ILIAS  release_8 Revision v8.24
class.ilAccess.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
27class ilAccess implements ilAccessHandler
28{
29 private const MAX_CACHE_SIZE = 1000;
30
31 protected ilOrgUnitPositionAccess $ilOrgUnitPositionAccess;
32 protected array $obj_tree_cache;
33 protected array $obj_type_cache;
34 protected array $obj_id_cache;
35 protected array $ac_cache;
36
37 protected bool $status;
38 protected bool $path;
39 protected bool $condition;
40 protected bool $tree;
41 protected bool $rbac;
42 protected bool $cache;
43
44 private bool $prevent_caching_last_result = false;
45
46 protected ilAccessInfo $current_info;
47 protected ?ilAccessInfo $last_info = null;
48 protected array $results = [];
49 protected array $last_result = [];
50 protected array $stored_rbac_access = [];
51 protected array $current_result_element = [];
52
53 protected ilRbacSystem $rbacsystem;
54 protected ilObjUser $user;
55 protected ilLogger $ac_logger;
56 protected ilDBInterface $db;
57 protected ilTree $repositoryTree;
58 protected ilObjectDefinition $objDefinition;
59
60 protected ?ilLanguage $language = null;
61
62 public function __construct()
63 {
64 global $DIC;
65
66 $this->user = $DIC->user();
67 $this->db = $DIC->database();
68 $this->rbacsystem = $DIC['rbacsystem'];
69 $this->results = array();
70 $this->current_info = new ilAccessInfo();
71 $this->repositoryTree = $DIC->repositoryTree();
72 $this->objDefinition = $DIC['objDefinition'];
73
74 // use function enable to switch on/off tests (only cache is used so far)
75 $this->cache = true;
76 $this->rbac = true;
77 $this->tree = true;
78 $this->condition = true;
79 $this->path = true;
80 $this->status = true;
81 $this->obj_id_cache = [];
82 $this->obj_type_cache = [];
83 $this->obj_tree_cache = [];
84 $this->ac_cache = [];
85
86 $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess($this);
87
88 $this->ac_logger = ilLoggerFactory::getLogger('ac');
89 }
90
91 private function getLanguage(): ilLanguage
92 {
93 if ($this->language === null) {
94 global $DIC;
95 $this->language = $DIC['lng'];
96 }
97
98 return $this->language;
99 }
100
104 public function storeAccessResult(
105 string $a_permission,
106 string $a_cmd,
107 int $a_ref_id,
108 bool $a_access_granted,
109 ?int $a_user_id = null,
110 ?ilAccessInfo $a_info = null
111 ): void {
112 if ($a_user_id === null) {
113 $a_user_id = $this->user->getId();
114 }
115 if ($a_info === null) {
116 $a_info = $this->current_info;
117 }
118 if ($this->cache) {
119 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] = [
120 "granted" => $a_access_granted,
121 "info" => $a_info,
122 "prevent_db_cache" => $this->getPreventCachingLastResult()
123 ];
124 $this->current_result_element = [$a_access_granted, $a_ref_id, $a_permission, $a_cmd, $a_user_id];
125 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
126 $this->last_info = $a_info;
127 }
128 // get new info object
129 $this->current_info = new ilAccessInfo();
130 }
131
135 public function setPreventCachingLastResult(bool $a_val): void
136 {
137 $this->prevent_caching_last_result = $a_val;
138 }
139
143 public function getPreventCachingLastResult(): bool
144 {
145 return $this->prevent_caching_last_result;
146 }
147
151 public function getStoredAccessResult(
152 string $a_permission,
153 string $a_cmd,
154 int $a_ref_id,
155 ?int $a_user_id = null
156 ): array {
157 if ($a_user_id === null) {
158 $a_user_id = $this->user->getId();
159 }
160 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
161 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
162 }
163 return [];
164 }
165
169 public function storeCache(): void
170 {
171 $query = "DELETE FROM acc_cache WHERE user_id = " . $this->db->quote($this->user->getId(), 'integer');
172 $res = $this->db->manipulate($query);
173
174 $this->db->insert('acc_cache', array(
175 'user_id' => array('integer', $this->user->getId()),
176 'time' => array('integer', time()),
177 'result' => array('clob', serialize($this->results))
178 ));
179 }
180
184 public function readCache(int $a_secs = 0): bool
185 {
186 if ($a_secs > 0) {
187 $query = "SELECT * FROM acc_cache WHERE user_id = " .
188 $this->db->quote($this->user->getId(), 'integer');
189 $set = $this->db->query($query);
190 $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
191 if ((time() - $rec["time"]) < $a_secs) {
192 $this->results = unserialize($rec["result"]);
193 return true;
194 }
195 }
196 return false;
197 }
198
202 public function getResults(): array
203 {
204 return $this->results;
205 }
206
210 public function setResults(array $a_results): void
211 {
212 $this->results = $a_results;
213 }
214
218 public function addInfoItem(string $a_type, string $a_text, string $a_data = ""): void
219 {
220 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
221 }
222
226 public function checkAccess(
227 string $a_permission,
228 string $a_cmd,
229 int $a_ref_id,
230 string $a_type = "",
231 ?int $a_obj_id = null,
232 ?int $a_tree_id = null
233 ): bool {
234 return $this->checkAccessOfUser(
235 $this->user->getId(),
236 $a_permission,
237 $a_cmd,
238 $a_ref_id,
239 $a_type,
240 $a_obj_id,
241 $a_tree_id
242 );
243 }
244
248 public function checkAccessOfUser(
249 int $a_user_id,
250 string $a_permission,
251 string $a_cmd,
252 int $a_ref_id,
253 string $a_type = "",
254 ?int $a_obj_id = 0,
255 ?int $a_tree_id = 0
256 ): bool {
257 global $DIC;
258
259 $ilBench = $DIC['ilBench'];
260
261 $this->setPreventCachingLastResult(false); // for external db based caches
262
263 $ilBench->start("AccessControl", "0400_clear_info");
264 $this->current_info->clear();
265 $ilBench->stop("AccessControl", "0400_clear_info");
266
267 // get stored result (internal memory based cache)
268 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
269 if ($cached["hit"]) {
270 // Store access result
271 if (!$cached["granted"]) {
272 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
273 }
274 if ($cached["prevent_db_cache"]) {
275 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
276 }
277 return $cached["granted"];
278 }
279
280 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
281 // get object id if not provided
282 if ($a_obj_id == 0) {
283 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
284 $a_obj_id = $this->obj_id_cache[$a_ref_id];
285 } else {
286 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
287 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
288 }
289 }
290 if ($a_type == "") {
291 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
292 $a_type = $this->obj_type_cache[$a_ref_id];
293 } else {
294 $a_type = ilObject::_lookupType($a_ref_id, true);
295 $this->obj_type_cache[$a_ref_id] = $a_type;
296 }
297 }
298
299 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
300
301 // if supplied tree id is not = 1 (= repository main tree),
302 // check if object is in tree and not deleted
303 if ($a_tree_id != 1 &&
304 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
305 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
306 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
307 return false;
308 }
309
310 // rbac check for current object
311 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
312 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
313 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
314 return false;
315 }
316
317 // Check object activation
318 $act_check = $this->doActivationCheck(
319 $a_permission,
320 $a_cmd,
321 $a_ref_id,
322 $a_user_id,
323 $a_obj_id,
324 $a_type
325 );
326
327 if (!$act_check) {
328 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt('status_no_permission'));
329 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
330 return false;
331 }
332
333 // check read permission for all parents
334 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
335 if (!$par_check) {
336 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
337 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
338 return false;
339 }
340
341 // condition check (currently only implemented for read permission)
342 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
343 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
344 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
345 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
346 return false;
347 }
348
349 // object type specific check
350 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
351 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
352 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
353 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
354 return false;
355 }
356
357 // all checks passed
358 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
359 return true;
360 }
361
365 public function getInfo(): array
366 {
367 return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
368 }
369
373 public function getResultLast(): array
374 {
375 return $this->last_result;
376 }
377
381 public function getResultAll(int $a_ref_id = 0): array
382 {
383 if ($a_ref_id == "") {
384 return $this->results;
385 }
386
387 return $this->results[$a_ref_id];
388 }
389
393 public function doCacheCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id): array
394 {
395 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
396
397 //var_dump($stored_access);
398 if ($stored_access !== []) {
399 if (isset($stored_access['info']) && $stored_access['info'] instanceof ilAccessInfo) {
400 $this->current_info = $stored_access["info"];
401 }
402 //var_dump("cache-treffer:");
403 return [
404 "hit" => true,
405 "granted" => $stored_access["granted"],
406 "prevent_db_cache" => $stored_access["prevent_db_cache"]
407 ];
408 }
409
410 // not in cache
411 return [
412 "hit" => false,
413 "granted" => false,
414 "prevent_db_cache" => false
415 ];
416 }
417
421 public function doTreeCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id): bool
422 {
423 // Get stored result
424 $tree_cache_key = $a_user_id . ':' . $a_ref_id;
425 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
426 // Store access result
427 if (!$this->obj_tree_cache[$tree_cache_key]) {
428 $this->current_info->addInfoItem(
429 ilAccessInfo::IL_NO_PERMISSION,
430 $this->getLanguage()->txt("status_no_permission")
431 );
432 }
433 $this->storeAccessResult(
434 $a_permission,
435 $a_cmd,
436 $a_ref_id,
437 $this->obj_tree_cache[$tree_cache_key],
438 $a_user_id
439 );
440
441 return $this->obj_tree_cache[$tree_cache_key];
442 }
443
444 if (!$this->repositoryTree->isInTree($a_ref_id) || $this->repositoryTree->isDeleted($a_ref_id)) {
445 // Store negative access results
446 // Store in tree cache
447 // Note, we only store up to 1000 results to avoid memory overflow.
448 if (count($this->obj_tree_cache) < self::MAX_CACHE_SIZE) {
449 $this->obj_tree_cache[$tree_cache_key] = false;
450 }
451
452 // Store in result cache
453 $this->current_info->addInfoItem(ilAccessInfo::IL_DELETED, $this->getLanguage()->txt("object_deleted"));
454 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
455 return false;
456 }
457
458 // Store positive access result.
459 // Store in tree cache
460 // Note, we only store up to 1000 results to avoid memory overflow.
461 if (count($this->obj_tree_cache) < self::MAX_CACHE_SIZE) {
462 $this->obj_tree_cache[$tree_cache_key] = true;
463 }
464 // Store in result cache
465 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
466 return true;
467 }
468
472 public function doRBACCheck(
473 string $a_permission,
474 string $a_cmd,
475 int $a_ref_id,
476 int $a_user_id,
477 string $a_type
478 ): bool {
479 if ($a_permission == "") {
480 $message = sprintf(
481 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
482 get_class($this),
483 $a_ref_id
484 );
485 $this->ac_logger->error($message);
486 throw new ilPermissionException($message);
487 }
488
489 if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
490 $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
491 } else {
492 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
493 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < self::MAX_CACHE_SIZE) {
494 if ($a_permission != "create") {
495 $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
496 }
497 }
498 }
499 // Store in result cache
500 if (!$access) {
501 $this->current_info->addInfoItem(
502 ilAccessInfo::IL_NO_PERMISSION,
503 $this->getLanguage()->txt("status_no_permission")
504 );
505 }
506 if ($a_permission != "create") {
507 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
508 }
509 return $access;
510 }
511
515 public function doPathCheck(
516 string $a_permission,
517 string $a_cmd,
518 int $a_ref_id,
519 int $a_user_id,
520 bool $a_all = false
521 ): bool {
522 $path = $this->repositoryTree->getPathId($a_ref_id);
523 foreach ($path as $id) {
524 if ($a_ref_id === $id) {
525 continue;
526 }
527 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
528 if ($access == false) {
529 $this->current_info->addInfoItem(
530 ilAccessInfo::IL_NO_PARENT_ACCESS,
531 $this->getLanguage()->txt("no_parent_access"),
532 (string) $id
533 );
534 if ($a_all == false) {
535 return false;
536 }
537 }
538 }
539 return true;
540 }
541
545 public function doActivationCheck(
546 string $a_permission,
547 string $a_cmd,
548 int $a_ref_id,
549 int $a_user_id,
550 int $a_obj_id,
551 string $a_type
552 ): bool {
553 $cache_perm = ($a_permission === "visible" || $a_permission === 'leave')
554 ? "visible"
555 : "other";
556
557 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
558 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
559 }
560
561 // nothings needs to be done if current permission is write permission
562 if ($a_permission === 'write') {
563 return true;
564 }
565
566 // #10852 - member view check
567 if ($a_user_id === $this->user->getId()) {
568 // #10905 - activate parent container ONLY
569 $memview = ilMemberViewSettings::getInstance();
570 if ($memview->isActiveForRefId($a_ref_id) &&
571 $memview->getContainer() == $a_ref_id) {
572 return true;
573 }
574 }
575
576 // in any case, if user has write permission return true
577 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
578 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
579 return true;
580 }
581
582 // no write access => check centralized offline status
583 if (
584 $this->objDefinition->supportsOfflineHandling($a_type) &&
585 ilObject::lookupOfflineStatus($a_obj_id)
586 ) {
587 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
588 return false;
589 }
590 $item_data = ilObjectActivation::getItem($a_ref_id);
591 // if activation isn't enabled
592 if ($item_data === null || (is_array($item_data) && count($item_data) == 0) ||
593 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
594 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
595 return true;
596 }
597 // if within activation time
598 if (($item_data['timing_start'] == 0 || time() >= $item_data['timing_start']) and
599 ($item_data['timing_end'] == 0 || time() <= $item_data['timing_end'])) {
600 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
601 return true;
602 }
603
604 // if user has write permission
605 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
606 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
607 return true;
608 }
609
610 // if current permission is visible or leave and visible is set in activation
611 if (($a_permission === 'visible' || $a_permission === 'leave')
612 && $item_data['visible']) {
613 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
614 return true;
615 }
616
617 // learning progress must be readable, regardless of the activation
618 if ($a_permission == 'read_learning_progress') {
619 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
620 return true;
621 }
622 // no access
623 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
624 return false;
625 }
626
630 public function doConditionCheck(
631 string $a_permission,
632 string $a_cmd,
633 int $a_ref_id,
634 int $a_user_id,
635 int $a_obj_id,
636 string $a_type
637 ): bool {
638 if (
639 ($a_permission == 'visible') &&
640 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
641 ) {
642 if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
643 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
644 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
645 foreach ($conditions as $condition) {
646 $this->current_info->addInfoItem(
647 ilAccessInfo::IL_MISSING_PRECONDITION,
648 $this->getLanguage()->txt("missing_precondition") . ": " .
649 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
650 $this->getLanguage()->txt("condition_" . $condition["operator"]) . " " .
651 $condition["value"],
652 serialize($condition)
653 );
654 }
655 return false;
656 }
657 }
658 }
659
660 if (($a_permission == "read" or $a_permission == 'join') &&
661 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
662 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
663 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
664 foreach ($conditions as $condition) {
665 $this->current_info->addInfoItem(
666 ilAccessInfo::IL_MISSING_PRECONDITION,
667 $this->getLanguage()->txt("missing_precondition") . ": " .
668 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
669 $this->getLanguage()->txt("condition_" . $condition["operator"]) . " " .
670 $condition["value"],
671 serialize($condition)
672 );
673 }
674 return false;
675 }
676 }
677 return true;
678 }
679
683 public function doStatusCheck(
684 string $a_permission,
685 string $a_cmd,
686 int $a_ref_id,
687 int $a_user_id,
688 int $a_obj_id,
689 string $a_type
690 ): bool {
691 // check for a deactivated plugin
692 if ($this->objDefinition->isPluginTypeName($a_type) && !$this->objDefinition->isPlugin($a_type)) {
693 return false;
694 }
695 if (!$a_type) {
696 return false;
697 }
698
699 $class = $this->objDefinition->getClassName($a_type);
700 $location = $this->objDefinition->getLocation($a_type);
701 $full_class = "ilObj" . $class . "Access";
702
703 // use autoloader for standard objects
704 if ($this->objDefinition->isPluginTypeName($a_type)) {
706 include_once($location . "/class." . $full_class . ".php");
707 }
708
709 if ($class == "") {
710 $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
711 return false;
712 }
713
714 $full_class = new $full_class();
715
716 $obj_access = call_user_func(
717 array($full_class, "_checkAccess"),
718 $a_cmd,
719 $a_permission,
720 $a_ref_id,
721 $a_obj_id,
722 $a_user_id
723 );
724 if ($obj_access !== true) {
725 //Note: We must not add an info item here, because one is going
726 // to be added by the user function we just called a few
727 // lines above.
728 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
729 return false;
730 }
731 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
732 return true;
733 }
734
738 public function clear(): void
739 {
740 $this->results = array();
741 $this->last_result = [];
742 $this->current_info = new ilAccessInfo();
743 $this->stored_rbac_access = [];
744 }
745
750 public function enable(string $a_str, bool $a_bool): void
751 {
752 $this->$a_str = $a_bool;
753 }
754
755
756
757 //
758 // OrgUnit Positions
759 //
760
764 public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission): array
765 {
766 return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission(
767 $user_ids,
768 $permission
769 );
770 }
771
775 public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission): array
776 {
777 return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission(
778 $user_ids,
779 $for_user_id,
780 $permission
781 );
782 }
783
787 public function isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids): bool
788 {
789 return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
790 }
791
795 public function isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids): bool
796 {
797 return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo(
798 $which_user_id,
799 $permission,
800 $on_user_ids
801 );
802 }
803
807 public function checkPositionAccess(string $pos_perm, int $ref_id): bool
808 {
809 return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
810 }
811
815 public function checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id): bool
816 {
817 return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
818 }
819
823 public function filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids): array
824 {
825 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
826 }
827
831 public function filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids): array
832 {
833 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
834 }
835
839 public function filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids): array
840 {
841 return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser(
842 $rbac_perm,
843 $pos_perm,
844 $ref_id,
845 $user_ids
846 );
847 }
848
852 public function hasCurrentUserAnyPositionAccess(int $ref_id): bool
853 {
854 return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
855 }
856
860 public function hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id): bool
861 {
862 return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
863 }
864}
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
ilAccessInfo
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessInfo.php:27
ilAccessInfo\IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:29
ilAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccess.php:28
ilAccess\$obj_type_cache
array $obj_type_cache
Definition: class.ilAccess.php:33
ilAccess\$rbacsystem
ilRbacSystem $rbacsystem
Definition: class.ilAccess.php:53
ilAccess\enable
enable(string $a_str, bool $a_bool)
@deprected
Definition: class.ilAccess.php:750
ilAccess\$stored_rbac_access
array $stored_rbac_access
Definition: class.ilAccess.php:50
ilAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilAccess.php:860
ilAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
bool getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:787
ilAccess\$ac_cache
array $ac_cache
Definition: class.ilAccess.php:35
ilAccess\addInfoItem
addInfoItem(string $a_type, string $a_text, string $a_data="")
add an info item to current info object
Definition: class.ilAccess.php:218
ilAccess\$last_info
ilAccessInfo $last_info
Definition: class.ilAccess.php:47
ilAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
bool
Definition: class.ilAccess.php:815
ilAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
int[] getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:831
ilAccess\doPathCheck
doPathCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, bool $a_all=false)
check read permission for all parents
Definition: class.ilAccess.php:515
ilAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
int[] getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:823
ilAccess\storeAccessResult
storeAccessResult(string $a_permission, string $a_cmd, int $a_ref_id, bool $a_access_granted, ?int $a_user_id=null, ?ilAccessInfo $a_info=null)
store access result
Definition: class.ilAccess.php:104
ilAccess\doConditionCheck
doConditionCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
condition check (currently only implemented for read permission)
Definition: class.ilAccess.php:630
ilAccess\$obj_tree_cache
array $obj_tree_cache
Definition: class.ilAccess.php:32
ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
int[]
Definition: class.ilAccess.php:839
ilAccess\$results
array $results
Definition: class.ilAccess.php:48
ilAccess\doRBACCheck
doRBACCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, string $a_type)
rbac check for current object -> type is used for create permission
Definition: class.ilAccess.php:472
ilAccess\getResultLast
getResultLast()
get last info object
Definition: class.ilAccess.php:373
ilAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
bool getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:807
ilAccess\$repositoryTree
ilTree $repositoryTree
Definition: class.ilAccess.php:57
ilAccess\$language
ilLanguage $language
Definition: class.ilAccess.php:60
ilAccess\$current_result_element
array $current_result_element
Definition: class.ilAccess.php:51
ilAccess\$obj_id_cache
array $obj_id_cache
Definition: class.ilAccess.php:34
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.
Definition: class.ilAccess.php:143
ilAccess\$prevent_caching_last_result
bool $prevent_caching_last_result
Definition: class.ilAccess.php:44
ilAccess\$current_info
ilAccessInfo $current_info
Definition: class.ilAccess.php:46
ilAccess\doCacheCheck
doCacheCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id)
look if result for current query is already in cachearray<{hit: bool, granted: bool,...
Definition: class.ilAccess.php:393
ilAccess\MAX_CACHE_SIZE
const MAX_CACHE_SIZE
Definition: class.ilAccess.php:29
ilAccess\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
Definition: class.ilAccess.php:545
ilAccess\getResultAll
getResultAll(int $a_ref_id=0)
Definition: class.ilAccess.php:381
ilAccess\$objDefinition
ilObjectDefinition $objDefinition
Definition: class.ilAccess.php:58
ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
int[] Filtered List of ILIAS-User-IDs ilOrgUnitAccessException when a unknown permission is used....
Definition: class.ilAccess.php:764
ilAccess\$ac_logger
ilLogger $ac_logger
Definition: class.ilAccess.php:55
ilAccess\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
Definition: class.ilAccess.php:683
ilAccess\hasCurrentUserAnyPositionAccess
hasCurrentUserAnyPositionAccess(int $ref_id)
bool
Definition: class.ilAccess.php:852
ilAccess\setResults
setResults(array $a_results)
Definition: class.ilAccess.php:210
ilAccess\readCache
readCache(int $a_secs=0)
Definition: class.ilAccess.php:184
ilAccess\$last_result
array $last_result
Definition: class.ilAccess.php:49
ilAccess\checkAccessOfUser
checkAccessOfUser(int $a_user_id, string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=0, ?int $a_tree_id=0)
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:248
ilAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
bool getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:795
ilAccess\$ilOrgUnitPositionAccess
ilOrgUnitPositionAccess $ilOrgUnitPositionAccess
Definition: class.ilAccess.php:31
ilAccess\checkAccess
checkAccess(string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=null, ?int $a_tree_id=null)
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:226
ilAccess\$db
ilDBInterface $db
Definition: class.ilAccess.php:56
ilAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
int[] Filtered List of ILIAS-User-IDs ilOrgUnitAccessException when a unknown permission is used....
Definition: class.ilAccess.php:775
ilAccess\$condition
bool $condition
Definition: class.ilAccess.php:39
ilAccess\getInfo
getInfo()
get last info objectilAccessInfo::getInfoItems()
Definition: class.ilAccess.php:365
ilAccess\doTreeCheck
doTreeCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id)
check if object is in tree and not deleted
Definition: class.ilAccess.php:421
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult(bool $a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:135
ilAccess\getStoredAccessResult
getStoredAccessResult(string $a_permission, string $a_cmd, int $a_ref_id, ?int $a_user_id=null)
get stored access resultarray<{granted: bool, info: ?ilAccessInfo, prevent_db_cache: bool}>
Definition: class.ilAccess.php:151
ilAccess\$user
ilObjUser $user
Definition: class.ilAccess.php:54
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget(int $a_target_ref_id, int $a_target_id, string $a_target_type="", int $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1011
ilLanguage
language handling
Definition: class.ilLanguage.php:44
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:17
ilObjUser
User class.
Definition: class.ilObjUser.php:28
ilObjectActivation\getItem
static getItem(int $ref_id)
Definition: class.ilObjectActivation.php:193
ilObjectDefinition
parses the objects.xml it handles the xml-description of all ilias objects
Definition: class.ilObjectDefinition.php:29
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:930
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilObject\lookupOfflineStatus
static lookupOfflineStatus(int $obj_id)
Lookup offline status using objectDataCache.
Definition: class.ilObject.php:846
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:24
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:229
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:77
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:94
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:68
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:246
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:214
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:172
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:42
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:53
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:103
ilPermissionException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilPermissionException.php:25
ilRbacSystem
class ilRbacSystem system function like checkAccess, addActiveRole ... Supporting system functions ar...
Definition: class.ilRbacSystem.php:34
ilTree
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTree.php:30
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: confirmReg.php:20
return
return['3gp', '7z', 'ai', 'aif', 'aifc', 'aiff', 'au', 'arw', 'avi', 'backup', 'bak', 'bas', 'bpmn', 'bpmn2', 'bmp', 'bib', 'bibtex', 'bz', 'bz2', 'c', 'c++', 'cc', 'cct', 'cdf', 'cer', 'class', 'cls', 'conf', 'cpp', 'crt', 'crs', 'crw', 'cr2', 'css', 'cst', 'csv', 'cur', 'db', 'dcr', 'des', 'dng', 'doc', 'docx', 'dot', 'dotx', 'dtd', 'dvi', 'el', 'eps', 'epub', 'f', 'f77', 'f90', 'flv', 'for', 'g3', 'gif', 'gl', 'gan', 'ggb', 'gsd', 'gsm', 'gtar', 'gz', 'gzip', 'h', 'hpp', 'htm', 'html', 'htmls', 'ibooks', 'ico', 'ics', 'ini', 'ipynb', 'java', 'jbf', 'jpeg', 'jpg', 'js', 'jsf', 'jso', 'json', 'latex', 'lang', 'less', 'log', 'lsp', 'ltx', 'm1v', 'm2a', 'm2v', 'm3u', 'm4a', 'm4v', 'markdown', 'm', 'mat', 'md', 'mdl', 'mdown', 'mid', 'min', 'midi', 'mobi', 'mod', 'mov', 'movie', 'mp2', 'mp3', 'mp4', 'mpa', 'mpeg', 'mpg', 'mph', 'mpga', 'mpp', 'mpt', 'mpv', 'mpx', 'mv', 'mw', 'mv4', 'nb', 'nbp', 'nef', 'nif', 'niff', 'obj', 'obm', 'odt', 'ods', 'odp', 'odg', 'odf', 'oga', 'ogg', 'ogv', 'old', 'p', 'pas', 'pbm', 'pcl', 'pct', 'pcx', 'pdf', 'pgm', 'pic', 'pict', 'png', 'por', 'pov', 'project', 'properties', 'ppa', 'ppm', 'pps', 'ppsx', 'ppt', 'pptx', 'ppz', 'ps', 'psd', 'pwz', 'qt', 'qtc', 'qti', 'qtif', 'r', 'ra', 'ram', 'rar', 'rast', 'rda', 'rev', 'rexx', 'ris', 'rf', 'rgb', 'rm', 'rmd', 'rmi', 'rmm', 'rmp', 'rt', 'rtf', 'rtx', 'rv', 's', 's3m', 'sav', 'sbs', 'sec', 'sdml', 'sgm', 'sgml', 'smi', 'smil', 'srt', 'sps', 'spv', 'stl', 'svg', 'swa', 'swf', 'swz', 'tar', 'tex', 'texi', 'texinfo', 'text', 'tgz', 'tif', 'tiff', 'ttf', 'txt', 'tmp', 'uvproj', 'vdf', 'vimeo', 'viv', 'vivo', 'vrml', 'vsdx', 'wav', 'webm', 'wmv', 'wmx', 'wmz', 'woff', 'wwd', 'xhtml', 'xif', 'xls', 'xlsx', 'xmind', 'xml', 'xsl', 'xsd', 'zip']
Definition: default_whitelist.php:244
$DIC
global $DIC
Definition: feed.php:28
ilAccessHandler
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilAccessHandler.php:27
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:27
$ref_id
$ref_id
Definition: ltiauth.php:67
$path
$path
Definition: ltiservices.php:32
$res
$res
Definition: ltiservices.php:69
$query
$query
Definition: proxy_ylocal.php:13
$results
$results
Definition: save_question_post_data.php:8
$message
$message
Definition: xapiexit.php:32