90        $this->results = array();
 
   97        $this->condition = 
true;
 
  100        $this->obj_id_cache = array();
 
  101        $this->obj_type_cache = array();
 
  102        $this->obj_tree_cache = array();
 
  113    public function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = 
"", $a_info = 
"")
 
  117        if ($a_user_id == 
"") {
 
  128            $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
 
  129                    array(
"granted" => $a_access_granted, 
"info" => $a_info,
 
  132            $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
 
  133            $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
 
  134            $this->last_info = $a_info;
 
  146        $this->prevent_caching_last_result = $a_val;
 
  154        return $this->prevent_caching_last_result;
 
  164        if ($a_user_id == 
"") {
 
  173        if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
 
  174            return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
 
  185        $query = 
"DELETE FROM acc_cache WHERE user_id = " . 
$ilDB->quote(
$ilUser->getId(), 
'integer');
 
  188        $ilDB->insert(
'acc_cache', array(
 
  189            'user_id'   =>      array(
'integer',
$ilUser->getId()),
 
  190            'time'              =>      array(
'integer',time()),
 
  191            'result'    =>      array(
'clob',serialize($this->results))
 
  202            $query = 
"SELECT * FROM acc_cache WHERE user_id = " .
 
  206            if ((time() - $rec[
"time"]) < $a_secs) {
 
  207                $this->results = unserialize($rec[
"result"]);
 
  226        $this->results = $a_results;
 
  234        $this->current_info->addInfoItem(
$a_type, $a_text, $a_data);
 
  240    public function checkAccess($a_permission, $a_cmd, $a_ref_id, 
$a_type = 
"", $a_obj_id = 
"", $a_tree_id=
"")
 
  244        return $this->
checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, 
$a_type, $a_obj_id, $a_tree_id);
 
  256        $ilBench->start(
"AccessControl", 
"0400_clear_info");
 
  257        $this->current_info->clear();
 
  258        $ilBench->stop(
"AccessControl", 
"0400_clear_info");
 
  262        $cached = $this->
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
 
  263        if ($cached[
"hit"]) {
 
  265            if (!$cached[
"granted"]) {
 
  268            if ($cached[
"prevent_db_cache"]) {
 
  271            return $cached[
"granted"];
 
  274        $ilBench->start(
"AccessControl", 
"0500_lookup_id_and_type");
 
  276        if ($a_obj_id == 
"") {
 
  277            if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
 
  278                $a_obj_id = $this->obj_id_cache[$a_ref_id];
 
  281                $this->obj_id_cache[$a_ref_id] = $a_obj_id;
 
  285            if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != 
"") {
 
  286                $a_type = $this->obj_type_cache[$a_ref_id];
 
  289                $this->obj_type_cache[$a_ref_id] = 
$a_type;
 
  293        $ilBench->stop(
"AccessControl", 
"0500_lookup_id_and_type");
 
  297        if ($a_tree_id != 1 &&
 
  298            !$this->
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
 
  312        $act_check = $this->
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
 
  320        $par_check = $this->
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
 
  362        return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
 
  370        return $this->last_result;
 
  377        if ($a_ref_id == 
"") {
 
  381        return $this->results[$a_ref_id];
 
  387    public function doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 
  392        $ilBench->start(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  395        if (is_array($stored_access)) {
 
  396            $this->current_info = $stored_access[
"info"];
 
  398            $ilBench->stop(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  399            return array(
"hit" => 
true, 
"granted" => $stored_access[
"granted"],
 
  400                "prevent_db_cache" => $stored_access[
"prevent_db_cache"]);
 
  404        $ilBench->stop(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  405        return array(
"hit" => 
false, 
"granted" => 
false,
 
  406            "prevent_db_cache" => 
false);
 
  412    public function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 
  418        $tree_cache_key = $a_user_id . 
':' . $a_ref_id;
 
  419        if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
 
  421            if (!$this->obj_tree_cache[$tree_cache_key]) {
 
  424            $this->
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
 
  426            return $this->obj_tree_cache[$tree_cache_key];
 
  429        $ilBench->start(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  431        if (!
$tree->isInTree($a_ref_id) or 
$tree->isDeleted($a_ref_id)) {
 
  436            if (count($this->obj_tree_cache) < 1000) {
 
  437                $this->obj_tree_cache[$tree_cache_key] = 
false;
 
  441            $this->current_info->addInfoItem(
IL_DELETED, 
$lng->txt(
"object_deleted"));
 
  444            $ilBench->stop(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  453        if (count($this->obj_tree_cache) < 1000) {
 
  454            $this->obj_tree_cache[$tree_cache_key] = 
true;
 
  460        $ilBench->stop(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  471        $ilBench->start(
"AccessControl", 
"2500_checkAccess_rbac_check");
 
  473        if ($a_permission == 
"") {
 
  475                    '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
 
  483        if (isset($this->stored_rbac_access[$a_user_id . 
"-" . $a_permission . 
"-" . $a_ref_id])) {
 
  484            $access = $this->stored_rbac_access[$a_user_id . 
"-" . $a_permission . 
"-" . $a_ref_id];
 
  486            $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, 
$a_type);
 
  487            if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
 
  488                if ($a_permission != 
"create") {
 
  489                    $this->stored_rbac_access[$a_user_id . 
"-" . $a_permission . 
"-" . $a_ref_id] = $access;
 
  498        if ($a_permission != 
"create") {
 
  501        $ilBench->stop(
"AccessControl", 
"2500_checkAccess_rbac_check");
 
  509    public function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = 
false)
 
  514        $ilBench->start(
"AccessControl", 
"3100_checkAccess_check_parents_get_path");
 
  525        $ilBench->stop(
"AccessControl", 
"3100_checkAccess_check_parents_get_path");
 
  528            if ($a_ref_id == 
$id) {
 
  534            if ($access == 
false) {
 
  539                if ($a_all == 
false) {
 
  555        $ilBench->start(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  557        $cache_perm = ($a_permission == 
"visible")
 
  563        if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
 
  564            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  565            return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
 
  569        if ($a_permission == 
'write') {
 
  570            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  575        if ($a_user_id == 
$ilUser->getId()) {
 
  577            include_once 
'./Services/Container/classes/class.ilMemberViewSettings.php';
 
  579            if ($memview->isActiveForRefId($a_ref_id) &&
 
  580                $memview->getContainer() == $a_ref_id) {
 
  585        include_once 
'Services/Object/classes/class.ilObjectActivation.php';
 
  589        if ($item_data === 
null ||
 
  591            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  592            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  597        if ((time() >= $item_data[
'timing_start']) and
 
  598           (time() <= $item_data[
'timing_end'])) {
 
  599            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  600            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  606            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  607            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  612        if ($a_permission == 
'visible' and $item_data[
'visible']) {
 
  613            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  614            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  619        if ($a_permission == 
'read_learning_progress') {
 
  620            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  621            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  626        $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
false;
 
  627        $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  640            ($a_permission == 
'visible') and
 
  647                        $this->current_info->addInfoItem(
 
  649                            $lng->txt(
"missing_precondition") . 
": " .
 
  658                $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  663        if (($a_permission == 
"read" or $a_permission == 
'join') &&
 
  665            $ilBench->start(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  669                    $this->current_info->addInfoItem(
 
  671                        $lng->txt(
"missing_precondition") . 
": " .
 
  678                $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  681            $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  692        global $objDefinition, 
$ilBench, $ilPluginAdmin;
 
  694        $ilBench->start(
"AccessControl", 
"5000_checkAccess_object_check");
 
  697        if ($objDefinition->isPluginTypeName(
$a_type) && !$objDefinition->isPlugin(
$a_type)) {
 
  704        $class = $objDefinition->getClassName(
$a_type);
 
  706        $full_class = 
"ilObj" . $class . 
"Access";
 
  709            $this->ac_logger->error(
"Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
 
  713        include_once(
$location . 
"/class." . $full_class . 
".php");
 
  716        $full_class = 
new $full_class();
 
  718        $obj_access = call_user_func(
 
  719            array($full_class, 
"_checkAccess"),
 
  726        if (!($obj_access === 
true)) {
 
  733            $ilBench->stop(
"AccessControl", 
"5000_checkAccess_object_check");
 
  738        $ilBench->stop(
"AccessControl", 
"5000_checkAccess_object_check");
 
  750        if (!in_array(
$a_type, array(
'sahs',
'htlm'))
 
  751        or  !in_array($a_permission, array(
'read'))) {
 
  754            require_once(
"Services/License/classes/class.ilLicenseAccess.php");
 
  778            $this->current_info->addInfoItem(IL_NO_LICENSE, 
$lng->txt(
"no_license_available"));
 
  788        $this->results = array();
 
  789        $this->last_result = 
"";
 
  791        $this->stored_rbac_access = [];
 
  798        $this->$a_str = $a_bool;
 
sprintf('%.4f', $callTime)
An exception for terminatinating execution or to throw for unit testing.
const IL_MISSING_PRECONDITION
const IL_NO_PARENT_ACCESS
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licensesmixed
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
hasCurrentUserAnyPositionAccess($ref_id)
bool
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activationbool
getResultAll($a_ref_id="")
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
getResultLast()
get last info object
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
getInfo()
get last info object
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
setPreventCachingLastResult($a_val)
Set prevent caching last result.
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
static getLogger($a_component_id)
Get component logger.
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
Class ilOrgUnitPositionAccess.
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
hasCurrentUserAnyPositionAccess($ref_id)
bool
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
if(!array_key_exists('StateId', $_REQUEST)) $id
Interface ilAccessHandler.
catch(Exception $e) $message
foreach($_POST as $key=> $value) $res