00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00033 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
00034
00035 class ilSoapRBACAdministration extends ilSoapAdministration
00036 {
00037 function ilSoapRBACAdministration()
00038 {
00039 parent::ilSoapAdministration();
00040 }
00041
00042
00043 function deleteRole($sid,$role_id)
00044 {
00045 if(!$this->__checkSession($sid))
00046 {
00047 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00048 }
00049
00050
00051 include_once './include/inc.header.php';
00052 global $rbacreview, $rbacsystem;
00053
00054 if(!$tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) or $tmp_role->getType() != 'role')
00055 {
00056 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00057 'Client');
00058 }
00059
00060 $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id,true));
00061 if(!$rbacsystem->checkAccess('delete',$rolf_id))
00062 {
00063 return $this->__raiseError('Check access failed. No permission to delete role','Server');
00064 }
00065
00066
00067 foreach($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id)
00068 {
00069 if(count($rbacreview->assignedRoles($user_id)) == 1)
00070 {
00071 return $this->__raiseError('Cannot deassign last role of users',
00072 'Client');
00073 }
00074 }
00075
00076
00077 $tmp_role->setParent($rolf_id);
00078 $tmp_role->delete();
00079
00080 return true;
00081 }
00082
00083 function addUserRoleEntry($sid,$user_id,$role_id)
00084 {
00085
00086 if(!$this->__checkSession($sid))
00087 {
00088 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00089 }
00090
00091
00092 include_once './include/inc.header.php';
00093
00094 global $rbacadmin;
00095
00096 if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id) and $tmp_user->getType() != 'usr')
00097 {
00098 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00099 'Client');
00100 }
00101 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id) and $tmp_role->getType() != 'role')
00102 {
00103 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00104 'Client');
00105 }
00106
00107 if(!$rbacadmin->assignUser($role_id,$user_id))
00108 {
00109 return $this->__raiseError('Error rbacadmin->assignUser()',
00110 'Server');
00111 }
00112 return true;
00113 }
00114 function deleteUserRoleEntry($sid,$user_id,$role_id)
00115 {
00116 if(!$this->__checkSession($sid))
00117 {
00118 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00119 }
00120
00121
00122 include_once './include/inc.header.php';
00123 global $rbacadmin;
00124
00125 if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false) and $tmp_user->getType() != 'usr')
00126 {
00127 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00128 'Client');
00129 }
00130 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00131 {
00132 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00133 'Client');
00134 }
00135
00136 if(!$rbacadmin->deassignUser($role_id,$user_id))
00137 {
00138 return $this->__raiseError('Error rbacadmin->deassignUser()',
00139 'Server');
00140 }
00141 return true;
00142 }
00143
00144 function getOperations($sid)
00145 {
00146 if(!$this->__checkSession($sid))
00147 {
00148 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00149 }
00150
00151
00152 include_once './include/inc.header.php';
00153 global $rbacreview;
00154
00155 if(is_array($ops = $rbacreview->getOperations()))
00156 {
00157 return $ops;
00158 }
00159 else
00160 {
00161 return $this->__raiseError('Unknown error','Server');
00162 }
00163 }
00164
00165 function revokePermissions($sid,$ref_id,$role_id)
00166 {
00167 if(!$this->__checkSession($sid))
00168 {
00169 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00170 }
00171
00172
00173 include_once './include/inc.header.php';
00174 global $rbacadmin;
00175
00176 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00177 {
00178 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00179 'Client');
00180 }
00181 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00182 {
00183 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00184 'Client');
00185 }
00186 if ($role_id == SYSTEM_ROLE_ID)
00187 {
00188 return $this->__raiseError('Cannot revoke permissions of system role',
00189 'Client');
00190 }
00191
00192 $rbacadmin->revokePermission($ref_id,$role_id);
00193
00194 return true;
00195 }
00196 function grantPermissions($sid,$ref_id,$role_id,$permissions)
00197 {
00198 if(!$this->__checkSession($sid))
00199 {
00200 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00201 }
00202
00203
00204 include_once './include/inc.header.php';
00205 global $rbacadmin;
00206
00207 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00208 {
00209 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00210 'Client');
00211 }
00212 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00213 {
00214 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00215 'Client');
00216 }
00217
00218 if(!is_array($permissions))
00219 {
00220 return $this->__raiseError('No valid permissions given.'.print_r($permissions),
00221 'Client');
00222 }
00223
00224 $rbacadmin->revokePermission($ref_id,$role_id);
00225 $rbacadmin->grantPermission($role_id,$permissions,$ref_id);
00226
00227 return true;
00228 }
00229
00230 function getLocalRoles($sid,$ref_id)
00231 {
00232 if(!$this->__checkSession($sid))
00233 {
00234 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00235 }
00236
00237
00238 include_once './include/inc.header.php';
00239 global $rbacreview;
00240
00241 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00242 {
00243 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00244 'Client');
00245 }
00246
00247 $role_folder = $rbacreview->getRoleFolderOfObject($ref_id);
00248
00249 if(count($role_folder))
00250 {
00251 foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
00252 {
00253 if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
00254 {
00255 $objs[] = $tmp_obj;
00256 }
00257 }
00258 }
00259 if(count($objs))
00260 {
00261 include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
00262
00263 $xml_writer = new ilObjectXMLWriter();
00264 $xml_writer->setObjects($objs);
00265 if($xml_writer->start())
00266 {
00267 return $xml_writer->getXML();
00268 }
00269 }
00270 return '';
00271 }
00272
00273 function getUserRoles($sid,$user_id)
00274 {
00275 if(!$this->__checkSession($sid))
00276 {
00277 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00278 }
00279
00280
00281 include_once './include/inc.header.php';
00282 global $rbacreview;
00283
00284 if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
00285 {
00286 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00287 'Client');
00288 }
00289
00290 foreach($rbacreview->assignedRoles($user_id) as $role_id)
00291 {
00292 if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
00293 {
00294 $objs[] = $tmp_obj;
00295 }
00296 }
00297 if(count($objs))
00298 {
00299 include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
00300
00301 $xml_writer = new ilObjectXMLWriter();
00302 $xml_writer->setObjects($objs);
00303 if($xml_writer->start())
00304 {
00305 return $xml_writer->getXML();
00306 }
00307 }
00308 return '';
00309 }
00310
00311 function addRole($sid,$target_id,$role_xml)
00312 {
00313 if(!$this->__checkSession($sid))
00314 {
00315 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00316 }
00317
00318
00319 include_once './include/inc.header.php';
00320 global $rbacreview, $objDefinition, $rbacsystem;
00321
00322 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
00323 {
00324 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00325 'Client');
00326 }
00327 include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
00328
00329 $xml_parser =& new ilObjectXMLParser($role_xml);
00330 $xml_parser->startParsing();
00331
00332 foreach($xml_parser->getObjectData() as $object_data)
00333 {
00334
00335 if($rbacreview->roleExists($object_data['title']))
00336 {
00337 return $this->__raiseError('The rolename must be unique. A role with name '.$object_data['title'].' already exists',
00338 'Client');
00339 }
00340
00341 if(substr($object_data['title'],0,3) == "il_")
00342 {
00343 return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
00344 'Client');
00345 }
00346
00347 $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
00348 if (!$rolf_id = $rolf_data["child"])
00349 {
00350
00351 $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
00352 if(!isset($subobjects["rolf"]))
00353 {
00354 return $this->__raiseError('Cannot create role at this position',
00355 'Client');
00356 }
00357
00358
00359 if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
00360 {
00361 return $this->__raiseError('No permission to create role folders',
00362 'Client');
00363 }
00364
00365
00366 $rolf_obj = $tmp_obj->createRoleFolder();
00367 $rolf_id = $rolf_obj->getRefId();
00368 }
00369 $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
00370 $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description'],
00371 $object_data['import_id']);
00372
00373 $new_roles[] = $role_obj->getId();
00374 }
00375
00376 return $new_roles ? $new_roles : array();
00377 }
00378
00379 function addRoleFromTemplate($sid,$target_id,$role_xml,$template_id)
00380 {
00381 if(!$this->__checkSession($sid))
00382 {
00383 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00384 }
00385
00386
00387 include_once './include/inc.header.php';
00388 global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin;
00389
00390 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
00391 {
00392 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00393 'Client');
00394 }
00395 if(ilObject::_lookupType($template_id) != 'rolt')
00396 {
00397 return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template',
00398 'Client');
00399 }
00400
00401
00402
00403 include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
00404
00405 $xml_parser =& new ilObjectXMLParser($role_xml);
00406 $xml_parser->startParsing();
00407
00408 foreach($xml_parser->getObjectData() as $object_data)
00409 {
00410
00411 if($rbacreview->roleExists($object_data['title']))
00412 {
00413 return $this->__raiseError('The rolename must be unique. A role with name '.$object_data['title'].' already exists',
00414 'Client');
00415 }
00416
00417 if(substr($object_data['title'],0,3) == "il_")
00418 {
00419 return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
00420 'Client');
00421 }
00422
00423 $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
00424 if (!$rolf_id = $rolf_data["child"])
00425 {
00426
00427 $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
00428 if(!isset($subobjects["rolf"]))
00429 {
00430 return $this->__raiseError('Cannot create role at this position',
00431 'Client');
00432 }
00433
00434
00435 if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
00436 {
00437 return $this->__raiseError('No permission to create role folders',
00438 'Client');
00439 }
00440
00441
00442 $rolf_obj = $tmp_obj->createRoleFolder();
00443 $rolf_id = $rolf_obj->getRefId();
00444 }
00445 $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
00446 $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description']);
00447
00448
00449 $rbacadmin->copyRolePermission($template_id,ROLE_FOLDER_ID,$rolf_obj->getRefId(),$role_obj->getId());
00450
00451
00452 $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),$tmp_obj->getType(),$rolf_obj->getRefId());
00453 $rbacadmin->grantPermission($role_obj->getId(),$ops,$target_id);
00454
00455
00456 $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),"rolf",$rolf_obj->getRefId());
00457 $rbacadmin->grantPermission($role_obj->getId(),$ops,$rolf_obj->getRefId());
00458
00459 $new_roles[] = $role_obj->getId();
00460 }
00461
00462
00463
00464
00465
00466
00467
00468
00469 return $new_roles ? $new_roles : array();
00470 }
00471
00472 function getObjectTreeOperations($sid,$ref_id,$user_id)
00473 {
00474 if(!$this->__checkSession($sid))
00475 {
00476 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00477 }
00478
00479
00480 include_once './include/inc.header.php';
00481 global $rbacsystem,$rbacreview,$ilAccess;
00482
00483
00484 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00485 {
00486 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00487 'Client');
00488 }
00489
00490 if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
00491 {
00492 return $this->__raiseError('No valid user id given.',
00493 'Client');
00494 }
00495
00496
00497
00498 if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'visible','view',$tmp_obj->getRefId()))
00499 {
00500 return array();
00501 }
00502 $op_data = $rbacreview->getOperation(2);
00503 $ops_data[] = $op_data;
00504
00505 if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'read','view',$tmp_obj->getRefId()))
00506 {
00507 return $ops_data;
00508 }
00509
00510
00511 $ops_data = array();
00512 $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
00513 foreach($ops as $ops_id)
00514 {
00515 $op_data = $rbacreview->getOperation($ops_id);
00516
00517 if($rbacsystem->checkAccessOfUser($user_id,$op_data['operation'],$tmp_obj->getRefId()))
00518 {
00519 $ops_data[$ops_id] = $op_data;
00520 }
00521
00522 }
00523
00524 foreach($ops_data as $data)
00525 {
00526 $ret_data[] = $data;
00527 }
00528 return $ret_data ? $ret_data : array();
00529 }
00530
00539 function getRoles($sid, $role_type, $id)
00540 {
00541 if(!$this->__checkSession($sid))
00542 {
00543 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00544 }
00545
00546
00547 include_once './include/inc.header.php';
00548
00549 global $rbacsystem, $rbacreview, $ilUser, $ilDB;
00550
00551 $roles = array();
00552
00553 if ( strcasecmp($role_type,"") != 0 &&
00554 strcasecmp($role_type,"local") != 0 &&
00555 strcasecmp($role_type,"global") != 0 &&
00556 strcasecmp($role_type,"user") != 0 &&
00557 strcasecmp($role_type,"template") != 0)
00558 {
00559 return $this->__raiseError('Called service with wrong role_type parameter \''.$role_type.'\'','Client');
00560 }
00561
00562 if (strcasecmp($role_type,"template") == 0)
00563
00564 {
00565 $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
00566 } elseif (strcasecmp($role_type,"user")==0)
00567
00568 {
00569 $role_type = "";
00570
00571 if (!is_numeric($id))
00572
00573 {
00574 $user_id = ilObjUser::getUserIdByLogin($id);
00575 if (!$user_id)
00576
00577 {
00578 return $this->__raiseError('User with login \''.$id.'\' does not exist!','Client');
00579 }
00580 } else
00581 // this is an id, check for login
00582 {
00583 $login = ilObjUser::_lookupLogin($id);
00584 if (!$login)
00585 // could not find a valid user
00586 {
00587 return $this->__raiseError('User with Id \''.$id.'\' does not exist!','Client');
00588 }
00589
00590 $user_id = $id;
00591 }
00592
00593 if ($user_id != $ilUser->getId())
00594 // check access for user folder
00595 {
00596 $tmpUser = new ilObjUser($user_id);
00597 $timelimitOwner = $tmpUser->getTimeLimitOwner();
00598 if(!$rbacsystem->checkAccess('read',$timelimitOwner))
00599 {
00600 return $this->__raiseError('Check access for time limit owner failed.','Server');
00601 }
00602 }
00603
00604
00605 $query = sprintf("SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=".$user_id,
00606 join ("','", $rbacreview->assignedRoles($user_id))
00607 );
00608
00609 $rbacresult = $ilDB->query($query);
00610
00611
00612 while ($rbacrow = $rbacresult->fetchRow(DB_FETCHMODE_ASSOC))
00613 {
00614 if ($rbacrow["assign"] != "y")
00615 continue;
00616
00617 $type = "";
00618
00619 if ($rbacrow["parent"] == ROLE_FOLDER_ID)
00620 {
00621 $type = "Global";
00622 }
00623 else
00624 {
00625 $type = "Local";
00626 }
00627 if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"],false))
00628 {
00629 /* @var $tmp_obj IlObjRole */
00630 $roles[] = array (
00631 "obj_id" =>$rbacrow["rol_id"],
00632 "title" => $tmp_obj->getTitle(),
00633 "description" => $tmp_obj->getDescription(),
00634 "role_type" => $type);
00635 }
00636
00637 }
00638 } elseif ($id == "-1")
00639 // get all roles of system role folder
00640 {
00641 if(!$rbacsystem->checkAccess('read',ROLE_FOLDER_ID))
00642 {
00643 return $this->__raiseError('Check access failed.','Server');
00644 }
00645
00646
00647 $roles = $rbacreview->getAssignableRoles(false, true);
00648 }
00649 else
00650 // get local roles for a specific repository object
00651 // needs permission to read permissions of this object
00652 {
00653 if(!$rbacsystem->checkAccess('permission',$id))
00654 {
00655 return $this->__raiseError('Check access failed.','Server');
00656 }
00657
00658 if (!is_numeric($id)) {
00659 return $this->__raiseError('Id must be numeric to process roles of a repository object.','Client');
00660 }
00661
00662 $role_type = "local";
00663
00664 $role_folder = $rbacreview->getRoleFolderOfObject($id);
00665
00666 if(count($role_folder))
00667 {
00668 foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
00669 {
00670 if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
00671 {
00672 $roles[] = array ("obj_id" => $role_id, "title" => $tmp_obj->getTitle(), "description" => $tmp_obj->getDescription(), "role_type" => $role_type);
00673 }
00674 }
00675 }
00676 }
00677
00678 include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
00679
00680 $xml_writer = new ilSoapRoleObjectXMLWriter();
00681 $xml_writer->setObjects($roles);
00682 $xml_writer->setType ($role_type);
00683 if($xml_writer->start())
00684 {
00685 return $xml_writer->getXML();
00686 }
00687 }
00688
00689
00690 }
00691 ?>
