00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00033 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
00034
00035 class ilSoapRBACAdministration extends ilSoapAdministration
00036 {
00037 function ilSoapRBACAdministration()
00038 {
00039 parent::ilSoapAdministration();
00040 }
00041
00042
00043 function deleteRole($sid,$role_id)
00044 {
00045 if(!$this->__checkSession($sid))
00046 {
00047 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00048 }
00049
00050
00051 include_once './include/inc.header.php';
00052
00053
00054 if(!$tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) or $tmp_role->getType() != 'role')
00055 {
00056 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00057 'Client');
00058 }
00059
00060 $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id,true));
00061 if(!$rbacsystem->checkAccess('delete',$rolf_id))
00062 {
00063 return $this->__raiseError('Check access failed. No permission to delete role','Server');
00064 }
00065
00066
00067 foreach($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id)
00068 {
00069 if(count($rbacreview->assignedRoles($user_id)) == 1)
00070 {
00071 return $this->__raiseError('Cannot deassign last role of users',
00072 'Client');
00073 }
00074 }
00075
00076
00077 $tmp_role->setParent($rolf_id);
00078 $tmp_role->delete();
00079
00080 return true;
00081 }
00082
00083 function addUserRoleEntry($sid,$user_id,$role_id)
00084 {
00085
00086 if(!$this->__checkSession($sid))
00087 {
00088 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00089 }
00090
00091
00092 include_once './include/inc.header.php';
00093
00094 if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id) and $tmp_user->getType() != 'usr')
00095 {
00096 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00097 'Client');
00098 }
00099 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id) and $tmp_role->getType() != 'role')
00100 {
00101 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00102 'Client');
00103 }
00104
00105 if(!$rbacadmin->assignUser($role_id,$user_id))
00106 {
00107 return $this->__raiseError('Error rbacadmin->assignUser()',
00108 'Server');
00109 }
00110 return true;
00111 }
00112 function deleteUserRoleEntry($sid,$user_id,$role_id)
00113 {
00114 if(!$this->__checkSession($sid))
00115 {
00116 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00117 }
00118
00119
00120 include_once './include/inc.header.php';
00121
00122 if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false) and $tmp_user->getType() != 'usr')
00123 {
00124 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00125 'Client');
00126 }
00127 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00128 {
00129 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00130 'Client');
00131 }
00132
00133 if(!$rbacadmin->deassignUser($role_id,$user_id))
00134 {
00135 return $this->__raiseError('Error rbacadmin->deassignUser()',
00136 'Server');
00137 }
00138 return true;
00139 }
00140
00141 function getOperations($sid)
00142 {
00143 if(!$this->__checkSession($sid))
00144 {
00145 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00146 }
00147
00148
00149 include_once './include/inc.header.php';
00150
00151 if(is_array($ops = $rbacreview->getOperations()))
00152 {
00153 return $ops;
00154 }
00155 else
00156 {
00157 return $this->__raiseError('Unknown error','Server');
00158 }
00159 }
00160
00161 function revokePermissions($sid,$ref_id,$role_id)
00162 {
00163 if(!$this->__checkSession($sid))
00164 {
00165 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00166 }
00167
00168
00169 include_once './include/inc.header.php';
00170
00171 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00172 {
00173 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00174 'Client');
00175 }
00176 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00177 {
00178 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00179 'Client');
00180 }
00181 if ($role_id == SYSTEM_ROLE_ID)
00182 {
00183 return $this->__raiseError('Cannot revoke permissions of system role',
00184 'Client');
00185 }
00186
00187 $rbacadmin->revokePermission($ref_id,$role_id);
00188
00189 return true;
00190 }
00191 function grantPermissions($sid,$ref_id,$role_id,$permissions)
00192 {
00193 if(!$this->__checkSession($sid))
00194 {
00195 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00196 }
00197
00198
00199 include_once './include/inc.header.php';
00200
00201 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00202 {
00203 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00204 'Client');
00205 }
00206 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00207 {
00208 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00209 'Client');
00210 }
00211
00212 if(!is_array($permissions))
00213 {
00214 return $this->__raiseError('No valid permissions given.'.print_r($permissions),
00215 'Client');
00216 }
00217
00218 $rbacadmin->revokePermission($ref_id,$role_id);
00219 $rbacadmin->grantPermission($role_id,$permissions,$ref_id);
00220
00221 return true;
00222 }
00223
00224 function getLocalRoles($sid,$ref_id)
00225 {
00226 if(!$this->__checkSession($sid))
00227 {
00228 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00229 }
00230
00231
00232 include_once './include/inc.header.php';
00233
00234 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00235 {
00236 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00237 'Client');
00238 }
00239
00240 $role_folder = $rbacreview->getRoleFolderOfObject($ref_id);
00241
00242 if(count($role_folder))
00243 {
00244 foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
00245 {
00246 if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
00247 {
00248 $objs[] = $tmp_obj;
00249 }
00250 }
00251 }
00252 if(count($objs))
00253 {
00254 include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
00255
00256 $xml_writer = new ilObjectXMLWriter();
00257 $xml_writer->setObjects($objs);
00258 if($xml_writer->start())
00259 {
00260 return $xml_writer->getXML();
00261 }
00262 }
00263 return '';
00264 }
00265
00266 function getUserRoles($sid,$user_id)
00267 {
00268 if(!$this->__checkSession($sid))
00269 {
00270 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00271 }
00272
00273
00274 include_once './include/inc.header.php';
00275
00276 if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
00277 {
00278 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00279 'Client');
00280 }
00281
00282 foreach($rbacreview->assignedRoles($user_id) as $role_id)
00283 {
00284 if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
00285 {
00286 $objs[] = $tmp_obj;
00287 }
00288 }
00289 if(count($objs))
00290 {
00291 include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
00292
00293 $xml_writer = new ilObjectXMLWriter();
00294 $xml_writer->setObjects($objs);
00295 if($xml_writer->start())
00296 {
00297 return $xml_writer->getXML();
00298 }
00299 }
00300 return '';
00301 }
00302
00303 function addRole($sid,$target_id,$role_xml)
00304 {
00305 if(!$this->__checkSession($sid))
00306 {
00307 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00308 }
00309
00310
00311 include_once './include/inc.header.php';
00312
00313 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
00314 {
00315 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00316 'Client');
00317 }
00318 include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
00319
00320 $xml_parser =& new ilObjectXMLParser($role_xml);
00321 $xml_parser->startParsing();
00322
00323 foreach($xml_parser->getObjectData() as $object_data)
00324 {
00325
00326 if($rbacreview->roleExists($object_data['title']))
00327 {
00328 return $this->__raiseError('The rolename must be unique. A role with name '.$object_data['title'].' already exists',
00329 'Client');
00330 }
00331
00332 if(substr($object_data['title'],0,3) == "il_")
00333 {
00334 return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
00335 'Client');
00336 }
00337
00338 $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
00339 if (!$rolf_id = $rolf_data["child"])
00340 {
00341
00342 $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
00343 if(!isset($subobjects["rolf"]))
00344 {
00345 return $this->__raiseError('Cannot create role at this position',
00346 'Client');
00347 }
00348
00349
00350 if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
00351 {
00352 return $this->__raiseError('No permission to create role folders',
00353 'Client');
00354 }
00355
00356
00357 $rolf_obj = $tmp_obj->createRoleFolder();
00358 $rolf_id = $rolf_obj->getRefId();
00359 }
00360 $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
00361 $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description'],
00362 $object_data['import_id']);
00363
00364 $new_roles[] = $role_obj->getId();
00365 }
00366
00367 return $new_roles ? $new_roles : array();
00368 }
00369
00370 function addRoleFromTemplate($sid,$target_id,$role_xml,$template_id)
00371 {
00372 if(!$this->__checkSession($sid))
00373 {
00374 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00375 }
00376
00377
00378 include_once './include/inc.header.php';
00379
00380 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
00381 {
00382 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00383 'Client');
00384 }
00385 if(ilObject::_lookupType($template_id) != 'rolt')
00386 {
00387 return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template',
00388 'Client');
00389 }
00390
00391
00392
00393 include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
00394
00395 $xml_parser =& new ilObjectXMLParser($role_xml);
00396 $xml_parser->startParsing();
00397
00398 foreach($xml_parser->getObjectData() as $object_data)
00399 {
00400
00401 if($rbacreview->roleExists($object_data['title']))
00402 {
00403 return $this->__raiseError('The rolename must be unique. A role with name '.$object_data['title'].' already exists',
00404 'Client');
00405 }
00406
00407 if(substr($object_data['title'],0,3) == "il_")
00408 {
00409 return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
00410 'Client');
00411 }
00412
00413 $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
00414 if (!$rolf_id = $rolf_data["child"])
00415 {
00416
00417 $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
00418 if(!isset($subobjects["rolf"]))
00419 {
00420 return $this->__raiseError('Cannot create role at this position',
00421 'Client');
00422 }
00423
00424
00425 if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
00426 {
00427 return $this->__raiseError('No permission to create role folders',
00428 'Client');
00429 }
00430
00431
00432 $rolf_obj = $tmp_obj->createRoleFolder();
00433 $rolf_id = $rolf_obj->getRefId();
00434 }
00435 $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
00436 $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description']);
00437
00438
00439 $rbacadmin->copyRolePermission($template_id,ROLE_FOLDER_ID,$rolf_obj->getRefId(),$role_obj->getId());
00440
00441
00442 $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),$tmp_obj->getType(),$rolf_obj->getRefId());
00443 $rbacadmin->grantPermission($role_obj->getId(),$ops,$target_id);
00444
00445
00446 $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),"rolf",$rolf_obj->getRefId());
00447 $rbacadmin->grantPermission($role_obj->getId(),$ops,$rolf_obj->getRefId());
00448
00449 $new_roles[] = $role_obj->getId();
00450 }
00451
00452
00453
00454
00455
00456
00457
00458
00459 return $new_roles ? $new_roles : array();
00460 }
00461
00462 function getObjectTreeOperations($sid,$ref_id,$user_id)
00463 {
00464 if(!$this->__checkSession($sid))
00465 {
00466 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00467 }
00468
00469
00470 include_once './include/inc.header.php';
00471
00472 global $rbacsystem;
00473
00474
00475 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00476 {
00477 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00478 'Client');
00479 }
00480
00481 if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
00482 {
00483 return $this->__raiseError('No valid user id given.',
00484 'Client');
00485 }
00486
00487
00488
00489 if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'visible','view',$tmp_obj->getRefId()))
00490 {
00491 return array();
00492 }
00493 $op_data = $rbacreview->getOperation(2);
00494 $ops_data[] = $op_data;
00495
00496 if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'read','view',$tmp_obj->getRefId()))
00497 {
00498 return $ops_data;
00499 }
00500
00501
00502 $ops_data = array();
00503 $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
00504 foreach($ops as $ops_id)
00505 {
00506 $op_data = $rbacreview->getOperation($ops_id);
00507
00508 if($rbacsystem->checkAccessOfUser($user_id,$op_data['operation'],$tmp_obj->getRefId()))
00509 {
00510 $ops_data[$ops_id] = $op_data;
00511 }
00512
00513 }
00514
00515 foreach($ops_data as $data)
00516 {
00517 $ret_data[] = $data;
00518 }
00519 return $ret_data ? $ret_data : array();
00520 }
00521 }
00522 ?>
