ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilClaimingPermissionHelper.php
Go to the documentation of this file.
1<?php
2
24abstract class ilClaimingPermissionHelper
25{
26 protected int $user_id = 0;
27 protected int $ref_id = 0;
28 protected array $map = [];
29 protected array $context_ids = [];
31 protected ?array $plugins = null;
32 protected static array $instances = [];
33
34 protected function __construct(int $a_user_id, int $a_ref_id)
35 {
36 $this->setUserId($a_user_id);
37 $this->setRefId($a_ref_id);
38 $this->map = $this->buildPermissionMap();
39 $this->reset();
40 }
41
42 public static function getInstance(int $a_user_id, int $a_ref_id): self
43 {
44 if (!isset(self::$instances[$a_user_id][$a_ref_id])) {
45 self::$instances[$a_user_id][$a_ref_id] = new static($a_user_id, $a_ref_id);
46 }
47 return self::$instances[$a_user_id][$a_ref_id];
48 }
49
53 public function reset(): void
54 {
55 $this->context_ids = [];
56 }
57
58
59 // properties
60
61 protected function setUserId(int $a_value): void
62 {
63 $this->user_id = $a_value;
64 }
65
66 protected function getUserId(): int
67 {
68 return $this->user_id;
69 }
70
71 protected function setRefId(int $a_value): void
72 {
73 $this->ref_id = $a_value;
74 }
75
76 protected function getRefId(): int
77 {
78 return $this->ref_id;
79 }
80
81
82 // caching
83
87 abstract protected function readContextIds(int $a_context_type): array;
88
89
90 // permissions
91
95 abstract protected function buildPermissionMap(): array;
96
100 protected function isValidContextAndAction(
101 int $a_context_type,
102 string $a_context_id,
103 int $a_action_id,
104 ?int $a_action_sub_id = null
105 ): bool {
106 $valid = false;
107
108 if (array_key_exists($a_context_type, $this->map)) {
109 if (!$a_action_sub_id) {
110 if (in_array($a_action_id, $this->map[$a_context_type]["actions"])) {
111 $valid = true;
112 }
113 } else {
114 if (array_key_exists($a_action_id, $this->map[$a_context_type]["subactions"]) &&
115 in_array($a_action_sub_id, $this->map[$a_context_type]["subactions"][$a_action_id])) {
116 $valid = true;
117 }
118 }
119 }
120
121 if ($valid &&
122 $a_context_id &&
123 !in_array($a_context_id, $this->getValidContextIds($a_context_type))) {
124 $valid = false;
125 }
126
127 if (DEVMODE && !$valid) {
128 trigger_error("INVALID permission context - " . $a_context_type . ":" . $a_context_id . ":" . $a_action_id . ":" . $a_action_sub_id, E_USER_WARNING);
129 }
130
131 return $valid;
132 }
133
139 protected function getValidContextIds(int $a_context_type): array
140 {
141 if (!array_key_exists($a_context_type, $this->context_ids)) {
142 $this->context_ids[$a_context_type] = $this->readContextIds($a_context_type);
143 }
144 return (array) $this->context_ids[$a_context_type];
145 }
146
150 public function hasPermission(
151 int $a_context_type,
152 string $a_context_id,
153 int $a_action_id,
154 ?int $a_action_sub_id = null
155 ): bool {
156 if ($this->isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
157 return $this->checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id);
158 }
159 // :TODO: exception?
160 return false;
161 }
162
166 public function hasPermissions(int $a_context_type, string $a_context_id, array $a_action_ids): array
167 {
168 $res = [];
169
170 foreach ($a_action_ids as $action_id) {
171 if (is_array($action_id)) {
172 $action_sub_id = $action_id[1];
173 $action_id = $action_id[0];
174
175 $res[$action_id][$action_sub_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id, $action_sub_id);
176 } else {
177 $res[$action_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id);
178 }
179 }
180
181 return $res;
182 }
183
187 protected function checkPermission(
188 int $a_context_type,
189 string $a_context_id,
190 int $a_action_id,
191 ?int $a_action_sub_id = null
192 ): bool {
193 return ($this->checkRBAC() &&
194 $this->checkPlugins($a_context_type, (string) $a_context_id, $a_action_id, $a_action_sub_id));
195 }
196
200 protected function checkRBAC(): bool
201 {
202 global $DIC;
203 $ilAccess = $DIC->access();
204
205 // we are currently only supporting write operations
206 return $ilAccess->checkAccessOfUser($this->getUserId(), "write", "", $this->getRefId());
207 }
208
212 abstract protected function getActivePlugins(): Generator;
213
217 protected function checkPlugins(
218 int $a_context_type,
219 string $a_context_id,
220 int $a_action_id,
221 ?int $a_action_sub_id = null
222 ): bool {
223 $valid = true;
224
225 if (!is_array($this->plugins)) {
226 $this->plugins = iterator_to_array($this->getActivePlugins());
227 }
228
229 foreach ($this->plugins as $plugin) {
230 $a_action_sub_id = is_null($a_action_sub_id)
231 ? ilAdvancedMDPermissionHelper::SUBACTION_UNDEFINED
232 : $a_action_sub_id;
233 if (!$plugin->checkPermission($this->getUserId(), $a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
234 $valid = false;
235 break;
236 }
237 }
238
239 return $valid;
240 }
241
245 public function getAllowedObjectTypes(): array
246 {
247 $accepted_types = ['cat','crs','sess','grp','iass','exc','file'];
248
249 $obj_def = new ilObjectDefinition();
250 $adv_md_types = $obj_def->getAdvancedMetaDataTypes();
251
252 $valid_accepted_types = [];
253 foreach ($adv_md_types as $value) {
254 if (in_array($value['obj_type'], $accepted_types) || in_array($value['sub_type'], $accepted_types)) {
255 array_push($valid_accepted_types, $value['obj_type']);
256 }
257 }
258
259 return $valid_accepted_types;
260 }
261}
true
return true
Definition: class.ilIniFile.php:164
ilClaimingPermissionHelper
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilClaimingPermissionHelper.php:25
ilClaimingPermissionHelper\buildPermissionMap
buildPermissionMap()
Build map of context and actions.
ilClaimingPermissionHelper\getActivePlugins
getActivePlugins()
Get active plugins (for current slot)
ilClaimingPermissionHelper\readContextIds
readContextIds(int $a_context_type)
Get all context ids for context type (from DB, is cached)
ilClaimingPermissionHelper\getValidContextIds
getValidContextIds(int $a_context_type)
Get context ids for context type (uses cache)
Definition: class.ilClaimingPermissionHelper.php:139
ilClaimingPermissionHelper\hasPermission
hasPermission(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission.
Definition: class.ilClaimingPermissionHelper.php:150
ilClaimingPermissionHelper\checkRBAC
checkRBAC()
Check permission against RBAC.
Definition: class.ilClaimingPermissionHelper.php:200
ilClaimingPermissionHelper\isValidContextAndAction
isValidContextAndAction(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check if given combination of context and action is valid.
Definition: class.ilClaimingPermissionHelper.php:100
ilClaimingPermissionHelper\checkPermission
checkPermission(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission (helper: rbac, plugins)
Definition: class.ilClaimingPermissionHelper.php:187
ilClaimingPermissionHelper\getInstance
static getInstance(int $a_user_id, int $a_ref_id)
Definition: class.ilClaimingPermissionHelper.php:42
ilClaimingPermissionHelper\__construct
__construct(int $a_user_id, int $a_ref_id)
Definition: class.ilClaimingPermissionHelper.php:34
ilClaimingPermissionHelper\checkPlugins
checkPlugins(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission against plugins.
Definition: class.ilClaimingPermissionHelper.php:217
ilClaimingPermissionHelper\hasPermissions
hasPermissions(int $a_context_type, string $a_context_id, array $a_action_ids)
Check permissions.
Definition: class.ilClaimingPermissionHelper.php:166
ilObjectDefinition
parses the objects.xml it handles the xml-description of all ilias objects
Definition: class.ilObjectDefinition.php:29
return
return['delivery_method'=> 'php',]
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: delivery_method.php:21
$valid
$valid
Definition: dummy_client.php:59
$res
$res
Definition: ltiservices.php:69
if
if(!file_exists('../ilias.ini.php'))
Definition: sessioncheck.php:23
$DIC
global $DIC
Definition: shib_login.php:26