54        if (self::$instance) {
 
   65        self::$user_role_cache = array();
 
   66        self::$_paCache = 
null;
 
   67        self::$_checkAccessOfUserCache = 
null;
 
   93        $ilBench->start(
"RBAC", 
"system_checkAccess");
 
   97        $ilBench->stop(
"RBAC", 
"system_checkAccess");
 
  107        $cacheKey = $a_user_id . 
':' . $a_operations . 
':' . $a_ref_id . 
':' . 
$a_type;
 
  110        if (!is_array(self::$_checkAccessOfUserCache)) {
 
  111            self::$_checkAccessOfUserCache = array();
 
  115        if (array_key_exists($cacheKey, self::$_checkAccessOfUserCache)) {
 
  116            return self::$_checkAccessOfUserCache[$cacheKey];
 
  128            if (count(self::$_checkAccessOfUserCache) < 1000) {
 
  129                self::$_checkAccessOfUserCache[$cacheKey] = 
true;
 
  139        if (in_array(SYSTEM_ROLE_ID, $roles)) {
 
  142            if (count(self::$_checkAccessOfUserCache) < 1000) {
 
  143                self::$_checkAccessOfUserCache[$cacheKey] = 
true;
 
  148        if (!isset($a_operations) or !isset($a_ref_id)) {
 
  150            $this->ilErr->raiseError(get_class($this) . 
"::checkAccess(): Missing parameter! " .
 
  151                            "ref_id: " . $a_ref_id . 
" operations: " . $a_operations, $this->ilErr->WARNING);
 
  154        if (!is_string($a_operations)) {
 
  156            $this->ilErr->raiseError(get_class($this) . 
"::checkAccess(): Wrong datatype for operations!", $this->ilErr->WARNING);
 
  160        $paCacheKey = $a_user_id . 
':' . $a_ref_id;
 
  161        if (!is_array(self::$_paCache)) {
 
  162            self::$_paCache = array();
 
  165        if (array_key_exists($paCacheKey, self::$_paCache)) {
 
  167            $ops = self::$_paCache[$paCacheKey];
 
  170            $q = 
"SELECT * FROM rbac_pa " .
 
  171                     "WHERE ref_id = " . 
$ilDB->quote($a_ref_id, 
'integer');
 
  178                if (in_array(
$row->rol_id, $roles)) {
 
  179                    $ops = array_merge($ops, unserialize(stripslashes(
$row->ops_id)));
 
  183            if (count(self::$_paCache) < 1000) {
 
  184                self::$_paCache[$paCacheKey] = $ops;
 
  188        $operations = explode(
",", $a_operations);
 
  189        foreach ($operations as $operation) {
 
  190            if ($operation == 
"create") {
 
  192                    $this->ilErr->raiseError(
 
  193                        get_class($this) . 
"::CheckAccess(): Expect a type definition for checking a 'create' permission",
 
  194                        $this->ilErr->WARNING
 
  202            if (!in_array($ops_id, (array) $ops)) {
 
  206                if (count(self::$_checkAccessOfUserCache) < 1000) {
 
  207                    self::$_checkAccessOfUserCache[$cacheKey] = 
false;
 
  215        if (count(self::$_checkAccessOfUserCache) < 1000) {
 
  217            self::$_checkAccessOfUserCache[$cacheKey] = 
true;
 
  232        if (!is_array($a_ref_ids)) {
 
  237        foreach ($a_ref_ids as $ref_id) {
 
  238            if (!isset(self::$_paCache[$a_user_id . 
":" . $ref_id])) {
 
  240                $ops[$ref_id] = array();
 
  241                $ref_ids[] = $ref_id;
 
  245        if (count($ref_ids) > 0) {
 
  248            $q = 
"SELECT * FROM rbac_pa " .
 
  249                "WHERE " . 
$ilDB->in(
"ref_id", $ref_ids, 
false, 
"integer");
 
  254                if (in_array(
$row->rol_id, $roles[
$row->ref_id])) {
 
  255                    $ops[
$row->ref_id] = array_merge(
 
  257                        unserialize(stripslashes(
$row->ops_id))
 
  261            foreach ($a_ref_ids as $ref_id) {
 
  263                if (!isset(self::$_paCache[$a_user_id . 
":" . $ref_id])) {
 
  264                    self::$_paCache[$a_user_id . 
":" . $ref_id] = $ops[$ref_id];
 
  284        $query = 
'SELECT ops_id FROM rbac_operations ' .
 
  285            'WHERE operation = ' . 
$ilDB->quote($a_operation, 
'text');
 
  288            $ops_id = 
$row->ops_id;
 
  291        $query = 
"SELECT * FROM rbac_pa " .
 
  292             "WHERE rol_id = " . 
$ilDB->quote($a_rol_id, 
'integer') . 
" " .
 
  293             "AND ref_id = " . 
$ilDB->quote($a_ref_id, 
'integer') . 
" ";
 
  297            $ops = array_merge($ops, unserialize(
$row->ops_id));
 
  299        return in_array($ops_id, $ops);
 
  304        global $ilObjDataCache,
$ilUser;
 
  307        if ($this->mem_view[
'active'] and $a_user_id == 
$ilUser->getId()) {
 
  308            if (in_array($a_ref_id, $this->mem_view[
'items'])) {
 
  309                return $a_operations;
 
  313        if ($a_user_id != $ilObjDataCache->lookupOwner($ilObjDataCache->lookupObjId($a_ref_id))) {
 
  314            return $a_operations;
 
  318        foreach (explode(
",", $a_operations) as $operation) {
 
  319            if ($operation != 
'cat_administrate_users' and $operation != 
'edit_permission' and $operation != 
'edit_learning_progress' and $operation != 
'read_learning_progress' and !preg_match(
'/^create/', $operation)) {
 
  322            if (!strlen($new_ops)) {
 
  323                $new_ops = $operation;
 
  325                $new_ops .= (
',' . $operation);
 
  344        if ($this->mem_view[
'active'] and $a_usr_id == 
$ilUser->getId()) {
 
  346            if (in_array($a_ref_id, $this->mem_view[
'items']) and $this->mem_view[
'role']) {
 
  348                return array($this->mem_view[
'role']);
 
  352        if (isset(self::$user_role_cache[$a_usr_id]) and is_array(self::$user_role_cache)) {
 
  353            return self::$user_role_cache[$a_usr_id];
 
  358        return self::$user_role_cache[$a_usr_id] = $rbacreview->assignedRoles($a_usr_id);
 
  367        include_once 
'./Services/Container/classes/class.ilMemberViewSettings.php';
 
  372            isset(
$_GET[
'mv']) &&
 
  376            $settings->toggleActivation((
int) 
$_GET[
'ref_id'], 
false);
 
  379            isset(
$_GET[
'mv']) &&
 
  383                $settings->toggleActivation((
int) 
$_GET[
'ref_id'], 
true);
 
  389        if (!$settings->isActive()) {
 
  390            $this->mem_view[
'active'] = 
false;
 
  391            $this->mem_view[
'items'] = array();
 
  392            $this->mem_view[
'role'] = 0;
 
  396            $this->mem_view[
'active'] = 
true;
 
  397            $this->mem_view[
'items'] = $tree->getSubTreeIds($settings->getContainer());
 
  398            $this->mem_view[
'items'] = array_merge($this->mem_view[
'items'], array($settings->getContainer()));
 
  400            include_once 
'./Services/Membership/classes/class.ilParticipants.php';
 
  408        if (!in_array($a_role_id, self::$user_role_cache[$a_usr_id])) {
 
  409            self::$user_role_cache[$a_usr_id][] = $a_role_id;
 
  415        $paCacheKey = $a_usr_id . 
':' . $a_ref_id;
 
  416        unset(self::$_paCache[$paCacheKey]);
 
const PEAR_ERROR_CALLBACK
An exception for terminatinating execution or to throw for unit testing.
query($sql, $a_handle_error=true)
Query.
static getInstance()
Get instance.
static getDefaultMemberRole($a_ref_id)
static _getOperationIdByName($a_operation)
get operation id by name of operation @access public @access static
class ilRbacSystem system function like checkAccess, addActiveRole ... Supporting system functions ar...
resetPACache($a_usr_id, $a_ref_id)
static $_checkAccessOfUserCache
fetchAssignedRoles($a_usr_id, $a_ref_id)
Fetch assigned roles This method caches the assigned roles per user.
static resetCaches()
Reset internal caches.
__construct()
Constructor @access public.
__filterOwnerPermissions($a_user_id, $a_operations, $a_ref_id)
checkAccess($a_operations, $a_ref_id, $a_type="")
checkAccess represents the main method of the RBAC-system in ILIAS3 developers want to use With this ...
checkPermission($a_ref_id, $a_rol_id, $a_operation)
check if a specific role has the permission '$a_operation' of an object @access public
checkAccessOfUser($a_user_id, $a_operations, $a_ref_id, $a_type="")
addTemporaryRole($a_usr_id, $a_role_id)
preloadRbacPaCache($a_ref_ids, $a_user_id)
Preload rbac_pa cache.
initMemberView()
Init member view.
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
redirection script todo: (a better solution should control the processing via a xml file)
foreach($_POST as $key=> $value) $res