ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilAccess.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
27 class ilAccess implements ilAccessHandler
28 {
29  private const MAX_CACHE_SIZE = 1000;
30 
31  protected ilOrgUnitPositionAccess $ilOrgUnitPositionAccess;
32  protected array $obj_tree_cache;
33  protected array $obj_type_cache;
34  protected array $obj_id_cache;
35  protected array $ac_cache;
36 
37  protected bool $status;
38  protected bool $path;
39  protected bool $condition;
40  protected bool $tree;
41  protected bool $rbac;
42  protected bool $cache;
43 
44  private bool $prevent_caching_last_result = false;
45 
46  protected ilAccessInfo $current_info;
47  protected ?ilAccessInfo $last_info = null;
48  protected array $results = [];
49  protected array $last_result = [];
50  protected array $stored_rbac_access = [];
51  protected array $current_result_element = [];
52 
53  protected ilRbacSystem $rbacsystem;
54  protected ilObjUser $user;
55  protected ilLogger $ac_logger;
56  protected ilDBInterface $db;
57  protected ilTree $repositoryTree;
58  protected ilObjectDefinition $objDefinition;
59 
60  protected ?ilLanguage $language = null;
61 
62  public function __construct()
63  {
64  global $DIC;
65 
66  $this->user = $DIC->user();
67  $this->db = $DIC->database();
68  $this->rbacsystem = $DIC['rbacsystem'];
69  $this->results = array();
70  $this->current_info = new ilAccessInfo();
71  $this->repositoryTree = $DIC->repositoryTree();
72  $this->objDefinition = $DIC['objDefinition'];
73 
74  // use function enable to switch on/off tests (only cache is used so far)
75  $this->cache = true;
76  $this->rbac = true;
77  $this->tree = true;
78  $this->condition = true;
79  $this->path = true;
80  $this->status = true;
81  $this->obj_id_cache = [];
82  $this->obj_type_cache = [];
83  $this->obj_tree_cache = [];
84  $this->ac_cache = [];
85 
86  $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess($this);
87 
88  $this->ac_logger = ilLoggerFactory::getLogger('ac');
89  }
90 
91  private function getLanguage(): ilLanguage
92  {
93  if ($this->language === null) {
94  global $DIC;
95  $this->language = $DIC['lng'];
96  }
97 
98  return $this->language;
99  }
100 
104  public function storeAccessResult(
105  string $a_permission,
106  string $a_cmd,
107  int $a_ref_id,
108  bool $a_access_granted,
109  ?int $a_user_id = null,
110  ?ilAccessInfo $a_info = null
111  ): void {
112  if ($a_user_id === null) {
113  $a_user_id = $this->user->getId();
114  }
115  if ($a_info === null) {
116  $a_info = $this->current_info;
117  }
118  if ($this->cache) {
119  $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] = [
120  "granted" => $a_access_granted,
121  "info" => $a_info,
122  "prevent_db_cache" => $this->getPreventCachingLastResult()
123  ];
124  $this->current_result_element = [$a_access_granted, $a_ref_id, $a_permission, $a_cmd, $a_user_id];
125  $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
126  $this->last_info = $a_info;
127  }
128  // get new info object
129  $this->current_info = new ilAccessInfo();
130  }
131 
135  public function setPreventCachingLastResult(bool $a_val): void
136  {
137  $this->prevent_caching_last_result = $a_val;
138  }
139 
143  public function getPreventCachingLastResult(): bool
144  {
145  return $this->prevent_caching_last_result;
146  }
147 
151  public function getStoredAccessResult(
152  string $a_permission,
153  string $a_cmd,
154  int $a_ref_id,
155  ?int $a_user_id = null
156  ): array {
157  if ($a_user_id === null) {
158  $a_user_id = $this->user->getId();
159  }
160  if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
161  return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
162  }
163  return [];
164  }
165 
169  public function storeCache(): void
170  {
171  $query = "DELETE FROM acc_cache WHERE user_id = " . $this->db->quote($this->user->getId(), 'integer');
172  $res = $this->db->manipulate($query);
173 
174  $this->db->insert('acc_cache', array(
175  'user_id' => array('integer', $this->user->getId()),
176  'time' => array('integer', time()),
177  'result' => array('clob', serialize($this->results))
178  ));
179  }
180 
184  public function readCache(int $a_secs = 0): bool
185  {
186  if ($a_secs > 0) {
187  $query = "SELECT * FROM acc_cache WHERE user_id = " .
188  $this->db->quote($this->user->getId(), 'integer');
189  $set = $this->db->query($query);
190  $rec = $set->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
191  if ((time() - $rec["time"]) < $a_secs) {
192  $this->results = unserialize($rec["result"]);
193  return true;
194  }
195  }
196  return false;
197  }
198 
202  public function getResults(): array
203  {
204  return $this->results;
205  }
206 
210  public function setResults(array $a_results): void
211  {
212  $this->results = $a_results;
213  }
214 
218  public function addInfoItem(string $a_type, string $a_text, string $a_data = ""): void
219  {
220  $this->current_info->addInfoItem($a_type, $a_text, $a_data);
221  }
222 
226  public function checkAccess(
227  string $a_permission,
228  string $a_cmd,
229  int $a_ref_id,
230  string $a_type = "",
231  ?int $a_obj_id = null,
232  ?int $a_tree_id = null
233  ): bool {
234  return $this->checkAccessOfUser(
235  $this->user->getId(),
236  $a_permission,
237  $a_cmd,
238  $a_ref_id,
239  $a_type,
240  $a_obj_id,
241  $a_tree_id
242  );
243  }
244 
248  public function checkAccessOfUser(
249  int $a_user_id,
250  string $a_permission,
251  string $a_cmd,
252  int $a_ref_id,
253  string $a_type = "",
254  ?int $a_obj_id = 0,
255  ?int $a_tree_id = 0
256  ): bool {
257  global $DIC;
258 
259  $ilBench = $DIC['ilBench'];
260 
261  $this->setPreventCachingLastResult(false); // for external db based caches
262 
263  $ilBench->start("AccessControl", "0400_clear_info");
264  $this->current_info->clear();
265  $ilBench->stop("AccessControl", "0400_clear_info");
266 
267  // get stored result (internal memory based cache)
268  $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
269  if ($cached["hit"]) {
270  // Store access result
271  if (!$cached["granted"]) {
272  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
273  }
274  if ($cached["prevent_db_cache"]) {
275  $this->setPreventCachingLastResult(true); // should have been saved in previous call already
276  }
277  return $cached["granted"];
278  }
279 
280  $ilBench->start("AccessControl", "0500_lookup_id_and_type");
281  // get object id if not provided
282  if ($a_obj_id == 0) {
283  if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
284  $a_obj_id = $this->obj_id_cache[$a_ref_id];
285  } else {
286  $a_obj_id = ilObject::_lookupObjId($a_ref_id);
287  $this->obj_id_cache[$a_ref_id] = $a_obj_id;
288  }
289  }
290  if ($a_type == "") {
291  if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
292  $a_type = $this->obj_type_cache[$a_ref_id];
293  } else {
294  $a_type = ilObject::_lookupType($a_ref_id, true);
295  $this->obj_type_cache[$a_ref_id] = $a_type;
296  }
297  }
298 
299  $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
300 
301  // if supplied tree id is not = 1 (= repository main tree),
302  // check if object is in tree and not deleted
303  if ($a_tree_id != 1 &&
304  !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
305  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
306  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
307  return false;
308  }
309 
310  // rbac check for current object
311  if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
312  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
313  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
314  return false;
315  }
316 
317  // Check object activation
318  $act_check = $this->doActivationCheck(
319  $a_permission,
320  $a_cmd,
321  $a_ref_id,
322  $a_user_id,
323  $a_obj_id,
324  $a_type
325  );
326 
327  if (!$act_check) {
328  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt('status_no_permission'));
329  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
330  return false;
331  }
332 
333  // check read permission for all parents
334  $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
335  if (!$par_check) {
336  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
337  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
338  return false;
339  }
340 
341  // condition check (currently only implemented for read permission)
342  if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
343  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
344  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
345  $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
346  return false;
347  }
348 
349  // object type specific check
350  if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
351  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
352  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
353  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
354  return false;
355  }
356 
357  // all checks passed
358  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
359  return true;
360  }
361 
365  public function getInfo(): array
366  {
367  return is_object($this->last_info) ? $this->last_info->getInfoItems() : array();
368  }
369 
373  public function getResultLast(): array
374  {
375  return $this->last_result;
376  }
377 
381  public function getResultAll(int $a_ref_id = 0): array
382  {
383  if ($a_ref_id == "") {
384  return $this->results;
385  }
386 
387  return $this->results[$a_ref_id];
388  }
389 
393  public function doCacheCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id): array
394  {
395  $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
396 
397  //var_dump($stored_access);
398  if ($stored_access !== []) {
399  if (isset($stored_access['info']) && $stored_access['info'] instanceof ilAccessInfo) {
400  $this->current_info = $stored_access["info"];
401  }
402  //var_dump("cache-treffer:");
403  return [
404  "hit" => true,
405  "granted" => $stored_access["granted"],
406  "prevent_db_cache" => $stored_access["prevent_db_cache"]
407  ];
408  }
409 
410  // not in cache
411  return [
412  "hit" => false,
413  "granted" => false,
414  "prevent_db_cache" => false
415  ];
416  }
417 
421  public function doTreeCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id): bool
422  {
423  // Get stored result
424  $tree_cache_key = $a_user_id . ':' . $a_ref_id;
425  if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
426  // Store access result
427  if (!$this->obj_tree_cache[$tree_cache_key]) {
428  $this->current_info->addInfoItem(
429  ilAccessInfo::IL_NO_PERMISSION,
430  $this->getLanguage()->txt("status_no_permission")
431  );
432  }
433  $this->storeAccessResult(
434  $a_permission,
435  $a_cmd,
436  $a_ref_id,
437  $this->obj_tree_cache[$tree_cache_key],
438  $a_user_id
439  );
440 
441  return $this->obj_tree_cache[$tree_cache_key];
442  }
443 
444  if (!$this->repositoryTree->isInTree($a_ref_id) || $this->repositoryTree->isDeleted($a_ref_id)) {
445  // Store negative access results
446  // Store in tree cache
447  // Note, we only store up to 1000 results to avoid memory overflow.
448  if (count($this->obj_tree_cache) < self::MAX_CACHE_SIZE) {
449  $this->obj_tree_cache[$tree_cache_key] = false;
450  }
451 
452  // Store in result cache
453  $this->current_info->addInfoItem(ilAccessInfo::IL_DELETED, $this->getLanguage()->txt("object_deleted"));
454  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
455  return false;
456  }
457 
458  // Store positive access result.
459  // Store in tree cache
460  // Note, we only store up to 1000 results to avoid memory overflow.
461  if (count($this->obj_tree_cache) < self::MAX_CACHE_SIZE) {
462  $this->obj_tree_cache[$tree_cache_key] = true;
463  }
464  // Store in result cache
465  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
466  return true;
467  }
468 
472  public function doRBACCheck(
473  string $a_permission,
474  string $a_cmd,
475  int $a_ref_id,
476  int $a_user_id,
477  string $a_type
478  ): bool {
479  if ($a_permission == "") {
480  $message = sprintf(
481  '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
482  get_class($this),
483  $a_ref_id
484  );
485  $this->ac_logger->error($message);
486  throw new ilPermissionException($message);
487  }
488 
489  if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
490  $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
491  } else {
492  $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
493  if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < self::MAX_CACHE_SIZE) {
494  if ($a_permission != "create") {
495  $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
496  }
497  }
498  }
499  // Store in result cache
500  if (!$access) {
501  $this->current_info->addInfoItem(
502  ilAccessInfo::IL_NO_PERMISSION,
503  $this->getLanguage()->txt("status_no_permission")
504  );
505  }
506  if ($a_permission != "create") {
507  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
508  }
509  return $access;
510  }
511 
515  public function doPathCheck(
516  string $a_permission,
517  string $a_cmd,
518  int $a_ref_id,
519  int $a_user_id,
520  bool $a_all = false
521  ): bool {
522  $path = $this->repositoryTree->getPathId($a_ref_id);
523  foreach ($path as $id) {
524  if ($a_ref_id === $id) {
525  continue;
526  }
527  $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
528  if ($access == false) {
529  $this->current_info->addInfoItem(
530  ilAccessInfo::IL_NO_PARENT_ACCESS,
531  $this->getLanguage()->txt("no_parent_access"),
532  (string) $id
533  );
534  if ($a_all == false) {
535  return false;
536  }
537  }
538  }
539  return true;
540  }
541 
545  public function doActivationCheck(
546  string $a_permission,
547  string $a_cmd,
548  int $a_ref_id,
549  int $a_user_id,
550  int $a_obj_id,
551  string $a_type
552  ): bool {
553  $cache_perm = ($a_permission === "visible" || $a_permission === 'leave')
554  ? "visible"
555  : "other";
556 
557  if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
558  return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
559  }
560 
561  // nothings needs to be done if current permission is write permission
562  if ($a_permission === 'write') {
563  return true;
564  }
565 
566  // #10852 - member view check
567  if ($a_user_id === $this->user->getId()) {
568  // #10905 - activate parent container ONLY
569  $memview = ilMemberViewSettings::getInstance();
570  if ($memview->isActiveForRefId($a_ref_id) &&
571  $memview->getContainer() == $a_ref_id) {
572  return true;
573  }
574  }
575 
576  // in any case, if user has write permission return true
577  if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
578  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
579  return true;
580  }
581 
582  // no write access => check centralized offline status
583  if (
584  $this->objDefinition->supportsOfflineHandling($a_type) &&
585  ilObject::lookupOfflineStatus($a_obj_id)
586  ) {
587  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
588  return false;
589  }
590  $item_data = ilObjectActivation::getItem($a_ref_id);
591  // if activation isn't enabled
592  if ($item_data === null || (is_array($item_data) && count($item_data) == 0) ||
593  $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
594  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
595  return true;
596  }
597  // if within activation time
598  if (($item_data['timing_start'] == 0 || time() >= $item_data['timing_start']) and
599  ($item_data['timing_end'] == 0 || time() <= $item_data['timing_end'])) {
600  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
601  return true;
602  }
603 
604  // if user has write permission
605  if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
606  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
607  return true;
608  }
609 
610  // if current permission is visible or leave and visible is set in activation
611  if (($a_permission === 'visible' || $a_permission === 'leave')
612  && $item_data['visible']) {
613  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
614  return true;
615  }
616 
617  // learning progress must be readable, regardless of the activation
618  if ($a_permission == 'read_learning_progress') {
619  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
620  return true;
621  }
622  // no access
623  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
624  return false;
625  }
626 
630  public function doConditionCheck(
631  string $a_permission,
632  string $a_cmd,
633  int $a_ref_id,
634  int $a_user_id,
635  int $a_obj_id,
636  string $a_type
637  ): bool {
638  if (
639  ($a_permission == 'visible') &&
640  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
641  ) {
642  if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
643  if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
644  $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
645  foreach ($conditions as $condition) {
646  $this->current_info->addInfoItem(
647  ilAccessInfo::IL_MISSING_PRECONDITION,
648  $this->getLanguage()->txt("missing_precondition") . ": " .
649  ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
650  $this->getLanguage()->txt("condition_" . $condition["operator"]) . " " .
651  $condition["value"],
652  serialize($condition)
653  );
654  }
655  return false;
656  }
657  }
658  }
659 
660  if (($a_permission == "read" or $a_permission == 'join') &&
661  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
662  if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
663  $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
664  foreach ($conditions as $condition) {
665  $this->current_info->addInfoItem(
666  ilAccessInfo::IL_MISSING_PRECONDITION,
667  $this->getLanguage()->txt("missing_precondition") . ": " .
668  ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
669  $this->getLanguage()->txt("condition_" . $condition["operator"]) . " " .
670  $condition["value"],
671  serialize($condition)
672  );
673  }
674  return false;
675  }
676  }
677  return true;
678  }
679 
683  public function doStatusCheck(
684  string $a_permission,
685  string $a_cmd,
686  int $a_ref_id,
687  int $a_user_id,
688  int $a_obj_id,
689  string $a_type
690  ): bool {
691  // check for a deactivated plugin
692  if ($this->objDefinition->isPluginTypeName($a_type) && !$this->objDefinition->isPlugin($a_type)) {
693  return false;
694  }
695  if (!$a_type) {
696  return false;
697  }
698 
699  $class = $this->objDefinition->getClassName($a_type);
700  $location = $this->objDefinition->getLocation($a_type);
701  $full_class = "ilObj" . $class . "Access";
702 
703  // use autoloader for standard objects
704  if ($this->objDefinition->isPluginTypeName($a_type)) {
706  include_once($location . "/class." . $full_class . ".php");
707  }
708 
709  if ($class == "") {
710  $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
711  return false;
712  }
713 
714  $full_class = new $full_class();
715 
716  $obj_access = call_user_func(
717  array($full_class, "_checkAccess"),
718  $a_cmd,
719  $a_permission,
720  $a_ref_id,
721  $a_obj_id,
722  $a_user_id
723  );
724  if ($obj_access !== true) {
725  //Note: We must not add an info item here, because one is going
726  // to be added by the user function we just called a few
727  // lines above.
728  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
729  return false;
730  }
731  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
732  return true;
733  }
734 
738  public function clear(): void
739  {
740  $this->results = array();
741  $this->last_result = [];
742  $this->current_info = new ilAccessInfo();
743  $this->stored_rbac_access = [];
744  }
745 
750  public function enable(string $a_str, bool $a_bool): void
751  {
752  $this->$a_str = $a_bool;
753  }
754 
755 
756 
757  //
758  // OrgUnit Positions
759  //
760 
764  public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission): array
765  {
766  return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission(
767  $user_ids,
768  $permission
769  );
770  }
771 
775  public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission): array
776  {
777  return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission(
778  $user_ids,
779  $for_user_id,
780  $permission
781  );
782  }
783 
787  public function isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids): bool
788  {
789  return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
790  }
791 
795  public function isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids): bool
796  {
797  return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo(
798  $which_user_id,
799  $permission,
800  $on_user_ids
801  );
802  }
803 
807  public function checkPositionAccess(string $pos_perm, int $ref_id): bool
808  {
809  return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
810  }
811 
815  public function checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id): bool
816  {
817  return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
818  }
819 
823  public function filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids): array
824  {
825  return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
826  }
827 
831  public function filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids): array
832  {
833  return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
834  }
835 
839  public function filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids): array
840  {
841  return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser(
842  $rbac_perm,
843  $pos_perm,
844  $ref_id,
845  $user_ids
846  );
847  }
848 
852  public function hasCurrentUserAnyPositionAccess(int $ref_id): bool
853  {
854  return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
855  }
856 
860  public function hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id): bool
861  {
862  return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
863  }
864 }
ilAccess\$db
ilDBInterface $db
Definition: class.ilAccess.php:56
ilAccess\MAX_CACHE_SIZE
const MAX_CACHE_SIZE
Definition: class.ilAccess.php:29
$res
$res
Definition: ltiservices.php:69
ilAccess\$rbacsystem
ilRbacSystem $rbacsystem
Definition: class.ilAccess.php:53
ilAccess\getResultLast
getResultLast()
get last info object
Definition: class.ilAccess.php:373
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:77
ilAccess\doCacheCheck
doCacheCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id)
look if result for current query is already in cachearray<{hit: bool, granted: bool, prevent_db_cache: bool}>
Definition: class.ilAccess.php:393
ilAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilAccess.php:815
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilAccess\getStoredAccessResult
getStoredAccessResult(string $a_permission, string $a_cmd, int $a_ref_id, ?int $a_user_id=null)
get stored access resultpermission command string reference id user id (if no id passed, current user id) array<{granted: bool, info: ?ilAccessInfo, prevent_db_cache: bool}>
Definition: class.ilAccess.php:151
ilAccess\$current_info
ilAccessInfo $current_info
Definition: class.ilAccess.php:46
ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilAccess.php:839
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
ilAccess\$repositoryTree
ilTree $repositoryTree
Definition: class.ilAccess.php:57
ilAccess\$results
array $results
Definition: class.ilAccess.php:48
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:246
ilAccessInfo\IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:29
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:172
ilAccessInfo
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessInfo.php:26
ilAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Reference-ID of the desired Object in the tree bool getAvailablePositionRelatedPermissions for availa...
Definition: class.ilAccess.php:807
ilAccess\storeAccessResult
storeAccessResult(string $a_permission, string $a_cmd, int $a_ref_id, bool $a_access_granted, ?int $a_user_id=null, ?ilAccessInfo $a_info=null)
store access result
Definition: class.ilAccess.php:104
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:94
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:23
ilAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
$user_ids int[] getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:831
ilAccess\$current_result_element
array $current_result_element
Definition: class.ilAccess.php:51
ilAccess\$obj_id_cache
array $obj_id_cache
Definition: class.ilAccess.php:34
ilAccess\$language
ilLanguage $language
Definition: class.ilAccess.php:60
ilAccess\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
Definition: class.ilAccess.php:683
ilAccess\hasCurrentUserAnyPositionAccess
hasCurrentUserAnyPositionAccess(int $ref_id)
bool
Definition: class.ilAccess.php:852
ilAccess\$ac_logger
ilLogger $ac_logger
Definition: class.ilAccess.php:55
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:930
ilObject\lookupOfflineStatus
static lookupOfflineStatus(int $obj_id)
Lookup offline status using objectDataCache.
Definition: class.ilObject.php:846
ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered int[] Filtered List of ILIAS-User-IDs ...
Definition: class.ilAccess.php:764
$DIC
global $DIC
Definition: feed.php:28
ilAccess\$ac_cache
array $ac_cache
Definition: class.ilAccess.php:35
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult(bool $a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:135
ilObjectDefinition
parses the objects.xml it handles the xml-description of all ilias objects
Definition: class.ilObjectDefinition.php:28
ilPermissionException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilPermissionException.php:24
ilAccess\$condition
bool $condition
Definition: class.ilAccess.php:39
$ref_id
$ref_id
Definition: ltiauth.php:67
ilAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
$on_user_ids List of ILIAS-User-IDs bool getAvailablePositionRelatedPermissions for available permiss...
Definition: class.ilAccess.php:787
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.
Definition: class.ilAccess.php:143
ilAccess\$last_result
array $last_result
Definition: class.ilAccess.php:49
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilAccess\$prevent_caching_last_result
bool $prevent_caching_last_result
Definition: class.ilAccess.php:44
ilAccess\getResultAll
getResultAll(int $a_ref_id=0)
Definition: class.ilAccess.php:381
ilAccess\getInfo
getInfo()
get last info objectilAccessInfo::getInfoItems()
Definition: class.ilAccess.php:365
ilAccess\readCache
readCache(int $a_secs=0)
Definition: class.ilAccess.php:184
$query
$query
Definition: proxy_ylocal.php:13
ilAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilAccess.php:860
ilAccess\$user
ilObjUser $user
Definition: class.ilAccess.php:54
ilAccess\doTreeCheck
doTreeCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id)
check if object is in tree and not deleted
Definition: class.ilAccess.php:421
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:103
ilAccess\doPathCheck
doPathCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, bool $a_all=false)
check read permission for all parents
Definition: class.ilAccess.php:515
ilAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
$user_ids int[] getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:823
ilAccess\addInfoItem
addInfoItem(string $a_type, string $a_text, string $a_data="")
add an info item to current info object
Definition: class.ilAccess.php:218
ilObjectActivation\getItem
static getItem(int $ref_id)
Definition: class.ilObjectActivation.php:193
ilAccess\$last_info
ilAccessInfo $last_info
Definition: class.ilAccess.php:47
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:214
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget(int $a_target_ref_id, int $a_target_id, string $a_target_type="", int $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1011
ilAccess\$objDefinition
ilObjectDefinition $objDefinition
Definition: class.ilAccess.php:58
ilAccess\doConditionCheck
doConditionCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
condition check (currently only implemented for read permission)
Definition: class.ilAccess.php:630
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:42
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:229
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilAccess\enable
enable(string $a_str, bool $a_bool)
Definition: class.ilAccess.php:750
ilAccess\$stored_rbac_access
array $stored_rbac_access
Definition: class.ilAccess.php:50
ilAccess\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
Definition: class.ilAccess.php:545
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:53
$message
$message
Definition: xapiexit.php:32
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:68
ilAccess\checkAccess
checkAccess(string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=null, ?int $a_tree_id=null)
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccess.php:226
ilAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Permission check for this ILIAS-User-ID $on_user_ids List of ILIAS-User-IDs bool getAvailablePosition...
Definition: class.ilAccess.php:795
ilAccess\setResults
setResults(array $a_results)
Definition: class.ilAccess.php:210
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ilAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered int[] Filtered List of ILIAS-User-IDs ...
Definition: class.ilAccess.php:775
ilAccess\doRBACCheck
doRBACCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, string $a_type)
rbac check for current object -> type is used for create permission
Definition: class.ilAccess.php:472
ilAccess\$obj_type_cache
array $obj_type_cache
Definition: class.ilAccess.php:33
ilAccess\checkAccessOfUser
checkAccessOfUser(int $a_user_id, string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=0, ?int $a_tree_id=0)
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccess.php:248
ilAccess\$ilOrgUnitPositionAccess
ilOrgUnitPositionAccess $ilOrgUnitPositionAccess
Definition: class.ilAccess.php:31
ilAccess\$obj_tree_cache
array $obj_tree_cache
Definition: class.ilAccess.php:32