ILIAS  release_8 Revision v8.24
Public Member Functions | Private Member Functions
ilSoapRBACAdministration Class Reference

Soap rbac administration methods. More...

+ Inheritance diagram for ilSoapRBACAdministration:
+ Collaboration diagram for ilSoapRBACAdministration:

Public Member Functions

 deleteRole (string $sid, int $role_id)
 
 addUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 deleteUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 getOperations (string $sid)
 
 revokePermissions (string $sid, int $ref_id, int $role_id)
 
 grantPermissions (string $sid, int $ref_id, int $role_id, array $permissions)
 
 getLocalRoles (string $sid, int $ref_id)
 
 getUserRoles (string $sid, int $user_id)
 
 addRole (string $sid, int $target_id, string $role_xml)
 
 addRoleFromTemplate (string $sid, int $target_id, string $role_xml, int $template_id)
 
 getObjectTreeOperations (string $sid, int $ref_id, int $user_id)
 
 getRoles (string $sid, string $role_type, int $id)
 
 searchRoles (string $sid, string $key, string $combination, string $role_type)
 search for roles. More...
 
- Public Member Functions inherited from ilSoapAdministration
 __construct (bool $use_nusoap=true)
 
 getMessage ()
 
 appendMessage (string $a_str)
 
 setMessageCode (string $a_code)
 
 getMessageCode ()
 
 reInitUser ()
 
 isFault ($object)
 
 getInstallationInfoXML ()
 
 getClientInfoXML (string $clientid)
 

Private Member Functions

 parseUserID (int $id, string $role_type)
 

Additional Inherited Members

- Data Fields inherited from ilSoapAdministration
const NUSOAP = 1
 
const PHP5 = 2
 
int $error_method
 Defines type of error handling (PHP5 || NUSOAP) More...
 
- Protected Member Functions inherited from ilSoapAdministration
 checkSession (string $sid)
 
 explodeSid (string $sid)
 
 setMessage (string $a_str)
 
 initAuth (string $sid)
 
 initIlias ()
 
 initAuthenticationObject ()
 
 raiseError (string $a_message, $a_code)
 
 checkObjectAccess (int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
 check access for ref id: expected type, permission, return object instance if returnobject is true More...
 
- Protected Attributes inherited from ilSoapAdministration
bool $soap_check = true
 
string $message = ''
 
string $message_code = ''
 

Detailed Description

Soap rbac administration methods.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 30 of file class.ilSoapRBACAdministration.php.

Member Function Documentation

◆ addRole()

ilSoapRBACAdministration::addRole ( string  $sid,
int  $target_id,
string  $role_xml 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 369 of file class.ilSoapRBACAdministration.php.

370 {
371 $this->initAuth($sid);
372 $this->initIlias();
373
374 if (!$this->checkSession($sid)) {
375 return $this->raiseError($this->getMessage(), $this->getMessageCode());
376 }
377
378 global $DIC;
379
380 $rbacreview = $DIC['rbacreview'];
381 $objDefinition = $DIC['objDefinition'];
382 $rbacsystem = $DIC['rbacsystem'];
383 $ilAccess = $DIC['ilAccess'];
384
385 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
386 return $this->raiseError(
387 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
388 'Client'
389 );
390 }
391
392 if (ilObject::_isInTrash($target_id)) {
393 return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
394 }
395
396 if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
397 return $this->raiseError('Check access failed. No permission to create roles', 'Server');
398 }
399
400 include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
401 $xml_parser = new ilObjectXMLParser($role_xml);
402 $xml_parser->startParsing();
403
404 $new_roles = [];
405 foreach ($xml_parser->getObjectData() as $object_data) {
406 // check if role title has il_ prefix
407 if (strpos($object_data['title'], "il_") === 0) {
408 return $this->raiseError(
409 'Rolenames are not allowed to start with "il_" ',
410 'Client'
411 );
412 }
413
414 include_once './Services/AccessControl/classes/class.ilObjRole.php';
415 $role = new ilObjRole();
416 $role->setTitle($object_data['title']);
417 $role->setDescription($object_data['description']);
418 $role->setImportId($object_data['import_id']);
419 $role->create();
420
421 $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
422 $new_roles[] = $role->getId();
423 }
424 return $new_roles;
425 }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:27
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1102
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
$DIC
global $DIC
Definition: feed.php:28
$target_id
$target_id
Definition: goto.php:52

References $DIC, $GLOBALS, $target_id, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ addRoleFromTemplate()

ilSoapRBACAdministration::addRoleFromTemplate ( string  $sid,
int  $target_id,
string  $role_xml,
int  $template_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 430 of file class.ilSoapRBACAdministration.php.

431 {
432 $this->initAuth($sid);
433 $this->initIlias();
434
435 if (!$this->checkSession($sid)) {
436 return $this->raiseError($this->getMessage(), $this->getMessageCode());
437 }
438
439 global $DIC;
440
441 $rbacreview = $DIC['rbacreview'];
442 $objDefinition = $DIC['objDefinition'];
443 $rbacsystem = $DIC['rbacsystem'];
444 $rbacadmin = $DIC['rbacadmin'];
445 $ilAccess = $DIC['ilAccess'];
446
447 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
448 return $this->raiseError(
449 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
450 'Client'
451 );
452 }
453 if (ilObject::_lookupType($template_id) !== 'rolt') {
454 return $this->raiseError(
455 'No valid template id given. Please choose an existing object id of an ILIAS role template',
456 'Client'
457 );
458 }
459
460 if (ilObject::_isInTrash($target_id)) {
461 return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
462 }
463
464 if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
465 return $this->raiseError('Check access failed. No permission to create roles', 'Server');
466 }
467
468 include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
469 $xml_parser = new ilObjectXMLParser($role_xml);
470 $xml_parser->startParsing();
471
472 $new_roles = [];
473 foreach ($xml_parser->getObjectData() as $object_data) {
474
475 // check if role title has il_ prefix
476 if (strpos($object_data['title'], "il_") === 0) {
477 return $this->raiseError(
478 'Rolenames are not allowed to start with "il_" ',
479 'Client'
480 );
481 }
482
483 include_once './Services/AccessControl/classes/class.ilObjRole.php';
484 $role = new ilObjRole();
485 $role->setTitle($object_data['title']);
486 $role->setDescription($object_data['description']);
487 $role->setImportId($object_data['import_id']);
488 $role->create();
489
490 $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
491
492 // Copy permssions
493 $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
494
495 // Set object permissions according to role template
496 $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
497 $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
498 $new_roles[] = $role->getId();
499 }
500 return $new_roles;
501 }
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34

References $DIC, $GLOBALS, $target_id, ilObject\_isInTrash(), ilObject\_lookupType(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

+ Here is the call graph for this function:

◆ addUserRoleEntry()

ilSoapRBACAdministration::addUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 83 of file class.ilSoapRBACAdministration.php.

84 {
85 $this->initAuth($sid);
86 $this->initIlias();
87
88 if (!$this->checkSession($sid)) {
89 return $this->raiseError($this->getMessage(), $this->getMessageCode());
90 }
91
92 global $DIC;
93
94 $rbacadmin = $DIC['rbacadmin'];
95 $rbacreview = $DIC['rbacreview'];
96 $ilAccess = $DIC['ilAccess'];
97
98 $tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false);
99 if (!$tmp_user instanceof ilObjUser) {
100 return $this->raiseError(
101 'No valid user id given. Please choose an existing id of an ILIAS user',
102 'Client'
103 );
104 }
105 $tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false);
106 if (!$tmp_role instanceof ilObjRole) {
107 return $this->raiseError(
108 'No valid role id given. Please choose an existing id of an ILIAS role',
109 'Client'
110 );
111 }
112
113 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
114 if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
115 return $this->raiseError('Check access failed. No permission to assign users', 'Server');
116 }
117
118 $rbacadmin->assignUser($role_id, $user_id);
119 return true;
120 }
ilObjUser
User class.
Definition: class.ilObjUser.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ deleteRole()

ilSoapRBACAdministration::deleteRole ( string  $sid,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 35 of file class.ilSoapRBACAdministration.php.

36 {
37 $this->initAuth($sid);
38 $this->initIlias();
39
40 if (!$this->checkSession($sid)) {
41 return $this->raiseError($this->getMessage(), $this->getMessageCode());
42 }
43
44 global $DIC;
45
46 $rbacreview = $DIC['rbacreview'];
47 $rbacsystem = $DIC['rbacsystem'];
48 $ilAccess = $DIC['ilAccess'];
49
50 if (!($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) || $tmp_role->getType() !== 'role') {
51 return $this->raiseError(
52 'No valid role id given. Please choose an existing id of an ILIAS role',
53 'Client'
54 );
55 }
56
57 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
58 if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
59 return $this->raiseError('Check access failed. No permission to delete role', 'Server');
60 }
61
62 // if it's last role of an user
63 foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
64 if (count($rbacreview->assignedRoles($user_id)) === 1) {
65 return $this->raiseError(
66 'Cannot deassign last role of users',
67 'Client'
68 );
69 }
70 }
71
72 // set parent id (role folder id) of role
73 $rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, true);
74 $rolf_id = end($rolf_ids);
75 $tmp_role->setParent((int) $rolf_id);
76 $tmp_role->delete();
77 return true;
78 }

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ deleteUserRoleEntry()

ilSoapRBACAdministration::deleteUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 125 of file class.ilSoapRBACAdministration.php.

126 {
127 $this->initAuth($sid);
128 $this->initIlias();
129
130 if (!$this->checkSession($sid)) {
131 return $this->raiseError($this->getMessage(), $this->getMessageCode());
132 }
133
134 global $DIC;
135
136 $rbacadmin = $DIC['rbacadmin'];
137 $ilAccess = $DIC['ilAccess'];
138 $rbacreview = $DIC['rbacreview'];
139
140 if ($tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false) and $tmp_user->getType() !== 'usr') {
141 return $this->raiseError(
142 'No valid user id given. Please choose an existing id of an ILIAS user',
143 'Client'
144 );
145 }
146 if ($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() !== 'role') {
147 return $this->raiseError(
148 'No valid role id given. Please choose an existing id of an ILIAS role',
149 'Client'
150 );
151 }
152
153 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
154 if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
155 return $this->raiseError('Check access failed. No permission to deassign users', 'Server');
156 }
157
158 $rbacadmin->deassignUser($role_id, $user_id);
159 return true;
160 }

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getLocalRoles()

ilSoapRBACAdministration::getLocalRoles ( string  $sid,
int  $ref_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 282 of file class.ilSoapRBACAdministration.php.

283 {
284 $this->initAuth($sid);
285 $this->initIlias();
286
287 if (!$this->checkSession($sid)) {
288 return $this->raiseError($this->getMessage(), $this->getMessageCode());
289 }
290
291 global $DIC;
292
293 $rbacreview = $DIC['rbacreview'];
294 $ilAccess = $DIC['ilAccess'];
295
296 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
297 return $this->raiseError(
298 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
299 'Client'
300 );
301 }
302
303 if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
304 return $this->raiseError('Check access failed. No permission to access role information', 'Server');
305 }
306
307 $objs = [];
308 foreach ($rbacreview->getRolesOfRoleFolder($ref_id, false) as $role_id) {
309 if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
310 $objs[] = $tmp_obj;
311 }
312 }
313 if (count($objs)) {
314 include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
315
316 $xml_writer = new ilObjectXMLWriter();
317 $xml_writer->setObjects($objs);
318 if ($xml_writer->start()) {
319 return $xml_writer->getXML();
320 }
321 }
322 return '';
323 }
ilObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilObjectXMLWriter.php:17
$ref_id
$ref_id
Definition: ltiauth.php:67

References $DIC, $ref_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getObjectTreeOperations()

ilSoapRBACAdministration::getObjectTreeOperations ( string  $sid,
int  $ref_id,
int  $user_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 506 of file class.ilSoapRBACAdministration.php.

507 {
508 $this->initAuth($sid);
509 $this->initIlias();
510
511 if (!$this->checkSession($sid)) {
512 return $this->raiseError($this->getMessage(), $this->getMessageCode());
513 }
514
515 global $DIC;
516
517 $rbacsystem = $DIC['rbacsystem'];
518 $rbacreview = $DIC['rbacreview'];
519 $ilAccess = $DIC['ilAccess'];
520
521 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
522 return $this->raiseError(
523 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
524 'Client'
525 );
526 }
527
528 if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
529 return $this->raiseError(
530 'No valid user id given.',
531 'Client'
532 );
533 }
534
535 if (ilObject::_isInTrash($ref_id)) {
536 return $this->raiseError("Parent with ID " . $ref_id . "has been deleted.", 'CLIENT_TARGET_DELETED');
537 }
538
539 // check visible for all upper tree entries
540 if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'visible', '', $tmp_obj->getRefId())) {
541 return array();
542 }
543 $op_data = $rbacreview->getOperation(2);
544 $ops_data[] = $op_data;
545
546 if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'read', '', $tmp_obj->getRefId())) {
547 return $ops_data;
548 }
549
550 $ops_data = array();
551 $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
552 foreach ($ops as $ops_id) {
553 $op_data = $rbacreview->getOperation($ops_id);
554
555 if ($rbacsystem->checkAccessOfUser($user_id, $op_data['operation'], $tmp_obj->getRefId())) {
556 $ops_data[$ops_id] = $op_data;
557 }
558 }
559
560 $ret_data = [];
561 foreach ($ops_data as $data) {
562 $ret_data[] = $data;
563 }
564 return $ret_data;
565 }

References $data, $DIC, $ref_id, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getOperations()

ilSoapRBACAdministration::getOperations ( string  $sid)
Returns
soap_fault|SoapFault|null|array

Definition at line 165 of file class.ilSoapRBACAdministration.php.

166 {
167 $this->initAuth($sid);
168 $this->initIlias();
169
170 if (!$this->checkSession($sid)) {
171 return $this->raiseError($this->getMessage(), $this->getMessageCode());
172 }
173
174 global $DIC;
175
176 $rbacreview = $DIC['rbacreview'];
177
178 if (is_array($ops = $rbacreview->getOperations())) {
179 return $ops;
180 }
181
182 return $this->raiseError('Unknown error', 'Server');
183 }

References $DIC, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getRoles()

ilSoapRBACAdministration::getRoles ( string  $sid,
string  $role_type,
int  $id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 570 of file class.ilSoapRBACAdministration.php.

571 {
572 $this->initAuth($sid);
573 $this->initIlias();
574
575 if (!$this->checkSession($sid)) {
576 return $this->raiseError($this->getMessage(), $this->getMessageCode());
577 }
578
579 global $DIC;
580
581 $rbacsystem = $DIC['rbacsystem'];
582 $rbacreview = $DIC['rbacreview'];
583 $ilUser = $DIC['ilUser'];
584 $ilDB = $DIC['ilDB'];
585
586 if (strcasecmp($role_type, "") !== 0 &&
587 strcasecmp($role_type, "local") !== 0 &&
588 strcasecmp($role_type, "global") !== 0 &&
589 strcasecmp($role_type, "user") !== 0 &&
590 strcasecmp($role_type, "user_login") !== 0 &&
591 strcasecmp($role_type, "template") !== 0) {
592 return $this->raiseError(
593 'Called service with wrong role_type parameter \'' . $role_type . '\'',
594 'Client'
595 );
596 }
597
598 $roles = array();
599
600 if (strcasecmp($role_type, "template") === 0) {
601 // get templates
602 $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
603 } elseif (strcasecmp($role_type, "user") === 0 || strcasecmp($role_type, "user_login") === 0) {
604 // handle user roles
605 $user_id = $this->parseUserID($id, $role_type);
606 if ((int) $user_id !== $ilUser->getId()) {
607 // check access for user folder
608 $tmpUser = new ilObjUser($user_id);
609 $timelimitOwner = $tmpUser->getTimeLimitOwner();
610 if (!$rbacsystem->checkAccess('read', $timelimitOwner)) {
611 return $this->raiseError('Check access for time limit owner failed.', 'Server');
612 }
613 }
614 $role_type = ""; // local and global roles for user
615
616 $query = sprintf(
617 "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
618 implode("','", $rbacreview->assignedRoles($user_id))
619 );
620
621 $rbacresult = $ilDB->query($query);
622 while ($rbacrow = $rbacresult->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
623 if ($rbacrow["assign"] !== "y") {
624 continue;
625 }
626
627 $type = "";
628
629 if ((int) $rbacrow["parent"] === ROLE_FOLDER_ID) {
630 $type = "Global";
631 } else {
632 $type = "Local";
633 }
634 if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"], false)) {
635 /* @var $tmp_obj IlObjRole */
636 $roles[] = array(
637 "obj_id" => $rbacrow["rol_id"],
638 "title" => $tmp_obj->getTitle(),
639 "description" => $tmp_obj->getDescription(),
640 "role_type" => $type
641 );
642 }
643 }
644 } elseif ($id === -1) {
645 // get all roles of system role folder
646 if (!$rbacsystem->checkAccess('read', ROLE_FOLDER_ID)) {
647 return $this->raiseError('Check access failed.', 'Server');
648 }
649
650 $roles = $rbacreview->getAssignableRoles(false, true);
651 } else {
652 // get local roles for a specific repository object
653 // needs permission to read permissions of this object
654 if (!$rbacsystem->checkAccess('edit_permission', $id)) {
655 return $this->raiseError('Check access for local roles failed.', 'Server');
656 }
657
658 $role_type = "local";
659
660 foreach ($rbacreview->getRolesOfRoleFolder($id, false) as $role_id) {
661 if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
662 $roles[] = [
663 "obj_id" => $role_id,
664 "title" => $tmp_obj->getTitle(),
665 "description" => $tmp_obj->getDescription(),
666 "role_type" => $role_type
667 ];
668 }
669 }
670 }
671
672 include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
673
674 $xml_writer = new ilSoapRoleObjectXMLWriter();
675 $xml_writer->setObjects($roles);
676 $xml_writer->setType($role_type);
677 if ($xml_writer->start()) {
678 return $xml_writer->getXML();
679 }
680 return '';
681 }
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilSoapRBACAdministration\parseUserID
parseUserID(int $id, string $role_type)
Definition: class.ilSoapRBACAdministration.php:759
ilSoapRoleObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilSoapRoleObjectXMLWriter.php:16
$ilUser
$ilUser
Definition: imgupload.php:34
$query
$query
Definition: proxy_ylocal.php:13
$type
$type
Definition: proxy_ylocal.php:10

References $DIC, $id, $ilDB, $ilUser, $query, $type, ilSoapAdministration\checkSession(), ilDBConstants\FETCHMODE_ASSOC, ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), parseUserID(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

+ Here is the call graph for this function:

◆ getUserRoles()

ilSoapRBACAdministration::getUserRoles ( string  $sid,
int  $user_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 328 of file class.ilSoapRBACAdministration.php.

329 {
330 $this->initAuth($sid);
331 $this->initIlias();
332
333 if (!$this->checkSession($sid)) {
334 return $this->raiseError($this->getMessage(), $this->getMessageCode());
335 }
336
337 global $DIC;
338
339 $rbacreview = $DIC['rbacreview'];
340
341 if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
342 return $this->raiseError(
343 'No valid user id given. Please choose an existing id of an ILIAS user',
344 'Client'
345 );
346 }
347
348 $objs = [];
349 foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
350 if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
351 $objs[] = $tmp_obj;
352 }
353 }
354 if (count($objs)) {
355 include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
356
357 $xml_writer = new ilObjectXMLWriter();
358 $xml_writer->setObjects($objs);
359 if ($xml_writer->start()) {
360 return $xml_writer->getXML();
361 }
362 }
363 return '';
364 }

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ grantPermissions()

ilSoapRBACAdministration::grantPermissions ( string  $sid,
int  $ref_id,
int  $role_id,
array  $permissions 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 231 of file class.ilSoapRBACAdministration.php.

232 {
233 $this->initAuth($sid);
234 $this->initIlias();
235
236 if (!$this->checkSession($sid)) {
237 return $this->raiseError($this->getMessage(), $this->getMessageCode());
238 }
239
240 global $DIC;
241
242 $rbacadmin = $DIC['rbacadmin'];
243 $ilAccess = $DIC['ilAccess'];
244
245 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
246 return $this->raiseError(
247 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
248 'Client'
249 );
250 }
251 if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
252 return $this->raiseError(
253 'No valid role id given. Please choose an existing id of an ILIAS role',
254 'Client'
255 );
256 }
257
258 if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
259 return $this->raiseError('Check access failed. No permission to grant permissions', 'Server');
260 }
261
262 // mjansen@databay.de: dirty fix
263 if (isset($permissions['item'])) {
264 $permissions = $permissions['item'];
265 }
266
267 if (!is_array($permissions)) {
268 return $this->raiseError(
269 'No valid permissions given.' . print_r($permissions),
270 'Client'
271 );
272 }
273
274 $rbacadmin->revokePermission($ref_id, $role_id);
275 $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
276 return true;
277 }

References $DIC, $ref_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ parseUserID()

ilSoapRBACAdministration::parseUserID ( int  $id,
string  $role_type 
)
private

Definition at line 759 of file class.ilSoapRBACAdministration.php.

760 {
761 $user_id = 0;
762 if (strcasecmp($role_type, "user") === 0) {
763 // get user roles for user id, which can be numeric or ilias id
764 $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
765 if (!is_numeric($user_id)) {
766 return $this->raiseError('ID must be either numeric or ILIAS conform id for type \'user\'', 'Client');
767 }
768 } elseif (strcasecmp($role_type, "user_login") === 0) {
769 // check for login
770 $user_id = ilObjUser::_lookupId($id);
771 if (!$user_id) {
772 // could not find a valid user
773 return $this->raiseError('User with login \'' . $id . '\' does not exist!', 'Client');
774 }
775 }
776 return $user_id;
777 }
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1204
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40

References $id, ilUtil\__extractId(), ilObjUser\_lookupId(), IL_INST_ID, and ilSoapAdministration\raiseError().

Referenced by getRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ revokePermissions()

ilSoapRBACAdministration::revokePermissions ( string  $sid,
int  $ref_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 188 of file class.ilSoapRBACAdministration.php.

189 {
190 $this->initAuth($sid);
191 $this->initIlias();
192
193 if (!$this->checkSession($sid)) {
194 return $this->raiseError($this->getMessage(), $this->getMessageCode());
195 }
196
197 global $DIC;
198
199 $rbacadmin = $DIC['rbacadmin'];
200 $ilAccess = $DIC['ilAccess'];
201
202 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
203 return $this->raiseError(
204 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
205 'Client'
206 );
207 }
208 if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
209 return $this->raiseError(
210 'No valid role id given. Please choose an existing id of an ILIAS role',
211 'Client'
212 );
213 }
214 if ($role_id === SYSTEM_ROLE_ID) {
215 return $this->raiseError(
216 'Cannot revoke permissions of system role',
217 'Client'
218 );
219 }
220
221 if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
222 return $this->raiseError('Check access failed. No permission to revoke permissions', 'Server');
223 }
224 $rbacadmin->revokePermission($ref_id, $role_id);
225 return true;
226 }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29

References $DIC, $ref_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and SYSTEM_ROLE_ID.

+ Here is the call graph for this function:

◆ searchRoles()

ilSoapRBACAdministration::searchRoles ( string  $sid,
string  $key,
string  $combination,
string  $role_type 
)

search for roles.

Parameters
string$role_typecan be empty which means "local & global", "local", "global", "user" = roles of user, "user_login" or "template"
Returns
soap_fault|SoapFault|null|string

Definition at line 688 of file class.ilSoapRBACAdministration.php.

689 {
690 $this->initAuth($sid);
691 $this->initIlias();
692
693 if (!$this->checkSession($sid)) {
694 return $this->raiseError($this->getMessage(), $this->getMessageCode());
695 }
696
697 global $DIC;
698
699 $rbacsystem = $DIC['rbacsystem'];
700 $rbacreview = $DIC['rbacreview'];
701 $ilUser = $DIC['ilUser'];
702 $ilDB = $DIC['ilDB'];
703
704 if (strcasecmp($role_type, "") !== 0 &&
705 strcasecmp($role_type, "local") !== 0 &&
706 strcasecmp($role_type, "global") !== 0 &&
707 strcasecmp($role_type, "template") !== 0) {
708 return $this->raiseError(
709 'Called service with wrong role_type parameter \'' . $role_type . '\'',
710 'Client'
711 );
712 }
713
714 if ($combination !== 'and' && $combination !== 'or') {
715 return $this->raiseError(
716 'No valid combination given. Must be "and" or "or".',
717 'Client'
718 );
719 }
720
721 include_once './Services/Search/classes/class.ilQueryParser.php';
722
723 $query_parser = new ilQueryParser($key);
724 $query_parser->setMinWordLength(3);
725 $query_parser->setCombination($combination === 'and' ? ilQueryParser::QP_COMBINATION_AND : ilQueryParser::QP_COMBINATION_OR);
726 $query_parser->parse();
727 if (!$query_parser->validate()) {
728 return $this->raiseError($query_parser->getMessage(), 'Client');
729 }
730
731 include_once './Services/Search/classes/class.ilObjectSearchFactory.php';
732
733 $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
734 $object_search->setFilter(array("role", "rolt"));
735
736 $res = $object_search->performSearch();
737 $res->filter(ROOT_FOLDER_ID, $combination === 'and');
738
739 $obj_ids = array();
740 foreach ($res->getUniqueResults() as $entry) {
741 $obj_ids [] = $entry['obj_id'];
742 }
743
744 $roles = array();
745 if (count($obj_ids) > 0) {
746 $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type === "template");
747 }
748
749 include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
750 $xml_writer = new ilSoapRoleObjectXMLWriter();
751 $xml_writer->setObjects($roles);
752 $xml_writer->setType($role_type);
753 if ($xml_writer->start()) {
754 return $xml_writer->getXML();
755 }
756 return '';
757 }
ilObjectSearchFactory\_getObjectSearchInstance
static _getObjectSearchInstance(ilQueryParser $query_parser)
Definition: class.ilObjectSearchFactory.php:38
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
$res
$res
Definition: ltiservices.php:69
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193

References $DIC, $ilDB, $ilUser, ILIAS\LTI\ToolProvider\$key, $res, ilObjectSearchFactory\_getObjectSearchInstance(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilQueryParser\QP_COMBINATION_AND, ilQueryParser\QP_COMBINATION_OR, ilSoapAdministration\raiseError(), and ROOT_FOLDER_ID.

+ Here is the call graph for this function:
The documentation for this class was generated from the following file: