ILIAS  trunk Revision v11.0_alpha-1831-g8615d53dadb
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Private Member Functions
ilSoapRBACAdministration Class Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

+ Inheritance diagram for ilSoapRBACAdministration:
+ Collaboration diagram for ilSoapRBACAdministration:

Public Member Functions

 deleteRole (string $sid, int $role_id)
 
 addUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 deleteUserRoleEntry (string $sid, int $user_id, int $role_id)
 
 getOperations (string $sid)
 
 revokePermissions (string $sid, int $ref_id, int $role_id)
 
 grantPermissions (string $sid, int $ref_id, int $role_id, array $permissions)
 
 getLocalRoles (string $sid, int $ref_id)
 
 getUserRoles (string $sid, int $user_id)
 
 addRole (string $sid, int $target_id, string $role_xml)
 
 addRoleFromTemplate (string $sid, int $target_id, string $role_xml, int $template_id)
 
 getObjectTreeOperations (string $sid, int $ref_id, int $user_id)
 
 getRoles (string $sid, string $role_type, int $id)
 
 searchRoles (string $sid, string $key, string $combination, string $role_type)
 search for roles. More...
 
- Public Member Functions inherited from ilSoapAdministration
 __construct (bool $use_nusoap=true)
 
 getMessage ()
 
 appendMessage (string $a_str)
 
 setMessageCode (string $a_code)
 
 getMessageCode ()
 
 reInitUser ()
 
 isFault ($object)
 
 getInstallationInfoXML ()
 
 getClientInfoXML (string $clientid)
 

Private Member Functions

 parseUserID (int $id, string $role_type)
 

Additional Inherited Members

- Data Fields inherited from ilSoapAdministration
const NUSOAP = 1
 
const PHP5 = 2
 
int $error_method
 Defines type of error handling (PHP5 || NUSOAP) More...
 
- Protected Member Functions inherited from ilSoapAdministration
 checkSession (string $sid)
 
 explodeSid (string $sid)
 
 setMessage (string $a_str)
 
 initAuth (string $sid)
 
 initIlias ()
 
 initAuthenticationObject ()
 
 raiseError (string $a_message, $a_code)
 
 checkObjectAccess (int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
 check access for ref id: expected type, permission, return object instance if returnobject is true More...
 
- Protected Attributes inherited from ilSoapAdministration
bool $soap_check = true
 
string $message = ''
 
string $message_code = ''
 

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning Soap rbac administration methods

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 22 of file class.ilSoapRBACAdministration.php.

Member Function Documentation

◆ addRole()

ilSoapRBACAdministration::addRole ( string  $sid,
int  $target_id,
string  $role_xml 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 359 of file class.ilSoapRBACAdministration.php.

References $DIC, $GLOBALS, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

360  {
361  $this->initAuth($sid);
362  $this->initIlias();
363 
364  if (!$this->checkSession($sid)) {
365  return $this->raiseError($this->getMessage(), $this->getMessageCode());
366  }
367 
368  global $DIC;
369 
370  $rbacreview = $DIC['rbacreview'];
371  $objDefinition = $DIC['objDefinition'];
372  $rbacsystem = $DIC['rbacsystem'];
373  $ilAccess = $DIC['ilAccess'];
374 
375  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
376  return $this->raiseError(
377  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
378  'Client'
379  );
380  }
381 
382  if (ilObject::_isInTrash($target_id)) {
383  return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
384  }
385 
386  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
387  return $this->raiseError('Check access failed. No permission to create roles', 'Server');
388  }
389 
390  $xml_parser = new ilObjectXMLParser($role_xml);
391  $xml_parser->startParsing();
392 
393  $new_roles = [];
394  foreach ($xml_parser->getObjectData() as $object_data) {
395  // check if role title has il_ prefix
396  if (strpos($object_data['title'], "il_") === 0) {
397  return $this->raiseError(
398  'Rolenames are not allowed to start with "il_" ',
399  'Client'
400  );
401  }
402 
403  $role = new ilObjRole();
404  $role->setTitle($object_data['title']);
405  $role->setDescription($object_data['description']);
406  $role->setImportId($object_data['import_id']);
407  $role->create();
408 
409  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
410  $new_roles[] = $role->getId();
411  }
412  return $new_roles;
413  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1095
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectXMLParser
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLParser.php:19
+ Here is the call graph for this function:

◆ addRoleFromTemplate()

ilSoapRBACAdministration::addRoleFromTemplate ( string  $sid,
int  $target_id,
string  $role_xml,
int  $template_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 418 of file class.ilSoapRBACAdministration.php.

References $DIC, $GLOBALS, ilObject\_isInTrash(), ilObject\_lookupType(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

419  {
420  $this->initAuth($sid);
421  $this->initIlias();
422 
423  if (!$this->checkSession($sid)) {
424  return $this->raiseError($this->getMessage(), $this->getMessageCode());
425  }
426 
427  global $DIC;
428 
429  $rbacreview = $DIC['rbacreview'];
430  $objDefinition = $DIC['objDefinition'];
431  $rbacsystem = $DIC['rbacsystem'];
432  $rbacadmin = $DIC['rbacadmin'];
433  $ilAccess = $DIC['ilAccess'];
434 
435  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($target_id, false)) {
436  return $this->raiseError(
437  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
438  'Client'
439  );
440  }
441  if (ilObject::_lookupType($template_id) !== 'rolt') {
442  return $this->raiseError(
443  'No valid template id given. Please choose an existing object id of an ILIAS role template',
444  'Client'
445  );
446  }
447 
448  if (ilObject::_isInTrash($target_id)) {
449  return $this->raiseError("Parent with ID $target_id has been deleted.", 'CLIENT_TARGET_DELETED');
450  }
451 
452  if (!$ilAccess->checkAccess('edit_permission', '', $target_id)) {
453  return $this->raiseError('Check access failed. No permission to create roles', 'Server');
454  }
455 
456  $xml_parser = new ilObjectXMLParser($role_xml);
457  $xml_parser->startParsing();
458 
459  $new_roles = [];
460  foreach ($xml_parser->getObjectData() as $object_data) {
461  // check if role title has il_ prefix
462  if (strpos($object_data['title'], "il_") === 0) {
463  return $this->raiseError(
464  'Rolenames are not allowed to start with "il_" ',
465  'Client'
466  );
467  }
468 
469  $role = new ilObjRole();
470  $role->setTitle($object_data['title']);
471  $role->setDescription($object_data['description']);
472  $role->setImportId($object_data['import_id']);
473  $role->create();
474 
475  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $target_id);
476 
477  // Copy permssions
478  $rbacadmin->copyRoleTemplatePermissions($template_id, ROLE_FOLDER_ID, $target_id, $role->getId());
479 
480  // Set object permissions according to role template
481  $ops = $rbacreview->getOperationsOfRole($role->getId(), $tmp_obj->getType(), $target_id);
482  $rbacadmin->grantPermission($role->getId(), $ops, $target_id);
483  $new_roles[] = $role->getId();
484  }
485  return $new_roles;
486  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1095
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
$DIC
global $DIC
Definition: shib_login.php:22
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObjectXMLParser
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLParser.php:19
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
+ Here is the call graph for this function:

◆ addUserRoleEntry()

ilSoapRBACAdministration::addUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 75 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

76  {
77  $this->initAuth($sid);
78  $this->initIlias();
79 
80  if (!$this->checkSession($sid)) {
81  return $this->raiseError($this->getMessage(), $this->getMessageCode());
82  }
83 
84  global $DIC;
85 
86  $rbacadmin = $DIC['rbacadmin'];
87  $rbacreview = $DIC['rbacreview'];
88  $ilAccess = $DIC['ilAccess'];
89 
90  $tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false);
91  if (!$tmp_user instanceof ilObjUser) {
92  return $this->raiseError(
93  'No valid user id given. Please choose an existing id of an ILIAS user',
94  'Client'
95  );
96  }
97  $tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false);
98  if (!$tmp_role instanceof ilObjRole) {
99  return $this->raiseError(
100  'No valid role id given. Please choose an existing id of an ILIAS role',
101  'Client'
102  );
103  }
104 
105  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
106  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
107  return $this->raiseError('Check access failed. No permission to assign users', 'Server');
108  }
109 
110  $rbacadmin->assignUser($role_id, $user_id);
111  return true;
112  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ deleteRole()

ilSoapRBACAdministration::deleteRole ( string  $sid,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 27 of file class.ilSoapRBACAdministration.php.

References $DIC, $user_id, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

28  {
29  $this->initAuth($sid);
30  $this->initIlias();
31 
32  if (!$this->checkSession($sid)) {
33  return $this->raiseError($this->getMessage(), $this->getMessageCode());
34  }
35 
36  global $DIC;
37 
38  $rbacreview = $DIC['rbacreview'];
39  $rbacsystem = $DIC['rbacsystem'];
40  $ilAccess = $DIC['ilAccess'];
41 
42  if (!($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) || $tmp_role->getType() !== 'role') {
43  return $this->raiseError(
44  'No valid role id given. Please choose an existing id of an ILIAS role',
45  'Client'
46  );
47  }
48 
49  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
50  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
51  return $this->raiseError('Check access failed. No permission to delete role', 'Server');
52  }
53 
54  // if it's last role of an user
55  foreach ($assigned_users = $rbacreview->assignedUsers($role_id) as $user_id) {
56  if (count($rbacreview->assignedRoles($user_id)) === 1) {
57  return $this->raiseError(
58  'Cannot deassign last role of users',
59  'Client'
60  );
61  }
62  }
63 
64  // set parent id (role folder id) of role
65  $rolf_ids = $rbacreview->getFoldersAssignedToRole($role_id, true);
66  $rolf_id = end($rolf_ids);
67  $tmp_role->setParent((int) $rolf_id);
68  $tmp_role->delete();
69  return true;
70  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ deleteUserRoleEntry()

ilSoapRBACAdministration::deleteUserRoleEntry ( string  $sid,
int  $user_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 117 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

118  {
119  $this->initAuth($sid);
120  $this->initIlias();
121 
122  if (!$this->checkSession($sid)) {
123  return $this->raiseError($this->getMessage(), $this->getMessageCode());
124  }
125 
126  global $DIC;
127 
128  $rbacadmin = $DIC['rbacadmin'];
129  $ilAccess = $DIC['ilAccess'];
130  $rbacreview = $DIC['rbacreview'];
131 
132  if ($tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false) and $tmp_user->getType() !== 'usr') {
133  return $this->raiseError(
134  'No valid user id given. Please choose an existing id of an ILIAS user',
135  'Client'
136  );
137  }
138  if ($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false) and $tmp_role->getType() !== 'role') {
139  return $this->raiseError(
140  'No valid role id given. Please choose an existing id of an ILIAS role',
141  'Client'
142  );
143  }
144 
145  $obj_ref = $rbacreview->getObjectReferenceOfRole($role_id);
146  if (!$ilAccess->checkAccess('edit_permission', '', $obj_ref)) {
147  return $this->raiseError('Check access failed. No permission to deassign users', 'Server');
148  }
149 
150  $rbacadmin->deassignUser($role_id, $user_id);
151  return true;
152  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ getLocalRoles()

ilSoapRBACAdministration::getLocalRoles ( string  $sid,
int  $ref_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 274 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

275  {
276  $this->initAuth($sid);
277  $this->initIlias();
278 
279  if (!$this->checkSession($sid)) {
280  return $this->raiseError($this->getMessage(), $this->getMessageCode());
281  }
282 
283  global $DIC;
284 
285  $rbacreview = $DIC['rbacreview'];
286  $ilAccess = $DIC['ilAccess'];
287 
288  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
289  return $this->raiseError(
290  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
291  'Client'
292  );
293  }
294 
295  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
296  return $this->raiseError('Check access failed. No permission to access role information', 'Server');
297  }
298 
299  $objs = [];
300  foreach ($rbacreview->getRolesOfRoleFolder($ref_id, false) as $role_id) {
301  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
302  $objs[] = $tmp_obj;
303  }
304  }
305  if (count($objs)) {
306 
307  $xml_writer = new ilObjectXMLWriter();
308  $xml_writer->setObjects($objs);
309  if ($xml_writer->start()) {
310  return $xml_writer->getXML();
311  }
312  }
313  return '';
314  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectXMLWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLWriter.php:28
+ Here is the call graph for this function:

◆ getObjectTreeOperations()

ilSoapRBACAdministration::getObjectTreeOperations ( string  $sid,
int  $ref_id,
int  $user_id 
)
Returns
array|soap_fault|SoapFault|null

Definition at line 491 of file class.ilSoapRBACAdministration.php.

