33include_once 
'./webservice/soap/classes/class.ilSoapAdministration.php';
 
   42        if (!$this->__checkSession($sid)) {
 
   48        $rbacreview = 
$DIC[
'rbacreview'];
 
   49        $rbacsystem = 
$DIC[
'rbacsystem'];
 
   50        $ilAccess = 
$DIC[
'ilAccess'];
 
   54                'No valid role id given. Please choose an existing id of an ILIAS role',
 
   60        $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
 
   61        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $obj_ref)) {
 
   62            return $this->
__raiseError(
'Check access failed. No permission to delete role', 
'Server');
 
   66        foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
 
   67            if (count($rbacreview->assignedRoles($user_id)) == 1) {
 
   69                    'Cannot deassign last role of users',
 
   76        $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, 
true));
 
   77        $tmp_role->setParent($rolf_id);
 
   88        if (!$this->__checkSession($sid)) {
 
   94        $rbacadmin = 
$DIC[
'rbacadmin'];
 
   95        $rbacreview = 
$DIC[
'rbacreview'];
 
   96        $ilAccess = 
$DIC[
'ilAccess'];
 
  100                'No valid user id given. Please choose an existing id of an ILIAS user',
 
  106                'No valid role id given. Please choose an existing id of an ILIAS role',
 
  111        $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
 
  112        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $obj_ref)) {
 
  113            return $this->
__raiseError(
'Check access failed. No permission to assign users', 
'Server');
 
  116        if (!$rbacadmin->assignUser($role_id, $user_id)) {
 
  118                'Error rbacadmin->assignUser()',
 
  129        if (!$this->__checkSession($sid)) {
 
  135        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  136        $ilAccess = 
$DIC[
'ilAccess'];
 
  137        $rbacreview = 
$DIC[
'rbacreview'];
 
  141                'No valid user id given. Please choose an existing id of an ILIAS user',
 
  147                'No valid role id given. Please choose an existing id of an ILIAS role',
 
  152        $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
 
  153        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $obj_ref)) {
 
  154            return $this->
__raiseError(
'Check access failed. No permission to deassign users', 
'Server');
 
  157        if (!$rbacadmin->deassignUser($role_id, $user_id)) {
 
  159                'Error rbacadmin->deassignUser()',
 
  171        if (!$this->__checkSession($sid)) {
 
  177        $rbacreview = 
$DIC[
'rbacreview'];
 
  179        if (is_array($ops = $rbacreview->getOperations())) {
 
  191        if (!$this->__checkSession($sid)) {
 
  197        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  198        $ilAccess = 
$DIC[
'ilAccess'];
 
  202                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  208                'No valid role id given. Please choose an existing id of an ILIAS role',
 
  212        if ($role_id == SYSTEM_ROLE_ID) {
 
  214                'Cannot revoke permissions of system role',
 
  219        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $ref_id)) {
 
  220            return $this->
__raiseError(
'Check access failed. No permission to revoke permissions', 
'Server');
 
  223        $rbacadmin->revokePermission($ref_id, $role_id);
 
  232        if (!$this->__checkSession($sid)) {
 
  238        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  239        $ilAccess = 
$DIC[
'ilAccess'];
 
  243                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  249                'No valid role id given. Please choose an existing id of an ILIAS role',
 
  254        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $ref_id)) {
 
  255            return $this->
__raiseError(
'Check access failed. No permission to grant permissions', 
'Server');
 
  260        if (isset($permissions[
'item'])) {
 
  261            $permissions = $permissions[
'item'];
 
  264        if (!is_array($permissions)) {
 
  266                'No valid permissions given.' . print_r($permissions),
 
  271        $rbacadmin->revokePermission($ref_id, $role_id);
 
  272        $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
 
  282        if (!$this->__checkSession($sid)) {
 
  288        $rbacreview = 
$DIC[
'rbacreview'];
 
  289        $ilAccess = 
$DIC[
'ilAccess'];
 
  293                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  298        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $ref_id)) {
 
  299            return $this->
__raiseError(
'Check access failed. No permission to access role information', 
'Server');
 
  303        foreach ($rbacreview->getRolesOfRoleFolder($ref_id, 
false) as $role_id) {
 
  309            include_once 
'./webservice/soap/classes/class.ilObjectXMLWriter.php';
 
  312            $xml_writer->setObjects($objs);
 
  313            if ($xml_writer->start()) {
 
  314                return $xml_writer->getXML();
 
  325        if (!$this->__checkSession($sid)) {
 
  331        $rbacreview = 
$DIC[
'rbacreview'];
 
  335                'No valid user id given. Please choose an existing id of an ILIAS user',
 
  340        foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
 
  346            include_once 
'./webservice/soap/classes/class.ilObjectXMLWriter.php';
 
  349            $xml_writer->setObjects($objs);
 
  350            if ($xml_writer->start()) {
 
  351                return $xml_writer->getXML();
 
  362        if (!$this->__checkSession($sid)) {
 
  368        $rbacreview = 
$DIC[
'rbacreview'];
 
  369        $objDefinition = 
$DIC[
'objDefinition'];
 
  370        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  371        $ilAccess = 
$DIC[
'ilAccess'];
 
  375                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  381            return $this->
__raiseError(
"Parent with ID $target_id has been deleted.", 
'CLIENT_TARGET_DELETED');
 
  384        if (!$ilAccess->checkAccess(
'edit_permission', 
'', 
$target_id)) {
 
  385            return $this->
__raiseError(
'Check access failed. No permission to create roles', 
'Server');
 
  388        include_once 
'webservice/soap/classes/class.ilObjectXMLParser.php';
 
  391        $xml_parser->startParsing();
 
  393        foreach ($xml_parser->getObjectData() as $object_data) {
 
  396            if (substr($object_data[
'title'], 0, 3) == 
"il_") {
 
  398                    'Rolenames are not allowed to start with "il_" ',
 
  403            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  405            $role->setTitle($object_data[
'title']);
 
  406            $role->setDescription($object_data[
'description']);
 
  407            $role->setImportId($object_data[
'import_id']);
 
  411            $new_roles[] = $role->getId();
 
  414        return $new_roles ? $new_roles : array();
 
  422        if (!$this->__checkSession($sid)) {
 
  428        $rbacreview = 
$DIC[
'rbacreview'];
 
  429        $objDefinition = 
$DIC[
'objDefinition'];
 
  430        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  431        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  432        $ilAccess = 
$DIC[
'ilAccess'];
 
  436                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  442                'No valid template id given. Please choose an existing object id of an ILIAS role template',
 
  449            return $this->
__raiseError(
"Parent with ID $target_id has been deleted.", 
'CLIENT_TARGET_DELETED');
 
  452        if (!$ilAccess->checkAccess(
'edit_permission', 
'', 
$target_id)) {
 
  453            return $this->
__raiseError(
'Check access failed. No permission to create roles', 
'Server');
 
  457        include_once 
'webservice/soap/classes/class.ilObjectXMLParser.php';
 
  460        $xml_parser->startParsing();
 
  462        foreach ($xml_parser->getObjectData() as $object_data) {
 
  465            if (substr($object_data[
'title'], 0, 3) == 
"il_") {
 
  467                    'Rolenames are not allowed to start with "il_" ',
 
  472            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  474            $role->setTitle($object_data[
'title']);
 
  475            $role->setDescription($object_data[
'description']);
 
  476            $role->setImportId($object_data[
'import_id']);
 
  485            $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), 
$target_id);
 
  486            $rbacadmin->grantPermission($role->getId(), $ops, 
$target_id);
 
  487            $new_roles[] = $role->getId();
 
  497        return $new_roles ? $new_roles : array();
 
  505        if (!$this->__checkSession($sid)) {
 
  511        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  512        $rbacreview = 
$DIC[
'rbacreview'];
 
  513        $ilAccess = 
$DIC[
'ilAccess'];
 
  518                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  525                'No valid user id given.',
 
  531            return $this->
__raiseError(
"Parent with ID $target_id has been deleted.", 
'CLIENT_TARGET_DELETED');
 
  537        if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 
'visible', 
'', $tmp_obj->getRefId())) {
 
  540        $op_data = $rbacreview->getOperation(2);
 
  541        $ops_data[] = $op_data;
 
  543        if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 
'read', 
'', $tmp_obj->getRefId())) {
 
  549        $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
 
  550        foreach ($ops as $ops_id) {
 
  551            $op_data = $rbacreview->getOperation($ops_id);
 
  553            if ($rbacsystem->checkAccessOfUser($user_id, $op_data[
'operation'], $tmp_obj->getRefId())) {
 
  554                $ops_data[$ops_id] = $op_data;
 
  558        foreach ($ops_data as 
$data) {
 
  561        return $ret_data ? $ret_data : array();
 
  577        if (!$this->__checkSession($sid)) {
 
  583        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  584        $rbacreview = 
$DIC[
'rbacreview'];
 
  588        if (strcasecmp($role_type, 
"") != 0 &&
 
  589        strcasecmp($role_type, 
"local") != 0 &&
 
  590        strcasecmp($role_type, 
"global") != 0 &&
 
  591        strcasecmp($role_type, 
"user") != 0 &&
 
  592        strcasecmp($role_type, 
"user_login") != 0 &&
 
  593        strcasecmp($role_type, 
"template") != 0) {
 
  594            return $this->
__raiseError(
'Called service with wrong role_type parameter \'' . $role_type . 
'\'', 
'Client');
 
  600        if (strcasecmp($role_type, 
"template") == 0) {
 
  602            $roles = $rbacreview->getRolesByFilter(6, 
$ilUser->getId());
 
  603        } elseif (strcasecmp($role_type, 
"user")==0 || strcasecmp($role_type, 
"user_login")==0) {
 
  606            if ($user_id != 
$ilUser->getId()) {
 
  609                $timelimitOwner = $tmpUser->getTimeLimitOwner();
 
  610                if (!$rbacsystem->checkAccess(
'read', $timelimitOwner)) {
 
  611                    return $this->
__raiseError(
'Check access for time limit owner failed.', 
'Server');
 
  617                "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
 
  618                join(
"','", $rbacreview->assignedRoles($user_id))
 
  623                if ($rbacrow[
"assign"] != 
"y") {
 
  629                if ($rbacrow[
"parent"] == ROLE_FOLDER_ID) {
 
  637                            "obj_id" =>$rbacrow[
"rol_id"],
 
  638                            "title" => $tmp_obj->getTitle(),
 
  639                            "description" => $tmp_obj->getDescription(),
 
  640                            "role_type" => 
$type);
 
  643        } elseif (
$id == 
"-1") {
 
  645            if (!$rbacsystem->checkAccess(
'read', ROLE_FOLDER_ID)) {
 
  646                return $this->
__raiseError(
'Check access failed.', 
'Server');
 
  649            $roles = $rbacreview->getAssignableRoles(
false, 
true);
 
  653            if (!$rbacsystem->checkAccess(
'edit_permission', 
$id)) {
 
  654                return $this->
__raiseError(
'Check access for local roles failed.', 
'Server');
 
  657            if (!is_numeric(
$id)) {
 
  658                return $this->
__raiseError(
'Id must be numeric to process roles of a repository object.', 
'Client');
 
  661            $role_type = 
"local";
 
  663            foreach ($rbacreview->getRolesOfRoleFolder(
$id, 
false) as $role_id) {
 
  665                    $roles[] = array(
"obj_id" => $role_id, 
"title" => $tmp_obj->getTitle(), 
"description" => $tmp_obj->getDescription(), 
"role_type" => $role_type);
 
  671        include_once 
'./webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
 
  674        $xml_writer->setObjects($roles);
 
  675        $xml_writer->setType($role_type);
 
  676        if ($xml_writer->start()) {
 
  677            return $xml_writer->getXML();
 
  696        if (!$this->__checkSession($sid)) {
 
  702        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  703        $rbacreview = 
$DIC[
'rbacreview'];
 
  708        if (strcasecmp($role_type, 
"") != 0 &&
 
  709        strcasecmp($role_type, 
"local") != 0 &&
 
  710        strcasecmp($role_type, 
"global") != 0 &&
 
  711        strcasecmp($role_type, 
"template") != 0) {
 
  712            return $this->
__raiseError(
'Called service with wrong role_type parameter \'' . $role_type . 
'\'', 
'Client');
 
  715        if ($combination != 
'and' and $combination != 
'or') {
 
  717                'No valid combination given. Must be "and" or "or".',
 
  722        include_once 
'./Services/Search/classes/class.ilQueryParser.php';
 
  725        $query_parser->setMinWordLength(3);
 
  727        $query_parser->parse();
 
  728        if (!$query_parser->validate()) {
 
  729            return $this->
__raiseError($query_parser->getMessage(), 
'Client');
 
  732        include_once 
'./Services/Search/classes/class.ilObjectSearchFactory.php';
 
  735        $object_search->setFilter(array(
"role",
"rolt"));
 
  737        $res = $object_search->performSearch();
 
  738        $res->filter(ROOT_FOLDER_ID, $combination == 
'and' ? 
true : 
false);
 
  741        foreach (
$res->getUniqueResults() as $entry) {
 
  742            $obj_ids [] = $entry[
'obj_id'];
 
  746        if (count($obj_ids)> 0) {
 
  748            $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type == 
"template");
 
  751        include_once 
'./webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
 
  753        $xml_writer->setObjects($roles);
 
  754        $xml_writer->setType($role_type);
 
  755        if ($xml_writer->start()) {
 
  756            return $xml_writer->getXML();
 
  763        if (strcasecmp($role_type, 
"user")==0) {
 
  766            if (!is_numeric($user_id)) {
 
  767                return $this->
__raiseError(
'ID must be either numeric or ILIAS conform id for type \'user\'', 
'Client');
 
  769        } elseif (strcasecmp($role_type, 
"user_login") == 0) {
 
  774                return $this->
__raiseError(
'User with login \'' . 
$id . 
'\' does not exist!
', 'Client
'); 
An exception for terminatinating execution or to throw for unit testing.
static _lookupId($a_user_str)
Lookup id by login.
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
static _getObjectSearchInstance($query_parser)
get reference of ilFulltext/LikeObjectSearch.
static _isInTrash($a_ref_id)
checks wether object is in trash
static _lookupType($a_id, $a_reference=false)
lookup object type
initAuth($sid)
Init authentication.
__raiseError($a_message, $a_code)
getLocalRoles($sid, $ref_id)
addUserRoleEntry($sid, $user_id, $role_id)
revokePermissions($sid, $ref_id, $role_id)
addRoleFromTemplate($sid, $target_id, $role_xml, $template_id)
grantPermissions($sid, $ref_id, $role_id, $permissions)
parseUserID($id, $role_type)
deleteUserRoleEntry($sid, $user_id, $role_id)
getRoles($sid, $role_type, $id)
get roles for a specific type and id
addRole($sid, $target_id, $role_xml)
getUserRoles($sid, $user_id)
deleteRole($sid, $role_id)
searchRoles($sid, $key, $combination, $role_type)
search for roles.
getObjectTreeOperations($sid, $ref_id, $user_id)
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
if(!array_key_exists('StateId', $_REQUEST)) $id
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
foreach($_POST as $key=> $value) $res