ilAccess Class Reference

Class ilAccessHandler. More...

Inheritance diagram for ilAccess:

Collaboration diagram for ilAccess:

Public Member Functions
	__construct ()
	storeAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
	store access resultprivate Parameters string $a_permission permission string $a_cmd command string int $a_ref_id reference id boolean $a_access_granted true if access is granted int $a_user_id user id (if no id passed, current user id) More...
	setPreventCachingLastResult ($a_val)
	Set prevent caching last result. Parameters boolean true if last result should not be cached More...
	getPreventCachingLastResult ()
	Get prevent caching last result. Returns boolean true if last result should not be cached More...
	getStoredAccessResult ($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
	get stored access resultprivate Parameters string $a_permission permission string $a_cmd command string int $a_ref_id reference id int $a_user_id user id (if no id passed, current user id) Returns array result array: "granted" (boolean) => true if access is granted "info" (object) => info object More...
	storeCache ()
	readCache ($a_secs=0)
	getResults ()
	setResults ($a_results)
	addInfoItem ($a_type, $a_text, $a_data="")
	add an info item to current info object More...
	checkAccess ($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
	check access for an object (provide $a_type and $a_obj_id if available for better performance) Parameters string $a_permission string $a_cmd int $a_ref_id string $a_type (optional) int $a_obj_id (optional) int $a_tree_id (optional) More...
	checkAccessOfUser ($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
	check access for an object (provide $a_type and $a_obj_id if available for better performance) Parameters integer $a_user_id string $a_permission string $a_cmd int $a_ref_id string $a_type (optional) int $a_obj_id (optional) int $a_tree_id (optional) More...
	getInfo ()
	get last info object More...
	getResultLast ()
	get last info object More...
	getResultAll ($a_ref_id="")
	doCacheCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
	look if result for current query is already in cache Parameters string $a_permission string $a_cmd int $a_ref_id int $a_user_id Returns bool More...
	doTreeCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id)
	check if object is in tree and not deleted Parameters string $a_permission string $a_cmd int $a_ref_id int $a_user_id Returns bool More...
	doRBACCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
	rbac check for current object -> type should be used for create permission Parameters string $a_permission string $a_cmd int $a_ref_id int $a_user_id string $a_type Returns bool More...
	doPathCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
	check read permission for all parents Parameters string $a_permission string $a_cmd int $a_ref_id int $a_user_id bool $a_all Returns bool More...
	doConditionCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
	condition check (currently only implemented for read permission) Parameters string $a_permission string $a_cmd int $a_ref_id int $a_user_id int $a_obj_id string $a_type Returns bool More...
	clear ()
	enable ($a_str, $a_bool)
	Parameters $a_str $a_bool More...
	filterUserIdsForCurrentUsersPositionsAndPermission (array $user_ids, $permission)
	Parameters int[] $user_ids List of ILIAS-User-IDs which shall be filtered string $permission See also getAvailablePositionRelatedPermissions for available permissions Exceptions More...
	filterUserIdsForUsersPositionsAndPermission (array $user_ids, $for_user_id, $permission)
	Parameters int[] $user_ids List of ILIAS-User-IDs which shall be filtered int $for_user_id string $permission See also getAvailablePositionRelatedPermissions for available permissions Exceptions More...
	isCurrentUserBasedOnPositionsAllowedTo ($permission, array $on_user_ids)
	Parameters string $permission int[] $on_user_ids List of ILIAS-User-IDs See also getAvailablePositionRelatedPermissions for available permissions Returns bool More...
	isUserBasedOnPositionsAllowedTo ($which_user_id, $permission, array $on_user_ids)
	Parameters int $which_user_id Permission check for this ILIAS-User-ID string $permission int[] $on_user_ids List of ILIAS-User-IDs See also getAvailablePositionRelatedPermissions for available permissions Returns bool More...
	checkPositionAccess ($pos_perm, $ref_id)
	Parameters string $pos_perm int $ref_id Reference-ID of the desired Object in the tree See also getAvailablePositionRelatedPermissions for available permissions Returns bool More...
	checkRbacOrPositionPermissionAccess ($rbac_perm, $pos_perm, $ref_id)
	Parameters string $rbac_perm string $pos_perm See the list of available permissions in interface ilOrgUnitPositionAccessHandler int $ref_id Reference-ID of the desired Object in the tree Returns bool More...
	filterUserIdsByPositionOfCurrentUser ($pos_perm, $ref_id, array $user_ids)
	Parameters string $pos_perm int $ref_id int[] $user_ids See also getAvailablePositionRelatedPermissions for available permissions Returns int[] More...
	filterUserIdsByPositionOfUser ($user_id, $pos_perm, $ref_id, array $user_ids)
	Parameters int $user_id string $pos_perm int $ref_id int[] $user_ids See also getAvailablePositionRelatedPermissions for available permissions Returns int[] More...
	filterUserIdsByRbacOrPositionOfCurrentUser ($rbac_perm, $pos_perm, $ref_id, array $user_ids)
	Parameters string $rbac_perm string $pos_perm See the list of available permissions in interface ilOrgUnitPositionAccessHandler int $ref_id Reference-ID of the desired Object in the tree int[] $user_ids Returns int[] More...
	hasCurrentUserAnyPositionAccess ($ref_id)
	Parameters int $ref_id Returns bool More...
	hasUserRBACorAnyPositionAccess ($rbac_perm, $ref_id)
	Parameters string $rbac_perm int $ref_id Returns bool More...
Public Member Functions inherited from ilRBACAccessHandler
	doActivationCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
	check for activation and centralized offline status. More...
	doStatusCheck ($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
	object type specific check More...

Protected Attributes
	$ilOrgUnitPositionAccess
	$obj_tree_cache
	$obj_type_cache
	$obj_id_cache
	$status
	$path
	$condition
	$tree
	$rbac
	$cache
	$current_info
	$results
	$rbacsystem
	$stored_rbac_access = array()
	$ac_logger

Detailed Description

Class ilAccessHandler.

Checks access for ILIAS objects

Author

Alex Killing alex..nosp@m.kill.nosp@m.ing@g.nosp@m.mx.d.nosp@m.e

Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de

Definition at line 13 of file class.ilAccess.php.

Constructor & Destructor Documentation

__construct()

ilAccess::__construct

(

)

Definition at line 79 of file class.ilAccess.php.

References $DIC, $rbacsystem, and ilLoggerFactory\getLogger().

    {
        global $DIC;

        $rbacsystem = $DIC['rbacsystem'];

        $this->rbacsystem = $rbacsystem;
        $this->results = array();
        $this->current_info = new ilAccessInfo();

        // use function enable to switch on/off tests (only cache is used so far)
        $this->cache = true;
        $this->rbac = true;
        $this->tree = true;
        $this->condition = true;
        $this->path = true;
        $this->status = true;
        $this->obj_id_cache = array();
        $this->obj_type_cache = array();
        $this->obj_tree_cache = array();

        $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();

        $this->ac_logger = ilLoggerFactory::getLogger('ac');
    }

Here is the call graph for this function:

Member Function Documentation

addInfoItem()

ilAccess::addInfoItem	(		$a_type,
			$a_text,
			$a_data = ""
	)

add an info item to current info object

Implements ilRBACAccessHandler.

Definition at line 238 of file class.ilAccess.php.

References $a_type.

    {
        $this->current_info->addInfoItem($a_type, $a_text, $a_data);
    }

checkAccess()

ilAccess::checkAccess	(		$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_type = "",
			$a_obj_id = "",
			$a_tree_id = ""
	)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters

string	$a_permission
string	$a_cmd
int	$a_ref_id
string	$a_type	(optional)
int	$a_obj_id	(optional)
int	$a_tree_id	(optional)

Implements ilRBACAccessHandler.

Definition at line 246 of file class.ilAccess.php.

References $a_type, $DIC, $ilUser, and checkAccessOfUser().

