ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilAccess.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
19class ilAccess implements ilAccessHandler
20{
21
29 protected $obj_tree_cache;
33 protected $obj_type_cache;
37 protected $obj_id_cache;
41 protected $status;
45 protected $path;
49 protected $condition;
53 protected $tree;
57 protected $rbac;
61 protected $cache;
65 protected $current_info;
69 protected $results;
73 protected $rbacsystem;
77 protected $stored_rbac_access = array();
78
79
83 protected $ac_logger;
84
85 public function __construct()
86 {
87 global $rbacsystem;
88
89 $this->rbacsystem = $rbacsystem;
90 $this->results = array();
91 $this->current_info = new ilAccessInfo();
92
93 // use function enable to switch on/off tests (only cache is used so far)
94 $this->cache = true;
95 $this->rbac = true;
96 $this->tree = true;
97 $this->condition = true;
98 $this->path = true;
99 $this->status = true;
100 $this->obj_id_cache = array();
101 $this->obj_type_cache = array();
102 $this->obj_tree_cache = array();
103
105
106 $this->ac_logger = ilLoggerFactory::getLogger('ac');
107 }
108
109
113 public function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "", $a_info = "")
114 {
115 global $ilUser;
116
117 if ($a_user_id == "") {
118 $a_user_id = $ilUser->getId();
119 }
120
121 if ($a_info == "") {
122 $a_info = $this->current_info;
123 }
124
125 //var_dump("<pre>",$a_permission,"</pre>");
126
127 if ($this->cache) {
128 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
129 array("granted" => $a_access_granted, "info" => $a_info,
130 "prevent_db_cache" => $this->getPreventCachingLastResult());
131 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
132 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
133 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
134 $this->last_info = $a_info;
135 }
136
137 // get new info object
138 $this->current_info = new ilAccessInfo();
139 }
140
144 public function setPreventCachingLastResult($a_val)
145 {
146 $this->prevent_caching_last_result = $a_val;
147 }
148
153 {
154 return $this->prevent_caching_last_result;
155 }
156
160 public function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
161 {
162 global $ilUser;
163
164 if ($a_user_id == "") {
165 $a_user_id = $ilUser->getId();
166 }
167
168 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
169 {
170 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
171 }*/
172
173 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
174 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
175 }
176 return false;
177 }
181 public function storeCache()
182 {
183 global $ilDB, $ilUser;
184
185 $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
186 $res = $ilDB->manipulate($query);
187
188 $ilDB->insert('acc_cache', array(
189 'user_id' => array('integer',$ilUser->getId()),
190 'time' => array('integer',time()),
191 'result' => array('clob',serialize($this->results))
192 ));
193 }
197 public function readCache($a_secs = 0)
198 {
199 global $ilUser, $ilDB;
200
201 if ($a_secs > 0) {
202 $query = "SELECT * FROM acc_cache WHERE user_id = " .
203 $ilDB->quote($ilUser->getId(), 'integer');
204 $set = $ilDB->query($query);
205 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
206 if ((time() - $rec["time"]) < $a_secs) {
207 $this->results = unserialize($rec["result"]);
208 //var_dump($this->results);
209 return true;
210 }
211 }
212 return false;
213 }
217 public function getResults()
218 {
219 return $this->results;
220 }
224 public function setResults($a_results)
225 {
226 $this->results = $a_results;
227 }
228
232 public function addInfoItem($a_type, $a_text, $a_data = "")
233 {
234 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
235 }
236
240 public function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
241 {
242 global $ilUser;
243
244 return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
245 }
246
250 public function checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id="")
251 {
252 global $ilBench, $lng;
253
254 $this->setPreventCachingLastResult(false); // for external db based caches
255
256 $ilBench->start("AccessControl", "0400_clear_info");
257 $this->current_info->clear();
258 $ilBench->stop("AccessControl", "0400_clear_info");
259
260
261 // get stored result (internal memory based cache)
262 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
263 if ($cached["hit"]) {
264 // Store access result
265 if (!$cached["granted"]) {
266 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
267 }
268 if ($cached["prevent_db_cache"]) {
269 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
270 }
271 return $cached["granted"];
272 }
273
274 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
275 // get object id if not provided
276 if ($a_obj_id == "") {
277 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
278 $a_obj_id = $this->obj_id_cache[$a_ref_id];
279 } else {
280 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
281 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
282 }
283 }
284 if ($a_type == "") {
285 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
286 $a_type = $this->obj_type_cache[$a_ref_id];
287 } else {
288 $a_type = ilObject::_lookupType($a_ref_id, true);
289 $this->obj_type_cache[$a_ref_id] = $a_type;
290 }
291 }
292
293 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
294
295 // if supplied tree id is not = 1 (= repository main tree),
296 // check if object is in tree and not deleted
297 if ($a_tree_id != 1 &&
298 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
299 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
300 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
301 return false;
302 }
303
304 // rbac check for current object
305 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
306 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
307 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
308 return false;
309 }
310
311 // Check object activation
312 $act_check = $this->doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
313 if (!$act_check) {
314 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
315 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
316 return false;
317 }
318
319 // check read permission for all parents
320 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
321 if (!$par_check) {
322 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
323 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
324 return false;
325 }
326
327 // condition check (currently only implemented for read permission)
328 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
329 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
330 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
331 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
332 return false;
333 }
334
335 // object type specific check
336 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
337 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
338 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
339 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
340 return false;
341 }
342
343 // check for available licenses
344 if (!$this->doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
345 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
346 return false;
347 }
348
349 // all checks passed
350 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
351 return true;
352 }
353
357 public function getInfo()
358 {
359 //return $this->last_result;
360 //$this->last_info->setQueryData($this->current_result_element);
361 //var_dump("<pre>",$this->results,"</pre>");
362 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
363 }
364
368 public function getResultLast()
369 {
370 return $this->last_result;
371 }
375 public function getResultAll($a_ref_id = "")
376 {
377 if ($a_ref_id == "") {
378 return $this->results;
379 }
380
381 return $this->results[$a_ref_id];
382 }
383
387 public function doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
388 {
389 global $ilBench;
390 //echo "cacheCheck<br/>";
391
392 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
393 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
394 //var_dump($stored_access);
395 if (is_array($stored_access)) {
396 $this->current_info = $stored_access["info"];
397 //var_dump("cache-treffer:");
398 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
399 return array("hit" => true, "granted" => $stored_access["granted"],
400 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
401 }
402
403 // not in cache
404 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
405 return array("hit" => false, "granted" => false,
406 "prevent_db_cache" => false);
407 }
408
412 public function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
413 {
414 global $tree, $lng, $ilBench;
415 //echo "treeCheck<br/>";
416
417 // Get stored result
418 $tree_cache_key = $a_user_id . ':' . $a_ref_id;
419 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
420 // Store access result
421 if (!$this->obj_tree_cache[$tree_cache_key]) {
422 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
423 }
424 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
425
426 return $this->obj_tree_cache[$tree_cache_key];
427 }
428
429 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
430
431 if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
432 // Store negative access results
433
434 // Store in tree cache
435 // Note, we only store up to 1000 results to avoid memory overflow.
436 if (count($this->obj_tree_cache) < 1000) {
437 $this->obj_tree_cache[$tree_cache_key] = false;
438 }
439
440 // Store in result cache
441 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
442 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
443
444 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
445
446 return false;
447 }
448
449 // Store positive access result.
450
451 // Store in tree cache
452 // Note, we only store up to 1000 results to avoid memory overflow.
453 if (count($this->obj_tree_cache) < 1000) {
454 $this->obj_tree_cache[$tree_cache_key] = true;
455 }
456
457 // Store in result cache
458 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
459
460 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
461 return true;
462 }
463
467 public function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
468 {
469 global $lng, $ilBench, $ilErr, $ilLog;
470
471 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
472
473 if ($a_permission == "") {
475 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
476 get_class($this),
477 $a_ref_id
478 );
479 $ilLog->write($message, $ilLog->FATAL);
480 $ilErr->raiseError($message, $ilErr->MESSAGE);
481 }
482
483 if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
484 $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
485 } else {
486 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
487 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
488 if ($a_permission != "create") {
489 $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
490 }
491 }
492 }
493
494 // Store in result cache
495 if (!$access) {
496 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
497 }
498 if ($a_permission != "create") {
499 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
500 }
501 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
502
503 return $access;
504 }
505
509 public function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
510 {
511 global $tree, $lng, $ilBench,$ilObjDataCache;
512 //echo "<br>dopathcheck";
513 //echo "pathCheck<br/>";
514 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
515
516 // if (isset($this->stored_path[$a_ref_id]))
517 // {
518 // $path = $this->stored_path[$a_ref_id];
519 // }
520 // else
521 // {
522 $path = $tree->getPathId($a_ref_id);
523 // $this->stored_path[$a_ref_id] = $path;
524 // }
525 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
526
527 foreach ($path as $id) {
528 if ($a_ref_id == $id) {
529 continue;
530 }
531
532 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
533
534 if ($access == false) {
535
536 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
537 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);
538
539 if ($a_all == false) {
540 return false;
541 }
542 }
543 }
544
545 return true;
546 }
547
551 public function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
552 {
553 global $ilBench,$ilUser;
554
555 $ilBench->start("AccessControl", "3150_checkAccess_check_course_activation");
556
557 $cache_perm = ($a_permission == "visible")
558 ? "visible"
559 : "other";
560
561 //echo "<br>doActivationCheck-$cache_perm-$a_ref_id-$a_user_id-".$ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($a_ref_id));
562
563 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
564 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
565 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
566 }
567
568 // nothings needs to be done if current permission is write permission
569 if ($a_permission == 'write') {
570 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
571 return true;
572 }
573
574 // #10852 - member view check
575 if ($a_user_id == $ilUser->getId()) {
576 // #10905 - activate parent container ONLY
577 include_once './Services/Container/classes/class.ilMemberViewSettings.php';
579 if ($memview->isActiveForRefId($a_ref_id) &&
580 $memview->getContainer() == $a_ref_id) {
581 return true;
582 }
583 }
584
585 include_once 'Services/Object/classes/class.ilObjectActivation.php';
586 $item_data = ilObjectActivation::getItem($a_ref_id);
587
588 // if activation isn't enabled
589 if ($item_data === null ||
590 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
591 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
592 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
593 return true;
594 }
595
596 // if within activation time
597 if ((time() >= $item_data['timing_start']) and
598 (time() <= $item_data['timing_end'])) {
599 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
600 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
601 return true;
602 }
603
604 // if user has write permission
605 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
606 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
607 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
608 return true;
609 }
610
611 // if current permission is visible and visible is set in activation
612 if ($a_permission == 'visible' and $item_data['visible']) {
613 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
614 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
615 return true;
616 }
617
618 // learning progress must be readable, regardless of the activation
619 if ($a_permission == 'read_learning_progress') {
620 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
621 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
622 return true;
623 }
624
625 // no access
626 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
627 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
628 return false;
629 }
630
634 public function doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
635 {
636 //echo "conditionCheck<br/>";
637 global $lng, $ilBench;
638
639 if (
640 ($a_permission == 'visible') and
641 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
642 ) {
644 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
645 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
646 foreach ($conditions as $condition) {
647 $this->current_info->addInfoItem(
649 $lng->txt("missing_precondition") . ": " .
650 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
651 $lng->txt("condition_" . $condition["operator"]) . " " .
652 $condition["value"],
654 );
655 }
656 return false;
657 }
658 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
659 }
660 }
661
662
663 if (($a_permission == "read" or $a_permission == 'join') &&
664 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
665 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
666 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
667 $conditions = ilConditionHandler::_getConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
668 foreach ($conditions as $condition) {
669 $this->current_info->addInfoItem(
671 $lng->txt("missing_precondition") . ": " .
672 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
673 $lng->txt("condition_" . $condition["operator"]) . " " .
674 $condition["value"],
676 );
677 }
678 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
679 return false;
680 }
681 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
682 }
683
684 return true;
685 }
686
690 public function doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
691 {
692 global $objDefinition, $ilBench, $ilPluginAdmin;
693 //echo "statusCheck<br/>";
694 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
695
696 // check for a deactivated plugin
697 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type)) {
698 return false;
699 }
700 if (!$a_type) {
701 return false;
702 }
703
704 $class = $objDefinition->getClassName($a_type);
705 $location = $objDefinition->getLocation($a_type);
706 $full_class = "ilObj" . $class . "Access";
707
708 if ($class == "") {
709 $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
710 return false;
711 }
712
713 include_once($location . "/class." . $full_class . ".php");
714 // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
715
716 $full_class = new $full_class();
717
718 $obj_access = call_user_func(
719 array($full_class, "_checkAccess"),
720 $a_cmd,
721 $a_permission,
722 $a_ref_id,
723 $a_obj_id,
724 $a_user_id
725 );
726 if (!($obj_access === true)) {
727 //Note: We must not add an info item here, because one is going
728 // to be added by the user function we just called a few
729 // lines above.
730 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
731
732 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
733 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
734 return false;
735 }
736
737 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
738 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
739 return true;
740 }
741
745 public function doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
746 {
747 global $lng;
748
749 // simple checks first
750 if (!in_array($a_type, array('sahs','htlm'))
751 or !in_array($a_permission, array('read'))) {
752 $has_access = true;
753 } else {
754 require_once("Services/License/classes/class.ilLicenseAccess.php");
755
756 // licensing globally disabled => access granted
758 $has_access = true;
759 }
760 /* resolved mantis issue #5288:
761 * admins should not automatically have read access!
762 * their read access will also be noted and consume a license
763 elseif ($this->rbacsystem->checkAccessOfUser($a_user_id, "edit_permissions", $a_ref_id))
764 {
765 $has_access = true;
766 }
767 */
768 // now do the real check
769 else {
770 $has_access = ilLicenseAccess::_checkAccess($a_user_id, $a_obj_id);
771 }
772 }
773
774 if ($has_access) {
775 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
776 return true;
777 } else {
778 $this->current_info->addInfoItem(IL_NO_LICENSE, $lng->txt("no_license_available"));
779 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
780 return false;
781 }
782 }
786 public function clear()
787 {
788 $this->results = array();
789 $this->last_result = "";
790 $this->current_info = new ilAccessInfo();
791 $this->stored_rbac_access = [];
792 }
796 public function enable($a_str, $a_bool)
797 {
798 $this->$a_str = $a_bool;
799 }
800
801
802
803 //
804 // OrgUnit Positions
805 //
806
810 public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
811 {
813 }
814
818 public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
819 {
820 return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
821 }
822
826 public function isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
827 {
828 return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
829 }
830
834 public function isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
835 {
836 return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
837 }
838
842 public function checkPositionAccess($pos_perm, $ref_id)
843 {
844 return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
845 }
846
850 public function checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
851 {
852 return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
853 }
854
858 public function filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
859 {
860 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
861 }
862
866 public function filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
867 {
868 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
869 }
870
874 public function filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
875 {
876 return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
877 }
878
882 public function hasCurrentUserAnyPositionAccess($ref_id)
883 {
885 }
886
890 public function hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
891 {
892 return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
893 }
894}
sprintf('%.4f', $callTime)
$location
Definition: buildRTE.php:44
An exception for terminatinating execution or to throw for unit testing.
const IL_MISSING_PRECONDITION
const IL_NO_PARENT_ACCESS
const IL_NO_PERMISSION
const IL_DELETED
class ilAccessInfo
Class ilAccessHandler.
readCache($a_secs=0)
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licensesmixed
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
hasCurrentUserAnyPositionAccess($ref_id)
bool
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activationbool
getResultAll($a_ref_id="")
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
$ilOrgUnitPositionAccess
enable($a_str, $a_bool)
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
getResultLast()
get last info object
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
setResults($a_results)
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
getInfo()
get last info object
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
setPreventCachingLastResult($a_val)
Set prevent caching last result.
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
static getLogger($a_component_id)
Get component logger.
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
Class ilOrgUnitPositionAccess.
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
if(!array_key_exists('StateId', $_REQUEST)) $id
global $ilBench
Definition: ilias.php:18
Interface ilAccessHandler.
catch(Exception $e) $message
global $lng
Definition: privfeed.php:17
$query
global $ilErr
Definition: raiseError.php:16
foreach($_POST as $key=> $value) $res
global $ilDB
$ilUser
Definition: imgupload.php:18
$a_type
Definition: workflow.php:92