92        $this->results = array();
 
   99        $this->condition = 
true;
 
  101        $this->status = 
true;
 
  102        $this->obj_id_cache = array();
 
  103        $this->obj_type_cache = array();
 
  104        $this->obj_tree_cache = array();
 
  115    public function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = 
"", $a_info = 
"")
 
  121        if ($a_user_id == 
"") {
 
  132            $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
 
  133                    array(
"granted" => $a_access_granted, 
"info" => $a_info,
 
  136            $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
 
  137            $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
 
  138            $this->last_info = $a_info;
 
  150        $this->prevent_caching_last_result = $a_val;
 
  158        return $this->prevent_caching_last_result;
 
  170        if ($a_user_id == 
"") {
 
  179        if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
 
  180            return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
 
  194        $query = 
"DELETE FROM acc_cache WHERE user_id = " . 
$ilDB->quote(
$ilUser->getId(), 
'integer');
 
  197        $ilDB->insert(
'acc_cache', array(
 
  198            'user_id' => array(
'integer',
$ilUser->getId()),
 
  199            'time' => array(
'integer',time()),
 
  200            'result' => array(
'clob',serialize($this->results))
 
  214            $query = 
"SELECT * FROM acc_cache WHERE user_id = " .
 
  218            if ((time() - $rec[
"time"]) < $a_secs) {
 
  219                $this->results = unserialize($rec[
"result"]);
 
  238        $this->results = $a_results;
 
  246        $this->current_info->addInfoItem(
$a_type, $a_text, $a_data);
 
  252    public function checkAccess($a_permission, $a_cmd, $a_ref_id, 
$a_type = 
"", $a_obj_id = 
"", $a_tree_id = 
"")
 
  273        $ilBench->start(
"AccessControl", 
"0400_clear_info");
 
  274        $this->current_info->clear();
 
  275        $ilBench->stop(
"AccessControl", 
"0400_clear_info");
 
  279        $cached = $this->
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
 
  280        if ($cached[
"hit"]) {
 
  282            if (!$cached[
"granted"]) {
 
  285            if ($cached[
"prevent_db_cache"]) {
 
  288            return $cached[
"granted"];
 
  291        $ilBench->start(
"AccessControl", 
"0500_lookup_id_and_type");
 
  293        if ($a_obj_id == 
"") {
 
  294            if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
 
  295                $a_obj_id = $this->obj_id_cache[$a_ref_id];
 
  298                $this->obj_id_cache[$a_ref_id] = $a_obj_id;
 
  302            if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != 
"") {
 
  303                $a_type = $this->obj_type_cache[$a_ref_id];
 
  306                $this->obj_type_cache[$a_ref_id] = 
$a_type;
 
  310        $ilBench->stop(
"AccessControl", 
"0500_lookup_id_and_type");
 
  314        if ($a_tree_id != 1 &&
 
  315            !$this->
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
 
  345        $par_check = $this->
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
 
  381        return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
 
  389        return $this->last_result;
 
  396        if ($a_ref_id == 
"") {
 
  400        return $this->results[$a_ref_id];
 
  406    public function doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 
  413        $ilBench->start(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  416        if (is_array($stored_access)) {
 
  417            $this->current_info = $stored_access[
"info"];
 
  419            $ilBench->stop(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  420            return array(
"hit" => 
true, 
"granted" => $stored_access[
"granted"],
 
  421                "prevent_db_cache" => $stored_access[
"prevent_db_cache"]);
 
  425        $ilBench->stop(
"AccessControl", 
"1000_checkAccess_get_cache_result");
 
  426        return array(
"hit" => 
false, 
"granted" => 
false,
 
  427            "prevent_db_cache" => 
false);
 
  433    public function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 
  443        $tree_cache_key = $a_user_id . 
':' . $a_ref_id;
 
  444        if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
 
  446            if (!$this->obj_tree_cache[$tree_cache_key]) {
 
  449            $this->
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
 
  451            return $this->obj_tree_cache[$tree_cache_key];
 
  454        $ilBench->start(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  456        if (!
$tree->isInTree($a_ref_id) or 
$tree->isDeleted($a_ref_id)) {
 
  461            if (count($this->obj_tree_cache) < 1000) {
 
  462                $this->obj_tree_cache[$tree_cache_key] = 
false;
 
  466            $this->current_info->addInfoItem(
IL_DELETED, 
$lng->txt(
"object_deleted"));
 
  469            $ilBench->stop(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  478        if (count($this->obj_tree_cache) < 1000) {
 
  479            $this->obj_tree_cache[$tree_cache_key] = 
true;
 
  485        $ilBench->stop(
"AccessControl", 
"2000_checkAccess_in_tree");
 
  501        $ilBench->start(
"AccessControl", 
"2500_checkAccess_rbac_check");
 
  503        if ($a_permission == 
"") {
 
  505                '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
 
  513        if (isset($this->stored_rbac_access[$a_user_id . 
"-" . $a_permission . 
"-" . $a_ref_id])) {
 
  514            $access = $this->stored_rbac_access[$a_user_id . 
"-" . $a_permission . 
"-" . $a_ref_id];
 
  516            $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, 
$a_type);
 
  517            if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
 
  518                if ($a_permission != 
"create") {
 
  519                    $this->stored_rbac_access[$a_user_id . 
"-" . $a_permission . 
"-" . $a_ref_id] = $access;
 
  528        if ($a_permission != 
"create") {
 
  531        $ilBench->stop(
"AccessControl", 
"2500_checkAccess_rbac_check");
 
  539    public function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = 
false)
 
  546        $ilObjDataCache = 
$DIC[
'ilObjDataCache'];
 
  549        $ilBench->start(
"AccessControl", 
"3100_checkAccess_check_parents_get_path");
 
  560        $ilBench->stop(
"AccessControl", 
"3100_checkAccess_check_parents_get_path");
 
  563            if ($a_ref_id == 
$id) {
 
  569            if ($access == 
false) {
 
  574                if ($a_all == 
false) {
 
  594        $objDefinition = 
$DIC[
'objDefinition'];
 
  597        $cache_perm = ($a_permission == 
"visible")
 
  602        if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
 
  603            return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
 
  607        if ($a_permission == 
'write') {
 
  612        if ($a_user_id == 
$ilUser->getId()) {
 
  614            include_once 
'./Services/Container/classes/class.ilMemberViewSettings.php';
 
  616            if ($memview->isActiveForRefId($a_ref_id) &&
 
  617                $memview->getContainer() == $a_ref_id) {
 
  624            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  630            $objDefinition->supportsOfflineHandling(
$a_type) &&
 
  633            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
false;
 
  637        include_once 
'Services/Object/classes/class.ilObjectActivation.php';
 
  641        if ($item_data === 
null ||
 
  643            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  648        if (($item_data[
'timing_start'] == 0 || time() >= $item_data[
'timing_start']) and
 
  649           ($item_data[
'timing_end'] == 0 || time() <= $item_data[
'timing_end'])) {
 
  650            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  656            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  657            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  662        if ($a_permission == 
'visible' and $item_data[
'visible']) {
 
  663            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  668        if ($a_permission == 
'read_learning_progress') {
 
  669            $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
true;
 
  670            $ilBench->stop(
"AccessControl", 
"3150_checkAccess_check_course_activation");
 
  675        $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = 
false;
 
  691            ($a_permission == 
'visible') and
 
  694            if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
 
  696                    $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, 
$a_type);
 
  698                        $this->current_info->addInfoItem(
 
  700                            $lng->txt(
"missing_precondition") . 
": " .
 
  709                $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  714        if (($a_permission == 
"read" or $a_permission == 
'join') &&
 
  716            $ilBench->start(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  718                $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, 
$a_type);
 
  720                    $this->current_info->addInfoItem(
 
  722                        $lng->txt(
"missing_precondition") . 
": " .
 
  729                $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  732            $ilBench->stop(
"AccessControl", 
"4000_checkAccess_condition_check");
 
  745        $objDefinition = 
$DIC[
'objDefinition'];
 
  747        $ilPluginAdmin = 
$DIC[
'ilPluginAdmin'];
 
  749        $ilBench->start(
"AccessControl", 
"5000_checkAccess_object_check");
 
  752        if ($objDefinition->isPluginTypeName(
$a_type) && !$objDefinition->isPlugin(
$a_type)) {
 
  759        $class = $objDefinition->getClassName(
$a_type);
 
  761        $full_class = 
"ilObj" . $class . 
"Access";
 
  764            $this->ac_logger->error(
"Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
 
  768        include_once(
$location . 
"/class." . $full_class . 
".php");
 
  771        $full_class = 
new $full_class();
 
  773        $obj_access = call_user_func(
 
  774            array($full_class, 
"_checkAccess"),
 
  781        if (!($obj_access === 
true)) {
 
  788            $ilBench->stop(
"AccessControl", 
"5000_checkAccess_object_check");
 
  793        $ilBench->stop(
"AccessControl", 
"5000_checkAccess_object_check");
 
  802        $this->results = array();
 
  803        $this->last_result = 
"";
 
  805        $this->stored_rbac_access = [];
 
  812        $this->$a_str = $a_bool;
 
An exception for terminatinating execution or to throw for unit testing.
const IL_MISSING_PRECONDITION
const IL_NO_PARENT_ACCESS
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
hasCurrentUserAnyPositionAccess($ref_id)
bool
getResultAll($a_ref_id="")
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
getResultLast()
get last info object
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
getInfo()
get last info object
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
setPreventCachingLastResult($a_val)
Set prevent caching last result.
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
static getLogger($a_component_id)
Get component logger.
static getInstance()
Get instance.
static getItem($a_ref_id)
Get item data.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static lookupOfflineStatus($a_obj_id)
Lookup offline status using objectDataCache.
static _lookupType($a_id, $a_reference=false)
lookup object type
Class ilOrgUnitPositionAccess.
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
hasCurrentUserAnyPositionAccess($ref_id)
bool
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
if(!array_key_exists('StateId', $_REQUEST)) $id
Interface ilAccessHandler.
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for activation and centralized offline status.
catch(Exception $e) $message
foreach($_POST as $key=> $value) $res