ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Private Member Functions
ilSoapRBACAdministration Class Reference
+ Inheritance diagram for ilSoapRBACAdministration:
+ Collaboration diagram for ilSoapRBACAdministration:

Public Member Functions

 ilSoapRBACAdministration ()
 deleteRole ($sid, $role_id)
 addUserRoleEntry ($sid, $user_id, $role_id)
 deleteUserRoleEntry ($sid, $user_id, $role_id)
 getOperations ($sid)
 revokePermissions ($sid, $ref_id, $role_id)
 grantPermissions ($sid, $ref_id, $role_id, $permissions)
 getLocalRoles ($sid, $ref_id)
 getUserRoles ($sid, $user_id)
 addRole ($sid, $target_id, $role_xml)
 addRoleFromTemplate ($sid, $target_id, $role_xml, $template_id)
 getObjectTreeOperations ($sid, $ref_id, $user_id)
 getRoles ($sid, $role_type, $id)
 get roles for a specific type and id
 searchRoles ($sid, $key, $combination, $role_type)
 search for roles.
- Public Member Functions inherited from ilSoapAdministration
 ilSoapAdministration ($use_nusoap=true)
 __checkSession ($sid)
 initErrorWriter ()
 Overwrite error handler.
 __explodeSid ($sid)
 __setMessage ($a_str)
 __getMessage ()
 __appendMessage ($a_str)
 __setMessageCode ($a_code)
 __getMessageCode ()
 initAuth ($sid)
 initIlias ()
 __initAuthenticationObject ($a_auth_mode=AUTH_LOCAL)
 __raiseError ($a_message, $a_code)
 getNIC ($sid)
 get client information from current as xml result set
 isFault ($object)
 checkObjectAccess ($ref_id, $expected_type, $permission, $returnObject=false)
 check access for ref id: expected type, permission, return object instance if returnobject is true
 getInstallationInfoXML ()
 getClientInfoXML ($clientid)

Private Member Functions

 parseUserID ($id, $role_type)

Additional Inherited Members

- Static Public Member Functions inherited from ilSoapAdministration
static return_bytes ($val)
 calculate bytes from K,M,G modifiers e.g: 8M = 8 * 1024 * 1024 bytes
- Data Fields inherited from ilSoapAdministration
 $sauth = null
 $error_method = null
- Protected Attributes inherited from ilSoapAdministration
 $soap_check = true

Detailed Description

Definition at line 35 of file class.ilSoapRBACAdministration.php.

Member Function Documentation

ilSoapRBACAdministration::addRole (   $sid,
  $target_id,
  $role_xml 
)

Definition at line 354 of file class.ilSoapRBACAdministration.php.

References $target_id, ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObject\_isInTrash(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacreview, $objDefinition, $rbacsystem,$ilAccess;
if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
{
return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
'Client');
}
if(ilObject::_isInTrash($target_id))
{
return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
}
if(!$ilAccess->checkAccess('edit_permission','',$target_id))
{
return $this->__raiseError('Check access failed. No permission to create roles','Server');
}
include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
$xml_parser =& new ilObjectXMLParser($role_xml);
$xml_parser->startParsing();
foreach($xml_parser->getObjectData() as $object_data)
{
// check if role title has il_ prefix
if(substr($object_data['title'],0,3) == "il_")
{
return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
'Client');
}
$rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
if (!$rolf_id = $rolf_data["child"])
{
// can the current object contain a rolefolder?
$subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
if(!isset($subobjects["rolf"]))
{
return $this->__raiseError('Cannot create role at this position',
'Client');
}
// CHECK ACCESS 'create' rolefolder
if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
{
return $this->__raiseError('No permission to create role folders',
'Client');
}
// create a rolefolder
$rolf_obj = $tmp_obj->createRoleFolder();
$rolf_id = $rolf_obj->getRefId();
}
$rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
$role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description'],
$object_data['import_id']);
//echo "-".$object_data['import_id']."-";
$new_roles[] = $role_obj->getId();
}
return $new_roles ? $new_roles : array();
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::addRoleFromTemplate (   $sid,
  $target_id,
  $role_xml,
  $template_id 
)

Definition at line 429 of file class.ilSoapRBACAdministration.php.

References $target_id, ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObject\_isInTrash(), ilObject\_lookupType(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin,$ilAccess;
if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
{
return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
'Client');
}
if(ilObject::_lookupType($template_id) != 'rolt')
{
return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template',
'Client');
}
if(ilObject::_isInTrash($target_id))
{
return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
}
if(!$ilAccess->checkAccess('edit_permission','',$target_id))
{
return $this->__raiseError('Check access failed. No permission to create roles','Server');
}
include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
$xml_parser =& new ilObjectXMLParser($role_xml);
$xml_parser->startParsing();
foreach($xml_parser->getObjectData() as $object_data)
{
// check if role title has il_ prefix
if(substr($object_data['title'],0,3) == "il_")
{
return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
'Client');
}
$rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
if (!$rolf_id = $rolf_data["child"])
{
// can the current object contain a rolefolder?
$subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
if(!isset($subobjects["rolf"]))
{
return $this->__raiseError('Cannot create role at this position',
'Client');
}
// CHECK ACCESS 'create' rolefolder
if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
{
return $this->__raiseError('No permission to create role folders',
'Client');
}
// create a rolefolder
$rolf_obj = $tmp_obj->createRoleFolder();
$rolf_id = $rolf_obj->getRefId();
}
$rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
$role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description']);
// Copy permssions
$rbacadmin->copyRoleTemplatePermissions($template_id,ROLE_FOLDER_ID,$rolf_obj->getRefId(),$role_obj->getId());
// Set object permissions according to role template
$ops = $rbacreview->getOperationsOfRole($role_obj->getId(),$tmp_obj->getType(),$rolf_obj->getRefId());
$rbacadmin->grantPermission($role_obj->getId(),$ops,$target_id);
// SET permissisons of role folder according to role template
$ops = $rbacreview->getOperationsOfRole($role_obj->getId(),"rolf",$rolf_obj->getRefId());
$rbacadmin->grantPermission($role_obj->getId(),$ops,$rolf_obj->getRefId());
$new_roles[] = $role_obj->getId();
}
// CREATE ADMIN ROLE
return $new_roles ? $new_roles : array();
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::addUserRoleEntry (   $sid,
  $user_id,
  $role_id 
)

Definition at line 86 of file class.ilSoapRBACAdministration.php.

References ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacadmin,$rbacreview,$ilAccess;
if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id) and $tmp_user->getType() != 'usr')
{
return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
'Client');
}
if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id) and $tmp_role->getType() != 'role')
{
return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
'Client');
}
$obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
{
return $this->__raiseError('Check access failed. No permission to assign users','Server');
}
if(!$rbacadmin->assignUser($role_id,$user_id))
{
return $this->__raiseError('Error rbacadmin->assignUser()',
'Server');
}
return true;
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::deleteRole (   $sid,
  $role_id 
)

Definition at line 43 of file class.ilSoapRBACAdministration.php.

References ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacreview, $rbacsystem,$ilAccess;
if(!$tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) or $tmp_role->getType() != 'role')
{
return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
'Client');
}
$obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
{
return $this->__raiseError('Check access failed. No permission to delete role','Server');
}
// if it's last role of an user
foreach($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id)
{
if(count($rbacreview->assignedRoles($user_id)) == 1)
{
return $this->__raiseError('Cannot deassign last role of users',
'Client');
}
}
// set parent id (role folder id) of role
$rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id,true));
$tmp_role->setParent($rolf_id);
$tmp_role->delete();
return true;
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::deleteUserRoleEntry (   $sid,
  $user_id,
  $role_id 
)

Definition at line 122 of file class.ilSoapRBACAdministration.php.

References ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacadmin,$ilAccess,$rbacreview;
if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false) and $tmp_user->getType() != 'usr')
{
return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
'Client');
}
if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
{
return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
'Client');
}
$obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
{
return $this->__raiseError('Check access failed. No permission to deassign users','Server');
}
if(!$rbacadmin->deassignUser($role_id,$user_id))
{
return $this->__raiseError('Error rbacadmin->deassignUser()',
'Server');
}
return true;
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::getLocalRoles (   $sid,
  $ref_id 
)

Definition at line 265 of file class.ilSoapRBACAdministration.php.

References $ref_id, ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacreview,$ilAccess;
if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
{
return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
'Client');
}
if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
{
return $this->__raiseError('Check access failed. No permission to access role information','Server');
}
$role_folder = $rbacreview->getRoleFolderOfObject($ref_id);
if(count($role_folder))
{
foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
{
if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
{
$objs[] = $tmp_obj;
}
}
}
if(count($objs))
{
include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
$xml_writer = new ilObjectXMLWriter();
$xml_writer->setObjects($objs);
if($xml_writer->start())
{
return $xml_writer->getXML();
}
}
return '';
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::getObjectTreeOperations (   $sid,
  $ref_id,
  $user_id 
)

Definition at line 528 of file class.ilSoapRBACAdministration.php.

References $data, $ref_id, ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObject\_isInTrash(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacsystem,$rbacreview,$ilAccess;
if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
{
return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
'Client');
}
if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
{
return $this->__raiseError('No valid user id given.',
'Client');
}
if(ilObject::_isInTrash($ref_id))
{
return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
}
// check visible for all upper tree entries
if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'visible','',$tmp_obj->getRefId()))
{
return array();
}
$op_data = $rbacreview->getOperation(2);
$ops_data[] = $op_data;
if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'read','',$tmp_obj->getRefId()))
{
return $ops_data;
}
$ops_data = array();
$ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
foreach($ops as $ops_id)
{
$op_data = $rbacreview->getOperation($ops_id);
if($rbacsystem->checkAccessOfUser($user_id,$op_data['operation'],$tmp_obj->getRefId()))
{
$ops_data[$ops_id] = $op_data;
}
}
foreach($ops_data as $data)
{
$ret_data[] = $data;
}
return $ret_data ? $ret_data : array();
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::getOperations (   $sid)

Definition at line 159 of file class.ilSoapRBACAdministration.php.

References ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacreview;
if(is_array($ops = $rbacreview->getOperations()))
{
return $ops;
}
else
{
return $this->__raiseError('Unknown error','Server');
}
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::getRoles (   $sid,
  $role_type,
  $id 
)

get roles for a specific type and id

Parameters
String$sidsession id
String$role_typecan be empty which means "local & global", "local", "global", "user", "user_login" or "template"
Mixed$idcan be -1 for system role folder, can be ref id in case for role type "local/global/template", can be user id with "user" or login in case for role type "user_login"
Returns
String according DTD role_3_7

Definition at line 602 of file class.ilSoapRBACAdministration.php.

References $ilDB, $query, $type, ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), DB_FETCHMODE_ASSOC, elseif(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and parseUserID().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacsystem, $rbacreview, $ilUser, $ilDB;
if (strcasecmp($role_type,"") != 0 &&
strcasecmp($role_type,"local") != 0 &&
strcasecmp($role_type,"global") != 0 &&
strcasecmp($role_type,"user") != 0 &&
strcasecmp($role_type,"user_login") != 0 &&
strcasecmp($role_type,"template") != 0)
{
return $this->__raiseError('Called service with wrong role_type parameter \''.$role_type.'\'','Client');
}
$roles = array();
if (strcasecmp($role_type,"template") == 0)
// get templates
{
$roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
} elseif (strcasecmp($role_type,"user")==0 || strcasecmp($role_type,"user_login")==0)
// handle user roles
{
$user_id = $this->parseUserID($id, $role_type);
if ($user_id != $ilUser->getId())
// check access for user folder
{
$tmpUser = new ilObjUser($user_id);
$timelimitOwner = $tmpUser->getTimeLimitOwner();
if(!$rbacsystem->checkAccess('read',$timelimitOwner))
{
return $this->__raiseError('Check access for time limit owner failed.','Server');
}
}
$role_type = ""; // local and global roles for user
$query = sprintf("SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=".$user_id,
join ("','", $rbacreview->assignedRoles($user_id))
);
$rbacresult = $ilDB->query($query);
while ($rbacrow = $rbacresult->fetchRow(DB_FETCHMODE_ASSOC))
{
if ($rbacrow["assign"] != "y")
continue;
$type = "";
if ($rbacrow["parent"] == ROLE_FOLDER_ID)
{
$type = "Global";
}
else
{
$type = "Local";
}
if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"],false))
{
/* @var $tmp_obj IlObjRole */
$roles[] = array (
"obj_id" =>$rbacrow["rol_id"],
"title" => $tmp_obj->getTitle(),
"description" => $tmp_obj->getDescription(),
"role_type" => $type);
}
}
} elseif ($id == "-1")
// get all roles of system role folder
{
if(!$rbacsystem->checkAccess('read',ROLE_FOLDER_ID))
{
return $this->__raiseError('Check access failed.','Server');
}
$roles = $rbacreview->getAssignableRoles(false, true);
}
else
// get local roles for a specific repository object
// needs permission to read permissions of this object
{
if(!$rbacsystem->checkAccess('edit_permission',$id))
{
return $this->__raiseError('Check access for local roles failed.','Server');
}
if (!is_numeric($id)) {
return $this->__raiseError('Id must be numeric to process roles of a repository object.','Client');
}
$role_type = "local";
$role_folder = $rbacreview->getRoleFolderOfObject($id);
if(count($role_folder))
{
foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
{
if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
{
$roles[] = array ("obj_id" => $role_id, "title" => $tmp_obj->getTitle(), "description" => $tmp_obj->getDescription(), "role_type" => $role_type);
}
}
}
}
include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
$xml_writer = new ilSoapRoleObjectXMLWriter();
$xml_writer->setObjects($roles);
$xml_writer->setType ($role_type);
if($xml_writer->start())
{
return $xml_writer->getXML();
}
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::getUserRoles (   $sid,
  $user_id 
)

Definition at line 315 of file class.ilSoapRBACAdministration.php.

References ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacreview;
if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
{
return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
'Client');
}
foreach($rbacreview->assignedRoles($user_id) as $role_id)
{
if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
{
$objs[] = $tmp_obj;
}
}
if(count($objs))
{
include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
$xml_writer = new ilObjectXMLWriter();
$xml_writer->setObjects($objs);
if($xml_writer->start())
{
return $xml_writer->getXML();
}
}
return '';
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::grantPermissions (   $sid,
  $ref_id,
  $role_id,
  $permissions 
)

Definition at line 218 of file class.ilSoapRBACAdministration.php.

References $ref_id, ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacadmin,$ilAccess;
if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
{
return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
'Client');
}
if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
{
return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
'Client');
}
if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
{
return $this->__raiseError('Check access failed. No permission to grant permissions','Server');
}
// mjansen@databay.de: dirty fix
if(isset($permissions['item']))
{
$permissions = $permissions['item'];
}
if(!is_array($permissions))
{
return $this->__raiseError('No valid permissions given.'.print_r($permissions),
'Client');
}
$rbacadmin->revokePermission($ref_id,$role_id);
$rbacadmin->grantPermission($role_id,$permissions,$ref_id);
return true;
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::ilSoapRBACAdministration ( )

Definition at line 37 of file class.ilSoapRBACAdministration.php.

References ilSoapAdministration\ilSoapAdministration().

{
parent::ilSoapAdministration();
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::parseUserID (   $id,
  $role_type 
)
private

Definition at line 810 of file class.ilSoapRBACAdministration.php.

References ilUtil\__extractId(), ilSoapAdministration\__raiseError(), ilObjUser\_lookupId(), and elseif().

Referenced by getRoles().

{
if (strcasecmp($role_type,"user")==0)
// get user roles for user id, which can be numeric or ilias id
{
$user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
if (!is_numeric($user_id))
{
return $this->__raiseError('ID must be either numeric or ILIAS conform id for type \'user\'','Client');
}
} elseif (strcasecmp($role_type, "user_login") == 0)
// check for login
{
$user_id = ilObjUser::_lookupId($id);
if (!$user_id)
// could not find a valid user
{
return $this->__raiseError('User with login \''.$id.'\' does not exist!','Client');
}
}
return $user_id;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilSoapRBACAdministration::revokePermissions (   $sid,
  $ref_id,
  $role_id 
)

Definition at line 181 of file class.ilSoapRBACAdministration.php.

References $ref_id, ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\initAuth(), and ilSoapAdministration\initIlias().

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacadmin,$ilAccess;
if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
{
return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
'Client');
}
if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
{
return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
'Client');
}
if ($role_id == SYSTEM_ROLE_ID)
{
return $this->__raiseError('Cannot revoke permissions of system role',
'Client');
}
if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
{
return $this->__raiseError('Check access failed. No permission to revoke permissions','Server');
}
$rbacadmin->revokePermission($ref_id,$role_id);
return true;
}

+ Here is the call graph for this function:

ilSoapRBACAdministration::searchRoles (   $sid,
  $key,
  $combination,
  $role_type 
)

search for roles.

Parameters
String$sid
String$searchtermscomma separated search terms
String$operatormust be or or and
String$role_typecan be empty which means "local & global", "local", "global", "user" = roles of user, "user_login" or "template"

Definition at line 738 of file class.ilSoapRBACAdministration.php.

References $ilDB, $key, $res, ilSoapAdministration\__checkSession(), ilSoapAdministration\__getMessage(), ilSoapAdministration\__getMessageCode(), ilSoapAdministration\__raiseError(), ilObjectSearchFactory\_getObjectSearchInstance(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), QP_COMBINATION_AND, and QP_COMBINATION_OR.

{
$this->initAuth($sid);
$this->initIlias();
if(!$this->__checkSession($sid))
{
return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
}
global $rbacsystem, $rbacreview, $ilUser, $ilDB;
if (strcasecmp($role_type,"") != 0 &&
strcasecmp($role_type,"local") != 0 &&
strcasecmp($role_type,"global") != 0 &&
strcasecmp($role_type,"template") != 0)
{
return $this->__raiseError('Called service with wrong role_type parameter \''.$role_type.'\'','Client');
}
if($combination != 'and' and $combination != 'or')
{
return $this->__raiseError('No valid combination given. Must be "and" or "or".',
'Client');
}
include_once './Services/Search/classes/class.ilQueryParser.php';
$query_parser =& new ilQueryParser($key);
$query_parser->setMinWordLength(3);
$query_parser->setCombination($combination == 'and' ? QP_COMBINATION_AND : QP_COMBINATION_OR);
$query_parser->parse();
if(!$query_parser->validate())
{
return $this->__raiseError($query_parser->getMessage(), 'Client');
}
include_once './Services/Search/classes/class.ilObjectSearchFactory.php';
$object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
$object_search->setFilter(array("role","rolt"));
$res = $object_search->performSearch();
$res->filter(ROOT_FOLDER_ID, $combination == 'and' ? true : false);
$obj_ids = array();
foreach($res->getUniqueResults() as $entry)
{
$obj_ids [] = $entry['obj_id'];
}
$roles = array();
if (count($obj_ids)> 0 )
{
#print_r($obj_ids);
$roles = $rbacreview->getRolesForIDs($obj_ids, $role_type == "template");
}
#print_r($roles);
include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
$xml_writer = new ilSoapRoleObjectXMLWriter();
$xml_writer->setObjects($roles);
$xml_writer->setType ($role_type);
if($xml_writer->start())
{
return $xml_writer->getXML();
}
}

+ Here is the call graph for this function:

The documentation for this class was generated from the following file: