ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilWorkspaceAccessHandler.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 include_once "Modules/Group/classes/class.ilGroupParticipants.php";
6 include_once "Modules/Course/classes/class.ilCourseParticipants.php";
7 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
8 
17 class ilWorkspaceAccessHandler
18 {
22  protected $user;
23 
27  protected $lng;
28 
32  protected $rbacreview;
33 
37  protected $settings;
38 
42  protected $db;
43 
44  protected $tree; // [ilTree]
45 
46  public function __construct(ilTree $a_tree = null)
47  {
48  global $DIC;
49 
50  $this->user = $DIC->user();
51  $this->lng = $DIC->language();
52  $this->rbacreview = $DIC->rbac()->review();
53  $this->settings = $DIC->settings();
54  $this->db = $DIC->database();
55  $ilUser = $DIC->user();
56  $lng = $DIC->language();
57 
58  $lng->loadLanguageModule("wsp");
59 
60  if (!$a_tree) {
61  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceTree.php";
62  $a_tree = new ilWorkspaceTree($ilUser->getId());
63  }
64  $this->tree = $a_tree;
65  }
66 
72  public function getTree()
73  {
74  return $this->tree;
75  }
76 
86  public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
87  {
88  $ilUser = $this->user;
89 
90  return $this->checkAccessOfUser($this->tree, $ilUser->getId(), $a_permission, $a_cmd, $a_node_id, $a_type);
91  }
92 
104  public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
105  {
106  $rbacreview = $this->rbacreview;
107  $ilUser = $this->user;
108  $ilSetting = $this->settings;
109 
110  // :TODO: create permission for parent node with type ?!
111 
112  // #20310
113  if (!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID) {
114  return false;
115  }
116 
117  // tree root is read-only
118  if ($a_permission == "write") {
119  if ($a_tree->readRootId() == $a_node_id) {
120  return false;
121  }
122  }
123 
124  // node owner has all rights
125  if ($a_tree->lookupOwner($a_node_id) == $a_user_id) {
126  return true;
127  }
128 
129  // other users can only read
130  if ($a_permission == "read" || $a_permission == "visible") {
131  // get all objects with explicit permission
132  $objects = $this->getPermissions($a_node_id);
133  if ($objects) {
134  // check if given user is member of object or has role
135  foreach ($objects as $obj_id) {
136  switch ($obj_id) {
137  case ilWorkspaceAccessGUI::PERMISSION_ALL:
138  return true;
139 
140  case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD:
141  // check against input kept in session
142  if (self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
143  $a_permission == "visible") {
144  return true;
145  }
146  break;
147 
148  case ilWorkspaceAccessGUI::PERMISSION_REGISTERED:
149  if ($ilUser->getId() != ANONYMOUS_USER_ID) {
150  return true;
151  }
152  break;
153 
154  default:
155  switch (ilObject::_lookupType($obj_id)) {
156  case "grp":
157  // member of group?
158  if (ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) {
159  return true;
160  }
161  break;
162 
163  case "crs":
164  // member of course?
165  if (ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) {
166  return true;
167  }
168  break;
169 
170  case "role":
171  // has role?
172  if ($rbacreview->isAssigned($a_user_id, $obj_id)) {
173  return true;
174  }
175  break;
176 
177  case "usr":
178  // direct assignment
179  if ($a_user_id == $obj_id) {
180  return true;
181  }
182  break;
183  }
184  break;
185  }
186  }
187  }
188  }
189 
190  return false;
191  }
192 
199  public function setPermissions($a_parent_node_id, $a_node_id)
200  {
201  // nothing to do as owner has irrefutable rights to any workspace object
202  }
203 
212  public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
213  {
214  $ilDB = $this->db;
215  $ilUser = $this->user;
216 
217  // tree owner must not be added
218  if ($this->tree->getTreeId() == $ilUser->getId() &&
219  $a_object_id == $ilUser->getId()) {
220  return false;
221  }
222 
223  $ilDB->manipulate("INSERT INTO acl_ws (node_id, object_id, extended_data, tstamp)" .
224  " VALUES (" . $ilDB->quote($a_node_id, "integer") . ", " .
225  $ilDB->quote($a_object_id, "integer") . "," .
226  $ilDB->quote($a_extended_data, "text") . "," .
227  $ilDB->quote(time(), "integer") . ")");
228  return true;
229  }
230 
237  public function removePermission($a_node_id, $a_object_id = null)
238  {
239  $ilDB = $this->db;
240 
241  $query = "DELETE FROM acl_ws" .
242  " WHERE node_id = " . $ilDB->quote($a_node_id, "integer");
243 
244  if ($a_object_id) {
245  $query .= " AND object_id = " . $ilDB->quote($a_object_id, "integer");
246  }
247 
248  return $ilDB->manipulate($query);
249  }
250 
257  public function getPermissions($a_node_id)
258  {
259  return self::_getPermissions($a_node_id);
260  }
261 
268  public static function _getPermissions($a_node_id)
269  {
270  global $DIC;
271 
272  $ilDB = $DIC->database();
273  $ilSetting = $DIC->settings();
274 
275  $publish_enabled = $ilSetting->get("enable_global_profiles");
276  $publish_perm = array(ilWorkspaceAccessGUI::PERMISSION_ALL,
277  ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
278 
279  $set = $ilDB->query("SELECT object_id FROM acl_ws" .
280  " WHERE node_id = " . $ilDB->quote($a_node_id, "integer"));
281  $res = array();
282  while ($row = $ilDB->fetchAssoc($set)) {
283  if ($publish_enabled || !in_array($row["object_id"], $publish_perm)) {
284  $res[] = $row["object_id"];
285  }
286  }
287  return $res;
288  }
289 
290  public function hasRegisteredPermission($a_node_id)
291  {
292  $ilDB = $this->db;
293 
294  $set = $ilDB->query("SELECT object_id FROM acl_ws" .
295  " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
296  " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
297  return (bool) $ilDB->numRows($set);
298  }
299 
300  public function hasGlobalPermission($a_node_id)
301  {
302  $ilDB = $this->db;
303  $ilSetting = $this->settings;
304 
305  if (!$ilSetting->get("enable_global_profiles")) {
306  return false;
307  }
308 
309  $set = $ilDB->query("SELECT object_id FROM acl_ws" .
310  " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
311  " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
312  return (bool) $ilDB->numRows($set);
313  }
314 
315  public function hasGlobalPasswordPermission($a_node_id)
316  {
317  $ilDB = $this->db;
318  $ilSetting = $this->settings;
319 
320  if (!$ilSetting->get("enable_global_profiles")) {
321  return false;
322  }
323 
324  $set = $ilDB->query("SELECT object_id FROM acl_ws" .
325  " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
326  " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
327  return (bool) $ilDB->numRows($set);
328  }
329 
330  public static function getPossibleSharedTargets()
331  {
332  global $DIC;
333 
334  $ilUser = $DIC->user();
335  $ilSetting = $DIC->settings();
336 
337  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
338  include_once "Services/Membership/classes/class.ilParticipants.php";
339  $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
340  $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
341 
342  $obj_ids = array_merge($grp_ids, $crs_ids);
343  $obj_ids[] = $ilUser->getId();
344  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_REGISTERED;
345 
346  if ($ilSetting->get("enable_global_profiles")) {
347  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL;
348  $obj_ids[] = ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD;
349  }
350 
351  return $obj_ids;
352  }
353 
354  public function getSharedOwners()
355  {
356  $ilUser = $this->user;
357  $ilDB = $this->db;
358 
359  $obj_ids = $this->getPossibleSharedTargets();
360 
361  $user_ids = array();
362  $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title" .
363  " FROM object_data obj" .
364  " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
365  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
366  " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
367  " JOIN usr_data u on (u.usr_id = obj.owner)" .
368  " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
369  " AND obj.owner <> " . $ilDB->quote($ilUser->getId(), "integer") .
370  " ORDER BY u.lastname, u.firstname, u.title");
371  while ($row = $ilDB->fetchAssoc($set)) {
372  $user_ids[$row["owner"]] = $row["lastname"] . ", " . $row["firstname"];
373  if ($row["title"]) {
374  $user_ids[$row["owner"]] .= ", " . $row["title"];
375  }
376  }
377 
378  return $user_ids;
379  }
380 
381  public function getSharedObjects($a_owner_id)
382  {
383  $ilDB = $this->db;
384 
385  $obj_ids = $this->getPossibleSharedTargets();
386 
387  $res = array();
388  $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id" .
389  " FROM object_data obj" .
390  " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
391  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
392  " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
393  " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
394  " AND obj.owner = " . $ilDB->quote($a_owner_id, "integer"));
395  while ($row = $ilDB->fetchAssoc($set)) {
396  $res[$row["wsp_id"]] = $row["obj_id"];
397  }
398 
399  return $res;
400  }
401 
402  public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
403  {
404  $ilDB = $this->db;
405  $ilUser = $this->user;
406 
407  if (!$a_filter["acl_type"]) {
408  $obj_ids = $this->getPossibleSharedTargets();
409  } else {
410  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
411 
412  switch ($a_filter["acl_type"]) {
413  case "all":
414  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
415  break;
416 
417  case "password":
418  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD);
419  break;
420 
421  case "registered":
422  $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_REGISTERED);
423  break;
424 
425  case "course":
426  $obj_ids = $a_crs_ids;
427  break;
428 
429  case "group":
430  $obj_ids = $a_grp_ids;
431  break;
432 
433  case "user":
434  $obj_ids = array($ilUser->getId());
435  break;
436  }
437  }
438 
439  $res = array();
440 
441  $sql = "SELECT ref.wsp_id,obj.obj_id,obj.type,obj.title,obj.owner," .
442  "acl.object_id acl_type, acl.tstamp acl_date" .
443  " FROM object_data obj" .
444  " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
445  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
446  " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
447  " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
448  " AND obj.owner <> " . $ilDB->quote($ilUser->getId(), "integer");
449 
450  if ($a_filter["obj_type"]) {
451  $sql .= " AND obj.type = " . $ilDB->quote($a_filter["obj_type"], "text");
452  }
453  if ($a_filter["title"] && strlen($a_filter["title"]) >= 3) {
454  $sql .= " AND " . $ilDB->like("obj.title", "text", "%" . $a_filter["title"] . "%");
455  }
456  if ($a_filter["user"] && strlen($a_filter["user"]) >= 3) {
457  $usr_ids = array();
458  $set = $ilDB->query("SELECT usr_id FROM usr_data" .
459  " WHERE (" . $ilDB->like("login", "text", "%" . $a_filter["user"] . "%") . " " .
460  "OR " . $ilDB->like("firstname", "text", "%" . $a_filter["user"] . "%") . " " .
461  "OR " . $ilDB->like("lastname", "text", "%" . $a_filter["user"] . "%") . " " .
462  "OR " . $ilDB->like("email", "text", "%" . $a_filter["user"] . "%") . ")");
463  while ($row = $ilDB->fetchAssoc($set)) {
464  $usr_ids[] = $row["usr_id"];
465  }
466  if (!sizeof($usr_ids)) {
467  return;
468  }
469  $sql .= " AND " . $ilDB->in("obj.owner", $usr_ids, "", "integer");
470  }
471 
472  if ($a_filter["acl_date"]) {
473  $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
474  $dt = new ilDateTime($dt . " 00:00:00", IL_CAL_DATETIME);
475  $sql .= " AND acl.tstamp > " . $ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
476  }
477 
478  if ($a_filter["crsgrp"]) {
479  include_once "Services/Membership/classes/class.ilParticipants.php";
480  $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
481  $part = $part->getParticipants();
482  if (!sizeof($part)) {
483  return;
484  }
485  $sql .= " AND " . $ilDB->in("obj.owner", $part, "", "integer");
486  }
487 
488  // we use the oldest share date
489  $sql .= " ORDER BY acl.tstamp";
490 
491  $set = $ilDB->query($sql);
492  while ($row = $ilDB->fetchAssoc($set)) {
493  if (!isset($res[$row["wsp_id"]])) {
494  $row["acl_type"] = array($row["acl_type"]);
495  $res[$row["wsp_id"]] = $row;
496  } else {
497  $res[$row["wsp_id"]]["acl_type"][] = $row["acl_type"];
498  }
499  }
500 
501  return $res;
502  }
503 
504  public static function getSharedNodePassword($a_node_id)
505  {
506  global $DIC;
507 
508  $ilDB = $DIC->database();
509 
510  include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
511 
512  $set = $ilDB->query("SELECT * FROM acl_ws" .
513  " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
514  " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
515  $res = $ilDB->fetchAssoc($set);
516  if ($res) {
517  return $res["extended_data"];
518  }
519  }
520 
521  public static function keepSharedSessionPassword($a_node_id, $a_password)
522  {
523  $_SESSION["ilshpw_" . $a_node_id] = $a_password;
524  }
525 
526  public static function getSharedSessionPassword($a_node_id)
527  {
528  return $_SESSION["ilshpw_" . $a_node_id];
529  }
530 
531  public static function getGotoLink($a_node_id, $a_obj_id, $a_additional = null)
532  {
533  include_once('./Services/Link/classes/class.ilLink.php');
534  return ilLink::_getStaticLink($a_node_id, ilObject::_lookupType($a_obj_id), true, $a_additional . "_wsp");
535  }
536 
537  public function getObjectsIShare()
538  {
539  $ilDB = $this->db;
540  $ilUser = $this->user;
541 
542  $res = array();
543  $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id" .
544  " FROM object_data obj" .
545  " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
546  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
547  " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
548  " WHERE obj.owner = " . $ilDB->quote($ilUser->getId(), "integer"));
549  while ($row = $ilDB->fetchAssoc($set)) {
550  $res[$row["wsp_id"]] = $row["obj_id"];
551  }
552 
553  return $res;
554  }
555 
556  public static function getObjectDataFromNode($a_node_id)
557  {
558  global $DIC;
559 
560  $ilDB = $DIC->database();
561 
562  $set = $ilDB->query("SELECT obj.obj_id, obj.type, obj.title" .
563  " FROM object_reference_ws ref" .
564  " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
565  " JOIN object_data obj ON (ref.obj_id = obj.obj_id)" .
566  " WHERE ref.wsp_id = " . $ilDB->quote($a_node_id, "integer"));
567  return $ilDB->fetchAssoc($set);
568  }
569 }
IL_CAL_DATETIME
const IL_CAL_DATETIME
Definition: class.ilDateTime.php:9
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
$DIC
global $DIC
Definition: saml.php:7
ilParticipants\_getMembershipByType
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Definition: class.ilParticipants.php:207
ilCourseParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilCourseParticipants.php:77
ilWorkspaceAccessHandler
Access handler for personal workspace.
Definition: class.ilWorkspaceAccessHandler.php:17
ilWorkspaceAccessHandler\removePermission
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Definition: class.ilWorkspaceAccessHandler.php:237
IL_CAL_UNIX
const IL_CAL_UNIX
Definition: class.ilDateTime.php:11
user
user()
Definition: user.php:4
ilWorkspaceTree
Tree handler for personal workspace.
Definition: class.ilWorkspaceTree.php:13
ilWorkspaceAccessHandler\getPermissions
getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:257
$a_type
$a_type
Definition: workflow.php:92
ilWorkspaceAccessHandler\findSharedObjects
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
Definition: class.ilWorkspaceAccessHandler.php:402
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilWorkspaceAccessHandler\getGotoLink
static getGotoLink($a_node_id, $a_obj_id, $a_additional=null)
Definition: class.ilWorkspaceAccessHandler.php:531
ilDateTime
Date and time handling
Definition: class.ilDateTime.php:32
$ilUser
$ilUser
Definition: imgupload.php:18
$query
$query
Definition: proxy_ylocal.php:13
ilTree
Tree class data representation in hierachical trees using the Nested Set Model with Gaps by Joe Celco...
Definition: class.ilTree.php:24
ilWorkspaceAccessHandler\setPermissions
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
Definition: class.ilWorkspaceAccessHandler.php:199
ilGroupParticipants\_getInstanceByObjId
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
Definition: class.ilGroupParticipants.php:64
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilWorkspaceAccessHandler\keepSharedSessionPassword
static keepSharedSessionPassword($a_node_id, $a_password)
Definition: class.ilWorkspaceAccessHandler.php:521
IL_CAL_DATE
const IL_CAL_DATE
Definition: class.ilDateTime.php:10
settings
settings()
Definition: settings.php:2
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilWorkspaceAccessHandler\checkAccess
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:86
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilWorkspaceAccessHandler\_getPermissions
static _getPermissions($a_node_id)
Get all permissions to node.
Definition: class.ilWorkspaceAccessHandler.php:268
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
ilWorkspaceAccessHandler\checkAccessOfUser
checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
Definition: class.ilWorkspaceAccessHandler.php:104
ilWorkspaceAccessHandler\addPermission
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
Definition: class.ilWorkspaceAccessHandler.php:212
ilParticipants\getInstanceByObjId
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
Definition: class.ilParticipants.php:122
ilTree\readRootId
readRootId()
read root id from database
Definition: class.ilTree.php:2053