Referenced by ilLocalUserGUI\__checkGlobalRoles(), ilLocalUserGUI\__showRolesTable(), ilOrgUnitStaffGUI\addOtherRoles(), ilOrgUnitStaffGUI\addStaff(), ilObjStudyProgrammeGUI\addToNavigationHistory(), ilLocalUserGUI\assignRoles(), ilLocalUserGUI\assignSave(), ilObjStudyProgrammeIndividualPlanGUI\buildFrame(), ilObjStudyProgrammeGUI\checkAccess(), ilLocalUserGUI\checkPermission(), ilOrgUnitSimpleImportGUI\chooseImport(), ilOrgUnitStaffGUI\confirmRemoveUser(), ilObjStudyProgrammeGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editAdvancedSettings(), ilObjOrgUnitGUI\editSettings(), ilObjOrgUnitGUI\executeCommand(), ilOrgUnitStaffGUI\fromEmployeeToSuperior(), ilOrgUnitStaffGUI\fromSuperiorToEmployee(), ilObjStudyProgrammeAdminGUI\initFormSettings(), ilObjStudyProgrammeReferenceListGUI\initItem(), ilOrgUnitRecursiveUserAssignmentTableGUI\mayViewLPIn(), ilOrgUnitStaffGUI\removeFromEmployees(), ilOrgUnitStaffGUI\removeFromRole(), ilOrgUnitStaffGUI\removeFromSuperiors(), ilOrgUnitStaffGUI\setTabs(), ilOrgUnitStaffGUI\showOtherRoles(), ilOrgUnitStaffGUI\showStaff(), ilObjStudyProgrammeGUI\updateAdvancedSettings(), ilObjOrgUnitGUI\updateAdvancedSettings(), and ilObjOrgUnitGUI\updateSettings().

    {
        global $DIC;

        $ilUser = $DIC['ilUser'];

        return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

checkAccessOfUser()

ilAccess::checkAccessOfUser	(		$a_user_id,
			$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_type = "",
			$a_obj_id = "",
			$a_tree_id = ""
	)

check access for an object (provide $a_type and $a_obj_id if available for better performance)

Parameters

integer	$a_user_id
string	$a_permission
string	$a_cmd
int	$a_ref_id
string	$a_type	(optional)
int	$a_obj_id	(optional)
int	$a_tree_id	(optional)

Implements ilRBACAccessHandler.

Definition at line 258 of file class.ilAccess.php.

References $a_type, $DIC, $ilBench, $lng, ilObject\_lookupObjId(), ilObject\_lookupType(), ilRBACAccessHandler\doActivationCheck(), doCacheCheck(), doConditionCheck(), doPathCheck(), doRBACCheck(), ilRBACAccessHandler\doStatusCheck(), doTreeCheck(), IL_NO_PERMISSION, setPreventCachingLastResult(), and storeAccessResult().

Referenced by checkAccess(), doConditionCheck(), doPathCheck(), ilSearchResult\filter(), and ilLearningModuleNotification\send().

    {
        global $DIC;

        $ilBench = $DIC['ilBench'];
        $lng = $DIC['lng'];

        $this->setPreventCachingLastResult(false);      // for external db based caches

        $ilBench->start("AccessControl", "0400_clear_info");
        $this->current_info->clear();
        $ilBench->stop("AccessControl", "0400_clear_info");


        // get stored result (internal memory based cache)
        $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
        if ($cached["hit"]) {
            // Store access result
            if (!$cached["granted"]) {
                $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
            }
            if ($cached["prevent_db_cache"]) {
                $this->setPreventCachingLastResult(true);       // should have been saved in previous call already
            }
            return $cached["granted"];
        }

        $ilBench->start("AccessControl", "0500_lookup_id_and_type");
        // get object id if not provided
        if ($a_obj_id == "") {
            if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
                $a_obj_id = $this->obj_id_cache[$a_ref_id];
            } else {
                $a_obj_id = ilObject::_lookupObjId($a_ref_id);
                $this->obj_id_cache[$a_ref_id] = $a_obj_id;
            }
        }
        if ($a_type == "") {
            if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
                $a_type = $this->obj_type_cache[$a_ref_id];
            } else {
                $a_type = ilObject::_lookupType($a_ref_id, true);
                $this->obj_type_cache[$a_ref_id] = $a_type;
            }
        }

        $ilBench->stop("AccessControl", "0500_lookup_id_and_type");

        // if supplied tree id is not = 1 (= repository main tree),
        // check if object is in tree and not deleted
        if ($a_tree_id != 1 &&
            !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
            $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
            return false;
        }

        // rbac check for current object
        if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
            $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
            return false;
        }

        // Check object activation
        $act_check = $this->doActivationCheck(
            $a_permission,
            $a_cmd,
            $a_ref_id,
            $a_user_id,
            $a_obj_id,
            $a_type
        );

        if (!$act_check) {
            $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
            return false;
        }

        // check read permission for all parents
        $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
        if (!$par_check) {
            $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
            return false;
        }

        // condition check (currently only implemented for read permission)
        if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
            $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
            $this->setPreventCachingLastResult(true);           // do not store this in db, since condition updates are not monitored
            return false;
        }

        // object type specific check
        if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
            $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
            $this->setPreventCachingLastResult(true);           // do not store this in db, since status updates are not monitored
            return false;
        }

        // all checks passed
        $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
        return true;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

checkPositionAccess()

ilAccess::checkPositionAccess	(		$pos_perm,
			$ref_id
	)

Parameters

string	$pos_perm
int	$ref_id	Reference-ID of the desired Object in the tree

See also

getAvailablePositionRelatedPermissions for available permissions

Returns

bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 851 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\checkPositionAccess().

Referenced by ilObjStudyProgrammeGUI\denyAccessIfNotAnyOf(), and ilObjStudyProgrammeGUI\getTabs().

    {
        return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

checkRbacOrPositionPermissionAccess()

ilAccess::checkRbacOrPositionPermissionAccess	(		$rbac_perm,
			$pos_perm,
			$ref_id
	)

Parameters

string	$rbac_perm
string	$pos_perm	See the list of available permissions in interface ilOrgUnitPositionAccessHandler
int	$ref_id	Reference-ID of the desired Object in the tree

Returns

bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 859 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess().

    {
        return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
    }

Here is the call graph for this function:

clear()

ilAccess::clear

(

)

Implements ilRBACAccessHandler.

Definition at line 795 of file class.ilAccess.php.

    {
        $this->results = array();
        $this->last_result = "";
        $this->current_info = new ilAccessInfo();
        $this->stored_rbac_access = [];
    }

doCacheCheck()

ilAccess::doCacheCheck	(		$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_user_id
	)

look if result for current query is already in cache

Parameters

string	$a_permission
string	$a_cmd
int	$a_ref_id
int	$a_user_id

Returns

bool

Implements ilRBACAccessHandler.

Definition at line 400 of file class.ilAccess.php.

References $DIC, $ilBench, and getStoredAccessResult().

Referenced by checkAccessOfUser().

    {
        global $DIC;

        $ilBench = $DIC['ilBench'];
        //echo "cacheCheck<br/>";

        $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
        $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
        //var_dump($stored_access);
        if (is_array($stored_access)) {
            $this->current_info = $stored_access["info"];
            //var_dump("cache-treffer:");
            $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
            return array("hit" => true, "granted" => $stored_access["granted"],
                "prevent_db_cache" => $stored_access["prevent_db_cache"]);
        }

        // not in cache
        $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
        return array("hit" => false, "granted" => false,
            "prevent_db_cache" => false);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

doConditionCheck()

ilAccess::doConditionCheck	(		$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_user_id,
			$a_obj_id,
			$a_type
	)

condition check (currently only implemented for read permission)

Parameters

string	$a_permission
string	$a_cmd
int	$a_ref_id
int	$a_user_id
int	$a_obj_id
string	$a_type

Returns

bool

Implements ilRBACAccessHandler.

Definition at line 674 of file class.ilAccess.php.

References $a_type, $condition, $DIC, $ilBench, $lng, $location, ilConditionHandler\_checkAllConditionsOfTarget(), ilObject\_lookupTitle(), checkAccessOfUser(), ilRBACAccessHandler\doStatusCheck(), IL_MISSING_PRECONDITION, and storeAccessResult().

Referenced by checkAccessOfUser().

    {
        //echo "conditionCheck<br/>";
        global $DIC;

        $lng = $DIC['lng'];
        $ilBench = $DIC['ilBench'];

        if (
            ($a_permission == 'visible') and
            !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
        ) {
            if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
                if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
                    $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
                    foreach ($conditions as $condition) {
                        $this->current_info->addInfoItem(
                            IL_MISSING_PRECONDITION,
                            $lng->txt("missing_precondition") . ": " .
                            ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
                            $lng->txt("condition_" . $condition["operator"]) . " " .
                            $condition["value"],
                            $condition
                        );
                    }
                    return false;
                }
                $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
            }
        }


        if (($a_permission == "read" or $a_permission == 'join') &&
            !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
            $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
            if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
                $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
                foreach ($conditions as $condition) {
                    $this->current_info->addInfoItem(
                        IL_MISSING_PRECONDITION,
                        $lng->txt("missing_precondition") . ": " .
                        ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
                        $lng->txt("condition_" . $condition["operator"]) . " " .
                        $condition["value"],
                        $condition
                    );
                }
                $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
                return false;
            }
            $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
        }

        return true;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

doPathCheck()

ilAccess::doPathCheck	(		$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_user_id,
			$a_all = false
	)

check read permission for all parents

Parameters

string	$a_permission
string	$a_cmd
int	$a_ref_id
int	$a_user_id
bool	$a_all

Returns

bool

Implements ilRBACAccessHandler.

Definition at line 533 of file class.ilAccess.php.

References $a_type, $DIC, $ilBench, $ilUser, $lng, $path, $tree, checkAccessOfUser(), ilRBACAccessHandler\doActivationCheck(), ilMemberViewSettings\getInstance(), ilObjectActivation\getItem(), IL_NO_PARENT_ACCESS, ilObject\lookupOfflineStatus(), and ilObjectActivation\TIMINGS_ACTIVATION.

Referenced by checkAccessOfUser().

    {
        global $DIC;

        $tree = $DIC['tree'];
        $lng = $DIC['lng'];
        $ilBench = $DIC['ilBench'];
        $ilObjDataCache = $DIC['ilObjDataCache'];
        //echo "<br>dopathcheck";
        //echo "pathCheck<br/>";
        $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");

        //              if (isset($this->stored_path[$a_ref_id]))
        //              {
        //                      $path = $this->stored_path[$a_ref_id];
        //              }
        //              else
        //              {
        $path = $tree->getPathId($a_ref_id);
        //                      $this->stored_path[$a_ref_id] = $path;
        //              }
        $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");

        foreach ($path as $id) {
            if ($a_ref_id == $id) {
                continue;
            }

            $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);

            if ($access == false) {

                //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
                $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);

                if ($a_all == false) {
                    return false;
                }
            }
        }

        return true;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

doRBACCheck()

ilAccess::doRBACCheck	(		$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_user_id,
			$a_type
	)

rbac check for current object -> type should be used for create permission

Parameters

string	$a_permission
string	$a_cmd
int	$a_ref_id
int	$a_user_id
string	$a_type

Returns

bool

Implements ilRBACAccessHandler.

Definition at line 486 of file class.ilAccess.php.

References $a_type, $DIC, $ilBench, $ilErr, $ilLog, $lng, $message, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

    {
        global $DIC;

        $lng = $DIC['lng'];
        $ilBench = $DIC['ilBench'];
        $ilErr = $DIC['ilErr'];
        $ilLog = $DIC['ilLog'];

        $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");

        if ($a_permission == "") {
            $message = sprintf(
                '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
                get_class($this),
                $a_ref_id
                );
            $ilLog->write($message, $ilLog->FATAL);
            $ilErr->raiseError($message, $ilErr->MESSAGE);
        }

        if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
            $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
        } else {
            $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
            if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
                if ($a_permission != "create") {
                    $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
                }
            }
        }

        // Store in result cache
        if (!$access) {
            $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
        }
        if ($a_permission != "create") {
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
        }
        $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");

        return $access;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

doTreeCheck()

ilAccess::doTreeCheck	(		$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_user_id
	)

check if object is in tree and not deleted

Parameters

string	$a_permission
string	$a_cmd
int	$a_ref_id
int	$a_user_id

Returns

bool

Implements ilRBACAccessHandler.

Definition at line 427 of file class.ilAccess.php.

References $DIC, $ilBench, $lng, $tree, IL_DELETED, IL_NO_PERMISSION, and storeAccessResult().

Referenced by checkAccessOfUser().

    {
        global $DIC;

        $tree = $DIC['tree'];
        $lng = $DIC['lng'];
        $ilBench = $DIC['ilBench'];
        //echo "treeCheck<br/>";

        // Get stored result
        $tree_cache_key = $a_user_id . ':' . $a_ref_id;
        if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
            // Store access result
            if (!$this->obj_tree_cache[$tree_cache_key]) {
                $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
            }
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);

            return $this->obj_tree_cache[$tree_cache_key];
        }

        $ilBench->start("AccessControl", "2000_checkAccess_in_tree");

        if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
            // Store negative access results

            // Store in tree cache
            // Note, we only store up to 1000 results to avoid memory overflow.
            if (count($this->obj_tree_cache) < 1000) {
                $this->obj_tree_cache[$tree_cache_key] = false;
            }

            // Store in result cache
            $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
            $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);

            $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");

            return false;
        }

        // Store positive access result.

        // Store in tree cache
        // Note, we only store up to 1000 results to avoid memory overflow.
        if (count($this->obj_tree_cache) < 1000) {
            $this->obj_tree_cache[$tree_cache_key] = true;
        }

        // Store in result cache
        $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);

        $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
        return true;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

enable()

ilAccess::enable	(		$a_str,
			$a_bool
	)

Parameters

$a_str
$a_bool

Implements ilRBACAccessHandler.

Definition at line 805 of file class.ilAccess.php.

    {
        $this->$a_str = $a_bool;
    }

filterUserIdsByPositionOfCurrentUser()

ilAccess::filterUserIdsByPositionOfCurrentUser	(		$pos_perm,
			$ref_id,
		array	$user_ids
	)

Parameters

string	$pos_perm
int	$ref_id
	int[]	$user_ids

See also

getAvailablePositionRelatedPermissions for available permissions

Returns

int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 867 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser().

    {
        return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
    }

Here is the call graph for this function:

filterUserIdsByPositionOfUser()

ilAccess::filterUserIdsByPositionOfUser	(		$user_id,
			$pos_perm,
			$ref_id,
		array	$user_ids
	)

Parameters

int	$user_id
string	$pos_perm
int	$ref_id
	int[]	$user_ids

See also

getAvailablePositionRelatedPermissions for available permissions

Returns

int[]

Implements ilOrgUnitPositionAccessHandler.

Definition at line 875 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser().

    {
        return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
    }

Here is the call graph for this function:

filterUserIdsByRbacOrPositionOfCurrentUser()

ilAccess::filterUserIdsByRbacOrPositionOfCurrentUser	(		$rbac_perm,
			$pos_perm,
			$ref_id,
		array	$user_ids
	)

Parameters

string	$rbac_perm
string	$pos_perm	See the list of available permissions in interface ilOrgUnitPositionAccessHandler
int	$ref_id	Reference-ID of the desired Object in the tree
	int[]	$user_ids

Returns

int[]

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 883 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser().

    {
        return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
    }

Here is the call graph for this function:

filterUserIdsForCurrentUsersPositionsAndPermission()

ilAccess::filterUserIdsForCurrentUsersPositionsAndPermission	(	array	$user_ids,
			$permission
	)

Parameters

	int[]	$user_ids List of ILIAS-User-IDs which shall be filtered
string	$permission

See also

getAvailablePositionRelatedPermissions for available permissions

Exceptions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 819 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission().

    {
        return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
    }

Here is the call graph for this function:

filterUserIdsForUsersPositionsAndPermission()

ilAccess::filterUserIdsForUsersPositionsAndPermission	(	array	$user_ids,
			$for_user_id,
			$permission
	)

Parameters

	int[]	$user_ids List of ILIAS-User-IDs which shall be filtered
int	$for_user_id
string	$permission

See also

getAvailablePositionRelatedPermissions for available permissions

Exceptions

Implements ilOrgUnitPositionAccessHandler.

Definition at line 827 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission().

    {
        return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
    }

Here is the call graph for this function:

getInfo()

ilAccess::getInfo

(

)

get last info object

Implements ilRBACAccessHandler.

Definition at line 370 of file class.ilAccess.php.

    {
        //return $this->last_result;
        //$this->last_info->setQueryData($this->current_result_element);
        //var_dump("<pre>",$this->results,"</pre>");
        return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
    }

getPreventCachingLastResult()

ilAccess::getPreventCachingLastResult

(

)

Get prevent caching last result.

Returns

boolean true if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 150 of file class.ilAccess.php.

Referenced by storeAccessResult().

    {
        return $this->prevent_caching_last_result;
    }

Here is the caller graph for this function:

getResultAll()

ilAccess::getResultAll

(

$a_ref_id = ""

)

Implements ilRBACAccessHandler.

Definition at line 388 of file class.ilAccess.php.

References $results.

    {
        if ($a_ref_id == "") {
            return $this->results;
        }

        return $this->results[$a_ref_id];
    }

getResultLast()

ilAccess::getResultLast

(

)

get last info object

Implements ilRBACAccessHandler.

Definition at line 381 of file class.ilAccess.php.

    {
        return $this->last_result;
    }

getResults()

ilAccess::getResults

(

)

Implements ilRBACAccessHandler.

Definition at line 223 of file class.ilAccess.php.

References $results.

    {
        return $this->results;
    }

getStoredAccessResult()

ilAccess::getStoredAccessResult	(		$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_user_id = ""
	)

get stored access resultprivate

Parameters

string	$a_permission	permission
string	$a_cmd	command string
int	$a_ref_id	reference id
int	$a_user_id	user id (if no id passed, current user id)

Returns

array result array: "granted" (boolean) => true if access is granted "info" (object) => info object

Implements ilRBACAccessHandler.

Definition at line 158 of file class.ilAccess.php.

References $DIC, and $ilUser.

Referenced by doCacheCheck().

    {
        global $DIC;

        $ilUser = $DIC['ilUser'];

        if ($a_user_id == "") {
            $a_user_id = $ilUser->getId();
        }

        /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
        {
            $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
        }*/

        if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
            return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
        }
        return false;
    }

Here is the caller graph for this function:

hasCurrentUserAnyPositionAccess()

ilAccess::hasCurrentUserAnyPositionAccess

(

$ref_id

)

Parameters

int

$ref_id

Returns

bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 891 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\hasCurrentUserAnyPositionAccess().

    {
        return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
    }

Here is the call graph for this function:

hasUserRBACorAnyPositionAccess()

ilAccess::hasUserRBACorAnyPositionAccess	(		$rbac_perm,
			$ref_id
	)

Parameters

string	$rbac_perm
int	$ref_id

Returns

bool

Implements ilOrgUnitPositionAndRBACAccessHandler.

Definition at line 899 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess().

    {
        return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
    }

Here is the call graph for this function:

isCurrentUserBasedOnPositionsAllowedTo()

ilAccess::isCurrentUserBasedOnPositionsAllowedTo	(		$permission,
		array	$on_user_ids
	)

Parameters

string	$permission
	int[]	$on_user_ids List of ILIAS-User-IDs

See also

getAvailablePositionRelatedPermissions for available permissions

Returns

bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 835 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo().

    {
        return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
    }

Here is the call graph for this function:

isUserBasedOnPositionsAllowedTo()

ilAccess::isUserBasedOnPositionsAllowedTo	(		$which_user_id,
			$permission,
		array	$on_user_ids
	)

Parameters

int	$which_user_id	Permission check for this ILIAS-User-ID
string	$permission
	int[]	$on_user_ids List of ILIAS-User-IDs

See also

getAvailablePositionRelatedPermissions for available permissions

Returns

bool

Implements ilOrgUnitPositionAccessHandler.

Definition at line 843 of file class.ilAccess.php.

References ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo().

    {
        return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
    }

Here is the call graph for this function:

readCache()

ilAccess::readCache

(

$a_secs = 0

)

Implements ilRBACAccessHandler.

Definition at line 200 of file class.ilAccess.php.

References $DIC, $ilDB, $ilUser, $query, and ilDBConstants\FETCHMODE_ASSOC.

    {
        global $DIC;

        $ilUser = $DIC['ilUser'];
        $ilDB = $DIC['ilDB'];

        if ($a_secs > 0) {
            $query = "SELECT * FROM acc_cache WHERE user_id = " .
                $ilDB->quote($ilUser->getId(), 'integer');
            $set = $ilDB->query($query);
            $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
            if ((time() - $rec["time"]) < $a_secs) {
                $this->results = unserialize($rec["result"]);
                //var_dump($this->results);
                return true;
            }
        }
        return false;
    }

setPreventCachingLastResult()

ilAccess::setPreventCachingLastResult

(

$a_val

)

Set prevent caching last result.

Parameters

boolean

true if last result should not be cached

Implements ilRBACAccessHandler.

Definition at line 142 of file class.ilAccess.php.

Referenced by checkAccessOfUser().

    {
        $this->prevent_caching_last_result = $a_val;
    }

Here is the caller graph for this function:

setResults()

ilAccess::setResults

(

$a_results

)

Implements ilRBACAccessHandler.

Definition at line 230 of file class.ilAccess.php.

    {
        $this->results = $a_results;
    }

storeAccessResult()

ilAccess::storeAccessResult	(		$a_permission,
			$a_cmd,
			$a_ref_id,
			$a_access_granted,
			$a_user_id = "",
			$a_info = ""
	)

store access resultprivate

Parameters

string	$a_permission	permission
string	$a_cmd	command string
int	$a_ref_id	reference id
boolean	$a_access_granted	true if access is granted
int	$a_user_id	user id (if no id passed, current user id)

Implements ilRBACAccessHandler.

Definition at line 109 of file class.ilAccess.php.

References $current_info, $DIC, $ilUser, and getPreventCachingLastResult().

Referenced by checkAccessOfUser(), doConditionCheck(), doRBACCheck(), and doTreeCheck().

    {
        global $DIC;

        $ilUser = $DIC['ilUser'];

        if ($a_user_id == "") {
            $a_user_id = $ilUser->getId();
        }

        if ($a_info == "") {
            $a_info = $this->current_info;
        }

        //var_dump("<pre>",$a_permission,"</pre>");

        if ($this->cache) {
            $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
                    array("granted" => $a_access_granted, "info" => $a_info,
                    "prevent_db_cache" => $this->getPreventCachingLastResult());
            //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
            $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
            $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
            $this->last_info = $a_info;
        }

        // get new info object
        $this->current_info = new ilAccessInfo();
    }

Here is the call graph for this function:

Here is the caller graph for this function:

storeCache()

ilAccess::storeCache

(

)

Implements ilRBACAccessHandler.

Definition at line 181 of file class.ilAccess.php.

References $DIC, $ilDB, $ilUser, $query, and $res.

    {
        global $DIC;

        $ilDB = $DIC['ilDB'];
        $ilUser = $DIC['ilUser'];

        $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
        $res = $ilDB->manipulate($query);

        $ilDB->insert('acc_cache', array(
            'user_id' => array('integer',$ilUser->getId()),
            'time' => array('integer',time()),
            'result' => array('clob',serialize($this->results))
            ));
    }

Field Documentation

$ac_logger

ilAccess::$ac_logger

protected

Definition at line 77 of file class.ilAccess.php.

$cache

ilAccess::$cache

protected

Definition at line 55 of file class.ilAccess.php.

$condition

ilAccess::$condition

protected

Definition at line 43 of file class.ilAccess.php.

Referenced by doConditionCheck().

$current_info

ilAccess::$current_info

protected

Definition at line 59 of file class.ilAccess.php.

Referenced by storeAccessResult().

$ilOrgUnitPositionAccess

ilAccess::$ilOrgUnitPositionAccess

protected

Definition at line 19 of file class.ilAccess.php.

$obj_id_cache

ilAccess::$obj_id_cache

protected

Definition at line 31 of file class.ilAccess.php.

$obj_tree_cache

ilAccess::$obj_tree_cache

protected

Definition at line 23 of file class.ilAccess.php.

$obj_type_cache

ilAccess::$obj_type_cache

protected

Definition at line 27 of file class.ilAccess.php.

$path

ilAccess::$path

protected

Definition at line 39 of file class.ilAccess.php.

Referenced by doPathCheck().

$rbac

ilAccess::$rbac

protected

Definition at line 51 of file class.ilAccess.php.

$rbacsystem

ilAccess::$rbacsystem

protected

Definition at line 67 of file class.ilAccess.php.

Referenced by __construct().

$results

ilAccess::$results

protected

Definition at line 63 of file class.ilAccess.php.

Referenced by getResultAll(), and getResults().

$status

ilAccess::$status

protected

Definition at line 35 of file class.ilAccess.php.

$stored_rbac_access

ilAccess::$stored_rbac_access = array()

protected

Definition at line 71 of file class.ilAccess.php.

$tree

ilAccess::$tree

protected

Definition at line 47 of file class.ilAccess.php.

Referenced by doPathCheck(), and doTreeCheck().

---

The documentation for this class was generated from the following file:

• Services/AccessControl/classes/class.ilAccess.php