ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilWorkspaceAccessHandler.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once "Modules/Group/classes/class.ilGroupParticipants.php";
6include_once "Modules/Course/classes/class.ilCourseParticipants.php";
7include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
8
18{
22 protected $user;
23
27 protected $lng;
28
32 protected $rbacreview;
33
37 protected $settings;
38
42 protected $db;
43
44 protected $tree; // [ilTree]
45
46 public function __construct(ilTree $a_tree = null)
47 {
48 global $DIC;
49
50 $this->user = $DIC->user();
51 $this->lng = $DIC->language();
52 $this->rbacreview = $DIC->rbac()->review();
53 $this->settings = $DIC->settings();
54 $this->db = $DIC->database();
55 $ilUser = $DIC->user();
56 $lng = $DIC->language();
57
58 $lng->loadLanguageModule("wsp");
59
60 if (!$a_tree) {
61 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceTree.php";
62 $a_tree = new ilWorkspaceTree($ilUser->getId());
63 }
64 $this->tree = $a_tree;
65 }
66
72 public function getTree()
73 {
74 return $this->tree;
75 }
76
86 public function checkAccess($a_permission, $a_cmd, $a_node_id, $a_type = "")
87 {
89
90 return $this->checkAccessOfUser($this->tree, $ilUser->getId(), $a_permission, $a_cmd, $a_node_id, $a_type);
91 }
92
104 public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
105 {
109
110 // :TODO: create permission for parent node with type ?!
111
112 // #20310
113 if (!$ilSetting->get("enable_global_profiles") && $ilUser->getId() == ANONYMOUS_USER_ID) {
114 return false;
115 }
116
117 // tree root is read-only
118 if ($a_permission == "write") {
119 if ($a_tree->readRootId() == $a_node_id) {
120 return false;
121 }
122 }
123
124 // node owner has all rights
125 if ($a_tree->lookupOwner($a_node_id) == $a_user_id) {
126 return true;
127 }
128
129 // other users can only read
130 if ($a_permission == "read" || $a_permission == "visible") {
131 // get all objects with explicit permission
132 $objects = $this->getPermissions($a_node_id);
133 if ($objects) {
134 // check if given user is member of object or has role
135 foreach ($objects as $obj_id) {
136 switch ($obj_id) {
138 return true;
139
141 // check against input kept in session
142 if (self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) ||
143 $a_permission == "visible") {
144 return true;
145 }
146 break;
147
149 if ($ilUser->getId() != ANONYMOUS_USER_ID) {
150 return true;
151 }
152 break;
153
154 default:
155 switch (ilObject::_lookupType($obj_id)) {
156 case "grp":
157 // member of group?
158 if (ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) {
159 return true;
160 }
161 break;
162
163 case "crs":
164 // member of course?
165 if (ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) {
166 return true;
167 }
168 break;
169
170 case "role":
171 // has role?
172 if ($rbacreview->isAssigned($a_user_id, $obj_id)) {
173 return true;
174 }
175 break;
176
177 case "usr":
178 // direct assignment
179 if ($a_user_id == $obj_id) {
180 return true;
181 }
182 break;
183 }
184 break;
185 }
186 }
187 }
188 }
189
190 return false;
191 }
192
199 public function setPermissions($a_parent_node_id, $a_node_id)
200 {
201 // nothing to do as owner has irrefutable rights to any workspace object
202 }
203
212 public function addPermission($a_node_id, $a_object_id, $a_extended_data = null)
213 {
216
217 // tree owner must not be added
218 if ($this->tree->getTreeId() == $ilUser->getId() &&
219 $a_object_id == $ilUser->getId()) {
220 return false;
221 }
222
223 $ilDB->manipulate("INSERT INTO acl_ws (node_id, object_id, extended_data, tstamp)" .
224 " VALUES (" . $ilDB->quote($a_node_id, "integer") . ", " .
225 $ilDB->quote($a_object_id, "integer") . "," .
226 $ilDB->quote($a_extended_data, "text") . "," .
227 $ilDB->quote(time(), "integer") . ")");
228 return true;
229 }
230
237 public function removePermission($a_node_id, $a_object_id = null)
238 {
240
241 $query = "DELETE FROM acl_ws" .
