ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilClaimingPermissionHelper.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
12 abstract class ilClaimingPermissionHelper
13 {
14  protected $user_id; // [int]
15  protected $ref_id; // [int]
16  protected $map; // [array]
17  protected $context_ids; // [array]
18  protected $plugins; // [array]
19 
20  protected static $instances; // [array]
21 
22 
23  // constructor
24 
32  protected function __construct($a_user_id, $a_ref_id)
33  {
34  $this->setUserId($a_user_id);
35  $this->setRefId($a_ref_id);
36  $this->map = $this->buildPermissionMap();
37  $this->reset();
38  }
39 
47  public static function getInstance($a_user_id = null, $a_ref_id = null)
48  {
49  global $ilUser;
50 
51  if (!$a_user_id) {
52  $a_user_id = $ilUser->getId();
53  }
54  if (!$a_ref_id) {
55  $a_ref_id = (int) $_REQUEST["ref_id"];
56  }
57  if (!isset(self::$instances[$a_user_id][$a_ref_id])) {
58  self::$instances[$a_user_id][$a_ref_id] = new static($a_user_id, $a_ref_id);
59  }
60  return self::$instances[$a_user_id][$a_ref_id];
61  }
62 
66  public function reset()
67  {
68  $this->context_ids = array();
69  }
70 
71 
72  // properties
73 
79  protected function setUserId($a_value)
80  {
81  $this->user_id = (int) $a_value;
82  }
83 
89  protected function getUserId()
90  {
91  return $this->user_id;
92  }
93 
99  protected function setRefId($a_value)
100  {
101  $this->ref_id = (int) $a_value;
102  }
103 
109  protected function getRefId()
110  {
111  return $this->ref_id;
112  }
113 
114 
115  // caching
116 
124  abstract protected function readContextIds($a_context_type);
125 
126 
127  // permissions
128 
134  abstract protected function buildPermissionMap();
135 
145  protected function isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
146  {
147  $valid = false;
148 
149  if (array_key_exists($a_context_type, $this->map)) {
150  if (!$a_action_sub_id) {
151  if (in_array($a_action_id, $this->map[$a_context_type]["actions"])) {
152  $valid = true;
153  }
154  } else {
155  if (array_key_exists($a_action_id, $this->map[$a_context_type]["subactions"]) &&
156  in_array($a_action_sub_id, $this->map[$a_context_type]["subactions"][$a_action_id])) {
157  $valid = true;
158  }
159  }
160  }
161 
162  if ($valid &&
163  $a_context_id &&
164  !in_array($a_context_id, $this->getValidContextIds($a_context_type))) {
165  $valid = false;
166  }
167 
168  if (DEVMODE && !$valid) {
169  trigger_error("INVALID permission context - " . $a_context_type . ":" . $a_context_id . ":" . $a_action_id . ":" . $a_action_sub_id, E_USER_WARNING);
170  }
171 
172  return $valid;
173  }
174 
182  protected function getValidContextIds($a_context_type)
183  {
184  if (!array_key_exists($a_context_type, $this->context_ids)) {
185  $this->context_ids[$a_context_type] = $this->readContextIds($a_context_type);
186  }
187  return (array) $this->context_ids[$a_context_type];
188  }
189 
199  public function hasPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
200  {
201  if ($this->isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
202  return $this->checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id);
203  }
204  // :TODO: exception?
205  }
206 
215  public function hasPermissions($a_context_type, $a_context_id, array $a_action_ids)
216  {
217  $res = array();
218 
219  foreach ($a_action_ids as $action_id) {
220  if (is_array($action_id)) {
221  $action_sub_id = $action_id[1];
222  $action_id = $action_id[0];
223 
224  $res[$action_id][$action_sub_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id, $action_sub_id);
225  } else {
226  $res[$action_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id);
227  }
228  }
229 
230  return $res;
231  }
232 
242  protected function checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
243  {
244  return ($this->checkRBAC() &&
245  $this->checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id));
246  }
247 
253  protected function checkRBAC()
254  {
255  global $ilAccess;
256 
257  // we are currently only supporting write operations
258  return $ilAccess->checkAccessOfUser($this->getUserId(), "write", "", $this->getRefId());
259  }
260 
266  abstract protected function getActivePlugins();
267 
277  protected function checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
278  {
279  $valid = true;
280 
281  if (!is_array($this->plugins)) {
282  $this->plugins = (array) $this->getActivePlugins();
283  }
284 
285  foreach ($this->plugins as $plugin) {
286  if (!$plugin->checkPermission($this->getUserId(), $a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
287  $valid = false;
288  break;
289  }
290  }
291 
292  return $valid;
293  }
294 }
ilClaimingPermissionHelper\getInstance
static getInstance($a_user_id=null, $a_ref_id=null)
Factory.
Definition: class.ilClaimingPermissionHelper.php:47
ilClaimingPermissionHelper\hasPermissions
hasPermissions($a_context_type, $a_context_id, array $a_action_ids)
Check permissions.
Definition: class.ilClaimingPermissionHelper.php:215
ilClaimingPermissionHelper
Claiming permission helper base class.
Definition: class.ilClaimingPermissionHelper.php:12
ilClaimingPermissionHelper\checkPermission
checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission (helper: rbac, plugins)
Definition: class.ilClaimingPermissionHelper.php:242
$valid
$valid
Definition: dummy_client.php:52
ilClaimingPermissionHelper\readContextIds
readContextIds($a_context_type)
Get all context ids for context type (from DB, is cached)
$a_context_id
$a_context_id
Definition: workflow.php:97
ilClaimingPermissionHelper\getActivePlugins
getActivePlugins()
Get active plugins (for current slot)
ilClaimingPermissionHelper\buildPermissionMap
buildPermissionMap()
Build map of context and actions.
ilClaimingPermissionHelper\hasPermission
hasPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission.
Definition: class.ilClaimingPermissionHelper.php:199
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilClaimingPermissionHelper\checkRBAC
checkRBAC()
Check permission against RBAC.
Definition: class.ilClaimingPermissionHelper.php:253
$ilUser
$ilUser
Definition: imgupload.php:18
ilClaimingPermissionHelper\isValidContextAndAction
isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check if given combination of context and action is valid.
Definition: class.ilClaimingPermissionHelper.php:145
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilClaimingPermissionHelper\checkPlugins
checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission against plugins.
Definition: class.ilClaimingPermissionHelper.php:277
$a_context_type
$a_context_type
Definition: workflow.php:96
ilClaimingPermissionHelper\__construct
__construct($a_user_id, $a_ref_id)
Constructor.
Definition: class.ilClaimingPermissionHelper.php:32
ilClaimingPermissionHelper\getValidContextIds
getValidContextIds($a_context_type)
Get context ids for context type (uses cache)
Definition: class.ilClaimingPermissionHelper.php:182