ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilSoapRBACAdministration.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapRBACAdministration extends ilSoapAdministration
36 {
37  public function deleteRole($sid, $role_id)
38  {
39  $this->initAuth($sid);
40  $this->initIlias();
41 
42  if (!$this->__checkSession($sid)) {
43  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
44  }
45 
46  global $DIC;
47 
48  $rbacreview = $DIC['rbacreview'];
49  $rbacsystem = $DIC['rbacsystem'];
50  $ilAccess = $DIC['ilAccess'];
51 
52  if (!$tmp_role =&ilObjectFactory::getInstanceByObjId($role_id, false) or $tmp_role->getType() != 'role') {
53  return $this->__raiseError(
54  'No valid role id given. Please choose an existing id of an ILIAS role',
55  'Client'
56  );
57  }
58 
59 
60  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
61  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
62  return $this->__raiseError('Check access failed. No permission to delete role', 'Server');
63  }
64 
65  // if it's last role of an user
66  foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
67  if (count($rbacreview->assignedRoles($user_id)) == 1) {
68  return $this->__raiseError(
69  'Cannot deassign last role of users',
70  'Client'
71  );
72  }
73  }
74 
75  // set parent id (role folder id) of role
76  $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, true));
77  $tmp_role->setParent($rolf_id);
78  $tmp_role->delete();
79 
80  return true;
81  }
82 
83  public function addUserRoleEntry($sid, $user_id, $role_id)
84  {
85  $this->initAuth($sid);
86  $this->initIlias();
87 
88  if (!$this->__checkSession($sid)) {
89  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
90  }
91 
92  global $DIC;
93 
94  $rbacadmin = $DIC['rbacadmin'];
95  $rbacreview = $DIC['rbacreview'];
96  $ilAccess = $DIC['ilAccess'];
97 
98  if ($tmp_user =&ilObjectFactory::getInstanceByObjId($user_id) and $tmp_user->getType() != 'usr') {
99  return $this->__raiseError(
100  'No valid user id given. Please choose an existing id of an ILIAS user',
101  'Client'
102  );
103  }
104  if ($tmp_role =&ilObjectFactory::getInstanceByObjId($role_id) and $tmp_role->getType() != 'role') {
105  return $this->__raiseError(
106  'No valid role id given. Please choose an existing id of an ILIAS role',
107  'Client'
108  );
109  }
110 
111  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
112  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
113  return $this->__raiseError('Check access failed. No permission to assign users', 'Server');
114  }
115 
116  if (!$rbacadmin->assignUser($role_id, $user_id)) {
117  return $this->__raiseError(
118  'Error rbacadmin->assignUser()',
119  'Server'
120  );
121  }
122  return true;
123  }
124  public function deleteUserRoleEntry($sid, $user_id, $role_id)
125  {
126  $this->initAuth($sid);
127  $this->initIlias();
128 
129  if (!$this->__checkSession($sid)) {
130  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
131  }
132 
133  global $DIC;
134 
135  $rbacadmin = $DIC['rbacadmin'];
136  $ilAccess = $DIC['ilAccess'];
137  $rbacreview = $DIC['rbacreview'];
138 
139  if ($tmp_user =&ilObjectFactory::getInstanceByObjId($user_id, false) and $tmp_user->getType() != 'usr') {
140  return $this->__raiseError(
141  'No valid user id given. Please choose an existing id of an ILIAS user',
142  'Client'
143  );
144  }
145  if ($tmp_role =&ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() != 'role') {
146  return $this->__raiseError(
147  'No valid role id given. Please choose an existing id of an ILIAS role',
148  'Client'
149  );
150  }
151 
152  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
153  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
154  return $this->__raiseError('Check access failed. No permission to deassign users', 'Server');
155  }
156 
157  if (!$rbacadmin->deassignUser($role_id, $user_id)) {
158  return $this->__raiseError(
159  'Error rbacadmin->deassignUser()',
160  'Server'
161  );
162  }
163  return true;
164  }
165 
166  public function getOperations($sid)
167  {
168  $this->initAuth($sid);
169  $this->initIlias();
170 
171  if (!$this->__checkSession($sid)) {
172  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
173  }
174 
175  global $DIC;
176 
177  $rbacreview = $DIC['rbacreview'];
178 
179  if (is_array($ops = $rbacreview->getOperations())) {
180  return $ops;
181  } else {
182  return $this->__raiseError('Unknown error', 'Server');
183  }
184  }
185 
186  public function revokePermissions($sid, $ref_id, $role_id)
187  {
188  $this->initAuth($sid);
189  $this->initIlias();
190 
191  if (!$this->__checkSession($sid)) {
192  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
193  }
194 
195  global $DIC;
196 
197  $rbacadmin = $DIC['rbacadmin'];
198  $ilAccess = $DIC['ilAccess'];
199 
200  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($ref_id, false)) {
201  return $this->__raiseError(
202  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
203  'Client'
204  );
205  }
206  if ($tmp_role =&ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() != 'role') {
207  return $this->__raiseError(
208  'No valid role id given. Please choose an existing id of an ILIAS role',
209  'Client'
210  );
211  }
212  if ($role_id == SYSTEM_ROLE_ID) {
213  return $this->__raiseError(
214  'Cannot revoke permissions of system role',
215  'Client'
216  );
217  }
218 
219  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
220  return $this->__raiseError('Check access failed. No permission to revoke permissions', 'Server');
221  }
222 
223  $rbacadmin->revokePermission($ref_id, $role_id);
224 
225  return true;
226  }
227  public function grantPermissions($sid, $ref_id, $role_id, $permissions)
228  {
229  $this->initAuth($sid);
230  $this->initIlias();
231 
232  if (!$this->__checkSession($sid)) {
233  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
234  }
235 
236  global $DIC;
237 
238  $rbacadmin = $DIC['rbacadmin'];
239  $ilAccess = $DIC['ilAccess'];
240 
241  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($ref_id, false)) {
242  return $this->__raiseError(
243  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
244  'Client'
245  );
246  }
247  if ($tmp_role =&ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() != 'role') {
248  return $this->__raiseError(
249  'No valid role id given. Please choose an existing id of an ILIAS role',
250  'Client'
251  );
252  }
253 
254  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
255  return $this->__raiseError('Check access failed. No permission to grant permissions', 'Server');
256  }
257 
258 
259  // mjansen@databay.de: dirty fix
260  if (isset($permissions['item'])) {
261  $permissions = $permissions['item'];
262  }
263 
264  if (!is_array($permissions)) {
265  return $this->__raiseError(
266  'No valid permissions given.' . print_r($permissions),
267  'Client'
268  );
269  }
270 
271  $rbacadmin->revokePermission($ref_id, $role_id);
272  $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
273 
274  return true;
275  }
276 
277  public function getLocalRoles($sid, $ref_id)
278  {
279  $this->initAuth($sid);
280  $this->initIlias();
281 
282  if (!$this->__checkSession($sid)) {
283  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
284  }
285 
286  global $DIC;
287 
288  $rbacreview = $DIC['rbacreview'];
289  $ilAccess = $DIC['ilAccess'];
290 
291  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($ref_id, false)) {
292  return $this->__raiseError(
293  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
294  'Client'
295  );
296  }
297 
298  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
299  return $this->__raiseError('Check access failed. No permission to access role information', 'Server');
300  }
301 
302 
303  foreach ($rbacreview->getRolesOfRoleFolder($ref_id, false) as $role_id) {
304  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
305  $objs[] = $tmp_obj;
306  }
307  }
308  if (count($objs)) {
309  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
310 
311  $xml_writer = new ilObjectXMLWriter();
312  $xml_writer->setObjects($objs);
313  if ($xml_writer->start()) {
314  return $xml_writer->getXML();
315  }
316  }
317  return '';
318  }
319 
320  public function getUserRoles($sid, $user_id)
321  {
322  $this->initAuth($sid);
323  $this->initIlias();
324 
325  if (!$this->__checkSession($sid)) {
326  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
327  }
328 
329  global $DIC;
330 
331  $rbacreview = $DIC['rbacreview'];
332 
333  if (!$tmp_user =&ilObjectFactory::getInstanceByObjId($user_id, false)) {
334  return $this->__raiseError(
335  'No valid user id given. Please choose an existing id of an ILIAS user',
336  'Client'
337  );
338  }
339 
340  foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
341  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
342  $objs[] = $tmp_obj;
343  }
344  }
345  if (count($objs)) {
346  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
347 
348  $xml_writer = new ilObjectXMLWriter();
349  $xml_writer->setObjects($objs);
350  if ($xml_writer->start()) {
351  return $xml_writer->getXML();
352  }
353  }
354  return '';
355  }
356 
357  public function addRole($sid, $target_id, $role_xml)
358  {
359  $this->initAuth($sid);
360  $this->initIlias();
361 
362  if (!$this->__checkSession($sid)) {
363  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
364  }
365 
366  global $DIC;
367 
368  $rbacreview = $DIC['rbacreview'];
369  $objDefinition = $DIC['objDefinition'];
370  $rbacsystem = $DIC['rbacsystem'];
371  $ilAccess = $DIC['ilAccess'];
372 
373  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($target_id, false)) {
374  return $this->__raiseError(
375  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
376  'Client'
377  );
378  }
379 
380  if (ilObject::_isInTrash($target_id)) {
381  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
382  }
383 
384  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
385  return $this->__raiseError('Check access failed. No permission to create roles', 'Server');
386  }
387 
388  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
389 
390  $xml_parser = new ilObjectXMLParser($role_xml);
391  $xml_parser->startParsing();
392 
393  foreach ($xml_parser->getObjectData() as $object_data) {
394 
395  // check if role title has il_ prefix
396  if (substr($object_data['title'], 0, 3) == "il_") {
397  return $this->__raiseError(
398  'Rolenames are not allowed to start with "il_" ',
399  'Client'
400  );
401  }
402 
403  include_once './Services/AccessControl/classes/class.ilObjRole.php';
404  $role = new ilObjRole();
405  $role->setTitle($object_data['title']);
406  $role->setDescription($object_data['description']);
407  $role->setImportId($object_data['import_id']);
408  $role->create();
409 
410  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
411  $new_roles[] = $role->getId();
412  }
413 
414  return $new_roles ? $new_roles : array();
415  }
416 
417  public function addRoleFromTemplate($sid, $target_id, $role_xml, $template_id)
418  {
419  $this->initAuth($sid);
420  $this->initIlias();
421 
422  if (!$this->__checkSession($sid)) {
423  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
424  }
425 
426  global $DIC;
427 
428  $rbacreview = $DIC['rbacreview'];
429  $objDefinition = $DIC['objDefinition'];
430  $rbacsystem = $DIC['rbacsystem'];
431  $rbacadmin = $DIC['rbacadmin'];
432  $ilAccess = $DIC['ilAccess'];
433 
434  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($target_id, false)) {
435  return $this->__raiseError(
436  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
437  'Client'
438  );
439  }
440  if (ilObject::_lookupType($template_id) != 'rolt') {
441  return $this->__raiseError(
442  'No valid template id given. Please choose an existing object id of an ILIAS role template',
443  'Client'
444  );
445  }
446 
447 
448  if (ilObject::_isInTrash($target_id)) {
449  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
450  }
451 
452  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
453  return $this->__raiseError('Check access failed. No permission to create roles', 'Server');
454  }
455 
456 
457  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
458 
459  $xml_parser = new ilObjectXMLParser($role_xml);
460  $xml_parser->startParsing();
461 
462  foreach ($xml_parser->getObjectData() as $object_data) {
463 
464  // check if role title has il_ prefix
465  if (substr($object_data['title'], 0, 3) == "il_") {
466  return $this->__raiseError(
467  'Rolenames are not allowed to start with "il_" ',
468  'Client'
469  );
470  }
471 
472  include_once './Services/AccessControl/classes/class.ilObjRole.php';
473  $role = new ilObjRole();
474  $role->setTitle($object_data['title']);
475  $role->setDescription($object_data['description']);
476  $role->setImportId($object_data['import_id']);
477  $role->create();
478 
479  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
480 
481  // Copy permssions
482  $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
483 
484  // Set object permissions according to role template
485  $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
486  $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
487  $new_roles[] = $role->getId();
488  }
489 
490 
491  // CREATE ADMIN ROLE
492 
493 
494 
495 
496 
497  return $new_roles ? $new_roles : array();
498  }
499 
500  public function getObjectTreeOperations($sid, $ref_id, $user_id)
501  {
502  $this->initAuth($sid);
503  $this->initIlias();
504 
505  if (!$this->__checkSession($sid)) {
506  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
507  }
508 
509  global $DIC;
510 
511  $rbacsystem = $DIC['rbacsystem'];
512  $rbacreview = $DIC['rbacreview'];
513  $ilAccess = $DIC['ilAccess'];
514 
515 
516  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($ref_id, false)) {
517  return $this->__raiseError(
518  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
519  'Client'
520  );
521  }
522 
523  if (!$tmp_user =&ilObjectFactory::getInstanceByObjId($user_id, false)) {
524  return $this->__raiseError(
525  'No valid user id given.',
526  'Client'
527  );
528  }
529 
530  if (ilObject::_isInTrash($ref_id)) {
531  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
532  }
533 
534 
535 
536  // check visible for all upper tree entries
537  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'visible', '', $tmp_obj->getRefId())) {
538  return array();
539  }
540  $op_data = $rbacreview->getOperation(2);
541  $ops_data[] = $op_data;
542 
543  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'read', '', $tmp_obj->getRefId())) {
544  return $ops_data;
545  }
546 
547 
548  $ops_data = array();
549  $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
550  foreach ($ops as $ops_id) {
551  $op_data = $rbacreview->getOperation($ops_id);
552 
553  if ($rbacsystem->checkAccessOfUser($user_id, $op_data['operation'], $tmp_obj->getRefId())) {
554  $ops_data[$ops_id] = $op_data;
555  }
556  }
557 
558  foreach ($ops_data as $data) {
559  $ret_data[] = $data;
560  }
561  return $ret_data ? $ret_data : array();
562  }
563 
572  public function getRoles($sid, $role_type, $id)
573  {
574  $this->initAuth($sid);
575  $this->initIlias();
576 
577  if (!$this->__checkSession($sid)) {
578  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
579  }
580 
581  global $DIC;
582 
583  $rbacsystem = $DIC['rbacsystem'];
584  $rbacreview = $DIC['rbacreview'];
585  $ilUser = $DIC['ilUser'];
586  $ilDB = $DIC['ilDB'];
587 
588  if (strcasecmp($role_type, "") != 0 &&
589  strcasecmp($role_type, "local") != 0 &&
590  strcasecmp($role_type, "global") != 0 &&
591  strcasecmp($role_type, "user") != 0 &&
592  strcasecmp($role_type, "user_login") != 0 &&
593  strcasecmp($role_type, "template") != 0) {
594  return $this->__raiseError('Called service with wrong role_type parameter \'' . $role_type . '\'', 'Client');
595  }
596 
597  $roles = array();
598 
599 
600  if (strcasecmp($role_type, "template") == 0) {
601  // get templates
602  $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
603  } elseif (strcasecmp($role_type, "user")==0 || strcasecmp($role_type, "user_login")==0) {
604  // handle user roles
605  $user_id = $this->parseUserID($id, $role_type);
606  if ($user_id != $ilUser->getId()) {
607  // check access for user folder
608  $tmpUser = new ilObjUser($user_id);
609  $timelimitOwner = $tmpUser->getTimeLimitOwner();
610  if (!$rbacsystem->checkAccess('read', $timelimitOwner)) {
611  return $this->__raiseError('Check access for time limit owner failed.', 'Server');
612  }
613  }
614  $role_type = ""; // local and global roles for user
615 
616  $query = sprintf(
617  "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
618  join("','", $rbacreview->assignedRoles($user_id))
619  );
620 
621  $rbacresult = $ilDB->query($query);
622  while ($rbacrow = $rbacresult->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
623  if ($rbacrow["assign"] != "y") {
624  continue;
625  }
626 
627  $type = "";
628 
629  if ($rbacrow["parent"] == ROLE_FOLDER_ID) {
630  $type = "Global";
631  } else {
632  $type = "Local";
633  }
634  if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"], false)) {
635  /* @var $tmp_obj IlObjRole */
636  $roles[] = array(
637  "obj_id" =>$rbacrow["rol_id"],
638  "title" => $tmp_obj->getTitle(),
639  "description" => $tmp_obj->getDescription(),
640  "role_type" => $type);
641  }
642  }
643  } elseif ($id == "-1") {
644  // get all roles of system role folder
645  if (!$rbacsystem->checkAccess('read', ROLE_FOLDER_ID)) {
646  return $this->__raiseError('Check access failed.', 'Server');
647  }
648 
649  $roles = $rbacreview->getAssignableRoles(false, true);
650  } else {
651  // get local roles for a specific repository object
652  // needs permission to read permissions of this object
653  if (!$rbacsystem->checkAccess('edit_permission', $id)) {
654  return $this->__raiseError('Check access for local roles failed.', 'Server');
655  }
656 
657  if (!is_numeric($id)) {
658  return $this->__raiseError('Id must be numeric to process roles of a repository object.', 'Client');
659  }
660 
661  $role_type = "local";
662 
663  foreach ($rbacreview->getRolesOfRoleFolder($id, false) as $role_id) {
664  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
665  $roles[] = array("obj_id" => $role_id, "title" => $tmp_obj->getTitle(), "description" => $tmp_obj->getDescription(), "role_type" => $role_type);
666  }
667  }
668  }
669 
670 
671  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
672 
673  $xml_writer = new ilSoapRoleObjectXMLWriter();
674  $xml_writer->setObjects($roles);
675  $xml_writer->setType($role_type);
676  if ($xml_writer->start()) {
677  return $xml_writer->getXML();
678  }
679  }
680 
691  public function searchRoles($sid, $key, $combination, $role_type)
692  {
693  $this->initAuth($sid);
694  $this->initIlias();
695 
696  if (!$this->__checkSession($sid)) {
697  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
698  }
699 
700  global $DIC;
701 
702  $rbacsystem = $DIC['rbacsystem'];
703  $rbacreview = $DIC['rbacreview'];
704  $ilUser = $DIC['ilUser'];
705  $ilDB = $DIC['ilDB'];
706 
707 
708  if (strcasecmp($role_type, "") != 0 &&
709  strcasecmp($role_type, "local") != 0 &&
710  strcasecmp($role_type, "global") != 0 &&
711  strcasecmp($role_type, "template") != 0) {
712  return $this->__raiseError('Called service with wrong role_type parameter \'' . $role_type . '\'', 'Client');
713  }
714 
715  if ($combination != 'and' and $combination != 'or') {
716  return $this->__raiseError(
717  'No valid combination given. Must be "and" or "or".',
718  'Client'
719  );
720  }
721 
722  include_once './Services/Search/classes/class.ilQueryParser.php';
723 
724  $query_parser = new ilQueryParser($key);
725  $query_parser->setMinWordLength(3);
726  $query_parser->setCombination($combination == 'and' ? QP_COMBINATION_AND : QP_COMBINATION_OR);
727  $query_parser->parse();
728  if (!$query_parser->validate()) {
729  return $this->__raiseError($query_parser->getMessage(), 'Client');
730  }
731 
732  include_once './Services/Search/classes/class.ilObjectSearchFactory.php';
733 
734  $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
735  $object_search->setFilter(array("role","rolt"));
736 
737  $res = $object_search->performSearch();
738  $res->filter(ROOT_FOLDER_ID, $combination == 'and' ? true : false);
739 
740  $obj_ids = array();
741  foreach ($res->getUniqueResults() as $entry) {
742  $obj_ids [] = $entry['obj_id'];
743  }
744 
745  $roles = array();
746  if (count($obj_ids)> 0) {
747  #print_r($obj_ids);
748  $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type == "template");
749  }
750  #print_r($roles);
751  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
752  $xml_writer = new ilSoapRoleObjectXMLWriter();
753  $xml_writer->setObjects($roles);
754  $xml_writer->setType($role_type);
755  if ($xml_writer->start()) {
756  return $xml_writer->getXML();
757  }
758  }
759 
760 
761  private function parseUserID($id, $role_type)
762  {
763  if (strcasecmp($role_type, "user")==0) {
764  // get user roles for user id, which can be numeric or ilias id
765  $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
766  if (!is_numeric($user_id)) {
767  return $this->__raiseError('ID must be either numeric or ILIAS conform id for type \'user\'', 'Client');
768  }
769  } elseif (strcasecmp($role_type, "user_login") == 0) {
770  // check for login
771  $user_id = ilObjUser::_lookupId($id);
772  if (!$user_id) {
773  // could not find a valid user
774  return $this->__raiseError('User with login \'' . $id . '\' does not exist!', 'Client');
775  }
776  }
777  return $user_id;
778  }
779 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: saml.php:7
ilSoapRBACAdministration\grantPermissions
grantPermissions($sid, $ref_id, $role_id, $permissions)
Definition: class.ilSoapRBACAdministration.php:227
ilSoapRBACAdministration\addUserRoleEntry
addUserRoleEntry($sid, $user_id, $role_id)
Definition: class.ilSoapRBACAdministration.php:83
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
ilObject\_isInTrash
static _isInTrash($a_ref_id)
checks wether object is in trash
Definition: class.ilObject.php:1290
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
$target_id
$target_id
Definition: goto.php:49
ilSoapRBACAdministration\searchRoles
searchRoles($sid, $key, $combination, $role_type)
search for roles.
Definition: class.ilSoapRBACAdministration.php:691
ilSoapRBACAdministration\addRole
addRole($sid, $target_id, $role_xml)
Definition: class.ilSoapRBACAdministration.php:357
ilSoapRBACAdministration\getRoles
getRoles($sid, $role_type, $id)
get roles for a specific type and id
Definition: class.ilSoapRBACAdministration.php:572
QP_COMBINATION_OR
const QP_COMBINATION_OR
Definition: class.ilQueryParser.php:36
ilSoapRBACAdministration\revokePermissions
revokePermissions($sid, $ref_id, $role_id)
Definition: class.ilSoapRBACAdministration.php:186
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilSoapAdministration\__raiseError
__raiseError($a_message, $a_code)
Definition: class.ilSoapAdministration.php:206
$ilUser
$ilUser
Definition: imgupload.php:18
$query
$query
Definition: proxy_ylocal.php:13
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:77
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilSoapRBACAdministration\addRoleFromTemplate
addRoleFromTemplate($sid, $target_id, $role_xml, $template_id)
Definition: class.ilSoapRBACAdministration.php:417
ilObjectSearchFactory\_getObjectSearchInstance
static _getObjectSearchInstance($query_parser)
get reference of ilFulltext/LikeObjectSearch.
Definition: class.ilObjectSearchFactory.php:46
ilSoapAdministration\initAuth
initAuth($sid)
Init authentication.
Definition: class.ilSoapAdministration.php:177
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilSoapRBACAdministration\deleteUserRoleEntry
deleteUserRoleEntry($sid, $user_id, $role_id)
Definition: class.ilSoapRBACAdministration.php:124
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
QP_COMBINATION_AND
const QP_COMBINATION_AND
Definition: class.ilQueryParser.php:35
ilSoapRBACAdministration\getObjectTreeOperations
getObjectTreeOperations($sid, $ref_id, $user_id)
Definition: class.ilSoapRBACAdministration.php:500
ilUtil\__extractId
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:4380
$key
$key
Definition: croninfo.php:18
$template_id
$template_id
Definition: logout-iframe.php:118
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
$data
$data
Definition: bench.php:6