ILIAS  release_8 Revision v8.19-1-g4e8f2f9140c
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Private Member Functions
ilSoapRBACAdministration Class Reference

Soap rbac administration methods. More...

+ Inheritance diagram for ilSoapRBACAdministration:
+ Collaboration diagram for ilSoapRBACAdministration:

Public Member Functions

 deleteRole (string $sid, int $role_id)
 
 addUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 deleteUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 getOperations (string $sid)
 
 revokePermissions (string $sid, int $ref_id, int $role_id)
 
 grantPermissions (string $sid, int $ref_id, int $role_id, array $permissions)
 
 getLocalRoles (string $sid, int $ref_id)
 
 getUserRoles (string $sid, int $user_id)
 
 addRole (string $sid, int $target_id, string $role_xml)
 
 addRoleFromTemplate (string $sid, int $target_id, string $role_xml, int $template_id)
 
 getObjectTreeOperations (string $sid, int $ref_id, int $user_id)
 
 getRoles (string $sid, string $role_type, int $id)
 
 searchRoles (string $sid, string $key, string $combination, string $role_type)
 search for roles. More...
 
- Public Member Functions inherited from ilSoapAdministration
 __construct (bool $use_nusoap=true)
 
 getMessage ()
 
 appendMessage (string $a_str)
 
 setMessageCode (string $a_code)
 
 getMessageCode ()
 
 reInitUser ()
 
 isFault ($object)
 
 getInstallationInfoXML ()
 
 getClientInfoXML (string $clientid)
 

Private Member Functions

 parseUserID (int $id, string $role_type)
 

Additional Inherited Members

- Data Fields inherited from ilSoapAdministration
const NUSOAP = 1
 
const PHP5 = 2
 
int $error_method
 Defines type of error handling (PHP5 || NUSOAP) More...
 
- Protected Member Functions inherited from ilSoapAdministration
 checkSession (string $sid)
 
 explodeSid (string $sid)
 
 setMessage (string $a_str)
 
 initAuth (string $sid)
 
 initIlias ()
 
 initAuthenticationObject ()
 
 raiseError (string $a_message, $a_code)
 
 checkObjectAccess (int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
 check access for ref id: expected type, permission, return object instance if returnobject is true More...
 
- Protected Attributes inherited from ilSoapAdministration
bool $soap_check = true
 
string $message = ''
 
string $message_code = ''
 

Detailed Description

Soap rbac administration methods.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 30 of file class.ilSoapRBACAdministration.php.

Member Function Documentation

◆ addRole()

ilSoapRBACAdministration::addRole ( string  $sid,
int  $target_id,
string  $role_xml 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 369 of file class.ilSoapRBACAdministration.php.

References $DIC, $GLOBALS, $target_id, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

370  {
371  $this->initAuth($sid);
372  $this->initIlias();
373 
374  if (!$this->checkSession($sid)) {
375  return $this->raiseError($this->getMessage(), $this->getMessageCode());
376  }
377 
378  global $DIC;
379 
380  $rbacreview = $DIC['rbacreview'];
381  $objDefinition = $DIC['objDefinition'];
382  $rbacsystem = $DIC['rbacsystem'];
383  $ilAccess = $DIC['ilAccess'];
384 
385  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
386  return $this->raiseError(
387  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
388  'Client'
389  );
390  }
391 
392  if (ilObject::_isInTrash($target_id)) {
393  return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
394  }
395 
396  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
397  return $this->raiseError('Check access failed. No permission to create roles', 'Server');
398  }
399 
400  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
401  $xml_parser = new ilObjectXMLParser($role_xml);
402  $xml_parser->startParsing();
403 
404  $new_roles = [];
405  foreach ($xml_parser->getObjectData() as $object_data) {
406  // check if role title has il_ prefix
407  if (strpos($object_data['title'], "il_") === 0) {
408  return $this->raiseError(
409  'Rolenames are not allowed to start with "il_" ',
410  'Client'
411  );
412  }
413 
414  include_once './Services/AccessControl/classes/class.ilObjRole.php';
415  $role = new ilObjRole();
416  $role->setTitle($object_data['title']);
417  $role->setDescription($object_data['description']);
418  $role->setImportId($object_data['import_id']);
419  $role->create();
420 
421  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
422  $new_roles[] = $role->getId();
423  }
424  return $new_roles;
425  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$target_id
$target_id
Definition: goto.php:52
$DIC
global $DIC
Definition: feed.php:28
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1102
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
+ Here is the call graph for this function:

◆ addRoleFromTemplate()

ilSoapRBACAdministration::addRoleFromTemplate ( string  $sid,
int  $target_id,
string  $role_xml,
int  $template_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 430 of file class.ilSoapRBACAdministration.php.

References $DIC, $GLOBALS, $target_id, ilObject\_isInTrash(), ilObject\_lookupType(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

431  {
432  $this->initAuth($sid);
433  $this->initIlias();
434 
435  if (!$this->checkSession($sid)) {
436  return $this->raiseError($this->getMessage(), $this->getMessageCode());
437  }
438 
439  global $DIC;
440 
441  $rbacreview = $DIC['rbacreview'];
442  $objDefinition = $DIC['objDefinition'];
443  $rbacsystem = $DIC['rbacsystem'];
444  $rbacadmin = $DIC['rbacadmin'];
445  $ilAccess = $DIC['ilAccess'];
446 
447  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
448  return $this->raiseError(
449  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
450  'Client'
451  );
452  }
453  if (ilObject::_lookupType($template_id) !== 'rolt') {
454  return $this->raiseError(
455  'No valid template id given. Please choose an existing object id of an ILIAS role template',
456  'Client'
457  );
458  }
459 
460  if (ilObject::_isInTrash($target_id)) {
461  return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
462  }
463 
464  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
465  return $this->raiseError('Check access failed. No permission to create roles', 'Server');
466  }
467 
468  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
469  $xml_parser = new ilObjectXMLParser($role_xml);
470  $xml_parser->startParsing();
471 
472  $new_roles = [];
473  foreach ($xml_parser->getObjectData() as $object_data) {
474 
475  // check if role title has il_ prefix
476  if (strpos($object_data['title'], "il_") === 0) {
477  return $this->raiseError(
478  'Rolenames are not allowed to start with "il_" ',
479  'Client'
480  );
481  }
482 
483  include_once './Services/AccessControl/classes/class.ilObjRole.php';
484  $role = new ilObjRole();
485  $role->setTitle($object_data['title']);
486  $role->setDescription($object_data['description']);
487  $role->setImportId($object_data['import_id']);
488  $role->create();
489 
490  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
491 
492  // Copy permssions
493  $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
494 
495  // Set object permissions according to role template
496  $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
497  $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
498  $new_roles[] = $role->getId();
499  }
500  return $new_roles;
501  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$target_id
$target_id
Definition: goto.php:52
$DIC
global $DIC
Definition: feed.php:28
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1102
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
+ Here is the call graph for this function:

◆ addUserRoleEntry()

ilSoapRBACAdministration::addUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 83 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

84  {
85  $this->initAuth($sid);
86  $this->initIlias();
87 
88  if (!$this->checkSession($sid)) {
89  return $this->raiseError($this->getMessage(), $this->getMessageCode());
90  }
91 
92  global $DIC;
93 
94  $rbacadmin = $DIC['rbacadmin'];
95  $rbacreview = $DIC['rbacreview'];
96  $ilAccess = $DIC['ilAccess'];
97 
98  $tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false);
99  if (!$tmp_user instanceof ilObjUser) {
100  return $this->raiseError(
101  'No valid user id given. Please choose an existing id of an ILIAS user',
102  'Client'
103  );
104  }
105  $tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false);
106  if (!$tmp_role instanceof ilObjRole) {
107  return $this->raiseError(
108  'No valid role id given. Please choose an existing id of an ILIAS role',
109  'Client'
110  );
111  }
112 
113  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
114  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
115  return $this->raiseError('Check access failed. No permission to assign users', 'Server');
116  }
117 
118  $rbacadmin->assignUser($role_id, $user_id);
119  return true;
120  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ deleteRole()

ilSoapRBACAdministration::deleteRole ( string  $sid,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 35 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

36  {
37  $this->initAuth($sid);
38  $this->initIlias();
39 
40  if (!$this->checkSession($sid)) {
41  return $this->raiseError($this->getMessage(), $this->getMessageCode());
42  }
43 
44  global $DIC;
45 
46  $rbacreview = $DIC['rbacreview'];
47  $rbacsystem = $DIC['rbacsystem'];
48  $ilAccess = $DIC['ilAccess'];
49 
50  if (!($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) || $tmp_role->getType() !== 'role') {
51  return $this->raiseError(
52  'No valid role id given. Please choose an existing id of an ILIAS role',
53  'Client'
54  );
55  }
56 
57  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
58  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
59  return $this->raiseError('Check access failed. No permission to delete role', 'Server');
60  }
61 
62  // if it's last role of an user
63  foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
64  if (count($rbacreview->assignedRoles($user_id)) === 1) {
65  return $this->raiseError(
66  'Cannot deassign last role of users',
67  'Client'
68  );
69  }
70  }
71 
72  // set parent id (role folder id) of role
73  $rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, true);
74  $rolf_id = end($rolf_ids);
75  $tmp_role->setParent((int) $rolf_id);
76  $tmp_role->delete();
77  return true;
78  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ deleteUserRoleEntry()

ilSoapRBACAdministration::deleteUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 125 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

126  {
127  $this->initAuth($sid);
128  $this->initIlias();
129 
130  if (!$this->checkSession($sid)) {
131  return $this->raiseError($this->getMessage(), $this->getMessageCode());
132  }
133 
134  global $DIC;
135 
136  $rbacadmin = $DIC['rbacadmin'];
137  $ilAccess = $DIC['ilAccess'];
138  $rbacreview = $DIC['rbacreview'];
139 
140  if ($tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false) and $tmp_user->getType() !== 'usr') {
141  return $this->raiseError(
142  'No valid user id given. Please choose an existing id of an ILIAS user',
143  'Client'
144  );
145  }
146  if ($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() !== 'role') {
147  return $this->raiseError(
148  'No valid role id given. Please choose an existing id of an ILIAS role',
149  'Client'
150  );
151  }
152 
153  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
154  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
155  return $this->raiseError('Check access failed. No permission to deassign users', 'Server');
156  }
157 
158  $rbacadmin->deassignUser($role_id, $user_id);
159  return true;
160  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ getLocalRoles()

ilSoapRBACAdministration::getLocalRoles ( string  $sid,
int  $ref_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 282 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

283  {
284  $this->initAuth($sid);
285  $this->initIlias();
286 
287  if (!$this->checkSession($sid)) {
288  return $this->raiseError($this->getMessage(), $this->getMessageCode());
289  }
290 
291  global $DIC;
292 
293  $rbacreview = $DIC['rbacreview'];
294  $ilAccess = $DIC['ilAccess'];
295 
296  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
297  return $this->raiseError(
298  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
299  'Client'
300  );
301  }
302 
303  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
304  return $this->raiseError('Check access failed. No permission to access role information', 'Server');
305  }
306 
307  $objs = [];
308  foreach ($rbacreview->getRolesOfRoleFolder($ref_id, false) as $role_id) {
309  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
310  $objs[] = $tmp_obj;
311  }
312  }
313  if (count($objs)) {
314  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
315 
316  $xml_writer = new ilObjectXMLWriter();
317  $xml_writer->setObjects($objs);
318  if ($xml_writer->start()) {
319  return $xml_writer->getXML();
320  }
321  }
322  return '';
323  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilObjectXMLWriter.php:16
+ Here is the call graph for this function:

◆ getObjectTreeOperations()

ilSoapRBACAdministration::getObjectTreeOperations ( string  $sid,
int  $ref_id,
int  $user_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 506 of file class.ilSoapRBACAdministration.php.

References $data, $DIC, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

507  {
508  $this->initAuth($sid);
509  $this->initIlias();
510 
511  if (!$this->checkSession($sid)) {
512  return $this->raiseError($this->getMessage(), $this->getMessageCode());
513  }
514 
515  global $DIC;
516 
517  $rbacsystem = $DIC['rbacsystem'];
518  $rbacreview = $DIC['rbacreview'];
519  $ilAccess = $DIC['ilAccess'];
520 
521  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
522  return $this->raiseError(
523  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
524  'Client'
525  );
526  }
527 
528  if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
529  return $this->raiseError(
530  'No valid user id given.',
531  'Client'
532  );
533  }
534 
535  if (ilObject::_isInTrash($ref_id)) {
536  return $this->raiseError("Parent with ID " . $ref_id . "has been deleted.", 'CLIENT_TARGET_DELETED');
537  }
538 
539  // check visible for all upper tree entries
540  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'visible', '', $tmp_obj->getRefId())) {
541  return array();
542  }
543  $op_data = $rbacreview->getOperation(2);
544  $ops_data[] = $op_data;
545 
546  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'read', '', $tmp_obj->getRefId())) {
547  return $ops_data;
548  }
549 
550  $ops_data = array();
551  $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
552  foreach ($ops as $ops_id) {
553  $op_data = $rbacreview->getOperation($ops_id);
554 
555  if ($rbacsystem->checkAccessOfUser($user_id, $op_data['operation'], $tmp_obj->getRefId())) {
556  $ops_data[$ops_id] = $op_data;
557  }
558  }
559 
560  $ret_data = [];
561  foreach ($ops_data as $data) {
562  $ret_data[] = $data;
563  }
564  return $ret_data;
565  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1102
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ getOperations()

ilSoapRBACAdministration::getOperations ( string  $sid)
Returns
soap_fault|SoapFault|null|array

Definition at line 165 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

166  {
167  $this->initAuth($sid);
168  $this->initIlias();
169 
170  if (!$this->checkSession($sid)) {
171  return $this->raiseError($this->getMessage(), $this->getMessageCode());
172  }
173 
174  global $DIC;
175 
176  $rbacreview = $DIC['rbacreview'];
177 
178  if (is_array($ops = $rbacreview->getOperations())) {
179  return $ops;
180  }
181 
182  return $this->raiseError('Unknown error', 'Server');
183  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
+ Here is the call graph for this function:

◆ getRoles()

ilSoapRBACAdministration::getRoles ( string  $sid,
string  $role_type,
int  $id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 570 of file class.ilSoapRBACAdministration.php.

References $DIC, $ilDB, $ilUser, $query, $type, ilSoapAdministration\checkSession(), ilDBConstants\FETCHMODE_ASSOC, ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), parseUserID(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

571  {
572  $this->initAuth($sid);
573  $this->initIlias();
574 
575  if (!$this->checkSession($sid)) {
576  return $this->raiseError($this->getMessage(), $this->getMessageCode());
577  }
578 
579  global $DIC;
580 
581  $rbacsystem = $DIC['rbacsystem'];
582  $rbacreview = $DIC['rbacreview'];
583  $ilUser = $DIC['ilUser'];
584  $ilDB = $DIC['ilDB'];
585 
586  if (strcasecmp($role_type, "") !== 0 &&
587  strcasecmp($role_type, "local") !== 0 &&
588  strcasecmp($role_type, "global") !== 0 &&
589  strcasecmp($role_type, "user") !== 0 &&
590  strcasecmp($role_type, "user_login") !== 0 &&
591  strcasecmp($role_type, "template") !== 0) {
592  return $this->raiseError(
593  'Called service with wrong role_type parameter \'' . $role_type . '\'',
594  'Client'
595  );
596  }
597 
598  $roles = array();
599 
600  if (strcasecmp($role_type, "template") === 0) {
601  // get templates
602  $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
603  } elseif (strcasecmp($role_type, "user") === 0 || strcasecmp($role_type, "user_login") === 0) {
604  // handle user roles
605  $user_id = $this->parseUserID($id, $role_type);
606  if ((int) $user_id !== $ilUser->getId()) {
607  // check access for user folder
608  $tmpUser = new ilObjUser($user_id);
609  $timelimitOwner = $tmpUser->getTimeLimitOwner();
610  if (!$rbacsystem->checkAccess('read', $timelimitOwner)) {
611  return $this->raiseError('Check access for time limit owner failed.', 'Server');
612  }
613  }
614  $role_type = ""; // local and global roles for user
615 
616  $query = sprintf(
617  "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
618  implode("','", $rbacreview->assignedRoles($user_id))
619  );
620 
621  $rbacresult = $ilDB->query($query);
622  while ($rbacrow = $rbacresult->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
623  if ($rbacrow["assign"] !== "y") {
624  continue;
625  }
626 
627  $type = "";
628 
629  if ((int) $rbacrow["parent"] === ROLE_FOLDER_ID) {
630  $type = "Global";
631  } else {
632  $type = "Local";
633  }
634  if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"], false)) {
635  /* @var $tmp_obj IlObjRole */
636  $roles[] = array(
637  "obj_id" => $rbacrow["rol_id"],
638  "title" => $tmp_obj->getTitle(),
639  "description" => $tmp_obj->getDescription(),
640  "role_type" => $type
641  );
642  }
643  }
644  } elseif ($id === -1) {
645  // get all roles of system role folder
646  if (!$rbacsystem->checkAccess('read', ROLE_FOLDER_ID)) {
647  return $this->raiseError('Check access failed.', 'Server');
648  }
649 
650  $roles = $rbacreview->getAssignableRoles(false, true);
651  } else {
652  // get local roles for a specific repository object
653  // needs permission to read permissions of this object
654  if (!$rbacsystem->checkAccess('edit_permission', $id)) {
655  return $this->raiseError('Check access for local roles failed.', 'Server');
656  }
657 
658  $role_type = "local";
659 
660  foreach ($rbacreview->getRolesOfRoleFolder($id, false) as $role_id) {
661  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
662  $roles[] = [
663  "obj_id" => $role_id,
664  "title" => $tmp_obj->getTitle(),
665  "description" => $tmp_obj->getDescription(),
666  "role_type" => $role_type
667  ];
668  }
669  }
670  }
671 
672  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
673 
674  $xml_writer = new ilSoapRoleObjectXMLWriter();
675  $xml_writer->setObjects($roles);
676  $xml_writer->setType($role_type);
677  if ($xml_writer->start()) {
678  return $xml_writer->getXML();
679  }
680  return '';
681  }
$type
$type
Definition: proxy_ylocal.php:10
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
$query
$query
Definition: proxy_ylocal.php:13
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilSoapRBACAdministration\parseUserID
parseUserID(int $id, string $role_type)
Definition: class.ilSoapRBACAdministration.php:759
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
$ilUser
$ilUser
Definition: imgupload.php:34
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilSoapRoleObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilSoapRoleObjectXMLWriter.php:15
+ Here is the call graph for this function:

◆ getUserRoles()

ilSoapRBACAdministration::getUserRoles ( string  $sid,
int  $user_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 328 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

329  {
330  $this->initAuth($sid);
331  $this->initIlias();
332 
333  if (!$this->checkSession($sid)) {
334  return $this->raiseError($this->getMessage(), $this->getMessageCode());
335  }
336 
337  global $DIC;
338 
339  $rbacreview = $DIC['rbacreview'];
340 
341  if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
342  return $this->raiseError(
343  'No valid user id given. Please choose an existing id of an ILIAS user',
344  'Client'
345  );
346  }
347 
348  $objs = [];
349  foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
350  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
351  $objs[] = $tmp_obj;
352  }
353  }
354  if (count($objs)) {
355  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
356 
357  $xml_writer = new ilObjectXMLWriter();
358  $xml_writer->setObjects($objs);
359  if ($xml_writer->start()) {
360  return $xml_writer->getXML();
361  }
362  }
363  return '';
364  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilObjectXMLWriter.php:16
+ Here is the call graph for this function:

◆ grantPermissions()

ilSoapRBACAdministration::grantPermissions ( string  $sid,
int  $ref_id,
int  $role_id,
array  $permissions 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 231 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

232  {
233  $this->initAuth($sid);
234  $this->initIlias();
235 
236  if (!$this->checkSession($sid)) {
237  return $this->raiseError($this->getMessage(), $this->getMessageCode());
238  }
239 
240  global $DIC;
241 
242  $rbacadmin = $DIC['rbacadmin'];
243  $ilAccess = $DIC['ilAccess'];
244 
245  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
246  return $this->raiseError(
247  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
248  'Client'
249  );
250  }
251  if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
252  return $this->raiseError(
253  'No valid role id given. Please choose an existing id of an ILIAS role',
254  'Client'
255  );
256  }
257 
258  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
259  return $this->raiseError('Check access failed. No permission to grant permissions', 'Server');
260  }
261 
262  // mjansen@databay.de: dirty fix
263  if (isset($permissions['item'])) {
264  $permissions = $permissions['item'];
265  }
266 
267  if (!is_array($permissions)) {
268  return $this->raiseError(
269  'No valid permissions given.' . print_r($permissions),
270  'Client'
271  );
272  }
273 
274  $rbacadmin->revokePermission($ref_id, $role_id);
275  $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
276  return true;
277  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ parseUserID()

ilSoapRBACAdministration::parseUserID ( int  $id,
string  $role_type 
)
private

Definition at line 759 of file class.ilSoapRBACAdministration.php.

References $id, ilUtil\__extractId(), ilObjUser\_lookupId(), IL_INST_ID, and ilSoapAdministration\raiseError().

Referenced by getRoles().

760  {
761  $user_id = 0;
762  if (strcasecmp($role_type, "user") === 0) {
763  // get user roles for user id, which can be numeric or ilias id
764  $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
765  if (!is_numeric($user_id)) {
766  return $this->raiseError('ID must be either numeric or ILIAS conform id for type \'user\'', 'Client');
767  }
768  } elseif (strcasecmp($role_type, "user_login") === 0) {
769  // check for login
770  $user_id = ilObjUser::_lookupId($id);
771  if (!$user_id) {
772  // could not find a valid user
773  return $this->raiseError('User with login \'' . $id . '\' does not exist!', 'Client');
774  }
775  }
776  return $user_id;
777  }
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1204
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ revokePermissions()

ilSoapRBACAdministration::revokePermissions ( string  $sid,
int  $ref_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 188 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and SYSTEM_ROLE_ID.

189  {
190  $this->initAuth($sid);
191  $this->initIlias();
192 
193  if (!$this->checkSession($sid)) {
194  return $this->raiseError($this->getMessage(), $this->getMessageCode());
195  }
196 
197  global $DIC;
198 
199  $rbacadmin = $DIC['rbacadmin'];
200  $ilAccess = $DIC['ilAccess'];
201 
202  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
203  return $this->raiseError(
204  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
205  'Client'
206  );
207  }
208  if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
209  return $this->raiseError(
210  'No valid role id given. Please choose an existing id of an ILIAS role',
211  'Client'
212  );
213  }
214  if ($role_id === SYSTEM_ROLE_ID) {
215  return $this->raiseError(
216  'Cannot revoke permissions of system role',
217  'Client'
218  );
219  }
220 
221  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
222  return $this->raiseError('Check access failed. No permission to revoke permissions', 'Server');
223  }
224  $rbacadmin->revokePermission($ref_id, $role_id);
225  return true;
226  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ searchRoles()

ilSoapRBACAdministration::searchRoles ( string  $sid,
string  $key,
string  $combination,
string  $role_type 
)

search for roles.

Parameters
string$role_typecan be empty which means "local & global", "local", "global", "user" = roles of user, "user_login" or "template"
Returns
soap_fault|SoapFault|null|string

Definition at line 688 of file class.ilSoapRBACAdministration.php.

References $DIC, $ilDB, $ilUser, $res, ilObjectSearchFactory\_getObjectSearchInstance(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilQueryParser\QP_COMBINATION_AND, ilQueryParser\QP_COMBINATION_OR, ilSoapAdministration\raiseError(), and ROOT_FOLDER_ID.

689  {
690  $this->initAuth($sid);
691  $this->initIlias();
692 
693  if (!$this->checkSession($sid)) {
694  return $this->raiseError($this->getMessage(), $this->getMessageCode());
695  }
696 
697  global $DIC;
698 
699  $rbacsystem = $DIC['rbacsystem'];
700  $rbacreview = $DIC['rbacreview'];
701  $ilUser = $DIC['ilUser'];
702  $ilDB = $DIC['ilDB'];
703 
704  if (strcasecmp($role_type, "") !== 0 &&
705  strcasecmp($role_type, "local") !== 0 &&
706  strcasecmp($role_type, "global") !== 0 &&
707  strcasecmp($role_type, "template") !== 0) {
708  return $this->raiseError(
709  'Called service with wrong role_type parameter \'' . $role_type . '\'',
710  'Client'
711  );
712  }
713 
714  if ($combination !== 'and' && $combination !== 'or') {
715  return $this->raiseError(
716  'No valid combination given. Must be "and" or "or".',
717  'Client'
718  );
719  }
720 
721  include_once './Services/Search/classes/class.ilQueryParser.php';
722 
723  $query_parser = new ilQueryParser($key);
724  $query_parser->setMinWordLength(3);
725  $query_parser->setCombination($combination === 'and' ? ilQueryParser::QP_COMBINATION_AND : ilQueryParser::QP_COMBINATION_OR);
726  $query_parser->parse();
727  if (!$query_parser->validate()) {
728  return $this->raiseError($query_parser->getMessage(), 'Client');
729  }
730 
731  include_once './Services/Search/classes/class.ilObjectSearchFactory.php';
732 
733  $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
734  $object_search->setFilter(array("role", "rolt"));
735 
736  $res = $object_search->performSearch();
737  $res->filter(ROOT_FOLDER_ID, $combination === 'and');
738 
739  $obj_ids = array();
740  foreach ($res->getUniqueResults() as $entry) {
741  $obj_ids [] = $entry['obj_id'];
742  }
743 
744  $roles = array();
745  if (count($obj_ids) > 0) {
746  $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type === "template");
747  }
748 
749  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
750  $xml_writer = new ilSoapRoleObjectXMLWriter();
751  $xml_writer->setObjects($roles);
752  $xml_writer->setType($role_type);
753  if ($xml_writer->start()) {
754  return $xml_writer->getXML();
755  }
756  return '';
757  }
$res
$res
Definition: ltiservices.php:69
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
ilObjectSearchFactory\_getObjectSearchInstance
static _getObjectSearchInstance(ilQueryParser $query_parser)
Definition: class.ilObjectSearchFactory.php:38
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
$ilUser
$ilUser
Definition: imgupload.php:34
ilSoapRoleObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilSoapRoleObjectXMLWriter.php:15
+ Here is the call graph for this function:
The documentation for this class was generated from the following file: