ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
Public Member Functions | Private Member Functions
ilSoapRBACAdministration Class Reference

Soap rbac administration methods. More...

+ Inheritance diagram for ilSoapRBACAdministration:
+ Collaboration diagram for ilSoapRBACAdministration:

Public Member Functions

 deleteRole (string $sid, int $role_id)
 
 addUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 deleteUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 getOperations (string $sid)
 
 revokePermissions (string $sid, int $ref_id, int $role_id)
 
 grantPermissions (string $sid, int $ref_id, int $role_id, array $permissions)
 
 getLocalRoles (string $sid, int $ref_id)
 
 getUserRoles (string $sid, int $user_id)
 
 addRole (string $sid, int $target_id, string $role_xml)
 
 addRoleFromTemplate (string $sid, int $target_id, string $role_xml, int $template_id)
 
 getObjectTreeOperations (string $sid, int $ref_id, int $user_id)
 
 getRoles (string $sid, string $role_type, int $id)
 
 searchRoles (string $sid, string $key, string $combination, string $role_type)
 search for roles. More...
 
- Public Member Functions inherited from ilSoapAdministration
 __construct (bool $use_nusoap=true)
 
 getMessage ()
 
 appendMessage (string $a_str)
 
 setMessageCode (string $a_code)
 
 getMessageCode ()
 
 reInitUser ()
 
 isFault ($object)
 
 getInstallationInfoXML ()
 
 getClientInfoXML (string $clientid)
 

Private Member Functions

 parseUserID (int $id, string $role_type)
 

Additional Inherited Members

- Data Fields inherited from ilSoapAdministration
const NUSOAP = 1
 
const PHP5 = 2
 
int $error_method
 Defines type of error handling (PHP5 || NUSOAP) More...
 
- Protected Member Functions inherited from ilSoapAdministration
 checkSession (string $sid)
 
 explodeSid (string $sid)
 
 setMessage (string $a_str)
 
 initAuth (string $sid)
 
 initIlias ()
 
 initAuthenticationObject ()
 
 raiseError (string $a_message, $a_code)
 
 checkObjectAccess (int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
 check access for ref id: expected type, permission, return object instance if returnobject is true More...
 
- Protected Attributes inherited from ilSoapAdministration
bool $soap_check = true
 
string $message = ''
 
string $message_code = ''
 

Detailed Description

Soap rbac administration methods.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 30 of file class.ilSoapRBACAdministration.php.

Member Function Documentation

◆ addRole()

ilSoapRBACAdministration::addRole ( string  $sid,
int  $target_id,
string  $role_xml 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 369 of file class.ilSoapRBACAdministration.php.

References $DIC, $GLOBALS, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

370  {
371  $this->initAuth($sid);
372  $this->initIlias();
373 
374  if (!$this->checkSession($sid)) {
375  return $this->raiseError($this->getMessage(), $this->getMessageCode());
376  }
377 
378  global $DIC;
379 
380  $rbacreview = $DIC['rbacreview'];
381  $objDefinition = $DIC['objDefinition'];
382  $rbacsystem = $DIC['rbacsystem'];
383  $ilAccess = $DIC['ilAccess'];
384 
385  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
386  return $this->raiseError(
387  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
388  'Client'
389  );
390  }
391 
392  if (ilObject::_isInTrash($target_id)) {
393  return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
394  }
395 
396  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
397  return $this->raiseError('Check access failed. No permission to create roles', 'Server');
398  }
399 
400  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
401  $xml_parser = new ilObjectXMLParser($role_xml);
402  $xml_parser->startParsing();
403 
404  $new_roles = [];
405  foreach ($xml_parser->getObjectData() as $object_data) {
406  // check if role title has il_ prefix
407  if (strpos($object_data['title'], "il_") === 0) {
408  return $this->raiseError(
409  'Rolenames are not allowed to start with "il_" ',
410  'Client'
411  );
412  }
413 
414  include_once './Services/AccessControl/classes/class.ilObjRole.php';
415  $role = new ilObjRole();
416  $role->setTitle($object_data['title']);
417  $role->setDescription($object_data['description']);
418  $role->setImportId($object_data['import_id']);
419  $role->create();
420 
421  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
422  $new_roles[] = $role->getId();
423  }
424  return $new_roles;
425  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:31
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1099
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectXMLParser
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLParser.php:20
+ Here is the call graph for this function:

◆ addRoleFromTemplate()

ilSoapRBACAdministration::addRoleFromTemplate ( string  $sid,
int  $target_id,
string  $role_xml,
int  $template_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 430 of file class.ilSoapRBACAdministration.php.

References $DIC, $GLOBALS, ilObject\_isInTrash(), ilObject\_lookupType(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

431  {
432  $this->initAuth($sid);
433  $this->initIlias();
434 
435  if (!$this->checkSession($sid)) {
436  return $this->raiseError($this->getMessage(), $this->getMessageCode());
437  }
438 
439  global $DIC;
440 
441  $rbacreview = $DIC['rbacreview'];
442  $objDefinition = $DIC['objDefinition'];
443  $rbacsystem = $DIC['rbacsystem'];
444  $rbacadmin = $DIC['rbacadmin'];
445  $ilAccess = $DIC['ilAccess'];
446 
447  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
448  return $this->raiseError(
449  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
450  'Client'
451  );
452  }
453  if (ilObject::_lookupType($template_id) !== 'rolt') {
454  return $this->raiseError(
455  'No valid template id given. Please choose an existing object id of an ILIAS role template',
456  'Client'
457  );
458  }
459 
460  if (ilObject::_isInTrash($target_id)) {
461  return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
462  }
463 
464  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
465  return $this->raiseError('Check access failed. No permission to create roles', 'Server');
466  }
467 
468  include_once 'webservice/soap/classes/class.ilObjectXMLParser.php';
469  $xml_parser = new ilObjectXMLParser($role_xml);
470  $xml_parser->startParsing();
471 
472  $new_roles = [];
473  foreach ($xml_parser->getObjectData() as $object_data) {
474  // check if role title has il_ prefix
475  if (strpos($object_data['title'], "il_") === 0) {
476  return $this->raiseError(
477  'Rolenames are not allowed to start with "il_" ',
478  'Client'
479  );
480  }
481 
482  include_once './Services/AccessControl/classes/class.ilObjRole.php';
483  $role = new ilObjRole();
484  $role->setTitle($object_data['title']);
485  $role->setDescription($object_data['description']);
486  $role->setImportId($object_data['import_id']);
487  $role->create();
488 
489  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
490 
491  // Copy permssions
492  $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
493 
494  // Set object permissions according to role template
495  $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
496  $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
497  $new_roles[] = $role->getId();
498  }
499  return $new_roles;
500  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:31
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1099
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObjectXMLParser
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLParser.php:20
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1088
+ Here is the call graph for this function:

◆ addUserRoleEntry()

ilSoapRBACAdministration::addUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 83 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

84  {
85  $this->initAuth($sid);
86  $this->initIlias();
87 
88  if (!$this->checkSession($sid)) {
89  return $this->raiseError($this->getMessage(), $this->getMessageCode());
90  }
91 
92  global $DIC;
93 
94  $rbacadmin = $DIC['rbacadmin'];
95  $rbacreview = $DIC['rbacreview'];
96  $ilAccess = $DIC['ilAccess'];
97 
98  $tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false);
99  if (!$tmp_user instanceof ilObjUser) {
100  return $this->raiseError(
101  'No valid user id given. Please choose an existing id of an ILIAS user',
102  'Client'
103  );
104  }
105  $tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false);
106  if (!$tmp_role instanceof ilObjRole) {
107  return $this->raiseError(
108  'No valid role id given. Please choose an existing id of an ILIAS role',
109  'Client'
110  );
111  }
112 
113  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
114  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
115  return $this->raiseError('Check access failed. No permission to assign users', 'Server');
116  }
117 
118  $rbacadmin->assignUser($role_id, $user_id);
119  return true;
120  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ deleteRole()

ilSoapRBACAdministration::deleteRole ( string  $sid,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 35 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

36  {
37  $this->initAuth($sid);
38  $this->initIlias();
39 
40  if (!$this->checkSession($sid)) {
41  return $this->raiseError($this->getMessage(), $this->getMessageCode());
42  }
43 
44  global $DIC;
45 
46  $rbacreview = $DIC['rbacreview'];
47  $rbacsystem = $DIC['rbacsystem'];
48  $ilAccess = $DIC['ilAccess'];
49 
50  if (!($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) || $tmp_role->getType() !== 'role') {
51  return $this->raiseError(
52  'No valid role id given. Please choose an existing id of an ILIAS role',
53  'Client'
54  );
55  }
56 
57  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
58  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
59  return $this->raiseError('Check access failed. No permission to delete role', 'Server');
60  }
61 
62  // if it's last role of an user
63  foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
64  if (count($rbacreview->assignedRoles($user_id)) === 1) {
65  return $this->raiseError(
66  'Cannot deassign last role of users',
67  'Client'
68  );
69  }
70  }
71 
72  // set parent id (role folder id) of role
73  $rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, true);
74  $rolf_id = end($rolf_ids);
75  $tmp_role->setParent((int) $rolf_id);
76  $tmp_role->delete();
77  return true;
78  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ deleteUserRoleEntry()

ilSoapRBACAdministration::deleteUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 125 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

126  {
127  $this->initAuth($sid);
128  $this->initIlias();
129 
130  if (!$this->checkSession($sid)) {
131  return $this->raiseError($this->getMessage(), $this->getMessageCode());
132  }
133 
134  global $DIC;
135 
136  $rbacadmin = $DIC['rbacadmin'];
137  $ilAccess = $DIC['ilAccess'];
138  $rbacreview = $DIC['rbacreview'];
139 
140  if ($tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false) and $tmp_user->getType() !== 'usr') {
141  return $this->raiseError(
142  'No valid user id given. Please choose an existing id of an ILIAS user',
143  'Client'
144  );
145  }
146  if ($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() !== 'role') {
147  return $this->raiseError(
148  'No valid role id given. Please choose an existing id of an ILIAS role',
149  'Client'
150  );
151  }
152 
153  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
154  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
155  return $this->raiseError('Check access failed. No permission to deassign users', 'Server');
156  }
157 
158  $rbacadmin->deassignUser($role_id, $user_id);
159  return true;
160  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ getLocalRoles()

ilSoapRBACAdministration::getLocalRoles ( string  $sid,
int  $ref_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 282 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

283  {
284  $this->initAuth($sid);
285  $this->initIlias();
286 
287  if (!$this->checkSession($sid)) {
288  return $this->raiseError($this->getMessage(), $this->getMessageCode());
289  }
290 
291  global $DIC;
292 
293  $rbacreview = $DIC['rbacreview'];
294  $ilAccess = $DIC['ilAccess'];
295 
296  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
297  return $this->raiseError(
298  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
299  'Client'
300  );
301  }
302 
303  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
304  return $this->raiseError('Check access failed. No permission to access role information', 'Server');
305  }
306 
307  $objs = [];
308  foreach ($rbacreview->getRolesOfRoleFolder($ref_id, false) as $role_id) {
309  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
310  $objs[] = $tmp_obj;
311  }
312  }
313  if (count($objs)) {
314  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
315 
316  $xml_writer = new ilObjectXMLWriter();
317  $xml_writer->setObjects($objs);
318  if ($xml_writer->start()) {
319  return $xml_writer->getXML();
320  }
321  }
322  return '';
323  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilObjectXMLWriter.php:16
+ Here is the call graph for this function:

◆ getObjectTreeOperations()

ilSoapRBACAdministration::getObjectTreeOperations ( string  $sid,
int  $ref_id,
int  $user_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 505 of file class.ilSoapRBACAdministration.php.

References $data, $DIC, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

506  {
507  $this->initAuth($sid);
508  $this->initIlias();
509 
510  if (!$this->checkSession($sid)) {
511  return $this->raiseError($this->getMessage(), $this->getMessageCode());
512  }
513 
514  global $DIC;
515 
516  $rbacsystem = $DIC['rbacsystem'];
517  $rbacreview = $DIC['rbacreview'];
518  $ilAccess = $DIC['ilAccess'];
519 
520  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
521  return $this->raiseError(
522  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
523  'Client'
524  );
525  }
526 
527  if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
528  return $this->raiseError(
529  'No valid user id given.',
530  'Client'
531  );
532  }
533 
534  if (ilObject::_isInTrash($ref_id)) {
535  return $this->raiseError("Parent with ID " . $ref_id . "has been deleted.", 'CLIENT_TARGET_DELETED');
536  }
537 
538  // check visible for all upper tree entries
539  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'visible', '', $tmp_obj->getRefId())) {
540  return array();
541  }
542  $op_data = $rbacreview->getOperation(2);
543  $ops_data[] = $op_data;
544 
545  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'read', '', $tmp_obj->getRefId())) {
546  return $ops_data;
547  }
548 
549  $ops_data = array();
550  $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
551  foreach ($ops as $ops_id) {
552  $op_data = $rbacreview->getOperation($ops_id);
553 
554  if ($rbacsystem->checkAccessOfUser($user_id, $op_data['operation'], $tmp_obj->getRefId())) {
555  $ops_data[$ops_id] = $op_data;
556  }
557  }
558 
559  $ret_data = [];
560  foreach ($ops_data as $data) {
561  $ret_data[] = $data;
562  }
563  return $ret_data;
564  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1099
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ getOperations()

ilSoapRBACAdministration::getOperations ( string  $sid)
Returns
soap_fault|SoapFault|null|array

Definition at line 165 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

166  {
167  $this->initAuth($sid);
168  $this->initIlias();
169 
170  if (!$this->checkSession($sid)) {
171  return $this->raiseError($this->getMessage(), $this->getMessageCode());
172  }
173 
174  global $DIC;
175 
176  $rbacreview = $DIC['rbacreview'];
177 
178  if (is_array($ops = $rbacreview->getOperations())) {
179  return $ops;
180  }
181 
182  return $this->raiseError('Unknown error', 'Server');
183  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
+ Here is the call graph for this function:

◆ getRoles()

ilSoapRBACAdministration::getRoles ( string  $sid,
string  $role_type,
int  $id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 569 of file class.ilSoapRBACAdministration.php.

References $DIC, $ilDB, ilSoapAdministration\checkSession(), ilDBConstants\FETCHMODE_ASSOC, ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), parseUserID(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

570  {
571  $this->initAuth($sid);
572  $this->initIlias();
573 
574  if (!$this->checkSession($sid)) {
575  return $this->raiseError($this->getMessage(), $this->getMessageCode());
576  }
577 
578  global $DIC;
579 
580  $rbacsystem = $DIC['rbacsystem'];
581  $rbacreview = $DIC['rbacreview'];
582  $ilUser = $DIC['ilUser'];
583  $ilDB = $DIC['ilDB'];
584 
585  if (strcasecmp($role_type, "") !== 0 &&
586  strcasecmp($role_type, "local") !== 0 &&
587  strcasecmp($role_type, "global") !== 0 &&
588  strcasecmp($role_type, "user") !== 0 &&
589  strcasecmp($role_type, "user_login") !== 0 &&
590  strcasecmp($role_type, "template") !== 0) {
591  return $this->raiseError(
592  'Called service with wrong role_type parameter \'' . $role_type . '\'',
593  'Client'
594  );
595  }
596 
597  $roles = array();
598 
599  if (strcasecmp($role_type, "template") === 0) {
600  // get templates
601  $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
602  } elseif (strcasecmp($role_type, "user") === 0 || strcasecmp($role_type, "user_login") === 0) {
603  // handle user roles
604  $user_id = $this->parseUserID($id, $role_type);
605  if ((int) $user_id !== $ilUser->getId()) {
606  // check access for user folder
607  $tmpUser = new ilObjUser($user_id);
608  $timelimitOwner = $tmpUser->getTimeLimitOwner();
609  if (!$rbacsystem->checkAccess('read', $timelimitOwner)) {
610  return $this->raiseError('Check access for time limit owner failed.', 'Server');
611  }
612  }
613  $role_type = ""; // local and global roles for user
614 
615  $query = sprintf(
616  "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
617  implode("','", $rbacreview->assignedRoles($user_id))
618  );
619 
620  $rbacresult = $ilDB->query($query);
621  while ($rbacrow = $rbacresult->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
622  if ($rbacrow["assign"] !== "y") {
623  continue;
624  }
625 
626  $type = "";
627 
628  if ((int) $rbacrow["parent"] === ROLE_FOLDER_ID) {
629  $type = "Global";
630  } else {
631  $type = "Local";
632  }
633  if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"], false)) {
634  /* @var $tmp_obj IlObjRole */
635  $roles[] = array(
636  "obj_id" => $rbacrow["rol_id"],
637  "title" => $tmp_obj->getTitle(),
638  "description" => $tmp_obj->getDescription(),
639  "role_type" => $type
640  );
641  }
642  }
643  } elseif ($id === -1) {
644  // get all roles of system role folder
645  if (!$rbacsystem->checkAccess('read', ROLE_FOLDER_ID)) {
646  return $this->raiseError('Check access failed.', 'Server');
647  }
648 
649  $roles = $rbacreview->getAssignableRoles(false, true);
650  } else {
651  // get local roles for a specific repository object
652  // needs permission to read permissions of this object
653  if (!$rbacsystem->checkAccess('edit_permission', $id)) {
654  return $this->raiseError('Check access for local roles failed.', 'Server');
655  }
656 
657  $role_type = "local";
658 
659  foreach ($rbacreview->getRolesOfRoleFolder($id, false) as $role_id) {
660  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
661  $roles[] = [
662  "obj_id" => $role_id,
663  "title" => $tmp_obj->getTitle(),
664  "description" => $tmp_obj->getDescription(),
665  "role_type" => $role_type
666  ];
667  }
668  }
669  }
670 
671  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
672 
673  $xml_writer = new ilSoapRoleObjectXMLWriter();
674  $xml_writer->setObjects($roles);
675  $xml_writer->setType($role_type);
676  if ($xml_writer->start()) {
677  return $xml_writer->getXML();
678  }
679  return '';
680  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilSoapRBACAdministration\parseUserID
parseUserID(int $id, string $role_type)
Definition: class.ilSoapRBACAdministration.php:758
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilSoapRoleObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilSoapRoleObjectXMLWriter.php:15
+ Here is the call graph for this function:

◆ getUserRoles()

ilSoapRBACAdministration::getUserRoles ( string  $sid,
int  $user_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 328 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

329  {
330  $this->initAuth($sid);
331  $this->initIlias();
332 
333  if (!$this->checkSession($sid)) {
334  return $this->raiseError($this->getMessage(), $this->getMessageCode());
335  }
336 
337  global $DIC;
338 
339  $rbacreview = $DIC['rbacreview'];
340 
341  if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
342  return $this->raiseError(
343  'No valid user id given. Please choose an existing id of an ILIAS user',
344  'Client'
345  );
346  }
347 
348  $objs = [];
349  foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
350  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
351  $objs[] = $tmp_obj;
352  }
353  }
354  if (count($objs)) {
355  include_once './webservice/soap/classes/class.ilObjectXMLWriter.php';
356 
357  $xml_writer = new ilObjectXMLWriter();
358  $xml_writer->setObjects($objs);
359  if ($xml_writer->start()) {
360  return $xml_writer->getXML();
361  }
362  }
363  return '';
364  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilObjectXMLWriter.php:16
+ Here is the call graph for this function:

◆ grantPermissions()

ilSoapRBACAdministration::grantPermissions ( string  $sid,
int  $ref_id,
int  $role_id,
array  $permissions 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 231 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

232  {
233  $this->initAuth($sid);
234  $this->initIlias();
235 
236  if (!$this->checkSession($sid)) {
237  return $this->raiseError($this->getMessage(), $this->getMessageCode());
238  }
239 
240  global $DIC;
241 
242  $rbacadmin = $DIC['rbacadmin'];
243  $ilAccess = $DIC['ilAccess'];
244 
245  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
246  return $this->raiseError(
247  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
248  'Client'
249  );
250  }
251  if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
252  return $this->raiseError(
253  'No valid role id given. Please choose an existing id of an ILIAS role',
254  'Client'
255  );
256  }
257 
258  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
259  return $this->raiseError('Check access failed. No permission to grant permissions', 'Server');
260  }
261 
262  // mjansen@databay.de: dirty fix
263  if (isset($permissions['item'])) {
264  $permissions = $permissions['item'];
265  }
266 
267  if (!is_array($permissions)) {
268  return $this->raiseError(
269  'No valid permissions given.' . print_r($permissions),
270  'Client'
271  );
272  }
273 
274  $rbacadmin->revokePermission($ref_id, $role_id);
275  $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
276  return true;
277  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ parseUserID()

ilSoapRBACAdministration::parseUserID ( int  $id,
string  $role_type 
)
private

Definition at line 758 of file class.ilSoapRBACAdministration.php.

References $id, ilUtil\__extractId(), ilObjUser\_lookupId(), IL_INST_ID, and ilSoapAdministration\raiseError().

Referenced by getRoles().

759  {
760  $user_id = 0;
761  if (strcasecmp($role_type, "user") === 0) {
762  // get user roles for user id, which can be numeric or ilias id
763  $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
764  if (!is_numeric($user_id)) {
765  return $this->raiseError('ID must be either numeric or ILIAS conform id for type \'user\'', 'Client');
766  }
767  } elseif (strcasecmp($role_type, "user_login") === 0) {
768  // check for login
769  $user_id = ilObjUser::_lookupId($id);
770  if (!$user_id) {
771  // could not find a valid user
772  return $this->raiseError('User with login \'' . $id . '\' does not exist!', 'Client');
773  }
774  }
775  return $user_id;
776  }
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:694
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1199
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ revokePermissions()

ilSoapRBACAdministration::revokePermissions ( string  $sid,
int  $ref_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 188 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and SYSTEM_ROLE_ID.

189  {
190  $this->initAuth($sid);
191  $this->initIlias();
192 
193  if (!$this->checkSession($sid)) {
194  return $this->raiseError($this->getMessage(), $this->getMessageCode());
195  }
196 
197  global $DIC;
198 
199  $rbacadmin = $DIC['rbacadmin'];
200  $ilAccess = $DIC['ilAccess'];
201 
202  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
203  return $this->raiseError(
204  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
205  'Client'
206  );
207  }
208  if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
209  return $this->raiseError(
210  'No valid role id given. Please choose an existing id of an ILIAS role',
211  'Client'
212  );
213  }
214  if ($role_id === SYSTEM_ROLE_ID) {
215  return $this->raiseError(
216  'Cannot revoke permissions of system role',
217  'Client'
218  );
219  }
220 
221  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
222  return $this->raiseError('Check access failed. No permission to revoke permissions', 'Server');
223  }
224  $rbacadmin->revokePermission($ref_id, $role_id);
225  return true;
226  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ searchRoles()

ilSoapRBACAdministration::searchRoles ( string  $sid,
string  $key,
string  $combination,
string  $role_type 
)

search for roles.

Parameters
string$role_typecan be empty which means "local & global", "local", "global", "user" = roles of user, "user_login" or "template"
Returns
soap_fault|SoapFault|null|string

Definition at line 687 of file class.ilSoapRBACAdministration.php.

References $DIC, $ilDB, $res, ilObjectSearchFactory\_getObjectSearchInstance(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilQueryParser\QP_COMBINATION_AND, ilQueryParser\QP_COMBINATION_OR, ilSoapAdministration\raiseError(), and ROOT_FOLDER_ID.

688  {
689  $this->initAuth($sid);
690  $this->initIlias();
691 
692  if (!$this->checkSession($sid)) {
693  return $this->raiseError($this->getMessage(), $this->getMessageCode());
694  }
695 
696  global $DIC;
697 
698  $rbacsystem = $DIC['rbacsystem'];
699  $rbacreview = $DIC['rbacreview'];
700  $ilUser = $DIC['ilUser'];
701  $ilDB = $DIC['ilDB'];
702 
703  if (strcasecmp($role_type, "") !== 0 &&
704  strcasecmp($role_type, "local") !== 0 &&
705  strcasecmp($role_type, "global") !== 0 &&
706  strcasecmp($role_type, "template") !== 0) {
707  return $this->raiseError(
708  'Called service with wrong role_type parameter \'' . $role_type . '\'',
709  'Client'
710  );
711  }
712 
713  if ($combination !== 'and' && $combination !== 'or') {
714  return $this->raiseError(
715  'No valid combination given. Must be "and" or "or".',
716  'Client'
717  );
718  }
719 
720  include_once './Services/Search/classes/class.ilQueryParser.php';
721 
722  $query_parser = new ilQueryParser($key);
723  $query_parser->setMinWordLength(3);
724  $query_parser->setCombination($combination === 'and' ? ilQueryParser::QP_COMBINATION_AND : ilQueryParser::QP_COMBINATION_OR);
725  $query_parser->parse();
726  if (!$query_parser->validate()) {
727  return $this->raiseError($query_parser->getMessage(), 'Client');
728  }
729 
730  include_once './Services/Search/classes/class.ilObjectSearchFactory.php';
731 
732  $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
733  $object_search->setFilter(array("role", "rolt"));
734 
735  $res = $object_search->performSearch();
736  $res->filter(ROOT_FOLDER_ID, $combination === 'and');
737 
738  $obj_ids = array();
739  foreach ($res->getUniqueResults() as $entry) {
740  $obj_ids [] = $entry['obj_id'];
741  }
742 
743  $roles = array();
744  if (count($obj_ids) > 0) {
745  $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type === "template");
746  }
747 
748  include_once './webservice/soap/classes/class.ilSoapRoleObjectXMLWriter.php';
749  $xml_writer = new ilSoapRoleObjectXMLWriter();
750  $xml_writer->setObjects($roles);
751  $xml_writer->setType($role_type);
752  if ($xml_writer->start()) {
753  return $xml_writer->getXML();
754  }
755  return '';
756  }
$res
$res
Definition: ltiservices.php:69
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:193
$DIC
global $DIC
Definition: feed.php:28
ilObjectSearchFactory\_getObjectSearchInstance
static _getObjectSearchInstance(ilQueryParser $query_parser)
Definition: class.ilObjectSearchFactory.php:38
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilSoapRoleObjectXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilSoapRoleObjectXMLWriter.php:15
+ Here is the call graph for this function:
The documentation for this class was generated from the following file: