ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilWorkspaceAccessHandler.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once "Modules/Group/classes/class.ilGroupParticipants.php";
6include_once "Modules/Course/classes/class.ilCourseParticipants.php";
7include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
8
17class ilWorkspaceAccessHandler
18{
22 protected $user;
23
27 protected $lng;
28
32 protected $rbacreview;
33
37 protected $settings;
38
42 protected $db;
43
44 protected $tree; // [ilTree]
45
46 public function __construct(ilTree $a_tree = null)
47 {
48 global $DIC;
49
50 $this->user = $DIC->user();
51 $this->lng = $DIC->language();
52 $this->rbacreview = $DIC->rbac()->review();
53 $this->settings = $DIC->settings();
54 $this->db = $DIC->database();
55 $ilUser = $DIC->user();
56 $lng = $DIC->language();
57
58 $lng->loadLanguageModule("wsp");
59
60 if (!$a_tree) {
61 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceTree.php";
62 $a_tree = new ilWorkspaceTree($ilUser->getId());
63 }
64 $this->tree = $a_tree;
65 }
66
72 public function getTree()
73 {
74 return $this->tree;
75 }
76
86 public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
87 {
88 $ilUser = $this->user;
89
90 return $this->checkAccessOfUser($this->tree, $ilUser->getId(), $a_permission, $a_cmd, $a_node_id, $a_type);
91 }
92
104 public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
105 {
106 $rbacreview = $this->rbacreview;
107 $ilUser = $this->user;
108 $ilSetting = $this->settings;
109
110 // :TODO: create permission for parent node with type ?!
111
112 // #20310
113 if (!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID) {
114 return false;
115 }
116
117 // tree root is read-only
118 if ($a_permission == "write") {
119 if ($a_tree->readRootId() == $a_node_id) {
120 return false;
121 }
122 }
123
124 // node owner has all rights
125 if ($a_tree->lookupOwner($a_node_id) == $a_user_id) {
126 return true;
127 }
128
129 // other users can only read
130 if ($a_permission == "read" || $a_permission == "visible") {
131 // get all objects with explicit permission
132 $objects = $this->getPermissions($a_node_id);
133 if ($objects) {
134 // check if given user is member of object or has role
135 foreach ($objects as $obj_id) {
136 switch ($obj_id) {
137 case ilWorkspaceAccessGUI::PERMISSION_ALL:
138 return true;
139
140 case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD:
141 // check against input kept in session
142 if (self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
143 $a_permission == "visible") {
144 return true;
145 }
146 break;
147
148 case ilWorkspaceAccessGUI::PERMISSION_REGISTERED:
149 if ($ilUser->getId() != ANONYMOUS_USER_ID) {
150 return true;
151 }
152 break;
153
154 default:
155 switch (ilObject::_lookupType($obj_id)) {
156 case "grp":
157 // member of group?
158 if (ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) {
159 return true;
160 }
161 break;
162
163 case "crs":
164 // member of course?
165 if (ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) {
166 return true;
167 }
168 break;
169
170 case "role":
171 // has role?
172 if ($rbacreview->isAssigned($a_user_id, $obj_id)) {
173 return true;
174 }
175 break;
176
177 case "usr":
178 // direct assignment
179 if ($a_user_id == $obj_id) {
180 return true;
181 }
182 break;
183 }
184 break;
185 }
186 }
187 }
188 }
189
190 return false;
191 }
192
199 public function setPermissions($a_parent_node_id, $a_node_id)
200 {
201 // nothing to do as owner has irrefutable rights to any workspace object
202 }
203
212 public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
213 {
214 $ilDB = $this->db;
215 $ilUser = $this->user;
216
217 // tree owner must not be added
218 if ($this->tree->getTreeId() == $ilUser->getId() &&
219 $a_object_id == $ilUser->getId()) {
220 return false;
221 }
222
223 $ilDB->manipulate("INSERT INTO acl_ws (node_id, object_id, extended_data, tstamp)" .
224 " VALUES (" . $ilDB->quote($a_node_id, "integer") . ", " .
225 $ilDB->quote($a_object_id, "integer") . "," .
226 $ilDB->quote($a_extended_data, "text") . "," .
227 $ilDB->quote(time(), "integer") . ")");
228 return true;
229 }
230
237 public function removePermission($a_node_id, $a_object_id = null)
238 {
239 $ilDB = $this->db;
240
241 $query = "DELETE FROM acl_ws" .
242 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer");
243
244 if ($a_object_id) {
245 $query .= " AND object_id = " . $ilDB->quote($a_object_id, "integer");
246 }
247
248 return $ilDB->manipulate($query);
249 }
250
257 public function getPermissions($a_node_id)
258 {
259 return self::_getPermissions($a_node_id);
260 }
261
268 public static function _getPermissions($a_node_id)
269 {
270 global $DIC;
271
272 $ilDB = $DIC->database();
273 $ilSetting = $DIC->settings();
274
275 $publish_enabled = $ilSetting->get("enable_global_profiles");
276 $publish_perm = array(ilWorkspaceAccessGUI::PERMISSION_ALL,
277 ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
278
279 $set = $ilDB->query("SELECT object_id FROM acl_ws" .
280 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer"));
281 $res = array();
282 while ($row = $ilDB->fetchAssoc($set)) {
283 if ($publish_enabled || !in_array($row["object_id"], $publish_perm)) {
284 $res[] = $row["object_id"];
285 }
286 }
287 return $res;
288 }
289
290 public function hasRegisteredPermission($a_node_id)
291 {
292 $ilDB = $this->db;
293
294 $set = $ilDB->query("SELECT object_id FROM acl_ws" .
295 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
296 " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
297 return (bool) $ilDB->numRows($set);
298 }
299
300 public function hasGlobalPermission($a_node_id)
301 {
302 $ilDB = $this->db;
303 $ilSetting = $this->settings;
304
305 if (!$ilSetting->get("enable_global_profiles")) {
306 return false;
307 }
308
309 $set = $ilDB->query("SELECT object_id FROM acl_ws" .
310 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
311 " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
312 return (bool) $ilDB->numRows($set);
313 }
314
315 public function hasGlobalPasswordPermission($a_node_id)
316 {
317 $ilDB = $this->db;
318 $ilSetting = $this->settings;
319
320 if (!$ilSetting->get("enable_global_profiles")) {
321 return false;
322 }
323
324 $set = $ilDB->query("SELECT object_id FROM acl_ws" .
325 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
326 " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
327 return (bool) $ilDB->numRows($set);
328 }
329
330 public static function getPossibleSharedTargets()
331 {
332 global $DIC;
333
334 $ilUser = $DIC->user();
335 $ilSetting = $DIC->settings();
336
337 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
338 include_once "Services/Membership/classes/class.ilParticipants.php";
339 $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
340 $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
341
342 $obj_ids = array_merge($grp_ids, $crs_ids);
343 $obj_ids[] = $ilUser->getId();
344 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_REGISTERED;
345
346 if ($ilSetting->get("enable_global_profiles")) {
347 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL;
348 $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD;
349 }
350
351 return $obj_ids;
352 }
353
354 public function getSharedOwners()
355 {
356 $ilUser = $this->user;
357 $ilDB = $this->db;
358
359 $obj_ids = $this->getPossibleSharedTargets();
360
361 $user_ids = array();
362 $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title" .
363 " FROM object_data obj" .
364 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
365 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
366 " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
367 " JOIN usr_data u on (u.usr_id = obj.owner)" .
368 " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
369 " AND obj.owner <> " . $ilDB->quote($ilUser->getId(), "integer") .
370 " ORDER BY u.lastname, u.firstname, u.title");
371 while ($row = $ilDB->fetchAssoc($set)) {
372 $user_ids[$row["owner"]] = $row["lastname"] . ", " . $row["firstname"];
373 if ($row["title"]) {
374 $user_ids[$row["owner"]] .= ", " . $row["title"];
375 }
376 }
377
378 return $user_ids;
379 }
380
381 public function getSharedObjects($a_owner_id)
382 {
383 $ilDB = $this->db;
384
385 $obj_ids = $this->getPossibleSharedTargets();
386
387 $res = array();
388 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id" .
389 " FROM object_data obj" .
390 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
391 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
392 " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
393 " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
394 " AND obj.owner = " . $ilDB->quote($a_owner_id, "integer"));
395 while ($row = $ilDB->fetchAssoc($set)) {
396 $res[$row["wsp_id"]] = $row["obj_id"];
397 }
398
399 return $res;
400 }
401
402 public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
403 {
404 $ilDB = $this->db;
405 $ilUser = $this->user;
406
407 if (!$a_filter["acl_type"]) {
408 $obj_ids = $this->getPossibleSharedTargets();
409 } else {
410 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
411
412 switch ($a_filter["acl_type"]) {
413 case "all":
414 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
415 break;
416
417 case "password":
418 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
419 break;
420
421 case "registered":
422 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_REGISTERED);
423 break;
424
425 case "course":
426 $obj_ids = $a_crs_ids;
427 break;
428
429 case "group":
430 $obj_ids = $a_grp_ids;
431 break;
432
433 case "user":
434 $obj_ids = array($ilUser->getId());
435 break;
436 }
437 }
438
439 $res = array();
440
441 $sql = "SELECT ref.wsp_id,obj.obj_id,obj.type,obj.title,obj.owner," .
442 "acl.object_id acl_type, acl.tstamp acl_date" .
443 " FROM object_data obj" .
444 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
445 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
446 " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
447 " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
448 " AND obj.owner <> " . $ilDB->quote($ilUser->getId(), "integer");
449
450 if ($a_filter["obj_type"]) {
451 $sql .= " AND obj.type = " . $ilDB->quote($a_filter["obj_type"], "text");
452 }
453 if ($a_filter["title"] && strlen($a_filter["title"]) >= 3) {
454 $sql .= " AND " . $ilDB->like("obj.title", "text", "%" . $a_filter["title"] . "%");
455 }
456 if ($a_filter["user"] && strlen($a_filter["user"]) >= 3) {
457 $usr_ids = array();
458 $set = $ilDB->query("SELECT usr_id FROM usr_data" .
459 " WHERE (" . $ilDB->like("login", "text", "%" . $a_filter["user"] . "%") . " " .
460 "OR " . $ilDB->like("firstname", "text", "%" . $a_filter["user"] . "%") . " " .
461 "OR " . $ilDB->like("lastname", "text", "%" . $a_filter["user"] . "%") . " " .
462 "OR " . $ilDB->like("email", "text", "%" . $a_filter["user"] . "%") . ")");
463 while ($row = $ilDB->fetchAssoc($set)) {
464 $usr_ids[] = $row["usr_id"];
465 }
466 if (!sizeof($usr_ids)) {
467 return;
468 }
469 $sql .= " AND " . $ilDB->in("obj.owner", $usr_ids, "", "integer");
470 }
471
472 if ($a_filter["acl_date"]) {
473 $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
474 $dt = new ilDateTime($dt . " 00:00:00", IL_CAL_DATETIME);
475 $sql .= " AND acl.tstamp > " . $ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
476 }
477
478 if ($a_filter["crsgrp"]) {
479 include_once "Services/Membership/classes/class.ilParticipants.php";
480 $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
481 $part = $part->getParticipants();
482 if (!sizeof($part)) {
483 return;
484 }
485 $sql .= " AND " . $ilDB->in("obj.owner", $part, "", "integer");
486 }
487
488 // we use the oldest share date
489 $sql .= " ORDER BY acl.tstamp";
490
491 $set = $ilDB->query($sql);
492 while ($row = $ilDB->fetchAssoc($set)) {
493 if (!isset($res[$row["wsp_id"]])) {
494 $row["acl_type"] = array($row["acl_type"]);
495 $res[$row["wsp_id"]] = $row;
496 } else {
497 $res[$row["wsp_id"]]["acl_type"][] = $row["acl_type"];
498 }
499 }
500
501 return $res;
502 }
503
504 public static function getSharedNodePassword($a_node_id)
505 {
506 global $DIC;
507
508 $ilDB = $DIC->database();
509
510 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
511
512 $set = $ilDB->query("SELECT * FROM acl_ws" .
513 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
514 " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
515 $res = $ilDB->fetchAssoc($set);
516 if ($res) {
517 return $res["extended_data"];
518 }
519 }
520
521 public static function keepSharedSessionPassword($a_node_id, $a_password)
522 {
523 $_SESSION["ilshpw_" . $a_node_id] = $a_password;
524 }
525
526 public static function getSharedSessionPassword($a_node_id)
527 {
528 return $_SESSION["ilshpw_" . $a_node_id];
529 }
530
531 public static function getGotoLink($a_node_id, $a_obj_id, $a_additional = null)
532 {
533 include_once('./Services/Link/classes/class.ilLink.php');
534 return ilLink::_getStaticLink($a_node_id, ilObject::_lookupType($a_obj_id), true, $a_additional . "_wsp");
535 }
536
537 public function getObjectsIShare()
538 {
539 $ilDB = $this->db;
540 $ilUser = $this->user;
541
542 $res = array();
543 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id" .
544 " FROM object_data obj" .
545 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
546 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
547 " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
548 " WHERE obj.owner = " . $ilDB->quote($ilUser->getId(), "integer"));
549 while ($row = $ilDB->fetchAssoc($set)) {
550 $res[$row["wsp_id"]] = $row["obj_id"];
551 }
552
553 return $res;
554 }
555
556 public static function getObjectDataFromNode($a_node_id)
557 {
558 global $DIC;
559
560 $ilDB = $DIC->database();
561
562 $set = $ilDB->query("SELECT obj.obj_id, obj.type, obj.title" .
563 " FROM object_reference_ws ref" .
564 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
565 " JOIN object_data obj ON (ref.obj_id = obj.obj_id)" .
566 " WHERE ref.wsp_id = " . $ilDB->quote($a_node_id, "integer"));
567 return $ilDB->fetchAssoc($set);
568 }
569}
user
user()
Definition: user.php:4
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
php
An exception for terminatinating execution or to throw for unit testing.
IL_CAL_DATE
const IL_CAL_DATE
Definition: class.ilDateTime.php:10
IL_CAL_UNIX
const IL_CAL_UNIX
Definition: class.ilDateTime.php:11
IL_CAL_DATETIME
const IL_CAL_DATETIME
Definition: class.ilDateTime.php:9
ilCourseParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilCourseParticipants.php:77
ilDateTime
@classDescription Date and time handling
Definition: class.ilDateTime.php:33
ilGroupParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilGroupParticipants.php:64
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilParticipants\getInstanceByObjId
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
Definition: class.ilParticipants.php:122
ilParticipants\_getMembershipByType
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Definition: class.ilParticipants.php:207
ilTree
Tree class data representation in hierachical trees using the Nested Set Model with Gaps by Joe Celco...
Definition: class.ilTree.php:25
ilTree\readRootId
readRootId()
read root id from database
Definition: class.ilTree.php:2053
ilWorkspaceAccessHandler
Access handler for personal workspace.
Definition: class.ilWorkspaceAccessHandler.php:18
ilWorkspaceAccessHandler\getGotoLink
static getGotoLink($a_node_id, $a_obj_id, $a_additional=null)
Definition: class.ilWorkspaceAccessHandler.php:531
ilWorkspaceAccessHandler\addPermission
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
Definition: class.ilWorkspaceAccessHandler.php:212
ilWorkspaceAccessHandler\keepSharedSessionPassword
static keepSharedSessionPassword($a_node_id, $a_password)
Definition: class.ilWorkspaceAccessHandler.php:521
ilWorkspaceAccessHandler\findSharedObjects
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
Definition: class.ilWorkspaceAccessHandler.php:402
ilWorkspaceAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:86
ilWorkspaceAccessHandler\setPermissions
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
Definition: class.ilWorkspaceAccessHandler.php:199
ilWorkspaceAccessHandler\_getPermissions
static _getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:268
ilWorkspaceAccessHandler\getPermissions
getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:257
ilWorkspaceAccessHandler\checkAccessOfUser
checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:104
ilWorkspaceAccessHandler\removePermission
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Definition: class.ilWorkspaceAccessHandler.php:237
ilWorkspaceTree
Tree handler for personal workspace.
Definition: class.ilWorkspaceTree.php:14
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$query
$query
Definition: proxy_ylocal.php:13
$DIC
global $DIC
Definition: saml.php:7
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
settings
settings()
Definition: settings.php:2
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
$ilUser
Definition: imgupload.php:18
$a_type
$a_type
Definition: workflow.php:92