References $data, $DIC, ilObject\_isInTrash(), ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

492  {
493  $this->initAuth($sid);
494  $this->initIlias();
495 
496  if (!$this->checkSession($sid)) {
497  return $this->raiseError($this->getMessage(), $this->getMessageCode());
498  }
499 
500  global $DIC;
501 
502  $rbacsystem = $DIC['rbacsystem'];
503  $rbacreview = $DIC['rbacreview'];
504  $ilAccess = $DIC['ilAccess'];
505 
506  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
507  return $this->raiseError(
508  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
509  'Client'
510  );
511  }
512 
513  if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
514  return $this->raiseError(
515  'No valid user id given.',
516  'Client'
517  );
518  }
519 
520  if (ilObject::_isInTrash($ref_id)) {
521  return $this->raiseError("Parent with ID " . $ref_id . "has been deleted.", 'CLIENT_TARGET_DELETED');
522  }
523 
524  // check visible for all upper tree entries
525  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'visible', '', $tmp_obj->getRefId())) {
526  return array();
527  }
528  $op_data = $rbacreview->getOperation(2);
529  $ops_data[] = $op_data;
530 
531  if (!$ilAccess->checkAccessOfUser($tmp_user->getId(), 'read', '', $tmp_obj->getRefId())) {
532  return $ops_data;
533  }
534 
535  $ops_data = array();
536  $ops = $rbacreview->getOperationsOnTypeString($tmp_obj->getType());
537  foreach ($ops as $ops_id) {
538  $op_data = $rbacreview->getOperation($ops_id);
539 
540  if ($rbacsystem->checkAccessOfUser($user_id, $op_data['operation'], $tmp_obj->getRefId())) {
541  $ops_data[$ops_id] = $op_data;
542  }
543  }
544 
545  $ret_data = [];
546  foreach ($ops_data as $data) {
547  $ret_data[] = $data;
548  }
549  return $ret_data;
550  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObject\_isInTrash
static _isInTrash(int $ref_id)
Definition: class.ilObject.php:1095
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ getOperations()

ilSoapRBACAdministration::getOperations ( string  $sid)
Returns
soap_fault|SoapFault|null|array

Definition at line 157 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

158  {
159  $this->initAuth($sid);
160  $this->initIlias();
161 
162  if (!$this->checkSession($sid)) {
163  return $this->raiseError($this->getMessage(), $this->getMessageCode());
164  }
165 
166  global $DIC;
167 
168  $rbacreview = $DIC['rbacreview'];
169 
170  if (is_array($ops = $rbacreview->getOperations())) {
171  return $ops;
172  }
173 
174  return $this->raiseError('Unknown error', 'Server');
175  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:

◆ getRoles()

ilSoapRBACAdministration::getRoles ( string  $sid,
string  $role_type,
int  $id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 555 of file class.ilSoapRBACAdministration.php.

References $DIC, $ilDB, $user_id, ilSoapAdministration\checkSession(), ilDBConstants\FETCHMODE_ASSOC, ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), parseUserID(), ilSoapAdministration\raiseError(), and ROLE_FOLDER_ID.

556  {
557  $this->initAuth($sid);
558  $this->initIlias();
559 
560  if (!$this->checkSession($sid)) {
561  return $this->raiseError($this->getMessage(), $this->getMessageCode());
562  }
563 
564  global $DIC;
565 
566  $rbacsystem = $DIC['rbacsystem'];
567  $rbacreview = $DIC['rbacreview'];
568  $ilUser = $DIC['ilUser'];
569  $ilDB = $DIC['ilDB'];
570 
571  if (strcasecmp($role_type, "") !== 0 &&
572  strcasecmp($role_type, "local") !== 0 &&
573  strcasecmp($role_type, "global") !== 0 &&
574  strcasecmp($role_type, "user") !== 0 &&
575  strcasecmp($role_type, "user_login") !== 0 &&
576  strcasecmp($role_type, "template") !== 0) {
577  return $this->raiseError(
578  'Called service with wrong role_type parameter \'' . $role_type . '\'',
579  'Client'
580  );
581  }
582 
583  $roles = array();
584 
585  if (strcasecmp($role_type, "template") === 0) {
586  // get templates
587  $roles = $rbacreview->getRolesByFilter(6, $ilUser->getId());
588  } elseif (strcasecmp($role_type, "user") === 0 || strcasecmp($role_type, "user_login") === 0) {
589  // handle user roles
590  $user_id = $this->parseUserID($id, $role_type);
591  if ((int) $user_id !== $ilUser->getId()) {
592  // check access for user folder
593  $tmpUser = new ilObjUser($user_id);
594  $timelimitOwner = $tmpUser->getTimeLimitOwner();
595  if (!$rbacsystem->checkAccess('read', $timelimitOwner)) {
596  return $this->raiseError('Check access for time limit owner failed.', 'Server');
597  }
598  }
599  $role_type = ""; // local and global roles for user
600 
601  $query = sprintf(
602  "SELECT object_data.title, rbac_fa.* FROM object_data, rbac_ua, rbac_fa WHERE rbac_ua.rol_id IN ('%s') AND rbac_ua.rol_id = rbac_fa.rol_id AND object_data.obj_id = rbac_fa.rol_id AND rbac_ua.usr_id=" . $user_id,
603  implode("','", $rbacreview->assignedRoles($user_id))
604  );
605 
606  $rbacresult = $ilDB->query($query);
607  while ($rbacrow = $rbacresult->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
608  if ($rbacrow["assign"] !== "y") {
609  continue;
610  }
611 
612  $type = "";
613 
614  if ((int) $rbacrow["parent"] === ROLE_FOLDER_ID) {
615  $type = "Global";
616  } else {
617  $type = "Local";
618  }
619  if (strlen($type) && $tmp_obj = ilObjectFactory::getInstanceByObjId($rbacrow["rol_id"], false)) {
620  /* @var $tmp_obj IlObjRole */
621  $roles[] = array(
622  "obj_id" => $rbacrow["rol_id"],
623  "title" => $tmp_obj->getTitle(),
624  "description" => $tmp_obj->getDescription(),
625  "role_type" => $type
626  );
627  }
628  }
629  } elseif ($id === -1) {
630  // get all roles of system role folder
631  if (!$rbacsystem->checkAccess('read', ROLE_FOLDER_ID)) {
632  return $this->raiseError('Check access failed.', 'Server');
633  }
634 
635  $roles = $rbacreview->getAssignableRoles(false, true);
636  } else {
637  // get local roles for a specific repository object
638  // needs permission to read permissions of this object
639  if (!$rbacsystem->checkAccess('edit_permission', $id)) {
640  return $this->raiseError('Check access for local roles failed.', 'Server');
641  }
642 
643  $role_type = "local";
644 
645  foreach ($rbacreview->getRolesOfRoleFolder($id, false) as $role_id) {
646  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
647  $roles[] = [
648  "obj_id" => $role_id,
649  "title" => $tmp_obj->getTitle(),
650  "description" => $tmp_obj->getDescription(),
651  "role_type" => $role_type
652  ];
653  }
654  }
655  }
656 
657  $xml_writer = new ilSoapRoleObjectXMLWriter();
658  $xml_writer->setObjects($roles);
659  $xml_writer->setType($role_type);
660  if ($xml_writer->start()) {
661  return $xml_writer->getXML();
662  }
663  return '';
664  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$DIC
global $DIC
Definition: shib_login.php:22
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilSoapRBACAdministration\parseUserID
parseUserID(int $id, string $role_type)
Definition: class.ilSoapRBACAdministration.php:738
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilSoapRoleObjectXMLWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilSoapRoleObjectXMLWriter.php:29
+ Here is the call graph for this function:

◆ getUserRoles()

ilSoapRBACAdministration::getUserRoles ( string  $sid,
int  $user_id 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 319 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

320  {
321  $this->initAuth($sid);
322  $this->initIlias();
323 
324  if (!$this->checkSession($sid)) {
325  return $this->raiseError($this->getMessage(), $this->getMessageCode());
326  }
327 
328  global $DIC;
329 
330  $rbacreview = $DIC['rbacreview'];
331 
332  if (!$tmp_user = ilObjectFactory::getInstanceByObjId($user_id, false)) {
333  return $this->raiseError(
334  'No valid user id given. Please choose an existing id of an ILIAS user',
335  'Client'
336  );
337  }
338 
339  $objs = [];
340  foreach ($rbacreview->assignedRoles($user_id) as $role_id) {
341  if ($tmp_obj = ilObjectFactory::getInstanceByObjId($role_id, false)) {
342  $objs[] = $tmp_obj;
343  }
344  }
345  if (count($objs)) {
346 
347  $xml_writer = new ilObjectXMLWriter();
348  $xml_writer->setObjects($objs);
349  if ($xml_writer->start()) {
350  return $xml_writer->getXML();
351  }
352  }
353  return '';
354  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectXMLWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectXMLWriter.php:28
+ Here is the call graph for this function:

◆ grantPermissions()

ilSoapRBACAdministration::grantPermissions ( string  $sid,
int  $ref_id,
int  $role_id,
array  $permissions 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 223 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

224  {
225  $this->initAuth($sid);
226  $this->initIlias();
227 
228  if (!$this->checkSession($sid)) {
229  return $this->raiseError($this->getMessage(), $this->getMessageCode());
230  }
231 
232  global $DIC;
233 
234  $rbacadmin = $DIC['rbacadmin'];
235  $ilAccess = $DIC['ilAccess'];
236 
237  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
238  return $this->raiseError(
239  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
240  'Client'
241  );
242  }
243  if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
244  return $this->raiseError(
245  'No valid role id given. Please choose an existing id of an ILIAS role',
246  'Client'
247  );
248  }
249 
250  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
251  return $this->raiseError('Check access failed. No permission to grant permissions', 'Server');
252  }
253 
254  // mjansen@databay.de: dirty fix
255  if (isset($permissions['item'])) {
256  $permissions = $permissions['item'];
257  }
258 
259  if (!is_array($permissions)) {
260  return $this->raiseError(
261  'No valid permissions given.' . print_r($permissions),
262  'Client'
263  );
264  }
265 
266  $rbacadmin->revokePermission($ref_id, $role_id);
267  $rbacadmin->grantPermission($role_id, $permissions, $ref_id);
268  return true;
269  }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ parseUserID()

ilSoapRBACAdministration::parseUserID ( int  $id,
string  $role_type 
)
private

Definition at line 738 of file class.ilSoapRBACAdministration.php.

References $id, $user_id, ilUtil\__extractId(), ilObjUser\_lookupId(), IL_INST_ID, and ilSoapAdministration\raiseError().

Referenced by getRoles().

739  {
740  $user_id = 0;
741  if (strcasecmp($role_type, "user") === 0) {
742  // get user roles for user id, which can be numeric or ilias id
743  $user_id = !is_numeric($id) ? ilUtil::__extractId($id, IL_INST_ID) : $id;
744  if (!is_numeric($user_id)) {
745  return $this->raiseError('ID must be either numeric or ILIAS conform id for type \'user\'', 'Client');
746  }
747  } elseif (strcasecmp($role_type, "user_login") === 0) {
748  // check for login
749  $user_id = ilObjUser::_lookupId($id);
750  if (!$user_id) {
751  // could not find a valid user
752  return $this->raiseError('User with login \'' . $id . '\' does not exist!', 'Client');
753  }
754  }
755  return $user_id;
756  }
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:692
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1194
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ revokePermissions()

ilSoapRBACAdministration::revokePermissions ( string  $sid,
int  $ref_id,
int  $role_id 
)
Returns
bool|soap_fault|SoapFault|null

Definition at line 180 of file class.ilSoapRBACAdministration.php.

References $DIC, ilSoapAdministration\checkSession(), ilObjectFactory\getInstanceByObjId(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and SYSTEM_ROLE_ID.

181  {
182  $this->initAuth($sid);
183  $this->initIlias();
184 
185  if (!$this->checkSession($sid)) {
186  return $this->raiseError($this->getMessage(), $this->getMessageCode());
187  }
188 
189  global $DIC;
190 
191  $rbacadmin = $DIC['rbacadmin'];
192  $ilAccess = $DIC['ilAccess'];
193 
194  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($ref_id, false)) {
195  return $this->raiseError(
196  'No valid ref id given. Please choose an existing reference id of an ILIAS object',
197  'Client'
198  );
199  }
200  if (($tmp_role = ilObjectFactory::getInstanceByObjId($role_id, false)) && $tmp_role->getType() !== 'role') {
201  return $this->raiseError(
202  'No valid role id given. Please choose an existing id of an ILIAS role',
203  'Client'
204  );
205  }
206  if ($role_id === SYSTEM_ROLE_ID) {
207  return $this->raiseError(
208  'Cannot revoke permissions of system role',
209  'Client'
210  );
211  }
212 
213  if (!$ilAccess->checkAccess('edit_permission', '', $ref_id)) {
214  return $this->raiseError('Check access failed. No permission to revoke permissions', 'Server');
215  }
216  $rbacadmin->revokePermission($ref_id, $role_id);
217  return true;
218  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
+ Here is the call graph for this function:

◆ searchRoles()

ilSoapRBACAdministration::searchRoles ( string  $sid,
string  $key,
string  $combination,
string  $role_type 
)

search for roles.

Parameters
string$role_typecan be empty which means "local & global", "local", "global", "user" = roles of user, "user_login" or "template"
Returns
soap_fault|SoapFault|null|string

Definition at line 671 of file class.ilSoapRBACAdministration.php.

References $DIC, $ilDB, $res, ilObjectSearchFactory\_getObjectSearchInstance(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilQueryParser\QP_COMBINATION_AND, ilQueryParser\QP_COMBINATION_OR, ilSoapAdministration\raiseError(), and ROOT_FOLDER_ID.

672  {
673  $this->initAuth($sid);
674  $this->initIlias();
675 
676  if (!$this->checkSession($sid)) {
677  return $this->raiseError($this->getMessage(), $this->getMessageCode());
678  }
679 
680  global $DIC;
681 
682  $rbacsystem = $DIC['rbacsystem'];
683  $rbacreview = $DIC['rbacreview'];
684  $ilUser = $DIC['ilUser'];
685  $ilDB = $DIC['ilDB'];
686 
687  if (strcasecmp($role_type, "") !== 0 &&
688  strcasecmp($role_type, "local") !== 0 &&
689  strcasecmp($role_type, "global") !== 0 &&
690  strcasecmp($role_type, "template") !== 0) {
691  return $this->raiseError(
692  'Called service with wrong role_type parameter \'' . $role_type . '\'',
693  'Client'
694  );
695  }
696 
697  if ($combination !== 'and' && $combination !== 'or') {
698  return $this->raiseError(
699  'No valid combination given. Must be "and" or "or".',
700  'Client'
701  );
702  }
703 
704  $query_parser = new ilQueryParser($key);
705  $query_parser->setMinWordLength(3);
706  $query_parser->setCombination($combination === 'and' ? ilQueryParser::QP_COMBINATION_AND : ilQueryParser::QP_COMBINATION_OR);
707  $query_parser->parse();
708  if (!$query_parser->validate()) {
709  return $this->raiseError($query_parser->getMessage(), 'Client');
710  }
711 
712 
713  $object_search = ilObjectSearchFactory::_getObjectSearchInstance($query_parser);
714  $object_search->setFilter(array("role", "rolt"));
715 
716  $res = $object_search->performSearch();
717  $res->filter(ROOT_FOLDER_ID, $combination === 'and');
718 
719  $obj_ids = array();
720  foreach ($res->getUniqueResults() as $entry) {
721  $obj_ids [] = $entry['obj_id'];
722  }
723 
724  $roles = array();
725  if (count($obj_ids) > 0) {
726  $roles = $rbacreview->getRolesForIDs($obj_ids, $role_type === "template");
727  }
728 
729  $xml_writer = new ilSoapRoleObjectXMLWriter();
730  $xml_writer->setObjects($roles);
731  $xml_writer->setType($role_type);
732  if ($xml_writer->start()) {
733  return $xml_writer->getXML();
734  }
735  return '';
736  }
$res
$res
Definition: ltiservices.php:66
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
ilObjectSearchFactory\_getObjectSearchInstance
static _getObjectSearchInstance(ilQueryParser $query_parser)
Definition: class.ilObjectSearchFactory.php:31
$DIC
global $DIC
Definition: shib_login.php:22
ilSoapRoleObjectXMLWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilSoapRoleObjectXMLWriter.php:29
+ Here is the call graph for this function:
The documentation for this class was generated from the following file: