ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Attributes
ilAccess Class Reference
Services/AccessControl

Class ilAccessHandler. More...

+ Inheritance diagram for ilAccess:
+ Collaboration diagram for ilAccess:

Public Member Functions

 __construct ()
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access result@access private
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)
More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result.
Parameters
booleantrue if last result should not be cached
More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result.
Returns
boolean true if last result should not be cached
More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result@access private
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object
More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool
More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool
More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 
Parameters
$a_str
$a_bool
More...
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
 
Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs
More...
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
 
Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs
More...
 
 isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
 
Parameters
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
 
Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkPositionAccess ($pos_perm, $ref_id)
 
Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool
More...
 
 filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
 
Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
 
Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]
More...
 
 hasCurrentUserAnyPositionAccess ($ref_id)
 
Parameters
int$ref_id
Returns
bool
More...
 
 hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
 
Parameters
string$rbac_perm
int$ref_id
Returns
bool
More...
 
- Public Member Functions inherited from ilRBACAccessHandler
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id=null, $a_info="")
 store access result More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result. More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result. More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id=null, $a_tree_id=null)
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id=null, $a_tree_id=null)
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents More...
 
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for activation and centralized offline status. More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission) More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
 
 isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
 
 isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
 
 checkPositionAccess ($pos_perm, $ref_id)
 
 hasCurrentUserAnyPositionAccess ($ref_id)
 
 filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
 
 filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
 
 checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
 
 filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
 
 hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
 

Protected Attributes

 $ilOrgUnitPositionAccess
 
 $obj_tree_cache
 
 $obj_type_cache
 
 $obj_id_cache
 
 $status
 
 $path
 
 $condition
 
 $tree
 
 $rbac
 
 $cache
 
 $current_info
 
 $results
 
 $rbacsystem
 
 $stored_rbac_access = array()
 
 $ac_logger
 

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author
Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 19 of file class.ilAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilAccess::__construct ( )

Definition at line 85 of file class.ilAccess.php.

86 {
87 global $DIC;
88
89 $rbacsystem = $DIC['rbacsystem'];
90
91 $this->rbacsystem = $rbacsystem;
92 $this->results = array();
93 $this->current_info = new ilAccessInfo();
94
95 // use function enable to switch on/off tests (only cache is used so far)
96 $this->cache = true;
97 $this->rbac = true;
98 $this->tree = true;
99 $this->condition = true;
100 $this->path = true;
101 $this->status = true;
102 $this->obj_id_cache = array();
103 $this->obj_type_cache = array();
104 $this->obj_tree_cache = array();
105
106 $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();
107
108 $this->ac_logger = ilLoggerFactory::getLogger('ac');
109 }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:40
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:9
$DIC
global $DIC
Definition: saml.php:7

References $DIC, $rbacsystem, and ilLoggerFactory\getLogger().

+ Here is the call graph for this function:

Member Function Documentation

◆ addInfoItem()

ilAccess::addInfoItem (   $a_type,
  $a_text,
  $a_data = "" 
)

add an info item to current info object

Implements ilRBACAccessHandler.

Definition at line 244 of file class.ilAccess.php.

245 {
246 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
247 }
$a_type
$a_type
Definition: workflow.php:92

References $a_type.

◆ checkAccess()

ilAccess::checkAccess (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 252 of file class.ilAccess.php.

253 {
254 global $DIC;
255
256 $ilUser = $DIC['ilUser'];
257
258 return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
259 }
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:264
$ilUser
$ilUser
Definition: imgupload.php:18

References $a_type, $DIC, $ilUser, and checkAccessOfUser().

Referenced by ilLocalUserGUI\__checkGlobalRoles(), ilLocalUserGUI\__showRolesTable(), ilOrgUnitStaffGUI\addOtherRoles(), ilOrgUnitStaffGUI\addStaff(), ilObjStudyProgrammeGUI\addToNavigationHistory(), ilLocalUserGUI\assignRoles(), ilLocalUserGUI\assignSave(), ilObjStudyProgrammeGUI\checkAccess(), ilLocalUserGUI\checkPermission(), ilOrgUnitSimpleImportGUI\chooseImport(), ilOrgUnitStaffGUI\confirmRemoveUser(), ilObjOrgUnitGUI\editAdvancedSettings(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editSettings(), ilObjOrgUnitGUI\executeCommand(), ilOrgUnitStaffGUI\fromEmployeeToSuperior(), ilOrgUnitStaffGUI\fromSuperiorToEmployee(), ilObjStudyProgrammeAdminGUI\initFormSettings(), ilOrgUnitStaffGUI\removeFromEmployees(), ilOrgUnitStaffGUI\removeFromRole(), ilOrgUnitStaffGUI\removeFromSuperiors(), ilOrgUnitStaffGUI\setTabs(), ilOrgUnitStaffGUI\showOtherRoles(), ilOrgUnitStaffGUI\showStaff(), ilObjOrgUnitGUI\updateAdvancedSettings(), ilObjStudyProgrammeGUI\updateAdvancedSettings(), and ilObjOrgUnitGUI\updateSettings().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkAccessOfUser()

ilAccess::checkAccessOfUser (   $a_user_id,
  $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 264 of file class.ilAccess.php.

265 {
266 global $DIC;
267
268 $ilBench = $DIC['ilBench'];
269 $lng = $DIC['lng'];
270
271 $this->setPreventCachingLastResult(false); // for external db based caches
272
273 $ilBench->start("AccessControl", "0400_clear_info");
274 $this->current_info->clear();
275 $ilBench->stop("AccessControl", "0400_clear_info");
276
277
278 // get stored result (internal memory based cache)
279 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
280 if ($cached["hit"]) {
281 // Store access result
282 if (!$cached["granted"]) {
283 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
284 }
285 if ($cached["prevent_db_cache"]) {
286 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
287 }
288 return $cached["granted"];
289 }
290
291 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
292 // get object id if not provided
293 if ($a_obj_id == "") {
294 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
295 $a_obj_id = $this->obj_id_cache[$a_ref_id];
296 } else {
297 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
298 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
299 }
300 }
301 if ($a_type == "") {
302 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
303 $a_type = $this->obj_type_cache[$a_ref_id];
304 } else {
305 $a_type = ilObject::_lookupType($a_ref_id, true);
306 $this->obj_type_cache[$a_ref_id] = $a_type;
307 }
308 }
309
310 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
311
312 // if supplied tree id is not = 1 (= repository main tree),
313 // check if object is in tree and not deleted
314 if ($a_tree_id != 1 &&
315 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
316 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
317 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
318 return false;
319 }
320
321 // rbac check for current object
322 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
323 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
324 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
325 return false;
326 }
327
328 // Check object activation
329 $act_check = $this->doActivationCheck(
330 $a_permission,
331 $a_cmd,
332 $a_ref_id,
333 $a_user_id,
334 $a_obj_id,
335 $a_type
336 );
337
338 if (!$act_check) {
339 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
340 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
341 return false;
342 }
343
344 // check read permission for all parents
345 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
346 if (!$par_check) {
347 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
348 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
349 return false;
350 }
351
352 // condition check (currently only implemented for read permission)
353 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
354 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
355 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
356 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
357 return false;
358 }
359
360 // object type specific check
361 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
362 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
363 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
364 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
365 return false;
366 }
367
368 // all checks passed
369 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
370 return true;
371 }
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
ilAccess\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
Definition: class.ilAccess.php:682
ilAccess\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
Definition: class.ilAccess.php:406
ilAccess\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
Definition: class.ilAccess.php:433
ilAccess\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
Definition: class.ilAccess.php:741
ilAccess\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
Definition: class.ilAccess.php:539
ilAccess\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
Definition: class.ilAccess.php:492
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:148
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
Definition: class.ilAccess.php:115
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
$ilBench
global $ilBench
Definition: ilias.php:18
ilRBACAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for activation and centralized offline status.
$lng
$lng
Definition: save_question_post_data.php:23

References $a_type, $DIC, $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), ilRBACAccessHandler\doActivationCheck(), doCacheCheck(), doConditionCheck(), doPathCheck(), doRBACCheck(), doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doConditionCheck(), doPathCheck(), and ilSearchResult\filter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPositionAccess()

ilAccess::checkPositionAccess (   $pos_perm,
  $ref_id 
)

Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 856 of file class.ilAccess.php.

857 {
858 return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
859 }
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:161

References ilOrgUnitPositionAccess\checkPositionAccess().

+ Here is the call graph for this function:

◆ checkRbacOrPositionPermissionAccess()

ilAccess::checkRbacOrPositionPermissionAccess (   $rbac_perm,
  $pos_perm,
  $ref_id 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 864 of file class.ilAccess.php.

865 {
866 return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
867 }
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:211

References ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess().

+ Here is the call graph for this function:

◆ clear()

ilAccess::clear ( )

Implements ilRBACAccessHandler.

Definition at line 800 of file class.ilAccess.php.

801 {
802 $this->results = array();
803 $this->last_result = "";
804 $this->current_info = new ilAccessInfo();
805 $this->stored_rbac_access = [];
806 }

◆ doCacheCheck()

ilAccess::doCacheCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

look if result for current query is already in cache

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 406 of file class.ilAccess.php.

407 {
408 global $DIC;
409
410 $ilBench = $DIC['ilBench'];
411 //echo "cacheCheck<br/>";
412
413 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
414 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
415 //var_dump($stored_access);
416 if (is_array($stored_access)) {
417 $this->current_info = $stored_access["info"];
418 //var_dump("cache-treffer:");
419 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
420 return array("hit" => true, "granted" => $stored_access["granted"],
421 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
422 }
423
424 // not in cache
425 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
426 return array("hit" => false, "granted" => false,
427 "prevent_db_cache" => false);
428 }
ilAccess\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
Definition: class.ilAccess.php:164

References $DIC, $ilBench, and getStoredAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doConditionCheck()

ilAccess::doConditionCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

condition check (currently only implemented for read permission)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 682 of file class.ilAccess.php.

683 {
684 //echo "conditionCheck<br/>";
685 global $DIC;
686
687 $lng = $DIC['lng'];
688 $ilBench = $DIC['ilBench'];
689
690 if (
691 ($a_permission == 'visible') and
692 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
693 ) {
694 if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
695 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
696 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
697 foreach ($conditions as $condition) {
698 $this->current_info->addInfoItem(
699 IL_MISSING_PRECONDITION,
700 $lng->txt("missing_precondition") . ": " .
701 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
702 $lng->txt("condition_" . $condition["operator"]) . " " .
703 $condition["value"],
704 $condition
705 );
706 }
707 return false;
708 }
709 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
710 }
711 }
712
713
714 if (($a_permission == "read" or $a_permission == 'join') &&
715 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
716 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
717 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
718 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
719 foreach ($conditions as $condition) {
720 $this->current_info->addInfoItem(
721 IL_MISSING_PRECONDITION,
722 $lng->txt("missing_precondition") . ": " .
723 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
724 $lng->txt("condition_" . $condition["operator"]) . " " .
725 $condition["value"],
726 $condition
727 );
728 }
729 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
730 return false;
731 }
732 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
733 }
734
735 return true;
736 }
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1200
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988

References $a_type, $condition, $DIC, $ilBench, $lng, ilConditionHandler\_checkAllConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), and IL_MISSING_PRECONDITION.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doPathCheck()

ilAccess::doPathCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check read permission for all parents

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 539 of file class.ilAccess.php.

540 {
541 global $DIC;
542
543 $tree = $DIC['tree'];
544 $lng = $DIC['lng'];
545 $ilBench = $DIC['ilBench'];
546 $ilObjDataCache = $DIC['ilObjDataCache'];
547 //echo "<br>dopathcheck";
548 //echo "pathCheck<br/>";
549 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
550
551 // if (isset($this->stored_path[$a_ref_id]))
552 // {
553 // $path = $this->stored_path[$a_ref_id];
554 // }
555 // else
556 // {
557 $path = $tree->getPathId($a_ref_id);
558 // $this->stored_path[$a_ref_id] = $path;
559 // }
560 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
561
562 foreach ($path as $id) {
563 if ($a_ref_id == $id) {
564 continue;
565 }
566
567 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
568
569 if ($access == false) {
570
571 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
572 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);
573
574 if ($a_all == false) {
575 return false;
576 }
577 }
578 }
579
580 return true;
581 }
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

References $DIC, $id, $ilBench, $lng, $path, $tree, checkAccessOfUser(), and IL_NO_PARENT_ACCESS.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doRBACCheck()

ilAccess::doRBACCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_type 
)

rbac check for current object -> type should be used for create permission

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 492 of file class.ilAccess.php.

493 {
494 global $DIC;
495
496 $lng = $DIC['lng'];
497 $ilBench = $DIC['ilBench'];
498 $ilErr = $DIC['ilErr'];
499 $ilLog = $DIC['ilLog'];
500
501 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
502
503 if ($a_permission == "") {
504 $message = sprintf(
505 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
506 get_class($this),
507 $a_ref_id
508 );
509 $ilLog->write($message, $ilLog->FATAL);
510 $ilErr->raiseError($message, $ilErr->MESSAGE);
511 }
512
513 if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
514 $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
515 } else {
516 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
517 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
518 if ($a_permission != "create") {
519 $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
520 }
521 }
522 }
523
524 // Store in result cache
525 if (!$access) {
526 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
527 }
528 if ($a_permission != "create") {
529 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
530 }
531 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
532
533 return $access;
534 }
$ilLog
$ilLog
Definition: inc.setup_header.php:123
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$ilErr
$ilErr
Definition: raiseError.php:18

References $a_type, $DIC, $ilBench, $ilErr, $ilLog, $lng, $message, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doStatusCheck()

ilAccess::doStatusCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

object type specific check

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 741 of file class.ilAccess.php.

742 {
743 global $DIC;
744
745 $objDefinition = $DIC['objDefinition'];
746 $ilBench = $DIC['ilBench'];
747 $ilPluginAdmin = $DIC['ilPluginAdmin'];
748 //echo "statusCheck<br/>";
749 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
750
751 // check for a deactivated plugin
752 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type)) {
753 return false;
754 }
755 if (!$a_type) {
756 return false;
757 }
758
759 $class = $objDefinition->getClassName($a_type);
760 $location = $objDefinition->getLocation($a_type);
761 $full_class = "ilObj" . $class . "Access";
762
763 if ($class == "") {
764 $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
765 return false;
766 }
767
768 include_once($location . "/class." . $full_class . ".php");
769 // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
770
771 $full_class = new $full_class();
772
773 $obj_access = call_user_func(
774 array($full_class, "_checkAccess"),
775 $a_cmd,
776 $a_permission,
777 $a_ref_id,
778 $a_obj_id,
779 $a_user_id
780 );
781 if (!($obj_access === true)) {
782 //Note: We must not add an info item here, because one is going
783 // to be added by the user function we just called a few
784 // lines above.
785 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
786
787 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
788 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
789 return false;
790 }
791
792 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
793 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
794 return true;
795 }
$location
$location
Definition: buildRTE.php:44

References $a_type, $DIC, $ilBench, $location, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doTreeCheck()

ilAccess::doTreeCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

check if object is in tree and not deleted

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 433 of file class.ilAccess.php.

434 {
435 global $DIC;
436
437 $tree = $DIC['tree'];
438 $lng = $DIC['lng'];
439 $ilBench = $DIC['ilBench'];
440 //echo "treeCheck<br/>";
441
442 // Get stored result
443 $tree_cache_key = $a_user_id . ':' . $a_ref_id;
444 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
445 // Store access result
446 if (!$this->obj_tree_cache[$tree_cache_key]) {
447 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
448 }
449 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
450
451 return $this->obj_tree_cache[$tree_cache_key];
452 }
453
454 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
455
456 if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
457 // Store negative access results
458
459 // Store in tree cache
460 // Note, we only store up to 1000 results to avoid memory overflow.
461 if (count($this->obj_tree_cache) < 1000) {
462 $this->obj_tree_cache[$tree_cache_key] = false;
463 }
464
465 // Store in result cache
466 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
467 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
468
469 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
470
471 return false;
472 }
473
474 // Store positive access result.
475
476 // Store in tree cache
477 // Note, we only store up to 1000 results to avoid memory overflow.
478 if (count($this->obj_tree_cache) < 1000) {
479 $this->obj_tree_cache[$tree_cache_key] = true;
480 }
481
482 // Store in result cache
483 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
484
485 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
486 return true;
487 }
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28

References $DIC, $ilBench, $lng, $tree, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ enable()

ilAccess::enable (   $a_str,
  $a_bool 
)

Parameters
$a_str
$a_bool

Implements ilRBACAccessHandler.

Definition at line 810 of file class.ilAccess.php.

811 {
812 $this->$a_str = $a_bool;
813 }

◆ filterUserIdsByPositionOfCurrentUser()

ilAccess::filterUserIdsByPositionOfCurrentUser (   $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 872 of file class.ilAccess.php.

873 {
874 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
875 }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser().

+ Here is the call graph for this function:

◆ filterUserIdsByPositionOfUser()

ilAccess::filterUserIdsByPositionOfUser (   $user_id,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 880 of file class.ilAccess.php.

881 {
882 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
883 }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser().

+ Here is the call graph for this function:

◆ filterUserIdsByRbacOrPositionOfCurrentUser()

ilAccess::filterUserIdsByRbacOrPositionOfCurrentUser (   $rbac_perm,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 888 of file class.ilAccess.php.

889 {
890 return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
891 }
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
Definition: class.ilOrgUnitPositionAccess.php:231

References ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

+ Here is the call graph for this function:

◆ filterUserIdsForCurrentUsersPositionsAndPermission()

ilAccess::filterUserIdsForCurrentUsersPositionsAndPermission ( array  $user_ids,
  $permission 
)

Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 824 of file class.ilAccess.php.

825 {
826 return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
827 }
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:38

References ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

+ Here is the call graph for this function:

◆ filterUserIdsForUsersPositionsAndPermission()

ilAccess::filterUserIdsForUsersPositionsAndPermission ( array  $user_ids,
  $for_user_id,
  $permission 
)

Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 832 of file class.ilAccess.php.

833 {
834 return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
835 }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:49

References ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission().

+ Here is the call graph for this function:

◆ getInfo()

ilAccess::getInfo ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 376 of file class.ilAccess.php.

377 {
378 //return $this->last_result;
379 //$this->last_info->setQueryData($this->current_result_element);
380 //var_dump("<pre>",$this->results,"</pre>");
381 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
382 }

◆ getPreventCachingLastResult()

ilAccess::getPreventCachingLastResult ( )

Get prevent caching last result.

Returns
boolean true if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 156 of file class.ilAccess.php.

157 {
158 return $this->prevent_caching_last_result;
159 }

Referenced by storeAccessResult().

+ Here is the caller graph for this function:

◆ getResultAll()

ilAccess::getResultAll (   $a_ref_id = "")

Implements ilRBACAccessHandler.

Definition at line 394 of file class.ilAccess.php.

395 {
396 if ($a_ref_id == "") {
397 return $this->results;
398 }
399
400 return $this->results[$a_ref_id];
401 }

References $results.

◆ getResultLast()

ilAccess::getResultLast ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 387 of file class.ilAccess.php.

388 {
389 return $this->last_result;
390 }

◆ getResults()

ilAccess::getResults ( )

Implements ilRBACAccessHandler.

Definition at line 229 of file class.ilAccess.php.

230 {
231 return $this->results;
232 }

References $results.

◆ getStoredAccessResult()

ilAccess::getStoredAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id = "" 
)

get stored access result@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Implements ilRBACAccessHandler.

Definition at line 164 of file class.ilAccess.php.

165 {
166 global $DIC;
167
168 $ilUser = $DIC['ilUser'];
169
170 if ($a_user_id == "") {
171 $a_user_id = $ilUser->getId();
172 }
173
174 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
175 {
176 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
177 }*/
178
179 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
180 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
181 }
182 return false;
183 }

References $DIC, and $ilUser.

Referenced by doCacheCheck().

+ Here is the caller graph for this function:

◆ hasCurrentUserAnyPositionAccess()

ilAccess::hasCurrentUserAnyPositionAccess (   $ref_id)

Parameters
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 896 of file class.ilAccess.php.

897 {
898 return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
899 }

References ilOrgUnitPositionAccess\hasCurrentUserAnyPositionAccess().

+ Here is the call graph for this function:

◆ hasUserRBACorAnyPositionAccess()

ilAccess::hasUserRBACorAnyPositionAccess (   $rbac_perm,
  $ref_id 
)

Parameters
string$rbac_perm
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 904 of file class.ilAccess.php.

905 {
906 return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
907 }
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250

References ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess().

+ Here is the call graph for this function:

◆ isCurrentUserBasedOnPositionsAllowedTo()

ilAccess::isCurrentUserBasedOnPositionsAllowedTo (   $permission,
array  $on_user_ids 
)

Parameters
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 840 of file class.ilAccess.php.

841 {
842 return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
843 }
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:65

References ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo().

+ Here is the call graph for this function:

◆ isUserBasedOnPositionsAllowedTo()

ilAccess::isUserBasedOnPositionsAllowedTo (   $which_user_id,
  $permission,
array  $on_user_ids 
)

Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 848 of file class.ilAccess.php.

849 {
850 return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
851 }
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:76

References ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo().

+ Here is the call graph for this function:

◆ readCache()

ilAccess::readCache (   $a_secs = 0)

Implements ilRBACAccessHandler.

Definition at line 206 of file class.ilAccess.php.

207 {
208 global $DIC;
209
210 $ilUser = $DIC['ilUser'];
211 $ilDB = $DIC['ilDB'];
212
213 if ($a_secs > 0) {
214 $query = "SELECT * FROM acc_cache WHERE user_id = " .
215 $ilDB->quote($ilUser->getId(), 'integer');
216 $set = $ilDB->query($query);
217 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
218 if ((time() - $rec["time"]) < $a_secs) {
219 $this->results = unserialize($rec["result"]);
220 //var_dump($this->results);
221 return true;
222 }
223 }
224 return false;
225 }
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $DIC, $ilDB, $ilUser, $query, and ilDBConstants\FETCHMODE_ASSOC.

◆ setPreventCachingLastResult()

ilAccess::setPreventCachingLastResult (   $a_val)

Set prevent caching last result.

Parameters
booleantrue if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 148 of file class.ilAccess.php.

149 {
150 $this->prevent_caching_last_result = $a_val;
151 }

Referenced by checkAccessOfUser().

+ Here is the caller graph for this function:

◆ setResults()

ilAccess::setResults (   $a_results)

Implements ilRBACAccessHandler.

Definition at line 236 of file class.ilAccess.php.

237 {
238 $this->results = $a_results;
239 }

◆ storeAccessResult()

ilAccess::storeAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_access_granted,
  $a_user_id = "",
  $a_info = "" 
)

store access result@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)

Implements ilRBACAccessHandler.

Definition at line 115 of file class.ilAccess.php.

116 {
117 global $DIC;
118
119 $ilUser = $DIC['ilUser'];
120
121 if ($a_user_id == "") {
122 $a_user_id = $ilUser->getId();
123 }
124
125 if ($a_info == "") {
126 $a_info = $this->current_info;
127 }
128
129 //var_dump("<pre>",$a_permission,"</pre>");
130
131 if ($this->cache) {
132 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
133 array("granted" => $a_access_granted, "info" => $a_info,
134 "prevent_db_cache" => $this->getPreventCachingLastResult());
135 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
136 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
137 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138 $this->last_info = $a_info;
139 }
140
141 // get new info object
142 $this->current_info = new ilAccessInfo();
143 }
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
Definition: class.ilAccess.php:156

References $current_info, $DIC, $ilUser, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doRBACCheck(), doStatusCheck(), and doTreeCheck().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCache()

ilAccess::storeCache ( )

Implements ilRBACAccessHandler.

Definition at line 187 of file class.ilAccess.php.

188 {
189 global $DIC;
190
191 $ilDB = $DIC['ilDB'];
192 $ilUser = $DIC['ilUser'];
193
194 $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
195 $res = $ilDB->manipulate($query);
196
197 $ilDB->insert('acc_cache', array(
198 'user_id' => array('integer',$ilUser->getId()),
199 'time' => array('integer',time()),
200 'result' => array('clob',serialize($this->results))
201 ));
202 }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

References $DIC, $ilDB, $ilUser, $query, and $res.

Field Documentation

◆ $ac_logger

ilAccess::$ac_logger
protected

Definition at line 83 of file class.ilAccess.php.

◆ $cache

ilAccess::$cache
protected

Definition at line 61 of file class.ilAccess.php.

◆ $condition

ilAccess::$condition
protected

Definition at line 49 of file class.ilAccess.php.

Referenced by doConditionCheck().

◆ $current_info

ilAccess::$current_info
protected

Definition at line 65 of file class.ilAccess.php.

Referenced by storeAccessResult().

◆ $ilOrgUnitPositionAccess

ilAccess::$ilOrgUnitPositionAccess
protected

Definition at line 25 of file class.ilAccess.php.

◆ $obj_id_cache

ilAccess::$obj_id_cache
protected

Definition at line 37 of file class.ilAccess.php.

◆ $obj_tree_cache

ilAccess::$obj_tree_cache
protected

Definition at line 29 of file class.ilAccess.php.

◆ $obj_type_cache

ilAccess::$obj_type_cache
protected

Definition at line 33 of file class.ilAccess.php.

◆ $path

ilAccess::$path
protected

Definition at line 45 of file class.ilAccess.php.

Referenced by doPathCheck().

◆ $rbac

ilAccess::$rbac
protected

Definition at line 57 of file class.ilAccess.php.

◆ $rbacsystem

ilAccess::$rbacsystem
protected

Definition at line 73 of file class.ilAccess.php.

Referenced by __construct().

◆ $results

ilAccess::$results
protected

Definition at line 69 of file class.ilAccess.php.

Referenced by getResultAll(), and getResults().

◆ $status

ilAccess::$status
protected

Definition at line 41 of file class.ilAccess.php.

◆ $stored_rbac_access

ilAccess::$stored_rbac_access = array()
protected

Definition at line 77 of file class.ilAccess.php.

◆ $tree

ilAccess::$tree
protected

Definition at line 53 of file class.ilAccess.php.

Referenced by doPathCheck(), and doTreeCheck().

The documentation for this class was generated from the following file: