ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSoapRBACAdministration.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapRBACAdministration extends ilSoapAdministration
36 {
37  function ilSoapRBACAdministration()
38  {
39  parent::ilSoapAdministration();
40  }
41 
42 
43  function deleteRole($sid,$role_id)
44  {
45  if(!$this->__checkSession($sid))
46  {
47  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
48  }
49 
50  // Include main header
51  include_once './include/inc.header.php';
52  global $rbacreview, $rbacsystem,$ilAccess;
53 
54  if(!$tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) or $tmp_role->getType() != 'role')
55  {
56  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
57  'Client');
58  }
59 
60 
61  $obj_ref = $rbacreview->getObjectOfRole($role_id);
62  if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
63  {
64  return $this->__raiseError('Check access failed. No permission to delete role','Server');
65  }
66 
67  // if it's last role of an user
68  foreach($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id)
69  {
70  if(count($rbacreview->assignedRoles($user_id)) == 1)
71  {
72  return $this->__raiseError('Cannot deassign last role of users',
73  'Client');
74  }
75  }
76 
77  // set parent id (role folder id) of role
78  $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id,true));
79  $tmp_role->setParent($rolf_id);
80  $tmp_role->delete();
81 
82  return true;
83  }
84 
85  function addUserRoleEntry($sid,$user_id,$role_id)
86  {
87 
88  if(!$this->__checkSession($sid))
89  {
90  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
91  }
92 
93  // Include main header
94  include_once './include/inc.header.php';
95 
96  global $rbacadmin,$rbacreview,$ilAccess;
97 
98  if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id) and $tmp_user->getType() != 'usr')
99  {
100  return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
101  'Client');
102  }
103  if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id) and $tmp_role->getType() != 'role')
104  {
105  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
106  'Client');
107  }
108 
109  $obj_ref = $rbacreview->getObjectOfRole($role_id);
110  if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
111  {
112  return $this->__raiseError('Check access failed. No permission to assign users','Server');
113  }
114 
115  if(!$rbacadmin->assignUser($role_id,$user_id))
116  {
117  return $this->__raiseError('Error rbacadmin->assignUser()',
118  'Server');
119  }
120  return true;
121  }
122  function deleteUserRoleEntry($sid,$user_id,$role_id)
123  {
124  if(!$this->__checkSession($sid))
125  {
126  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
127  }
128 
129  // Include main header
130  include_once './include/inc.header.php';
131  global $rbacadmin,$ilAccess,$rbacreview;
132 
133  if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false) and $tmp_user->getType() != 'usr')
134  {
135  return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
136  'Client');
137  }
138  if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
139  {
140  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
141  'Client');
142  }
143 
144  $obj_ref = $rbacreview->getObjectOfRole($role_id);
145  if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
146  {
147  return $this->__raiseError('Check access failed. No permission to deassign users','Server');
148  }
149 
150  if(!$rbacadmin->deassignUser($role_id,$user_id))
151  {
152  return $this->__raiseError('Error rbacadmin->deassignUser()',
153  'Server');
154  }
155  return true;
156  }
157 
158  function getOperations($sid)
159  {
160  if(!$this->__checkSession($sid))
161  {
162  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
163  }
164 
165  // Include main header
166  include_once './include/inc.header.php';
167  global $rbacreview;
168 
169  if(is_array($ops = $rbacreview->getOperations()))
170  {
171  return $ops;
172  }
173  else
174  {
175  return $this->__raiseError('Unknown error','Server');
176  }
177  }
178 
179  function revokePermissions($sid,$ref_id,$role_id)
180  {
181  if(!$this->__checkSession($sid))
182  {
183  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
184  }
185 
186  // Include main header
187  include_once './include/inc.header.php';
188  global $rbacadmin,$ilAccess;
189 
190  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
191  {
192  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
193  'Client');
194  }
195  if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
196  {
197  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
198  'Client');
199  }
200  if ($role_id == SYSTEM_ROLE_ID)
201  {
202  return $this->__raiseError('Cannot revoke permissions of system role',
203  'Client');
204  }
205 
206  if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
207  {
208  return $this->__raiseError('Check access failed. No permission to revoke permissions','Server');
209  }
210 
211  $rbacadmin->revokePermission($ref_id,$role_id);
212 
213  return true;
214  }
215  function grantPermissions($sid,$ref_id,$role_id,$permissions)
216  {
217  if(!$this->__checkSession($sid))
218  {
219  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
220  }
221 
222  // Include main header
223  include_once './include/inc.header.php';
224  global $rbacadmin,$ilAccess;
225 
226  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
227  {
228  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
229  'Client');
230  }
231  if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
232  {
233  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
234  'Client');
235  }
236 
237  if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
238  {
239  return $this->__raiseError('Check access failed. No permission to grant permissions','Server');
240  }
241 
242 
243  // mjansen@databay.de: dirty fix
244  if(isset($permissions['item']))
245  {
246  $permissions = $permissions['item'];
247  }
248 
249  if(!is_array($permissions))
250  {
251  return $this->__raiseError('No valid permissions given.'.print_r($permissions),
252  'Client');
253  }
254 
255  $rbacadmin->revokePermission($ref_id,$role_id);
256 
257  $rbacadmin->grantPermission($role_id,$permissions,$ref_id);
258 
259  return true;
260  }
261 
262  function getLocalRoles($sid,$ref_id)
263  {
264  if(!$this->__checkSession($sid))
265  {
266  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
267  }
268 
269  // Include main header
270  include_once './include/inc.header.php';
271  global $rbacreview,$ilAccess;
272 
273  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
274  {
275  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
276  'Client');
277  }
278 
279  if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
280  {
281  return $this->__raiseError('Check access failed. No permission to access role information','Server');
282  }
283 
284 
285  $role_folder = $rbacreview->getRoleFolderOfObject($ref_id);
286 
287  if(count($role_folder))
288  {
289  foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
290  {
291  if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
292  {
293  $objs[] = $tmp_obj;
294  }
295  }
296  }
297  if(count($objs))
298  {
299  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
300 
301  $xml_writer = new ilObjectXMLWriter();
302  $xml_writer->setObjects($objs);
303  if($xml_writer->start())
304  {
305  return $xml_writer->getXML();
306  }
307  }
308  return '';
309  }
310 
311  function getUserRoles($sid,$user_id)
312  {
313  if(!$this->__checkSession($sid))
314  {
315  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
316  }
317 
318  // Include main header
319  include_once './include/inc.header.php';
320  global $rbacreview;
321 
322  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
323  {
324  return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
325  'Client');
326  }
327 
328  foreach($rbacreview->assignedRoles($user_id) as $role_id)
329  {
330  if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
331  {
332  $objs[] = $tmp_obj;
333  }
334  }
335  if(count($objs))
336  {
337  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
338 
339  $xml_writer = new ilObjectXMLWriter();
340  $xml_writer->setObjects($objs);
341  if($xml_writer->start())
342  {
343  return $xml_writer->getXML();
344  }
345  }
346  return '';
347  }
348 
349  function addRole($sid,$target_id,$role_xml)
350  {
351  if(!$this->__checkSession($sid))
352  {
353  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
354  }
355 
356  // Include main header
357  include_once './include/inc.header.php';
358  global $rbacreview, $objDefinition, $rbacsystem,$ilAccess;
359 
360  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
361  {
362  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
363  'Client');
364  }
365 
366  if(ilObject::_isInTrash($target_id))
367  {
368  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
369  }
370 
371  if(!$ilAccess->checkAccess('edit_permission','',$target_id))
372  {
373  return $this->__raiseError('Check access failed. No permission to create roles','Server');
374  }
375 
376  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
377 
378  $xml_parser =& new ilObjectXMLParser($role_xml);
379  $xml_parser->startParsing();
380 
381  foreach($xml_parser->getObjectData() as $object_data)
382  {
383 
384  // check if role title has il_ prefix
385  if(substr($object_data['title'],0,3) == "il_")
386  {
387  return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
388  'Client');
389  }
390 
391  $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
392  if (!$rolf_id = $rolf_data["child"])
393  {
394  // can the current object contain a rolefolder?
395  $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
396  if(!isset($subobjects["rolf"]))
397  {
398  return $this->__raiseError('Cannot create role at this position',
399  'Client');
400  }
401 
402  // CHECK ACCESS 'create' rolefolder
403  if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
404  {
405  return $this->__raiseError('No permission to create role folders',
406  'Client');
407  }
408 
409  // create a rolefolder
410  $rolf_obj = $tmp_obj->createRoleFolder();
411  $rolf_id = $rolf_obj->getRefId();
412  }
413  $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
414  $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description'],
415  $object_data['import_id']);
416  //echo "-".$object_data['import_id']."-";
417  $new_roles[] = $role_obj->getId();
418  }
419 
420  return $new_roles ? $new_roles : array();
421  }
422 
423  function addRoleFromTemplate($sid,$target_id,$role_xml,$template_id)
424  {
425  if(!$this->__checkSession($sid))
426  {
427  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
428  }
429 
430  // Include main header
431  include_once './include/inc.header.php';
432  global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin,$ilAccess;
433 
434  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
435  {
436  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
437  'Client');
438  }
439  if(ilObject::_lookupType($template_id) != 'rolt')
440  {
441  return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template',
442  'Client');
443  }
444 
445 
446  if(ilObject::_isInTrash($target_id))
447  {
448  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
449  }
450 
451  if(!$ilAccess->checkAccess('edit_permission','',$target_id))
452  {
453  return $this->__raiseError('Check access failed. No permission to create roles','Server');
454  }
455 
456 
457  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
458 
459  $xml_parser =& new ilObjectXMLParser($role_xml);
460  $xml_parser->startParsing();
461 
462  foreach($xml_parser->getObjectData() as $object_data)
463  {
464 
465  // check if role title has il_ prefix
466  if(substr($object_data['title'],0,3) == "il_")
467  {
468  return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
469  'Client');
470  }
471 
472  $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
473  if (!$rolf_id = $rolf_data["child"])
474  {
475  // can the current object contain a rolefolder?
476  $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
477  if(!isset($subobjects["rolf"]))
478  {
479  return $this->__raiseError('Cannot create role at this position',
480  'Client');
481  }
482 
483  // CHECK ACCESS 'create' rolefolder
484  if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
485  {
486  return $this->__raiseError('No permission to create role folders',
487  'Client');
488  }
489 
490  // create a rolefolder
491  $rolf_obj = $tmp_obj->createRoleFolder();
492  $rolf_id = $rolf_obj->getRefId();
493  }
494  $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
495  $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description']);
496 
497  // Copy permssions
498  $rbacadmin->copyRoleTemplatePermissions($template_id,ROLE_FOLDER_ID,$rolf_obj->getRefId(),$role_obj->getId());
499 
500  // Set object permissions according to role template
501  $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),$tmp_obj->getType(),$rolf_obj->getRefId());
502  $rbacadmin->grantPermission($role_obj->getId(),$ops,$target_id);
503 
504  // SET permissisons of role folder according to role template
505  $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),"rolf",$rolf_obj->getRefId());
506  $rbacadmin->grantPermission($role_obj->getId(),$ops,$rolf_obj->getRefId());
507 
508  $new_roles[] = $role_obj->getId();
509  }
510 
511 
512  // CREATE ADMIN ROLE
513 
514 
515 
516 
517 
518  return $new_roles ? $new_roles : array();
519  }
520 
521  function getObjectTreeOperations($sid,$ref_id,$user_id)
522  {
523  if(!$this->__checkSession($sid))
524  {
525  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
526  }
527 
528  // Include main header
529  include_once './include/inc.header.php';
530  global $rbacsystem,$rbacreview,$ilAccess;
531 
532 
533  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
534  {
535  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
536  'Client');
537  }
538 
539  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
540  {
541  return $this->__raiseError('No valid user id given.',
542  'Client');
543  }
544 
545  if(ilObject::_isInTrash($ref_id))
546  {
547  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
548  }
549 
550 
551 
552  // check visible for all upper tree entries
553  if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'visible','',$tmp_obj->getRefId()))
554  {
555  return array();
556  }
557  $op_data = $rbacreview->getOperation(2);
558  $ops_data[] = $op_data;
559 
560  if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'read','',$tmp_obj->getRefId()))
561  {
562  return $ops_data;
563  }
564 
565 
566  $ops_data = array();
567  $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
568  foreach($ops as $ops_id)
569  {
570  $op_data = $rbacreview->getOperation($ops_id);
571 
572  if($rbacsystem->checkAccessOfUser($user_id,$op_data['operation'],$tmp_obj->getRefId()))
573  {
574  $ops_data[$ops_id] = $op_data;
575  }
576 
577  }
578 
579  foreach($ops_data as $data)
580  {
581  $ret_data[] = $data;
582  }
583  return $ret_data ? $ret_data : array();
584  }
585 
594  function getRoles($sid, $role_type, $id)
595  {
596  if(!$this->__checkSession($sid))
597  {
598  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
599  }
600 
601  // Include main header
602  include_once './include/inc.header.php';
603 
604  global $rbacsystem, $rbacreview, $ilUser, $ilDB;
605 
606  if (strcasecmp($role_type,"") != 0 &&
607  strcasecmp($role_type,"local") != 0 &&
608  strcasecmp($role_type,"global") != 0 &&
609  strcasecmp($role_type,"user") != 0 &&
610  strcasecmp($role_type,"user_login") != 0 &&
611  strcasecmp($role_type,"template") != 0)
612  {
613  return $this->__raiseError('Called service with wrong role_type parameter \''.$role_type.'\'','Client');
614  }
615 
616  $roles = array();
617 
618 
619  if (strcasecmp($role_type,"template") == 0)
620  // get templates
621  {
622  $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
623  } elseif (strcasecmp($role_type,"user")==0 || strcasecmp($role_type,"user_login")==0)
624  // handle user roles
625  {
626  $user_id = $this->parseUserID($id, $role_type);
627  if ($user_id != $ilUser->getId())
628  // check access for user folder
629  {
630  $tmpUser = new ilObjUser($user_id);
631  $timelimitOwner = $tmpUser->getTimeLimitOwner();
632  if(!$rbacsystem->checkAccess('read',$timelimitOwner))
633  {
634  return $this->__raiseError('Check access for time limit owner failed.','Server');
635  }
636  }
637  $role_type = ""; // local and global roles for user
638 
639  $query = sprintf("SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=".$user_id,
640  join ("','", $rbacreview->assignedRoles($user_id))
641  );
642 
643  $rbacresult = $ilDB->query($query);
644  while ($rbacrow = $rbacresult->fetchRow(DB_FETCHMODE_ASSOC))
645  {
646  if ($rbacrow["assign"] != "y")
647  continue;
648 
649  $type = "";
650 
651  if ($rbacrow["parent"] == ROLE_FOLDER_ID)
652  {
653  $type = "Global";
654  }
655  else
656  {
657  $type = "Local";
658  }
659  if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"],false))
660  {
661  /* @var $tmp_obj IlObjRole */
662  $roles[] = array (
663  "obj_id" =>$rbacrow["rol_id"],
664  "title" => $tmp_obj->getTitle(),
665  "description" => $tmp_obj->getDescription(),
666  "role_type" => $type);
667  }
668  }
669  } elseif ($id == "-1")
670  // get all roles of system role folder
671  {
672  if(!$rbacsystem->checkAccess('read',ROLE_FOLDER_ID))
673  {
674  return $this->__raiseError('Check access failed.','Server');
675  }
676 
677  $roles = $rbacreview->getAssignableRoles(false, true);
678  }
679  else
680  // get local roles for a specific repository object
681  // needs permission to read permissions of this object
682  {
683  if(!$rbacsystem->checkAccess('edit_permission',$id))
684  {
685  return $this->__raiseError('Check access for local roles failed.','Server');
686  }
687 
688  if (!is_numeric($id)) {
689  return $this->__raiseError('Id must be numeric to process roles of a repository object.','Client');
690  }
691 
692  $role_type = "local";
693 
694  $role_folder = $rbacreview->getRoleFolderOfObject($id);
695 
696  if(count($role_folder))
697  {
698  foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
699  {
700  if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
701  {
702  $roles[] = array ("obj_id" => $role_id, "title" => $tmp_obj->getTitle(), "description" => $tmp_obj->getDescription(), "role_type" => $role_type);
703  }
704  }
705  }
706  }
707 
708 
709  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
710 
711  $xml_writer = new ilSoapRoleObjectXMLWriter();
712  $xml_writer->setObjects($roles);
713  $xml_writer->setType ($role_type);
714  if($xml_writer->start())
715  {
716  return $xml_writer->getXML();
717  }
718  }
719 
730  function searchRoles ($sid, $key, $combination, $role_type)
731  {
732  if(!$this->__checkSession($sid))
733  {
734  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
735  }
736 
737  // Include main header
738  include_once './include/inc.header.php';
739 
740  global $rbacsystem, $rbacreview, $ilUser, $ilDB;
741 
742 
743  if (strcasecmp($role_type,"") != 0 &&
744  strcasecmp($role_type,"local") != 0 &&
745  strcasecmp($role_type,"global") != 0 &&
746  strcasecmp($role_type,"template") != 0)
747  {
748  return $this->__raiseError('Called service with wrong role_type parameter \''.$role_type.'\'','Client');
749  }
750 
751  if($combination != 'and' and $combination != 'or')
752  {
753  return $this->__raiseError('No valid combination given. Must be "and" or "or".',
754  'Client');
755  }
756 
757  include_once './Services/Search/classes/class.ilQueryParser.php';
758 
759  $query_parser =& new ilQueryParser($key);
760  $query_parser->setMinWordLength(3);
761  $query_parser->setCombination($combination == 'and' ? QP_COMBINATION_AND : QP_COMBINATION_OR);
762  $query_parser->parse();
763  if(!$query_parser->validate())
764  {
765  return $this->__raiseError($query_parser->getMessage(), 'Client');
766  }
767 
768  include_once './Services/Search/classes/class.ilObjectSearchFactory.php';
769 
770  $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
771  $object_search->setFilter(array("role","rolt"));
772 
773  $res = $object_search->performSearch();
774  $res->filter(ROOT_FOLDER_ID, $combination == 'and' ? true : false);
775 
776  $obj_ids = array();
777  foreach($res->getUniqueResults() as $entry)
778  {
779  $obj_ids [] = $entry['obj_id'];
780  }
781 
782  $roles = array();
783  if (count($obj_ids)> 0 )
784  {
785  #print_r($obj_ids);
786  $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type == "template");
787  }
788  #print_r($roles);
789  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
790  $xml_writer = new ilSoapRoleObjectXMLWriter();
791  $xml_writer->setObjects($roles);
792  $xml_writer->setType ($role_type);
793  if($xml_writer->start())
794  {
795  return $xml_writer->getXML();
796  }
797 
798 
799  }
800 
801 
802  private function parseUserID ($id, $role_type) {
803  if (strcasecmp($role_type,"user")==0)
804  // get user roles for user id, which can be numeric or ilias id
805  {
806  $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
807  if (!is_numeric($user_id))
808  {
809  return $this->__raiseError('ID must be either numeric or ILIAS conform id for type \'user\'','Client');
810  }
811  } elseif (strcasecmp($role_type, "user_login") == 0)
812  // check for login
813  {
814  $user_id = ilObjUser::_lookupId($id);
815  if (!$user_id)
816  // could not find a valid user
817  {
818  return $this->__raiseError('User with login \''.$id.'\' does not exist!','Client');
819  }
820  }
821  return $user_id;
822  }
823 }
824 ?>