33include_once 
'./webservice/soap/classes/class.ilSoapAdministration.php';
 
   42        if (!$this->__checkSession($sid)) {
 
   48        $rbacreview = 
$DIC[
'rbacreview'];
 
   49        $rbacsystem = 
$DIC[
'rbacsystem'];
 
   50        $ilAccess = 
$DIC[
'ilAccess'];
 
   54                'No valid role id given. Please choose an existing id of an ILIAS role',
 
   60        $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
 
   61        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $obj_ref)) {
 
   62            return $this->
__raiseError(
'Check access failed. No permission to delete role', 
'Server');
 
   66        foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
 
   67            if (count($rbacreview->assignedRoles($user_id)) == 1) {
 
   69                    'Cannot deassign last role of users',
 
   76        $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, 
true));
 
   77        $tmp_role->setParent($rolf_id);
 
   88        if (!$this->__checkSession($sid)) {
 
   94        $rbacadmin = 
$DIC[
'rbacadmin'];
 
   95        $rbacreview = 
$DIC[
'rbacreview'];
 
   96        $ilAccess = 
$DIC[
'ilAccess'];
 
  101                'No valid user id given. Please choose an existing id of an ILIAS user',
 
  108                'No valid role id given. Please choose an existing id of an ILIAS role',
 
  113        $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
 
  114        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $obj_ref)) {
 
  115            return $this->
__raiseError(
'Check access failed. No permission to assign users', 
'Server');
 
  118        if (!$rbacadmin->assignUser($role_id, $user_id)) {
 
  120                'Error rbacadmin->assignUser()',
 
  131        if (!$this->__checkSession($sid)) {
 
  137        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  138        $ilAccess = 
$DIC[
'ilAccess'];
 
  139        $rbacreview = 
$DIC[
'rbacreview'];
 
  143                'No valid user id given. Please choose an existing id of an ILIAS user',
 
  149                'No valid role id given. Please choose an existing id of an ILIAS role',
 
  154        $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
 
  155        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $obj_ref)) {
 
  156            return $this->
__raiseError(
'Check access failed. No permission to deassign users', 
'Server');
 
  159        if (!$rbacadmin->deassignUser($role_id, $user_id)) {
 
  161                'Error rbacadmin->deassignUser()',
 
  173        if (!$this->__checkSession($sid)) {
 
  179        $rbacreview = 
$DIC[
'rbacreview'];
 
  181        if (is_array($ops = $rbacreview->getOperations())) {
 
  193        if (!$this->__checkSession($sid)) {
 
  199        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  200        $ilAccess = 
$DIC[
'ilAccess'];
 
  204                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  210                'No valid role id given. Please choose an existing id of an ILIAS role',
 
  214        if ($role_id == SYSTEM_ROLE_ID) {
 
  216                'Cannot revoke permissions of system role',
 
  221        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $ref_id)) {
 
  222            return $this->
__raiseError(
'Check access failed. No permission to revoke permissions', 
'Server');
 
  225        $rbacadmin->revokePermission($ref_id, $role_id);
 
  234        if (!$this->__checkSession($sid)) {
 
  240        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  241        $ilAccess = 
$DIC[
'ilAccess'];
 
  245                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  251                'No valid role id given. Please choose an existing id of an ILIAS role',
 
  256        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $ref_id)) {
 
  257            return $this->
__raiseError(
'Check access failed. No permission to grant permissions', 
'Server');
 
  262        if (isset($permissions[
'item'])) {
 
  263            $permissions = $permissions[
'item'];
 
  266        if (!is_array($permissions)) {
 
  268                'No valid permissions given.' . print_r($permissions),
 
  273        $rbacadmin->revokePermission($ref_id, $role_id);
 
  274        $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
 
  284        if (!$this->__checkSession($sid)) {
 
  290        $rbacreview = 
$DIC[
'rbacreview'];
 
  291        $ilAccess = 
$DIC[
'ilAccess'];
 