242 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer");
243
244 if ($a_object_id) {
245 $query .= " AND object_id = " . $ilDB->quote($a_object_id, "integer");
246 }
247
248 return $ilDB->manipulate($query);
249 }
250
257 public function getPermissions($a_node_id)
258 {
259 return self::_getPermissions($a_node_id);
260 }
261
268 public static function _getPermissions($a_node_id)
269 {
270 global $DIC;
271
272 $ilDB = $DIC->database();
273 $ilSetting = $DIC->settings();
274
275 $publish_enabled = $ilSetting->get("enable_global_profiles");
276 $publish_perm = array(ilWorkspaceAccessGUI::PERMISSION_ALL,
278
279 $set = $ilDB->query("SELECT object_id FROM acl_ws" .
280 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer"));
281 $res = array();
282 while ($row = $ilDB->fetchAssoc($set)) {
283 if ($publish_enabled || !in_array($row["object_id"], $publish_perm)) {
284 $res[] = $row["object_id"];
285 }
286 }
287 return $res;
288 }
289
290 public function hasRegisteredPermission($a_node_id)
291 {
293
294 $set = $ilDB->query("SELECT object_id FROM acl_ws" .
295 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
296 " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_REGISTERED, "integer"));
297 return (bool) $ilDB->numRows($set);
298 }
299
300 public function hasGlobalPermission($a_node_id)
301 {
304
305 if (!$ilSetting->get("enable_global_profiles")) {
306 return false;
307 }
308
309 $set = $ilDB->query("SELECT object_id FROM acl_ws" .
310 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
311 " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL, "integer"));
312 return (bool) $ilDB->numRows($set);
313 }
314
315 public function hasGlobalPasswordPermission($a_node_id)
316 {
319
320 if (!$ilSetting->get("enable_global_profiles")) {
321 return false;
322 }
323
324 $set = $ilDB->query("SELECT object_id FROM acl_ws" .
325 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
326 " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
327 return (bool) $ilDB->numRows($set);
328 }
329
330 public static function getPossibleSharedTargets()
331 {
332 global $DIC;
333
334 $ilUser = $DIC->user();
335 $ilSetting = $DIC->settings();
336
337 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
338 include_once "Services/Membership/classes/class.ilParticipants.php";
339 $grp_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "grp");
340 $crs_ids = ilParticipants::_getMembershipByType($ilUser->getId(), "crs");
341
342 $obj_ids = array_merge($grp_ids, $crs_ids);
343 $obj_ids[] = $ilUser->getId();
345
346 if ($ilSetting->get("enable_global_profiles")) {
349 }
350
351 return $obj_ids;
352 }
353
354 public function getSharedOwners()
355 {
358
359 $obj_ids = $this->getPossibleSharedTargets();
360
361 $user_ids = array();
362 $set = $ilDB->query("SELECT DISTINCT(obj.owner), u.lastname, u.firstname, u.title" .
363 " FROM object_data obj" .
364 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
365 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
366 " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
367 " JOIN usr_data u on (u.usr_id = obj.owner)" .
368 " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
369 " AND obj.owner <> " . $ilDB->quote($ilUser->getId(), "integer") .
370 " ORDER BY u.lastname, u.firstname, u.title");
371 while ($row = $ilDB->fetchAssoc($set)) {
372 $user_ids[$row["owner"]] = $row["lastname"] . ", " . $row["firstname"];
373 if ($row["title"]) {
374 $user_ids[$row["owner"]] .= ", " . $row["title"];
375 }
376 }
377
378 return $user_ids;
379 }
380
381 public function getSharedObjects($a_owner_id)
382 {
384
385 $obj_ids = $this->getPossibleSharedTargets();
386
387 $res = array();
388 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id" .
389 " FROM object_data obj" .
