00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00033 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
00034
00035 class ilSoapRBACAdministration extends ilSoapAdministration
00036 {
00037 function ilSoapRBACAdministration()
00038 {
00039 parent::ilSoapAdministration();
00040 }
00041
00042
00043 function deleteRole($sid,$role_id)
00044 {
00045 if(!$this->__checkSession($sid))
00046 {
00047 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00048 }
00049
00050
00051 include_once './include/inc.header.php';
00052 global $rbacreview, $rbacsystem,$ilAccess;
00053
00054 if(!$tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) or $tmp_role->getType() != 'role')
00055 {
00056 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00057 'Client');
00058 }
00059
00060
00061 $obj_ref = $rbacreview->getObjectOfRole($role_id);
00062 if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
00063 {
00064 return $this->__raiseError('Check access failed. No permission to delete role','Server');
00065 }
00066
00067
00068 foreach($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id)
00069 {
00070 if(count($rbacreview->assignedRoles($user_id)) == 1)
00071 {
00072 return $this->__raiseError('Cannot deassign last role of users',
00073 'Client');
00074 }
00075 }
00076
00077
00078 $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id,true));
00079 $tmp_role->setParent($rolf_id);
00080 $tmp_role->delete();
00081
00082 return true;
00083 }
00084
00085 function addUserRoleEntry($sid,$user_id,$role_id)
00086 {
00087
00088 if(!$this->__checkSession($sid))
00089 {
00090 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00091 }
00092
00093
00094 include_once './include/inc.header.php';
00095
00096 global $rbacadmin,$rbacreview,$ilAccess;
00097
00098 if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id) and $tmp_user->getType() != 'usr')
00099 {
00100 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00101 'Client');
00102 }
00103 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id) and $tmp_role->getType() != 'role')
00104 {
00105 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00106 'Client');
00107 }
00108
00109 $obj_ref = $rbacreview->getObjectOfRole($role_id);
00110 if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
00111 {
00112 return $this->__raiseError('Check access failed. No permission to assign users','Server');
00113 }
00114
00115 if(!$rbacadmin->assignUser($role_id,$user_id))
00116 {
00117 return $this->__raiseError('Error rbacadmin->assignUser()',
00118 'Server');
00119 }
00120 return true;
00121 }
00122 function deleteUserRoleEntry($sid,$user_id,$role_id)
00123 {
00124 if(!$this->__checkSession($sid))
00125 {
00126 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00127 }
00128
00129
00130 include_once './include/inc.header.php';
00131 global $rbacadmin,$ilAccess,$rbacreview;
00132
00133 if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false) and $tmp_user->getType() != 'usr')
00134 {
00135 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00136 'Client');
00137 }
00138 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00139 {
00140 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00141 'Client');
00142 }
00143
00144 $obj_ref = $rbacreview->getObjectOfRole($role_id);
00145 if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
00146 {
00147 return $this->__raiseError('Check access failed. No permission to deassign users','Server');
00148 }
00149
00150 if(!$rbacadmin->deassignUser($role_id,$user_id))
00151 {
00152 return $this->__raiseError('Error rbacadmin->deassignUser()',
00153 'Server');
00154 }
00155 return true;
00156 }
00157
00158 function getOperations($sid)
00159 {
00160 if(!$this->__checkSession($sid))
00161 {
00162 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00163 }
00164
00165
00166 include_once './include/inc.header.php';
00167 global $rbacreview;
00168
00169 if(is_array($ops = $rbacreview->getOperations()))
00170 {
00171 return $ops;
00172 }
00173 else
00174 {
00175 return $this->__raiseError('Unknown error','Server');
00176 }
00177 }
00178
00179 function revokePermissions($sid,$ref_id,$role_id)
00180 {
00181 if(!$this->__checkSession($sid))
00182 {
00183 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00184 }
00185
00186
00187 include_once './include/inc.header.php';
00188 global $rbacadmin,$ilAccess;
00189
00190 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00191 {
00192 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00193 'Client');
00194 }
00195 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00196 {
00197 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00198 'Client');
00199 }
00200 if ($role_id == SYSTEM_ROLE_ID)
00201 {
00202 return $this->__raiseError('Cannot revoke permissions of system role',
00203 'Client');
00204 }
00205
00206 if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
00207 {
00208 return $this->__raiseError('Check access failed. No permission to revoke permissions','Server');
00209 }
00210
00211 $rbacadmin->revokePermission($ref_id,$role_id);
00212
00213 return true;
00214 }
00215 function grantPermissions($sid,$ref_id,$role_id,$permissions)
00216 {
00217 if(!$this->__checkSession($sid))
00218 {
00219 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00220 }
00221
00222
00223 include_once './include/inc.header.php';
00224
00225 global $rbacadmin,$ilAccess;
00226
00227 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00228 {
00229 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00230 'Client');
00231 }
00232 if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
00233 {
00234 return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
00235 'Client');
00236 }
00237
00238 if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
00239 {
00240 return $this->__raiseError('Check access failed. No permission to grant permissions','Server');
00241 }
00242
00243
00244
00245 if(isset($permissions['item']))
00246 {
00247 $permissions = $permissions['item'];
00248 }
00249
00250 if(!is_array($permissions))
00251 {
00252 return $this->__raiseError('No valid permissions given.'.print_r($permissions),
00253 'Client');
00254 }
00255
00256 $rbacadmin->revokePermission($ref_id,$role_id);
00257 $rbacadmin->grantPermission($role_id,$permissions,$ref_id);
00258
00259 return true;
00260 }
00261
00262 function getLocalRoles($sid,$ref_id)
00263 {
00264 if(!$this->__checkSession($sid))
00265 {
00266 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00267 }
00268
00269
00270 include_once './include/inc.header.php';
00271 global $rbacreview,$ilAccess;
00272
00273 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00274 {
00275 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00276 'Client');
00277 }
00278
00279 if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
00280 {
00281 return $this->__raiseError('Check access failed. No permission to access role information','Server');
00282 }
00283
00284
00285 $role_folder = $rbacreview->getRoleFolderOfObject($ref_id);
00286
00287 if(count($role_folder))
00288 {
00289 foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
00290 {
00291 if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
00292 {
00293 $objs[] = $tmp_obj;
00294 }
00295 }
00296 }
00297 if(count($objs))
00298 {
00299 include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
00300
00301 $xml_writer = new ilObjectXMLWriter();
00302 $xml_writer->setObjects($objs);
00303 if($xml_writer->start())
00304 {
00305 return $xml_writer->getXML();
00306 }
00307 }
00308 return '';
00309 }
00310
00311 function getUserRoles($sid,$user_id)
00312 {
00313 if(!$this->__checkSession($sid))
00314 {
00315 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00316 }
00317
00318
00319 include_once './include/inc.header.php';
00320 global $rbacreview;
00321
00322 if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
00323 {
00324 return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
00325 'Client');
00326 }
00327
00328 foreach($rbacreview->assignedRoles($user_id) as $role_id)
00329 {
00330 if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
00331 {
00332 $objs[] = $tmp_obj;
00333 }
00334 }
00335 if(count($objs))
00336 {
00337 include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
00338
00339 $xml_writer = new ilObjectXMLWriter();
00340 $xml_writer->setObjects($objs);
00341 if($xml_writer->start())
00342 {
00343 return $xml_writer->getXML();
00344 }
00345 }
00346 return '';
00347 }
00348
00349 function addRole($sid,$target_id,$role_xml)
00350 {
00351 if(!$this->__checkSession($sid))
00352 {
00353 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00354 }
00355
00356
00357 include_once './include/inc.header.php';
00358 global $rbacreview, $objDefinition, $rbacsystem,$ilAccess;
00359
00360 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
00361 {
00362 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00363 'Client');
00364 }
00365
00366 if(ilObject::_isInTrash($target_id))
00367 {
00368 return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
00369 }
00370
00371 if(!$ilAccess->checkAccess('edit_permission','',$target_id))
00372 {
00373 return $this->__raiseError('Check access failed. No permission to create roles','Server');
00374 }
00375
00376 include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
00377
00378 $xml_parser =& new ilObjectXMLParser($role_xml);
00379 $xml_parser->startParsing();
00380
00381 foreach($xml_parser->getObjectData() as $object_data)
00382 {
00383
00384
00385 if(substr($object_data['title'],0,3) == "il_")
00386 {
00387 return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
00388 'Client');
00389 }
00390
00391 $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
00392 if (!$rolf_id = $rolf_data["child"])
00393 {
00394
00395 $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
00396 if(!isset($subobjects["rolf"]))
00397 {
00398 return $this->__raiseError('Cannot create role at this position',
00399 'Client');
00400 }
00401
00402
00403 if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
00404 {
00405 return $this->__raiseError('No permission to create role folders',
00406 'Client');
00407 }
00408
00409
00410 $rolf_obj = $tmp_obj->createRoleFolder();
00411 $rolf_id = $rolf_obj->getRefId();
00412 }
00413 $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
00414 $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description'],
00415 $object_data['import_id']);
00416
00417 $new_roles[] = $role_obj->getId();
00418 }
00419
00420 return $new_roles ? $new_roles : array();
00421 }
00422
00423 function addRoleFromTemplate($sid,$target_id,$role_xml,$template_id)
00424 {
00425 if(!$this->__checkSession($sid))
00426 {
00427 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00428 }
00429
00430
00431 include_once './include/inc.header.php';
00432 global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin,$ilAccess;
00433
00434 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
00435 {
00436 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00437 'Client');
00438 }
00439 if(ilObject::_lookupType($template_id) != 'rolt')
00440 {
00441 return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template',
00442 'Client');
00443 }
00444
00445
00446 if(ilObject::_isInTrash($target_id))
00447 {
00448 return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
00449 }
00450
00451 if(!$ilAccess->checkAccess('edit_permission','',$target_id))
00452 {
00453 return $this->__raiseError('Check access failed. No permission to create roles','Server');
00454 }
00455
00456
00457 include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
00458
00459 $xml_parser =& new ilObjectXMLParser($role_xml);
00460 $xml_parser->startParsing();
00461
00462 foreach($xml_parser->getObjectData() as $object_data)
00463 {
00464
00465
00466 if(substr($object_data['title'],0,3) == "il_")
00467 {
00468 return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
00469 'Client');
00470 }
00471
00472 $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
00473 if (!$rolf_id = $rolf_data["child"])
00474 {
00475
00476 $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
00477 if(!isset($subobjects["rolf"]))
00478 {
00479 return $this->__raiseError('Cannot create role at this position',
00480 'Client');
00481 }
00482
00483
00484 if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
00485 {
00486 return $this->__raiseError('No permission to create role folders',
00487 'Client');
00488 }
00489
00490
00491 $rolf_obj = $tmp_obj->createRoleFolder();
00492 $rolf_id = $rolf_obj->getRefId();
00493 }
00494 $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
00495 $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description']);
00496
00497
00498 $rbacadmin->copyRoleTemplatePermissions($template_id,ROLE_FOLDER_ID,$rolf_obj->getRefId(),$role_obj->getId());
00499
00500
00501 $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),$tmp_obj->getType(),$rolf_obj->getRefId());
00502 $rbacadmin->grantPermission($role_obj->getId(),$ops,$target_id);
00503
00504
00505 $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),"rolf",$rolf_obj->getRefId());
00506 $rbacadmin->grantPermission($role_obj->getId(),$ops,$rolf_obj->getRefId());
00507
00508 $new_roles[] = $role_obj->getId();
00509 }
00510
00511
00512
00513
00514
00515
00516
00517
00518 return $new_roles ? $new_roles : array();
00519 }
00520
00521 function getObjectTreeOperations($sid,$ref_id,$user_id)
00522 {
00523 if(!$this->__checkSession($sid))
00524 {
00525 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00526 }
00527
00528
00529 include_once './include/inc.header.php';
00530 global $rbacsystem,$rbacreview,$ilAccess;
00531
00532
00533 if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
00534 {
00535 return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
00536 'Client');
00537 }
00538
00539 if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
00540 {
00541 return $this->__raiseError('No valid user id given.',
00542 'Client');
00543 }
00544
00545 if(ilObject::_isInTrash($ref_id))
00546 {
00547 return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
00548 }
00549
00550
00551
00552
00553 if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'visible','',$tmp_obj->getRefId()))
00554 {
00555 return array();
00556 }
00557 $op_data = $rbacreview->getOperation(2);
00558 $ops_data[] = $op_data;
00559
00560 if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'read','',$tmp_obj->getRefId()))
00561 {
00562 return $ops_data;
00563 }
00564
00565
00566 $ops_data = array();
00567 $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
00568 foreach($ops as $ops_id)
00569 {
00570 $op_data = $rbacreview->getOperation($ops_id);
00571
00572 if($rbacsystem->checkAccessOfUser($user_id,$op_data['operation'],$tmp_obj->getRefId()))
00573 {
00574 $ops_data[$ops_id] = $op_data;
00575 }
00576
00577 }
00578
00579 foreach($ops_data as $data)
00580 {
00581 $ret_data[] = $data;
00582 }
00583 return $ret_data ? $ret_data : array();
00584 }
00585
00594 function getRoles($sid, $role_type, $id)
00595 {
00596 if(!$this->__checkSession($sid))
00597 {
00598 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00599 }
00600
00601
00602 include_once './include/inc.header.php';
00603
00604 global $rbacsystem, $rbacreview, $ilUser, $ilDB;
00605
00606 $roles = array();
00607
00608 if (strcasecmp($role_type,"") != 0 &&
00609 strcasecmp($role_type,"local") != 0 &&
00610 strcasecmp($role_type,"global") != 0 &&
00611 strcasecmp($role_type,"user") != 0 &&
00612 strcasecmp($role_type,"user_login") != 0 &&
00613 strcasecmp($role_type,"template") != 0)
00614 {
00615 return $this->__raiseError('Called service with wrong role_type parameter \''.$role_type.'\'','Client');
00616 }
00617
00618 if (strcasecmp($role_type,"template") == 0)
00619
00620 {
00621 $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
00622 } elseif (strcasecmp($role_type,"user")==0 || strcasecmp($role_type,"user_login")==0)
00623
00624 {
00625 if (strcasecmp($role_type,"user")==0)
00626
00627 {
00628 $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
00629 if (!is_numeric($user_id))
00630 {
00631 return $this->__raiseError('ID must be either numeric or ILIAS conform id for type \'user\'','Client');
00632 }
00633 } elseif (strcasecmp($role_type, "user_login") == 0)
00634
00635 {
00636 $user_id = ilObjUser::_lookupId($id);
00637 if (!$user_id)
00638
00639 {
00640 return $this->__raiseError('User with login \''.$id.'\' does not exist!','Client');
00641 }
00642 }
00643 if ($user_id != $ilUser->getId())
00644 // check access for user folder
00645 {
00646 $tmpUser = new ilObjUser($user_id);
00647 $timelimitOwner = $tmpUser->getTimeLimitOwner();
00648 if(!$rbacsystem->checkAccess('read',$timelimitOwner))
00649 {
00650 return $this->__raiseError('Check access for time limit owner failed.','Server');
00651 }
00652 }
00653 $role_type = ""; // local and global roles for user
00654 $query = sprintf("SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=".$user_id,
00655 join ("','", $rbacreview->assignedRoles($user_id))
00656 );
00657
00658 $rbacresult = $ilDB->query($query);
00659 while ($rbacrow = $rbacresult->fetchRow(DB_FETCHMODE_ASSOC))
00660 {
00661 if ($rbacrow["assign"] != "y")
00662 continue;
00663
00664 $type = "";
00665
00666 if ($rbacrow["parent"] == ROLE_FOLDER_ID)
00667 {
00668 $type = "Global";
00669 }
00670 else
00671 {
00672 $type = "Local";
00673 }
00674 if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"],false))
00675 {
00676 /* @var $tmp_obj IlObjRole */
00677 $roles[] = array (
00678 "obj_id" =>$rbacrow["rol_id"],
00679 "title" => $tmp_obj->getTitle(),
00680 "description" => $tmp_obj->getDescription(),
00681 "role_type" => $type);
00682 }
00683 }
00684 } elseif ($id == "-1")
00685 // get all roles of system role folder
00686 {
00687 if(!$rbacsystem->checkAccess('read',ROLE_FOLDER_ID))
00688 {
00689 return $this->__raiseError('Check access failed.','Server');
00690 }
00691
00692 $roles = $rbacreview->getAssignableRoles(false, true);
00693 }
00694 else
00695 // get local roles for a specific repository object
00696 // needs permission to read permissions of this object
00697 {
00698 if(!$rbacsystem->checkAccess('edit_permission',$id))
00699 {
00700 return $this->__raiseError('Check access for local roles failed.','Server');
00701 }
00702
00703 if (!is_numeric($id)) {
00704 return $this->__raiseError('Id must be numeric to process roles of a repository object.','Client');
00705 }
00706
00707 $role_type = "local";
00708
00709 $role_folder = $rbacreview->getRoleFolderOfObject($id);
00710
00711 if(count($role_folder))
00712 {
00713 foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
00714 {
00715 if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
00716 {
00717 $roles[] = array ("obj_id" => $role_id, "title" => $tmp_obj->getTitle(), "description" => $tmp_obj->getDescription(), "role_type" => $role_type);
00718 }
00719 }
00720 }
00721 }
00722
00723 include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
00724
00725 $xml_writer = new ilSoapRoleObjectXMLWriter();
00726 $xml_writer->setObjects($roles);
00727 $xml_writer->setType ($role_type);
00728 if($xml_writer->start())
00729 {
00730 return $xml_writer->getXML();
00731 }
00732 }
00733
00734
00735 }
00736 ?>
