function checkAccessOfUser($a_user_id, $a_operations, $a_ref_id, $a_type = "")
{
global $ilUser, $rbacreview, $ilObjDataCache, $ilDB, $ilLog;
// Create the user cache key
$cacheKey = $a_user_id . ':' . $a_operations . ':' . $a_ref_id . ':' . $a_type;
// Create the cache if it does not yet exist
if (!is_array(self::$_checkAccessOfUserCache)) {
self::$_checkAccessOfUserCache = array();
}
// Try to return result from cache
if (array_key_exists($cacheKey, self::$_checkAccessOfUserCache)) {
return self::$_checkAccessOfUserCache[$cacheKey];
}
#echo ++$counter;
// DISABLED
// Check For owner
// Owners do always have full access to their objects
// Excluded are the permissions create and perm
// This method call return all operations that are NOT granted by the owner status
if (!($a_operations = $this->__filterOwnerPermissions($a_user_id, $a_operations, $a_ref_id))) {
// Store positive outcome in cache.
// Note: we only cache up to 1000 results to avoid memory overflows
if (count(self::$_checkAccessOfUserCache) < 1000) {
self::$_checkAccessOfUserCache[$cacheKey] = true;
}
return true;
}
// get roles using role cache
$roles = $this->fetchAssignedRoles($a_user_id, $a_ref_id);
// exclude system role from rbac
if (in_array(SYSTEM_ROLE_ID, $roles)) {
// Store positive outcome in cache.
// Note: we only cache up to 1000 results to avoid memory overflows
if (count(self::$_checkAccessOfUserCache) < 1000) {
self::$_checkAccessOfUserCache[$cacheKey] = true;
}
return true;
}
if (!isset($a_operations) or !isset($a_ref_id)) {
$GLOBALS['ilLog']->logStack();
$this->ilErr->raiseError(get_class($this) . "::checkAccess(): Missing parameter! " . "ref_id: " . $a_ref_id . " operations: " . $a_operations, $this->ilErr->WARNING);
}
if (!is_string($a_operations)) {
$GLOBALS['ilLog']->logStack();
$this->ilErr->raiseError(get_class($this) . "::checkAccess(): Wrong datatype for operations!", $this->ilErr->WARNING);
}
// Create the PA cache if it does not exist yet
$paCacheKey = $a_user_id . ':' . $a_ref_id;
if (!is_array(self::$_paCache)) {
self::$_paCache = array();
}
if (array_key_exists($paCacheKey, self::$_paCache)) {
// Return result from PA cache
$ops = self::$_paCache[$paCacheKey];
} else {
// Data is not in PA cache, perform database query
$q = "SELECT * FROM rbac_pa " . "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer');
$r = $this->ilDB->query($q);
$ops = array();
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT)) {
if (in_array($row->rol_id, $roles)) {
$ops = array_merge($ops, unserialize(stripslashes($row->ops_id)));
}
}
// Cache up to 1000 entries in the PA cache
if (count(self::$_paCache) < 1000) {
self::$_paCache[$paCacheKey] = $ops;
}
}
$operations = explode(",", $a_operations);
foreach ($operations as $operation) {
if ($operation == "create") {
if (empty($a_type)) {
$this->ilErr->raiseError(get_class($this) . "::CheckAccess(): Expect a type definition for checking a 'create' permission", $this->ilErr->WARNING);
}
$ops_id = ilRbacReview::_getOperationIdByName($operation . "_" . $a_type);
} else {
$ops_id = ilRbacReview::_getOperationIdByName($operation);
}
if (!in_array($ops_id, (array) $ops)) {
//$ilLog->write('PERMISSION: '.$a_ref_id.' -> '.$a_ops_id.' failed');
// Store negative outcome in cache.
// Note: we only cache up to 1000 results to avoid memory overflows
if (count(self::$_checkAccessOfUserCache) < 1000) {
self::$_checkAccessOfUserCache[$cacheKey] = false;
}
return false;
}
}
// Store positive outcome in cache.
// Note: we only cache up to 1000 results to avoid memory overflows
if (count(self::$_checkAccessOfUserCache) < 1000) {
//$ilLog->write('PERMISSION: '.$a_ref_id.' -> '.$ops_id.' granted');
self::$_checkAccessOfUserCache[$cacheKey] = true;
}
return true;
}
function getRolesWithContribute($a_node_id)
{
global $rbacreview;
include_once "Services/AccessControl/classes/class.ilObjRole.php";
$contr_op_id = ilRbacReview::_getOperationIdByName("contribute");
$contr_role_id = $this->getLocalContributorRole($a_node_id);
$res = array();
foreach ($rbacreview->getParentRoleIds($a_node_id) as $role_id => $role) {
if ($role_id != $contr_role_id && in_array($contr_op_id, $rbacreview->getActiveOperationsOfRole($a_node_id, $role_id))) {
$res[$role_id] = ilObjRole::_getTranslation($role["title"]);
}
}
return $res;
}
