ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilClaimingPermissionHelper.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
12 abstract class ilClaimingPermissionHelper
13 {
14  protected $user_id; // [int]
15  protected $ref_id; // [int]
16  protected $map; // [array]
17  protected $context_ids; // [array]
18  protected $plugins; // [array]
19 
20  protected static $instances; // [array]
21 
22 
23  // constructor
24 
32  protected function __construct($a_user_id, $a_ref_id)
33  {
34  $this->setUserId($a_user_id);
35  $this->setRefId($a_ref_id);
36  $this->map = $this->buildPermissionMap();
37  $this->reset();
38  }
39 
47  public static function getInstance($a_user_id = null, $a_ref_id = null)
48  {
49  global $DIC;
50  $ilUser = $DIC->user();
51 
52  if (!$a_user_id) {
53  $a_user_id = $ilUser->getId();
54  }
55  if (!$a_ref_id) {
56  $a_ref_id = (int) $_REQUEST["ref_id"];
57  }
58  if (!isset(self::$instances[$a_user_id][$a_ref_id])) {
59  self::$instances[$a_user_id][$a_ref_id] = new static($a_user_id, $a_ref_id);
60  }
61  return self::$instances[$a_user_id][$a_ref_id];
62  }
63 
67  public function reset()
68  {
69  $this->context_ids = array();
70  }
71 
72 
73  // properties
74 
80  protected function setUserId($a_value)
81  {
82  $this->user_id = (int) $a_value;
83  }
84 
90  protected function getUserId()
91  {
92  return $this->user_id;
93  }
94 
100  protected function setRefId($a_value)
101  {
102  $this->ref_id = (int) $a_value;
103  }
104 
110  protected function getRefId()
111  {
112  return $this->ref_id;
113  }
114 
115 
116  // caching
117 
125  abstract protected function readContextIds($a_context_type);
126 
127 
128  // permissions
129 
135  abstract protected function buildPermissionMap();
136 
146  protected function isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
147  {
148  $valid = false;
149 
150  if (array_key_exists($a_context_type, $this->map)) {
151  if (!$a_action_sub_id) {
152  if (in_array($a_action_id, $this->map[$a_context_type]["actions"])) {
153  $valid = true;
154  }
155  } else {
156  if (array_key_exists($a_action_id, $this->map[$a_context_type]["subactions"]) &&
157  in_array($a_action_sub_id, $this->map[$a_context_type]["subactions"][$a_action_id])) {
158  $valid = true;
159  }
160  }
161  }
162 
163  if ($valid &&
164  $a_context_id &&
165  !in_array($a_context_id, $this->getValidContextIds($a_context_type))) {
166  $valid = false;
167  }
168 
169  if (DEVMODE && !$valid) {
170  trigger_error("INVALID permission context - " . $a_context_type . ":" . $a_context_id . ":" . $a_action_id . ":" . $a_action_sub_id, E_USER_WARNING);
171  }
172 
173  return $valid;
174  }
175 
183  protected function getValidContextIds($a_context_type)
184  {
185  if (!array_key_exists($a_context_type, $this->context_ids)) {
186  $this->context_ids[$a_context_type] = $this->readContextIds($a_context_type);
187  }
188  return (array) $this->context_ids[$a_context_type];
189  }
190 
200  public function hasPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
201  {
202  if ($this->isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
203  return $this->checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id);
204  }
205  // :TODO: exception?
206  }
207 
216  public function hasPermissions($a_context_type, $a_context_id, array $a_action_ids)
217  {
218  $res = array();
219 
220  foreach ($a_action_ids as $action_id) {
221  if (is_array($action_id)) {
222  $action_sub_id = $action_id[1];
223  $action_id = $action_id[0];
224 
225  $res[$action_id][$action_sub_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id, $action_sub_id);
226  } else {
227  $res[$action_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id);
228  }
229  }
230 
231  return $res;
232  }
233 
243  protected function checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
244  {
245  return ($this->checkRBAC() &&
246  $this->checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id));
247  }
248 
254  protected function checkRBAC()
255  {
256  global $DIC;
257  $ilAccess = $DIC->access();
258 
259  // we are currently only supporting write operations
260  return $ilAccess->checkAccessOfUser($this->getUserId(), "write", "", $this->getRefId());
261  }
262 
268  abstract protected function getActivePlugins();
269 
279  protected function checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id = null)
280  {
281  $valid = true;
282 
283  if (!is_array($this->plugins)) {
284  $this->plugins = (array) $this->getActivePlugins();
285  }
286 
287  foreach ($this->plugins as $plugin) {
288  if (!$plugin->checkPermission($this->getUserId(), $a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
289  $valid = false;
290  break;
291  }
292  }
293 
294  return $valid;
295  }
296 }
ilClaimingPermissionHelper\getInstance
static getInstance($a_user_id=null, $a_ref_id=null)
Factory.
Definition: class.ilClaimingPermissionHelper.php:47
ilClaimingPermissionHelper\hasPermissions
hasPermissions($a_context_type, $a_context_id, array $a_action_ids)
Check permissions.
Definition: class.ilClaimingPermissionHelper.php:216
ilClaimingPermissionHelper
Claiming permission helper base class.
Definition: class.ilClaimingPermissionHelper.php:12
$DIC
global $DIC
Definition: saml.php:7
ilClaimingPermissionHelper\checkPermission
checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission (helper: rbac, plugins)
Definition: class.ilClaimingPermissionHelper.php:243
$valid
$valid
Definition: dummy_client.php:52
ilClaimingPermissionHelper\readContextIds
readContextIds($a_context_type)
Get all context ids for context type (from DB, is cached)
$a_context_id
$a_context_id
Definition: workflow.php:97
ilClaimingPermissionHelper\getActivePlugins
getActivePlugins()
Get active plugins (for current slot)
ilClaimingPermissionHelper\buildPermissionMap
buildPermissionMap()
Build map of context and actions.
ilClaimingPermissionHelper\hasPermission
hasPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission.
Definition: class.ilClaimingPermissionHelper.php:200
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilClaimingPermissionHelper\checkRBAC
checkRBAC()
Check permission against RBAC.
Definition: class.ilClaimingPermissionHelper.php:254
$ilUser
$ilUser
Definition: imgupload.php:18
ilClaimingPermissionHelper\isValidContextAndAction
isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check if given combination of context and action is valid.
Definition: class.ilClaimingPermissionHelper.php:146
ilClaimingPermissionHelper\checkPlugins
checkPlugins($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id=null)
Check permission against plugins.
Definition: class.ilClaimingPermissionHelper.php:279
$a_context_type
$a_context_type
Definition: workflow.php:96
ilClaimingPermissionHelper\__construct
__construct($a_user_id, $a_ref_id)
Constructor.
Definition: class.ilClaimingPermissionHelper.php:32
ilClaimingPermissionHelper\getValidContextIds
getValidContextIds($a_context_type)
Get context ids for context type (uses cache)
Definition: class.ilClaimingPermissionHelper.php:183