90 $this->results = array();
97 $this->condition =
true;
100 $this->obj_id_cache = array();
101 $this->obj_type_cache = array();
102 $this->obj_tree_cache = array();
113 public function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id =
"", $a_info =
"")
117 if ($a_user_id ==
"") {
128 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
129 array(
"granted" => $a_access_granted,
"info" => $a_info,
132 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
133 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
134 $this->last_info = $a_info;
146 $this->prevent_caching_last_result = $a_val;
154 return $this->prevent_caching_last_result;
164 if ($a_user_id ==
"") {
173 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
174 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
185 $query =
"DELETE FROM acc_cache WHERE user_id = " .
$ilDB->quote(
$ilUser->getId(),
'integer');
188 $ilDB->insert(
'acc_cache', array(
189 'user_id' => array(
'integer',
$ilUser->getId()),
190 'time' => array(
'integer',time()),
191 'result' => array(
'clob',serialize($this->results))
202 $query =
"SELECT * FROM acc_cache WHERE user_id = " .
206 if ((time() - $rec[
"time"]) < $a_secs) {
207 $this->results = unserialize($rec[
"result"]);
226 $this->results = $a_results;
234 $this->current_info->addInfoItem(
$a_type, $a_text, $a_data);
240 public function checkAccess($a_permission, $a_cmd, $a_ref_id,
$a_type =
"", $a_obj_id =
"", $a_tree_id=
"")
244 return $this->
checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id,
$a_type, $a_obj_id, $a_tree_id);
256 $ilBench->start(
"AccessControl",
"0400_clear_info");
257 $this->current_info->clear();
258 $ilBench->stop(
"AccessControl",
"0400_clear_info");
262 $cached = $this->
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
263 if ($cached[
"hit"]) {
265 if (!$cached[
"granted"]) {
268 if ($cached[
"prevent_db_cache"]) {
271 return $cached[
"granted"];
274 $ilBench->start(
"AccessControl",
"0500_lookup_id_and_type");
276 if ($a_obj_id ==
"") {
277 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
278 $a_obj_id = $this->obj_id_cache[$a_ref_id];
281 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
285 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] !=
"") {
286 $a_type = $this->obj_type_cache[$a_ref_id];
289 $this->obj_type_cache[$a_ref_id] =
$a_type;
293 $ilBench->stop(
"AccessControl",
"0500_lookup_id_and_type");
297 if ($a_tree_id != 1 &&
298 !$this->
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
312 $act_check = $this->
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
320 $par_check = $this->
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
362 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
370 return $this->last_result;
377 if ($a_ref_id ==
"") {
381 return $this->results[$a_ref_id];
387 public function doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
392 $ilBench->start(
"AccessControl",
"1000_checkAccess_get_cache_result");
395 if (is_array($stored_access)) {
396 $this->current_info = $stored_access[
"info"];
398 $ilBench->stop(
"AccessControl",
"1000_checkAccess_get_cache_result");
399 return array(
"hit" =>
true,
"granted" => $stored_access[
"granted"],
400 "prevent_db_cache" => $stored_access[
"prevent_db_cache"]);
404 $ilBench->stop(
"AccessControl",
"1000_checkAccess_get_cache_result");
405 return array(
"hit" =>
false,
"granted" =>
false,
406 "prevent_db_cache" =>
false);
412 public function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
418 $tree_cache_key = $a_user_id .
':' . $a_ref_id;
419 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
421 if (!$this->obj_tree_cache[$tree_cache_key]) {
424 $this->
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
426 return $this->obj_tree_cache[$tree_cache_key];
429 $ilBench->start(
"AccessControl",
"2000_checkAccess_in_tree");
431 if (!
$tree->isInTree($a_ref_id) or
$tree->isDeleted($a_ref_id)) {
436 if (count($this->obj_tree_cache) < 1000) {
437 $this->obj_tree_cache[$tree_cache_key] =
false;
441 $this->current_info->addInfoItem(
IL_DELETED,
$lng->txt(
"object_deleted"));
444 $ilBench->stop(
"AccessControl",
"2000_checkAccess_in_tree");
453 if (count($this->obj_tree_cache) < 1000) {
454 $this->obj_tree_cache[$tree_cache_key] =
true;
460 $ilBench->stop(
"AccessControl",
"2000_checkAccess_in_tree");
471 $ilBench->start(
"AccessControl",
"2500_checkAccess_rbac_check");
473 if ($a_permission ==
"") {
475 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
483 if (isset($this->stored_rbac_access[$a_user_id .
"-" . $a_permission .
"-" . $a_ref_id])) {
484 $access = $this->stored_rbac_access[$a_user_id .
"-" . $a_permission .
"-" . $a_ref_id];
486 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id,
$a_type);
487 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
488 if ($a_permission !=
"create") {
489 $this->stored_rbac_access[$a_user_id .
"-" . $a_permission .
"-" . $a_ref_id] = $access;
498 if ($a_permission !=
"create") {
501 $ilBench->stop(
"AccessControl",
"2500_checkAccess_rbac_check");
509 public function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all =
false)
514 $ilBench->start(
"AccessControl",
"3100_checkAccess_check_parents_get_path");
525 $ilBench->stop(
"AccessControl",
"3100_checkAccess_check_parents_get_path");
528 if ($a_ref_id ==
$id) {
534 if ($access ==
false) {
539 if ($a_all ==
false) {
555 $ilBench->start(
"AccessControl",
"3150_checkAccess_check_course_activation");
557 $cache_perm = ($a_permission ==
"visible")
563 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
564 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
565 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
569 if ($a_permission ==
'write') {
570 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
575 if ($a_user_id ==
$ilUser->getId()) {
577 include_once
'./Services/Container/classes/class.ilMemberViewSettings.php';
579 if ($memview->isActiveForRefId($a_ref_id) &&
580 $memview->getContainer() == $a_ref_id) {
585 include_once
'Services/Object/classes/class.ilObjectActivation.php';
589 if ($item_data ===
null ||
591 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
592 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
597 if ((time() >= $item_data[
'timing_start']) and
598 (time() <= $item_data[
'timing_end'])) {
599 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
600 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
606 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
607 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
612 if ($a_permission ==
'visible' and $item_data[
'visible']) {
613 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
614 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
619 if ($a_permission ==
'read_learning_progress') {
620 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
true;
621 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
626 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] =
false;
627 $ilBench->stop(
"AccessControl",
"3150_checkAccess_check_course_activation");
640 ($a_permission ==
'visible') and
647 $this->current_info->addInfoItem(
649 $lng->txt(
"missing_precondition") .
": " .
658 $ilBench->stop(
"AccessControl",
"4000_checkAccess_condition_check");
663 if (($a_permission ==
"read" or $a_permission ==
'join') &&
665 $ilBench->start(
"AccessControl",
"4000_checkAccess_condition_check");
669 $this->current_info->addInfoItem(
671 $lng->txt(
"missing_precondition") .
": " .
678 $ilBench->stop(
"AccessControl",
"4000_checkAccess_condition_check");
681 $ilBench->stop(
"AccessControl",
"4000_checkAccess_condition_check");
692 global $objDefinition,
$ilBench, $ilPluginAdmin;
694 $ilBench->start(
"AccessControl",
"5000_checkAccess_object_check");
697 if ($objDefinition->isPluginTypeName(
$a_type) && !$objDefinition->isPlugin(
$a_type)) {
704 $class = $objDefinition->getClassName(
$a_type);
706 $full_class =
"ilObj" . $class .
"Access";
709 $this->ac_logger->error(
"Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
713 include_once(
$location .
"/class." . $full_class .
".php");
716 $full_class =
new $full_class();
718 $obj_access = call_user_func(
719 array($full_class,
"_checkAccess"),
726 if (!($obj_access ===
true)) {
733 $ilBench->stop(
"AccessControl",
"5000_checkAccess_object_check");
738 $ilBench->stop(
"AccessControl",
"5000_checkAccess_object_check");
750 if (!in_array(
$a_type, array(
'sahs',
'htlm'))
751 or !in_array($a_permission, array(
'read'))) {
754 require_once(
"Services/License/classes/class.ilLicenseAccess.php");
778 $this->current_info->addInfoItem(IL_NO_LICENSE,
$lng->txt(
"no_license_available"));
788 $this->results = array();
789 $this->last_result =
"";
791 $this->stored_rbac_access = [];
798 $this->$a_str = $a_bool;
sprintf('%.4f', $callTime)
An exception for terminatinating execution or to throw for unit testing.
const IL_MISSING_PRECONDITION
const IL_NO_PARENT_ACCESS
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
doLicenseCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for available licensesmixed
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
hasCurrentUserAnyPositionAccess($ref_id)
bool
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check for course activationbool
getResultAll($a_ref_id="")
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
getResultLast()
get last info object
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
getInfo()
get last info object
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
setPreventCachingLastResult($a_val)
Set prevent caching last result.
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static _getConditionsOfTarget($a_target_ref_id, $a_target_obj_id, $a_target_type="")
get all conditions of target object
static lookupHiddenStatusByTarget($a_target_ref_id)
Lookup hidden status @global type $ilDB.
static _isEnabled()
Check, if licencing is enabled This check is called from the ilAccessHandler class.
static _checkAccess($a_usr_id, $a_obj_id)
Check, if a user can access an object by license.
static getLogger($a_component_id)
Get component logger.
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
Class ilOrgUnitPositionAccess.
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
hasCurrentUserAnyPositionAccess($ref_id)
bool
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
if(!array_key_exists('StateId', $_REQUEST)) $id
Interface ilAccessHandler.
catch(Exception $e) $message
foreach($_POST as $key=> $value) $res