ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilClaimingPermissionHelper.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
3
12abstract class ilClaimingPermissionHelper
13{
14 protected $user_id; // [int]
15 protected $ref_id; // [int]
16 protected $map; // [array]
17 protected $context_ids; // [array]
18 protected $plugins; // [array]
19
20 protected static $instances; // [array]
21
22
23 // constructor
24
32 protected function __construct($a_user_id, $a_ref_id)
33 {
34 $this->setUserId($a_user_id);
35 $this->setRefId($a_ref_id);
36 $this->map = $this->buildPermissionMap();
37 $this->reset();
38 }
39
47 public static function getInstance($a_user_id = null, $a_ref_id = null)
48 {
49 global $ilUser;
50
51 if (!$a_user_id) {
52 $a_user_id = $ilUser->getId();
53 }
54 if (!$a_ref_id) {
55 $a_ref_id = (int) $_REQUEST["ref_id"];
56 }
57 if (!isset(self::$instances[$a_user_id][$a_ref_id])) {
58 self::$instances[$a_user_id][$a_ref_id] = new static($a_user_id, $a_ref_id);
59 }
60 return self::$instances[$a_user_id][$a_ref_id];
61 }
62
66 public function reset()
67 {
68 $this->context_ids = array();
69 }
70
71
72 // properties
73
79 protected function setUserId($a_value)
80 {
81 $this->user_id = (int) $a_value;
82 }
83
89 protected function getUserId()
90 {
91 return $this->user_id;
92 }
93
99 protected function setRefId($a_value)
100 {
101 $this->ref_id = (int) $a_value;
102 }
103
109 protected function getRefId()
110 {
111 return $this->ref_id;
112 }
113
114
115 // caching
116
124 abstract protected function readContextIds($a_context_type);
125
126
127 // permissions
128
134 abstract protected function buildPermissionMap();
135
145 protected function isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
146 {
147 $valid = false;
148
149 if (array_key_exists($a_context_type, $this->map)) {
150 if (!$a_action_sub_id) {
151 if (in_array($a_action_id, $this->map[$a_context_type]["actions"])) {
152 $valid = true;
153 }
154 } else {
155 if (array_key_exists($a_action_id, $this->map[$a_context_type]["subactions"]) &&
156 in_array($a_action_sub_id, $this->map[$a_context_type]["subactions"][$a_action_id])) {
157 $valid = true;
158 }
159 }
160 }
161
162 if ($valid &&
163 $a_context_id &&
164 !in_array($a_context_id, $this->getValidContextIds($a_context_type))) {
165 $valid = false;
166 }
167
168 if (DEVMODE && !$valid) {
169 trigger_error("INVALID permission context - " . $a_context_type . ":" . $a_context_id . ":" . $a_action_id . ":" . $a_action_sub_id, E_USER_WARNING);
170 }
171
172 return $valid;
173 }
174
182 protected function getValidContextIds($a_context_type)
183 {
184 if (!array_key_exists($a_context_type, $this->context_ids)) {
185 $this->context_ids[$a_context_type] = $this->readContextIds($a_context_type);
186 }
187 return (array) $this->context_ids[$a_context_type];
188 }
189
199 public function hasPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
200 {
201 if ($this->isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
202 return $this->checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id);
203 }
204 // :TODO: exception?
205 }
206
215 public function hasPermissions($a_context_type, $a_context_id, array $a_action_ids)
216 {
217 $res = array();
218
219 foreach ($a_action_ids as $action_id) {
220 if (is_array($action_id)) {
221 $action_sub_id = $action_id[1];
222 $action_id = $action_id[0];
223
224 $res[$action_id][$action_sub_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id, $action_sub_id);
225 } else {
226 $res[$action_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id);
227 }
228 }
229
230 return $res;
231 }
232
242 protected function checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
243 {
244 return ($this->checkRBAC() &&
245 $this->checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id));
246 }
247
253 protected function checkRBAC()
254 {
255 global $ilAccess;
256
257 // we are currently only supporting write operations
258 return $ilAccess->checkAccessOfUser($this->getUserId(), "write", "", $this->getRefId());
259 }
260
266 abstract protected function getActivePlugins();
267
277 protected function checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
278 {
279 $valid = true;
280
281 if (!is_array($this->plugins)) {
282 $this->plugins = (array) $this->getActivePlugins();
283 }
284
285 foreach ($this->plugins as $plugin) {
286 if (!$plugin->checkPermission($this->getUserId(), $a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
287 $valid = false;
288 break;
289 }
290 }
291
292 return $valid;
293 }
294}
php
An exception for terminatinating execution or to throw for unit testing.
ilClaimingPermissionHelper
Claiming permission helper base class.
Definition: class.ilClaimingPermissionHelper.php:13
ilClaimingPermissionHelper\buildPermissionMap
buildPermissionMap()
Build map of context and actions.
ilClaimingPermissionHelper\hasPermission
hasPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission.
Definition: class.ilClaimingPermissionHelper.php:199
ilClaimingPermissionHelper\getValidContextIds
getValidContextIds($a_context_type)
Get context ids for context type (uses cache)
Definition: class.ilClaimingPermissionHelper.php:182
ilClaimingPermissionHelper\getActivePlugins
getActivePlugins()
Get active plugins (for current slot)
ilClaimingPermissionHelper\checkPlugins
checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission against plugins.
Definition: class.ilClaimingPermissionHelper.php:277
ilClaimingPermissionHelper\hasPermissions
hasPermissions($a_context_type, $a_context_id, array $a_action_ids)
Check permissions.
Definition: class.ilClaimingPermissionHelper.php:215
ilClaimingPermissionHelper\checkRBAC
checkRBAC()
Check permission against RBAC.
Definition: class.ilClaimingPermissionHelper.php:253
ilClaimingPermissionHelper\checkPermission
checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission (helper: rbac, plugins)
Definition: class.ilClaimingPermissionHelper.php:242
ilClaimingPermissionHelper\getInstance
static getInstance($a_user_id=null, $a_ref_id=null)
Factory.
Definition: class.ilClaimingPermissionHelper.php:47
ilClaimingPermissionHelper\isValidContextAndAction
isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check if given combination of context and action is valid.
Definition: class.ilClaimingPermissionHelper.php:145
ilClaimingPermissionHelper\__construct
__construct($a_user_id, $a_ref_id)
Constructor.
Definition: class.ilClaimingPermissionHelper.php:32
ilClaimingPermissionHelper\readContextIds
readContextIds($a_context_type)
Get all context ids for context type (from DB, is cached)
$valid
$valid
Definition: dummy_client.php:52
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilUser
$ilUser
Definition: imgupload.php:18
$a_context_id
$a_context_id
Definition: workflow.php:97
$a_context_type
$a_context_type
Definition: workflow.php:96