ILIAS  release_8 Revision v8.24
class.ilClaimingPermissionHelper.php
Go to the documentation of this file.
1<?php
2
25abstract class ilClaimingPermissionHelper
26{
27 protected int $user_id = 0;
28 protected int $ref_id = 0;
29 protected array $map = [];
30 protected array $context_ids = [];
32 protected ?array $plugins = null;
33 protected static array $instances = [];
34
35 protected function __construct(int $a_user_id, int $a_ref_id)
36 {
37 $this->setUserId($a_user_id);
38 $this->setRefId($a_ref_id);
39 $this->map = $this->buildPermissionMap();
40 $this->reset();
41 }
42
43 public static function getInstance(int $a_user_id, int $a_ref_id): self
44 {
45 if (!isset(self::$instances[$a_user_id][$a_ref_id])) {
46 self::$instances[$a_user_id][$a_ref_id] = new static($a_user_id, $a_ref_id);
47 }
48 return self::$instances[$a_user_id][$a_ref_id];
49 }
50
54 public function reset(): void
55 {
56 $this->context_ids = array();
57 }
58
59
60 // properties
61
62 protected function setUserId(int $a_value): void
63 {
64 $this->user_id = $a_value;
65 }
66
67 protected function getUserId(): int
68 {
69 return $this->user_id;
70 }
71
72 protected function setRefId(int $a_value): void
73 {
74 $this->ref_id = $a_value;
75 }
76
77 protected function getRefId(): int
78 {
79 return $this->ref_id;
80 }
81
82
83 // caching
84
88 abstract protected function readContextIds(int $a_context_type): array;
89
90
91 // permissions
92
96 abstract protected function buildPermissionMap(): array;
97
101 protected function isValidContextAndAction(
102 int $a_context_type,
103 string $a_context_id,
104 int $a_action_id,
105 ?int $a_action_sub_id = null
106 ): bool {
107 $valid = false;
108
109 if (array_key_exists($a_context_type, $this->map)) {
110 if (!$a_action_sub_id) {
111 if (in_array($a_action_id, $this->map[$a_context_type]["actions"])) {
112 $valid = true;
113 }
114 } else {
115 if (array_key_exists($a_action_id, $this->map[$a_context_type]["subactions"]) &&
116 in_array($a_action_sub_id, $this->map[$a_context_type]["subactions"][$a_action_id])) {
117 $valid = true;
118 }
119 }
120 }
121
122 if ($valid &&
123 $a_context_id &&
124 !in_array($a_context_id, $this->getValidContextIds($a_context_type))) {
125 $valid = false;
126 }
127
128 if (DEVMODE && !$valid) {
129 trigger_error("INVALID permission context - " . $a_context_type . ":" . $a_context_id . ":" . $a_action_id . ":" . $a_action_sub_id, E_USER_WARNING);
130 }
131
132 return $valid;
133 }
134
140 protected function getValidContextIds(int $a_context_type): array
141 {
142 if (!array_key_exists($a_context_type, $this->context_ids)) {
143 $this->context_ids[$a_context_type] = $this->readContextIds($a_context_type);
144 }
145 return (array) $this->context_ids[$a_context_type];
146 }
147
151 public function hasPermission(
152 int $a_context_type,
153 string $a_context_id,
154 int $a_action_id,
155 ?int $a_action_sub_id = null
156 ): bool {
157 if ($this->isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
158 return $this->checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id);
159 }
160 // :TODO: exception?
161 return false;
162 }
163
167 public function hasPermissions(int $a_context_type, string $a_context_id, array $a_action_ids): array
168 {
169 $res = array();
170
171 foreach ($a_action_ids as $action_id) {
172 if (is_array($action_id)) {
173 $action_sub_id = $action_id[1];
174 $action_id = $action_id[0];
175
176 $res[$action_id][$action_sub_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id, $action_sub_id);
177 } else {
178 $res[$action_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id);
179 }
180 }
181
182 return $res;
183 }
184
188 protected function checkPermission(
189 int $a_context_type,
190 string $a_context_id,
191 int $a_action_id,
192 ?int $a_action_sub_id = null
193 ): bool {
194 return ($this->checkRBAC() &&
195 $this->checkPlugins($a_context_type, (string) $a_context_id, $a_action_id, $a_action_sub_id));
196 }
197
201 protected function checkRBAC(): bool
202 {
203 global $DIC;
204 $ilAccess = $DIC->access();
205
206 // we are currently only supporting write operations
207 return $ilAccess->checkAccessOfUser($this->getUserId(), "write", "", $this->getRefId());
208 }
209
213 abstract protected function getActivePlugins(): Generator;
214
218 protected function checkPlugins(
219 int $a_context_type,
220 string $a_context_id,
221 int $a_action_id,
222 ?int $a_action_sub_id = null
223 ): bool {
224 $valid = true;
225
226 if (!is_array($this->plugins)) {
227 $this->plugins = iterator_to_array($this->getActivePlugins());
228 }
229
230 foreach ($this->plugins as $plugin) {
231 $a_action_sub_id = is_null($a_action_sub_id)
232 ? ilAdvancedMDPermissionHelper::SUBACTION_UNDEFINED
233 : $a_action_sub_id;
234 if (!$plugin->checkPermission($this->getUserId(), $a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
235 $valid = false;
236 break;
237 }
238 }
239
240 return $valid;
241 }
242
246 public function getAllowedObjectTypes(): array
247 {
248 $accepted_types = ['cat','crs','sess','grp','iass', 'exc'];
249
250 $obj_def = new ilObjectDefinition();
251 $adv_md_types = $obj_def->getAdvancedMetaDataTypes();
252
253 $valid_accepted_types = array();
254 foreach ($adv_md_types as $value) {
255 if (in_array($value['obj_type'], $accepted_types) || in_array($value['sub_type'], $accepted_types)) {
256 array_push($valid_accepted_types, $value['obj_type']);
257 }
258 }
259
260 return $valid_accepted_types;
261 }
262}
true
return true
Definition: class.ilIniFile.php:164
ilClaimingPermissionHelper
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilClaimingPermissionHelper.php:26
ilClaimingPermissionHelper\buildPermissionMap
buildPermissionMap()
Build map of context and actions.
ilClaimingPermissionHelper\getActivePlugins
getActivePlugins()
Get active plugins (for current slot)
ilClaimingPermissionHelper\readContextIds
readContextIds(int $a_context_type)
Get all context ids for context type (from DB, is cached)
ilClaimingPermissionHelper\getValidContextIds
getValidContextIds(int $a_context_type)
Get context ids for context type (uses cache)
Definition: class.ilClaimingPermissionHelper.php:140
ilClaimingPermissionHelper\hasPermission
hasPermission(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission.
Definition: class.ilClaimingPermissionHelper.php:151
ilClaimingPermissionHelper\checkRBAC
checkRBAC()
Check permission against RBAC.
Definition: class.ilClaimingPermissionHelper.php:201
ilClaimingPermissionHelper\isValidContextAndAction
isValidContextAndAction(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check if given combination of context and action is valid.
Definition: class.ilClaimingPermissionHelper.php:101
ilClaimingPermissionHelper\checkPermission
checkPermission(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission (helper: rbac, plugins)
Definition: class.ilClaimingPermissionHelper.php:188
ilClaimingPermissionHelper\getInstance
static getInstance(int $a_user_id, int $a_ref_id)
Definition: class.ilClaimingPermissionHelper.php:43
ilClaimingPermissionHelper\__construct
__construct(int $a_user_id, int $a_ref_id)
Definition: class.ilClaimingPermissionHelper.php:35
ilClaimingPermissionHelper\checkPlugins
checkPlugins(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission against plugins.
Definition: class.ilClaimingPermissionHelper.php:218
ilClaimingPermissionHelper\hasPermissions
hasPermissions(int $a_context_type, string $a_context_id, array $a_action_ids)
Check permissions.
Definition: class.ilClaimingPermissionHelper.php:167
ilObjectDefinition
parses the objects.xml it handles the xml-description of all ilias objects
Definition: class.ilObjectDefinition.php:29
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: confirmReg.php:20
return
return['3gp', '7z', 'ai', 'aif', 'aifc', 'aiff', 'au', 'arw', 'avi', 'backup', 'bak', 'bas', 'bpmn', 'bpmn2', 'bmp', 'bib', 'bibtex', 'bz', 'bz2', 'c', 'c++', 'cc', 'cct', 'cdf', 'cer', 'class', 'cls', 'conf', 'cpp', 'crt', 'crs', 'crw', 'cr2', 'css', 'cst', 'csv', 'cur', 'db', 'dcr', 'des', 'dng', 'doc', 'docx', 'dot', 'dotx', 'dtd', 'dvi', 'el', 'eps', 'epub', 'f', 'f77', 'f90', 'flv', 'for', 'g3', 'gif', 'gl', 'gan', 'ggb', 'gsd', 'gsm', 'gtar', 'gz', 'gzip', 'h', 'hpp', 'htm', 'html', 'htmls', 'ibooks', 'ico', 'ics', 'ini', 'ipynb', 'java', 'jbf', 'jpeg', 'jpg', 'js', 'jsf', 'jso', 'json', 'latex', 'lang', 'less', 'log', 'lsp', 'ltx', 'm1v', 'm2a', 'm2v', 'm3u', 'm4a', 'm4v', 'markdown', 'm', 'mat', 'md', 'mdl', 'mdown', 'mid', 'min', 'midi', 'mobi', 'mod', 'mov', 'movie', 'mp2', 'mp3', 'mp4', 'mpa', 'mpeg', 'mpg', 'mph', 'mpga', 'mpp', 'mpt', 'mpv', 'mpx', 'mv', 'mw', 'mv4', 'nb', 'nbp', 'nef', 'nif', 'niff', 'obj', 'obm', 'odt', 'ods', 'odp', 'odg', 'odf', 'oga', 'ogg', 'ogv', 'old', 'p', 'pas', 'pbm', 'pcl', 'pct', 'pcx', 'pdf', 'pgm', 'pic', 'pict', 'png', 'por', 'pov', 'project', 'properties', 'ppa', 'ppm', 'pps', 'ppsx', 'ppt', 'pptx', 'ppz', 'ps', 'psd', 'pwz', 'qt', 'qtc', 'qti', 'qtif', 'r', 'ra', 'ram', 'rar', 'rast', 'rda', 'rev', 'rexx', 'ris', 'rf', 'rgb', 'rm', 'rmd', 'rmi', 'rmm', 'rmp', 'rt', 'rtf', 'rtx', 'rv', 's', 's3m', 'sav', 'sbs', 'sec', 'sdml', 'sgm', 'sgml', 'smi', 'smil', 'srt', 'sps', 'spv', 'stl', 'svg', 'swa', 'swf', 'swz', 'tar', 'tex', 'texi', 'texinfo', 'text', 'tgz', 'tif', 'tiff', 'ttf', 'txt', 'tmp', 'uvproj', 'vdf', 'vimeo', 'viv', 'vivo', 'vrml', 'vsdx', 'wav', 'webm', 'wmv', 'wmx', 'wmz', 'woff', 'wwd', 'xhtml', 'xif', 'xls', 'xlsx', 'xmind', 'xml', 'xsl', 'xsd', 'zip']
Definition: default_whitelist.php:244
$valid
$valid
Definition: dummy_client.php:57
$DIC
global $DIC
Definition: feed.php:28
$res
$res
Definition: ltiservices.php:69