/** * check access for an object * * @param ilTree $a_tree * @param integer $a_user_id * @param string $a_permission * @param string $a_cmd * @param int $a_node_id * @param string $a_type (optional) * @return bool */ public function checkAccessOfUser(ilTree $a_tree, $a_user_id, $a_permission, $a_cmd, $a_node_id, $a_type = "") { global $rbacreview, $ilUser; // :TODO: create permission for parent node with type ?! // tree root is read-only if ($a_permission == "write") { if ($a_tree->readRootId() == $a_node_id) { return false; } } // node owner has all rights if ($a_tree->lookupOwner($a_node_id) == $a_user_id) { return true; } // other users can only read if ($a_permission == "read" || $a_permission == "visible") { // get all objects with explicit permission $objects = $this->getPermissions($a_node_id); if ($objects) { // check if given user is member of object or has role foreach ($objects as $obj_id) { switch ($obj_id) { case ilWorkspaceAccessGUI::PERMISSION_ALL: return true; case ilWorkspaceAccessGUI::PERMISSION_ALL_PASSWORD: // check against input kept in session if (self::getSharedNodePassword($a_node_id) == self::getSharedSessionPassword($a_node_id) || $a_permission == "visible") { return true; } break; case ilWorkspaceAccessGUI::PERMISSION_REGISTERED: if ($ilUser->getId() != ANONYMOUS_USER_ID) { return true; } break; default: switch (ilObject::_lookupType($obj_id)) { case "grp": // member of group? if (ilGroupParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) { return true; } break; case "crs": // member of course? if (ilCourseParticipants::_getInstanceByObjId($obj_id)->isAssigned($a_user_id)) { return true; } break; case "role": // has role? if ($rbacreview->isAssigned($a_user_id, $obj_id)) { return true; } break; case "usr": // direct assignment if ($a_user_id == $obj_id) { return true; } break; } break; } } } } return false; }