ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilSoapRBACAdministration.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapRBACAdministration extends ilSoapAdministration
36 {
37  public function deleteRole($sid, $role_id)
38  {
39  $this->initAuth($sid);
40  $this->initIlias();
41 
42  if (!$this->__checkSession($sid)) {
43  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
44  }
45 
46  global $DIC;
47 
48  $rbacreview = $DIC['rbacreview'];
49  $rbacsystem = $DIC['rbacsystem'];
50  $ilAccess = $DIC['ilAccess'];
51 
52  if (!$tmp_role =&ilObjectFactory::getInstanceByObjId($role_id, false) or $tmp_role->getType() != 'role') {
53  return $this->__raiseError(
54  'No valid role id given. Please choose an existing id of an ILIAS role',
55  'Client'
56  );
57  }
58 
59 
60  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
61  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
62  return $this->__raiseError('Check access failed. No permission to delete role', 'Server');
63  }
64 
65  // if it's last role of an user
66  foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
67  if (count($rbacreview->assignedRoles($user_id)) == 1) {
68  return $this->__raiseError(
69  'Cannot deassign last role of users',
70  'Client'
71  );
72  }
73  }
74 
75  // set parent id (role folder id) of role
76  $rolf_id = end($rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, true));
77  $tmp_role->setParent($rolf_id);
78  $tmp_role->delete();
79 
80  return true;
81  }
82 
83  public function addUserRoleEntry($sid, $user_id, $role_id)
84  {
85  $this->initAuth($sid);
86  $this->initIlias();
87 
88  if (!$this->__checkSession($sid)) {
89  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
90  }
91 
92  global $DIC;
93 
94  $rbacadmin = $DIC['rbacadmin'];
95  $rbacreview = $DIC['rbacreview'];
96  $ilAccess = $DIC['ilAccess'];
97 
98  $tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false);
99  if (!$tmp_user instanceof ilObjUser) {
100  return $this->__raiseError(
101  'No valid user id given. Please choose an existing id of an ILIAS user',
102  'Client'
103  );
104  }
105  $tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false);
106  if (!$tmp_role instanceof ilObjRole) {
107  return $this->__raiseError(
108  'No valid role id given. Please choose an existing id of an ILIAS role',
109  'Client'
110  );
111  }
112 
113  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
114  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
115  return $this->__raiseError('Check access failed. No permission to assign users', 'Server');
116  }
117 
118  if (!$rbacadmin->assignUser($role_id, $user_id)) {
119  return $this->__raiseError(
120  'Error rbacadmin->assignUser()',
121  'Server'
122  );
123  }
124  return true;
125  }
126  public function deleteUserRoleEntry($sid, $user_id, $role_id)
127  {
128  $this->initAuth($sid);
129  $this->initIlias();
130 
131  if (!$this->__checkSession($sid)) {
132  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
133  }
134 
135  global $DIC;
136 
137  $rbacadmin = $DIC['rbacadmin'];
138  $ilAccess = $DIC['ilAccess'];
139  $rbacreview = $DIC['rbacreview'];
140 
141  if ($tmp_user =&ilObjectFactory::getInstanceByObjId($user_id, false) and $tmp_user->getType() != 'usr') {
142  return $this->__raiseError(
143  'No valid user id given. Please choose an existing id of an ILIAS user',
144  'Client'
145  );
146  }
147  if ($tmp_role =&ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() != 'role') {
148  return $this->__raiseError(
149  'No valid role id given. Please choose an existing id of an ILIAS role',
150  'Client'
151  );
152  }
153 
154  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
155  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
156  return $this->__raiseError('Check access failed. No permission to deassign users', 'Server');
157  }
158 
159  if (!$rbacadmin->deassignUser($role_id, $user_id)) {
160  return $this->__raiseError(
161  'Error rbacadmin->deassignUser()',
162  'Server'
163  );
164  }
165  return true;
166  }
167 
168  public function getOperations($sid)
169  {
170  $this->initAuth($sid);
171  $this->initIlias();
172 
173  if (!$this->__checkSession($sid)) {
174  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
175  }
176 
177  global $DIC;
178 
179  $rbacreview = $DIC['rbacreview'];
180 
181  if (is_array($ops = $rbacreview->getOperations())) {
182  return $ops;
183  } else {
184  return $this->__raiseError('Unknown error', 'Server');
185  }
186  }
187 
188  public function revokePermissions($sid, $ref_id, $role_id)
189  {
190  $this->initAuth($sid);
191  $this->initIlias();
192 
193  if (!$this->__checkSession($sid)) {
194  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
195  }
196 
197  global $DIC;
198 
199  $rbacadmin = $DIC['rbacadmin'];
200  $ilAccess = $DIC['ilAccess'];
201 
202  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($ref_id, false)) {
203  return $this->__raiseError(
204  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
205  'Client'
206  );
207  }
208  if ($tmp_role =&ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() != 'role') {
209  return $this->__raiseError(
210  'No valid role id given. Please choose an existing id of an ILIAS role',
211  'Client'
212  );
213  }
214  if ($role_id == SYSTEM_ROLE_ID) {
215  return $this->__raiseError(
216  'Cannot revoke permissions of system role',
217  'Client'
218  );
219  }
220 
221  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
222  return $this->__raiseError('Check access failed. No permission to revoke permissions', 'Server');
223  }
224 
225  $rbacadmin->revokePermission($ref_id, $role_id);
226 
227  return true;
228  }
229  public function grantPermissions($sid, $ref_id, $role_id, $permissions)
230  {
231  $this->initAuth($sid);
232  $this->initIlias();
233 
234  if (!$this->__checkSession($sid)) {
235  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
236  }
237 
238  global $DIC;
239 
240  $rbacadmin = $DIC['rbacadmin'];
241  $ilAccess = $DIC['ilAccess'];
242 
243  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($ref_id, false)) {
244  return $this->__raiseError(
245  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
246  'Client'
247  );
248  }
249  if ($tmp_role =&ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() != 'role') {
250  return $this->__raiseError(
251  'No valid role id given. Please choose an existing id of an ILIAS role',
252  'Client'
253  );
254  }
255 
256  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
257  return $this->__raiseError('Check access failed. No permission to grant permissions', 'Server');
258  }
259 
260 
261  // mjansen@databay.de: dirty fix
262  if (isset($permissions['item'])) {
263  $permissions = $permissions['item'];
264  }
265 
266  if (!is_array($permissions)) {
267  return $this->__raiseError(
268  'No valid permissions given.' . print_r($permissions),
269  'Client'
270  );
271  }
272 
273  $rbacadmin->revokePermission($ref_id, $role_id);
274  $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
275 
276  return true;
277  }
278 
279  public function getLocalRoles($sid, $ref_id)
280  {
281  $this->initAuth($sid);
282  $this->initIlias();
283 
284  if (!$this->__checkSession($sid)) {
285  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
286  }
287 
288  global $DIC;
289 
290  $rbacreview = $DIC['rbacreview'];
291  $ilAccess = $DIC['ilAccess'];
292 
293  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($ref_id, false)) {
294  return $this->__raiseError(
295  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
296  'Client'
297  );
298  }
299 
300  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
301  return $this->__raiseError('Check access failed. No permission to access role information', 'Server');
302  }
303 
304 
305  foreach ($rbacreview->getRolesOfRoleFolder($ref_id, false) as $role_id) {
306  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
307  $objs[] = $tmp_obj;
308  }
309  }
310  if (count($objs)) {
311  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
312 
313  $xml_writer = new ilObjectXMLWriter();
314  $xml_writer->setObjects($objs);
315  if ($xml_writer->start()) {
316  return $xml_writer->getXML();
317  }
318  }
319  return '';
320  }
321 
322  public function getUserRoles($sid, $user_id)
323  {
324  $this->initAuth($sid);
325  $this->initIlias();
326 
327  if (!$this->__checkSession($sid)) {
328  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
329  }
330 
331  global $DIC;
332 
333  $rbacreview = $DIC['rbacreview'];
334 
335  if (!$tmp_user =&ilObjectFactory::getInstanceByObjId($user_id, false)) {
336  return $this->__raiseError(
337  'No valid user id given. Please choose an existing id of an ILIAS user',
338  'Client'
339  );
340  }
341 
342  foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
343  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
344  $objs[] = $tmp_obj;
345  }
346  }
347  if (count($objs)) {
348  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
349 
350  $xml_writer = new ilObjectXMLWriter();
351  $xml_writer->setObjects($objs);
352  if ($xml_writer->start()) {
353  return $xml_writer->getXML();
354  }
355  }
356  return '';
357  }
358 
359  public function addRole($sid, $target_id, $role_xml)
360  {
361  $this->initAuth($sid);
362  $this->initIlias();
363 
364  if (!$this->__checkSession($sid)) {
365  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
366  }
367 
368  global $DIC;
369 
370  $rbacreview = $DIC['rbacreview'];
371  $objDefinition = $DIC['objDefinition'];
372  $rbacsystem = $DIC['rbacsystem'];
373  $ilAccess = $DIC['ilAccess'];
374 
375  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($target_id, false)) {
376  return $this->__raiseError(
377  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
378  'Client'
379  );
380  }
381 
382  if (ilObject::_isInTrash($target_id)) {
383  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
384  }
385 
386  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
387  return $this->__raiseError('Check access failed. No permission to create roles', 'Server');
388  }
389 
390  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
391 
392  $xml_parser = new ilObjectXMLParser($role_xml);
393  $xml_parser->startParsing();
394 
395  foreach ($xml_parser->getObjectData() as $object_data) {
396 
397  // check if role title has il_ prefix
398  if (substr($object_data['title'], 0, 3) == "il_") {
399  return $this->__raiseError(
400  'Rolenames are not allowed to start with "il_" ',
401  'Client'
402  );
403  }
404 
405  include_once './Services/AccessControl/classes/class.ilObjRole.php';
406  $role = new ilObjRole();
407  $role->setTitle($object_data['title']);
408  $role->setDescription($object_data['description']);
409  $role->setImportId($object_data['import_id']);
410  $role->create();
411 
412  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
413  $new_roles[] = $role->getId();
414  }
415 
416  return $new_roles ? $new_roles : array();
417  }
418 
419  public function addRoleFromTemplate($sid, $target_id, $role_xml, $template_id)
420  {
421  $this->initAuth($sid);
422  $this->initIlias();
423 
424  if (!$this->__checkSession($sid)) {
425  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
426  }
427 
428  global $DIC;
429 
430  $rbacreview = $DIC['rbacreview'];
431  $objDefinition = $DIC['objDefinition'];
432  $rbacsystem = $DIC['rbacsystem'];
433  $rbacadmin = $DIC['rbacadmin'];
434  $ilAccess = $DIC['ilAccess'];
435 
436  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($target_id, false)) {
437  return $this->__raiseError(
438  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
439  'Client'
440  );
441  }
442  if (ilObject::_lookupType($template_id) != 'rolt') {
443  return $this->__raiseError(
444  'No valid template id given. Please choose an existing object id of an ILIAS role template',
445  'Client'
446  );
447  }
448 
449 
450  if (ilObject::_isInTrash($target_id)) {
451  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
452  }
453 
454  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
455  return $this->__raiseError('Check access failed. No permission to create roles', 'Server');
456  }
457 
458 
459  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
460 
461  $xml_parser = new ilObjectXMLParser($role_xml);
462  $xml_parser->startParsing();
463 
464  foreach ($xml_parser->getObjectData() as $object_data) {
465 
466  // check if role title has il_ prefix
467  if (substr($object_data['title'], 0, 3) == "il_") {
468  return $this->__raiseError(
469  'Rolenames are not allowed to start with "il_" ',
470  'Client'
471  );
472  }
473 
474  include_once './Services/AccessControl/classes/class.ilObjRole.php';
475  $role = new ilObjRole();
476  $role->setTitle($object_data['title']);
477  $role->setDescription($object_data['description']);
478  $role->setImportId($object_data['import_id']);
479  $role->create();
480 
481  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
482 
483  // Copy permssions
484  $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
485 
486  // Set object permissions according to role template
487  $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
488  $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
489  $new_roles[] = $role->getId();
490  }
491 
492 
493  // CREATE ADMIN ROLE
494 
495 
496 
497 
498 
499  return $new_roles ? $new_roles : array();
500  }
501 
502  public function getObjectTreeOperations($sid, $ref_id, $user_id)
503  {
504  $this->initAuth($sid);
505  $this->initIlias();
506 
507  if (!$this->__checkSession($sid)) {
508  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
509  }
510 
511  global $DIC;
512 
513  $rbacsystem = $DIC['rbacsystem'];
514  $rbacreview = $DIC['rbacreview'];
515  $ilAccess = $DIC['ilAccess'];
516 
517 
518  if (!$tmp_obj =&ilObjectFactory::getInstanceByRefId($ref_id, false)) {
519  return $this->__raiseError(
520  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
521  'Client'
522  );
523  }
524 
525  if (!$tmp_user =&ilObjectFactory::getInstanceByObjId($user_id, false)) {
526  return $this->__raiseError(
527  'No valid user id given.',
528  'Client'
529  );
530  }
531 
532  if (ilObject::_isInTrash($ref_id)) {
533  return $this->__raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
534  }
535 
536 
537 
538  // check visible for all upper tree entries
539  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'visible', '', $tmp_obj->getRefId())) {
540  return array();
541  }
542  $op_data = $rbacreview->getOperation(2);
543  $ops_data[] = $op_data;
544 
545  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'read', '', $tmp_obj->getRefId())) {
546  return $ops_data;
547  }
548 
549 
550  $ops_data = array();
551  $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
552  foreach ($ops as $ops_id) {
553  $op_data = $rbacreview->getOperation($ops_id);
554 
555  if ($rbacsystem->checkAccessOfUser($user_id, $op_data['operation'], $tmp_obj->getRefId())) {
556  $ops_data[$ops_id] = $op_data;
557  }
558  }
559 
560  foreach ($ops_data as $data) {
561  $ret_data[] = $data;
562  }
563  return $ret_data ? $ret_data : array();
564  }
565 
574  public function getRoles($sid, $role_type, $id)
575  {
576  $this->initAuth($sid);
577  $this->initIlias();
578 
579  if (!$this->__checkSession($sid)) {
580  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
581  }
582 
583  global $DIC;
584 
585  $rbacsystem = $DIC['rbacsystem'];
586  $rbacreview = $DIC['rbacreview'];
587  $ilUser = $DIC['ilUser'];
588  $ilDB = $DIC['ilDB'];
589 
590  if (strcasecmp($role_type, "") != 0 &&
591  strcasecmp($role_type, "local") != 0 &&
592  strcasecmp($role_type, "global") != 0 &&
593  strcasecmp($role_type, "user") != 0 &&
594  strcasecmp($role_type, "user_login") != 0 &&
595  strcasecmp($role_type, "template") != 0) {
596  return $this->__raiseError('Called service with wrong role_type parameter \'' . $role_type . '\'', 'Client');
597  }
598 
599  $roles = array();
600 
601 
602  if (strcasecmp($role_type, "template") == 0) {
603  // get templates
604  $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
605  } elseif (strcasecmp($role_type, "user")==0 || strcasecmp($role_type, "user_login")==0) {
606  // handle user roles
607  $user_id = $this->parseUserID($id, $role_type);
608  if ($user_id != $ilUser->getId()) {
609  // check access for user folder
610  $tmpUser = new ilObjUser($user_id);
611  $timelimitOwner = $tmpUser->getTimeLimitOwner();
612  if (!$rbacsystem->checkAccess('read', $timelimitOwner)) {
613  return $this->__raiseError('Check access for time limit owner failed.', 'Server');
614  }
615  }
616  $role_type = ""; // local and global roles for user
617 
618  $query = sprintf(
619  "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
620  join("','", $rbacreview->assignedRoles($user_id))
621  );
622 
623  $rbacresult = $ilDB->query($query);
624  while ($rbacrow = $rbacresult->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
625  if ($rbacrow["assign"] != "y") {
626  continue;
627  }
628 
629  $type = "";
630 
631  if ($rbacrow["parent"] == ROLE_FOLDER_ID) {
632  $type = "Global";
633  } else {
634  $type = "Local";
635  }
636  if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"], false)) {
637  /* @var $tmp_obj IlObjRole */
638  $roles[] = array(
639  "obj_id" =>$rbacrow["rol_id"],
640  "title" => $tmp_obj->getTitle(),
641  "description" => $tmp_obj->getDescription(),
642  "role_type" => $type);
643  }
644  }
645  } elseif ($id == "-1") {
646  // get all roles of system role folder
647  if (!$rbacsystem->checkAccess('read', ROLE_FOLDER_ID)) {
648  return $this->__raiseError('Check access failed.', 'Server');
649  }
650 
651  $roles = $rbacreview->getAssignableRoles(false, true);
652  } else {
653  // get local roles for a specific repository object
654  // needs permission to read permissions of this object
655  if (!$rbacsystem->checkAccess('edit_permission', $id)) {
656  return $this->__raiseError('Check access for local roles failed.', 'Server');
657  }
658 
659  if (!is_numeric($id)) {
660  return $this->__raiseError('Id must be numeric to process roles of a repository object.', 'Client');
661  }
662 
663  $role_type = "local";
664 
665  foreach ($rbacreview->getRolesOfRoleFolder($id, false) as $role_id) {
666  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
667  $roles[] = array("obj_id" => $role_id, "title" => $tmp_obj->getTitle(), "description" => $tmp_obj->getDescription(), "role_type" => $role_type);
668  }
669  }
670  }
671 
672 
673  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
674 
675  $xml_writer = new ilSoapRoleObjectXMLWriter();
676  $xml_writer->setObjects($roles);
677  $xml_writer->setType($role_type);
678  if ($xml_writer->start()) {
679  return $xml_writer->getXML();
680  }
681  }
682 
693  public function searchRoles($sid, $key, $combination, $role_type)
694  {
695  $this->initAuth($sid);
696  $this->initIlias();
697 
698  if (!$this->__checkSession($sid)) {
699  return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
700  }
701 
702  global $DIC;
703 
704  $rbacsystem = $DIC['rbacsystem'];
705  $rbacreview = $DIC['rbacreview'];
706  $ilUser = $DIC['ilUser'];
707  $ilDB = $DIC['ilDB'];
708 
709 
710  if (strcasecmp($role_type, "") != 0 &&
711  strcasecmp($role_type, "local") != 0 &&
712  strcasecmp($role_type, "global") != 0 &&
713  strcasecmp($role_type, "template") != 0) {
714  return $this->__raiseError('Called service with wrong role_type parameter \'' . $role_type . '\'', 'Client');
715  }
716 
717  if ($combination != 'and' and $combination != 'or') {
718  return $this->__raiseError(
719  'No valid combination given. Must be "and" or "or".',
720  'Client'
721  );
722  }
723 
724  include_once './Services/Search/classes/class.ilQueryParser.php';
725 
726  $query_parser = new ilQueryParser($key);
727  $query_parser->setMinWordLength(3);
728  $query_parser->setCombination($combination == 'and' ? QP_COMBINATION_AND : QP_COMBINATION_OR);
729  $query_parser->parse();
730  if (!$query_parser->validate()) {
731  return $this->__raiseError($query_parser->getMessage(), 'Client');
732  }
733 
734  include_once './Services/Search/classes/class.ilObjectSearchFactory.php';
735 
736  $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
737  $object_search->setFilter(array("role","rolt"));
738 
739  $res = $object_search->performSearch();
740  $res->filter(ROOT_FOLDER_ID, $combination == 'and' ? true : false);
741 
742  $obj_ids = array();
743  foreach ($res->getUniqueResults() as $entry) {
744  $obj_ids [] = $entry['obj_id'];
745  }
746 
747  $roles = array();
748  if (count($obj_ids)> 0) {
749  #print_r($obj_ids);
750  $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type == "template");
751  }
752  #print_r($roles);
753  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
754  $xml_writer = new ilSoapRoleObjectXMLWriter();
755  $xml_writer->setObjects($roles);
756  $xml_writer->setType($role_type);
757  if ($xml_writer->start()) {
758  return $xml_writer->getXML();
759  }
760  }
761 
762 
763  private function parseUserID($id, $role_type)
764  {
765  if (strcasecmp($role_type, "user")==0) {
766  // get user roles for user id, which can be numeric or ilias id
767  $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
768  if (!is_numeric($user_id)) {
769  return $this->__raiseError('ID must be either numeric or ILIAS conform id for type \'user\'', 'Client');
770  }
771  } elseif (strcasecmp($role_type, "user_login") == 0) {
772  // check for login
773  $user_id = ilObjUser::_lookupId($id);
774  if (!$user_id) {
775  // could not find a valid user
776  return $this->__raiseError('User with login \'' . $id . '\' does not exist!', 'Client');
777  }
778  }
779  return $user_id;
780  }
781 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
$data
$data
Definition: storeScorm.php:23
IL_INST_ID
const IL_INST_ID
Definition: constants.php:38
$type
$type
Definition: proxy_ylocal.php:10
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:30
ilSoapRBACAdministration\grantPermissions
grantPermissions($sid, $ref_id, $role_id, $permissions)
Definition: class.ilSoapRBACAdministration.php:229
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
ilSoapRBACAdministration\addUserRoleEntry
addUserRoleEntry($sid, $user_id, $role_id)
Definition: class.ilSoapRBACAdministration.php:83
ilObject\_isInTrash
static _isInTrash($a_ref_id)
checks wether object is in trash
Definition: class.ilObject.php:1296
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:832
$target_id
$target_id
Definition: goto.php:51
ilSoapRBACAdministration\searchRoles
searchRoles($sid, $key, $combination, $role_type)
search for roles.
Definition: class.ilSoapRBACAdministration.php:693
ilSoapRBACAdministration\addRole
addRole($sid, $target_id, $role_xml)
Definition: class.ilSoapRBACAdministration.php:359
ilSoapRBACAdministration\getRoles
getRoles($sid, $role_type, $id)
get roles for a specific type and id
Definition: class.ilSoapRBACAdministration.php:574
QP_COMBINATION_OR
const QP_COMBINATION_OR
Definition: class.ilQueryParser.php:21
ilSoapRBACAdministration\revokePermissions
revokePermissions($sid, $ref_id, $role_id)
Definition: class.ilSoapRBACAdministration.php:188
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilSoapAdministration\__raiseError
__raiseError($a_message, $a_code)
Definition: class.ilSoapAdministration.php:206
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:70
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:32
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281
ilSoapRBACAdministration\addRoleFromTemplate
addRoleFromTemplate($sid, $target_id, $role_xml, $template_id)
Definition: class.ilSoapRBACAdministration.php:419
ilObjectSearchFactory\_getObjectSearchInstance
static _getObjectSearchInstance($query_parser)
get reference of ilFulltext/LikeObjectSearch.
Definition: class.ilObjectSearchFactory.php:46
ilSoapAdministration\initAuth
initAuth($sid)
Init authentication.
Definition: class.ilSoapAdministration.php:177
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilSoapRBACAdministration\deleteUserRoleEntry
deleteUserRoleEntry($sid, $user_id, $role_id)
Definition: class.ilSoapRBACAdministration.php:126
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:131
QP_COMBINATION_AND
const QP_COMBINATION_AND
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilQueryParser.php:20
$ilUser
$ilUser
Definition: imgupload.php:18
ilSoapRBACAdministration\getObjectTreeOperations
getObjectTreeOperations($sid, $ref_id, $user_id)
Definition: class.ilSoapRBACAdministration.php:502
ilUtil\__extractId
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:4397