ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
Public Member Functions | Private Member Functions
ilSoapRBACAdministration Class Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

+ Inheritance diagram for ilSoapRBACAdministration:
+ Collaboration diagram for ilSoapRBACAdministration:

Public Member Functions

 deleteRole (string $sid, int $role_id)
 
 addUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 deleteUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 getOperations (string $sid)
 
 revokePermissions (string $sid, int $ref_id, int $role_id)
 
 grantPermissions (string $sid, int $ref_id, int $role_id, array $permissions)
 
 getLocalRoles (string $sid, int $ref_id)
 
 getUserRoles (string $sid, int $user_id)
 
 addRole (string $sid, int $target_id, string $role_xml)
 
 addRoleFromTemplate (string $sid, int $target_id, string $role_xml, int $template_id)
 
 getObjectTreeOperations (string $sid, int $ref_id, int $user_id)
 
 getRoles (string $sid, string $role_type, int $id)
 
 searchRoles (string $sid, string $key, string $combination, string $role_type)
 search for roles. More...
 
- Public Member Functions inherited from ilSoapAdministration
 __construct (bool $use_nusoap=true)
 
 getMessage ()
 
 appendMessage (string $a_str)
 
 setMessageCode (string $a_code)
 
 getMessageCode ()
 
 reInitUser ()
 
 isFault ($object)
 
 getInstallationInfoXML ()
 
 getClientInfoXML (string $clientid)
 

Private Member Functions

 parseUserID (int $id, string $role_type)
 

Additional Inherited Members

- Data Fields inherited from ilSoapAdministration
const NUSOAP = 1
 
const PHP5 = 2
 
int $error_method
 Defines type of error handling (PHP5 || NUSOAP) More...
 
- Protected Member Functions inherited from ilSoapAdministration
 checkSession (string $sid)
 
 explodeSid (string $sid)
 
 setMessage (string $a_str)
 
 initAuth (string $sid)
 
 initIlias ()
 
 initAuthenticationObject ()
 
 raiseError (string $a_message, $a_code)
 
 checkObjectAccess (int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
 check access for ref id: expected type, permission, return object instance if returnobject is true More...
 
- Protected Attributes inherited from ilSoapAdministration
bool $soap_check = true
 
string $message = ''
 
string $message_code = ''
 

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning Soap rbac administration methods

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 22 of file class.ilSoapRBACAdministration.php.

Member Function Documentation

◆ addRole()

ilSoapRBACAdministration::addRole ( string  $sid,
int  $target_id,
string  $role_xml 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 359 of file class.ilSoapRBACAdministration.php.

360 {
361 $this->initAuth($sid);
362 $this->initIlias();
363
364 if (!$this->checkSession($sid)) {
365 return $this->raiseError($this->getMessage(), $this->getMessageCode());
366 }
367
368 global $DIC;
369
370 $rbacreview = $DIC['rbacreview'];
371 $objDefinition = $DIC['objDefinition'];
372 $rbacsystem = $DIC['rbacsystem'];
373 $ilAccess = $DIC['ilAccess'];
374
375 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
376 return $this->raiseError(
377 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
378 'Client'
379 );
380 }
381
382 if (ilObject::_isInTrash($target_id)) {
383 return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
384 }
385
386 if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
387 return $this->raiseError('Check access failed. No permission to create roles', 'Server');
388 }
389
390 $xml_parser = new ilObjectXMLParser($role_xml);
391 $xml_parser->startParsing();
392
393 $new_roles = [];
394 foreach ($xml_parser->getObjectData() as $object_data) {
395 // check if role title has il_ prefix
396 if (strpos($object_data['title'], "il_") === 0) {
397 return $this->raiseError(
398 'Rolenames are not allowed to start with "il_" ',
399 'Client'
400 );
401 }
402
403 $role = new ilObjRole();
404 $role->setTitle($object_data['title']);
405 $role->setDescription($object_data['description']);
406 $role->setImportId($object_data['import_id']);
407 $role->create();
408
409 $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
410 $new_roles[] = $role->getId();
411 }
412 return $new_roles;
413 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:27
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
ilObjectXMLParser
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLParser.php:20
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1112
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$DIC
global $DIC
Definition: shib_login.php:26
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54

References $DIC, $GLOBALS, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ addRoleFromTemplate()

ilSoapRBACAdministration::addRoleFromTemplate ( string  $sid,
int  $target_id,
string  $role_xml,
int  $template_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 418 of file class.ilSoapRBACAdministration.php.

419 {
420 $this->initAuth($sid);
421 $this->initIlias();
422
423 if (!$this->checkSession($sid)) {
424 return $this->raiseError($this->getMessage(), $this->getMessageCode());
425 }
426
427 global $DIC;
428
429 $rbacreview = $DIC['rbacreview'];
430 $objDefinition = $DIC['objDefinition'];
431 $rbacsystem = $DIC['rbacsystem'];
432 $rbacadmin = $DIC['rbacadmin'];
433 $ilAccess = $DIC['ilAccess'];
434
435 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
436 return $this->raiseError(
437 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
438 'Client'
439 );
440 }
441 if (ilObject::_lookupType($template_id) !== 'rolt') {
442 return $this->raiseError(
443 'No valid template id given. Please choose an existing object id of an ILIAS role template',
444 'Client'
445 );
446 }
447
448 if (ilObject::_isInTrash($target_id)) {
449 return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
450 }
451
452 if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
453 return $this->raiseError('Check access failed. No permission to create roles', 'Server');
454 }
455
456 $xml_parser = new ilObjectXMLParser($role_xml);
457 $xml_parser->startParsing();
458
459 $new_roles = [];
460 foreach ($xml_parser->getObjectData() as $object_data) {
461 // check if role title has il_ prefix
462 if (strpos($object_data['title'], "il_") === 0) {
463 return $this->raiseError(
464 'Rolenames are not allowed to start with "il_" ',
465 'Client'
466 );
467 }
468
469 $role = new ilObjRole();
470 $role->setTitle($object_data['title']);
471 $role->setDescription($object_data['description']);
472 $role->setImportId($object_data['import_id']);
473 $role->create();
474
475 $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
476
477 // Copy permssions
478 $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
479
480 // Set object permissions according to role template
481 $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
482 $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
483 $new_roles[] = $role->getId();
484 }
485 return $new_roles;
486 }
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34

References $DIC, $GLOBALS, ilObject\_isInTrash(), ilObject\_lookupType(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

+ Here is the call graph for this function:

◆ addUserRoleEntry()

ilSoapRBACAdministration::addUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 75 of file class.ilSoapRBACAdministration.php.

76 {
77 $this->initAuth($sid);
78 $this->initIlias();
79
80 if (!$this->checkSession($sid)) {
81 return $this->raiseError($this->getMessage(), $this->getMessageCode());
82 }
83
84 global $DIC;
85
86 $rbacadmin = $DIC['rbacadmin'];
87 $rbacreview = $DIC['rbacreview'];
88 $ilAccess = $DIC['ilAccess'];
89
90 $tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false);
91 if (!$tmp_user instanceof ilObjUser) {
92 return $this->raiseError(
93 'No valid user id given. Please choose an existing id of an ILIAS user',
94 'Client'
95 );
96 }
97 $tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false);
98 if (!$tmp_role instanceof ilObjRole) {
99 return $this->raiseError(
100 'No valid role id given. Please choose an existing id of an ILIAS role',
101 'Client'
102 );
103 }
104
105 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
106 if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
107 return $this->raiseError('Check access failed. No permission to assign users', 'Server');
108 }
109
110 $rbacadmin->assignUser($role_id, $user_id);
111 return true;
112 }
ilObjUser
User class.
Definition: class.ilObjUser.php:46
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84

References $DIC, $user_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ deleteRole()

ilSoapRBACAdministration::deleteRole ( string  $sid,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 27 of file class.ilSoapRBACAdministration.php.

28 {
29 $this->initAuth($sid);
30 $this->initIlias();
31
32 if (!$this->checkSession($sid)) {
33 return $this->raiseError($this->getMessage(), $this->getMessageCode());
34 }
35
36 global $DIC;
37
38 $rbacreview = $DIC['rbacreview'];
39 $rbacsystem = $DIC['rbacsystem'];
40 $ilAccess = $DIC['ilAccess'];
41
42 if (!($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) || $tmp_role->getType() !== 'role') {
43 return $this->raiseError(
44 'No valid role id given. Please choose an existing id of an ILIAS role',
45 'Client'
46 );
47 }
48
49 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
50 if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
51 return $this->raiseError('Check access failed. No permission to delete role', 'Server');
52 }
53
54 // if it's last role of an user
55 foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
56 if (count($rbacreview->assignedRoles($user_id)) === 1) {
57 return $this->raiseError(
58 'Cannot deassign last role of users',
59 'Client'
60 );
61 }
62 }
63
64 // set parent id (role folder id) of role
65 $rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, true);
66 $rolf_id = end($rolf_ids);
67 $tmp_role->setParent((int) $rolf_id);
68 $tmp_role->delete();
69 return true;
70 }

References $DIC, $user_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ deleteUserRoleEntry()

ilSoapRBACAdministration::deleteUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 117 of file class.ilSoapRBACAdministration.php.

118 {
119 $this->initAuth($sid);
120 $this->initIlias();
121
122 if (!$this->checkSession($sid)) {
123 return $this->raiseError($this->getMessage(), $this->getMessageCode());
124 }
125
126 global $DIC;
127
128 $rbacadmin = $DIC['rbacadmin'];
129 $ilAccess = $DIC['ilAccess'];
130 $rbacreview = $DIC['rbacreview'];
131
132 if ($tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false) and $tmp_user->getType() !== 'usr') {
133 return $this->raiseError(
134 'No valid user id given. Please choose an existing id of an ILIAS user',
135 'Client'
136 );
137 }
138 if ($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() !== 'role') {
139 return $this->raiseError(
140 'No valid role id given. Please choose an existing id of an ILIAS role',
141 'Client'
142 );
143 }
144
145 $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
146 if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
147 return $this->raiseError('Check access failed. No permission to deassign users', 'Server');
148 }
149
150 $rbacadmin->deassignUser($role_id, $user_id);
151 return true;
152 }

References $DIC, $user_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getLocalRoles()

ilSoapRBACAdministration::getLocalRoles ( string  $sid,
int  $ref_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 274 of file class.ilSoapRBACAdministration.php.

275 {
276 $this->initAuth($sid);
277 $this->initIlias();
278
279 if (!$this->checkSession($sid)) {
280 return $this->raiseError($this->getMessage(), $this->getMessageCode());
281 }
282
283 global $DIC;
284
285 $rbacreview = $DIC['rbacreview'];
286 $ilAccess = $DIC['ilAccess'];
287
288 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
289 return $this->raiseError(
290 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
291 'Client'
292 );
293 }
294
295 if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
296 return $this->raiseError('Check access failed. No permission to access role information', 'Server');
297 }
298
299 $objs = [];
300 foreach ($rbacreview->getRolesOfRoleFolder($ref_id, false) as $role_id) {
301 if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
302 $objs[] = $tmp_obj;
303 }
304 }
305 if (count($objs)) {
306
307 $xml_writer = new ilObjectXMLWriter();
308 $xml_writer->setObjects($objs);
309 if ($xml_writer->start()) {
310 return $xml_writer->getXML();
311 }
312 }
313 return '';
314 }
ilObjectXMLWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLWriter.php:29
$ref_id
$ref_id
Definition: ltiauth.php:66

References $DIC, $ref_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getObjectTreeOperations()

ilSoapRBACAdministration::getObjectTreeOperations ( string  $sid,
int  $ref_id,
int  $user_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 491 of file class.ilSoapRBACAdministration.php.

492 {
493 $this->initAuth($sid);
494 $this->initIlias();
495
496 if (!$this->checkSession($sid)) {
497 return $this->raiseError($this->getMessage(), $this->getMessageCode());
498 }
499
500 global $DIC;
501
502 $rbacsystem = $DIC['rbacsystem'];
503 $rbacreview = $DIC['rbacreview'];
504 $ilAccess = $DIC['ilAccess'];
505
506 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
507 return $this->raiseError(
508 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
509 'Client'
510 );
511 }
512
513 if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
514 return $this->raiseError(
515 'No valid user id given.',
516 'Client'
517 );
518 }
519
520 if (ilObject::_isInTrash($ref_id)) {
521 return $this->raiseError("Parent with ID " . $ref_id . "has been deleted.", 'CLIENT_TARGET_DELETED');
522 }
523
524 // check visible for all upper tree entries
525 if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'visible', '', $tmp_obj->getRefId())) {
526 return array();
527 }
528 $op_data = $rbacreview->getOperation(2);
529 $ops_data[] = $op_data;
530
531 if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'read', '', $tmp_obj->getRefId())) {
532 return $ops_data;
533 }
534
535 $ops_data = array();
536 $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
537 foreach ($ops as $ops_id) {
538 $op_data = $rbacreview->getOperation($ops_id);
539
540 if ($rbacsystem->checkAccessOfUser($user_id, $op_data['operation'], $tmp_obj->getRefId())) {
541 $ops_data[$ops_id] = $op_data;
542 }
543 }
544
545 $ret_data = [];
546 foreach ($ops_data as $data) {
547 $ret_data[] = $data;
548 }
549 return $ret_data;
550 }

References $data, $DIC, $ref_id, $user_id, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getOperations()

ilSoapRBACAdministration::getOperations ( string  $sid)
Returns
soap_fault|SoapFault|null|array

Definition at line 157 of file class.ilSoapRBACAdministration.php.

158 {
159 $this->initAuth($sid);
160 $this->initIlias();
161
162 if (!$this->checkSession($sid)) {
163 return $this->raiseError($this->getMessage(), $this->getMessageCode());
164 }
165
166 global $DIC;
167
168 $rbacreview = $DIC['rbacreview'];
169
170 if (is_array($ops = $rbacreview->getOperations())) {
171 return $ops;
172 }
173
174 return $this->raiseError('Unknown error', 'Server');
175 }

References $DIC, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getRoles()

ilSoapRBACAdministration::getRoles ( string  $sid,
string  $role_type,
int  $id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 555 of file class.ilSoapRBACAdministration.php.

556 {
557 $this->initAuth($sid);
558 $this->initIlias();
559
560 if (!$this->checkSession($sid)) {
561 return $this->raiseError($this->getMessage(), $this->getMessageCode());
562 }
563
564 global $DIC;
565
566 $rbacsystem = $DIC['rbacsystem'];
567 $rbacreview = $DIC['rbacreview'];
568 $ilUser = $DIC['ilUser'];
569 $ilDB = $DIC['ilDB'];
570
571 if (strcasecmp($role_type, "") !== 0 &&
572 strcasecmp($role_type, "local") !== 0 &&
573 strcasecmp($role_type, "global") !== 0 &&
574 strcasecmp($role_type, "user") !== 0 &&
575 strcasecmp($role_type, "user_login") !== 0 &&
576 strcasecmp($role_type, "template") !== 0) {
577 return $this->raiseError(
578 'Called service with wrong role_type parameter \'' . $role_type . '\'',
579 'Client'
580 );
581 }
582
583 $roles = array();
584
585 if (strcasecmp($role_type, "template") === 0) {
586 // get templates
587 $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
588 } elseif (strcasecmp($role_type, "user") === 0 || strcasecmp($role_type, "user_login") === 0) {
589 // handle user roles
590 $user_id = $this->parseUserID($id, $role_type);
591 if ((int) $user_id !== $ilUser->getId()) {
592 // check access for user folder
593 $tmpUser = new ilObjUser($user_id);
594 $timelimitOwner = $tmpUser->getTimeLimitOwner();
595 if (!$rbacsystem->checkAccess('read', $timelimitOwner)) {
596 return $this->raiseError('Check access for time limit owner failed.', 'Server');
597 }
598 }
599 $role_type = ""; // local and global roles for user
600
601 $query = sprintf(
602 "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
603 implode("','", $rbacreview->assignedRoles($user_id))
604 );
605
606 $rbacresult = $ilDB->query($query);
607 while ($rbacrow = $rbacresult->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
608 if ($rbacrow["assign"] !== "y") {
609 continue;
610 }
611
612 $type = "";
613
614 if ((int) $rbacrow["parent"] === ROLE_FOLDER_ID) {
615 $type = "Global";
616 } else {
617 $type = "Local";
618 }
619 if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"], false)) {
620 /* @var $tmp_obj IlObjRole */
621 $roles[] = array(
622 "obj_id" => $rbacrow["rol_id"],
623 "title" => $tmp_obj->getTitle(),
624 "description" => $tmp_obj->getDescription(),
625 "role_type" => $type
626 );
627 }
628 }
629 } elseif ($id === -1) {
630 // get all roles of system role folder
631 if (!$rbacsystem->checkAccess('read', ROLE_FOLDER_ID)) {
632 return $this->raiseError('Check access failed.', 'Server');
633 }
634
635 $roles = $rbacreview->getAssignableRoles(false, true);
636 } else {
637 // get local roles for a specific repository object
638 // needs permission to read permissions of this object
639 if (!$rbacsystem->checkAccess('edit_permission', $id)) {
640 return $this->raiseError('Check access for local roles failed.', 'Server');
641 }
642
643 $role_type = "local";
644
645 foreach ($rbacreview->getRolesOfRoleFolder($id, false) as $role_id) {
646 if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
647 $roles[] = [
648 "obj_id" => $role_id,
649 "title" => $tmp_obj->getTitle(),
650 "description" => $tmp_obj->getDescription(),
651 "role_type" => $role_type
652 ];
653 }
654 }
655 }
656
657 $xml_writer = new ilSoapRoleObjectXMLWriter();
658 $xml_writer->setObjects($roles);
659 $xml_writer->setType($role_type);
660 if ($xml_writer->start()) {
661 return $xml_writer->getXML();
662 }
663 return '';
664 }
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilSoapRBACAdministration\parseUserID
parseUserID(int $id, string $role_type)
Definition: class.ilSoapRBACAdministration.php:738
ilSoapRoleObjectXMLWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilSoapRoleObjectXMLWriter.php:30

References $DIC, $id, $ilDB, $user_id, ilSoapAdministration\checkSession(), ilDBConstants\FETCHMODE_ASSOC, ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), parseUserID(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

+ Here is the call graph for this function:

◆ getUserRoles()

ilSoapRBACAdministration::getUserRoles ( string  $sid,
int  $user_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 319 of file class.ilSoapRBACAdministration.php.

320 {
321 $this->initAuth($sid);
322 $this->initIlias();
323
324 if (!$this->checkSession($sid)) {
325 return $this->raiseError($this->getMessage(), $this->getMessageCode());
326 }
327
328 global $DIC;
329
330 $rbacreview = $DIC['rbacreview'];
331
332 if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
333 return $this->raiseError(
334 'No valid user id given. Please choose an existing id of an ILIAS user',
335 'Client'
336 );
337 }
338
339 $objs = [];
340 foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
341 if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
342 $objs[] = $tmp_obj;
343 }
344 }
345 if (count($objs)) {
346
347 $xml_writer = new ilObjectXMLWriter();
348 $xml_writer->setObjects($objs);
349 if ($xml_writer->start()) {
350 return $xml_writer->getXML();
351 }
352 }
353 return '';
354 }

References $DIC, $user_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ grantPermissions()

ilSoapRBACAdministration::grantPermissions ( string  $sid,
int  $ref_id,
int  $role_id,
array  $permissions 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 223 of file class.ilSoapRBACAdministration.php.

224 {
225 $this->initAuth($sid);
226 $this->initIlias();
227
228 if (!$this->checkSession($sid)) {
229 return $this->raiseError($this->getMessage(), $this->getMessageCode());
230 }
231
232 global $DIC;
233
234 $rbacadmin = $DIC['rbacadmin'];
235 $ilAccess = $DIC['ilAccess'];
236
237 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
238 return $this->raiseError(
239 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
240 'Client'
241 );
242 }
243 if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
244 return $this->raiseError(
245 'No valid role id given. Please choose an existing id of an ILIAS role',
246 'Client'
247 );
248 }
249
250 if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
251 return $this->raiseError('Check access failed. No permission to grant permissions', 'Server');
252 }
253
254 // mjansen@databay.de: dirty fix
255 if (isset($permissions['item'])) {
256 $permissions = $permissions['item'];
257 }
258
259 if (!is_array($permissions)) {
260 return $this->raiseError(
261 'No valid permissions given.' . print_r($permissions),
262 'Client'
263 );
264 }
265
266 $rbacadmin->revokePermission($ref_id, $role_id);
267 $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
268 return true;
269 }

References $DIC, $ref_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ parseUserID()

ilSoapRBACAdministration::parseUserID ( int  $id,
string  $role_type 
)
private

Definition at line 738 of file class.ilSoapRBACAdministration.php.

739 {
740 $user_id = 0;
741 if (strcasecmp($role_type, "user") === 0) {
742 // get user roles for user id, which can be numeric or ilias id
743 $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
744 if (!is_numeric($user_id)) {
745 return $this->raiseError('ID must be either numeric or ILIAS conform id for type \'user\'', 'Client');
746 }
747 } elseif (strcasecmp($role_type, "user_login") === 0) {
748 // check for login
749 $user_id = ilObjUser::_lookupId($id);
750 if (!$user_id) {
751 // could not find a valid user
752 return $this->raiseError('User with login \'' . $id . '\' does not exist!', 'Client');
753 }
754 }
755 return $user_id;
756 }
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2915
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1200
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40

References $id, $user_id, ilUtil\__extractId(), ilObjUser\_lookupId(), IL_INST_ID, and ilSoapAdministration\raiseError().

Referenced by getRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ revokePermissions()

ilSoapRBACAdministration::revokePermissions ( string  $sid,
int  $ref_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 180 of file class.ilSoapRBACAdministration.php.

181 {
182 $this->initAuth($sid);
183 $this->initIlias();
184
185 if (!$this->checkSession($sid)) {
186 return $this->raiseError($this->getMessage(), $this->getMessageCode());
187 }
188
189 global $DIC;
190
191 $rbacadmin = $DIC['rbacadmin'];
192 $ilAccess = $DIC['ilAccess'];
193
194 if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
195 return $this->raiseError(
196 'No valid ref id given. Please choose an existing reference id of an ILIAS object',
197 'Client'
198 );
199 }
200 if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
201 return $this->raiseError(
202 'No valid role id given. Please choose an existing id of an ILIAS role',
203 'Client'
204 );
205 }
206 if ($role_id === SYSTEM_ROLE_ID) {
207 return $this->raiseError(
208 'Cannot revoke permissions of system role',
209 'Client'
210 );
211 }
212
213 if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
214 return $this->raiseError('Check access failed. No permission to revoke permissions', 'Server');
215 }
216 $rbacadmin->revokePermission($ref_id, $role_id);
217 return true;
218 }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29

References $DIC, $ref_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and SYSTEM_ROLE_ID.

+ Here is the call graph for this function:

◆ searchRoles()

ilSoapRBACAdministration::searchRoles ( string  $sid,
string  $key,
string  $combination,
string  $role_type 
)

search for roles.

Parameters
string$role_typecan be empty which means "local & global", "local", "global", "user" = roles of user, "user_login" or "template"
Returns
soap_fault|SoapFault|null|string

Definition at line 671 of file class.ilSoapRBACAdministration.php.

672 {
673 $this->initAuth($sid);
674 $this->initIlias();
675
676 if (!$this->checkSession($sid)) {
677 return $this->raiseError($this->getMessage(), $this->getMessageCode());
678 }
679
680 global $DIC;
681
682 $rbacsystem = $DIC['rbacsystem'];
683 $rbacreview = $DIC['rbacreview'];
684 $ilUser = $DIC['ilUser'];
685 $ilDB = $DIC['ilDB'];
686
687 if (strcasecmp($role_type, "") !== 0 &&
688 strcasecmp($role_type, "local") !== 0 &&
689 strcasecmp($role_type, "global") !== 0 &&
690 strcasecmp($role_type, "template") !== 0) {
691 return $this->raiseError(
692 'Called service with wrong role_type parameter \'' . $role_type . '\'',
693 'Client'
694 );
695 }
696
697 if ($combination !== 'and' && $combination !== 'or') {
698 return $this->raiseError(
699 'No valid combination given. Must be "and" or "or".',
700 'Client'
701 );
702 }
703
704 $query_parser = new ilQueryParser($key);
705 $query_parser->setMinWordLength(3);
706 $query_parser->setCombination($combination === 'and' ? ilQueryParser::QP_COMBINATION_AND : ilQueryParser::QP_COMBINATION_OR);
707 $query_parser->parse();
708 if (!$query_parser->validate()) {
709 return $this->raiseError($query_parser->getMessage(), 'Client');
710 }
711
712
713 $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
714 $object_search->setFilter(array("role", "rolt"));
715
716 $res = $object_search->performSearch();
717 $res->filter(ROOT_FOLDER_ID, $combination === 'and');
718
719 $obj_ids = array();
720 foreach ($res->getUniqueResults() as $entry) {
721 $obj_ids [] = $entry['obj_id'];
722 }
723
724 $roles = array();
725 if (count($obj_ids) > 0) {
726 $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type === "template");
727 }
728
729 $xml_writer = new ilSoapRoleObjectXMLWriter();
730 $xml_writer->setObjects($roles);
731 $xml_writer->setType($role_type);
732 if ($xml_writer->start()) {
733 return $xml_writer->getXML();
734 }
735 return '';
736 }
ilObjectSearchFactory\_getObjectSearchInstance
static _getObjectSearchInstance(ilQueryParser $query_parser)
Definition: class.ilObjectSearchFactory.php:31
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
$res
$res
Definition: ltiservices.php:69

References $DIC, $ilDB, $res, ilObjectSearchFactory\_getObjectSearchInstance(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilQueryParser\QP_COMBINATION_AND, ilQueryParser\QP_COMBINATION_OR, ilSoapAdministration\raiseError(), and ROOT_FOLDER_ID.

+ Here is the call graph for this function:
The documentation for this class was generated from the following file: