Feature Wiki

Information about planned and released features

Tabs

WAC Support or Plugins

Page Overview

1 Initial Problem
2 Conceptual Summary
3 Technical Information
4 Additional Information
5 Funding
6 Discussion
7 Implementation

1 Initial Problem

The Web Access Checker (WAC) checks if the user has indeed sufficient permissions to retriev a file from the storage server (NFS-mount). That works well for Core Services like the Forum. In the Forum uploading a picture through TinyMCE poses no problem. Uploading the same picture through the same TinyMCE instance used by a plugin does not work. WAC does not recognize the plugin and it's permissions.

2 Conceptual Summary

WAC should be able to be used regardless of the Services/Plugins provided by the core or by the user.

3 Technical Information

As fas as I can see, there are two solutions to this problem, and both are connected to the switch statements in: ilias/Services/MediaObjects/classes/class.ilObjMediaObjectAccess.php.

The first solution adds a new switch case to ilias/Services/MediaObjects/classes/class.ilObjMediaObjectAccess.php which checks if the permissions and returns true if they are sufficient, otherwise false. This new switch case could be obviously some generic one.

protected function checkAccessMob($obj_id) {
    ...
    switch ($usage["type"]) {
        ...
        case "xsev:html: // new case specifically for a plugin
        global $ilAccess;
        return $ilAccess->checkAccess(...);
        break;
        ...
    }
}

The other solution would be to make the plugin use a predefined case statement as a template instead. Therefore masking it's true name.

4 Additional Information

Author of the Request: Tomasz Kolonko (Universität Bern)
Maintainer:
Implementation of the feature is done by:

5 Funding

If you are interest in funding this feature, please add your name and institution to this list.

University of Berne

6 Discussion

Schmid, Fabian [fschmid], 11 July 2017: I currently see two ways to implement your requirements:

ilObjMediaObjectAccess tries to determine the plugin-type using the first part of the usage-string (e.g. xlvo:html would lead to LiveVoting) following by checking the ilObj<PluginName>Access exists and check for ref_id access for the current user. This would lead to a restriction to Repository-Object-Plugins.
A more general way would be that ilObjMediaObjectAccess loops over all available plugins using ilPluginAdmin. Every Plugin which implements the ilWACCheckingClass in it's il<PluginName>Plugin-Class will be asked whether the current request can be delivered or not. The fist Plugin which says yes wins. This would lead to a more general usage of the WAC for plugins but seems to be more risky and more imperformant.

IMHO this needs some more investigation which way is the best.

7 Implementation

{The maintainer has to give a description of the final implementation and add screenshots if possible.}

Test Cases

Test cases completed at {date} by {user}

{Test case number linked to Testrail} : {test case title}

Approval

Approved at {date} by {user}.

Last edited: 11. Jul 2017, 11:26, Schmid, Fabian [fschmid]