class.ilObjectActivation.php:324

References $ilBench, $ilUser, checkAccessOfUser(), ilMemberViewSettings\getInstance(), ilObjectActivation\getItem(), and ilObjectActivation\TIMINGS_ACTIVATION.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doCacheCheck()

ilAccess::doCacheCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

look if result for current query is already in cache

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 387 of file class.ilAccess.php.

388 {
389 global $ilBench;
390 //echo "cacheCheck<br/>";
391
392 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
393 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
394 //var_dump($stored_access);
395 if (is_array($stored_access)) {
396 $this->current_info = $stored_access["info"];
397 //var_dump("cache-treffer:");
398 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
399 return array("hit" => true, "granted" => $stored_access["granted"],
400 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
401 }
402
403 // not in cache
404 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
405 return array("hit" => false, "granted" => false,
406 "prevent_db_cache" => false);
407 }
ilAccess\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
Definition: class.ilAccess.php:160

References $ilBench, and getStoredAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doConditionCheck()

ilAccess::doConditionCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

condition check (currently only implemented for read permission)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 634 of file class.ilAccess.php.

635 {
636 //echo "conditionCheck<br/>";
637 global $lng, $ilBench;
638
639 if (
640 ($a_permission == 'visible') and
641 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
642 ) {
643 if (ilConditionHandler::lookupHiddenStatusByTarget($a_ref_id)) {
644 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
645 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
646 foreach ($conditions as $condition) {
647 $this->current_info->addInfoItem(
648 IL_MISSING_PRECONDITION,
649 $lng->txt("missing_precondition") . ": " .
650 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
651 $lng->txt("condition_" . $condition["operator"]) . " " .
652 $condition["value"],
653 $condition
654 );
655 }
656 return false;
657 }
658 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
659 }
660 }
661
662
663 if (($a_permission == "read" or $a_permission == 'join') &&
664 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
665 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
666 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
667 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
668 foreach ($conditions as $condition) {
669 $this->current_info->addInfoItem(
670 IL_MISSING_PRECONDITION,
671 $lng->txt("missing_precondition") . ": " .
672 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
673 $lng->txt("condition_" . $condition["operator"]) . " " .
674 $condition["value"],
675 $condition
676 );
677 }
678 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
679 return false;
680 }
681 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
682 }
683
684 return true;
685 }
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:966
ilConditionHandler\_getConditionsOfTarget
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
Definition: class.ilConditionHandler.php:718
ilConditionHandler\lookupHiddenStatusByTarget
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
Definition: class.ilConditionHandler.php:141
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933

References $a_type, $condition, $ilBench, $lng, ilConditionHandler\_checkAllConditionsOfTarget(), ilConditionHandler\_getConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), IL_MISSING_PRECONDITION, and ilConditionHandler\lookupHiddenStatusByTarget().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doLicenseCheck()

ilAccess::doLicenseCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

check for available licenses

Parameters
$a_permission
$a_cmd
$a_ref_id
$a_user_id
$a_obj_id
$a_type
Deprecated:
Returns
mixed

Implements ilRBACAccessHandler.

Definition at line 745 of file class.ilAccess.php.

746 {
747 global $lng;
748
749 // simple checks first
750 if (!in_array($a_type, array('sahs','htlm'))
751 or !in_array($a_permission, array('read'))) {
752 $has_access = true;
753 } else {
754 require_once("Services/License/classes/class.ilLicenseAccess.php");
755
756 // licensing globally disabled => access granted
757 if (!ilLicenseAccess::_isEnabled()) {
758 $has_access = true;
759 }
760 /* resolved mantis issue #5288:
761 * admins should not automatically have read access!
762 * their read access will also be noted and consume a license
763 elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
764 {
765 $has_access = true;
766 }
767 */
768 // now do the real check
769 else {
770 $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
771 }
772 }
773
774 if ($has_access) {
775 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
776 return true;
777 } else {
778 $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
779 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
780 return false;
781 }
782 }
ilLicenseAccess\_isEnabled
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
Definition: class.ilLicenseAccess.php:21
ilLicenseAccess\_checkAccess
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
Definition: class.ilLicenseAccess.php:54

References $a_type, $lng, ilLicenseAccess\_checkAccess(), ilLicenseAccess\_isEnabled(), and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doPathCheck()

ilAccess::doPathCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check read permission for all parents

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 509 of file class.ilAccess.php.

510 {
511 global $tree, $lng, $ilBench,$ilObjDataCache;
512 //echo "<br>dopathcheck";
513 //echo "pathCheck<br/>";
514 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
515
516 // if (isset($this->stored_path[$a_ref_id]))
517 // {
518 // $path = $this->stored_path[$a_ref_id];
519 // }
520 // else
521 // {
522 $path = $tree->getPathId($a_ref_id);
523 // $this->stored_path[$a_ref_id] = $path;
524 // }
525 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
526
527 foreach ($path as $id) {
528 if ($a_ref_id == $id) {
529 continue;
530 }
531
532 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
533
534 if ($access == false) {
535
536 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
537 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);
538
539 if ($a_all == false) {
540 return false;
541 }
542 }
543 }
544
545 return true;
546 }
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

References $id, $ilBench, $lng, $path, $tree, checkAccessOfUser(), and IL_NO_PARENT_ACCESS.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doRBACCheck()

ilAccess::doRBACCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_type 
)

rbac check for current object -> type should be used for create permission

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 467 of file class.ilAccess.php.

468 {
469 global $lng, $ilBench, $ilErr, $ilLog;
470
471 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
472
473 if ($a_permission == "") {
474 $message = sprintf(
475 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
476 get_class($this),
477 $a_ref_id
478 );
479 $ilLog->write($message, $ilLog->FATAL);
480 $ilErr->raiseError($message, $ilErr->MESSAGE);
481 }
482
483 if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
484 $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
485 } else {
486 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
487 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
488 if ($a_permission != "create") {
489 $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
490 }
491 }
492 }
493
494 // Store in result cache
495 if (!$access) {
496 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
497 }
498 if ($a_permission != "create") {
499 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
500 }
501 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
502
503 return $access;
504 }
sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87
$ilLog
$ilLog
Definition: inc.setup_header.php:129
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$ilErr
global $ilErr
Definition: raiseError.php:16

References $a_type, $ilBench, $ilErr, $ilLog, $lng, $message, IL_NO_PERMISSION, sprintf, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doStatusCheck()

ilAccess::doStatusCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

object type specific check

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 690 of file class.ilAccess.php.

691 {
692 global $objDefinition, $ilBench, $ilPluginAdmin;
693 //echo "statusCheck<br/>";
694 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
695
696 // check for a deactivated plugin
697 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type)) {
698 return false;
699 }
700 if (!$a_type) {
701 return false;
702 }
703
704 $class = $objDefinition->getClassName($a_type);
705 $location = $objDefinition->getLocation($a_type);
706 $full_class = "ilObj" . $class . "Access";
707
708 if ($class == "") {
709 $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
710 return false;
711 }
712
713 include_once($location . "/class." . $full_class . ".php");
714 // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
715
716 $full_class = new $full_class();
717
718 $obj_access = call_user_func(
719 array($full_class, "_checkAccess"),
720 $a_cmd,
721 $a_permission,
722 $a_ref_id,
723 $a_obj_id,
724 $a_user_id
725 );
726 if (!($obj_access === true)) {
727 //Note: We must not add an info item here, because one is going
728 // to be added by the user function we just called a few
729 // lines above.
730 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
731
732 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
733 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
734 return false;
735 }
736
737 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
738 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
739 return true;
740 }
$location
$location
Definition: buildRTE.php:44

References $a_type, $ilBench, $location, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doTreeCheck()

ilAccess::doTreeCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

check if object is in tree and not deleted

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 412 of file class.ilAccess.php.

413 {
414 global $tree, $lng, $ilBench;
415 //echo "treeCheck<br/>";
416
417 // Get stored result
418 $tree_cache_key = $a_user_id . ':' . $a_ref_id;
419 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
420 // Store access result
421 if (!$this->obj_tree_cache[$tree_cache_key]) {
422 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
423 }
424 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
425
426 return $this->obj_tree_cache[$tree_cache_key];
427 }
428
429 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
430
431 if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
432 // Store negative access results
433
434 // Store in tree cache
435 // Note, we only store up to 1000 results to avoid memory overflow.
436 if (count($this->obj_tree_cache) < 1000) {
437 $this->obj_tree_cache[$tree_cache_key] = false;
438 }
439
440 // Store in result cache
441 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
442 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
443
444 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
445
446 return false;
447 }
448
449 // Store positive access result.
450
451 // Store in tree cache
452 // Note, we only store up to 1000 results to avoid memory overflow.
453 if (count($this->obj_tree_cache) < 1000) {
454 $this->obj_tree_cache[$tree_cache_key] = true;
455 }
456
457 // Store in result cache
458 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
459
460 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
461 return true;
462 }
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28

References $ilBench, $lng, $tree, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ enable()

ilAccess::enable (   $a_str,
  $a_bool 
)

Parameters
$a_str
$a_bool

Implements ilRBACAccessHandler.

Definition at line 796 of file class.ilAccess.php.

797 {
798 $this->$a_str = $a_bool;
799 }

◆ filterUserIdsByPositionOfCurrentUser()

ilAccess::filterUserIdsByPositionOfCurrentUser (   $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 858 of file class.ilAccess.php.