390 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
391 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
392 " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
393 " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
394 " AND obj.owner = " . $ilDB->quote($a_owner_id, "integer"));
395 while ($row = $ilDB->fetchAssoc($set)) {
396 $res[$row["wsp_id"]] = $row["obj_id"];
397 }
398
399 return $res;
400 }
401
402 public function findSharedObjects(array $a_filter = null, array $a_crs_ids = null, array $a_grp_ids = null)
403 {
406
407 if (!$a_filter["acl_type"]) {
408 $obj_ids = $this->getPossibleSharedTargets();
409 } else {
410 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
411
412 switch ($a_filter["acl_type"]) {
413 case "all":
414 $obj_ids = array(ilWorkspaceAccessGUI::PERMISSION_ALL);
415 break;
416
417 case "password":
419 break;
420
421 case "registered":
423 break;
424
425 case "course":
426 $obj_ids = $a_crs_ids;
427 break;
428
429 case "group":
430 $obj_ids = $a_grp_ids;
431 break;
432
433 case "user":
434 $obj_ids = array($ilUser->getId());
435 break;
436 }
437 }
438
439 $res = array();
440
441 $sql = "SELECT ref.wsp_id,obj.obj_id,obj.type,obj.title,obj.owner," .
442 "acl.object_id acl_type, acl.tstamp acl_date" .
443 " FROM object_data obj" .
444 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
445 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
446 " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
447 " WHERE " . $ilDB->in("acl.object_id", $obj_ids, "", "integer") .
448 " AND obj.owner <> " . $ilDB->quote($ilUser->getId(), "integer");
449
450 if ($a_filter["obj_type"]) {
451 $sql .= " AND obj.type = " . $ilDB->quote($a_filter["obj_type"], "text");
452 }
453 if ($a_filter["title"] && strlen($a_filter["title"]) >= 3) {
454 $sql .= " AND " . $ilDB->like("obj.title", "text", "%" . $a_filter["title"] . "%");
455 }
456 if ($a_filter["user"] && strlen($a_filter["user"]) >= 3) {
457 $usr_ids = array();
458 $set = $ilDB->query("SELECT usr_id FROM usr_data" .
459 " WHERE (" . $ilDB->like("login", "text", "%" . $a_filter["user"] . "%") . " " .
460 "OR " . $ilDB->like("firstname", "text", "%" . $a_filter["user"] . "%") . " " .
461 "OR " . $ilDB->like("lastname", "text", "%" . $a_filter["user"] . "%") . " " .
462 "OR " . $ilDB->like("email", "text", "%" . $a_filter["user"] . "%") . ")");
463 while ($row = $ilDB->fetchAssoc($set)) {
464 $usr_ids[] = $row["usr_id"];
465 }
466 if (!sizeof($usr_ids)) {
467 return;
468 }
469 $sql .= " AND " . $ilDB->in("obj.owner", $usr_ids, "", "integer");
470 }
471
472 if ($a_filter["acl_date"]) {
473 $dt = $a_filter["acl_date"]->get(IL_CAL_DATE);
474 $dt = new ilDateTime($dt . " 00:00:00", IL_CAL_DATETIME);
475 $sql .= " AND acl.tstamp > " . $ilDB->quote($dt->get(IL_CAL_UNIX), "integer");
476 }
477
478 if ($a_filter["crsgrp"]) {
479 include_once "Services/Membership/classes/class.ilParticipants.php";
480 $part = ilParticipants::getInstanceByObjId($a_filter['crsgrp']);
481 $part = $part->getParticipants();
482 if (!sizeof($part)) {
483 return;
484 }
485 $sql .= " AND " . $ilDB->in("obj.owner", $part, "", "integer");
486 }
487
488 // we use the oldest share date
489 $sql .= " ORDER BY acl.tstamp";
490
491 $set = $ilDB->query($sql);
492 while ($row = $ilDB->fetchAssoc($set)) {
493 if (!isset($res[$row["wsp_id"]])) {
494 $row["acl_type"] = array($row["acl_type"]);
495 $res[$row["wsp_id"]] = $row;
496 } else {
497 $res[$row["wsp_id"]]["acl_type"][] = $row["acl_type"];
498 }
499 }
500
501 return $res;
502 }
503
504 public static function getSharedNodePassword($a_node_id)
505 {
506 global $DIC;
507
508 $ilDB = $DIC->database();
509
510 include_once "Services/PersonalWorkspace/classes/class.ilWorkspaceAccessGUI.php";
511
512 $set = $ilDB->query("SELECT * FROM acl_ws" .
