ILIAS  trunk Revision v11.0_alpha-1715-g7fc467680fb
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilClaimingPermissionHelper.php
Go to the documentation of this file.
1 <?php
2 
24 abstract class ilClaimingPermissionHelper
25 {
26  protected int $user_id = 0;
27  protected int $ref_id = 0;
28  protected array $map = [];
29  protected array $context_ids = [];
31  protected ?array $plugins = null;
32  protected static array $instances = [];
33 
34  protected function __construct(int $a_user_id, int $a_ref_id)
35  {
36  $this->setUserId($a_user_id);
37  $this->setRefId($a_ref_id);
38  $this->map = $this->buildPermissionMap();
39  $this->reset();
40  }
41 
42  public static function getInstance(int $a_user_id, int $a_ref_id): self
43  {
44  if (!isset(self::$instances[$a_user_id][$a_ref_id])) {
45  self::$instances[$a_user_id][$a_ref_id] = new static($a_user_id, $a_ref_id);
46  }
47  return self::$instances[$a_user_id][$a_ref_id];
48  }
49 
53  public function reset(): void
54  {
55  $this->context_ids = [];
56  }
57 
58 
59  // properties
60 
61  protected function setUserId(int $a_value): void
62  {
63  $this->user_id = $a_value;
64  }
65 
66  protected function getUserId(): int
67  {
68  return $this->user_id;
69  }
70 
71  protected function setRefId(int $a_value): void
72  {
73  $this->ref_id = $a_value;
74  }
75 
76  protected function getRefId(): int
77  {
78  return $this->ref_id;
79  }
80 
81 
82  // caching
83 
87  abstract protected function readContextIds(int $a_context_type): array;
88 
89 
90  // permissions
91 
95  abstract protected function buildPermissionMap(): array;
96 
100  protected function isValidContextAndAction(
101  int $a_context_type,
102  string $a_context_id,
103  int $a_action_id,
104  ?int $a_action_sub_id = null
105  ): bool {
106  $valid = false;
107 
108  if (array_key_exists($a_context_type, $this->map)) {
109  if (!$a_action_sub_id) {
110  if (in_array($a_action_id, $this->map[$a_context_type]["actions"])) {
111  $valid = true;
112  }
113  } else {
114  if (array_key_exists($a_action_id, $this->map[$a_context_type]["subactions"]) &&
115  in_array($a_action_sub_id, $this->map[$a_context_type]["subactions"][$a_action_id])) {
116  $valid = true;
117  }
118  }
119  }
120 
121  if ($valid &&
122  $a_context_id &&
123  !in_array($a_context_id, $this->getValidContextIds($a_context_type))) {
124  $valid = false;
125  }
126 
127  if (DEVMODE && !$valid) {
128  trigger_error("INVALID permission context - " . $a_context_type . ":" . $a_context_id . ":" . $a_action_id . ":" . $a_action_sub_id, E_USER_WARNING);
129  }
130 
131  return $valid;
132  }
133 
139  protected function getValidContextIds(int $a_context_type): array
140  {
141  if (!array_key_exists($a_context_type, $this->context_ids)) {
142  $this->context_ids[$a_context_type] = $this->readContextIds($a_context_type);
143  }
144  return (array) $this->context_ids[$a_context_type];
145  }
146 
150  public function hasPermission(
151  int $a_context_type,
152  string $a_context_id,
153  int $a_action_id,
154  ?int $a_action_sub_id = null
155  ): bool {
156  if ($this->isValidContextAndAction($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
157  return $this->checkPermission($a_context_type, $a_context_id, $a_action_id, $a_action_sub_id);
158  }
159  // :TODO: exception?
160  return false;
161  }
162 
166  public function hasPermissions(int $a_context_type, string $a_context_id, array $a_action_ids): array
167  {
168  $res = [];
169 
170  foreach ($a_action_ids as $action_id) {
171  if (is_array($action_id)) {
172  $action_sub_id = $action_id[1];
173  $action_id = $action_id[0];
174 
175  $res[$action_id][$action_sub_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id, $action_sub_id);
176  } else {
177  $res[$action_id] = $this->hasPermission($a_context_type, $a_context_id, $action_id);
178  }
179  }
180 
181  return $res;
182  }
183 
187  protected function checkPermission(
188  int $a_context_type,
189  string $a_context_id,
190  int $a_action_id,
191  ?int $a_action_sub_id = null
192  ): bool {
193  return ($this->checkRBAC() &&
194  $this->checkPlugins($a_context_type, (string) $a_context_id, $a_action_id, $a_action_sub_id));
195  }
196 
200  protected function checkRBAC(): bool
201  {
202  global $DIC;
203  $ilAccess = $DIC->access();
204 
205  // we are currently only supporting write operations
206  return $ilAccess->checkAccessOfUser($this->getUserId(), "write", "", $this->getRefId());
207  }
208 
212  abstract protected function getActivePlugins(): Generator;
213 
217  protected function checkPlugins(
218  int $a_context_type,
219  string $a_context_id,
220  int $a_action_id,
221  ?int $a_action_sub_id = null
222  ): bool {
223  $valid = true;
224 
225  if (!is_array($this->plugins)) {
226  $this->plugins = iterator_to_array($this->getActivePlugins());
227  }
228 
229  foreach ($this->plugins as $plugin) {
230  $a_action_sub_id = is_null($a_action_sub_id)
231  ? ilAdvancedMDPermissionHelper::SUBACTION_UNDEFINED
232  : $a_action_sub_id;
233  if (!$plugin->checkPermission($this->getUserId(), $a_context_type, $a_context_id, $a_action_id, $a_action_sub_id)) {
234  $valid = false;
235  break;
236  }
237  }
238 
239  return $valid;
240  }
241 
245  public function getAllowedObjectTypes(): array
246  {
247  $accepted_types = ['cat','crs','sess','grp','iass','exc','file'];
248 
249  $obj_def = new ilObjectDefinition();
250  $adv_md_types = $obj_def->getAdvancedMetaDataTypes();
251 
252  $valid_accepted_types = [];
253  foreach ($adv_md_types as $value) {
254  if (in_array($value['obj_type'], $accepted_types) || in_array($value['sub_type'], $accepted_types)) {
255  array_push($valid_accepted_types, $value['obj_type']);
256  }
257  }
258 
259  return $valid_accepted_types;
260  }
261 }
$res
$res
Definition: ltiservices.php:66
ilClaimingPermissionHelper
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilClaimingPermissionHelper.php:24
ilClaimingPermissionHelper\getValidContextIds
getValidContextIds(int $a_context_type)
Get context ids for context type (uses cache)
Definition: class.ilClaimingPermissionHelper.php:139
$valid
$valid
Definition: dummy_client.php:59
ilClaimingPermissionHelper\checkPermission
checkPermission(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission (helper: rbac, plugins)
Definition: class.ilClaimingPermissionHelper.php:187
ilClaimingPermissionHelper\hasPermissions
hasPermissions(int $a_context_type, string $a_context_id, array $a_action_ids)
Check permissions.
Definition: class.ilClaimingPermissionHelper.php:166
ilClaimingPermissionHelper\getActivePlugins
getActivePlugins()
Get active plugins (for current slot)
ilClaimingPermissionHelper\buildPermissionMap
buildPermissionMap()
Build map of context and actions.
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilClaimingPermissionHelper\checkRBAC
checkRBAC()
Check permission against RBAC.
Definition: class.ilClaimingPermissionHelper.php:200
ilClaimingPermissionHelper\hasPermission
hasPermission(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission.
Definition: class.ilClaimingPermissionHelper.php:150
$DIC
global $DIC
Definition: shib_login.php:22
ilClaimingPermissionHelper\readContextIds
readContextIds(int $a_context_type)
Get all context ids for context type (from DB, is cached)
ilClaimingPermissionHelper\isValidContextAndAction
isValidContextAndAction(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check if given combination of context and action is valid.
Definition: class.ilClaimingPermissionHelper.php:100
ilClaimingPermissionHelper\getInstance
static getInstance(int $a_user_id, int $a_ref_id)
Definition: class.ilClaimingPermissionHelper.php:42
ilClaimingPermissionHelper\__construct
__construct(int $a_user_id, int $a_ref_id)
Definition: class.ilClaimingPermissionHelper.php:34
ilClaimingPermissionHelper\checkPlugins
checkPlugins(int $a_context_type, string $a_context_id, int $a_action_id, ?int $a_action_sub_id=null)
Check permission against plugins.
Definition: class.ilClaimingPermissionHelper.php:217