  295                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  300        if (!$ilAccess->checkAccess(
'edit_permission', 
'', $ref_id)) {
 
  301            return $this->
__raiseError(
'Check access failed. No permission to access role information', 
'Server');
 
  305        foreach ($rbacreview->getRolesOfRoleFolder($ref_id, 
false) as $role_id) {
 
  311            include_once 
'./webservice/soap/classes/class.ilObjectXMLWriter.php';
 
  314            $xml_writer->setObjects($objs);
 
  315            if ($xml_writer->start()) {
 
  316                return $xml_writer->getXML();
 
  327        if (!$this->__checkSession($sid)) {
 
  333        $rbacreview = 
$DIC[
'rbacreview'];
 
  337                'No valid user id given. Please choose an existing id of an ILIAS user',
 
  342        foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
 
  348            include_once 
'./webservice/soap/classes/class.ilObjectXMLWriter.php';
 
  351            $xml_writer->setObjects($objs);
 
  352            if ($xml_writer->start()) {
 
  353                return $xml_writer->getXML();
 
  364        if (!$this->__checkSession($sid)) {
 
  370        $rbacreview = 
$DIC[
'rbacreview'];
 
  371        $objDefinition = 
$DIC[
'objDefinition'];
 
  372        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  373        $ilAccess = 
$DIC[
'ilAccess'];
 
  377                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  383            return $this->
__raiseError(
"Parent with ID $target_id has been deleted.", 
'CLIENT_TARGET_DELETED');
 
  386        if (!$ilAccess->checkAccess(
'edit_permission', 
'', 
$target_id)) {
 
  387            return $this->
__raiseError(
'Check access failed. No permission to create roles', 
'Server');
 
  390        include_once 
'webservice/soap/classes/class.ilObjectXMLParser.php';
 
  393        $xml_parser->startParsing();
 
  395        foreach ($xml_parser->getObjectData() as $object_data) {
 
  398            if (substr($object_data[
'title'], 0, 3) == 
"il_") {
 
  400                    'Rolenames are not allowed to start with "il_" ',
 
  405            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  407            $role->setTitle($object_data[
'title']);
 
  408            $role->setDescription($object_data[
'description']);
 
  409            $role->setImportId($object_data[
'import_id']);
 
  413            $new_roles[] = $role->getId();
 
  416        return $new_roles ? $new_roles : array();
 
  424        if (!$this->__checkSession($sid)) {
 
  430        $rbacreview = 
$DIC[
'rbacreview'];
 
  431        $objDefinition = 
$DIC[
'objDefinition'];
 
  432        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  433        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  434        $ilAccess = 
$DIC[
'ilAccess'];
 
  438                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  444                'No valid template id given. Please choose an existing object id of an ILIAS role template',
 
  451            return $this->
__raiseError(
"Parent with ID $target_id has been deleted.", 
'CLIENT_TARGET_DELETED');
 
  454        if (!$ilAccess->checkAccess(
'edit_permission', 
'', 
$target_id)) {
 
  455            return $this->
__raiseError(
'Check access failed. No permission to create roles', 
'Server');
 
  459        include_once 
'webservice/soap/classes/class.ilObjectXMLParser.php';
 
  462        $xml_parser->startParsing();
 
  464        foreach ($xml_parser->getObjectData() as $object_data) {
 
  467            if (substr($object_data[
'title'], 0, 3) == 
"il_") {
 
  469                    'Rolenames are not allowed to start with "il_" ',
 
  474            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  476            $role->setTitle($object_data[
'title']);
 
  477            $role->setDescription($object_data[
'description']);
 
  478            $role->setImportId($object_data[
'import_id']);
 
  484            $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, 
$target_id, $role->getId());
 
  487            $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), 
$target_id);
 
  488            $rbacadmin->grantPermission($role->getId(), $ops, 
$target_id);
 
  489            $new_roles[] = $role->getId();
 
  499        return $new_roles ? $new_roles : array();
 
  507        if (!$this->__checkSession($sid)) {
 
  513        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  514        $rbacreview = 
$DIC[
'rbacreview'];
 
  515        $ilAccess = 
$DIC[
'ilAccess'];
 
  520                'No valid ref id given. Please choose an existing reference id of an ILIAS object',
 
  527                'No valid user id given.',
 
  533            return $this->
__raiseError(
"Parent with ID $target_id has been deleted.", 
'CLIENT_TARGET_DELETED');
 
  539        if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 
'visible', 
'', $tmp_obj->getRefId())) {
 
  542        $op_data = $rbacreview->getOperation(2);
 
  543        $ops_data[] = $op_data;
 
  545        if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 
'read', 
'', $tmp_obj->getRefId())) {
 
  551        $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
 
  552        foreach ($ops as $ops_id) {
 
  553            $op_data = $rbacreview->getOperation($ops_id);
 
  555            if ($rbacsystem->checkAccessOfUser($user_id, $op_data[
'operation'], $tmp_obj->getRefId())) {
 
  556                $ops_data[$ops_id] = $op_data;
 
  560        foreach ($ops_data as 
$data) {
 
  563        return $ret_data ? $ret_data : array();
 
  579        if (!$this->__checkSession($sid)) {
 
  585        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  586        $rbacreview = 
$DIC[
'rbacreview'];
 
  590        if (strcasecmp($role_type, 
"") != 0 &&
 
  591        strcasecmp($role_type, 
"local") != 0 &&
 
  592        strcasecmp($role_type, 
"global") != 0 &&
 
  593        strcasecmp($role_type, 
"user") != 0 &&
 
  594        strcasecmp($role_type, 
"user_login") != 0 &&
 
  595        strcasecmp($role_type, 
"template") != 0) {
 
  596            return $this->
__raiseError(
'Called service with wrong role_type parameter \'' . $role_type . 
'\'', 
'Client');
 
  602        if (strcasecmp($role_type, 
"template") == 0) {
 
  604            $roles = $rbacreview->getRolesByFilter(6, 
$ilUser->getId());
 
  605        } elseif (strcasecmp($role_type, 
"user")==0 || strcasecmp($role_type, 
"user_login")==0) {
 
  608            if ($user_id != 
$ilUser->getId()) {
 
  611                $timelimitOwner = $tmpUser->getTimeLimitOwner();
 
  612                if (!$rbacsystem->checkAccess(
'read', $timelimitOwner)) {
 
  613                    return $this->
__raiseError(
'Check access for time limit owner failed.', 
'Server');
 
  619                "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
 
  620                join(
"','", $rbacreview->assignedRoles($user_id))
 
  625                if ($rbacrow[
"assign"] != 
"y") {
 
  631                if ($rbacrow[
"parent"] == ROLE_FOLDER_ID) {
 
  639                            "obj_id" =>$rbacrow[
"rol_id"],
 
  640                            "title" => $tmp_obj->getTitle(),
 
  641                            "description" => $tmp_obj->getDescription(),
 
  642                            "role_type" => 
$type);
 
  645        } elseif ($id == 
"-1") {
 
  647            if (!$rbacsystem->checkAccess(
'read', ROLE_FOLDER_ID)) {
 
  648                return $this->
__raiseError(
'Check access failed.', 
'Server');
 
  651            $roles = $rbacreview->getAssignableRoles(
false, 
true);
 
  655            if (!$rbacsystem->checkAccess(
'edit_permission', $id)) {
 
  656                return $this->
__raiseError(
'Check access for local roles failed.', 
'Server');
 
  659            if (!is_numeric($id)) {
 
  660                return $this->
__raiseError(
'Id must be numeric to process roles of a repository object.', 
'Client');
 
  663            $role_type = 
"local";
 
  665            foreach ($rbacreview->getRolesOfRoleFolder($id, 
false) as $role_id) {
 
  667                    $roles[] = array(
"obj_id" => $role_id, 
"title" => $tmp_obj->getTitle(), 
"description" => $tmp_obj->getDescription(), 
"role_type" => $role_type);
 
  673        include_once 
'./webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
 
  676        $xml_writer->setObjects($roles);
 
  677        $xml_writer->setType($role_type);
 
  678        if ($xml_writer->start()) {
 
  679            return $xml_writer->getXML();
 
  698        if (!$this->__checkSession($sid)) {
 
  704        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  705        $rbacreview = 
$DIC[
'rbacreview'];
 
  710        if (strcasecmp($role_type, 
"") != 0 &&
 
  711        strcasecmp($role_type, 
"local") != 0 &&
 
  712        strcasecmp($role_type, 
"global") != 0 &&
 
  713        strcasecmp($role_type, 
"template") != 0) {
 
  714            return $this->
__raiseError(
'Called service with wrong role_type parameter \'' . $role_type . 
'\'', 
'Client');
 
  717        if ($combination != 
'and' and $combination != 
'or') {
 
  719                'No valid combination given. Must be "and" or "or".',
 
  724        include_once 
'./Services/Search/classes/class.ilQueryParser.php';
 
  727        $query_parser->setMinWordLength(3);
 
  729        $query_parser->parse();
 
  730        if (!$query_parser->validate()) {
 
  731            return $this->
__raiseError($query_parser->getMessage(), 
'Client');
 
  734        include_once 
'./Services/Search/classes/class.ilObjectSearchFactory.php';
 
  737        $object_search->setFilter(array(
"role",
"rolt"));
 
  739        $res = $object_search->performSearch();
 
  740        $res->filter(ROOT_FOLDER_ID, $combination == 
'and' ? 
true : 
false);
 
  743        foreach (
$res->getUniqueResults() as $entry) {
 
  744            $obj_ids [] = $entry[
'obj_id'];
 
  748        if (count($obj_ids)> 0) {
 
  750            $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type == 
"template");
 
  753        include_once 
'./webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
 
  755        $xml_writer->setObjects($roles);
 
  756        $xml_writer->setType($role_type);
 
  757        if ($xml_writer->start()) {
 
  758            return $xml_writer->getXML();
 
  765        if (strcasecmp($role_type, 
"user")==0) {
 
  768            if (!is_numeric($user_id)) {
 
  769                return $this->
__raiseError(
'ID must be either numeric or ILIAS conform id for type \'user\'', 
'Client');
 
  771        } elseif (strcasecmp($role_type, 
"user_login") == 0) {
 
  776                return $this->
__raiseError(
'User with login \'' . $id . 
'\' does not exist!
', 'Client
'); 
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
An exception for terminatinating execution or to throw for unit testing.
static _lookupId($a_user_str)
Lookup id by login.
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
static _getObjectSearchInstance($query_parser)
get reference of ilFulltext/LikeObjectSearch.
static _isInTrash($a_ref_id)
checks wether object is in trash
static _lookupType($a_id, $a_reference=false)
lookup object type
initAuth($sid)
Init authentication.
__raiseError($a_message, $a_code)
getLocalRoles($sid, $ref_id)
addUserRoleEntry($sid, $user_id, $role_id)
revokePermissions($sid, $ref_id, $role_id)
addRoleFromTemplate($sid, $target_id, $role_xml, $template_id)
grantPermissions($sid, $ref_id, $role_id, $permissions)
parseUserID($id, $role_type)
deleteUserRoleEntry($sid, $user_id, $role_id)
getRoles($sid, $role_type, $id)
get roles for a specific type and id
addRole($sid, $target_id, $role_xml)
getUserRoles($sid, $user_id)
deleteRole($sid, $role_id)
searchRoles($sid, $key, $combination, $role_type)
search for roles.
getObjectTreeOperations($sid, $ref_id, $user_id)
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
foreach($_POST as $key=> $value) $res