ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Attributes
ilAccess Class Reference
Services/AccessControl

Class ilAccessHandler. More...

+ Inheritance diagram for ilAccess:
+ Collaboration diagram for ilAccess:

Public Member Functions

 __construct ()
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access resultprivate
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)
More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result.
Parameters
booleantrue if last result should not be cached
More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result.
Returns
boolean true if last result should not be cached
More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access resultprivate
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object
More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool
More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool
More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 
Parameters
$a_str
$a_bool
More...
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
 
Parameters
int[]$user_ids List of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions
More...
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
 
Parameters
int[]$user_ids List of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions
More...
 
 isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
 
Parameters
string$permission
int[]$on_user_ids List of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
 
Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_ids List of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkPositionAccess ($pos_perm, $ref_id)
 
Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool
More...
 
 filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
 
Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
 
Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]
More...
 
 hasCurrentUserAnyPositionAccess ($ref_id)
 
Parameters
int$ref_id
Returns
bool
More...
 
 hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
 
Parameters
string$rbac_perm
int$ref_id
Returns
bool
More...
 
- Public Member Functions inherited from ilRBACAccessHandler
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for activation and centralized offline status. More...
 

Protected Attributes

 $ilOrgUnitPositionAccess
 
 $obj_tree_cache
 
 $obj_type_cache
 
 $obj_id_cache
 
 $status
 
 $path
 
 $condition
 
 $tree
 
 $rbac
 
 $cache
 
 $current_info
 
 $results
 
 $rbacsystem
 
 $stored_rbac_access = array()
 
 $ac_logger
 

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author
Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 19 of file class.ilAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilAccess::__construct ( )

Definition at line 85 of file class.ilAccess.php.

References $DIC, $rbacsystem, and ilLoggerFactory\getLogger().

86  {
87  global $DIC;
88 
89  $rbacsystem = $DIC['rbacsystem'];
90 
91  $this->rbacsystem = $rbacsystem;
92  $this->results = array();
93  $this->current_info = new ilAccessInfo();
94 
95  // use function enable to switch on/off tests (only cache is used so far)
96  $this->cache = true;
97  $this->rbac = true;
98  $this->tree = true;
99  $this->condition = true;
100  $this->path = true;
101  $this->status = true;
102  $this->obj_id_cache = array();
103  $this->obj_type_cache = array();
104  $this->obj_tree_cache = array();
105 
106  $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();
107 
108  $this->ac_logger = ilLoggerFactory::getLogger('ac');
109  }
$DIC
global $DIC
Definition: saml.php:7
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
+ Here is the call graph for this function:

Member Function Documentation

◆ addInfoItem()

ilAccess::addInfoItem (   $a_type,
  $a_text,
  $a_data = "" 
)

add an info item to current info object

Implements ilRBACAccessHandler.

Definition at line 244 of file class.ilAccess.php.

References $a_type.

245  {
246  $this->current_info->addInfoItem($a_type, $a_text, $a_data);
247  }
$a_type
$a_type
Definition: workflow.php:92

◆ checkAccess()

ilAccess::checkAccess (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 252 of file class.ilAccess.php.

References $a_type, $DIC, $ilUser, and checkAccessOfUser().

Referenced by ilLocalUserGUI\__checkGlobalRoles(), ilLocalUserGUI\__showRolesTable(), ilOrgUnitStaffGUI\addOtherRoles(), ilOrgUnitStaffGUI\addStaff(), ilObjStudyProgrammeGUI\addToNavigationHistory(), ilLocalUserGUI\assignRoles(), ilLocalUserGUI\assignSave(), ilObjStudyProgrammeGUI\checkAccess(), ilLocalUserGUI\checkPermission(), ilOrgUnitSimpleImportGUI\chooseImport(), ilOrgUnitStaffGUI\confirmRemoveUser(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editSettings(), ilObjOrgUnitGUI\executeCommand(), ilOrgUnitStaffGUI\fromEmployeeToSuperior(), ilOrgUnitStaffGUI\fromSuperiorToEmployee(), ilObjStudyProgrammeAdminGUI\initFormSettings(), ilOrgUnitStaffGUI\removeFromEmployees(), ilOrgUnitStaffGUI\removeFromRole(), ilOrgUnitStaffGUI\removeFromSuperiors(), ilOrgUnitStaffGUI\setTabs(), ilOrgUnitStaffGUI\showOtherRoles(), ilOrgUnitStaffGUI\showStaff(), ilObjStudyProgrammeGUI\updateAdvancedSettings(), ilObjOrgUnitGUI\updateAdvancedSettings(), and ilObjOrgUnitGUI\updateSettings().

253  {
254  global $DIC;
255 
256  $ilUser = $DIC['ilUser'];
257 
258  return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
259  }
$DIC
global $DIC
Definition: saml.php:7
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:264
$a_type
$a_type
Definition: workflow.php:92
$ilUser
$ilUser
Definition: imgupload.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkAccessOfUser()

ilAccess::checkAccessOfUser (   $a_user_id,
  $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 264 of file class.ilAccess.php.

References $a_type, $DIC, $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), ilRBACAccessHandler\doActivationCheck(), doCacheCheck(), doConditionCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doConditionCheck(), doPathCheck(), and ilSearchResult\filter().

265  {
266  global $DIC;
267 
268  $ilBench = $DIC['ilBench'];
269  $lng = $DIC['lng'];
270 
271  $this->setPreventCachingLastResult(false); // for external db based caches
272 
273  $ilBench->start("AccessControl", "0400_clear_info");
274  $this->current_info->clear();
275  $ilBench->stop("AccessControl", "0400_clear_info");
276 
277 
278  // get stored result (internal memory based cache)
279  $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
280  if ($cached["hit"]) {
281  // Store access result
282  if (!$cached["granted"]) {
283  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
284  }
285  if ($cached["prevent_db_cache"]) {
286  $this->setPreventCachingLastResult(true); // should have been saved in previous call already
287  }
288  return $cached["granted"];
289  }
290 
291  $ilBench->start("AccessControl", "0500_lookup_id_and_type");
292  // get object id if not provided
293  if ($a_obj_id == "") {
294  if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
295  $a_obj_id = $this->obj_id_cache[$a_ref_id];
296  } else {
297  $a_obj_id = ilObject::_lookupObjId($a_ref_id);
298  $this->obj_id_cache[$a_ref_id] = $a_obj_id;
299  }
300  }
301  if ($a_type == "") {
302  if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
303  $a_type = $this->obj_type_cache[$a_ref_id];
304  } else {
305  $a_type = ilObject::_lookupType($a_ref_id, true);
306  $this->obj_type_cache[$a_ref_id] = $a_type;
307  }
308  }
309 
310  $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
311 
312  // if supplied tree id is not = 1 (= repository main tree),
313  // check if object is in tree and not deleted
314  if ($a_tree_id != 1 &&
315  !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
316  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
317  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
318  return false;
319  }
320 
321  // rbac check for current object
322  if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
323  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
324  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
325  return false;
326  }
327 
328  // Check object activation
329  $act_check = $this->doActivationCheck(
330  $a_permission,
331  $a_cmd,
332  $a_ref_id,
333  $a_user_id,
334  $a_obj_id,
335  $a_type
336  );
337 
338  if (!$act_check) {
339  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
340  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
341  return false;
342  }
343 
344  // check read permission for all parents
345  $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
346  if (!$par_check) {
347  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
348  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
349  return false;
350  }
351 
352  // condition check (currently only implemented for read permission)
353  if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
354  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
355  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
356  $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
357  return false;
358  }
359 
360  // object type specific check
361  if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
362  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
363  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
364  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
365  return false;
366  }
367 
368  // all checks passed
369  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
370  return true;
371  }
ilRBACAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for activation and centralized offline status.
$DIC
global $DIC
Definition: saml.php:7
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.true if last result should not be cached
Definition: class.ilAccess.php:148
ilAccess\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
Definition: class.ilAccess.php:741
$a_type
$a_type
Definition: workflow.php:92
ilAccess\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
Definition: class.ilAccess.php:682
$lng
$lng
Definition: save_question_post_data.php:23
ilAccess\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
Definition: class.ilAccess.php:406
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
ilAccess\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
Definition: class.ilAccess.php:539
ilAccess\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
Definition: class.ilAccess.php:492
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccess\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
Definition: class.ilAccess.php:433
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:115
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPositionAccess()

ilAccess::checkPositionAccess (   $pos_perm,
  $ref_id 
)

Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 856 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\checkPositionAccess().

857  {
858  return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
859  }
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
Reference-ID of the desired Object in the treegetAvailablePositionRelatedPermissions for available pe...
Definition: class.ilOrgUnitPositionAccess.php:161
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ checkRbacOrPositionPermissionAccess()

ilAccess::checkRbacOrPositionPermissionAccess (   $rbac_perm,
  $pos_perm,
  $ref_id 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 864 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess().

865  {
866  return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
867  }
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilOrgUnitPositionAccess.php:211
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ clear()

ilAccess::clear ( )

Implements ilRBACAccessHandler.

Definition at line 800 of file class.ilAccess.php.

801  {
802  $this->results = array();
803  $this->last_result = "";
804  $this->current_info = new ilAccessInfo();
805  $this->stored_rbac_access = [];
806  }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39

◆ doCacheCheck()

ilAccess::doCacheCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

look if result for current query is already in cache

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 406 of file class.ilAccess.php.

References $DIC, $ilBench, and getStoredAccessResult().

Referenced by checkAccessOfUser().

407  {
408  global $DIC;
409 
410  $ilBench = $DIC['ilBench'];
411  //echo "cacheCheck<br/>";
412 
413  $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
414  $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
415  //var_dump($stored_access);
416  if (is_array($stored_access)) {
417  $this->current_info = $stored_access["info"];
418  //var_dump("cache-treffer:");
419  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
420  return array("hit" => true, "granted" => $stored_access["granted"],
421  "prevent_db_cache" => $stored_access["prevent_db_cache"]);
422  }
423 
424  // not in cache
425  $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
426  return array("hit" => false, "granted" => false,
427  "prevent_db_cache" => false);
428  }
$DIC
global $DIC
Definition: saml.php:7
ilAccess\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access resultprivatepermission command string reference id user id (if no id passed...
Definition: class.ilAccess.php:164
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doConditionCheck()

ilAccess::doConditionCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

condition check (currently only implemented for read permission)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 682 of file class.ilAccess.php.

References $a_type, $condition, $DIC, $ilBench, $lng, ilConditionHandler\_checkAllConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), and IL_MISSING_PRECONDITION.

Referenced by checkAccessOfUser().

683  {
684  //echo "conditionCheck<br/>";
685  global $DIC;
686 
687  $lng = $DIC['lng'];
688  $ilBench = $DIC['ilBench'];
689 
690  if (
691  ($a_permission == 'visible') and
692  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
693  ) {
694  if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
695  if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
696  $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
697  foreach ($conditions as $condition) {
698  $this->current_info->addInfoItem(
699  IL_MISSING_PRECONDITION,
700  $lng->txt("missing_precondition") . ": " .
701  ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
702  $lng->txt("condition_" . $condition["operator"]) . " " .
703  $condition["value"],
704  $condition
705  );
706  }
707  return false;
708  }
709  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
710  }
711  }
712 
713 
714  if (($a_permission == "read" or $a_permission == 'join') &&
715  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
716  $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
717  if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
718  $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
719  foreach ($conditions as $condition) {
720  $this->current_info->addInfoItem(
721  IL_MISSING_PRECONDITION,
722  $lng->txt("missing_precondition") . ": " .
723  ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
724  $lng->txt("condition_" . $condition["operator"]) . " " .
725  $condition["value"],
726  $condition
727  );
728  }
729  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
730  return false;
731  }
732  $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
733  }
734 
735  return true;
736  }
$DIC
global $DIC
Definition: saml.php:7
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:264
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
$a_type
$a_type
Definition: workflow.php:92
$lng
$lng
Definition: save_question_post_data.php:23
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1200
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doPathCheck()

ilAccess::doPathCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check read permission for all parents

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 539 of file class.ilAccess.php.

References $a_type, $DIC, $id, $ilBench, $ilUser, $lng, $path, $tree, checkAccessOfUser(), ilRBACAccessHandler\doActivationCheck(), ilMemberViewSettings\getInstance(), ilObjectActivation\getItem(), IL_NO_PARENT_ACCESS, ilObject\lookupOfflineStatus(), and ilObjectActivation\TIMINGS_ACTIVATION.

Referenced by checkAccessOfUser().

540  {
541  global $DIC;
542 
543  $tree = $DIC['tree'];
544  $lng = $DIC['lng'];
545  $ilBench = $DIC['ilBench'];
546  $ilObjDataCache = $DIC['ilObjDataCache'];
547  //echo "<br>dopathcheck";
548  //echo "pathCheck<br/>";
549  $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
550 
551  // if (isset($this->stored_path[$a_ref_id]))
552  // {
553  // $path = $this->stored_path[$a_ref_id];
554  // }
555  // else
556  // {
557  $path = $tree->getPathId($a_ref_id);
558  // $this->stored_path[$a_ref_id] = $path;
559  // }
560  $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
561 
562  foreach ($path as $id) {
563  if ($a_ref_id == $id) {
564  continue;
565  }
566 
567  $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
568 
569  if ($access == false) {
570 
571  //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
572  $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);
573 
574  if ($a_all == false) {
575  return false;
576  }
577  }
578  }
579 
580  return true;
581  }
$DIC
global $DIC
Definition: saml.php:7
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:264
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
$lng
$lng
Definition: save_question_post_data.php:23
$ilBench
global $ilBench
Definition: ilias.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doRBACCheck()

ilAccess::doRBACCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_type 
)

rbac check for current object -> type should be used for create permission

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 492 of file class.ilAccess.php.

References $a_type, $DIC, $ilBench, $ilErr, $ilLog, $lng, $message, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

493  {
494  global $DIC;
495 
496  $lng = $DIC['lng'];
497  $ilBench = $DIC['ilBench'];
498  $ilErr = $DIC['ilErr'];
499  $ilLog = $DIC['ilLog'];
500 
501  $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
502 
503  if ($a_permission == "") {
504  $message = sprintf(
505  '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
506  get_class($this),
507  $a_ref_id
508  );
509  $ilLog->write($message, $ilLog->FATAL);
510  $ilErr->raiseError($message, $ilErr->MESSAGE);
511  }
512 
513  if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
514  $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
515  } else {
516  $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
517  if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
518  if ($a_permission != "create") {
519  $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
520  }
521  }
522  }
523 
524  // Store in result cache
525  if (!$access) {
526  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
527  }
528  if ($a_permission != "create") {
529  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
530  }
531  $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
532 
533  return $access;
534  }
$DIC
global $DIC
Definition: saml.php:7
$ilErr
$ilErr
Definition: raiseError.php:18
$a_type
$a_type
Definition: workflow.php:92
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$lng
$lng
Definition: save_question_post_data.php:23
$ilLog
$ilLog
Definition: inc.setup_header.php:123
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:115
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doStatusCheck()

ilAccess::doStatusCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

object type specific check

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 741 of file class.ilAccess.php.

References $a_type, $DIC, $ilBench, $location, and storeAccessResult().

Referenced by checkAccessOfUser().

742  {
743  global $DIC;
744 
745  $objDefinition = $DIC['objDefinition'];
746  $ilBench = $DIC['ilBench'];
747  $ilPluginAdmin = $DIC['ilPluginAdmin'];
748  //echo "statusCheck<br/>";
749  $ilBench->start("AccessControl", "5000_checkAccess_object_check");
750 
751  // check for a deactivated plugin
752  if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type)) {
753  return false;
754  }
755  if (!$a_type) {
756  return false;
757  }
758 
759  $class = $objDefinition->getClassName($a_type);
760  $location = $objDefinition->getLocation($a_type);
761  $full_class = "ilObj" . $class . "Access";
762 
763  if ($class == "") {
764  $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
765  return false;
766  }
767 
768  include_once($location . "/class." . $full_class . ".php");
769  // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
770 
771  $full_class = new $full_class();
772 
773  $obj_access = call_user_func(
774  array($full_class, "_checkAccess"),
775  $a_cmd,
776  $a_permission,
777  $a_ref_id,
778  $a_obj_id,
779  $a_user_id
780  );
781  if (!($obj_access === true)) {
782  //Note: We must not add an info item here, because one is going
783  // to be added by the user function we just called a few
784  // lines above.
785  //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
786 
787  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
788  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
789  return false;
790  }
791 
792  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
793  $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
794  return true;
795  }
$DIC
global $DIC
Definition: saml.php:7
$location
$location
Definition: buildRTE.php:44
$a_type
$a_type
Definition: workflow.php:92
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:115
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doTreeCheck()

ilAccess::doTreeCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

check if object is in tree and not deleted

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 433 of file class.ilAccess.php.

References $DIC, $ilBench, $lng, $tree, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

434  {
435  global $DIC;
436 
437  $tree = $DIC['tree'];
438  $lng = $DIC['lng'];
439  $ilBench = $DIC['ilBench'];
440  //echo "treeCheck<br/>";
441 
442  // Get stored result
443  $tree_cache_key = $a_user_id . ':' . $a_ref_id;
444  if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
445  // Store access result
446  if (!$this->obj_tree_cache[$tree_cache_key]) {
447  $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
448  }
449  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
450 
451  return $this->obj_tree_cache[$tree_cache_key];
452  }
453 
454  $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
455 
456  if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
457  // Store negative access results
458 
459  // Store in tree cache
460  // Note, we only store up to 1000 results to avoid memory overflow.
461  if (count($this->obj_tree_cache) < 1000) {
462  $this->obj_tree_cache[$tree_cache_key] = false;
463  }
464 
465  // Store in result cache
466  $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
467  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
468 
469  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
470 
471  return false;
472  }
473 
474  // Store positive access result.
475 
476  // Store in tree cache
477  // Note, we only store up to 1000 results to avoid memory overflow.
478  if (count($this->obj_tree_cache) < 1000) {
479  $this->obj_tree_cache[$tree_cache_key] = true;
480  }
481 
482  // Store in result cache
483  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
484 
485  $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
486  return true;
487  }
$DIC
global $DIC
Definition: saml.php:7
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28
$lng
$lng
Definition: save_question_post_data.php:23
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
$ilBench
global $ilBench
Definition: ilias.php:18
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:115
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ enable()

ilAccess::enable (   $a_str,
  $a_bool 
)

Parameters
$a_str
$a_bool

Implements ilRBACAccessHandler.

Definition at line 810 of file class.ilAccess.php.

811  {
812  $this->$a_str = $a_bool;
813  }

◆ filterUserIdsByPositionOfCurrentUser()

ilAccess::filterUserIdsByPositionOfCurrentUser (   $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 872 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser().

873  {
874  return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
875  }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ filterUserIdsByPositionOfUser()

ilAccess::filterUserIdsByPositionOfUser (   $user_id,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 880 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser().

881  {
882  return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
883  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104
+ Here is the call graph for this function:

◆ filterUserIdsByRbacOrPositionOfCurrentUser()

ilAccess::filterUserIdsByRbacOrPositionOfCurrentUser (   $rbac_perm,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 888 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

889  {
890  return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
891  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilOrgUnitPositionAccess.php:231
+ Here is the call graph for this function:

◆ filterUserIdsForCurrentUsersPositionsAndPermission()

ilAccess::filterUserIdsForCurrentUsersPositionsAndPermission ( array  $user_ids,
  $permission 
)

Parameters
int[]$user_ids List of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 824 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

825  {
826  return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
827  }
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
$user_ids List of ILIAS-User-IDs which shall be filteredgetAvailablePositionRelatedPermissions for av...
Definition: class.ilOrgUnitPositionAccess.php:38
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ filterUserIdsForUsersPositionsAndPermission()

ilAccess::filterUserIdsForUsersPositionsAndPermission ( array  $user_ids,
  $for_user_id,
  $permission 
)

Parameters
int[]$user_ids List of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 832 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission().

833  {
834  return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
835  }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered getAvailablePositionRelatedPermissions for a...
Definition: class.ilOrgUnitPositionAccess.php:49
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ getInfo()

ilAccess::getInfo ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 376 of file class.ilAccess.php.

377  {
378  //return $this->last_result;
379  //$this->last_info->setQueryData($this->current_result_element);
380  //var_dump("<pre>",$this->results,"</pre>");
381  return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
382  }

◆ getPreventCachingLastResult()

ilAccess::getPreventCachingLastResult ( )

Get prevent caching last result.

Returns
boolean true if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 156 of file class.ilAccess.php.

Referenced by storeAccessResult().

157  {
158  return $this->prevent_caching_last_result;
159  }
+ Here is the caller graph for this function:

◆ getResultAll()

ilAccess::getResultAll (   $a_ref_id = "")

Implements ilRBACAccessHandler.

Definition at line 394 of file class.ilAccess.php.

References $results.

395  {
396  if ($a_ref_id == "") {
397  return $this->results;
398  }
399 
400  return $this->results[$a_ref_id];
401  }

◆ getResultLast()

ilAccess::getResultLast ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 387 of file class.ilAccess.php.

388  {
389  return $this->last_result;
390  }

◆ getResults()

ilAccess::getResults ( )

Implements ilRBACAccessHandler.

Definition at line 229 of file class.ilAccess.php.

References $results.

230  {
231  return $this->results;
232  }

◆ getStoredAccessResult()

ilAccess::getStoredAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id = "" 
)

get stored access resultprivate

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Implements ilRBACAccessHandler.

Definition at line 164 of file class.ilAccess.php.

References $DIC, and $ilUser.

Referenced by doCacheCheck().

165  {
166  global $DIC;
167 
168  $ilUser = $DIC['ilUser'];
169 
170  if ($a_user_id == "") {
171  $a_user_id = $ilUser->getId();
172  }
173 
174  /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
175  {
176  $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
177  }*/
178 
179  if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
180  return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
181  }
182  return false;
183  }
$DIC
global $DIC
Definition: saml.php:7
$ilUser
$ilUser
Definition: imgupload.php:18
+ Here is the caller graph for this function:

◆ hasCurrentUserAnyPositionAccess()

ilAccess::hasCurrentUserAnyPositionAccess (   $ref_id)

Parameters
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 896 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\hasCurrentUserAnyPositionAccess().

897  {
898  return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
899  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ hasUserRBACorAnyPositionAccess()

ilAccess::hasUserRBACorAnyPositionAccess (   $rbac_perm,
  $ref_id 
)

Parameters
string$rbac_perm
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 904 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess().

905  {
906  return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
907  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250
+ Here is the call graph for this function:

◆ isCurrentUserBasedOnPositionsAllowedTo()

ilAccess::isCurrentUserBasedOnPositionsAllowedTo (   $permission,
array  $on_user_ids 
)

Parameters
string$permission
int[]$on_user_ids List of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 840 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo().

841  {
842  return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
843  }
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
$on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelatedPermissions for available permissionsbo...
Definition: class.ilOrgUnitPositionAccess.php:65
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
+ Here is the call graph for this function:

◆ isUserBasedOnPositionsAllowedTo()

ilAccess::isUserBasedOnPositionsAllowedTo (   $which_user_id,
  $permission,
array  $on_user_ids 
)

Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_ids List of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 848 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo().

849  {
850  return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
851  }
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
Permission check for this ILIAS-User-ID $on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelate...
Definition: class.ilOrgUnitPositionAccess.php:76
+ Here is the call graph for this function:

◆ readCache()

ilAccess::readCache (   $a_secs = 0)

Implements ilRBACAccessHandler.

Definition at line 206 of file class.ilAccess.php.

References $DIC, $ilDB, $ilUser, $query, and ilDBConstants\FETCHMODE_ASSOC.

207  {
208  global $DIC;
209 
210  $ilUser = $DIC['ilUser'];
211  $ilDB = $DIC['ilDB'];
212 
213  if ($a_secs > 0) {
214  $query = "SELECT * FROM acc_cache WHERE user_id = " .
215  $ilDB->quote($ilUser->getId(), 'integer');
216  $set = $ilDB->query($query);
217  $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
218  if ((time() - $rec["time"]) < $a_secs) {
219  $this->results = unserialize($rec["result"]);
220  //var_dump($this->results);
221  return true;
222  }
223  }
224  return false;
225  }
$DIC
global $DIC
Definition: saml.php:7
$ilUser
$ilUser
Definition: imgupload.php:18
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ setPreventCachingLastResult()

ilAccess::setPreventCachingLastResult (   $a_val)

Set prevent caching last result.

Parameters
booleantrue if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 148 of file class.ilAccess.php.

Referenced by checkAccessOfUser().

149  {
150  $this->prevent_caching_last_result = $a_val;
151  }
+ Here is the caller graph for this function:

◆ setResults()

ilAccess::setResults (   $a_results)

Implements ilRBACAccessHandler.

Definition at line 236 of file class.ilAccess.php.

237  {
238  $this->results = $a_results;
239  }

◆ storeAccessResult()

ilAccess::storeAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_access_granted,
  $a_user_id = "",
  $a_info = "" 
)

store access resultprivate

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)

Implements ilRBACAccessHandler.

Definition at line 115 of file class.ilAccess.php.

References $current_info, $DIC, $ilUser, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

116  {
117  global $DIC;
118 
119  $ilUser = $DIC['ilUser'];
120 
121  if ($a_user_id == "") {
122  $a_user_id = $ilUser->getId();
123  }
124 
125  if ($a_info == "") {
126  $a_info = $this->current_info;
127  }
128 
129  //var_dump("<pre>",$a_permission,"</pre>");
130 
131  if ($this->cache) {
132  $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
133  array("granted" => $a_access_granted, "info" => $a_info,
134  "prevent_db_cache" => $this->getPreventCachingLastResult());
135  //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
136  $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
137  $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138  $this->last_info = $a_info;
139  }
140 
141  // get new info object
142  $this->current_info = new ilAccessInfo();
143  }
$DIC
global $DIC
Definition: saml.php:7
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
Definition: class.ilAccess.php:156
$ilUser
$ilUser
Definition: imgupload.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCache()

ilAccess::storeCache ( )

Implements ilRBACAccessHandler.

Definition at line 187 of file class.ilAccess.php.

References $DIC, $ilDB, $ilUser, $query, and $res.

188  {
189  global $DIC;
190 
191  $ilDB = $DIC['ilDB'];
192  $ilUser = $DIC['ilUser'];
193 
194  $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
195  $res = $ilDB->manipulate($query);
196 
197  $ilDB->insert('acc_cache', array(
198  'user_id' => array('integer',$ilUser->getId()),
199  'time' => array('integer',time()),
200  'result' => array('clob',serialize($this->results))
201  ));
202  }
$DIC
global $DIC
Definition: saml.php:7
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilUser
$ilUser
Definition: imgupload.php:18
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

Field Documentation

◆ $ac_logger

ilAccess::$ac_logger
protected

Definition at line 83 of file class.ilAccess.php.

◆ $cache

ilAccess::$cache
protected

Definition at line 61 of file class.ilAccess.php.

◆ $condition

ilAccess::$condition
protected

Definition at line 49 of file class.ilAccess.php.

Referenced by doConditionCheck().

◆ $current_info

ilAccess::$current_info
protected

Definition at line 65 of file class.ilAccess.php.

Referenced by storeAccessResult().

◆ $ilOrgUnitPositionAccess

ilAccess::$ilOrgUnitPositionAccess
protected

Definition at line 25 of file class.ilAccess.php.

◆ $obj_id_cache

ilAccess::$obj_id_cache
protected

Definition at line 37 of file class.ilAccess.php.

◆ $obj_tree_cache

ilAccess::$obj_tree_cache
protected

Definition at line 29 of file class.ilAccess.php.

◆ $obj_type_cache

ilAccess::$obj_type_cache
protected

Definition at line 33 of file class.ilAccess.php.

◆ $path

ilAccess::$path
protected

Definition at line 45 of file class.ilAccess.php.

Referenced by doPathCheck().

◆ $rbac

ilAccess::$rbac
protected

Definition at line 57 of file class.ilAccess.php.

◆ $rbacsystem

ilAccess::$rbacsystem
protected

Definition at line 73 of file class.ilAccess.php.

Referenced by __construct().

◆ $results

ilAccess::$results
protected

Definition at line 69 of file class.ilAccess.php.

Referenced by getResultAll(), and getResults().

◆ $status

ilAccess::$status
protected

Definition at line 41 of file class.ilAccess.php.

◆ $stored_rbac_access

ilAccess::$stored_rbac_access = array()
protected

Definition at line 77 of file class.ilAccess.php.

◆ $tree

ilAccess::$tree
protected

Definition at line 53 of file class.ilAccess.php.

Referenced by doPathCheck(), and doTreeCheck().

The documentation for this class was generated from the following file: