ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAccess.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
19class ilAccess implements ilAccessHandler
20{
21
25 protected $ilOrgUnitPositionAccess;
29 protected $obj_tree_cache;
33 protected $obj_type_cache;
37 protected $obj_id_cache;
41 protected $status;
45 protected $path;
49 protected $condition;
53 protected $tree;
57 protected $rbac;
61 protected $cache;
65 protected $current_info;
69 protected $results;
73 protected $rbacsystem;
77 protected $stored_rbac_access = array();
78
79
83 protected $ac_logger;
84
85 public function __construct()
86 {
87 global $DIC;
88
89 $rbacsystem = $DIC['rbacsystem'];
90
91 $this->rbacsystem = $rbacsystem;
92 $this->results = array();
93 $this->current_info = new ilAccessInfo();
94
95 // use function enable to switch on/off tests (only cache is used so far)
96 $this->cache = true;
97 $this->rbac = true;
98 $this->tree = true;
99 $this->condition = true;
100 $this->path = true;
101 $this->status = true;
102 $this->obj_id_cache = array();
103 $this->obj_type_cache = array();
104 $this->obj_tree_cache = array();
105
106 $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();
107
108 $this->ac_logger = ilLoggerFactory::getLogger('ac');
109 }
110
111
115 public function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "", $a_info = "")
116 {
117 global $DIC;
118
119 $ilUser = $DIC['ilUser'];
120
121 if ($a_user_id == "") {
122 $a_user_id = $ilUser->getId();
123 }
124
125 if ($a_info == "") {
126 $a_info = $this->current_info;
127 }
128
129 //var_dump("<pre>",$a_permission,"</pre>");
130
131 if ($this->cache) {
132 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
133 array("granted" => $a_access_granted, "info" => $a_info,
134 "prevent_db_cache" => $this->getPreventCachingLastResult());
135 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
136 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
137 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
138 $this->last_info = $a_info;
139 }
140
141 // get new info object
142 $this->current_info = new ilAccessInfo();
143 }
144
148 public function setPreventCachingLastResult($a_val)
149 {
150 $this->prevent_caching_last_result = $a_val;
151 }
152
156 public function getPreventCachingLastResult()
157 {
158 return $this->prevent_caching_last_result;
159 }
160
164 public function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
165 {
166 global $DIC;
167
168 $ilUser = $DIC['ilUser'];
169
170 if ($a_user_id == "") {
171 $a_user_id = $ilUser->getId();
172 }
173
174 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
175 {
176 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
177 }*/
178
179 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
180 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
181 }
182 return false;
183 }
187 public function storeCache()
188 {
189 global $DIC;
190
191 $ilDB = $DIC['ilDB'];
192 $ilUser = $DIC['ilUser'];
193
194 $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
195 $res = $ilDB->manipulate($query);
196
197 $ilDB->insert('acc_cache', array(
198 'user_id' => array('integer',$ilUser->getId()),
199 'time' => array('integer',time()),
200 'result' => array('clob',serialize($this->results))
201 ));
202 }
206 public function readCache($a_secs = 0)
207 {
208 global $DIC;
209
210 $ilUser = $DIC['ilUser'];
211 $ilDB = $DIC['ilDB'];
212
213 if ($a_secs > 0) {
214 $query = "SELECT * FROM acc_cache WHERE user_id = " .
215 $ilDB->quote($ilUser->getId(), 'integer');
216 $set = $ilDB->query($query);
217 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
218 if ((time() - $rec["time"]) < $a_secs) {
219 $this->results = unserialize($rec["result"]);
220 //var_dump($this->results);
221 return true;
222 }
223 }
224 return false;
225 }
229 public function getResults()
230 {
231 return $this->results;
232 }
236 public function setResults($a_results)
237 {
238 $this->results = $a_results;
239 }
240
244 public function addInfoItem($a_type, $a_text, $a_data = "")
245 {
246 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
247 }
248
252 public function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id = "")
253 {
254 global $DIC;
255
256 $ilUser = $DIC['ilUser'];
257
258 return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
259 }
260
264 public function checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id = "")
265 {
266 global $DIC;
267
268 $ilBench = $DIC['ilBench'];
269 $lng = $DIC['lng'];
270
271 $this->setPreventCachingLastResult(false); // for external db based caches
272
273 $ilBench->start("AccessControl", "0400_clear_info");
274 $this->current_info->clear();
275 $ilBench->stop("AccessControl", "0400_clear_info");
276
277
278 // get stored result (internal memory based cache)
279 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
280 if ($cached["hit"]) {
281 // Store access result
282 if (!$cached["granted"]) {
283 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
284 }
285 if ($cached["prevent_db_cache"]) {
286 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
287 }
288 return $cached["granted"];
289 }
290
291 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
292 // get object id if not provided
293 if ($a_obj_id == "") {
294 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
295 $a_obj_id = $this->obj_id_cache[$a_ref_id];
296 } else {
297 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
298 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
299 }
300 }
301 if ($a_type == "") {
302 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
303 $a_type = $this->obj_type_cache[$a_ref_id];
304 } else {
305 $a_type = ilObject::_lookupType($a_ref_id, true);
306 $this->obj_type_cache[$a_ref_id] = $a_type;
307 }
308 }
309
310 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
311
312 // if supplied tree id is not = 1 (= repository main tree),
313 // check if object is in tree and not deleted
314 if ($a_tree_id != 1 &&
315 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
316 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
317 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
318 return false;
319 }
320
321 // rbac check for current object
322 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
323 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
324 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
325 return false;
326 }
327
328 // Check object activation
329 $act_check = $this->doActivationCheck(
330 $a_permission,
331 $a_cmd,
332 $a_ref_id,
333 $a_user_id,
334 $a_obj_id,
335 $a_type
336 );
337
338 if (!$act_check) {
339 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
340 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
341 return false;
342 }
343
344 // check read permission for all parents
345 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
346 if (!$par_check) {
347 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
348 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
349 return false;
350 }
351
352 // condition check (currently only implemented for read permission)
353 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
354 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
355 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
356 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
357 return false;
358 }
359
360 // object type specific check
361 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
362 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
363 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
364 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
365 return false;
366 }
367
368 // all checks passed
369 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
370 return true;
371 }
372
376 public function getInfo()
377 {
378 //return $this->last_result;
379 //$this->last_info->setQueryData($this->current_result_element);
380 //var_dump("<pre>",$this->results,"</pre>");
381 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
382 }
383
387 public function getResultLast()
388 {
389 return $this->last_result;
390 }
394 public function getResultAll($a_ref_id = "")
395 {
396 if ($a_ref_id == "") {
397 return $this->results;
398 }
399
400 return $this->results[$a_ref_id];
401 }
402
406 public function doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
407 {
408 global $DIC;
409
410 $ilBench = $DIC['ilBench'];
411 //echo "cacheCheck<br/>";
412
413 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
414 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
415 //var_dump($stored_access);
416 if (is_array($stored_access)) {
417 $this->current_info = $stored_access["info"];
418 //var_dump("cache-treffer:");
419 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
420 return array("hit" => true, "granted" => $stored_access["granted"],
421 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
422 }
423
424 // not in cache
425 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
426 return array("hit" => false, "granted" => false,
427 "prevent_db_cache" => false);
428 }
429
433 public function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
434 {
435 global $DIC;
436
437 $tree = $DIC['tree'];
438 $lng = $DIC['lng'];
439 $ilBench = $DIC['ilBench'];
440 //echo "treeCheck<br/>";
441
442 // Get stored result
443 $tree_cache_key = $a_user_id . ':' . $a_ref_id;
444 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
445 // Store access result
446 if (!$this->obj_tree_cache[$tree_cache_key]) {
447 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
448 }
449 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
450
451 return $this->obj_tree_cache[$tree_cache_key];
452 }
453
454 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
455
456 if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
457 // Store negative access results
458
459 // Store in tree cache
460 // Note, we only store up to 1000 results to avoid memory overflow.
461 if (count($this->obj_tree_cache) < 1000) {
462 $this->obj_tree_cache[$tree_cache_key] = false;
463 }
464
465 // Store in result cache
466 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
467 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
468
469 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
470
471 return false;
472 }
473
474 // Store positive access result.
475
476 // Store in tree cache
477 // Note, we only store up to 1000 results to avoid memory overflow.
478 if (count($this->obj_tree_cache) < 1000) {
479 $this->obj_tree_cache[$tree_cache_key] = true;
480 }
481
482 // Store in result cache
483 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
484
485 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
486 return true;
487 }
488
492 public function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
493 {
494 global $DIC;
495
496 $lng = $DIC['lng'];
497 $ilBench = $DIC['ilBench'];
498 $ilErr = $DIC['ilErr'];
499 $ilLog = $DIC['ilLog'];
500
501 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
502
503 if ($a_permission == "") {
504 $message = sprintf(
505 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
506 get_class($this),
507 $a_ref_id
508 );
509 $ilLog->write($message, $ilLog->FATAL);
510 $ilErr->raiseError($message, $ilErr->MESSAGE);
511 }
512
513 if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
514 $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
515 } else {
516 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
517 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
518 if ($a_permission != "create") {
519 $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
520 }
521 }
522 }
523
524 // Store in result cache
525 if (!$access) {
526 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
527 }
528 if ($a_permission != "create") {
529 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
530 }
531 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
532
533 return $access;
534 }
535
539 public function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
540 {
541 global $DIC;
542
543 $tree = $DIC['tree'];
544 $lng = $DIC['lng'];
545 $ilBench = $DIC['ilBench'];
546 $ilObjDataCache = $DIC['ilObjDataCache'];
547 //echo "<br>dopathcheck";
548 //echo "pathCheck<br/>";
549 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
550
551 // if (isset($this->stored_path[$a_ref_id]))
552 // {
553 // $path = $this->stored_path[$a_ref_id];
554 // }
555 // else
556 // {
557 $path = $tree->getPathId($a_ref_id);
558 // $this->stored_path[$a_ref_id] = $path;
559 // }
560 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
561
562 foreach ($path as $id) {
563 if ($a_ref_id == $id) {
564 continue;
565 }
566
567 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
568
569 if ($access == false) {
570
571 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
572 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);
573
574 if ($a_all == false) {
575 return false;
576 }
577 }
578 }
579
580 return true;
581 }
582
586 public function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
587 {
588 global $DIC;
589
590 $ilUser = $DIC['ilUser'];
594 $objDefinition = $DIC['objDefinition'];
595
596
597 $cache_perm = ($a_permission == "visible")
598 ? "visible"
599 : "other";
600
601
602 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
603 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
604 }
605
606 // nothings needs to be done if current permission is write permission
607 if ($a_permission == 'write') {
608 return true;
609 }
610
611 // #10852 - member view check
612 if ($a_user_id == $ilUser->getId()) {
613 // #10905 - activate parent container ONLY
614 include_once './Services/Container/classes/class.ilMemberViewSettings.php';
615 $memview = ilMemberViewSettings::getInstance();
616 if ($memview->isActiveForRefId($a_ref_id) &&
617 $memview->getContainer() == $a_ref_id) {
618 return true;
619 }
620 }
621
622 // in any case, if user has write permission return true
623 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
624 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
625 return true;
626 }
627
628 // no write access => check centralized offline status
629 if (
630 $objDefinition->supportsOfflineHandling($a_type) &&
631 ilObject::lookupOfflineStatus($a_obj_id)
632 ) {
633 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
634 return false;
635 }
636
637 include_once 'Services/Object/classes/class.ilObjectActivation.php';
638 $item_data = ilObjectActivation::getItem($a_ref_id);
639
640 // if activation isn't enabled
641 if ($item_data === null ||
642 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
643 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
644 return true;
645 }
646
647 // if within activation time
648 if (($item_data['timing_start'] == 0 || time() >= $item_data['timing_start']) and
649 ($item_data['timing_end'] == 0 || time() <= $item_data['timing_end'])) {
650 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
651 return true;
652 }
653
654 // if user has write permission
655 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
656 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
657 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
658 return true;
659 }
660
661 // if current permission is visible and visible is set in activation
662 if ($a_permission == 'visible' and $item_data['visible']) {
663 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
664 return true;
665 }
666
667 // learning progress must be readable, regardless of the activation
668 if ($a_permission == 'read_learning_progress') {
669 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
670 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
671 return true;
672 }
673
674 // no access
675 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
676 return false;
677 }
678
682 public function doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
683 {
684 //echo "conditionCheck<br/>";
685 global $DIC;
686
687 $lng = $DIC['lng'];
688 $ilBench = $DIC['ilBench'];
689
690 if (
691 ($a_permission == 'visible') and
692 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
693 ) {
694 if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
695 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
696 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
697 foreach ($conditions as $condition) {
698 $this->current_info->addInfoItem(
699 IL_MISSING_PRECONDITION,
700 $lng->txt("missing_precondition") . ": " .
701 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
702 $lng->txt("condition_" . $condition["operator"]) . " " .
703 $condition["value"],
704 $condition
705 );
706 }
707 return false;
708 }
709 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
710 }
711 }
712
713
714 if (($a_permission == "read" or $a_permission == 'join') &&
715 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
716 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
717 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
718 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
719 foreach ($conditions as $condition) {
720 $this->current_info->addInfoItem(
721 IL_MISSING_PRECONDITION,
722 $lng->txt("missing_precondition") . ": " .
723 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
724 $lng->txt("condition_" . $condition["operator"]) . " " .
725 $condition["value"],
726 $condition
727 );
728 }
729 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
730 return false;
731 }
732 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
733 }
734
735 return true;
736 }
737
741 public function doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
742 {
743 global $DIC;
744
745 $objDefinition = $DIC['objDefinition'];
746 $ilBench = $DIC['ilBench'];
747 $ilPluginAdmin = $DIC['ilPluginAdmin'];
748 //echo "statusCheck<br/>";
749 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
750
751 // check for a deactivated plugin
752 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type)) {
753 return false;
754 }
755 if (!$a_type) {
756 return false;
757 }
758
759 $class = $objDefinition->getClassName($a_type);
760 $location = $objDefinition->getLocation($a_type);
761 $full_class = "ilObj" . $class . "Access";
762
763 if ($class == "") {
764 $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
765 return false;
766 }
767
768 include_once($location . "/class." . $full_class . ".php");
769 // static call to ilObj..::_checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id)
770
771 $full_class = new $full_class();
772
773 $obj_access = call_user_func(
774 array($full_class, "_checkAccess"),
775 $a_cmd,
776 $a_permission,
777 $a_ref_id,
778 $a_obj_id,
779 $a_user_id
780 );
781 if (!($obj_access === true)) {
782 //Note: We must not add an info item here, because one is going
783 // to be added by the user function we just called a few
784 // lines above.
785 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
786
787 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
788 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
789 return false;
790 }
791
792 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
793 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
794 return true;
795 }
796
800 public function clear()
801 {
802 $this->results = array();
803 $this->last_result = "";
804 $this->current_info = new ilAccessInfo();
805 $this->stored_rbac_access = [];
806 }
810 public function enable($a_str, $a_bool)
811 {
812 $this->$a_str = $a_bool;
813 }
814
815
816
817 //
818 // OrgUnit Positions
819 //
820
824 public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
825 {
826 return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
827 }
828
832 public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
833 {
834 return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
835 }
836
840 public function isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
841 {
842 return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
843 }
844
848 public function isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
849 {
850 return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
851 }
852
856 public function checkPositionAccess($pos_perm, $ref_id)
857 {
858 return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
859 }
860
864 public function checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
865 {
866 return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
867 }
868
872 public function filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
873 {
874 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
875 }
876
880 public function filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
881 {
882 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
883 }
884
888 public function filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
889 {
890 return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
891 }
892
896 public function hasCurrentUserAnyPositionAccess($ref_id)
897 {
898 return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
899 }
900
904 public function hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
905 {
906 return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
907 }
908}
$location
$location
Definition: buildRTE.php:44
php
An exception for terminatinating execution or to throw for unit testing.
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:40
ilAccess
Class ilAccessHandler.
Definition: class.ilAccess.php:20
ilAccess\readCache
readCache($a_secs=0)
Definition: class.ilAccess.php:206
ilAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilAccess.php:880
ilAccess\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
Definition: class.ilAccess.php:682
ilAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
Definition: class.ilAccess.php:864
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:264
ilAccess\hasCurrentUserAnyPositionAccess
hasCurrentUserAnyPositionAccess($ref_id)
bool
Definition: class.ilAccess.php:896
ilAccess\getResultAll
getResultAll($a_ref_id="")
Definition: class.ilAccess.php:394
ilAccess\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
Definition: class.ilAccess.php:406
ilAccess\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
Definition: class.ilAccess.php:433
ilAccess\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific checkbool
Definition: class.ilAccess.php:741
ilAccess\$ilOrgUnitPositionAccess
$ilOrgUnitPositionAccess
Definition: class.ilAccess.php:25
ilAccess\enable
enable($a_str, $a_bool)
Definition: class.ilAccess.php:810
ilAccess\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
Definition: class.ilAccess.php:539
ilAccess\getResultLast
getResultLast()
get last info object
Definition: class.ilAccess.php:387
ilAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilAccess.php:840
ilAccess\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
Definition: class.ilAccess.php:492
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
Definition: class.ilAccess.php:156
ilAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilAccess.php:872
ilAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilAccess.php:856
ilAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilAccess.php:904
ilAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilAccess.php:832
ilAccess\setResults
setResults($a_results)
Definition: class.ilAccess.php:236
ilAccess\addInfoItem
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
Definition: class.ilAccess.php:244
ilAccess\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
Definition: class.ilAccess.php:164
ilAccess\getInfo
getInfo()
get last info object
Definition: class.ilAccess.php:376
ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilAccess.php:824
ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
Definition: class.ilAccess.php:888
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:148
ilAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilAccess.php:848
ilAccess\checkAccess
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:252
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
Definition: class.ilAccess.php:115
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1200
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilMemberViewSettings\getInstance
static getInstance()
Get instance.
Definition: class.ilMemberViewSettings.php:67
ilObjectActivation\getItem
static getItem($a_ref_id)
Get item data.
Definition: class.ilObjectActivation.php:354
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilObject\lookupOfflineStatus
static lookupOfflineStatus($a_obj_id)
Lookup offline status using objectDataCache.
Definition: class.ilObject.php:1006
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:9
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:49
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:161
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:65
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:38
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:211
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
Definition: class.ilOrgUnitPositionAccess.php:231
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:76
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$ilBench
global $ilBench
Definition: ilias.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:123
ilAccessHandler
Interface ilAccessHandler.
Definition: interface.ilAccessHandler.php:11
ilRBACAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for activation and centralized offline status.
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$query
$query
Definition: proxy_ylocal.php:13
$ilErr
$ilErr
Definition: raiseError.php:18
$DIC
global $DIC
Definition: saml.php:7
$lng
$lng
Definition: save_question_post_data.php:23
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
$ilUser
Definition: imgupload.php:18
$a_type
$a_type
Definition: workflow.php:92