513 " WHERE node_id = " . $ilDB->quote($a_node_id, "integer") .
514 " AND object_id = " . $ilDB->quote(ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD, "integer"));
515 $res = $ilDB->fetchAssoc($set);
516 if ($res) {
517 return $res["extended_data"];
518 }
519 }
520
521 public static function keepSharedSessionPassword($a_node_id, $a_password)
522 {
523 $_SESSION["ilshpw_" . $a_node_id] = $a_password;
524 }
525
526 public static function getSharedSessionPassword($a_node_id)
527 {
528 return $_SESSION["ilshpw_" . $a_node_id];
529 }
530
531 public static function getGotoLink($a_node_id, $a_obj_id, $a_additional = null)
532 {
533 include_once('./Services/Link/classes/class.ilLink.php');
534 return ilLink::_getStaticLink($a_node_id, ilObject::_lookupType($a_obj_id), true, $a_additional . "_wsp");
535 }
536
537 public function getObjectsIShare()
538 {
541
542 $res = array();
543 $set = $ilDB->query("SELECT ref.wsp_id,obj.obj_id" .
544 " FROM object_data obj" .
545 " JOIN object_reference_ws ref ON (obj.obj_id = ref.obj_id)" .
546 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
547 " JOIN acl_ws acl ON (acl.node_id = tree.child)" .
548 " WHERE obj.owner = " . $ilDB->quote($ilUser->getId(), "integer"));
549 while ($row = $ilDB->fetchAssoc($set)) {
550 $res[$row["wsp_id"]] = $row["obj_id"];
551 }
552
553 return $res;
554 }
555
556 public static function getObjectDataFromNode($a_node_id)
557 {
558 global $DIC;
559
560 $ilDB = $DIC->database();
561
562 $set = $ilDB->query("SELECT obj.obj_id, obj.type, obj.title" .
563 " FROM object_reference_ws ref" .
564 " JOIN tree_workspace tree ON (tree.child = ref.wsp_id)" .
565 " JOIN object_data obj ON (ref.obj_id = obj.obj_id)" .
566 " WHERE ref.wsp_id = " . $ilDB->quote($a_node_id, "integer"));
567 return $ilDB->fetchAssoc($set);
568 }
569}
user()
Definition: user.php:4
$_SESSION["AccountId"]
An exception for terminatinating execution or to throw for unit testing.
const IL_CAL_DATE
const IL_CAL_UNIX
const IL_CAL_DATETIME
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
@classDescription Date and time handling
static _getInstanceByObjId($a_obj_id)
Get singleton instance.
static _lookupType($a_id, $a_reference=false)
lookup object type
static getInstanceByObjId($a_obj_id)
Get instance by obj type.
static _getMembershipByType($a_usr_id, $a_type, $a_only_member_role=false)
get membership by type Get course or group membership
Tree class data representation in hierachical trees using the Nested Set Model with Gaps by Joe Celco...
readRootId()
read root id from database
Access handler for personal workspace.
static getGotoLink($a_node_id, $a_obj_id, $a_additional=null)
addPermission($a_node_id, $a_object_id, $a_extended_data=null)
Add permission to node for object.
static keepSharedSessionPassword($a_node_id, $a_password)
findSharedObjects(array $a_filter=null, array $a_crs_ids=null, array $a_grp_ids=null)
checkAccess($a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
setPermissions($a_parent_node_id, $a_node_id)
Set permissions after creating node/object.
static _getPermissions($a_node_id)
Get all permissions to node.
getPermissions($a_node_id)
Get all permissions to node.
checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type="")
check access for an object
removePermission($a_node_id, $a_object_id=null)
Remove permission[s] (for object) to node.
Tree handler for personal workspace.
global $ilSetting
Definition: privfeed.php:17
$query
global $DIC
Definition: saml.php:7
foreach($_POST as $key=> $value) $res
settings()
Definition: settings.php:2
global $ilDB
$ilUser
Definition: imgupload.php:18
$a_type
Definition: workflow.php:92