ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilSoapRBACAdministration.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
29 class ilSoapRBACAdministration extends ilSoapAdministration
30 {
34  public function deleteRole(string $sid, int $role_id)
35  {
36  $this->initAuth($sid);
37  $this->initIlias();
38 
39  if (!$this->checkSession($sid)) {
40  return $this->raiseError($this->getMessage(), $this->getMessageCode());
41  }
42 
43  global $DIC;
44 
45  $rbacreview = $DIC['rbacreview'];
46  $rbacsystem = $DIC['rbacsystem'];
47  $ilAccess = $DIC['ilAccess'];
48 
49  if (!($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) || $tmp_role->getType() !== 'role') {
50  return $this->raiseError(
51  'No valid role id given. Please choose an existing id of an ILIAS role',
52  'Client'
53  );
54  }
55 
56  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
57  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
58  return $this->raiseError('Check access failed. No permission to delete role', 'Server');
59  }
60 
61  // if it's last role of an user
62  foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
63  if (count($rbacreview->assignedRoles($user_id)) === 1) {
64  return $this->raiseError(
65  'Cannot deassign last role of users',
66  'Client'
67  );
68  }
69  }
70 
71  // set parent id (role folder id) of role
72  $rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, true);
73  $rolf_id = end($rolf_ids);
74  $tmp_role->setParent((int) $rolf_id);
75  $tmp_role->delete();
76  return true;
77  }
78 
82  public function addUserRoleEntry(string $sid, int $user_id, int $role_id)
83  {
84  $this->initAuth($sid);
85  $this->initIlias();
86 
87  if (!$this->checkSession($sid)) {
88  return $this->raiseError($this->getMessage(), $this->getMessageCode());
89  }
90 
91  global $DIC;
92 
93  $rbacadmin = $DIC['rbacadmin'];
94  $rbacreview = $DIC['rbacreview'];
95  $ilAccess = $DIC['ilAccess'];
96 
97  $tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false);
98  if (!$tmp_user instanceof ilObjUser) {
99  return $this->raiseError(
100  'No valid user id given. Please choose an existing id of an ILIAS user',
101  'Client'
102  );
103  }
104  $tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false);
105  if (!$tmp_role instanceof ilObjRole) {
106  return $this->raiseError(
107  'No valid role id given. Please choose an existing id of an ILIAS role',
108  'Client'
109  );
110  }
111 
112  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
113  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
114  return $this->raiseError('Check access failed. No permission to assign users', 'Server');
115  }
116 
117  $rbacadmin->assignUser($role_id, $user_id);
118  return true;
119  }
120 
124  public function deleteUserRoleEntry(string $sid, int $user_id, int $role_id)
125  {
126  $this->initAuth($sid);
127  $this->initIlias();
128 
129  if (!$this->checkSession($sid)) {
130  return $this->raiseError($this->getMessage(), $this->getMessageCode());
131  }
132 
133  global $DIC;
134 
135  $rbacadmin = $DIC['rbacadmin'];
136  $ilAccess = $DIC['ilAccess'];
137  $rbacreview = $DIC['rbacreview'];
138 
139  if ($tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false) and $tmp_user->getType() !== 'usr') {
140  return $this->raiseError(
141  'No valid user id given. Please choose an existing id of an ILIAS user',
142  'Client'
143  );
144  }
145  if ($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() !== 'role') {
146  return $this->raiseError(
147  'No valid role id given. Please choose an existing id of an ILIAS role',
148  'Client'
149  );
150  }
151 
152  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
153  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
154  return $this->raiseError('Check access failed. No permission to deassign users', 'Server');
155  }
156 
157  $rbacadmin->deassignUser($role_id, $user_id);
158  return true;
159  }
160 
164  public function getOperations(string $sid)
165  {
166  $this->initAuth($sid);
167  $this->initIlias();
168 
169  if (!$this->checkSession($sid)) {
170  return $this->raiseError($this->getMessage(), $this->getMessageCode());
171  }
172 
173  global $DIC;
174 
175  $rbacreview = $DIC['rbacreview'];
176 
177  if (is_array($ops = $rbacreview->getOperations())) {
178  return $ops;
179  }
180 
181  return $this->raiseError('Unknown error', 'Server');
182  }
183 
187  public function revokePermissions(string $sid, int $ref_id, int $role_id)
188  {
189  $this->initAuth($sid);
190  $this->initIlias();
191 
192  if (!$this->checkSession($sid)) {
193  return $this->raiseError($this->getMessage(), $this->getMessageCode());
194  }
195 
196  global $DIC;
197 
198  $rbacadmin = $DIC['rbacadmin'];
199  $ilAccess = $DIC['ilAccess'];
200 
201  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
202  return $this->raiseError(
203  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
204  'Client'
205  );
206  }
207  if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
208  return $this->raiseError(
209  'No valid role id given. Please choose an existing id of an ILIAS role',
210  'Client'
211  );
212  }
213  if ($role_id === SYSTEM_ROLE_ID) {
214  return $this->raiseError(
215  'Cannot revoke permissions of system role',
216  'Client'
217  );
218  }
219 
220  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
221  return $this->raiseError('Check access failed. No permission to revoke permissions', 'Server');
222  }
223  $rbacadmin->revokePermission($ref_id, $role_id);
224  return true;
225  }
226 
230  public function grantPermissions(string $sid, int $ref_id, int $role_id, array $permissions)
231  {
232  $this->initAuth($sid);
233  $this->initIlias();
234 
235  if (!$this->checkSession($sid)) {
236  return $this->raiseError($this->getMessage(), $this->getMessageCode());
237  }
238 
239  global $DIC;
240 
241  $rbacadmin = $DIC['rbacadmin'];
242  $ilAccess = $DIC['ilAccess'];
243 
244  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
245  return $this->raiseError(
246  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
247  'Client'
248  );
249  }
250  if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
251  return $this->raiseError(
252  'No valid role id given. Please choose an existing id of an ILIAS role',
253  'Client'
254  );
255  }
256 
257  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
258  return $this->raiseError('Check access failed. No permission to grant permissions', 'Server');
259  }
260 
261  // mjansen@databay.de: dirty fix
262  if (isset($permissions['item'])) {
263  $permissions = $permissions['item'];
264  }
265 
266  if (!is_array($permissions)) {
267  return $this->raiseError(
268  'No valid permissions given.' . print_r($permissions),
269  'Client'
270  );
271  }
272 
273  $rbacadmin->revokePermission($ref_id, $role_id);
274  $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
275  return true;
276  }
277 
281  public function getLocalRoles(string $sid, int $ref_id)
282  {
283  $this->initAuth($sid);
284  $this->initIlias();
285 
286  if (!$this->checkSession($sid)) {
287  return $this->raiseError($this->getMessage(), $this->getMessageCode());
288  }
289 
290  global $DIC;
291 
292  $rbacreview = $DIC['rbacreview'];
293  $ilAccess = $DIC['ilAccess'];
294 
295  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
296  return $this->raiseError(
297  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
298  'Client'
299  );
300  }
301 
302  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
303  return $this->raiseError('Check access failed. No permission to access role information', 'Server');
304  }
305 
306  $objs = [];
307  foreach ($rbacreview->getRolesOfRoleFolder($ref_id, false) as $role_id) {
308  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
309  $objs[] = $tmp_obj;
310  }
311  }
312  if (count($objs)) {
313 
314  $xml_writer = new ilObjectXMLWriter();
315  $xml_writer->setObjects($objs);
316  if ($xml_writer->start()) {
317  return $xml_writer->getXML();
318  }
319  }
320  return '';
321  }
322 
326  public function getUserRoles(string $sid, int $user_id)
327  {
328  $this->initAuth($sid);
329  $this->initIlias();
330 
331  if (!$this->checkSession($sid)) {
332  return $this->raiseError($this->getMessage(), $this->getMessageCode());
333  }
334 
335  global $DIC;
336 
337  $rbacreview = $DIC['rbacreview'];
338 
339  if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
340  return $this->raiseError(
341  'No valid user id given. Please choose an existing id of an ILIAS user',
342  'Client'
343  );
344  }
345 
346  $objs = [];
347  foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
348  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
349  $objs[] = $tmp_obj;
350  }
351  }
352  if (count($objs)) {
353 
354  $xml_writer = new ilObjectXMLWriter();
355  $xml_writer->setObjects($objs);
356  if ($xml_writer->start()) {
357  return $xml_writer->getXML();
358  }
359  }
360  return '';
361  }
362 
366  public function addRole(string $sid, int $target_id, string $role_xml)
367  {
368  $this->initAuth($sid);
369  $this->initIlias();
370 
371  if (!$this->checkSession($sid)) {
372  return $this->raiseError($this->getMessage(), $this->getMessageCode());
373  }
374 
375  global $DIC;
376 
377  $rbacreview = $DIC['rbacreview'];
378  $objDefinition = $DIC['objDefinition'];
379  $rbacsystem = $DIC['rbacsystem'];
380  $ilAccess = $DIC['ilAccess'];
381 
382  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
383  return $this->raiseError(
384  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
385  'Client'
386  );
387  }
388 
389  if (ilObject::_isInTrash($target_id)) {
390  return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
391  }
392 
393  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
394  return $this->raiseError('Check access failed. No permission to create roles', 'Server');
395  }
396 
397  $xml_parser = new ilObjectXMLParser($role_xml);
398  $xml_parser->startParsing();
399 
400  $new_roles = [];
401  foreach ($xml_parser->getObjectData() as $object_data) {
402  // check if role title has il_ prefix
403  if (strpos($object_data['title'], "il_") === 0) {
404  return $this->raiseError(
405  'Rolenames are not allowed to start with "il_" ',
406  'Client'
407  );
408  }
409 
410  $role = new ilObjRole();
411  $role->setTitle($object_data['title']);
412  $role->setDescription($object_data['description']);
413  $role->setImportId($object_data['import_id']);
414  $role->create();
415 
416  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
417  $new_roles[] = $role->getId();
418  }
419  return $new_roles;
420  }
421 
425  public function addRoleFromTemplate(string $sid, int $target_id, string $role_xml, int $template_id)
426  {
427  $this->initAuth($sid);
428  $this->initIlias();
429 
430  if (!$this->checkSession($sid)) {
431  return $this->raiseError($this->getMessage(), $this->getMessageCode());
432  }
433 
434  global $DIC;
435 
436  $rbacreview = $DIC['rbacreview'];
437  $objDefinition = $DIC['objDefinition'];
438  $rbacsystem = $DIC['rbacsystem'];
439  $rbacadmin = $DIC['rbacadmin'];
440  $ilAccess = $DIC['ilAccess'];
441 
442  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
443  return $this->raiseError(
444  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
445  'Client'
446  );
447  }
448  if (ilObject::_lookupType($template_id) !== 'rolt') {
449  return $this->raiseError(
450  'No valid template id given. Please choose an existing object id of an ILIAS role template',
451  'Client'
452  );
453  }
454 
455  if (ilObject::_isInTrash($target_id)) {
456  return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
457  }
458 
459  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
460  return $this->raiseError('Check access failed. No permission to create roles', 'Server');
461  }
462 
463  $xml_parser = new ilObjectXMLParser($role_xml);
464  $xml_parser->startParsing();
465 
466  $new_roles = [];
467  foreach ($xml_parser->getObjectData() as $object_data) {
468  // check if role title has il_ prefix
469  if (strpos($object_data['title'], "il_") === 0) {
470  return $this->raiseError(
471  'Rolenames are not allowed to start with "il_" ',
472  'Client'
473  );
474  }
475 
476  $role = new ilObjRole();
477  $role->setTitle($object_data['title']);
478  $role->setDescription($object_data['description']);
479  $role->setImportId($object_data['import_id']);
480  $role->create();
481 
482  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
483 
484  // Copy permssions
485  $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
486 
487  // Set object permissions according to role template
488  $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
489  $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
490  $new_roles[] = $role->getId();
491  }
492  return $new_roles;
493  }
494 
498  public function getObjectTreeOperations(string $sid, int $ref_id, int $user_id)
499  {
500  $this->initAuth($sid);
501  $this->initIlias();
502 
503  if (!$this->checkSession($sid)) {
504  return $this->raiseError($this->getMessage(), $this->getMessageCode());
505  }
506 
507  global $DIC;
508 
509  $rbacsystem = $DIC['rbacsystem'];
510  $rbacreview = $DIC['rbacreview'];
511  $ilAccess = $DIC['ilAccess'];
512 
513  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
514  return $this->raiseError(
515  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
516  'Client'
517  );
518  }
519 
520  if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
521  return $this->raiseError(
522  'No valid user id given.',
523  'Client'
524  );
525  }
526 
527  if (ilObject::_isInTrash($ref_id)) {
528  return $this->raiseError("Parent with ID " . $ref_id . "has been deleted.", 'CLIENT_TARGET_DELETED');
529  }
530 
531  // check visible for all upper tree entries
532  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'visible', '', $tmp_obj->getRefId())) {
533  return array();
534  }
535  $op_data = $rbacreview->getOperation(2);
536  $ops_data[] = $op_data;
537 
538  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'read', '', $tmp_obj->getRefId())) {
539  return $ops_data;
540  }
541 
542  $ops_data = array();
543  $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
544  foreach ($ops as $ops_id) {
545  $op_data = $rbacreview->getOperation($ops_id);
546 
547  if ($rbacsystem->checkAccessOfUser($user_id, $op_data['operation'], $tmp_obj->getRefId())) {
548  $ops_data[$ops_id] = $op_data;
549  }
550  }
551 
552  $ret_data = [];
553  foreach ($ops_data as $data) {
554  $ret_data[] = $data;
555  }
556  return $ret_data;
557  }
558 
562  public function getRoles(string $sid, string $role_type, int $id)
563  {
564  $this->initAuth($sid);
565  $this->initIlias();
566 
567  if (!$this->checkSession($sid)) {
568  return $this->raiseError($this->getMessage(), $this->getMessageCode());
569  }
570 
571  global $DIC;
572 
573  $rbacsystem = $DIC['rbacsystem'];
574  $rbacreview = $DIC['rbacreview'];
575  $ilUser = $DIC['ilUser'];
576  $ilDB = $DIC['ilDB'];
577 
578  if (strcasecmp($role_type, "") !== 0 &&
579  strcasecmp($role_type, "local") !== 0 &&
580  strcasecmp($role_type, "global") !== 0 &&
581  strcasecmp($role_type, "user") !== 0 &&
582  strcasecmp($role_type, "user_login") !== 0 &&
583  strcasecmp($role_type, "template") !== 0) {
584  return $this->raiseError(
585  'Called service with wrong role_type parameter \'' . $role_type . '\'',
586  'Client'
587  );
588  }
589 
590  $roles = array();
591 
592  if (strcasecmp($role_type, "template") === 0) {
593  // get templates
594  $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
595  } elseif (strcasecmp($role_type, "user") === 0 || strcasecmp($role_type, "user_login") === 0) {
596  // handle user roles
597  $user_id = $this->parseUserID($id, $role_type);
598  if ((int) $user_id !== $ilUser->getId()) {
599  // check access for user folder
600  $tmpUser = new ilObjUser($user_id);
601  $timelimitOwner = $tmpUser->getTimeLimitOwner();
602  if (!$rbacsystem->checkAccess('read', $timelimitOwner)) {
603  return $this->raiseError('Check access for time limit owner failed.', 'Server');
604  }
605  }
606  $role_type = ""; // local and global roles for user
607 
608  $query = sprintf(
609  "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
610  implode("','", $rbacreview->assignedRoles($user_id))
611  );
612 
613  $rbacresult = $ilDB->query($query);
614  while ($rbacrow = $rbacresult->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
615  if ($rbacrow["assign"] !== "y") {
616  continue;
617  }
618 
619  $type = "";
620 
621  if ((int) $rbacrow["parent"] === ROLE_FOLDER_ID) {
622  $type = "Global";
623  } else {
624  $type = "Local";
625  }
626  if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"], false)) {
627  /* @var $tmp_obj IlObjRole */
628  $roles[] = array(
629  "obj_id" => $rbacrow["rol_id"],
630  "title" => $tmp_obj->getTitle(),
631  "description" => $tmp_obj->getDescription(),
632  "role_type" => $type
633  );
634  }
635  }
636  } elseif ($id === -1) {
637  // get all roles of system role folder
638  if (!$rbacsystem->checkAccess('read', ROLE_FOLDER_ID)) {
639  return $this->raiseError('Check access failed.', 'Server');
640  }
641 
642  $roles = $rbacreview->getAssignableRoles(false, true);
643  } else {
644  // get local roles for a specific repository object
645  // needs permission to read permissions of this object
646  if (!$rbacsystem->checkAccess('edit_permission', $id)) {
647  return $this->raiseError('Check access for local roles failed.', 'Server');
648  }
649 
650  $role_type = "local";
651 
652  foreach ($rbacreview->getRolesOfRoleFolder($id, false) as $role_id) {
653  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
654  $roles[] = [
655  "obj_id" => $role_id,
656  "title" => $tmp_obj->getTitle(),
657  "description" => $tmp_obj->getDescription(),
658  "role_type" => $role_type
659  ];
660  }
661  }
662  }
663 
664  $xml_writer = new ilSoapRoleObjectXMLWriter();
665  $xml_writer->setObjects($roles);
666  $xml_writer->setType($role_type);
667  if ($xml_writer->start()) {
668  return $xml_writer->getXML();
669  }
670  return '';
671  }
672 
678  public function searchRoles(string $sid, string $key, string $combination, string $role_type)
679  {
680  $this->initAuth($sid);
681  $this->initIlias();
682 
683  if (!$this->checkSession($sid)) {
684  return $this->raiseError($this->getMessage(), $this->getMessageCode());
685  }
686 
687  global $DIC;
688 
689  $rbacsystem = $DIC['rbacsystem'];
690  $rbacreview = $DIC['rbacreview'];
691  $ilUser = $DIC['ilUser'];
692  $ilDB = $DIC['ilDB'];
693 
694  if (strcasecmp($role_type, "") !== 0 &&
695  strcasecmp($role_type, "local") !== 0 &&
696  strcasecmp($role_type, "global") !== 0 &&
697  strcasecmp($role_type, "template") !== 0) {
698  return $this->raiseError(
699  'Called service with wrong role_type parameter \'' . $role_type . '\'',
700  'Client'
701  );
702  }
703 
704  if ($combination !== 'and' && $combination !== 'or') {
705  return $this->raiseError(
706  'No valid combination given. Must be "and" or "or".',
707  'Client'
708  );
709  }
710 
711  $query_parser = new ilQueryParser($key);
712  $query_parser->setMinWordLength(3);
713  $query_parser->setCombination($combination === 'and' ? ilQueryParser::QP_COMBINATION_AND : ilQueryParser::QP_COMBINATION_OR);
714  $query_parser->parse();
715  if (!$query_parser->validate()) {
716  return $this->raiseError($query_parser->getMessage(), 'Client');
717  }
718 
719 
720  $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
721  $object_search->setFilter(array("role", "rolt"));
722 
723  $res = $object_search->performSearch();
724  $res->filter(ROOT_FOLDER_ID, $combination === 'and');
725 
726  $obj_ids = array();
727  foreach ($res->getUniqueResults() as $entry) {
728  $obj_ids [] = $entry['obj_id'];
729  }
730 
731  $roles = array();
732  if (count($obj_ids) > 0) {
733  $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type === "template");
734  }
735 
736  $xml_writer = new ilSoapRoleObjectXMLWriter();
737  $xml_writer->setObjects($roles);
738  $xml_writer->setType($role_type);
739  if ($xml_writer->start()) {
740  return $xml_writer->getXML();
741  }
742  return '';
743  }
744 
745  private function parseUserID(int $id, string $role_type)
746  {
747  $user_id = 0;
748  if (strcasecmp($role_type, "user") === 0) {
749  // get user roles for user id, which can be numeric or ilias id
750  $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
751  if (!is_numeric($user_id)) {
752  return $this->raiseError('ID must be either numeric or ILIAS conform id for type \'user\'', 'Client');
753  }
754  } elseif (strcasecmp($role_type, "user_login") === 0) {
755  // check for login
756  $user_id = ilObjUser::_lookupId($id);
757  if (!$user_id) {
758  // could not find a valid user
759  return $this->raiseError('User with login \'' . $id . '\' does not exist!', 'Client');
760  }
761  }
762  return $user_id;
763  }
764 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
$res
$res
Definition: ltiservices.php:69
ilSoapRBACAdministration\addRole
addRole(string $sid, int $target_id, string $role_xml)
Definition: class.ilSoapRBACAdministration.php:366
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ilSoapRBACAdministration\revokePermissions
revokePermissions(string $sid, int $ref_id, int $role_id)
Definition: class.ilSoapRBACAdministration.php:187
ilSoapRBACAdministration\searchRoles
searchRoles(string $sid, string $key, string $combination, string $role_type)
search for roles.
Definition: class.ilSoapRBACAdministration.php:678
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilSoapRBACAdministration\grantPermissions
grantPermissions(string $sid, int $ref_id, int $role_id, array $permissions)
Definition: class.ilSoapRBACAdministration.php:230
ilSoapRBACAdministration\addUserRoleEntry
addUserRoleEntry(string $sid, int $user_id, int $role_id)
Definition: class.ilSoapRBACAdministration.php:82
ilSoapRBACAdministration\deleteRole
deleteRole(string $sid, int $role_id)
Definition: class.ilSoapRBACAdministration.php:34
$ref_id
$ref_id
Definition: ltiauth.php:66
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:30
ilSoapRBACAdministration\getUserRoles
getUserRoles(string $sid, int $user_id)
Definition: class.ilSoapRBACAdministration.php:326
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1096
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
ilObjectSearchFactory\_getObjectSearchInstance
static _getObjectSearchInstance(ilQueryParser $query_parser)
Definition: class.ilObjectSearchFactory.php:38
$DIC
global $DIC
Definition: shib_login.php:25
ilSoapRBACAdministration\getObjectTreeOperations
getObjectTreeOperations(string $sid, int $ref_id, int $user_id)
Definition: class.ilSoapRBACAdministration.php:498
ilSoapRBACAdministration\getRoles
getRoles(string $sid, string $role_type, int $id)
Definition: class.ilSoapRBACAdministration.php:562
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilSoapRBACAdministration\parseUserID
parseUserID(int $id, string $role_type)
Definition: class.ilSoapRBACAdministration.php:745
ilSoapRBACAdministration
Soap rbac administration methods.
Definition: class.ilSoapRBACAdministration.php:29
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1194
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:24
ilObjectXMLParser
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLParser.php:20
ilSoapRBACAdministration\getLocalRoles
getLocalRoles(string $sid, int $ref_id)
Definition: class.ilSoapRBACAdministration.php:281
ilSoapRoleObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilSoapRoleObjectXMLWriter.php:15
ilSoapRBACAdministration\addRoleFromTemplate
addRoleFromTemplate(string $sid, int $target_id, string $role_xml, int $template_id)
Definition: class.ilSoapRBACAdministration.php:425
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1085
ilObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilObjectXMLWriter.php:14
ilSoapRBACAdministration\deleteUserRoleEntry
deleteUserRoleEntry(string $sid, int $user_id, int $role_id)
Definition: class.ilSoapRBACAdministration.php:124