/**
* check access for an object
*
* @param ilTree $a_tree
* @param integer $a_user_id
* @param string $a_permission
* @param string $a_cmd
* @param int $a_node_id
* @param string $a_type (optional)
* @return bool
*/
public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "")
{
global $rbacreview, $ilUser;
// :TODO: create permission for parent node with type ?!
// tree root is read-only
if ($a_permission == "write") {
if ($a_tree->readRootId() == $a_node_id) {
return false;
}
}
// node owner has all rights
if ($a_tree->lookupOwner($a_node_id) == $a_user_id) {
return true;
}
// other users can only read
if ($a_permission == "read" || $a_permission == "visible") {
// get all objects with explicit permission
$objects = $this->getPermissions($a_node_id);
if ($objects) {
// check if given user is member of object or has role
foreach ($objects as $obj_id) {
switch ($obj_id) {
case ilWorkspaceAccessGUI::PERMISSION_ALL:
return true;
case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD:
// check against input kept in session
if (self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) || $a_permission == "visible") {
return true;
}
break;
case ilWorkspaceAccessGUI::PERMISSION_REGISTERED:
if ($ilUser->getId() != ANONYMOUS_USER_ID) {
return true;
}
break;
default:
switch (ilObject::_lookupType($obj_id)) {
case "grp":
// member of group?
if (ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) {
return true;
}
break;
case "crs":
// member of course?
if (ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) {
return true;
}
break;
case "role":
// has role?
if ($rbacreview->isAssigned($a_user_id, $obj_id)) {
return true;
}
break;
case "usr":
// direct assignment
if ($a_user_id == $obj_id) {
return true;
}
break;
}
break;
}
}
}
}
return false;
}
