df/d6e/class_8ilAccess_8php_source.html

 <?php
 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */

 class ilAccess implements ilAccessHandler
 {

     protected $ilOrgUnitPositionAccess;
     protected $obj_tree_cache;
     protected $obj_type_cache;
     protected $obj_id_cache;
     protected $status;
     protected $path;
     protected $condition;
     protected $tree;
     protected $rbac;
     protected $cache;
     protected $current_info;
     protected $results;
     protected $rbacsystem;
     protected $stored_rbac_access = array();


     protected $ac_logger;

     public function __construct()
     {
         global $DIC;

         $rbacsystem = $DIC['rbacsystem'];

         $this->rbacsystem = $rbacsystem;
         $this->results = array();
         $this->current_info = new ilAccessInfo();

         // use function enable to switch on/off tests (only cache is used so far)
         $this->cache = true;
         $this->rbac = true;
         $this->tree = true;
         $this->condition = true;
         $this->path = true;
         $this->status = true;
         $this->obj_id_cache = array();
         $this->obj_type_cache = array();
         $this->obj_tree_cache = array();

         $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();

         $this->ac_logger = ilLoggerFactory::getLogger('ac');
     }


     public function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "", $a_info = "")
     {
         global $DIC;

         $ilUser = $DIC['ilUser'];

         if ($a_user_id == "") {
             $a_user_id = $ilUser->getId();
         }

         if ($a_info == "") {
             $a_info = $this->current_info;
         }

         //var_dump("<pre>",$a_permission,"</pre>");

         if ($this->cache) {
             $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
                     array("granted" => $a_access_granted, "info" => $a_info,
                     "prevent_db_cache" => $this->getPreventCachingLastResult());
             //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
             $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
             $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
             $this->last_info = $a_info;
         }

         // get new info object
         $this->current_info = new ilAccessInfo();
     }

     public function setPreventCachingLastResult($a_val)
     {
         $this->prevent_caching_last_result = $a_val;
     }

     public function getPreventCachingLastResult()
     {
         return $this->prevent_caching_last_result;
     }

     public function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
     {
         global $DIC;

         $ilUser = $DIC['ilUser'];

         if ($a_user_id == "") {
             $a_user_id = $ilUser->getId();
         }

         /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
         {
             $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
         }*/

         if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
             return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
         }
         return false;
     }
     public function storeCache()
     {
         global $DIC;

         $ilDB = $DIC['ilDB'];
         $ilUser = $DIC['ilUser'];

         $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
         $res = $ilDB->manipulate($query);

         $ilDB->insert('acc_cache', array(
             'user_id' => array('integer',$ilUser->getId()),
             'time' => array('integer',time()),
             'result' => array('clob',serialize($this->results))
             ));
     }
     public function readCache($a_secs = 0)
     {
         global $DIC;

         $ilUser = $DIC['ilUser'];
         $ilDB = $DIC['ilDB'];

         if ($a_secs > 0) {
             $query = "SELECT * FROM acc_cache WHERE user_id = " .
                 $ilDB->quote($ilUser->getId(), 'integer');
             $set = $ilDB->query($query);
             $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
             if ((time() - $rec["time"]) < $a_secs) {
                 $this->results = unserialize($rec["result"]);
                 //var_dump($this->results);
                 return true;
             }
         }
         return false;
     }
     public function getResults()
     {
         return $this->results;
     }
     public function setResults($a_results)
     {
         $this->results = $a_results;
     }

     public function addInfoItem($a_type, $a_text, $a_data = "")
     {
         $this->current_info->addInfoItem($a_type, $a_text, $a_data);
     }

     public function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id = "")
     {
         global $DIC;

         $ilUser = $DIC['ilUser'];

         return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
     }

     public function checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id = "")
     {
         global $DIC;

         $ilBench = $DIC['ilBench'];
         $lng = $DIC['lng'];

         $this->setPreventCachingLastResult(false);      // for external db based caches

         $ilBench->start("AccessControl", "0400_clear_info");
         $this->current_info->clear();
         $ilBench->stop("AccessControl", "0400_clear_info");


         // get stored result (internal memory based cache)
         $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
         if ($cached["hit"]) {
             // Store access result
             if (!$cached["granted"]) {
                 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
             }
             if ($cached["prevent_db_cache"]) {
                 $this->setPreventCachingLastResult(true);       // should have been saved in previous call already
             }
             return $cached["granted"];
         }

         $ilBench->start("AccessControl", "0500_lookup_id_and_type");
         // get object id if not provided
         if ($a_obj_id == "") {
             if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
                 $a_obj_id = $this->obj_id_cache[$a_ref_id];
             } else {
                 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
                 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
             }
         }
         if ($a_type == "") {
             if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
                 $a_type = $this->obj_type_cache[$a_ref_id];
             } else {
                 $a_type = ilObject::_lookupType($a_ref_id, true);
                 $this->obj_type_cache[$a_ref_id] = $a_type;
             }
         }

         $ilBench->stop("AccessControl", "0500_lookup_id_and_type");

         // if supplied tree id is not = 1 (= repository main tree),
         // check if object is in tree and not deleted
         if ($a_tree_id != 1 &&
             !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
             $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
             return false;
         }

         // rbac check for current object
         if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
             $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
             return false;
         }

         // Check object activation
         $act_check = $this->doActivationCheck(
             $a_permission,
             $a_cmd,
             $a_ref_id,
             $a_user_id,
             $a_obj_id,
             $a_type
         );

         if (!$act_check) {
             $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
             return false;
         }

         // check read permission for all parents
         $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
         if (!$par_check) {
             $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
             return false;
         }

         // condition check (currently only implemented for read permission)
         if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
             $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
             $this->setPreventCachingLastResult(true);           // do not store this in db, since condition updates are not monitored
             return false;
         }

         // object type specific check
         if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
             $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
             $this->setPreventCachingLastResult(true);           // do not store this in db, since status updates are not monitored
             return false;
         }

         // all checks passed
         $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
         return true;
     }

     public function getInfo()
     {
         //return $this->last_result;
         //$this->last_info->setQueryData($this->current_result_element);
         //var_dump("<pre>",$this->results,"</pre>");
         return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
     }

     public function getResultLast()
     {
         return $this->last_result;
     }
     public function getResultAll($a_ref_id = "")
     {
         if ($a_ref_id == "") {
             return $this->results;
         }

         return $this->results[$a_ref_id];
     }

     public function doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
     {
         global $DIC;

         $ilBench = $DIC['ilBench'];
         //echo "cacheCheck<br/>";

         $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
         $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
         //var_dump($stored_access);
         if (is_array($stored_access)) {
             $this->current_info = $stored_access["info"];
             //var_dump("cache-treffer:");
             $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
             return array("hit" => true, "granted" => $stored_access["granted"],
                 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
         }

         // not in cache
         $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
         return array("hit" => false, "granted" => false,
             "prevent_db_cache" => false);
     }

     public function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
     {
         global $DIC;

         $tree = $DIC['tree'];
         $lng = $DIC['lng'];
         $ilBench = $DIC['ilBench'];
         //echo "treeCheck<br/>";

         // Get stored result
         $tree_cache_key = $a_user_id . ':' . $a_ref_id;
         if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
             // Store access result
             if (!$this->obj_tree_cache[$tree_cache_key]) {
                 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
             }
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);

             return $this->obj_tree_cache[$tree_cache_key];
         }

         $ilBench->start("AccessControl", "2000_checkAccess_in_tree");

         if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
             // Store negative access results

             // Store in tree cache
             // Note, we only store up to 1000 results to avoid memory overflow.
             if (count($this->obj_tree_cache) < 1000) {
                 $this->obj_tree_cache[$tree_cache_key] = false;
             }

             // Store in result cache
             $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);

             $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");

             return false;
         }

         // Store positive access result.

         // Store in tree cache
         // Note, we only store up to 1000 results to avoid memory overflow.
         if (count($this->obj_tree_cache) < 1000) {
             $this->obj_tree_cache[$tree_cache_key] = true;
         }

         // Store in result cache
         $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);

         $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
         return true;
     }

     public function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
     {
         global $DIC;

         $lng = $DIC['lng'];
         $ilBench = $DIC['ilBench'];
         $ilErr = $DIC['ilErr'];
         $ilLog = $DIC['ilLog'];

         $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");

         if ($a_permission == "") {
             $message = sprintf(
                 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
                 get_class($this),
                 $a_ref_id
             );
             $ilLog->write($message, $ilLog->FATAL);
             $ilErr->raiseError($message, $ilErr->MESSAGE);
         }

         if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
             $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
         } else {
             $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
             if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
                 if ($a_permission != "create") {
                     $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
                 }
             }
         }

         // Store in result cache
         if (!$access) {
             $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
         }
         if ($a_permission != "create") {
             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
         }
         $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");

         return $access;
     }

     public function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
     {
         global $DIC;

         $tree = $DIC['tree'];
         $lng = $DIC['lng'];
         $ilBench = $DIC['ilBench'];
         $ilObjDataCache = $DIC['ilObjDataCache'];
         //echo "<br>dopathcheck";
         //echo "pathCheck<br/>";
         $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");

         //              if (isset($this->stored_path[$a_ref_id]))
         //              {
         //                      $path = $this->stored_path[$a_ref_id];
         //              }
         //              else
         //              {
         $path = $tree->getPathId($a_ref_id);
         //                      $this->stored_path[$a_ref_id] = $path;
         //              }
         $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");

         foreach ($path as $id) {
             if ($a_ref_id == $id) {
                 continue;
             }

             $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);

             if ($access == false) {

                 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
                 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);

                 if ($a_all == false) {
                     return false;
                 }
             }
         }

         return true;
     }

     public function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
     {
         global $DIC;

         $ilUser = $DIC['ilUser'];
         $objDefinition = $DIC['objDefinition'];


         $cache_perm = ($a_permission == "visible")
             ? "visible"
             : "other";


         if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
             return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
         }

         // nothings needs to be done if current permission is write permission
         if ($a_permission == 'write') {
             return true;
         }

         // #10852 - member view check
         if ($a_user_id == $ilUser->getId()) {
             // #10905 - activate parent container ONLY
             include_once './Services/Container/classes/class.ilMemberViewSettings.php';
             $memview = ilMemberViewSettings::getInstance();
             if ($memview->isActiveForRefId($a_ref_id) &&
                 $memview->getContainer() == $a_ref_id) {
                 return true;
             }
         }

         // in any case, if user has write permission return true
         if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
             $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
             return true;
         }

         // no write access => check centralized offline status
         if (
             $objDefinition->supportsOfflineHandling($a_type) &&
             ilObject::lookupOfflineStatus($a_obj_id)
         ) {
             $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
             return false;
         }

         include_once 'Services/Object/classes/class.ilObjectActivation.php';
         $item_data = ilObjectActivation::getItem($a_ref_id);

         // if activation isn't enabled
         if ($item_data === null ||
             $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
             $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
             return true;
         }

         // if within activation time
         if (($item_data['timing_start'] == 0 || time() >= $item_data['timing_start']) and
            ($item_data['timing_end'] == 0 || time() <= $item_data['timing_end'])) {
             $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
             return true;
         }

         // if user has write permission
         if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
             $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
             $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
             return true;
         }

         // if current permission is visible and visible is set in activation
         if ($a_permission == 'visible' and $item_data['visible']) {
             $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
             return true;
         }

         // learning progress must be readable, regardless of the activation
         if ($a_permission == 'read_learning_progress') {
             $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
             $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
             return true;
         }

         // no access
         $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
         return false;
     }

     public function doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
     {
         //echo "conditionCheck<br/>";
         global $DIC;

         $lng = $DIC['lng'];
         $ilBench = $DIC['ilBench'];

         if (
             ($a_permission == 'visible') and
             !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
         ) {
             if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
                 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
                     $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
                     foreach ($conditions as $condition) {
                         $this->current_info->addInfoItem(
                             IL_MISSING_PRECONDITION,
                             $lng->txt("missing_precondition") . ": " .
                             ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
                             $lng->txt("condition_" . $condition["operator"]) . " " .
                             $condition["value"],
                             $condition
                         );
                     }
                     return false;
                 }
                 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
             }
         }


         if (($a_permission == "read" or $a_permission == 'join') &&
             !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
             $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
             if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
                 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
                 foreach ($conditions as $condition) {
                     $this->current_info->addInfoItem(
                         IL_MISSING_PRECONDITION,
                         $lng->txt("missing_precondition") . ": " .
                         ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
                         $lng->txt("condition_" . $condition["operator"]) . " " .
                         $condition["value"],
                         $condition
                     );
                 }
                 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
                 return false;
             }
             $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
         }

         return true;
     }

     public function doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
     {
         global $DIC;

         $objDefinition = $DIC['objDefinition'];
         $ilBench = $DIC['ilBench'];
         $ilPluginAdmin = $DIC['ilPluginAdmin'];
         //echo "statusCheck<br/>";
         $ilBench->start("AccessControl", "5000_checkAccess_object_check");

         // check for a deactivated plugin
         if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type)) {
             return false;
         }
         if (!$a_type) {
             return false;
         }

         $class = $objDefinition->getClassName($a_type);
         $location = $objDefinition->getLocation($a_type);
         $full_class = "ilObj" . $class . "Access";

         if ($class == "") {
             $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
             return false;
         }

         include_once($location . "/class." . $full_class . ".php");
         // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)

         $full_class = new $full_class();

         $obj_access = call_user_func(
             array($full_class, "_checkAccess"),
             $a_cmd,
             $a_permission,
             $a_ref_id,
             $a_obj_id,
             $a_user_id
         );
         if (!($obj_access === true)) {
             //Note: We must not add an info item here, because one is going
             //      to be added by the user function we just called a few
             //      lines above.
             //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);

             $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
             $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
             return false;
         }

         $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
         $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
         return true;
     }

     public function clear()
     {
         $this->results = array();
         $this->last_result = "";
         $this->current_info = new ilAccessInfo();
         $this->stored_rbac_access = [];
     }
     public function enable($a_str, $a_bool)
     {
         $this->$a_str = $a_bool;
     }


     //
     // OrgUnit Positions
     //

     public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
     {
         return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
     }

     public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
     {
         return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
     }

     public function isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
     {
         return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
     }

     public function isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
     {
         return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
     }

     public function checkPositionAccess($pos_perm, $ref_id)
     {
         return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
     }

     public function checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
     {
         return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
     }

     public function filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
     {
         return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
     }

     public function filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
     {
         return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
     }

     public function filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
     {
         return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
     }

     public function hasCurrentUserAnyPositionAccess($ref_id)
     {
         return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
     }

     public function hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
     {
         return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
     }
 }
ilAccess\getResultLast
getResultLast()
get last info object
Definition: class.ilAccess.php:387

ilOrgUnitPositionAccess\hasCurrentUserAnyPositionAccess
hasCurrentUserAnyPositionAccess($ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:188

ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
$on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelatedPermissions for available permissionsbo...
Definition: class.ilOrgUnitPositionAccess.php:65

ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88

ilAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered getAvailablePositionRelatedPermissions for a...
Definition: class.ilAccess.php:832

ilRBACAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for activation and centralized offline status.

ilAccess\setResults
setResults($a_results)
Definition: class.ilAccess.php:236

ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
$user_ids List of ILIAS-User-IDs which shall be filteredgetAvailablePositionRelatedPermissions for av...
Definition: class.ilOrgUnitPositionAccess.php:38

ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
Reference-ID of the desired Object in the treegetAvailablePositionRelatedPermissions for available pe...
Definition: class.ilOrgUnitPositionAccess.php:161

ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilOrgUnitPositionAccess.php:211

$DIC
global $DIC
Definition: saml.php:7

ilAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
$on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelatedPermissions for available permissionsbo...
Definition: class.ilAccess.php:840

$location
$location
Definition: buildRTE.php:44

ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered getAvailablePositionRelatedPermissions for a...
Definition: class.ilOrgUnitPositionAccess.php:49

ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:39

ilAccess\$path
$path
Definition: class.ilAccess.php:45

ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:264

ilObjectActivation\getItem
static getItem($a_ref_id)
Get item data.
Definition: class.ilObjectActivation.php:354

ilAccess\$ac_logger
$ac_logger
Definition: class.ilAccess.php:83

$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

ilAccess\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.true if last result should not be cached
Definition: class.ilAccess.php:148

ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilAccess.php:888

ilAccess\$obj_type_cache
$obj_type_cache
Definition: class.ilAccess.php:33

IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27

ilAccess\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
Definition: class.ilAccess.php:741

ilObjectActivation\TIMINGS_ACTIVATION
const TIMINGS_ACTIVATION
Definition: class.ilObjectActivation.php:45

ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:8

ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988

ilAccess\addInfoItem
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
Definition: class.ilAccess.php:244

ilAccess\$results
$results
Definition: class.ilAccess.php:69

ilAccess\clear
clear()
Definition: class.ilAccess.php:800

ilAccess\$current_info
$current_info
Definition: class.ilAccess.php:65

ilAccess
Class ilAccessHandler.
Definition: class.ilAccess.php:19

ilAccess\$ilOrgUnitPositionAccess
$ilOrgUnitPositionAccess
Definition: class.ilAccess.php:25

ilAccess\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access resultprivatepermission command string reference id user id (if no id passed...
Definition: class.ilAccess.php:164

ilAccess\getResultAll
getResultAll($a_ref_id="")
Definition: class.ilAccess.php:394

$ilErr
$ilErr
Definition: raiseError.php:18

ilAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilAccess.php:904

IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28

ilAccessHandler
Interface ilAccessHandler.
Definition: interface.ilAccessHandler.php:10

$a_type
$a_type
Definition: workflow.php:92

ilAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
Reference-ID of the desired Object in the treegetAvailablePositionRelatedPermissions for available pe...
Definition: class.ilAccess.php:856

ilAccess\getResults
getResults()
Definition: class.ilAccess.php:229

ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250

ilAccess\hasCurrentUserAnyPositionAccess
hasCurrentUserAnyPositionAccess($ref_id)
bool
Definition: class.ilAccess.php:896

ilAccess\$condition
$condition
Definition: class.ilAccess.php:49

ilAccess\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
Definition: class.ilAccess.php:682

ilAccess\$obj_id_cache
$obj_id_cache
Definition: class.ilAccess.php:37

$message
catch(Exception $e) $message
Definition: saml2-logout.php:34

ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
Definition: class.ilAccess.php:156

ilAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilAccess.php:872

$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

ilAccess\checkAccess
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)(option...
Definition: class.ilAccess.php:252

ilAccess\$tree
$tree
Definition: class.ilAccess.php:53

$lng
$lng
Definition: save_question_post_data.php:23

ilAccess\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
Definition: class.ilAccess.php:406

ilObject\lookupOfflineStatus
static lookupOfflineStatus($a_obj_id)
Lookup offline status using objectDataCache.
Definition: class.ilObject.php:1006

ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107

ilAccess\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
Definition: class.ilAccess.php:539

ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilOrgUnitPositionAccess.php:231

$ilUser
$ilUser
Definition: imgupload.php:18

ilAccess\getInfo
getInfo()
get last info object
Definition: class.ilAccess.php:376

ilAccess\$rbacsystem
$rbacsystem
Definition: class.ilAccess.php:73

ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
Permission check for this ILIAS-User-ID $on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelate...
Definition: class.ilOrgUnitPositionAccess.php:76

ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1200

$query
$query
Definition: proxy_ylocal.php:13

ilAccess\$status
$status
Definition: class.ilAccess.php:41

$ilLog
$ilLog
Definition: inc.setup_header.php:123

ilAccess\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
Definition: class.ilAccess.php:492

ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275

ilAccess\$obj_tree_cache
$obj_tree_cache
Definition: class.ilAccess.php:29

ilAccess\__construct
__construct()
Definition: class.ilAccess.php:85

IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24

ilAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilAccess.php:864

ilAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilAccess.php:880

ilAccess\readCache
readCache($a_secs=0)
Definition: class.ilAccess.php:206

ilAccess\$stored_rbac_access
$stored_rbac_access
Definition: class.ilAccess.php:77

IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25

ilMemberViewSettings\getInstance
static getInstance()
Get instance.
Definition: class.ilMemberViewSettings.php:67

ilAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
Permission check for this ILIAS-User-ID $on_user_ids List of ILIAS-User-IDsgetAvailablePositionRelate...
Definition: class.ilAccess.php:848

$ilBench
global $ilBench
Definition: ilias.php:18

$ilDB
global $ilDB
Definition: storeScorm2004.php:16

ilDBConstants\FETCHMODE_ASSOC
const FETCHMODE_ASSOC
Definition: class.ilDBConstants.php:12

php

ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74

and

ilAccess\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
Definition: class.ilAccess.php:433

ilAccess\$rbac
$rbac
Definition: class.ilAccess.php:57

or

ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
$user_ids List of ILIAS-User-IDs which shall be filteredgetAvailablePositionRelatedPermissions for av...
Definition: class.ilAccess.php:824

ilAccess\storeCache
storeCache()
Definition: class.ilAccess.php:187

ilAccess\$cache
$cache
Definition: class.ilAccess.php:61

ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access resultprivatepermission command string reference id true if access is granted user id (i...
Definition: class.ilAccess.php:115

ilAccess\enable
enable($a_str, $a_bool)

Definition: class.ilAccess.php:810

ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
$user_idsgetAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104