859 {
860 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
861 }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser().

+ Here is the call graph for this function:

◆ filterUserIdsByPositionOfUser()

ilAccess::filterUserIdsByPositionOfUser (   $user_id,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 866 of file class.ilAccess.php.

867 {
868 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
869 }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser().

+ Here is the call graph for this function:

◆ filterUserIdsByRbacOrPositionOfCurrentUser()

ilAccess::filterUserIdsByRbacOrPositionOfCurrentUser (   $rbac_perm,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 874 of file class.ilAccess.php.

875 {
876 return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
877 }
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
Definition: class.ilOrgUnitPositionAccess.php:231

References ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

+ Here is the call graph for this function:

◆ filterUserIdsForCurrentUsersPositionsAndPermission()

ilAccess::filterUserIdsForCurrentUsersPositionsAndPermission ( array  $user_ids,
  $permission 
)

Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 810 of file class.ilAccess.php.

811 {
812 return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
813 }
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:38

References ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

+ Here is the call graph for this function:

◆ filterUserIdsForUsersPositionsAndPermission()

ilAccess::filterUserIdsForUsersPositionsAndPermission ( array  $user_ids,
  $for_user_id,
  $permission 
)

Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 818 of file class.ilAccess.php.

819 {
820 return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
821 }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:49

References ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission().

+ Here is the call graph for this function:

◆ getInfo()

ilAccess::getInfo ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 357 of file class.ilAccess.php.

358 {
359 //return $this->last_result;
360 //$this->last_info->setQueryData($this->current_result_element);
361 //var_dump("<pre>",$this->results,"</pre>");
362 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
363 }

◆ getPreventCachingLastResult()

ilAccess::getPreventCachingLastResult ( )

Get prevent caching last result.

Returns
boolean true if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 152 of file class.ilAccess.php.

153 {
154 return $this->prevent_caching_last_result;
155 }

Referenced by storeAccessResult().

+ Here is the caller graph for this function:

◆ getResultAll()

ilAccess::getResultAll (   $a_ref_id = "")

Implements ilRBACAccessHandler.

Definition at line 375 of file class.ilAccess.php.

376 {
377 if ($a_ref_id == "") {
378 return $this->results;
379 }
380
381 return $this->results[$a_ref_id];
382 }

References $results.

◆ getResultLast()

ilAccess::getResultLast ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 368 of file class.ilAccess.php.

369 {
370 return $this->last_result;
371 }

◆ getResults()

ilAccess::getResults ( )

Implements ilRBACAccessHandler.

Definition at line 217 of file class.ilAccess.php.

218 {
219 return $this->results;
220 }

References $results.

◆ getStoredAccessResult()

ilAccess::getStoredAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id = "" 
)

get stored access result@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Implements ilRBACAccessHandler.

Definition at line 160 of file class.ilAccess.php.

161 {
162 global $ilUser;
163
164 if ($a_user_id == "") {
165 $a_user_id = $ilUser->getId();
166 }
167
168 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
169 {
170 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
171 }*/
172
173 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
174 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
175 }
176 return false;
177 }

References $ilUser.

Referenced by doCacheCheck().

+ Here is the caller graph for this function:

◆ hasCurrentUserAnyPositionAccess()

ilAccess::hasCurrentUserAnyPositionAccess (   $ref_id)

Parameters
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 882 of file class.ilAccess.php.

883 {
884 return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
885 }

References ilOrgUnitPositionAccess\hasCurrentUserAnyPositionAccess().

+ Here is the call graph for this function:

◆ hasUserRBACorAnyPositionAccess()

ilAccess::hasUserRBACorAnyPositionAccess (   $rbac_perm,
  $ref_id 
)

Parameters
string$rbac_perm
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 890 of file class.ilAccess.php.

891 {
892 return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
893 }
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250

References ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess().

+ Here is the call graph for this function:

◆ isCurrentUserBasedOnPositionsAllowedTo()

ilAccess::isCurrentUserBasedOnPositionsAllowedTo (   $permission,
array  $on_user_ids 
)

Parameters
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 826 of file class.ilAccess.php.

827 {
828 return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
829 }
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:65

References ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo().

+ Here is the call graph for this function:

◆ isUserBasedOnPositionsAllowedTo()

ilAccess::isUserBasedOnPositionsAllowedTo (   $which_user_id,
  $permission,
array  $on_user_ids 
)

Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 834 of file class.ilAccess.php.

835 {
836 return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
837 }
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:76

References ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo().

+ Here is the call graph for this function:

◆ readCache()

ilAccess::readCache (   $a_secs = 0)

Implements ilRBACAccessHandler.

Definition at line 197 of file class.ilAccess.php.

198 {
199 global $ilUser, $ilDB;
200
201 if ($a_secs > 0) {
202 $query = "SELECT * FROM acc_cache WHERE user_id = " .
203 $ilDB->quote($ilUser->getId(), 'integer');
204 $set = $ilDB->query($query);
205 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
206 if ((time() - $rec["time"]) < $a_secs) {
207 $this->results = unserialize($rec["result"]);
208 //var_dump($this->results);
209 return true;
210 }
211 }
212 return false;
213 }
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $ilDB, $ilUser, $query, and ilDBConstants\FETCHMODE_ASSOC.

◆ setPreventCachingLastResult()

ilAccess::setPreventCachingLastResult (   $a_val)

Set prevent caching last result.

Parameters
booleantrue if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 144 of file class.ilAccess.php.

145 {
146 $this->prevent_caching_last_result = $a_val;
147 }

Referenced by checkAccessOfUser().

+ Here is the caller graph for this function:

◆ setResults()

ilAccess::setResults (   $a_results)

Implements ilRBACAccessHandler.

Definition at line 224 of file class.ilAccess.php.

225 {
226 $this->results = $a_results;
227 }

◆ storeAccessResult()

ilAccess::storeAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_access_granted,
  $a_user_id = "",
  $a_info = "" 
)

store access result@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)

Implements ilRBACAccessHandler.

Definition at line 113 of file class.ilAccess.php.

114 {
115 global $ilUser;
116
117 if ($a_user_id == "") {
118 $a_user_id = $ilUser->getId();
119 }
120
121 if ($a_info == "") {
122 $a_info = $this->current_info;
123 }
124
125 //var_dump("<pre>",$a_permission,"</pre>");
126
127 if ($this->cache) {
128 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
129 array("granted" => $a_access_granted, "info" => $a_info,
130 "prevent_db_cache" => $this->getPreventCachingLastResult());
131 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
132 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
133 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
134 $this->last_info = $a_info;
135 }
136
137 // get new info object
138 $this->current_info = new ilAccessInfo();
139 }
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
Definition: class.ilAccess.php:152

References $current_info, $ilUser, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doLicenseCheck(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCache()

ilAccess::storeCache ( )

Implements ilRBACAccessHandler.

Definition at line 181 of file class.ilAccess.php.

182 {
183 global $ilDB, $ilUser;
184
185 $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
186 $res = $ilDB->manipulate($query);
187
188 $ilDB->insert('acc_cache', array(
189 'user_id' => array('integer',$ilUser->getId()),
190 'time' => array('integer',time()),
191 'result' => array('clob',serialize($this->results))
192 ));
193 }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

References $ilDB, $ilUser, $query, and $res.

Field Documentation

◆ $ac_logger

ilAccess::$ac_logger
protected

Definition at line 83 of file class.ilAccess.php.

◆ $cache

ilAccess::$cache
protected

Definition at line 61 of file class.ilAccess.php.

◆ $condition

ilAccess::$condition
protected

Definition at line 49 of file class.ilAccess.php.

Referenced by doConditionCheck().

◆ $current_info

ilAccess::$current_info
protected

Definition at line 65 of file class.ilAccess.php.

Referenced by storeAccessResult().

◆ $ilOrgUnitPositionAccess

ilAccess::$ilOrgUnitPositionAccess
protected

Definition at line 25 of file class.ilAccess.php.

◆ $obj_id_cache

ilAccess::$obj_id_cache
protected

Definition at line 37 of file class.ilAccess.php.

◆ $obj_tree_cache

ilAccess::$obj_tree_cache
protected

Definition at line 29 of file class.ilAccess.php.

◆ $obj_type_cache

ilAccess::$obj_type_cache
protected

Definition at line 33 of file class.ilAccess.php.

◆ $path

ilAccess::$path
protected

Definition at line 45 of file class.ilAccess.php.

Referenced by doPathCheck().

◆ $rbac

ilAccess::$rbac
protected

Definition at line 57 of file class.ilAccess.php.

◆ $rbacsystem

ilAccess::$rbacsystem
protected

Definition at line 73 of file class.ilAccess.php.

Referenced by __construct().

◆ $results

ilAccess::$results
protected

Definition at line 69 of file class.ilAccess.php.

Referenced by getResultAll(), and getResults().

◆ $status

ilAccess::$status
protected

Definition at line 41 of file class.ilAccess.php.

◆ $stored_rbac_access

ilAccess::$stored_rbac_access = array()
protected

Definition at line 77 of file class.ilAccess.php.

◆ $tree

ilAccess::$tree
protected

Definition at line 53 of file class.ilAccess.php.

Referenced by doPathCheck(), and doTreeCheck().

The documentation for this class was generated from the following file: