1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once("./Services/Repository/classes/class.ilObjectPluginAccess.php");
5include_once("class.ilCloudConnector.php");
6include_once("class.ilObjCloud.php");
7
8/**
9 * Class ilObjCloudAccess
10 *
11 * @author    Timon Amstutz <timon.amstutz@ilub.unibe.ch>
12 * @version   $Id:
13 *
14 * @extends   ilObjectAccess
15 */
16class ilObjCloudAccess extends ilObjectAccess
17{
18    protected static $access_cache = array();
19
20
21    public static function _getCommands()
22    {
23        $commands = array(
24            array( "permission" => "read", "cmd" => "render", "lang_var" => "show", "default" => true ),
25            array( "permission" => "write", "cmd" => "editSettings", "lang_var" => "settings" ),
26        );
27
28        return $commands;
29    }
30
31
32    /**
33     * @param string $a_cmd
34     * @param string $a_permission
35     * @param int $a_ref_id
36     * @param int $a_obj_id
37     * @param string $a_user_id
38     * @return bool
39     */
40    public function _checkAccess($a_cmd, $a_permission, $a_ref_id, $a_obj_id, $a_user_id = "")
41    {
42        global $DIC;
43        $ilUser = $DIC['ilUser'];
44        $rbacsystem = $DIC['rbacsystem'];
45        $rbacreview = $DIC['rbacreview'];
46
47        $object = new ilObjCloud($a_ref_id);
48
49        /**
50         * Check if plugin of object is active
51         */
52        try {
53            ilCloudConnector::checkServiceActive($object->getServiceName());
54        } catch (Exception $e) {
55            return false;
56        }
57
58        if ($a_user_id == "") {
59            $a_user_id = $ilUser->getId();
60        }
61
62        /**
63         * Check if authentication is complete. If not, only the owner of the object has access. This prevents the
64         * authentication of an account which does not belong to the owner.
65         */
66        if (!ilObjCloudAccess::checkAuthStatus($a_obj_id) && $a_user_id != $object->getOwnerId() && !$rbacreview->isAssigned($a_user_id, 2)) {
67            return false;
68        }
69
70        switch ($a_permission) {
71            case "visible":
72            case "read":
73                if (!ilObjCloudAccess::checkOnline($a_obj_id) && !$rbacsystem->checkAccessOfUser($a_user_id, "write", $a_ref_id)) {
74                    return false;
75                }
76                break;
77        }
78
79        return true;
80    }
81
82
83    /**
84     * @param $a_target
85     * @return bool
86     */
87    public static function _checkGoto($a_target)
88    {
89        global $DIC;
90        $ilAccess = $DIC['ilAccess'];
91
92        $t_arr = explode("_", $a_target);
93
94        if ($ilAccess->checkAccess("read", "", $t_arr[1])) {
95            return true;
96        }
97
98        return false;
99    }
100
101
102    /**
103     * @param $a_id
104     * @return mixed
105     */
106    public static function checkOnline($a_id)
107    {
108        global $DIC;
109        $ilDB = $DIC['ilDB'];
110
111        if (!isset(self::$access_cache[$a_id]["online"])) {
112            $set = $ilDB->query("SELECT is_online FROM il_cld_data " . " WHERE id = " . $ilDB->quote($a_id, "integer"));
113            $rec = $ilDB->fetchAssoc($set);
114            self::$access_cache[$a_id]["online"] = (boolean) ($rec["is_online"]);
115        }
116
117        return self::$access_cache[$a_id]["online"];
118    }
119
120
121    /**
122     * @param $a_id
123     * @return mixed
124     */
125    public static function checkAuthStatus($a_id)
126    {
127        global $DIC;
128        $ilDB = $DIC['ilDB'];
129
130        if (!isset(self::$access_cache[$a_id]["auth_status"])) {
131            $set = $ilDB->query("SELECT auth_complete FROM il_cld_data " . " WHERE id = " . $ilDB->quote($a_id, "integer"));
132            $rec = $ilDB->fetchAssoc($set);
133            self::$access_cache[$a_id]["auth_status"] = (boolean) $rec["auth_complete"];
134        }
135
136        return self::$access_cache[$a_id]["auth_status"];
137    }
138}
139