ILIAS  release_8 Revision v8.23
class.ilClaimingPermissionHelper.php
Go to the documentation of this file.
1 <?php
2 
25 abstract class ilClaimingPermissionHelper
26 {
27  protected int $user_id = 0;
28  protected int $ref_id = 0;
29  protected array $map = [];
30  protected array $context_ids = [];
32  protected ?array $plugins = null;
33  protected static array $instances = [];
34 
35  protected function __construct(int $a_user_id, int $a_ref_id)
36  {
37  $this->setUserId($a_user_id);
38  $this->setRefId($a_ref_id);
39  $this->map = $this->buildPermissionMap();
40  $this->reset();
41  }
42 
43  public static function getInstance(int $a_user_id, int $a_ref_id): self
44  {
45  if (!isset(self::$instances[$a_user_id][$a_ref_id])) {
46  self::$instances[$a_user_id][$a_ref_id] = new static($a_user_id, $a_ref_id);
47  }
48  return self::$instances[$a_user_id][$a_ref_id];
49  }
50 
54  public function reset(): void
55  {
56  $this->context_ids = array();
57  }
58 
59 
60  // properties
61 
62  protected function setUserId(int $a_value): void
63  {
64  $this->user_id = $a_value;
65  }
66 
67  protected function getUserId(): int
68  {
69  return $this->user_id;
70  }
71 
72  protected function setRefId(int $a_value): void
73  {
74  $this->ref_id = $a_value;
75  }
76 
77  protected function getRefId(): int
78  {
79  return $this->ref_id;
80  }
81 
82 
83  // caching
84 
88  abstract protected function readContextIds(int $a_context_type): array;
89 
90 
91  // permissions
92 
96  abstract protected function buildPermissionMap(): array;
97 
101  protected function isValidContextAndAction(
102  int $a_context_type,
103  string $a_context_id,
104  int $a_action_id,
105  ?int $a_action_sub_id = null
106  ): bool {
107  $valid = false;
108 
109  if (array_key_exists($a_context_type, $this->map)) {
110  if (!$a_action_sub_id) {
111  if (in_array($a_action_id, $this->map[$a_context_type]["actions"])) {
112  $valid = true;
113  }
114  } else {
115  if (array_key_exists($a_action_id, $this->map[$a_context_type]["subactions"]) &&
116  in_array($a_action_sub_id, $this->map[$a_context_type]["subactions"][$a_action_id])) {
117  $valid = true;
118  }
119  }
120  }
121 
122  if ($valid &&
123  $a_context_id &&
124  !in_array($a_context_id, $this->getValidContextIds($a_context_type))) {
125  $valid = false;
126  }
127 
128  if (DEVMODE && !$valid) {
129  trigger_error("INVALID permission context - " . $a_context_type . ":" . $a_context_id . ":" . $a_action_id . ":" . $a_action_sub_id, E_USER_WARNING);
130  }
131 
132  return $valid;
133  }
134 
140  protected function getValidContextIds(int $a_context_type): array
141  {
142  if (!array_key_exists($a_context_type, $this->context_ids)) {
143  $this->context_ids[$a_context_type] = $this->readContextIds($a_context_type);
144  }
145  return (array) $this->context_ids[$a_context_type];
146  }
147 
151  public function hasPermission(
152  int $a_context_type,
153  string $a_context_id,
154  int $a_action_id,
155  ?int $a_action_sub_id = null
156  ): bool {
157  if ($this->isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
158  return $this->checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id);
159  }
160  // :TODO: exception?
161  return false;
162  }
163 
167  public function hasPermissions(int $a_context_type, string $a_context_id, array $a_action_ids): array
168  {
169  $res = array();
170 
171  foreach ($a_action_ids as $action_id) {
172  if (is_array($action_id)) {
173  $action_sub_id = $action_id[1];
174  $action_id = $action_id[0];
175 
176  $res[$action_id][$action_sub_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id, $action_sub_id);
177  } else {
178  $res[$action_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id);
179  }
180  }
181 
182  return $res;
183  }
184 
188  protected function checkPermission(
189  int $a_context_type,
190  string $a_context_id,
191  int $a_action_id,
192  ?int $a_action_sub_id = null
193  ): bool {
194  return ($this->checkRBAC() &&
195  $this->checkPlugins($a_context_type, (string) $a_context_id, $a_action_id, $a_action_sub_id));
196  }
197 
201  protected function checkRBAC(): bool
202  {
203  global $DIC;
204  $ilAccess = $DIC->access();
205 
206  // we are currently only supporting write operations
207  return $ilAccess->checkAccessOfUser($this->getUserId(), "write", "", $this->getRefId());
208  }
209 
213  abstract protected function getActivePlugins(): Generator;
214 
218  protected function checkPlugins(
219  int $a_context_type,
220  string $a_context_id,
221  int $a_action_id,
222  ?int $a_action_sub_id = null
223  ): bool {
224  $valid = true;
225 
226  if (!is_array($this->plugins)) {
227  $this->plugins = iterator_to_array($this->getActivePlugins());
228  }
229 
230  foreach ($this->plugins as $plugin) {
231  $a_action_sub_id = is_null($a_action_sub_id)
232  ? ilAdvancedMDPermissionHelper::SUBACTION_UNDEFINED
233  : $a_action_sub_id;
234  if (!$plugin->checkPermission($this->getUserId(), $a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
235  $valid = false;
236  break;
237  }
238  }
239 
240  return $valid;
241  }
242 
246  public function getAllowedObjectTypes(): array
247  {
248  $accepted_types = ['cat','crs','sess','grp','iass', 'exc'];
249 
250  $obj_def = new ilObjectDefinition();
251  $adv_md_types = $obj_def->getAdvancedMetaDataTypes();
252 
253  $valid_accepted_types = array();
254  foreach ($adv_md_types as $value) {
255  if (in_array($value['obj_type'], $accepted_types) || in_array($value['sub_type'], $accepted_types)) {
256  array_push($valid_accepted_types, $value['obj_type']);
257  }
258  }
259 
260  return $valid_accepted_types;
261  }
262 }
$res
$res
Definition: ltiservices.php:69
ilClaimingPermissionHelper
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilClaimingPermissionHelper.php:25
ilClaimingPermissionHelper\getValidContextIds
getValidContextIds(int $a_context_type)
Get context ids for context type (uses cache)
Definition: class.ilClaimingPermissionHelper.php:140
$valid
$valid
Definition: dummy_client.php:57
ilClaimingPermissionHelper\checkPermission
checkPermission(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission (helper: rbac, plugins)
Definition: class.ilClaimingPermissionHelper.php:188
ilClaimingPermissionHelper\hasPermissions
hasPermissions(int $a_context_type, string $a_context_id, array $a_action_ids)
Check permissions.
Definition: class.ilClaimingPermissionHelper.php:167
ilClaimingPermissionHelper\getActivePlugins
getActivePlugins()
Get active plugins (for current slot)
ilClaimingPermissionHelper\buildPermissionMap
buildPermissionMap()
Build map of context and actions.
$DIC
global $DIC
Definition: feed.php:28
ilObjectDefinition
parses the objects.xml it handles the xml-description of all ilias objects
Definition: class.ilObjectDefinition.php:28
ilClaimingPermissionHelper\checkRBAC
checkRBAC()
Check permission against RBAC.
Definition: class.ilClaimingPermissionHelper.php:201
ilClaimingPermissionHelper\hasPermission
hasPermission(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission.
Definition: class.ilClaimingPermissionHelper.php:151
ilClaimingPermissionHelper\readContextIds
readContextIds(int $a_context_type)
Get all context ids for context type (from DB, is cached)
ilClaimingPermissionHelper\isValidContextAndAction
isValidContextAndAction(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check if given combination of context and action is valid.
Definition: class.ilClaimingPermissionHelper.php:101
ilClaimingPermissionHelper\getInstance
static getInstance(int $a_user_id, int $a_ref_id)
Definition: class.ilClaimingPermissionHelper.php:43
ilClaimingPermissionHelper\__construct
__construct(int $a_user_id, int $a_ref_id)
Definition: class.ilClaimingPermissionHelper.php:35
ilClaimingPermissionHelper\checkPlugins
checkPlugins(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission against plugins.
Definition: class.ilClaimingPermissionHelper.php:218