33 include_once
'./webservice/soap/classes/class.ilSoapAdministration.php';
48 if(!$this->__checkSession($sid))
53 global $rbacreview, $rbacsystem,$ilAccess;
57 return $this->
__raiseError(
'No valid role id given. Please choose an existing id of an ILIAS role',
62 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
63 if(!$ilAccess->checkAccess(
'edit_permission',
'',$obj_ref))
65 return $this->
__raiseError(
'Check access failed. No permission to delete role',
'Server');
69 foreach($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id)
71 if(count($rbacreview->assignedRoles($user_id)) == 1)
73 return $this->
__raiseError(
'Cannot deassign last role of users',
79 $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id,
true));
80 $tmp_role->setParent($rolf_id);
91 if(!$this->__checkSession($sid))
96 global $rbacadmin,$rbacreview,$ilAccess;
100 return $this->
__raiseError(
'No valid user id given. Please choose an existing id of an ILIAS user',
105 return $this->
__raiseError(
'No valid role id given. Please choose an existing id of an ILIAS role',
109 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
110 if(!$ilAccess->checkAccess(
'edit_permission',
'',$obj_ref))
112 return $this->
__raiseError(
'Check access failed. No permission to assign users',
'Server');
115 if(!$rbacadmin->assignUser($role_id,$user_id))
117 return $this->
__raiseError(
'Error rbacadmin->assignUser()',
127 if(!$this->__checkSession($sid))
132 global $rbacadmin,$ilAccess,$rbacreview;
136 return $this->
__raiseError(
'No valid user id given. Please choose an existing id of an ILIAS user',
141 return $this->
__raiseError(
'No valid role id given. Please choose an existing id of an ILIAS role',
145 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
146 if(!$ilAccess->checkAccess(
'edit_permission',
'',$obj_ref))
148 return $this->
__raiseError(
'Check access failed. No permission to deassign users',
'Server');
151 if(!$rbacadmin->deassignUser($role_id,$user_id))
153 return $this->
__raiseError(
'Error rbacadmin->deassignUser()',
164 if(!$this->__checkSession($sid))
171 if(is_array($ops = $rbacreview->getOperations()))
186 if(!$this->__checkSession($sid))
191 global $rbacadmin,$ilAccess;
195 return $this->
__raiseError(
'No valid ref id given. Please choose an existing reference id of an ILIAS object',
200 return $this->
__raiseError(
'No valid role id given. Please choose an existing id of an ILIAS role',
203 if ($role_id == SYSTEM_ROLE_ID)
205 return $this->
__raiseError(
'Cannot revoke permissions of system role',
209 if(!$ilAccess->checkAccess(
'edit_permission',
'',
$ref_id))
211 return $this->
__raiseError(
'Check access failed. No permission to revoke permissions',
'Server');
214 $rbacadmin->revokePermission(
$ref_id,$role_id);
223 if(!$this->__checkSession($sid))
228 global $rbacadmin,$ilAccess;
232 return $this->
__raiseError(
'No valid ref id given. Please choose an existing reference id of an ILIAS object',
237 return $this->
__raiseError(
'No valid role id given. Please choose an existing id of an ILIAS role',
241 if(!$ilAccess->checkAccess(
'edit_permission',
'',
$ref_id))
243 return $this->
__raiseError(
'Check access failed. No permission to grant permissions',
'Server');
248 if(isset($permissions[
'item']))
250 $permissions = $permissions[
'item'];
253 if(!is_array($permissions))
255 return $this->
__raiseError(
'No valid permissions given.'.print_r($permissions),
259 $rbacadmin->revokePermission(
$ref_id,$role_id);
260 $rbacadmin->grantPermission($role_id,$permissions,
$ref_id);
270 if(!$this->__checkSession($sid))
275 global $rbacreview,$ilAccess;
279 return $this->
__raiseError(
'No valid ref id given. Please choose an existing reference id of an ILIAS object',
283 if(!$ilAccess->checkAccess(
'edit_permission',
'',
$ref_id))
285 return $this->
__raiseError(
'Check access failed. No permission to access role information',
'Server');
289 $role_folder = $rbacreview->getRoleFolderOfObject(
$ref_id);
291 if(count($role_folder))
293 foreach($rbacreview->getRolesOfRoleFolder($role_folder[
'ref_id'],
false) as $role_id)
303 include_once
'./webservice/soap/classes/class.ilObjectXMLWriter.php';
306 $xml_writer->setObjects($objs);
307 if($xml_writer->start())
309 return $xml_writer->getXML();
320 if(!$this->__checkSession($sid))
329 return $this->
__raiseError(
'No valid user id given. Please choose an existing id of an ILIAS user',
333 foreach($rbacreview->assignedRoles($user_id) as $role_id)
342 include_once
'./webservice/soap/classes/class.ilObjectXMLWriter.php';
345 $xml_writer->setObjects($objs);
346 if($xml_writer->start())
348 return $xml_writer->getXML();
359 if(!$this->__checkSession($sid))
364 global $rbacreview, $objDefinition, $rbacsystem,$ilAccess;
368 return $this->
__raiseError(
'No valid ref id given. Please choose an existing reference id of an ILIAS object',
374 return $this->
__raiseError(
"Parent with ID $target_id has been deleted.",
'CLIENT_TARGET_DELETED');
377 if(!$ilAccess->checkAccess(
'edit_permission',
'',
$target_id))
379 return $this->
__raiseError(
'Check access failed. No permission to create roles',
'Server');
382 include_once
'webservice/soap/classes/class.ilObjectXMLParser.php';
385 $xml_parser->startParsing();
387 foreach($xml_parser->getObjectData() as $object_data)
391 if(substr($object_data[
'title'],0,3) ==
"il_")
393 return $this->
__raiseError(
'Rolenames are not allowed to start with "il_" ',
397 $rolf_data = $rbacreview->getRoleFolderOfObject(
$target_id);
398 if (!$rolf_id = $rolf_data[
"child"])
401 $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
402 if(!isset($subobjects[
"rolf"]))
404 return $this->
__raiseError(
'Cannot create role at this position',
409 if (!$rbacsystem->checkAccess(
'create',
$target_id,
'rolf'))
411 return $this->
__raiseError(
'No permission to create role folders',
416 $rolf_obj = $tmp_obj->createRoleFolder();
417 $rolf_id = $rolf_obj->getRefId();
420 $role_obj = $rolf_obj->createRole($object_data[
'title'],$object_data[
'description'],
421 $object_data[
'import_id']);
423 $new_roles[] = $role_obj->getId();
426 return $new_roles ? $new_roles : array();
434 if(!$this->__checkSession($sid))
439 global $rbacreview, $objDefinition, $rbacsystem, $rbacadmin,$ilAccess;
443 return $this->
__raiseError(
'No valid ref id given. Please choose an existing reference id of an ILIAS object',
448 return $this->
__raiseError(
'No valid template id given. Please choose an existing object id of an ILIAS role template',
455 return $this->
__raiseError(
"Parent with ID $target_id has been deleted.",
'CLIENT_TARGET_DELETED');
458 if(!$ilAccess->checkAccess(
'edit_permission',
'',
$target_id))
460 return $this->
__raiseError(
'Check access failed. No permission to create roles',
'Server');
464 include_once
'webservice/soap/classes/class.ilObjectXMLParser.php';
467 $xml_parser->startParsing();
469 foreach($xml_parser->getObjectData() as $object_data)
473 if(substr($object_data[
'title'],0,3) ==
"il_")
475 return $this->
__raiseError(
'Rolenames are not allowed to start with "il_" ',
479 $rolf_data = $rbacreview->getRoleFolderOfObject(
$target_id);
480 if (!$rolf_id = $rolf_data[
"child"])
483 $subobjects = $objDefinition->getSubObjects($tmp_obj->getType());
484 if(!isset($subobjects[
"rolf"]))
486 return $this->
__raiseError(
'Cannot create role at this position',
491 if (!$rbacsystem->checkAccess(
'create',
$target_id,
'rolf'))
493 return $this->
__raiseError(
'No permission to create role folders',
498 $rolf_obj = $tmp_obj->createRoleFolder();
499 $rolf_id = $rolf_obj->getRefId();
502 $role_obj = $rolf_obj->createRole($object_data[
'title'],$object_data[
'description'],$object_data[
'import_id']);
505 $rbacadmin->copyRoleTemplatePermissions($template_id,ROLE_FOLDER_ID,$rolf_obj->getRefId(),$role_obj->getId());
508 $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),$tmp_obj->getType(),$rolf_obj->getRefId());
509 $rbacadmin->grantPermission($role_obj->getId(),$ops,
$target_id);
512 $ops = $rbacreview->getOperationsOfRole($role_obj->getId(),
"rolf",$rolf_obj->getRefId());
513 $rbacadmin->grantPermission($role_obj->getId(),$ops,$rolf_obj->getRefId());
515 $new_roles[] = $role_obj->getId();
525 return $new_roles ? $new_roles : array();
533 if(!$this->__checkSession($sid))
538 global $rbacsystem,$rbacreview,$ilAccess;
543 return $this->
__raiseError(
'No valid ref id given. Please choose an existing reference id of an ILIAS object',
555 return $this->
__raiseError(
"Parent with ID $target_id has been deleted.",
'CLIENT_TARGET_DELETED');
561 if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),
'visible',
'',$tmp_obj->getRefId()))
565 $op_data = $rbacreview->getOperation(2);
566 $ops_data[] = $op_data;
568 if(!$ilAccess->checkAccessOfUser($tmp_user->getId(),
'read',
'',$tmp_obj->getRefId()))
575 $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
576 foreach($ops as $ops_id)
578 $op_data = $rbacreview->getOperation($ops_id);
580 if($rbacsystem->checkAccessOfUser($user_id,$op_data[
'operation'],$tmp_obj->getRefId()))
582 $ops_data[$ops_id] = $op_data;
587 foreach($ops_data as $data)
591 return $ret_data ? $ret_data : array();
607 if(!$this->__checkSession($sid))
612 global $rbacsystem, $rbacreview,
$ilUser, $ilDB;
614 if (strcasecmp($role_type,
"") != 0 &&
615 strcasecmp($role_type,
"local") != 0 &&
616 strcasecmp($role_type,
"global") != 0 &&
617 strcasecmp($role_type,
"user") != 0 &&
618 strcasecmp($role_type,
"user_login") != 0 &&
619 strcasecmp($role_type,
"template") != 0)
621 return $this->
__raiseError(
'Called service with wrong role_type parameter \''.$role_type.
'\'',
'Client');
627 if (strcasecmp($role_type,
"template") == 0)
630 $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
631 } elseif (strcasecmp($role_type,
"user")==0 || strcasecmp($role_type,
"user_login")==0)
635 if ($user_id != $ilUser->getId())
639 $timelimitOwner = $tmpUser->getTimeLimitOwner();
640 if(!$rbacsystem->checkAccess(
'read',$timelimitOwner))
642 return $this->
__raiseError(
'Check access for time limit owner failed.',
'Server');
647 $query = sprintf(
"SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=".$user_id,
648 join (
"','", $rbacreview->assignedRoles($user_id))
651 $rbacresult = $ilDB->query(
$query);
654 if ($rbacrow[
"assign"] !=
"y")
659 if ($rbacrow[
"parent"] == ROLE_FOLDER_ID)
671 "obj_id" =>$rbacrow[
"rol_id"],
672 "title" => $tmp_obj->getTitle(),
673 "description" => $tmp_obj->getDescription(),
674 "role_type" => $type);
677 } elseif ($id ==
"-1")
680 if(!$rbacsystem->checkAccess(
'read',ROLE_FOLDER_ID))
682 return $this->
__raiseError(
'Check access failed.',
'Server');
685 $roles = $rbacreview->getAssignableRoles(
false,
true);
691 if(!$rbacsystem->checkAccess(
'edit_permission',$id))
693 return $this->
__raiseError(
'Check access for local roles failed.',
'Server');
696 if (!is_numeric($id)) {
697 return $this->
__raiseError(
'Id must be numeric to process roles of a repository object.',
'Client');
700 $role_type =
"local";
702 $role_folder = $rbacreview->getRoleFolderOfObject($id);
704 if(count($role_folder))
706 foreach($rbacreview->getRolesOfRoleFolder($role_folder[
'ref_id'],
false) as $role_id)
710 $roles[] = array (
"obj_id" => $role_id,
"title" => $tmp_obj->getTitle(),
"description" => $tmp_obj->getDescription(),
"role_type" => $role_type);
717 include_once
'./webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
720 $xml_writer->setObjects($roles);
721 $xml_writer->setType ($role_type);
722 if($xml_writer->start())
724 return $xml_writer->getXML();
743 if(!$this->__checkSession($sid))
748 global $rbacsystem, $rbacreview,
$ilUser, $ilDB;
751 if (strcasecmp($role_type,
"") != 0 &&
752 strcasecmp($role_type,
"local") != 0 &&
753 strcasecmp($role_type,
"global") != 0 &&
754 strcasecmp($role_type,
"template") != 0)
756 return $this->
__raiseError(
'Called service with wrong role_type parameter \''.$role_type.
'\'',
'Client');
759 if($combination !=
'and' and $combination !=
'or')
761 return $this->
__raiseError(
'No valid combination given. Must be "and" or "or".',
765 include_once
'./Services/Search/classes/class.ilQueryParser.php';
768 $query_parser->setMinWordLength(3);
770 $query_parser->parse();
771 if(!$query_parser->validate())
773 return $this->
__raiseError($query_parser->getMessage(),
'Client');
776 include_once
'./Services/Search/classes/class.ilObjectSearchFactory.php';
779 $object_search->setFilter(array(
"role",
"rolt"));
781 $res = $object_search->performSearch();
782 $res->filter(ROOT_FOLDER_ID, $combination ==
'and' ?
true :
false);
785 foreach(
$res->getUniqueResults() as $entry)
787 $obj_ids [] = $entry[
'obj_id'];
791 if (count($obj_ids)> 0 )
794 $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type ==
"template");
797 include_once
'./webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
799 $xml_writer->setObjects($roles);
800 $xml_writer->setType ($role_type);
801 if($xml_writer->start())
803 return $xml_writer->getXML();
811 if (strcasecmp($role_type,
"user")==0)
815 if (!is_numeric($user_id))
817 return $this->
__raiseError(
'ID must be either numeric or ILIAS conform id for type \'user\'',
'Client');
819 } elseif (strcasecmp($role_type,
"user_login") == 0)
826 return $this->
__raiseError(
'User with login \''.$id.
'\' does not exist!
','Client
');