ILIAS  trunk Revision v11.0_alpha-1702-gfd3ecb7f852
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilAccess.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
27 class ilAccess implements ilAccessHandler
28 {
29  private const MAX_CACHE_SIZE = 1000;
30 
31  protected ilOrgUnitPositionAccess $ilOrgUnitPositionAccess;
32  protected array $obj_tree_cache;
33  protected array $obj_type_cache;
34  protected array $obj_id_cache;
35  protected array $ac_cache;
36 
37  protected bool $status;
38  protected bool $path;
39  protected bool $condition;
40  protected bool $tree;
41  protected bool $rbac;
42  protected bool $cache;
43 
44  private bool $prevent_caching_last_result = false;
45 
46  protected ilAccessInfo $current_info;
47  protected ?ilAccessInfo $last_info = null;
48  protected array $results = [];
49  protected array $last_result = [];
50  protected array $stored_rbac_access = [];
51  protected array $current_result_element = [];
52 
53  protected ilRbacSystem $rbacsystem;
54  protected ilObjUser $user;
55  protected ilLogger $ac_logger;
56  protected ilDBInterface $db;
57  protected ilTree $repositoryTree;
58  protected ilObjectDefinition $objDefinition;
59 
60  protected ?ilLanguage $language = null;
61 
62  public function __construct()
63  {
64  global $DIC;
65 
66  $this->user = $DIC->user();
67  $this->db = $DIC->database();
68  $this->rbacsystem = $DIC['rbacsystem'];
69  $this->results = [];
70  $this->current_info = new ilAccessInfo();
71  $this->repositoryTree = $DIC->repositoryTree();
72  $this->objDefinition = $DIC['objDefinition'];
73 
74  // use function enable to switch on/off tests (only cache is used so far)
75  $this->cache = true;
76  $this->rbac = true;
77  $this->tree = true;
78  $this->condition = true;
79  $this->path = true;
80  $this->status = true;
81  $this->obj_id_cache = [];
82  $this->obj_type_cache = [];
83  $this->obj_tree_cache = [];
84  $this->ac_cache = [];
85 
86  $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess($this);
87 
88  $this->ac_logger = ilLoggerFactory::getLogger('ac');
89  }
90 
91  private function getLanguage(): ilLanguage
92  {
93  if ($this->language === null) {
94  global $DIC;
95  $this->language = $DIC['lng'];
96  }
97 
98  return $this->language;
99  }
100 
104  public function storeAccessResult(
105  string $a_permission,
106  string $a_cmd,
107  int $a_ref_id,
108  bool $a_access_granted,
109  ?int $a_user_id = null,
110  ?ilAccessInfo $a_info = null
111  ): void {
112  if ($a_user_id === null) {
113  $a_user_id = $this->user->getId();
114  }
115  if ($a_info === null) {
116  $a_info = $this->current_info;
117  }
118  if ($this->cache) {
119  $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] = [
120  "granted" => $a_access_granted,
121  "info" => $a_info,
122  "prevent_db_cache" => $this->getPreventCachingLastResult()
123  ];
124  $this->current_result_element = [$a_access_granted, $a_ref_id, $a_permission, $a_cmd, $a_user_id];
125  $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
126  $this->last_info = $a_info;
127  }
128  // get new info object
129  $this->current_info = new ilAccessInfo();
130  }
131 
135  public function setPreventCachingLastResult(bool $a_val): void
136  {
137  $this->prevent_caching_last_result = $a_val;
138  }
139 
143  public function getPreventCachingLastResult(): bool
144  {
145  return $this->prevent_caching_last_result;
146  }
147 
151  public function getStoredAccessResult(
152  string $a_permission,
153  string $a_cmd,
154  int $a_ref_id,
155  ?int $a_user_id = null
156  ): array {
157  if ($a_user_id === null) {
158  $a_user_id = $this->user->getId();
159  }
160  if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
161  return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
162  }
163  return [];
164  }
165 
169  public function getResults(): array
170  {
171  return $this->results;
172  }
173 
177  public function setResults(array $a_results): void
178  {
179  $this->results = $a_results;
180  }
181 
185  public function addInfoItem(string $a_type, string $a_text, string $a_data = ""): void
186  {
187  $this->current_info->addInfoItem($a_type, $a_text, $a_data);
188  }
189 
193  public function checkAccess(
194  string $a_permission,
195  string $a_cmd,
196  int $a_ref_id,
197  string $a_type = "",
198  ?int $a_obj_id = null,
199  ?int $a_tree_id = null
200  ): bool {
201  return $this->checkAccessOfUser(
202  $this->user->getId(),
203  $a_permission,
204  $a_cmd,
205  $a_ref_id,
206  $a_type,
207  $a_obj_id,
208  $a_tree_id
209  );
210  }
211 
215  public function checkAccessOfUser(
216  int $a_user_id,
217  string $a_permission,
218  string $a_cmd,
219  int $a_ref_id,
220  string $a_type = "",
221  ?int $a_obj_id = 0,
222  ?int $a_tree_id = 0
223  ): bool {
224  global $DIC;
225 
226  $ilBench = $DIC['ilBench'];
227 
228  $this->setPreventCachingLastResult(false); // for external db based caches
229 
230  $ilBench->start("AccessControl", "0400_clear_info");
231  $this->current_info->clear();
232  $ilBench->stop("AccessControl", "0400_clear_info");
233 
234  // get stored result (internal memory based cache)
235  $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
236  if ($cached["hit"]) {
237  // Store access result
238  if (!$cached["granted"]) {
239  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
240  }
241  if ($cached["prevent_db_cache"]) {
242  $this->setPreventCachingLastResult(true); // should have been saved in previous call already
243  }
244  return $cached["granted"];
245  }
246 
247  $ilBench->start("AccessControl", "0500_lookup_id_and_type");
248  // get object id if not provided
249  if ($a_obj_id == 0) {
250  if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
251  $a_obj_id = $this->obj_id_cache[$a_ref_id];
252  } else {
253  $a_obj_id = ilObject::_lookupObjId($a_ref_id);
254  $this->obj_id_cache[$a_ref_id] = $a_obj_id;
255  }
256  }
257  if ($a_type == "") {
258  if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
259  $a_type = $this->obj_type_cache[$a_ref_id];
260  } else {
261  $a_type = ilObject::_lookupType($a_ref_id, true);
262  $this->obj_type_cache[$a_ref_id] = $a_type;
263  }
264  }
265 
266  $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
267 
268  // if supplied tree id is not = 1 (= repository main tree),
269  // check if object is in tree and not deleted
270  if ($a_tree_id != 1 &&
271  !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
272  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
273  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
274  return false;
275  }
276 
277  // rbac check for current object
278  if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
279  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
280  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
281  return false;
282  }
283 
284  // Check object activation
285  $act_check = $this->doActivationCheck(
286  $a_permission,
287  $a_cmd,
288  $a_ref_id,
289  $a_user_id,
290  $a_obj_id,
291  $a_type
292  );
293 
294  if (!$act_check) {
295  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt('status_no_permission'));
296  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
297  return false;
298  }
299 
300  // check read permission for all parents
301  $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
302  if (!$par_check) {
303  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
304  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
305  return false;
306  }
307 
308  // condition check (currently only implemented for read permission)
309  if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
310  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
311  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
312  $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
313  return false;
314  }
315 
316  // object type specific check
317  if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
318  $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
319  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
320  $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
321  return false;
322  }
323 
324  // all checks passed
325  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
326  return true;
327  }
328 
332  public function getInfo(): array
333  {
334  return is_object($this->last_info) ? $this->last_info->getInfoItems() : [];
335  }
336 
340  public function getResultLast(): array
341  {
342  return $this->last_result;
343  }
344 
348  public function getResultAll(int $a_ref_id = 0): array
349  {
350  if ($a_ref_id == "") {
351  return $this->results;
352  }
353 
354  return $this->results[$a_ref_id];
355  }
356 
360  public function doCacheCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id): array
361  {
362  $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
363 
364  //var_dump($stored_access);
365  if ($stored_access !== []) {
366  if (isset($stored_access['info']) && $stored_access['info'] instanceof ilAccessInfo) {
367  $this->current_info = $stored_access["info"];
368  }
369  //var_dump("cache-treffer:");
370  return [
371  "hit" => true,
372  "granted" => $stored_access["granted"],
373  "prevent_db_cache" => $stored_access["prevent_db_cache"]
374  ];
375  }
376 
377  // not in cache
378  return [
379  "hit" => false,
380  "granted" => false,
381  "prevent_db_cache" => false
382  ];
383  }
384 
388  public function doTreeCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id): bool
389  {
390  // Get stored result
391  $tree_cache_key = $a_user_id . ':' . $a_ref_id;
392  if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
393  // Store access result
394  if (!$this->obj_tree_cache[$tree_cache_key]) {
395  $this->current_info->addInfoItem(
396  ilAccessInfo::IL_NO_PERMISSION,
397  $this->getLanguage()->txt("status_no_permission")
398  );
399  }
400  $this->storeAccessResult(
401  $a_permission,
402  $a_cmd,
403  $a_ref_id,
404  $this->obj_tree_cache[$tree_cache_key],
405  $a_user_id
406  );
407 
408  return $this->obj_tree_cache[$tree_cache_key];
409  }
410 
411  if (!$this->repositoryTree->isInTree($a_ref_id) || $this->repositoryTree->isDeleted($a_ref_id)) {
412  // Store negative access results
413  // Store in tree cache
414  // Note, we only store up to 1000 results to avoid memory overflow.
415  if (count($this->obj_tree_cache) < self::MAX_CACHE_SIZE) {
416  $this->obj_tree_cache[$tree_cache_key] = false;
417  }
418 
419  // Store in result cache
420  $this->current_info->addInfoItem(ilAccessInfo::IL_DELETED, $this->getLanguage()->txt("object_deleted"));
421  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
422  return false;
423  }
424 
425  // Store positive access result.
426  // Store in tree cache
427  // Note, we only store up to 1000 results to avoid memory overflow.
428  if (count($this->obj_tree_cache) < self::MAX_CACHE_SIZE) {
429  $this->obj_tree_cache[$tree_cache_key] = true;
430  }
431  // Store in result cache
432  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
433  return true;
434  }
435 
439  public function doRBACCheck(
440  string $a_permission,
441  string $a_cmd,
442  int $a_ref_id,
443  int $a_user_id,
444  string $a_type
445  ): bool {
446  if ($a_permission == "") {
447  $message = sprintf(
448  '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
449  get_class($this),
450  $a_ref_id
451  );
452  $this->ac_logger->error($message);
453  throw new ilPermissionException($message);
454  }
455 
456  if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
457  $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
458  } else {
459  $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
460  if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < self::MAX_CACHE_SIZE) {
461  if ($a_permission != "create") {
462  $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
463  }
464  }
465  }
466  // Store in result cache
467  if (!$access) {
468  $this->current_info->addInfoItem(
469  ilAccessInfo::IL_NO_PERMISSION,
470  $this->getLanguage()->txt("status_no_permission")
471  );
472  }
473  if ($a_permission != "create") {
474  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
475  }
476  return $access;
477  }
478 
482  public function doPathCheck(
483  string $a_permission,
484  string $a_cmd,
485  int $a_ref_id,
486  int $a_user_id,
487  bool $a_all = false
488  ): bool {
489  $path = $this->repositoryTree->getPathId($a_ref_id);
490  foreach ($path as $id) {
491  if ($a_ref_id === $id) {
492  continue;
493  }
494  $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
495  if ($access == false) {
496  $this->current_info->addInfoItem(
497  ilAccessInfo::IL_NO_PARENT_ACCESS,
498  $this->getLanguage()->txt("no_parent_access"),
499  (string) $id
500  );
501  if ($a_all == false) {
502  return false;
503  }
504  }
505  }
506  return true;
507  }
508 
512  public function doActivationCheck(
513  string $a_permission,
514  string $a_cmd,
515  int $a_ref_id,
516  int $a_user_id,
517  int $a_obj_id,
518  string $a_type
519  ): bool {
520  $cache_perm = ($a_permission === "visible" || $a_permission === 'leave')
521  ? "visible"
522  : "other";
523 
524  if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
525  return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
526  }
527 
528  // nothings needs to be done if current permission is write permission
529  if ($a_permission === 'write') {
530  return true;
531  }
532 
533  // #10852 - member view check
534  if ($a_user_id === $this->user->getId()) {
535  // #10905 - activate parent container ONLY
536  $memview = ilMemberViewSettings::getInstance();
537  if ($memview->isActiveForRefId($a_ref_id) &&
538  $memview->getContainer() == $a_ref_id) {
539  return true;
540  }
541  }
542 
543  // in any case, if user has write permission return true
544  if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
545  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
546  return true;
547  }
548 
549  // no write access => check centralized offline status
550  if (
551  $this->objDefinition->supportsOfflineHandling($a_type) &&
552  ilObject::lookupOfflineStatus($a_obj_id)
553  ) {
554  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
555  return false;
556  }
557  $item_data = ilObjectActivation::getItem($a_ref_id);
558  // if activation isn't enabled
559  if ($item_data === null || (is_array($item_data) && count($item_data) == 0) ||
560  $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
561  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
562  return true;
563  }
564  // if within activation time
565  if (($item_data['timing_start'] == 0 || time() >= $item_data['timing_start']) and
566  ($item_data['timing_end'] == 0 || time() <= $item_data['timing_end'])) {
567  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
568  return true;
569  }
570 
571  // if user has write permission
572  if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
573  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
574  return true;
575  }
576 
577  // if current permission is visible or leave and visible is set in activation
578  if (($a_permission === 'visible' || $a_permission === 'leave')
579  && $item_data['visible']) {
580  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
581  return true;
582  }
583 
584  // learning progress must be readable, regardless of the activation
585  if ($a_permission == 'read_learning_progress') {
586  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
587  return true;
588  }
589  // no access
590  $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
591  return false;
592  }
593 
597  public function doConditionCheck(
598  string $a_permission,
599  string $a_cmd,
600  int $a_ref_id,
601  int $a_user_id,
602  int $a_obj_id,
603  string $a_type
604  ): bool {
605  if (
606  ($a_permission == 'visible') &&
607  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
608  ) {
609  if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
610  if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
611  $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
612  foreach ($conditions as $condition) {
613  $this->current_info->addInfoItem(
614  ilAccessInfo::IL_MISSING_PRECONDITION,
615  $this->getLanguage()->txt("missing_precondition") . ": " .
616  ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
617  $this->getLanguage()->txt("condition_" . $condition["operator"]) . " " .
618  $condition["value"],
619  serialize($condition)
620  );
621  }
622  return false;
623  }
624  }
625  }
626 
627  if (($a_permission == "read" or $a_permission == 'join') &&
628  !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
629  if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
630  $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
631  foreach ($conditions as $condition) {
632  $this->current_info->addInfoItem(
633  ilAccessInfo::IL_MISSING_PRECONDITION,
634  $this->getLanguage()->txt("missing_precondition") . ": " .
635  ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
636  $this->getLanguage()->txt("condition_" . $condition["operator"]) . " " .
637  $condition["value"],
638  serialize($condition)
639  );
640  }
641  return false;
642  }
643  }
644  return true;
645  }
646 
650  public function doStatusCheck(
651  string $a_permission,
652  string $a_cmd,
653  int $a_ref_id,
654  int $a_user_id,
655  int $a_obj_id,
656  string $a_type
657  ): bool {
658  // check for a deactivated plugin
659  if ($this->objDefinition->isPluginTypeName($a_type) && !$this->objDefinition->isPlugin($a_type)) {
660  return false;
661  }
662  if (!$a_type) {
663  return false;
664  }
665 
666  $class = $this->objDefinition->getClassName($a_type);
667  $location = $this->objDefinition->getLocation($a_type);
668  $full_class = "ilObj" . $class . "Access";
669 
670  if ($class == "") {
671  $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
672  return false;
673  }
674 
675  $full_class = new $full_class();
676 
677  $obj_access = call_user_func(
678  [$full_class, "_checkAccess"],
679  $a_cmd,
680  $a_permission,
681  $a_ref_id,
682  $a_obj_id,
683  $a_user_id
684  );
685  if ($obj_access !== true) {
686  //Note: We must not add an info item here, because one is going
687  // to be added by the user function we just called a few
688  // lines above.
689  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
690  return false;
691  }
692  $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
693  return true;
694  }
695 
699  public function clear(): void
700  {
701  $this->results = [];
702  $this->last_result = [];
703  $this->current_info = new ilAccessInfo();
704  $this->stored_rbac_access = [];
705  }
706 
711  public function enable(string $a_str, bool $a_bool): void
712  {
713  $this->$a_str = $a_bool;
714  }
715 
716 
717 
718  //
719  // OrgUnit Positions
720  //
721 
725  public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission): array
726  {
727  return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission(
728  $user_ids,
729  $permission
730  );
731  }
732 
736  public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission): array
737  {
738  return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission(
739  $user_ids,
740  $for_user_id,
741  $permission
742  );
743  }
744 
748  public function isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids): bool
749  {
750  return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
751  }
752 
756  public function isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids): bool
757  {
758  return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo(
759  $which_user_id,
760  $permission,
761  $on_user_ids
762  );
763  }
764 
768  public function checkPositionAccess(string $pos_perm, int $ref_id): bool
769  {
770  return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
771  }
772 
776  public function checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id): bool
777  {
778  return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
779  }
780 
784  public function filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids): array
785  {
786  return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
787  }
788 
792  public function filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids): array
793  {
794  return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
795  }
796 
800  public function filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids): array
801  {
802  return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser(
803  $rbac_perm,
804  $pos_perm,
805  $ref_id,
806  $user_ids
807  );
808  }
809 
813  public function hasCurrentUserAnyPositionAccess(int $ref_id): bool
814  {
815  return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
816  }
817 
821  public function hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id): bool
822  {
823  return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
824  }
825 }
ilAccess\$db
ilDBInterface $db
Definition: class.ilAccess.php:56
ilAccess\MAX_CACHE_SIZE
const MAX_CACHE_SIZE
Definition: class.ilAccess.php:29
ilAccess\$rbacsystem
ilRbacSystem $rbacsystem
Definition: class.ilAccess.php:53
ilAccess\getResultLast
getResultLast()
get last info object
Definition: class.ilAccess.php:340
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:83
ilAccess\doCacheCheck
doCacheCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id)
look if result for current query is already in cachearray<{hit: bool, granted: bool, prevent_db_cache: bool}>
Definition: class.ilAccess.php:360
ilAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilAccess.php:776
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilAccess\getStoredAccessResult
getStoredAccessResult(string $a_permission, string $a_cmd, int $a_ref_id, ?int $a_user_id=null)
get stored access resultpermission command string reference id user id (if no id passed, current user id) array<{granted: bool, info: ?ilAccessInfo, prevent_db_cache: bool}>
Definition: class.ilAccess.php:151
ilAccess\$current_info
ilAccessInfo $current_info
Definition: class.ilAccess.php:46
ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
See the list of available permissions in interface ilOrgUnitPositionAccessHandler Reference-ID of the...
Definition: class.ilAccess.php:800
$location
$location
Definition: buildRTE.php:22
ilAccess\$repositoryTree
ilTree $repositoryTree
Definition: class.ilAccess.php:57
ilAccess\$results
array $results
Definition: class.ilAccess.php:48
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:257
ilAccessInfo\IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:29
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:183
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:26
ilAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Reference-ID of the desired Object in the tree bool getAvailablePositionRelatedPermissions for availa...
Definition: class.ilAccess.php:768
ilAccess\storeAccessResult
storeAccessResult(string $a_permission, string $a_cmd, int $a_ref_id, bool $a_access_granted, ?int $a_user_id=null, ?ilAccessInfo $a_info=null)
store access result
Definition: class.ilAccess.php:104
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:100
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:23
ilAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
$user_ids int[] getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:792
ilAccess\$current_result_element
array $current_result_element
Definition: class.ilAccess.php:51
ilAccess\$obj_id_cache
array $obj_id_cache
Definition: class.ilAccess.php:34
ilAccess\$language
ilLanguage $language
Definition: class.ilAccess.php:60
ilAccess\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
Definition: class.ilAccess.php:650
ilAccess\hasCurrentUserAnyPositionAccess
hasCurrentUserAnyPositionAccess(int $ref_id)
bool
Definition: class.ilAccess.php:813
ilAccess\$ac_logger
ilLogger $ac_logger
Definition: class.ilAccess.php:55
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:923
ilObject\lookupOfflineStatus
static lookupOfflineStatus(int $obj_id)
Lookup offline status using objectDataCache.
Definition: class.ilObject.php:839
ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered int[] Filtered List of ILIAS-User-IDs ...
Definition: class.ilAccess.php:725
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilAccess\$ac_cache
array $ac_cache
Definition: class.ilAccess.php:35
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult(bool $a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:135
ilAccess\$condition
bool $condition
Definition: class.ilAccess.php:39
$ref_id
$ref_id
Definition: ltiauth.php:65
ilAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
$on_user_ids List of ILIAS-User-IDs bool getAvailablePositionRelatedPermissions for available permiss...
Definition: class.ilAccess.php:748
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.
Definition: class.ilAccess.php:143
ilAccess\$last_result
array $last_result
Definition: class.ilAccess.php:49
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
ilAccess\$prevent_caching_last_result
bool $prevent_caching_last_result
Definition: class.ilAccess.php:44
ilAccess\getResultAll
getResultAll(int $a_ref_id=0)
Definition: class.ilAccess.php:348
$DIC
global $DIC
Definition: shib_login.php:22
ilAccess\getInfo
getInfo()
get last info objectilAccessInfo::getInfoItems()
Definition: class.ilAccess.php:332
ilAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilAccess.php:821
ilAccess\$user
ilObjUser $user
Definition: class.ilAccess.php:54
ilAccess\doTreeCheck
doTreeCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id)
check if object is in tree and not deleted
Definition: class.ilAccess.php:388
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:109
ilAccess\doPathCheck
doPathCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, bool $a_all=false)
check read permission for all parents
Definition: class.ilAccess.php:482
ilAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
$user_ids int[] getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:784
ilAccess\addInfoItem
addInfoItem(string $a_type, string $a_text, string $a_data="")
add an info item to current info object
Definition: class.ilAccess.php:185
ilObjectActivation\getItem
static getItem(int $ref_id)
Definition: class.ilObjectActivation.php:194
ilAccess\$last_info
ilAccessInfo $last_info
Definition: class.ilAccess.php:47
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:225
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget(int $a_target_ref_id, int $a_target_id, string $a_target_type="", int $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:1012
ilAccess\$objDefinition
ilObjectDefinition $objDefinition
Definition: class.ilAccess.php:58
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilAccess\doConditionCheck
doConditionCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
condition check (currently only implemented for read permission)
Definition: class.ilAccess.php:597
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:48
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:240
ilAccess\enable
enable(string $a_str, bool $a_bool)
Definition: class.ilAccess.php:711
ilAccess\$stored_rbac_access
array $stored_rbac_access
Definition: class.ilAccess.php:50
ilAccess\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
Definition: class.ilAccess.php:512
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:59
$message
$message
Definition: xapiexit.php:31
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:74
ILIAS\UI\examples\Symbol\Glyph\Language\language
language()
description: > Example for rendring a language glyph.
Definition: language.php:41
ilAccess\checkAccess
checkAccess(string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=null, ?int $a_tree_id=null)
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccess.php:193
ilAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Permission check for this ILIAS-User-ID $on_user_ids List of ILIAS-User-IDs bool getAvailablePosition...
Definition: class.ilAccess.php:756
ilAccess\setResults
setResults(array $a_results)
Definition: class.ilAccess.php:177
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
ilAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
$user_ids List of ILIAS-User-IDs which shall be filtered int[] Filtered List of ILIAS-User-IDs ...
Definition: class.ilAccess.php:736
ilAccess\doRBACCheck
doRBACCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, string $a_type)
rbac check for current object -> type is used for create permission
Definition: class.ilAccess.php:439
ilAccess\$obj_type_cache
array $obj_type_cache
Definition: class.ilAccess.php:33
ilAccess\checkAccessOfUser
checkAccessOfUser(int $a_user_id, string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=0, ?int $a_tree_id=0)
check access for an object (provide $a_type and $a_obj_id if available for better performance) ...
Definition: class.ilAccess.php:215
ilAccess\$ilOrgUnitPositionAccess
ilOrgUnitPositionAccess $ilOrgUnitPositionAccess
Definition: class.ilAccess.php:31
ilAccess\$obj_tree_cache
array $obj_tree_cache
Definition: class.ilAccess.php:32