ILIAS  trunk Revision v12.0_alpha-399-g579a087ced2
class.ilAccess.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
27class ilAccess implements ilAccessHandler
28{
29 private const MAX_CACHE_SIZE = 1000;
30
31 protected ilOrgUnitPositionAccess $ilOrgUnitPositionAccess;
32 protected array $obj_tree_cache;
33 protected array $obj_type_cache;
34 protected array $obj_id_cache;
35 protected array $ac_cache;
36
37 protected bool $status;
38 protected bool $path;
39 protected bool $condition;
40 protected bool $tree;
41 protected bool $rbac;
42 protected bool $cache;
43
44 private bool $prevent_caching_last_result = false;
45
46 protected ilAccessInfo $current_info;
47 protected ?ilAccessInfo $last_info = null;
48 protected array $results = [];
49 protected array $last_result = [];
50 protected array $stored_rbac_access = [];
51 protected array $current_result_element = [];
52
53 protected ilRbacSystem $rbacsystem;
54 protected ilObjUser $user;
55 protected ilLogger $ac_logger;
56 protected ilDBInterface $db;
57 protected ilTree $repositoryTree;
58 protected ilObjectDefinition $objDefinition;
59
60 protected ?ilLanguage $language = null;
61
62 public function __construct()
63 {
64 global $DIC;
65
66 $this->user = $DIC->user();
67 $this->db = $DIC->database();
68 $this->rbacsystem = $DIC['rbacsystem'];
69 $this->results = [];
70 $this->current_info = new ilAccessInfo();
71 $this->repositoryTree = $DIC->repositoryTree();
72 $this->objDefinition = $DIC['objDefinition'];
73
74 // use function enable to switch on/off tests (only cache is used so far)
75 $this->cache = true;
76 $this->rbac = true;
77 $this->tree = true;
78 $this->condition = true;
79 $this->path = true;
80 $this->status = true;
81 $this->obj_id_cache = [];
82 $this->obj_type_cache = [];
83 $this->obj_tree_cache = [];
84 $this->ac_cache = [];
85
86 $this->ilOrgUnitPositionAccess = new ilOrgUnitPositionAccess($this);
87
88 $this->ac_logger = ilLoggerFactory::getLogger('ac');
89 }
90
91 private function getLanguage(): ilLanguage
92 {
93 if ($this->language === null) {
94 global $DIC;
95 $this->language = $DIC['lng'];
96 }
97
98 return $this->language;
99 }
100
104 public function storeAccessResult(
105 string $a_permission,
106 string $a_cmd,
107 int $a_ref_id,
108 bool $a_access_granted,
109 ?int $a_user_id = null,
110 ?ilAccessInfo $a_info = null
111 ): void {
112 if ($a_user_id === null) {
113 $a_user_id = $this->user->getId();
114 }
115 if ($a_info === null) {
116 $a_info = $this->current_info;
117 }
118 if ($this->cache) {
119 $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id] = [
120 "granted" => $a_access_granted,
121 "info" => $a_info,
122 "prevent_db_cache" => $this->getPreventCachingLastResult()
123 ];
124 $this->current_result_element = [$a_access_granted, $a_ref_id, $a_permission, $a_cmd, $a_user_id];
125 $this->last_result = $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
126 $this->last_info = $a_info;
127 }
128 // get new info object
129 $this->current_info = new ilAccessInfo();
130 }
131
135 public function setPreventCachingLastResult(bool $a_val): void
136 {
137 $this->prevent_caching_last_result = $a_val;
138 }
139
143 public function getPreventCachingLastResult(): bool
144 {
145 return $this->prevent_caching_last_result;
146 }
147
151 public function getStoredAccessResult(
152 string $a_permission,
153 string $a_cmd,
154 int $a_ref_id,
155 ?int $a_user_id = null
156 ): array {
157 if ($a_user_id === null) {
158 $a_user_id = $this->user->getId();
159 }
160 if (isset($this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id])) {
161 return $this->results[$a_ref_id][$a_permission][$a_cmd][$a_user_id];
162 }
163 return [];
164 }
165
169 public function getResults(): array
170 {
171 return $this->results;
172 }
173
177 public function setResults(array $a_results): void
178 {
179 $this->results = $a_results;
180 }
181
185 public function addInfoItem(string $a_type, string $a_text, string $a_data = ""): void
186 {
187 $this->current_info->addInfoItem($a_type, $a_text, $a_data);
188 }
189
193 public function checkAccess(
194 string $a_permission,
195 string $a_cmd,
196 int $a_ref_id,
197 string $a_type = "",
198 ?int $a_obj_id = null,
199 ?int $a_tree_id = null
200 ): bool {
201 return $this->checkAccessOfUser(
202 $this->user->getId(),
203 $a_permission,
204 $a_cmd,
205 $a_ref_id,
206 $a_type,
207 $a_obj_id,
208 $a_tree_id
209 );
210 }
211
215 public function checkAccessOfUser(
216 int $a_user_id,
217 string $a_permission,
218 string $a_cmd,
219 int $a_ref_id,
220 string $a_type = "",
221 ?int $a_obj_id = 0,
222 ?int $a_tree_id = 0
223 ): bool {
224 global $DIC;
225
226 $ilBench = $DIC['ilBench'];
227
228 $this->setPreventCachingLastResult(false); // for external db based caches
229
230 $ilBench->start("AccessControl", "0400_clear_info");
231 $this->current_info->clear();
232 $ilBench->stop("AccessControl", "0400_clear_info");
233
234 // get stored result (internal memory based cache)
235 $cached = $this->doCacheCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
236 if ($cached["hit"]) {
237 // Store access result
238 if (!$cached["granted"]) {
239 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
240 }
241 if ($cached["prevent_db_cache"]) {
242 $this->setPreventCachingLastResult(true); // should have been saved in previous call already
243 }
244 return $cached["granted"];
245 }
246
247 $ilBench->start("AccessControl", "0500_lookup_id_and_type");
248 // get object id if not provided
249 if ($a_obj_id == 0) {
250 if (isset($this->obj_id_cache[$a_ref_id]) && $this->obj_id_cache[$a_ref_id] > 0) {
251 $a_obj_id = $this->obj_id_cache[$a_ref_id];
252 } else {
253 $a_obj_id = ilObject::_lookupObjId($a_ref_id);
254 $this->obj_id_cache[$a_ref_id] = $a_obj_id;
255 }
256 }
257 if ($a_type == "") {
258 if (isset($this->obj_type_cache[$a_ref_id]) && $this->obj_type_cache[$a_ref_id] != "") {
259 $a_type = $this->obj_type_cache[$a_ref_id];
260 } else {
261 $a_type = ilObject::_lookupType($a_ref_id, true);
262 $this->obj_type_cache[$a_ref_id] = $a_type;
263 }
264 }
265
266 $ilBench->stop("AccessControl", "0500_lookup_id_and_type");
267
268 // if supplied tree id is not = 1 (= repository main tree),
269 // check if object is in tree and not deleted
270 if ($a_tree_id != 1 &&
271 !$this->doTreeCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id)) {
272 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
273 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
274 return false;
275 }
276
277 // As of FR: https://docu.ilias.de/go/wiki/wpage_8648_1357#ilPageTocA248
278 // the ilObjSystemFolderGUI is always readable.
279 if ($a_ref_id === SYSTEM_FOLDER_ID && 'read' === $a_permission) {
280 return true;
281 }
282 // rbac check for current object
283 if (!$this->doRBACCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_type)) {
284 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
285 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
286 return false;
287 }
288
289 // Check object activation
290 $act_check = $this->doActivationCheck(
291 $a_permission,
292 $a_cmd,
293 $a_ref_id,
294 $a_user_id,
295 $a_obj_id,
296 $a_type
297 );
298
299 if (!$act_check) {
300 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt('status_no_permission'));
301 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
302 return false;
303 }
304
305 // check read permission for all parents
306 $par_check = $this->doPathCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id);
307 if (!$par_check) {
308 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
309 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
310 return false;
311 }
312
313 // condition check (currently only implemented for read permission)
314 if (!$this->doConditionCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
315 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
316 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
317 $this->setPreventCachingLastResult(true); // do not store this in db, since condition updates are not monitored
318 return false;
319 }
320
321 // object type specific check
322 if (!$this->doStatusCheck($a_permission, $a_cmd, $a_ref_id, $a_user_id, $a_obj_id, $a_type)) {
323 $this->current_info->addInfoItem(ilAccessInfo::IL_NO_PERMISSION, $this->getLanguage()->txt("status_no_permission"));
324 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
325 $this->setPreventCachingLastResult(true); // do not store this in db, since status updates are not monitored
326 return false;
327 }
328
329 // all checks passed
330 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
331 return true;
332 }
333
337 public function getInfo(): array
338 {
339 return is_object($this->last_info) ? $this->last_info->getInfoItems() : [];
340 }
341
345 public function getResultLast(): array
346 {
347 return $this->last_result;
348 }
349
353 public function getResultAll(int $a_ref_id = 0): array
354 {
355 if ($a_ref_id == "") {
356 return $this->results;
357 }
358
359 return $this->results[$a_ref_id];
360 }
361
365 public function doCacheCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id): array
366 {
367 $stored_access = $this->getStoredAccessResult($a_permission, $a_cmd, $a_ref_id, $a_user_id);
368
369 //var_dump($stored_access);
370 if ($stored_access !== []) {
371 if (isset($stored_access['info']) && $stored_access['info'] instanceof ilAccessInfo) {
372 $this->current_info = $stored_access["info"];
373 }
374 //var_dump("cache-treffer:");
375 return [
376 "hit" => true,
377 "granted" => $stored_access["granted"],
378 "prevent_db_cache" => $stored_access["prevent_db_cache"]
379 ];
380 }
381
382 // not in cache
383 return [
384 "hit" => false,
385 "granted" => false,
386 "prevent_db_cache" => false
387 ];
388 }
389
393 public function doTreeCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id): bool
394 {
395 // Get stored result
396 $tree_cache_key = $a_user_id . ':' . $a_ref_id;
397 if (array_key_exists($tree_cache_key, $this->obj_tree_cache)) {
398 // Store access result
399 if (!$this->obj_tree_cache[$tree_cache_key]) {
400 $this->current_info->addInfoItem(
401 ilAccessInfo::IL_NO_PERMISSION,
402 $this->getLanguage()->txt("status_no_permission")
403 );
404 }
405 $this->storeAccessResult(
406 $a_permission,
407 $a_cmd,
408 $a_ref_id,
409 $this->obj_tree_cache[$tree_cache_key],
410 $a_user_id
411 );
412
413 return $this->obj_tree_cache[$tree_cache_key];
414 }
415
416 if (!$this->repositoryTree->isInTree($a_ref_id) || $this->repositoryTree->isDeleted($a_ref_id)) {
417 // Store negative access results
418 // Store in tree cache
419 // Note, we only store up to 1000 results to avoid memory overflow.
420 if (count($this->obj_tree_cache) < self::MAX_CACHE_SIZE) {
421 $this->obj_tree_cache[$tree_cache_key] = false;
422 }
423
424 // Store in result cache
425 $this->current_info->addInfoItem(ilAccessInfo::IL_DELETED, $this->getLanguage()->txt("object_deleted"));
426 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
427 return false;
428 }
429
430 // Store positive access result.
431 // Store in tree cache
432 // Note, we only store up to 1000 results to avoid memory overflow.
433 if (count($this->obj_tree_cache) < self::MAX_CACHE_SIZE) {
434 $this->obj_tree_cache[$tree_cache_key] = true;
435 }
436 // Store in result cache
437 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
438 return true;
439 }
440
444 public function doRBACCheck(
445 string $a_permission,
446 string $a_cmd,
447 int $a_ref_id,
448 int $a_user_id,
449 string $a_type
450 ): bool {
451 if ($a_permission == "") {
452 $message = sprintf(
453 '%s::doRBACCheck(): No operations given! $a_ref_id: %s',
454 get_class($this),
455 $a_ref_id
456 );
457 $this->ac_logger->error($message);
458 throw new ilPermissionException($message);
459 }
460
461 if (isset($this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id])) {
462 $access = $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id];
463 } else {
464 $access = $this->rbacsystem->checkAccessOfUser($a_user_id, $a_permission, $a_ref_id, $a_type);
465 if (!is_array($this->stored_rbac_access) || count($this->stored_rbac_access) < self::MAX_CACHE_SIZE) {
466 if ($a_permission != "create") {
467 $this->stored_rbac_access[$a_user_id . "-" . $a_permission . "-" . $a_ref_id] = $access;
468 }
469 }
470 }
471 // Store in result cache
472 if (!$access) {
473 $this->current_info->addInfoItem(
474 ilAccessInfo::IL_NO_PERMISSION,
475 $this->getLanguage()->txt("status_no_permission")
476 );
477 }
478 if ($a_permission != "create") {
479 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
480 }
481 return $access;
482 }
483
487 public function doPathCheck(
488 string $a_permission,
489 string $a_cmd,
490 int $a_ref_id,
491 int $a_user_id,
492 bool $a_all = false
493 ): bool {
494 $path = $this->repositoryTree->getPathId($a_ref_id);
495 foreach ($path as $id) {
496 if ($a_ref_id === $id) {
497 continue;
498 }
499 $access = $this->checkAccessOfUser($a_user_id, "read", "info", $id);
500 if ($access == false) {
501 $this->current_info->addInfoItem(
502 ilAccessInfo::IL_NO_PARENT_ACCESS,
503 $this->getLanguage()->txt("no_parent_access"),
504 (string) $id
505 );
506 if ($a_all == false) {
507 return false;
508 }
509 }
510 }
511 return true;
512 }
513
517 public function doActivationCheck(
518 string $a_permission,
519 string $a_cmd,
520 int $a_ref_id,
521 int $a_user_id,
522 int $a_obj_id,
523 string $a_type
524 ): bool {
525 $cache_perm = ($a_permission === "visible" || $a_permission === 'leave')
526 ? "visible"
527 : "other";
528
529 if (isset($this->ac_cache[$cache_perm][$a_ref_id][$a_user_id])) {
530 return $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id];
531 }
532
533 // nothings needs to be done if current permission is write permission
534 if ($a_permission === 'write') {
535 return true;
536 }
537
538 // #10852 - member view check
539 if ($a_user_id === $this->user->getId()) {
540 // #10905 - activate parent container ONLY
541 $memview = ilMemberViewSettings::getInstance();
542 if ($memview->isActiveForRefId($a_ref_id) &&
543 $memview->getContainer() == $a_ref_id) {
544 return true;
545 }
546 }
547
548 // in any case, if user has write permission return true.
549 // you may specify further exceptions in ilObj[TYPE]Access::getBypassActivationCheckForPermissions;
550 $class = $this->objDefinition->getClassName($a_type);
551 $full_class = "ilObj" . $class . "Access";
552
553 $bypass = method_exists($full_class, 'getBypassActivationCheckForPermissions') ?
554 $full_class::getBypassActivationCheckForPermissions() : ['write'];
555
556 foreach ($bypass as $permission) {
557 if ($this->checkAccessOfUser($a_user_id, $permission, "", $a_ref_id)) {
558 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
559 return true;
560 }
561 }
562
563 // no write access/bypass => check centralized offline status
564 if (
565 $this->objDefinition->supportsOfflineHandling($a_type) &&
566 ilObject::lookupOfflineStatus($a_obj_id)
567 ) {
568 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
569 return false;
570 }
571 $item_data = ilObjectActivation::getItem($a_ref_id);
572 // if activation isn't enabled
573 if ($item_data === null || (is_array($item_data) && count($item_data) == 0) ||
574 $item_data['timing_type'] != ilObjectActivation::TIMINGS_ACTIVATION) {
575 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
576 return true;
577 }
578 // if within activation time
579 if (($item_data['timing_start'] == 0 || time() >= $item_data['timing_start']) and
580 ($item_data['timing_end'] == 0 || time() <= $item_data['timing_end'])) {
581 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
582 return true;
583 }
584
585 // if user has write permission
586 if ($this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id)) {
587 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
588 return true;
589 }
590
591 // if current permission is visible or leave and visible is set in activation
592 if (($a_permission === 'visible' || $a_permission === 'leave')
593 && $item_data['visible']) {
594 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
595 return true;
596 }
597
598 // learning progress must be readable, regardless of the activation
599 if ($a_permission == 'read_learning_progress') {
600 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = true;
601 return true;
602 }
603 // no access
604 $this->ac_cache[$cache_perm][$a_ref_id][$a_user_id] = false;
605 return false;
606 }
607
611 public function doConditionCheck(
612 string $a_permission,
613 string $a_cmd,
614 int $a_ref_id,
615 int $a_user_id,
616 int $a_obj_id,
617 string $a_type
618 ): bool {
619 if (
620 ($a_permission == 'visible') &&
621 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)
622 ) {
623 if (ilConditionHandler::lookupEffectiveHiddenStatusByTarget($a_ref_id)) {
624 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
625 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
626 foreach ($conditions as $condition) {
627 $this->current_info->addInfoItem(
628 ilAccessInfo::IL_MISSING_PRECONDITION,
629 $this->getLanguage()->txt("missing_precondition") . ": " .
630 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
631 $this->getLanguage()->txt("condition_" . $condition["operator"]) . " " .
632 $condition["value"],
633 serialize($condition)
634 );
635 }
636 return false;
637 }
638 }
639 }
640
641 if (($a_permission == "read" or $a_permission == 'join') &&
642 !$this->checkAccessOfUser($a_user_id, "write", "", $a_ref_id, $a_type, $a_obj_id)) {
643 if (!ilConditionHandler::_checkAllConditionsOfTarget($a_ref_id, $a_obj_id, $a_type, $a_user_id)) {
644 $conditions = ilConditionHandler::_getEffectiveConditionsOfTarget($a_ref_id, $a_obj_id, $a_type);
645 foreach ($conditions as $condition) {
646 $this->current_info->addInfoItem(
647 ilAccessInfo::IL_MISSING_PRECONDITION,
648 $this->getLanguage()->txt("missing_precondition") . ": " .
649 ilObject::_lookupTitle($condition["trigger_obj_id"]) . " " .
650 $this->getLanguage()->txt("condition_" . $condition["operator"]) . " " .
651 $condition["value"],
652 serialize($condition)
653 );
654 }
655 return false;
656 }
657 }
658 return true;
659 }
660
664 public function doStatusCheck(
665 string $a_permission,
666 string $a_cmd,
667 int $a_ref_id,
668 int $a_user_id,
669 int $a_obj_id,
670 string $a_type
671 ): bool {
672 // check for a deactivated plugin
673 if ($this->objDefinition->isPluginTypeName($a_type) && !$this->objDefinition->isPlugin($a_type)) {
674 return false;
675 }
676 if (!$a_type) {
677 return false;
678 }
679
680 $class = $this->objDefinition->getClassName($a_type);
681 $location = $this->objDefinition->getLocation($a_type);
682 $full_class = "ilObj" . $class . "Access";
683
684 if ($class == "") {
685 $this->ac_logger->error("Cannot find class for object type $a_type, obj id $a_obj_id, ref id $a_ref_id. Abort status check.");
686 return false;
687 }
688
689 $full_class = new $full_class();
690
691 $obj_access = call_user_func(
692 [$full_class, "_checkAccess"],
693 $a_cmd,
694 $a_permission,
695 $a_ref_id,
696 $a_obj_id,
697 $a_user_id
698 );
699 if ($obj_access !== true) {
700 //Note: We must not add an info item here, because one is going
701 // to be added by the user function we just called a few
702 // lines above.
703 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, false, $a_user_id);
704 return false;
705 }
706 $this->storeAccessResult($a_permission, $a_cmd, $a_ref_id, true, $a_user_id);
707 return true;
708 }
709
713 public function clear(): void
714 {
715 $this->results = [];
716 $this->last_result = [];
717 $this->current_info = new ilAccessInfo();
718 $this->stored_rbac_access = [];
719 }
720
725 public function enable(string $a_str, bool $a_bool): void
726 {
727 $this->$a_str = $a_bool;
728 }
729
730
731
732 //
733 // OrgUnit Positions
734 //
735
739 public function filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission): array
740 {
741 return $this->ilOrgUnitPositionAccess->filterUserIdsForCurrentUsersPositionsAndPermission(
742 $user_ids,
743 $permission
744 );
745 }
746
750 public function filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission): array
751 {
752 return $this->ilOrgUnitPositionAccess->filterUserIdsForUsersPositionsAndPermission(
753 $user_ids,
754 $for_user_id,
755 $permission
756 );
757 }
758
762 public function isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids): bool
763 {
764 return $this->ilOrgUnitPositionAccess->isCurrentUserBasedOnPositionsAllowedTo($permission, $on_user_ids);
765 }
766
770 public function isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids): bool
771 {
772 return $this->ilOrgUnitPositionAccess->isUserBasedOnPositionsAllowedTo(
773 $which_user_id,
774 $permission,
775 $on_user_ids
776 );
777 }
778
782 public function checkPositionAccess(string $pos_perm, int $ref_id): bool
783 {
784 return $this->ilOrgUnitPositionAccess->checkPositionAccess($pos_perm, $ref_id);
785 }
786
790 public function checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id): bool
791 {
792 return $this->ilOrgUnitPositionAccess->checkRbacOrPositionPermissionAccess($rbac_perm, $pos_perm, $ref_id);
793 }
794
798 public function filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids): array
799 {
800 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfCurrentUser($pos_perm, $ref_id, $user_ids);
801 }
802
806 public function filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids): array
807 {
808 return $this->ilOrgUnitPositionAccess->filterUserIdsByPositionOfUser($user_id, $pos_perm, $ref_id, $user_ids);
809 }
810
814 public function filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids): array
815 {
816 return $this->ilOrgUnitPositionAccess->filterUserIdsByRbacOrPositionOfCurrentUser(
817 $rbac_perm,
818 $pos_perm,
819 $ref_id,
820 $user_ids
821 );
822 }
823
827 public function hasCurrentUserAnyPositionAccess(int $ref_id): bool
828 {
829 return $this->ilOrgUnitPositionAccess->hasCurrentUserAnyPositionAccess($ref_id);
830 }
831
835 public function hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id): bool
836 {
837 return $this->ilOrgUnitPositionAccess->hasUserRBACorAnyPositionAccess($rbac_perm, $ref_id);
838 }
839}
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
$location
$location
Definition: buildRTE.php:22
ilAccessInfo
class ilAccessInfo
Definition: class.ilAccessInfo.php:27
ilAccessInfo\IL_MISSING_PRECONDITION
const IL_MISSING_PRECONDITION
Definition: class.ilAccessInfo.php:29
ilAccess
Class ilAccessHandler Checks access for ILIAS objects.
Definition: class.ilAccess.php:28
ilAccess\$obj_type_cache
array $obj_type_cache
Definition: class.ilAccess.php:33
ilAccess\$rbacsystem
ilRbacSystem $rbacsystem
Definition: class.ilAccess.php:53
ilAccess\enable
enable(string $a_str, bool $a_bool)
@deprected
Definition: class.ilAccess.php:725
ilAccess\$stored_rbac_access
array $stored_rbac_access
Definition: class.ilAccess.php:50
ilAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilAccess.php:835
ilAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
bool getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:762
ilAccess\$ac_cache
array $ac_cache
Definition: class.ilAccess.php:35
ilAccess\addInfoItem
addInfoItem(string $a_type, string $a_text, string $a_data="")
add an info item to current info object
Definition: class.ilAccess.php:185
ilAccess\$last_info
ilAccessInfo $last_info
Definition: class.ilAccess.php:47
ilAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
bool
Definition: class.ilAccess.php:790
ilAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
int[] getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:806
ilAccess\doPathCheck
doPathCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, bool $a_all=false)
check read permission for all parents
Definition: class.ilAccess.php:487
ilAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
int[] getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:798
ilAccess\storeAccessResult
storeAccessResult(string $a_permission, string $a_cmd, int $a_ref_id, bool $a_access_granted, ?int $a_user_id=null, ?ilAccessInfo $a_info=null)
store access result
Definition: class.ilAccess.php:104
ilAccess\doConditionCheck
doConditionCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
condition check (currently only implemented for read permission)
Definition: class.ilAccess.php:611
ilAccess\$obj_tree_cache
array $obj_tree_cache
Definition: class.ilAccess.php:32
ilAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
int[]
Definition: class.ilAccess.php:814
ilAccess\$results
array $results
Definition: class.ilAccess.php:48
ilAccess\doRBACCheck
doRBACCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, string $a_type)
rbac check for current object -> type is used for create permission
Definition: class.ilAccess.php:444
ilAccess\getResultLast
getResultLast()
get last info object
Definition: class.ilAccess.php:345
ilAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
bool getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:782
ilAccess\$repositoryTree
ilTree $repositoryTree
Definition: class.ilAccess.php:57
ilAccess\$language
ilLanguage $language
Definition: class.ilAccess.php:60
ilAccess\$current_result_element
array $current_result_element
Definition: class.ilAccess.php:51
ilAccess\$obj_id_cache
array $obj_id_cache
Definition: class.ilAccess.php:34
ilAccess\getPreventCachingLastResult
getPreventCachingLastResult()
Get prevent caching last result.
Definition: class.ilAccess.php:143
ilAccess\$prevent_caching_last_result
bool $prevent_caching_last_result
Definition: class.ilAccess.php:44
ilAccess\$current_info
ilAccessInfo $current_info
Definition: class.ilAccess.php:46
ilAccess\doCacheCheck
doCacheCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id)
look if result for current query is already in cachearray<{hit: bool, granted: bool,...
Definition: class.ilAccess.php:365
ilAccess\MAX_CACHE_SIZE
const MAX_CACHE_SIZE
Definition: class.ilAccess.php:29
ilAccess\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
Definition: class.ilAccess.php:517
ilAccess\getResultAll
getResultAll(int $a_ref_id=0)
Definition: class.ilAccess.php:353
ilAccess\$objDefinition
ilObjectDefinition $objDefinition
Definition: class.ilAccess.php:58
ilAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
int[] Filtered List of ILIAS-User-IDs ilOrgUnitAccessException when a unknown permission is used....
Definition: class.ilAccess.php:739
ilAccess\$ac_logger
ilLogger $ac_logger
Definition: class.ilAccess.php:55
ilAccess\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
Definition: class.ilAccess.php:664
ilAccess\hasCurrentUserAnyPositionAccess
hasCurrentUserAnyPositionAccess(int $ref_id)
bool
Definition: class.ilAccess.php:827
ilAccess\setResults
setResults(array $a_results)
Definition: class.ilAccess.php:177
ilAccess\$last_result
array $last_result
Definition: class.ilAccess.php:49
ilAccess\checkAccessOfUser
checkAccessOfUser(int $a_user_id, string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=0, ?int $a_tree_id=0)
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:215
ilAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
bool getAvailablePositionRelatedPermissions for available permissions
Definition: class.ilAccess.php:770
ilAccess\$ilOrgUnitPositionAccess
ilOrgUnitPositionAccess $ilOrgUnitPositionAccess
Definition: class.ilAccess.php:31
ilAccess\checkAccess
checkAccess(string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=null, ?int $a_tree_id=null)
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:193
ilAccess\$db
ilDBInterface $db
Definition: class.ilAccess.php:56
ilAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
int[] Filtered List of ILIAS-User-IDs ilOrgUnitAccessException when a unknown permission is used....
Definition: class.ilAccess.php:750
ilAccess\$condition
bool $condition
Definition: class.ilAccess.php:39
ilAccess\getInfo
getInfo()
get last info objectilAccessInfo::getInfoItems()
Definition: class.ilAccess.php:337
ilAccess\doTreeCheck
doTreeCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id)
check if object is in tree and not deleted
Definition: class.ilAccess.php:393
ilAccess\setPreventCachingLastResult
setPreventCachingLastResult(bool $a_val)
Set prevent caching last result.
Definition: class.ilAccess.php:135
ilAccess\getStoredAccessResult
getStoredAccessResult(string $a_permission, string $a_cmd, int $a_ref_id, ?int $a_user_id=null)
get stored access resultarray<{granted: bool, info: ?ilAccessInfo, prevent_db_cache: bool}>
Definition: class.ilAccess.php:151
ilAccess\$user
ilObjUser $user
Definition: class.ilAccess.php:54
ilConditionHandler\lookupEffectiveHiddenStatusByTarget
static lookupEffectiveHiddenStatusByTarget(int $a_target_ref_id)
Lookup hidden status (also take container control into account)
Definition: class.ilConditionHandler.php:181
ilConditionHandler\_checkAllConditionsOfTarget
static _checkAllConditionsOfTarget(int $a_target_ref_id, int $a_target_id, string $a_target_type="", int $a_usr_id=0)
checks wether all conditions of a target object are fulfilled
Definition: class.ilConditionHandler.php:994
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjUser
User class.
Definition: class.ilObjUser.php:48
ilObjectActivation\getItem
static getItem(int $ref_id)
Definition: class.ilObjectActivation.php:194
ilObjectDefinition
parses the objects.xml it handles the xml-description of all ilias objects
Definition: class.ilObjectDefinition.php:29
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilObject\lookupOfflineStatus
static lookupOfflineStatus(int $obj_id)
Lookup offline status using objectDataCache.
Definition: class.ilObject.php:856
ilOrgUnitPositionAccess
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPositionAccess.php:24
ilOrgUnitPositionAccess\filterUserIdsByRbacOrPositionOfCurrentUser
filterUserIdsByRbacOrPositionOfCurrentUser(string $rbac_perm, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:240
ilOrgUnitPositionAccess\isUserBasedOnPositionsAllowedTo
isUserBasedOnPositionsAllowedTo(int $which_user_id, string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:83
ilOrgUnitPositionAccess\filterUserIdsByPositionOfCurrentUser
filterUserIdsByPositionOfCurrentUser(string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:100
ilOrgUnitPositionAccess\isCurrentUserBasedOnPositionsAllowedTo
isCurrentUserBasedOnPositionsAllowedTo(string $permission, array $on_user_ids)
Definition: class.ilOrgUnitPositionAccess.php:74
ilOrgUnitPositionAccess\hasUserRBACorAnyPositionAccess
hasUserRBACorAnyPositionAccess(string $rbac_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:257
ilOrgUnitPositionAccess\checkRbacOrPositionPermissionAccess
checkRbacOrPositionPermissionAccess(string $rbac_perm, string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:225
ilOrgUnitPositionAccess\checkPositionAccess
checkPositionAccess(string $pos_perm, int $ref_id)
Definition: class.ilOrgUnitPositionAccess.php:183
ilOrgUnitPositionAccess\filterUserIdsForCurrentUsersPositionsAndPermission
filterUserIdsForCurrentUsersPositionsAndPermission(array $user_ids, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:48
ilOrgUnitPositionAccess\filterUserIdsForUsersPositionsAndPermission
filterUserIdsForUsersPositionsAndPermission(array $user_ids, int $for_user_id, string $permission)
Definition: class.ilOrgUnitPositionAccess.php:59
ilOrgUnitPositionAccess\filterUserIdsByPositionOfUser
filterUserIdsByPositionOfUser(int $user_id, string $pos_perm, int $ref_id, array $user_ids)
Definition: class.ilOrgUnitPositionAccess.php:109
ilRbacSystem
class ilRbacSystem system function like checkAccess, addActiveRole ... Supporting system functions ar...
Definition: class.ilRbacSystem.php:34
ilTree
Tree class data representation in hierachical trees using the Nested Set Model with Gaps by Joe Celco...
Definition: class.ilTree.php:30
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
return
return['delivery_method'=> 'php',]
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: delivery_method.php:21
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:30
$ref_id
$ref_id
Definition: ltiauth.php:66
$path
$path
Definition: ltiservices.php:30
$results
$results
Definition: save_question_post_data.php:22
if
if(!file_exists('../ilias.ini.php'))
Definition: sessioncheck.php:23
$DIC
global $DIC
Definition: shib_login.php:26
getLanguage
getLanguage()