ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSoapRBACAdministration.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapRBACAdministration extends ilSoapAdministration
36 {
37  function ilSoapRBACAdministration()
38  {
39  parent::ilSoapAdministration();
40  }
41 
42 
43  function deleteRole($sid,$role_id)
44  {
45  $this->initAuth($sid);
46  $this->initIlias();
47 
48  if(!$this->__checkSession($sid))
49  {
50  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
51  }
52 
53  global $rbacreview, $rbacsystem,$ilAccess;
54 
55  if(!$tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) or $tmp_role->getType() != 'role')
56  {
57  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
58  'Client');
59  }
60 
61 
62  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
63  if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
64  {
65  return $this->__raiseError('Check access failed. No permission to delete role','Server');
66  }
67 
68  // if it's last role of an user
69  foreach($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id)
70  {
71  if(count($rbacreview->assignedRoles($user_id)) == 1)
72  {
73  return $this->__raiseError('Cannot deassign last role of users',
74  'Client');
75  }
76  }
77 
78  // set parent id (role folder id) of role
79  $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id,true));
80  $tmp_role->setParent($rolf_id);
81  $tmp_role->delete();
82 
83  return true;
84  }
85 
86  function addUserRoleEntry($sid,$user_id,$role_id)
87  {
88  $this->initAuth($sid);
89  $this->initIlias();
90 
91  if(!$this->__checkSession($sid))
92  {
93  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
94  }
95 
96  global $rbacadmin,$rbacreview,$ilAccess;
97 
98  if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id) and $tmp_user->getType() != 'usr')
99  {
100  return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
101  'Client');
102  }
103  if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id) and $tmp_role->getType() != 'role')
104  {
105  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
106  'Client');
107  }
108 
109  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
110  if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
111  {
112  return $this->__raiseError('Check access failed. No permission to assign users','Server');
113  }
114 
115  if(!$rbacadmin->assignUser($role_id,$user_id))
116  {
117  return $this->__raiseError('Error rbacadmin->assignUser()',
118  'Server');
119  }
120  return true;
121  }
122  function deleteUserRoleEntry($sid,$user_id,$role_id)
123  {
124  $this->initAuth($sid);
125  $this->initIlias();
126 
127  if(!$this->__checkSession($sid))
128  {
129  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
130  }
131 
132  global $rbacadmin,$ilAccess,$rbacreview;
133 
134  if($tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false) and $tmp_user->getType() != 'usr')
135  {
136  return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
137  'Client');
138  }
139  if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
140  {
141  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
142  'Client');
143  }
144 
145  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
146  if(!$ilAccess->checkAccess('edit_permission','',$obj_ref))
147  {
148  return $this->__raiseError('Check access failed. No permission to deassign users','Server');
149  }
150 
151  if(!$rbacadmin->deassignUser($role_id,$user_id))
152  {
153  return $this->__raiseError('Error rbacadmin->deassignUser()',
154  'Server');
155  }
156  return true;
157  }
158 
159  function getOperations($sid)
160  {
161  $this->initAuth($sid);
162  $this->initIlias();
163 
164  if(!$this->__checkSession($sid))
165  {
166  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
167  }
168 
169  global $rbacreview;
170 
171  if(is_array($ops = $rbacreview->getOperations()))
172  {
173  return $ops;
174  }
175  else
176  {
177  return $this->__raiseError('Unknown error','Server');
178  }
179  }
180 
181  function revokePermissions($sid,$ref_id,$role_id)
182  {
183  $this->initAuth($sid);
184  $this->initIlias();
185 
186  if(!$this->__checkSession($sid))
187  {
188  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
189  }
190 
191  global $rbacadmin,$ilAccess;
192 
193  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
194  {
195  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
196  'Client');
197  }
198  if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
199  {
200  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
201  'Client');
202  }
203  if ($role_id == SYSTEM_ROLE_ID)
204  {
205  return $this->__raiseError('Cannot revoke permissions of system role',
206  'Client');
207  }
208 
209  if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
210  {
211  return $this->__raiseError('Check access failed. No permission to revoke permissions','Server');
212  }
213 
214  $rbacadmin->revokePermission($ref_id,$role_id);
215 
216  return true;
217  }
218  function grantPermissions($sid,$ref_id,$role_id,$permissions)
219  {
220  $this->initAuth($sid);
221  $this->initIlias();
222 
223  if(!$this->__checkSession($sid))
224  {
225  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
226  }
227 
228  global $rbacadmin,$ilAccess;
229 
230  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
231  {
232  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
233  'Client');
234  }
235  if($tmp_role =& ilObjectFactory::getInstanceByObjId($role_id,false) and $tmp_role->getType() != 'role')
236  {
237  return $this->__raiseError('No valid role id given. Please choose an existing id of an ILIAS role',
238  'Client');
239  }
240 
241  if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
242  {
243  return $this->__raiseError('Check access failed. No permission to grant permissions','Server');
244  }
245 
246 
247  // mjansen@databay.de: dirty fix
248  if(isset($permissions['item']))
249  {
250  $permissions = $permissions['item'];
251  }
252 
253  if(!is_array($permissions))
254  {
255  return $this->__raiseError('No valid permissions given.'.print_r($permissions),
256  'Client');
257  }
258 
259  $rbacadmin->revokePermission($ref_id,$role_id);
260  $rbacadmin->grantPermission($role_id,$permissions,$ref_id);
261 
262  return true;
263  }
264 
265  function getLocalRoles($sid,$ref_id)
266  {
267  $this->initAuth($sid);
268  $this->initIlias();
269 
270  if(!$this->__checkSession($sid))
271  {
272  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
273  }
274 
275  global $rbacreview,$ilAccess;
276 
277  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
278  {
279  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
280  'Client');
281  }
282 
283  if(!$ilAccess->checkAccess('edit_permission','',$ref_id))
284  {
285  return $this->__raiseError('Check access failed. No permission to access role information','Server');
286  }
287 
288 
289  $role_folder = $rbacreview->getRoleFolderOfObject($ref_id);
290 
291  if(count($role_folder))
292  {
293  foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
294  {
295  if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
296  {
297  $objs[] = $tmp_obj;
298  }
299  }
300  }
301  if(count($objs))
302  {
303  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
304 
305  $xml_writer = new ilObjectXMLWriter();
306  $xml_writer->setObjects($objs);
307  if($xml_writer->start())
308  {
309  return $xml_writer->getXML();
310  }
311  }
312  return '';
313  }
314 
315  function getUserRoles($sid,$user_id)
316  {
317  $this->initAuth($sid);
318  $this->initIlias();
319 
320  if(!$this->__checkSession($sid))
321  {
322  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
323  }
324 
325  global $rbacreview;
326 
327  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
328  {
329  return $this->__raiseError('No valid user id given. Please choose an existing id of an ILIAS user',
330  'Client');
331  }
332 
333  foreach($rbacreview->assignedRoles($user_id) as $role_id)
334  {
335  if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
336  {
337  $objs[] = $tmp_obj;
338  }
339  }
340  if(count($objs))
341  {
342  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
343 
344  $xml_writer = new ilObjectXMLWriter();
345  $xml_writer->setObjects($objs);
346  if($xml_writer->start())
347  {
348  return $xml_writer->getXML();
349  }
350  }
351  return '';
352  }
353 
354  function addRole($sid,$target_id,$role_xml)
355  {
356  $this->initAuth($sid);
357  $this->initIlias();
358 
359  if(!$this->__checkSession($sid))
360  {
361  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
362  }
363 
364  global $rbacreview, $objDefinition, $rbacsystem,$ilAccess;
365 
366  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
367  {
368  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
369  'Client');
370  }
371 
372  if(ilObject::_isInTrash($target_id))
373  {
374  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
375  }
376 
377  if(!$ilAccess->checkAccess('edit_permission','',$target_id))
378  {
379  return $this->__raiseError('Check access failed. No permission to create roles','Server');
380  }
381 
382  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
383 
384  $xml_parser =& new ilObjectXMLParser($role_xml);
385  $xml_parser->startParsing();
386 
387  foreach($xml_parser->getObjectData() as $object_data)
388  {
389 
390  // check if role title has il_ prefix
391  if(substr($object_data['title'],0,3) == "il_")
392  {
393  return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
394  'Client');
395  }
396 
397  $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
398  if (!$rolf_id = $rolf_data["child"])
399  {
400  // can the current object contain a rolefolder?
401  $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
402  if(!isset($subobjects["rolf"]))
403  {
404  return $this->__raiseError('Cannot create role at this position',
405  'Client');
406  }
407 
408  // CHECK ACCESS 'create' rolefolder
409  if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
410  {
411  return $this->__raiseError('No permission to create role folders',
412  'Client');
413  }
414 
415  // create a rolefolder
416  $rolf_obj = $tmp_obj->createRoleFolder();
417  $rolf_id = $rolf_obj->getRefId();
418  }
419  $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
420  $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description'],
421  $object_data['import_id']);
422  //echo "-".$object_data['import_id']."-";
423  $new_roles[] = $role_obj->getId();
424  }
425 
426  return $new_roles ? $new_roles : array();
427  }
428 
429  function addRoleFromTemplate($sid,$target_id,$role_xml,$template_id)
430  {
431  $this->initAuth($sid);
432  $this->initIlias();
433 
434  if(!$this->__checkSession($sid))
435  {
436  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
437  }
438 
439  global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin,$ilAccess;
440 
441  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($target_id,false))
442  {
443  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
444  'Client');
445  }
446  if(ilObject::_lookupType($template_id) != 'rolt')
447  {
448  return $this->__raiseError('No valid template id given. Please choose an existing object id of an ILIAS role template',
449  'Client');
450  }
451 
452 
453  if(ilObject::_isInTrash($target_id))
454  {
455  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
456  }
457 
458  if(!$ilAccess->checkAccess('edit_permission','',$target_id))
459  {
460  return $this->__raiseError('Check access failed. No permission to create roles','Server');
461  }
462 
463 
464  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
465 
466  $xml_parser =& new ilObjectXMLParser($role_xml);
467  $xml_parser->startParsing();
468 
469  foreach($xml_parser->getObjectData() as $object_data)
470  {
471 
472  // check if role title has il_ prefix
473  if(substr($object_data['title'],0,3) == "il_")
474  {
475  return $this->__raiseError('Rolenames are not allowed to start with "il_" ',
476  'Client');
477  }
478 
479  $rolf_data = $rbacreview->getRoleFolderOfObject($target_id);
480  if (!$rolf_id = $rolf_data["child"])
481  {
482  // can the current object contain a rolefolder?
483  $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
484  if(!isset($subobjects["rolf"]))
485  {
486  return $this->__raiseError('Cannot create role at this position',
487  'Client');
488  }
489 
490  // CHECK ACCESS 'create' rolefolder
491  if (!$rbacsystem->checkAccess('create',$target_id,'rolf'))
492  {
493  return $this->__raiseError('No permission to create role folders',
494  'Client');
495  }
496 
497  // create a rolefolder
498  $rolf_obj = $tmp_obj->createRoleFolder();
499  $rolf_id = $rolf_obj->getRefId();
500  }
501  $rolf_obj =& ilObjectFactory::getInstanceByRefId($rolf_id);
502  $role_obj = $rolf_obj->createRole($object_data['title'],$object_data['description']);
503 
504  // Copy permssions
505  $rbacadmin->copyRoleTemplatePermissions($template_id,ROLE_FOLDER_ID,$rolf_obj->getRefId(),$role_obj->getId());
506 
507  // Set object permissions according to role template
508  $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),$tmp_obj->getType(),$rolf_obj->getRefId());
509  $rbacadmin->grantPermission($role_obj->getId(),$ops,$target_id);
510 
511  // SET permissisons of role folder according to role template
512  $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),"rolf",$rolf_obj->getRefId());
513  $rbacadmin->grantPermission($role_obj->getId(),$ops,$rolf_obj->getRefId());
514 
515  $new_roles[] = $role_obj->getId();
516  }
517 
518 
519  // CREATE ADMIN ROLE
520 
521 
522 
523 
524 
525  return $new_roles ? $new_roles : array();
526  }
527 
528  function getObjectTreeOperations($sid,$ref_id,$user_id)
529  {
530  $this->initAuth($sid);
531  $this->initIlias();
532 
533  if(!$this->__checkSession($sid))
534  {
535  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
536  }
537 
538  global $rbacsystem,$rbacreview,$ilAccess;
539 
540 
541  if(!$tmp_obj =& ilObjectFactory::getInstanceByRefId($ref_id,false))
542  {
543  return $this->__raiseError('No valid ref id given. Please choose an existing reference id of an ILIAS object',
544  'Client');
545  }
546 
547  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
548  {
549  return $this->__raiseError('No valid user id given.',
550  'Client');
551  }
552 
553  if(ilObject::_isInTrash($ref_id))
554  {
555  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
556  }
557 
558 
559 
560  // check visible for all upper tree entries
561  if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'visible','',$tmp_obj->getRefId()))
562  {
563  return array();
564  }
565  $op_data = $rbacreview->getOperation(2);
566  $ops_data[] = $op_data;
567 
568  if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),'read','',$tmp_obj->getRefId()))
569  {
570  return $ops_data;
571  }
572 
573 
574  $ops_data = array();
575  $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
576  foreach($ops as $ops_id)
577  {
578  $op_data = $rbacreview->getOperation($ops_id);
579 
580  if($rbacsystem->checkAccessOfUser($user_id,$op_data['operation'],$tmp_obj->getRefId()))
581  {
582  $ops_data[$ops_id] = $op_data;
583  }
584 
585  }
586 
587  foreach($ops_data as $data)
588  {
589  $ret_data[] = $data;
590  }
591  return $ret_data ? $ret_data : array();
592  }
593 
602  function getRoles($sid, $role_type, $id)
603  {
604  $this->initAuth($sid);
605  $this->initIlias();
606 
607  if(!$this->__checkSession($sid))
608  {
609  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
610  }
611 
612  global $rbacsystem, $rbacreview, $ilUser, $ilDB;
613 
614  if (strcasecmp($role_type,"") != 0 &&
615  strcasecmp($role_type,"local") != 0 &&
616  strcasecmp($role_type,"global") != 0 &&
617  strcasecmp($role_type,"user") != 0 &&
618  strcasecmp($role_type,"user_login") != 0 &&
619  strcasecmp($role_type,"template") != 0)
620  {
621  return $this->__raiseError('Called service with wrong role_type parameter \''.$role_type.'\'','Client');
622  }
623 
624  $roles = array();
625 
626 
627  if (strcasecmp($role_type,"template") == 0)
628  // get templates
629  {
630  $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
631  } elseif (strcasecmp($role_type,"user")==0 || strcasecmp($role_type,"user_login")==0)
632  // handle user roles
633  {
634  $user_id = $this->parseUserID($id, $role_type);
635  if ($user_id != $ilUser->getId())
636  // check access for user folder
637  {
638  $tmpUser = new ilObjUser($user_id);
639  $timelimitOwner = $tmpUser->getTimeLimitOwner();
640  if(!$rbacsystem->checkAccess('read',$timelimitOwner))
641  {
642  return $this->__raiseError('Check access for time limit owner failed.','Server');
643  }
644  }
645  $role_type = ""; // local and global roles for user
646 
647  $query = sprintf("SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=".$user_id,
648  join ("','", $rbacreview->assignedRoles($user_id))
649  );
650 
651  $rbacresult = $ilDB->query($query);
652  while ($rbacrow = $rbacresult->fetchRow(DB_FETCHMODE_ASSOC))
653  {
654  if ($rbacrow["assign"] != "y")
655  continue;
656 
657  $type = "";
658 
659  if ($rbacrow["parent"] == ROLE_FOLDER_ID)
660  {
661  $type = "Global";
662  }
663  else
664  {
665  $type = "Local";
666  }
667  if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"],false))
668  {
669  /* @var $tmp_obj IlObjRole */
670  $roles[] = array (
671  "obj_id" =>$rbacrow["rol_id"],
672  "title" => $tmp_obj->getTitle(),
673  "description" => $tmp_obj->getDescription(),
674  "role_type" => $type);
675  }
676  }
677  } elseif ($id == "-1")
678  // get all roles of system role folder
679  {
680  if(!$rbacsystem->checkAccess('read',ROLE_FOLDER_ID))
681  {
682  return $this->__raiseError('Check access failed.','Server');
683  }
684 
685  $roles = $rbacreview->getAssignableRoles(false, true);
686  }
687  else
688  // get local roles for a specific repository object
689  // needs permission to read permissions of this object
690  {
691  if(!$rbacsystem->checkAccess('edit_permission',$id))
692  {
693  return $this->__raiseError('Check access for local roles failed.','Server');
694  }
695 
696  if (!is_numeric($id)) {
697  return $this->__raiseError('Id must be numeric to process roles of a repository object.','Client');
698  }
699 
700  $role_type = "local";
701 
702  $role_folder = $rbacreview->getRoleFolderOfObject($id);
703 
704  if(count($role_folder))
705  {
706  foreach($rbacreview->getRolesOfRoleFolder($role_folder['ref_id'],false) as $role_id)
707  {
708  if($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id,false))
709  {
710  $roles[] = array ("obj_id" => $role_id, "title" => $tmp_obj->getTitle(), "description" => $tmp_obj->getDescription(), "role_type" => $role_type);
711  }
712  }
713  }
714  }
715 
716 
717  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
718 
719  $xml_writer = new ilSoapRoleObjectXMLWriter();
720  $xml_writer->setObjects($roles);
721  $xml_writer->setType ($role_type);
722  if($xml_writer->start())
723  {
724  return $xml_writer->getXML();
725  }
726  }
727 
738  function searchRoles ($sid, $key, $combination, $role_type)
739  {
740  $this->initAuth($sid);
741  $this->initIlias();
742 
743  if(!$this->__checkSession($sid))
744  {
745  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
746  }
747 
748  global $rbacsystem, $rbacreview, $ilUser, $ilDB;
749 
750 
751  if (strcasecmp($role_type,"") != 0 &&
752  strcasecmp($role_type,"local") != 0 &&
753  strcasecmp($role_type,"global") != 0 &&
754  strcasecmp($role_type,"template") != 0)
755  {
756  return $this->__raiseError('Called service with wrong role_type parameter \''.$role_type.'\'','Client');
757  }
758 
759  if($combination != 'and' and $combination != 'or')
760  {
761  return $this->__raiseError('No valid combination given. Must be "and" or "or".',
762  'Client');
763  }
764 
765  include_once './Services/Search/classes/class.ilQueryParser.php';
766 
767  $query_parser =& new ilQueryParser($key);
768  $query_parser->setMinWordLength(3);
769  $query_parser->setCombination($combination == 'and' ? QP_COMBINATION_AND : QP_COMBINATION_OR);
770  $query_parser->parse();
771  if(!$query_parser->validate())
772  {
773  return $this->__raiseError($query_parser->getMessage(), 'Client');
774  }
775 
776  include_once './Services/Search/classes/class.ilObjectSearchFactory.php';
777 
778  $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
779  $object_search->setFilter(array("role","rolt"));
780 
781  $res = $object_search->performSearch();
782  $res->filter(ROOT_FOLDER_ID, $combination == 'and' ? true : false);
783 
784  $obj_ids = array();
785  foreach($res->getUniqueResults() as $entry)
786  {
787  $obj_ids [] = $entry['obj_id'];
788  }
789 
790  $roles = array();
791  if (count($obj_ids)> 0 )
792  {
793  #print_r($obj_ids);
794  $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type == "template");
795  }
796  #print_r($roles);
797  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
798  $xml_writer = new ilSoapRoleObjectXMLWriter();
799  $xml_writer->setObjects($roles);
800  $xml_writer->setType ($role_type);
801  if($xml_writer->start())
802  {
803  return $xml_writer->getXML();
804  }
805 
806 
807  }
808 
809 
810  private function parseUserID ($id, $role_type) {
811  if (strcasecmp($role_type,"user")==0)
812  // get user roles for user id, which can be numeric or ilias id
813  {
814  $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
815  if (!is_numeric($user_id))
816  {
817  return $this->__raiseError('ID must be either numeric or ILIAS conform id for type \'user\'','Client');
818  }
819  } elseif (strcasecmp($role_type, "user_login") == 0)
820  // check for login
821  {
822  $user_id = ilObjUser::_lookupId($id);
823  if (!$user_id)
824  // could not find a valid user
825  {
826  return $this->__raiseError('User with login \''.$id.'\' does not exist!','Client');
827  }
828  }
829  return $user_id;
830  }
831 }
832 ?>