ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
Public Member Functions | Protected Attributes
ilAccess Class Reference

Class ilAccessHandler. More...

+ Inheritance diagram for ilAccess:
+ Collaboration diagram for ilAccess:

Public Member Functions

 __construct ()
 
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
 store access result@access private
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)
More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result.
Parameters
booleantrue if last result should not be cached
More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result.
Returns
boolean true if last result should not be cached
More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result@access private
Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object
More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
 check access for an object (provide $a_type and $a_obj_id if available for better performance)
Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)
More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool
More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool
More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool
More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission)
Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool
More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 
Parameters
$a_str
$a_bool
More...
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
 
Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs
More...
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
 
Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs
More...
 
 isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
 
Parameters
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
 
Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkPositionAccess ($pos_perm, $ref_id)
 
Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool
More...
 
 checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool
More...
 
 filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
 
Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
 
Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]
More...
 
 filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
 
Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]
More...
 
 hasCurrentUserAnyPositionAccess ($ref_id)
 
Parameters
int$ref_id
Returns
bool
More...
 
 hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
 
Parameters
string$rbac_perm
int$ref_id
Returns
bool
More...
 
- Public Member Functions inherited from ilRBACAccessHandler
 storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id=null, $a_info="")
 store access result More...
 
 setPreventCachingLastResult ($a_val)
 Set prevent caching last result. More...
 
 getPreventCachingLastResult ()
 Get prevent caching last result. More...
 
 getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
 get stored access result More...
 
 storeCache ()
 
 readCache ($a_secs=0)
 
 getResults ()
 
 setResults ($a_results)
 
 addInfoItem ($a_type, $a_text, $a_data="")
 add an info item to current info object More...
 
 checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id=null, $a_tree_id=null)
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id=null, $a_tree_id=null)
 check access for an object (provide $a_type and $a_obj_id if available for better performance) More...
 
 getInfo ()
 get last info object More...
 
 getResultLast ()
 get last info object More...
 
 getResultAll ($a_ref_id="")
 
 doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 look if result for current query is already in cache More...
 
 doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
 check if object is in tree and not deleted More...
 
 doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
 rbac check for current object -> type should be used for create permission More...
 
 doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
 check read permission for all parents More...
 
 doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 check for activation and centralized offline status. More...
 
 doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 condition check (currently only implemented for read permission) More...
 
 doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
 object type specific check More...
 
 clear ()
 
 enable ($a_str, $a_bool)
 
 filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
 
 filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
 
 isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
 
 isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
 
 checkPositionAccess ($pos_perm, $ref_id)
 
 hasCurrentUserAnyPositionAccess ($ref_id)
 
 filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
 
 filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
 
 checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
 
 filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
 
 hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
 

Protected Attributes

 $ilOrgUnitPositionAccess
 
 $obj_tree_cache
 
 $obj_type_cache
 
 $obj_id_cache
 
 $status
 
 $path
 
 $condition
 
 $tree
 
 $rbac
 
 $cache
 
 $current_info
 
 $results
 
 $rbacsystem
 
 $stored_rbac_access = array()
 
 $ac_logger
 

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author
Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de

Definition at line 13 of file class.ilAccess.php.

Constructor & Destructor Documentation

◆ __construct()

ilAccess::__construct ( )

Definition at line 79 of file class.ilAccess.php.

80 {
81 global $DIC;
82
83 $rbacsystem = $DIC['rbacsystem'];
84
85 $this->rbacsystem = $rbacsystem;
86 $this->results = array();
87 $this->current_info = new ilAccessInfo();
88
89 // use function enable to switch on/off tests (only cache is used so far)
90 $this->cache = true;
91 $this->rbac = true;
92 $this->tree = true;
93 $this->condition = true;
94 $this->path = true;
95 $this->status = true;
96 $this->obj_id_cache = array();
97 $this->obj_type_cache = array();
98 $this->obj_tree_cache = array();
99
100 $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();
101
102 $this->ac_logger = ilLoggerFactory::getLogger('ac');
103 }
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:40
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:9
$DIC
$DIC
Definition: xapitoken.php:46

References $DIC, $rbacsystem, and ilLoggerFactory\getLogger().

+ Here is the call graph for this function:

Member Function Documentation

◆ addInfoItem()

ilAccess::addInfoItem (   $a_type,
  $a_text,
  $a_data = "" 
)

add an info item to current info object

Implements ilRBACAccessHandler.

Definition at line 238 of file class.ilAccess.php.

239 {
240 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
241 }
$a_type
$a_type
Definition: workflow.php:92

References $a_type.

◆ checkAccess()

ilAccess::checkAccess (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 246 of file class.ilAccess.php.

247 {
248 global $DIC;
249
250 $ilUser = $DIC['ilUser'];
251
252 return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
253 }
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:258
$ilUser
$ilUser
Definition: imgupload.php:18

References $a_type, $DIC, $ilUser, and checkAccessOfUser().

Referenced by ilLocalUserGUI\__checkGlobalRoles(), ilLocalUserGUI\__showRolesTable(), ilOrgUnitStaffGUI\addOtherRoles(), ilOrgUnitStaffGUI\addStaff(), ilObjStudyProgrammeGUI\addToNavigationHistory(), ilLocalUserGUI\assignRoles(), ilLocalUserGUI\assignSave(), ilObjStudyProgrammeIndividualPlanGUI\buildFrame(), ilObjStudyProgrammeGUI\checkAccess(), ilLocalUserGUI\checkPermission(), ilOrgUnitSimpleImportGUI\chooseImport(), ilOrgUnitStaffGUI\confirmRemoveUser(), ilObjOrgUnitGUI\editAdvancedSettings(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editSettings(), ilObjOrgUnitGUI\executeCommand(), ilOrgUnitStaffGUI\fromEmployeeToSuperior(), ilOrgUnitStaffGUI\fromSuperiorToEmployee(), ilObjStudyProgrammeAdminGUI\initFormSettings(), ilObjStudyProgrammeReferenceListGUI\initItem(), ilOrgUnitRecursiveUserAssignmentTableGUI\mayViewLPIn(), ilOrgUnitStaffGUI\removeFromEmployees(), ilOrgUnitStaffGUI\removeFromRole(), ilOrgUnitStaffGUI\removeFromSuperiors(), ilOrgUnitStaffGUI\setTabs(), ilOrgUnitStaffGUI\showOtherRoles(), ilOrgUnitStaffGUI\showStaff(), ilObjOrgUnitGUI\updateAdvancedSettings(), ilObjStudyProgrammeGUI\updateAdvancedSettings(), and ilObjOrgUnitGUI\updateSettings().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkAccessOfUser()

ilAccess::checkAccessOfUser (   $a_user_id,
  $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_type = "",
  $a_obj_id = "",
  $a_tree_id = "" 
)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters
integer$a_user_id
string$a_permission
string$a_cmd
int$a_ref_id
string$a_type(optional)
int$a_obj_id(optional)
int$a_tree_id(optional)

Implements ilRBACAccessHandler.

Definition at line 258 of file class.ilAccess.php.

259 {
260 global $DIC;
261
262 $ilBench = $DIC['ilBench'];
263 $lng = $DIC['lng'];
264
265 $this->setPreventCachingLastResult(false); // for external db based caches
266
267 $ilBench->start("AccessControl", "0400_clear_info");
268 $this->current_info->clear();
269 $ilBench->stop("AccessControl", "0400_clear_info");
270
271
272 // get stored result (internal memory based cache)
273 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
274 if ($cached["hit"]) {
275 // Store access result
276 if (!$cached["granted"]) {
277 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
278 }
279 if ($cached["prevent_db_cache"]) {
280 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
281 }
282 return $cached["granted"];
283 }
284
285 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
286 // get object id if not provided
287 if ($a_obj_id == "") {
288 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
289 $a_obj_id = $this->obj_id_cache[$a_ref_id];
290 } else {
291 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
292 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
293 }
294 }
295 if ($a_type == "") {
296 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
297 $a_type = $this->obj_type_cache[$a_ref_id];
298 } else {
299 $a_type = ilObject::_lookupType($a_ref_id, true);
300 $this->obj_type_cache[$a_ref_id] = $a_type;
301 }
302 }
303
304 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
305
306 // if supplied tree id is not = 1 (= repository main tree),
307 // check if object is in tree and not deleted
308 if ($a_tree_id != 1 &&
309 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
310 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
311 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
312 return false;
313 }
314
315 // rbac check for current object
316 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
317 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
318 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
319 return false;
320 }
321
322 // Check object activation
323 $act_check = $this->doActivationCheck(
324 $a_permission,
325 $a_cmd,
326 $a_ref_id,
327 $a_user_id,
328 $a_obj_id,
329 $a_type
330 );
331
332 if (!$act_check) {
333 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
334 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
335 return false;
336 }
337
338 // check read permission for all parents
339 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
340 if (!$par_check) {
341 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
342 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
343 return false;
344 }
345
346 // condition check (currently only implemented for read permission)
347 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
348 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
349 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
350 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
351 return false;
352 }
353
354 // object type specific check
355 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
356 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
357 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
358 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
359 return false;
360 }
361
362 // all checks passed
363 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
364 return true;
365 }
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
ilAccess\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
Definition: class.ilAccess.php:674
ilAccess\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
Definition: class.ilAccess.php:400
ilAccess\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
Definition: class.ilAccess.php:427
ilAccess\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
Definition: class.ilAccess.php:533
ilAccess\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
Definition: class.ilAccess.php:486
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:142
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
Definition: class.ilAccess.php:109
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1278
$ilBench
global $ilBench
Definition: ilias.php:18
ilRBACAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for activation and centralized offline status.
ilRBACAccessHandler\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
$lng
$lng
Definition: save_question_post_data.php:23

References $a_type, $DIC, $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), ilRBACAccessHandler\doActivationCheck(), doCacheCheck(), doConditionCheck(), doPathCheck(), doRBACCheck(), ilRBACAccessHandler\doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doConditionCheck(), doPathCheck(), and ilSearchResult\filter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPositionAccess()

ilAccess::checkPositionAccess (   $pos_perm,
  $ref_id 
)

Parameters
string$pos_perm
int$ref_idReference-ID of the desired Object in the tree
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 851 of file class.ilAccess.php.

852 {
853 return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
854 }
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:161

References ilOrgUnitPositionAccess\checkPositionAccess().

Referenced by ilObjStudyProgrammeGUI\denyAccessIfNotAnyOf(), and ilObjStudyProgrammeGUI\getTabs().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkRbacOrPositionPermissionAccess()

ilAccess::checkRbacOrPositionPermissionAccess (   $rbac_perm,
  $pos_perm,
  $ref_id 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 859 of file class.ilAccess.php.

860 {
861 return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
862 }
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:211

References ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess().

+ Here is the call graph for this function:

◆ clear()

ilAccess::clear ( )

Implements ilRBACAccessHandler.

Definition at line 795 of file class.ilAccess.php.

796 {
797 $this->results = array();
798 $this->last_result = "";
799 $this->current_info = new ilAccessInfo();
800 $this->stored_rbac_access = [];
801 }

◆ doCacheCheck()

ilAccess::doCacheCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

look if result for current query is already in cache

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 400 of file class.ilAccess.php.

401 {
402 global $DIC;
403
404 $ilBench = $DIC['ilBench'];
405 //echo "cacheCheck<br/>";
406
407 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
408 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
409 //var_dump($stored_access);
410 if (is_array($stored_access)) {
411 $this->current_info = $stored_access["info"];
412 //var_dump("cache-treffer:");
413 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
414 return array("hit" => true, "granted" => $stored_access["granted"],
415 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
416 }
417
418 // not in cache
419 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
420 return array("hit" => false, "granted" => false,
421 "prevent_db_cache" => false);
422 }
ilAccess\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
Definition: class.ilAccess.php:158

References $DIC, $ilBench, and getStoredAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doConditionCheck()

ilAccess::doConditionCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_obj_id,
  $a_type 
)

condition check (currently only implemented for read permission)

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
int$a_obj_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 674 of file class.ilAccess.php.

675 {
676 //echo "conditionCheck<br/>";
677 global $DIC;
678
679 $lng = $DIC['lng'];
680 $ilBench = $DIC['ilBench'];
681
682 if (
683 ($a_permission == 'visible') and
684 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
685 ) {
686 if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
687 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
688 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
689 foreach ($conditions as $condition) {
690 $this->current_info->addInfoItem(
691 IL_MISSING_PRECONDITION,
692 $lng->txt("missing_precondition") . ": " .
693 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
694 $lng->txt("condition_" . $condition["operator"]) . " " .
695 $condition["value"],
696 $condition
697 );
698 }
699 return false;
700 }
701 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
702 }
703 }
704
705
706 if (($a_permission == "read" or $a_permission == 'join') &&
707 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
708 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
709 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
710 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
711 foreach ($conditions as $condition) {
712 $this->current_info->addInfoItem(
713 IL_MISSING_PRECONDITION,
714 $lng->txt("missing_precondition") . ": " .
715 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
716 $lng->txt("condition_" . $condition["operator"]) . " " .
717 $condition["value"],
718 $condition
719 );
720 }
721 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
722 return false;
723 }
724 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
725 }
726
727 return true;
728 }
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1200
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988

References $a_type, $condition, $DIC, $ilBench, $lng, ilConditionHandler\_checkAllConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), and IL_MISSING_PRECONDITION.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doPathCheck()

ilAccess::doPathCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_all = false 
)

check read permission for all parents

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
bool$a_all
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 533 of file class.ilAccess.php.

534 {
535 global $DIC;
536
537 $tree = $DIC['tree'];
538 $lng = $DIC['lng'];
539 $ilBench = $DIC['ilBench'];
540 $ilObjDataCache = $DIC['ilObjDataCache'];
541 //echo "<br>dopathcheck";
542 //echo "pathCheck<br/>";
543 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
544
545 // if (isset($this->stored_path[$a_ref_id]))
546 // {
547 // $path = $this->stored_path[$a_ref_id];
548 // }
549 // else
550 // {
551 $path = $tree->getPathId($a_ref_id);
552 // $this->stored_path[$a_ref_id] = $path;
553 // }
554 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
555
556 foreach ($path as $id) {
557 if ($a_ref_id == $id) {
558 continue;
559 }
560
561 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
562
563 if ($access == false) {
564
565 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
566 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);
567
568 if ($a_all == false) {
569 return false;
570 }
571 }
572 }
573
574 return true;
575 }
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27

References $DIC, $ilBench, $lng, $path, $tree, checkAccessOfUser(), and IL_NO_PARENT_ACCESS.

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doRBACCheck()

ilAccess::doRBACCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id,
  $a_type 
)

rbac check for current object -> type should be used for create permission

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
string$a_type
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 486 of file class.ilAccess.php.

487 {
488 global $DIC;
489
490 $lng = $DIC['lng'];
491 $ilBench = $DIC['ilBench'];
492 $ilErr = $DIC['ilErr'];
493 $ilLog = $DIC['ilLog'];
494
495 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
496
497 if ($a_permission == "") {
498 $message = sprintf(
499 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
500 get_class($this),
501 $a_ref_id
502 );
503 $ilLog->write($message, $ilLog->FATAL);
504 $ilErr->raiseError($message, $ilErr->MESSAGE);
505 }
506
507 if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
508 $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
509 } else {
510 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
511 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
512 if ($a_permission != "create") {
513 $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
514 }
515 }
516 }
517
518 // Store in result cache
519 if (!$access) {
520 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
521 }
522 if ($a_permission != "create") {
523 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
524 }
525 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
526
527 return $access;
528 }
$ilLog
$ilLog
Definition: inc.setup_header.php:123
$ilErr
$ilErr
Definition: raiseError.php:18
$message
$message
Definition: xapiexit.php:14

References $a_type, $DIC, $ilBench, $ilErr, $ilLog, $lng, $message, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doTreeCheck()

ilAccess::doTreeCheck (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id 
)

check if object is in tree and not deleted

Parameters
string$a_permission
string$a_cmd
int$a_ref_id
int$a_user_id
Returns
bool

Implements ilRBACAccessHandler.

Definition at line 427 of file class.ilAccess.php.

428 {
429 global $DIC;
430
431 $tree = $DIC['tree'];
432 $lng = $DIC['lng'];
433 $ilBench = $DIC['ilBench'];
434 //echo "treeCheck<br/>";
435
436 // Get stored result
437 $tree_cache_key = $a_user_id . ':' . $a_ref_id;
438 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
439 // Store access result
440 if (!$this->obj_tree_cache[$tree_cache_key]) {
441 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
442 }
443 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
444
445 return $this->obj_tree_cache[$tree_cache_key];
446 }
447
448 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
449
450 if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
451 // Store negative access results
452
453 // Store in tree cache
454 // Note, we only store up to 1000 results to avoid memory overflow.
455 if (count($this->obj_tree_cache) < 1000) {
456 $this->obj_tree_cache[$tree_cache_key] = false;
457 }
458
459 // Store in result cache
460 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
461 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
462
463 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
464
465 return false;
466 }
467
468 // Store positive access result.
469
470 // Store in tree cache
471 // Note, we only store up to 1000 results to avoid memory overflow.
472 if (count($this->obj_tree_cache) < 1000) {
473 $this->obj_tree_cache[$tree_cache_key] = true;
474 }
475
476 // Store in result cache
477 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
478
479 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
480 return true;
481 }
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28

References $DIC, $ilBench, $lng, $tree, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ enable()

ilAccess::enable (   $a_str,
  $a_bool 
)

Parameters
$a_str
$a_bool

Implements ilRBACAccessHandler.

Definition at line 805 of file class.ilAccess.php.

806 {
807 $this->$a_str = $a_bool;
808 }

◆ filterUserIdsByPositionOfCurrentUser()

ilAccess::filterUserIdsByPositionOfCurrentUser (   $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 867 of file class.ilAccess.php.

868 {
869 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
870 }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser().

+ Here is the call graph for this function:

◆ filterUserIdsByPositionOfUser()

ilAccess::filterUserIdsByPositionOfUser (   $user_id,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
int$user_id
string$pos_perm
int$ref_id
int[]$user_ids
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 875 of file class.ilAccess.php.

876 {
877 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
878 }
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser().

+ Here is the call graph for this function:

◆ filterUserIdsByRbacOrPositionOfCurrentUser()

ilAccess::filterUserIdsByRbacOrPositionOfCurrentUser (   $rbac_perm,
  $pos_perm,
  $ref_id,
array  $user_ids 
)

Parameters
string$rbac_perm
string$pos_permSee the list of available permissions in interface ilOrgUnitPositionAccessHandler
int$ref_idReference-ID of the desired Object in the tree
int[]$user_ids
Returns
int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 883 of file class.ilAccess.php.

884 {
885 return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
886 }
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
Definition: class.ilOrgUnitPositionAccess.php:231

References ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

+ Here is the call graph for this function:

◆ filterUserIdsForCurrentUsersPositionsAndPermission()

ilAccess::filterUserIdsForCurrentUsersPositionsAndPermission ( array  $user_ids,
  $permission 
)

Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 819 of file class.ilAccess.php.

820 {
821 return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
822 }
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:38

References ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

+ Here is the call graph for this function:

◆ filterUserIdsForUsersPositionsAndPermission()

ilAccess::filterUserIdsForUsersPositionsAndPermission ( array  $user_ids,
  $for_user_id,
  $permission 
)

Parameters
int[]$user_idsList of ILIAS-User-IDs which shall be filtered
int$for_user_id
string$permission
See also
getAvailablePositionRelatedPermissions for available permissions
Exceptions

ilOrgUnitAccessException when a unknown permission is used. See the list of available permissions in interface ilOrgUnitPositionAccessHandler

Returns
int[] Filtered List of ILIAS-User-IDs

Implements ilOrgUnitPositionAccessHandler.

Definition at line 827 of file class.ilAccess.php.

828 {
829 return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
830 }
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:49

References ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission().

+ Here is the call graph for this function:

◆ getInfo()

ilAccess::getInfo ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 370 of file class.ilAccess.php.

371 {
372 //return $this->last_result;
373 //$this->last_info->setQueryData($this->current_result_element);
374 //var_dump("<pre>",$this->results,"</pre>");
375 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
376 }

◆ getPreventCachingLastResult()

ilAccess::getPreventCachingLastResult ( )

Get prevent caching last result.

Returns
boolean true if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 150 of file class.ilAccess.php.

151 {
152 return $this->prevent_caching_last_result;
153 }

Referenced by storeAccessResult().

+ Here is the caller graph for this function:

◆ getResultAll()

ilAccess::getResultAll (   $a_ref_id = "")

Implements ilRBACAccessHandler.

Definition at line 388 of file class.ilAccess.php.

389 {
390 if ($a_ref_id == "") {
391 return $this->results;
392 }
393
394 return $this->results[$a_ref_id];
395 }

References $results.

◆ getResultLast()

ilAccess::getResultLast ( )

get last info object

Implements ilRBACAccessHandler.

Definition at line 381 of file class.ilAccess.php.

382 {
383 return $this->last_result;
384 }

◆ getResults()

ilAccess::getResults ( )

Implements ilRBACAccessHandler.

Definition at line 223 of file class.ilAccess.php.

224 {
225 return $this->results;
226 }

References $results.

◆ getStoredAccessResult()

ilAccess::getStoredAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_user_id = "" 
)

get stored access result@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
int$a_user_iduser id (if no id passed, current user id)
Returns
array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Implements ilRBACAccessHandler.

Definition at line 158 of file class.ilAccess.php.

159 {
160 global $DIC;
161
162 $ilUser = $DIC['ilUser'];
163
164 if ($a_user_id == "") {
165 $a_user_id = $ilUser->getId();
166 }
167
168 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
169 {
170 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
171 }*/
172
173 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
174 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
175 }
176 return false;
177 }

References $DIC, and $ilUser.

Referenced by doCacheCheck().

+ Here is the caller graph for this function:

◆ hasCurrentUserAnyPositionAccess()

ilAccess::hasCurrentUserAnyPositionAccess (   $ref_id)

Parameters
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 891 of file class.ilAccess.php.

892 {
893 return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
894 }

References ilOrgUnitPositionAccess\hasCurrentUserAnyPositionAccess().

+ Here is the call graph for this function:

◆ hasUserRBACorAnyPositionAccess()

ilAccess::hasUserRBACorAnyPositionAccess (   $rbac_perm,
  $ref_id 
)

Parameters
string$rbac_perm
int$ref_id
Returns
bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 899 of file class.ilAccess.php.

900 {
901 return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
902 }
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250

References ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess().

+ Here is the call graph for this function:

◆ isCurrentUserBasedOnPositionsAllowedTo()

ilAccess::isCurrentUserBasedOnPositionsAllowedTo (   $permission,
array  $on_user_ids 
)

Parameters
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 835 of file class.ilAccess.php.

836 {
837 return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
838 }
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:65

References ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo().

+ Here is the call graph for this function:

◆ isUserBasedOnPositionsAllowedTo()

ilAccess::isUserBasedOnPositionsAllowedTo (   $which_user_id,
  $permission,
array  $on_user_ids 
)

Parameters
int$which_user_idPermission check for this ILIAS-User-ID
string$permission
int[]$on_user_idsList of ILIAS-User-IDs
See also
getAvailablePositionRelatedPermissions for available permissions
Returns
bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 843 of file class.ilAccess.php.

844 {
845 return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
846 }
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:76

References ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo().

+ Here is the call graph for this function:

◆ readCache()

ilAccess::readCache (   $a_secs = 0)

Implements ilRBACAccessHandler.

Definition at line 200 of file class.ilAccess.php.

201 {
202 global $DIC;
203
204 $ilUser = $DIC['ilUser'];
205 $ilDB = $DIC['ilDB'];
206
207 if ($a_secs > 0) {
208 $query = "SELECT * FROM acc_cache WHERE user_id = " .
209 $ilDB->quote($ilUser->getId(), 'integer');
210 $set = $ilDB->query($query);
211 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
212 if ((time() - $rec["time"]) < $a_secs) {
213 $this->results = unserialize($rec["result"]);
214 //var_dump($this->results);
215 return true;
216 }
217 }
218 return false;
219 }
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $DIC, $ilDB, $ilUser, $query, and ilDBConstants\FETCHMODE_ASSOC.

◆ setPreventCachingLastResult()

ilAccess::setPreventCachingLastResult (   $a_val)

Set prevent caching last result.

Parameters
booleantrue if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 142 of file class.ilAccess.php.

143 {
144 $this->prevent_caching_last_result = $a_val;
145 }

Referenced by checkAccessOfUser().

+ Here is the caller graph for this function:

◆ setResults()

ilAccess::setResults (   $a_results)

Implements ilRBACAccessHandler.

Definition at line 230 of file class.ilAccess.php.

231 {
232 $this->results = $a_results;
233 }

◆ storeAccessResult()

ilAccess::storeAccessResult (   $a_permission,
  $a_cmd,
  $a_ref_id,
  $a_access_granted,
  $a_user_id = "",
  $a_info = "" 
)

store access result@access private

Parameters
string$a_permissionpermission
string$a_cmdcommand string
int$a_ref_idreference id
boolean$a_access_grantedtrue if access is granted
int$a_user_iduser id (if no id passed, current user id)

Implements ilRBACAccessHandler.

Definition at line 109 of file class.ilAccess.php.

110 {
111 global $DIC;
112
113 $ilUser = $DIC['ilUser'];
114
115 if ($a_user_id == "") {
116 $a_user_id = $ilUser->getId();
117 }
118
119 if ($a_info == "") {
120 $a_info = $this->current_info;
121 }
122
123 //var_dump("<pre>",$a_permission,"</pre>");
124
125 if ($this->cache) {
126 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
127 array("granted" => $a_access_granted, "info" => $a_info,
128 "prevent_db_cache" => $this->getPreventCachingLastResult());
129 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
130 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
131 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
132 $this->last_info = $a_info;
133 }
134
135 // get new info object
136 $this->current_info = new ilAccessInfo();
137 }
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
Definition: class.ilAccess.php:150

References $current_info, $DIC, $ilUser, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doRBACCheck(), and doTreeCheck().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ storeCache()

ilAccess::storeCache ( )

Implements ilRBACAccessHandler.

Definition at line 181 of file class.ilAccess.php.

182 {
183 global $DIC;
184
185 $ilDB = $DIC['ilDB'];
186 $ilUser = $DIC['ilUser'];
187
188 $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
189 $res = $ilDB->manipulate($query);
190
191 $ilDB->insert('acc_cache', array(
192 'user_id' => array('integer',$ilUser->getId()),
193 'time' => array('integer',time()),
194 'result' => array('clob',serialize($this->results))
195 ));
196 }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

References $DIC, $ilDB, $ilUser, $query, and $res.

Field Documentation

◆ $ac_logger

ilAccess::$ac_logger
protected

Definition at line 77 of file class.ilAccess.php.

◆ $cache

ilAccess::$cache
protected

Definition at line 55 of file class.ilAccess.php.

◆ $condition

ilAccess::$condition
protected

Definition at line 43 of file class.ilAccess.php.

Referenced by doConditionCheck().

◆ $current_info

ilAccess::$current_info
protected

Definition at line 59 of file class.ilAccess.php.

Referenced by storeAccessResult().

◆ $ilOrgUnitPositionAccess

ilAccess::$ilOrgUnitPositionAccess
protected

Definition at line 19 of file class.ilAccess.php.

◆ $obj_id_cache

ilAccess::$obj_id_cache
protected

Definition at line 31 of file class.ilAccess.php.

◆ $obj_tree_cache

ilAccess::$obj_tree_cache
protected

Definition at line 23 of file class.ilAccess.php.

◆ $obj_type_cache

ilAccess::$obj_type_cache
protected

Definition at line 27 of file class.ilAccess.php.

◆ $path

ilAccess::$path
protected

Definition at line 39 of file class.ilAccess.php.

Referenced by doPathCheck().

◆ $rbac

ilAccess::$rbac
protected

Definition at line 51 of file class.ilAccess.php.

◆ $rbacsystem

ilAccess::$rbacsystem
protected

Definition at line 67 of file class.ilAccess.php.

Referenced by __construct().

◆ $results

ilAccess::$results
protected

Definition at line 63 of file class.ilAccess.php.

Referenced by getResultAll(), and getResults().

◆ $status

ilAccess::$status
protected

Definition at line 35 of file class.ilAccess.php.

◆ $stored_rbac_access

ilAccess::$stored_rbac_access = array()
protected

Definition at line 71 of file class.ilAccess.php.

◆ $tree

ilAccess::$tree
protected

Definition at line 47 of file class.ilAccess.php.

Referenced by doPathCheck(), and doTreeCheck().

The documentation for this class was generated from the following file: