ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilAccess.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2019 ILIAS open source, Extended GPL, see docs/LICENSE */
4
13class ilAccess implements ilAccessHandler
14{
15
19 protected $ilOrgUnitPositionAccess;
23 protected $obj_tree_cache;
27 protected $obj_type_cache;
31 protected $obj_id_cache;
35 protected $status;
39 protected $path;
43 protected $condition;
47 protected $tree;
51 protected $rbac;
55 protected $cache;
59 protected $current_info;
63 protected $results;
67 protected $rbacsystem;
71 protected $stored_rbac_access = array();
72
73
77 protected $ac_logger;
78
79 public function __construct()
80 {
81 global $DIC;
82
83 $rbacsystem = $DIC['rbacsystem'];
84
85 $this->rbacsystem = $rbacsystem;
86 $this->results = array();
87 $this->current_info = new ilAccessInfo();
88
89 // use function enable to switch on/off tests (only cache is used so far)
90 $this->cache = true;
91 $this->rbac = true;
92 $this->tree = true;
93 $this->condition = true;
94 $this->path = true;
95 $this->status = true;
96 $this->obj_id_cache = array();
97 $this->obj_type_cache = array();
98 $this->obj_tree_cache = array();
99
100 $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess();
101
102 $this->ac_logger = ilLoggerFactory::getLogger('ac');
103 }
104
105
109 public function storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id = "", $a_info = "")
110 {
111 global $DIC;
112
113 $ilUser = $DIC['ilUser'];
114
115 if ($a_user_id == "") {
116 $a_user_id = $ilUser->getId();
117 }
118
119 if ($a_info == "") {
120 $a_info = $this->current_info;
121 }
122
123 //var_dump("<pre>",$a_permission,"</pre>");
124
125 if ($this->cache) {
126 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] =
127 array("granted" => $a_access_granted, "info" => $a_info,
128 "prevent_db_cache" => $this->getPreventCachingLastResult());
129 //echo "<br>write-$a_ref_id-$a_permission-$a_cmd-$a_user_id-$a_access_granted-";
130 $this->current_result_element = array($a_access_granted,$a_ref_id,$a_permission,$a_cmd,$a_user_id);
131 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
132 $this->last_info = $a_info;
133 }
134
135 // get new info object
136 $this->current_info = new ilAccessInfo();
137 }
138
142 public function setPreventCachingLastResult($a_val)
143 {
144 $this->prevent_caching_last_result = $a_val;
145 }
146
150 public function getPreventCachingLastResult()
151 {
152 return $this->prevent_caching_last_result;
153 }
154
158 public function getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id = "")
159 {
160 global $DIC;
161
162 $ilUser = $DIC['ilUser'];
163
164 if ($a_user_id == "") {
165 $a_user_id = $ilUser->getId();
166 }
167
168 /*if (is_object($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info']))
169 {
170 $this->current_info = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id]['info'];
171 }*/
172
173 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
174 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
175 }
176 return false;
177 }
181 public function storeCache()
182 {
183 global $DIC;
184
185 $ilDB = $DIC['ilDB'];
186 $ilUser = $DIC['ilUser'];
187
188 $query = "DELETE FROM acc_cache WHERE user_id = " . $ilDB->quote($ilUser->getId(), 'integer');
189 $res = $ilDB->manipulate($query);
190
191 $ilDB->insert('acc_cache', array(
192 'user_id' => array('integer',$ilUser->getId()),
193 'time' => array('integer',time()),
194 'result' => array('clob',serialize($this->results))
195 ));
196 }
200 public function readCache($a_secs = 0)
201 {
202 global $DIC;
203
204 $ilUser = $DIC['ilUser'];
205 $ilDB = $DIC['ilDB'];
206
207 if ($a_secs > 0) {
208 $query = "SELECT * FROM acc_cache WHERE user_id = " .
209 $ilDB->quote($ilUser->getId(), 'integer');
210 $set = $ilDB->query($query);
211 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
212 if ((time() - $rec["time"]) < $a_secs) {
213 $this->results = unserialize($rec["result"]);
214 //var_dump($this->results);
215 return true;
216 }
217 }
218 return false;
219 }
223 public function getResults()
224 {
225 return $this->results;
226 }
230 public function setResults($a_results)
231 {
232 $this->results = $a_results;
233 }
234
238 public function addInfoItem($a_type, $a_text, $a_data = "")
239 {
240 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
241 }
242
246 public function checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id = "")
247 {
248 global $DIC;
249
250 $ilUser = $DIC['ilUser'];
251
252 return $this->checkAccessOfUser($ilUser->getId(), $a_permission, $a_cmd, $a_ref_id, $a_type, $a_obj_id, $a_tree_id);
253 }
254
258 public function checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type = "", $a_obj_id = "", $a_tree_id = "")
259 {
260 global $DIC;
261
262 $ilBench = $DIC['ilBench'];
263 $lng = $DIC['lng'];
264
265 $this->setPreventCachingLastResult(false); // for external db based caches
266
267 $ilBench->start("AccessControl", "0400_clear_info");
268 $this->current_info->clear();
269 $ilBench->stop("AccessControl", "0400_clear_info");
270
271
272 // get stored result (internal memory based cache)
273 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
274 if ($cached["hit"]) {
275 // Store access result
276 if (!$cached["granted"]) {
277 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
278 }
279 if ($cached["prevent_db_cache"]) {
280 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
281 }
282 return $cached["granted"];
283 }
284
285 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
286 // get object id if not provided
287 if ($a_obj_id == "") {
288 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
289 $a_obj_id = $this->obj_id_cache[$a_ref_id];
290 } else {
291 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
292 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
293 }
294 }
295 if ($a_type == "") {
296 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
297 $a_type = $this->obj_type_cache[$a_ref_id];
298 } else {
299 $a_type = ilObject::_lookupType($a_ref_id, true);
300 $this->obj_type_cache[$a_ref_id] = $a_type;
301 }
302 }
303
304 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
305
306 // if supplied tree id is not = 1 (= repository main tree),
307 // check if object is in tree and not deleted
308 if ($a_tree_id != 1 &&
309 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
310 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
311 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
312 return false;
313 }
314
315 // rbac check for current object
316 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
317 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
318 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
319 return false;
320 }
321
322 // Check object activation
323 $act_check = $this->doActivationCheck(
324 $a_permission,
325 $a_cmd,
326 $a_ref_id,
327 $a_user_id,
328 $a_obj_id,
329 $a_type
330 );
331
332 if (!$act_check) {
333 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt('status_no_permission'));
334 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
335 return false;
336 }
337
338 // check read permission for all parents
339 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
340 if (!$par_check) {
341 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
342 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
343 return false;
344 }
345
346 // condition check (currently only implemented for read permission)
347 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
348 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
349 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
350 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
351 return false;
352 }
353
354 // object type specific check
355 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
356 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
357 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
358 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
359 return false;
360 }
361
362 // all checks passed
363 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
364 return true;
365 }
366
370 public function getInfo()
371 {
372 //return $this->last_result;
373 //$this->last_info->setQueryData($this->current_result_element);
374 //var_dump("<pre>",$this->results,"</pre>");
375 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
376 }
377
381 public function getResultLast()
382 {
383 return $this->last_result;
384 }
388 public function getResultAll($a_ref_id = "")
389 {
390 if ($a_ref_id == "") {
391 return $this->results;
392 }
393
394 return $this->results[$a_ref_id];
395 }
396
400 public function doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
401 {
402 global $DIC;
403
404 $ilBench = $DIC['ilBench'];
405 //echo "cacheCheck<br/>";
406
407 $ilBench->start("AccessControl", "1000_checkAccess_get_cache_result");
408 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
409 //var_dump($stored_access);
410 if (is_array($stored_access)) {
411 $this->current_info = $stored_access["info"];
412 //var_dump("cache-treffer:");
413 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
414 return array("hit" => true, "granted" => $stored_access["granted"],
415 "prevent_db_cache" => $stored_access["prevent_db_cache"]);
416 }
417
418 // not in cache
419 $ilBench->stop("AccessControl", "1000_checkAccess_get_cache_result");
420 return array("hit" => false, "granted" => false,
421 "prevent_db_cache" => false);
422 }
423
427 public function doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
428 {
429 global $DIC;
430
431 $tree = $DIC['tree'];
432 $lng = $DIC['lng'];
433 $ilBench = $DIC['ilBench'];
434 //echo "treeCheck<br/>";
435
436 // Get stored result
437 $tree_cache_key = $a_user_id . ':' . $a_ref_id;
438 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
439 // Store access result
440 if (!$this->obj_tree_cache[$tree_cache_key]) {
441 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
442 }
443 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, $this->obj_tree_cache[$tree_cache_key], $a_user_id);
444
445 return $this->obj_tree_cache[$tree_cache_key];
446 }
447
448 $ilBench->start("AccessControl", "2000_checkAccess_in_tree");
449
450 if (!$tree->isInTree($a_ref_id) or $tree->isDeleted($a_ref_id)) {
451 // Store negative access results
452
453 // Store in tree cache
454 // Note, we only store up to 1000 results to avoid memory overflow.
455 if (count($this->obj_tree_cache) < 1000) {
456 $this->obj_tree_cache[$tree_cache_key] = false;
457 }
458
459 // Store in result cache
460 $this->current_info->addInfoItem(IL_DELETED, $lng->txt("object_deleted"));
461 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
462
463 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
464
465 return false;
466 }
467
468 // Store positive access result.
469
470 // Store in tree cache
471 // Note, we only store up to 1000 results to avoid memory overflow.
472 if (count($this->obj_tree_cache) < 1000) {
473 $this->obj_tree_cache[$tree_cache_key] = true;
474 }
475
476 // Store in result cache
477 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
478
479 $ilBench->stop("AccessControl", "2000_checkAccess_in_tree");
480 return true;
481 }
482
486 public function doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
487 {
488 global $DIC;
489
490 $lng = $DIC['lng'];
491 $ilBench = $DIC['ilBench'];
492 $ilErr = $DIC['ilErr'];
493 $ilLog = $DIC['ilLog'];
494
495 $ilBench->start("AccessControl", "2500_checkAccess_rbac_check");
496
497 if ($a_permission == "") {
498 $message = sprintf(
499 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
500 get_class($this),
501 $a_ref_id
502 );
503 $ilLog->write($message, $ilLog->FATAL);
504 $ilErr->raiseError($message, $ilErr->MESSAGE);
505 }
506
507 if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
508 $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
509 } else {
510 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
511 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < 1000) {
512 if ($a_permission != "create") {
513 $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
514 }
515 }
516 }
517
518 // Store in result cache
519 if (!$access) {
520 $this->current_info->addInfoItem(IL_NO_PERMISSION, $lng->txt("status_no_permission"));
521 }
522 if ($a_permission != "create") {
523 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
524 }
525 $ilBench->stop("AccessControl", "2500_checkAccess_rbac_check");
526
527 return $access;
528 }
529
533 public function doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all = false)
534 {
535 global $DIC;
536
537 $tree = $DIC['tree'];
538 $lng = $DIC['lng'];
539 $ilBench = $DIC['ilBench'];
540 $ilObjDataCache = $DIC['ilObjDataCache'];
541 //echo "<br>dopathcheck";
542 //echo "pathCheck<br/>";
543 $ilBench->start("AccessControl", "3100_checkAccess_check_parents_get_path");
544
545 // if (isset($this->stored_path[$a_ref_id]))
546 // {
547 // $path = $this->stored_path[$a_ref_id];
548 // }
549 // else
550 // {
551 $path = $tree->getPathId($a_ref_id);
552 // $this->stored_path[$a_ref_id] = $path;
553 // }
554 $ilBench->stop("AccessControl", "3100_checkAccess_check_parents_get_path");
555
556 foreach ($path as $id) {
557 if ($a_ref_id == $id) {
558 continue;
559 }
560
561 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
562
563 if ($access == false) {
564
565 //$this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
566 $this->current_info->addInfoItem(IL_NO_PARENT_ACCESS, $lng->txt("no_parent_access"), $id);
567
568 if ($a_all == false) {
569 return false;
570 }
571 }
572 }
573
574 return true;
575 }
576
580 public function doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
581 {
582 global $DIC;
583
584 $ilUser = $DIC['ilUser'];
588 $objDefinition = $DIC['objDefinition'];
589
590 $cache_perm = 'other';
591
592 if ($a_permission === 'visible' || $a_permission === 'leave') {
593 $cache_perm = $a_permission;
594 }
595
596 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
597 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
598 }
599
600 // nothings needs to be done if current permission is write permission
601 if ($a_permission === 'write') {
602 return true;
603 }
604
605 // #10852 - member view check
606 if ($a_user_id == $ilUser->getId()) {
607 // #10905 - activate parent container ONLY
608 $memview = ilMemberViewSettings::getInstance();
609 if ($memview->isActiveForRefId($a_ref_id) &&
610 $memview->getContainer() == $a_ref_id) {
611 return true;
612 }
613 }
614
615 // in any case, if user has write permission return true
616 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
617 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
618 return true;
619 }
620
621 // no write access => check centralized offline status
622 if (
623 $objDefinition->supportsOfflineHandling($a_type) &&
624 ilObject::lookupOfflineStatus($a_obj_id)
625 ) {
626 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
627 return false;
628 }
629
630 $item_data = ilObjectActivation::getItem($a_ref_id);
631
632 // if activation isn't enabled
633 if ($item_data === null ||
634 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
635 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
636 return true;
637 }
638
639 // if within activation time
640 if (($item_data['timing_start'] == 0 || time() >= $item_data['timing_start']) and
641 ($item_data['timing_end'] == 0 || time() <= $item_data['timing_end'])) {
642 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
643 return true;
644 }
645
646 // if user has write permission
647 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
648 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
649 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
650 return true;
651 }
652
653 // if current permission is visible or leave and visible is set in activation
654 if (($a_permission === 'visible' || $a_permission === 'leave')
655 && $item_data['visible']) {
656 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
657 return true;
658 }
659
660 // learning progress must be readable, regardless of the activation
661 if ($a_permission == 'read_learning_progress') {
662 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
663 $ilBench->stop("AccessControl", "3150_checkAccess_check_course_activation");
664 return true;
665 }
666
667 // no access
668 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
669 return false;
670 }
671
675 public function doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
676 {
677 //echo "conditionCheck<br/>";
678 global $DIC;
679
680 $lng = $DIC['lng'];
681 $ilBench = $DIC['ilBench'];
682
683 if (
684 ($a_permission == 'visible') and
685 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
686 ) {
687 if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
688 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
689 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
690 foreach ($conditions as $condition) {
691 $this->current_info->addInfoItem(
692 IL_MISSING_PRECONDITION,
693 $lng->txt("missing_precondition") . ": " .
694 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
695 $lng->txt("condition_" . $condition["operator"]) . " " .
696 $condition["value"],
697 $condition
698 );
699 }
700 return false;
701 }
702 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
703 }
704 }
705
706
707 if (($a_permission == "read" or $a_permission == 'join') &&
708 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
709 $ilBench->start("AccessControl", "4000_checkAccess_condition_check");
710 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
711 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
712 foreach ($conditions as $condition) {
713 $this->current_info->addInfoItem(
714 IL_MISSING_PRECONDITION,
715 $lng->txt("missing_precondition") . ": " .
716 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
717 $lng->txt("condition_" . $condition["operator"]) . " " .
718 $condition["value"],
719 $condition
720 );
721 }
722 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
723 return false;
724 }
725 $ilBench->stop("AccessControl", "4000_checkAccess_condition_check");
726 }
727
728 return true;
729 }
730
734 public function doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
735 {
736 global $DIC;
737
739 $objDefinition = $DIC['objDefinition'];
740 $ilBench = $DIC['ilBench'];
741 $ilPluginAdmin = $DIC['ilPluginAdmin'];
742 //echo "statusCheck<br/>";
743 $ilBench->start("AccessControl", "5000_checkAccess_object_check");
744
745 // check for a deactivated plugin
746 if ($objDefinition->isPluginTypeName($a_type) && !$objDefinition->isPlugin($a_type)) {
747 return false;
748 }
749 if (!$a_type) {
750 return false;
751 }
752
753 $class = $objDefinition->getClassName($a_type);
754 $location = $objDefinition->getLocation($a_type);
755 $full_class = "ilObj" . $class . "Access";
756
757 // use autoloader for standard objects
758 if ($objDefinition->isPluginTypeName($a_type)) {
759 include_once($location . "/class." . $full_class . ".php");
760 }
761
762 if ($class == "") {
763 $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
764 return false;
765 }
766
767 $full_class = new $full_class();
768
769 $obj_access = call_user_func(
770 array($full_class, "_checkAccess"),
771 $a_cmd,
772 $a_permission,
773 $a_ref_id,
774 $a_obj_id,
775 $a_user_id
776 );
777 if (!($obj_access === true)) {
778 //Note: We must not add an info item here, because one is going
779 // to be added by the user function we just called a few
780 // lines above.
781 //$this->current_info->addInfoItem(IL_NO_OBJECT_ACCESS, $obj_access);
782
783 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
784 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
785 return false;
786 }
787
788 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
789 $ilBench->stop("AccessControl", "5000_checkAccess_object_check");
790 return true;
791 }
792
796 public function clear()
797 {
798 $this->results = array();
799 $this->last_result = "";
800 $this->current_info = new ilAccessInfo();
801 $this->stored_rbac_access = [];
802 }
806 public function enable($a_str, $a_bool)
807 {
808 $this->$a_str = $a_bool;
809 }
810
811
812
813 //
814 // OrgUnit Positions
815 //
816
820 public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
821 {
822 return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission($user_ids, $permission);
823 }
824
828 public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
829 {
830 return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission($user_ids, $for_user_id, $permission);
831 }
832
836 public function isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
837 {
838 return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
839 }
840
844 public function isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
845 {
846 return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo($which_user_id, $permission, $on_user_ids);
847 }
848
852 public function checkPositionAccess($pos_perm, $ref_id)
853 {
854 return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
855 }
856
860 public function checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
861 {
862 return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
863 }
864
868 public function filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
869 {
870 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
871 }
872
876 public function filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
877 {
878 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
879 }
880
884 public function filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
885 {
886 return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, $user_ids);
887 }
888
892 public function hasCurrentUserAnyPositionAccess($ref_id)
893 {
894 return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
895 }
896
900 public function hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
901 {
902 return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
903 }
904}
$location
$location
Definition: buildRTE.php:44
php
An exception for terminatinating execution or to throw for unit testing.
IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:25
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
IL_NO_PERMISSION
const IL_NO_PERMISSION
Definition: class.ilAccessInfo.php:24
IL_DELETED
const IL_DELETED
Definition: class.ilAccessInfo.php:28
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:40
ilAccess
Class ilAccessHandler.
Definition: class.ilAccess.php:14
ilAccess\readCache
readCache($a_secs=0)
Definition: class.ilAccess.php:200
ilAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilAccess.php:876
ilAccess\doConditionCheck
doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
condition check (currently only implemented for read permission)bool
Definition: class.ilAccess.php:675
ilAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
Definition: class.ilAccess.php:860
ilAccess\checkAccessOfUser
checkAccessOfUser($a_user_id, $a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:258
ilAccess\hasCurrentUserAnyPositionAccess
hasCurrentUserAnyPositionAccess($ref_id)
bool
Definition: class.ilAccess.php:892
ilAccess\getResultAll
getResultAll($a_ref_id="")
Definition: class.ilAccess.php:388
ilAccess\doCacheCheck
doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
look if result for current query is already in cachebool
Definition: class.ilAccess.php:400
ilAccess\doTreeCheck
doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)
check if object is in tree and not deletedbool
Definition: class.ilAccess.php:427
ilAccess\$ilOrgUnitPositionAccess
$ilOrgUnitPositionAccess
Definition: class.ilAccess.php:19
ilAccess\enable
enable($a_str, $a_bool)
Definition: class.ilAccess.php:806
ilAccess\doPathCheck
doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_all=false)
check read permission for all parentsbool
Definition: class.ilAccess.php:533
ilAccess\getResultLast
getResultLast()
get last info object
Definition: class.ilAccess.php:381
ilAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilAccess.php:836
ilAccess\doRBACCheck
doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)
rbac check for current object -> type should be used for create permissionbool
Definition: class.ilAccess.php:486
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.boolean true if last result should not be cached
Definition: class.ilAccess.php:150
ilAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilAccess.php:868
ilAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilAccess.php:852
ilAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilAccess.php:900
ilAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilAccess.php:828
ilAccess\setResults
setResults($a_results)
Definition: class.ilAccess.php:230
ilAccess\addInfoItem
addInfoItem($a_type, $a_text, $a_data="")
add an info item to current info object
Definition: class.ilAccess.php:238
ilAccess\getStoredAccessResult
getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id="")
get stored access result@access privatearray result array: "granted" (boolean) => true if access is g...
Definition: class.ilAccess.php:158
ilAccess\getInfo
getInfo()
get last info object
Definition: class.ilAccess.php:370
ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilAccess.php:820
ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
Definition: class.ilAccess.php:884
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult($a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:142
ilAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilAccess.php:844
ilAccess\checkAccess
checkAccess($a_permission, $a_cmd, $a_ref_id, $a_type="", $a_obj_id="", $a_tree_id="")
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:246
ilAccess\storeAccessResult
storeAccessResult($a_permission, $a_cmd, $a_ref_id, $a_access_granted, $a_user_id="", $a_info="")
store access result@access private
Definition: class.ilAccess.php:109
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget($a_target_ref_id, $a_target_id, $a_target_type="", $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1208
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilObjectActivation\getItem
static getItem($a_ref_id)
Get item data.
Definition: class.ilObjectActivation.php:354
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1110
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:991
ilObject\lookupOfflineStatus
static lookupOfflineStatus($a_obj_id)
Lookup offline status using objectDataCache.
Definition: class.ilObject.php:1009
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281
ilOrgUnitPositionAccess
Class ilOrgUnitPositionAccess.
Definition: class.ilOrgUnitPositionAccess.php:9
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, $for_user_id, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:49
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess($pos_perm, $ref_id)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:161
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo($permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:65
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:88
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, $permission)
getAvailablePositionRelatedPermissions for available permissionsilOrgUnitAccessException when a unkno...
Definition: class.ilOrgUnitPositionAccess.php:38
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, array $user_ids)
getAvailablePositionRelatedPermissions for available permissionsint[]
Definition: class.ilOrgUnitPositionAccess.php:104
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:211
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser($rbac_perm, $pos_perm, $ref_id, array $user_ids)
int[]
Definition: class.ilOrgUnitPositionAccess.php:231
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id)
bool
Definition: class.ilOrgUnitPositionAccess.php:250
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo($which_user_id, $permission, array $on_user_ids)
getAvailablePositionRelatedPermissions for available permissionsbool
Definition: class.ilOrgUnitPositionAccess.php:76
$DIC
global $DIC
Definition: goto.php:24
$ilBench
global $ilBench
Definition: ilias.php:21
$ilUser
$ilUser
Definition: imgupload.php:18
ilAccessHandler
Interface ilAccessHandler.
Definition: interface.ilAccessHandler.php:11
ilRBACAccessHandler\doActivationCheck
doActivationCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
check for activation and centralized offline status.
ilRBACAccessHandler\doStatusCheck
doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)
object type specific check
$query
$query
Definition: proxy_ylocal.php:13
$ilErr
$ilErr
Definition: raiseError.php:18
$lng
$lng
Definition: save_question_post_data.php:23
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$message
$message
Definition: xapiexit.php:14