|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* RoleService class. |
|
5
|
|
|
* |
|
6
|
|
|
* @copyright Copyright (C) eZ Systems AS. All rights reserved. |
|
7
|
|
|
* @license For full copyright and license information view LICENSE file distributed with this source code. |
|
8
|
|
|
*/ |
|
9
|
|
|
namespace eZ\Publish\Core\SignalSlot; |
|
10
|
|
|
|
|
11
|
|
|
use eZ\Publish\API\Repository\RoleService as RoleServiceInterface; |
|
12
|
|
|
use eZ\Publish\API\Repository\Values\User\Limitation\RoleLimitation; |
|
13
|
|
|
use eZ\Publish\API\Repository\Values\User\Policy; |
|
14
|
|
|
use eZ\Publish\API\Repository\Values\User\PolicyCreateStruct; |
|
15
|
|
|
use eZ\Publish\API\Repository\Values\User\PolicyDraft; |
|
16
|
|
|
use eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct; |
|
17
|
|
|
use eZ\Publish\API\Repository\Values\User\Role; |
|
18
|
|
|
use eZ\Publish\API\Repository\Values\User\RoleAssignment; |
|
19
|
|
|
use eZ\Publish\API\Repository\Values\User\RoleCreateStruct; |
|
20
|
|
|
use eZ\Publish\API\Repository\Values\User\RoleDraft; |
|
21
|
|
|
use eZ\Publish\API\Repository\Values\User\RoleUpdateStruct; |
|
22
|
|
|
use eZ\Publish\API\Repository\Values\User\User; |
|
23
|
|
|
use eZ\Publish\API\Repository\Values\User\UserGroup; |
|
24
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\AddPolicyByRoleDraftSignal; |
|
25
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\AddPolicySignal; |
|
26
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\AssignRoleToUserGroupSignal; |
|
27
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\AssignRoleToUserSignal; |
|
28
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\CreateRoleDraftSignal; |
|
29
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\CreateRoleSignal; |
|
30
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\DeleteRoleDraftSignal; |
|
31
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\DeleteRoleSignal; |
|
32
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\PublishRoleDraftSignal; |
|
33
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\RemovePolicyByRoleDraftSignal; |
|
34
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\RemovePolicySignal; |
|
35
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\RemoveRoleAssignmentSignal; |
|
36
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\UnassignRoleFromUserGroupSignal; |
|
37
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\UnassignRoleFromUserSignal; |
|
38
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\UpdatePolicySignal; |
|
39
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\UpdateRoleDraftSignal; |
|
40
|
|
|
use eZ\Publish\Core\SignalSlot\Signal\RoleService\UpdateRoleSignal; |
|
41
|
|
|
|
|
42
|
|
|
/** |
|
43
|
|
|
* RoleService class. |
|
44
|
|
|
*/ |
|
45
|
|
|
class RoleService implements RoleServiceInterface |
|
46
|
|
|
{ |
|
47
|
|
|
/** |
|
48
|
|
|
* Aggregated service. |
|
49
|
|
|
* |
|
50
|
|
|
* @var \eZ\Publish\API\Repository\RoleService |
|
51
|
|
|
*/ |
|
52
|
|
|
protected $service; |
|
53
|
|
|
|
|
54
|
|
|
/** |
|
55
|
|
|
* SignalDispatcher. |
|
56
|
|
|
* |
|
57
|
|
|
* @var \eZ\Publish\Core\SignalSlot\SignalDispatcher |
|
58
|
|
|
*/ |
|
59
|
|
|
protected $signalDispatcher; |
|
60
|
|
|
|
|
61
|
|
|
/** |
|
62
|
|
|
* Constructor. |
|
63
|
|
|
* |
|
64
|
|
|
* Construct service object from aggregated service and signal |
|
65
|
|
|
* dispatcher |
|
66
|
|
|
* |
|
67
|
|
|
* @param \eZ\Publish\API\Repository\RoleService $service |
|
68
|
|
|
* @param \eZ\Publish\Core\SignalSlot\SignalDispatcher $signalDispatcher |
|
69
|
|
|
*/ |
|
70
|
|
|
public function __construct(RoleServiceInterface $service, SignalDispatcher $signalDispatcher) |
|
71
|
|
|
{ |
|
72
|
|
|
$this->service = $service; |
|
73
|
|
|
$this->signalDispatcher = $signalDispatcher; |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
/** |
|
77
|
|
|
* Creates a new RoleDraft. |
|
78
|
|
|
* |
|
79
|
|
|
* @since 6.0 |
|
80
|
|
|
* |
|
81
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to create a role |
|
82
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException |
|
83
|
|
|
* if the name of the role already exists or if limitation of the same type |
|
84
|
|
|
* is repeated in the policy create struct or if limitation is not allowed on module/function |
|
85
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a policy limitation in the $roleCreateStruct is not valid |
|
86
|
|
|
* |
|
87
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleCreateStruct $roleCreateStruct |
|
88
|
|
|
* |
|
89
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleDraft |
|
90
|
|
|
*/ |
|
91
|
|
|
public function createRole(RoleCreateStruct $roleCreateStruct) |
|
92
|
|
|
{ |
|
93
|
|
|
$returnValue = $this->service->createRole($roleCreateStruct); |
|
94
|
|
|
$this->signalDispatcher->emit( |
|
95
|
|
|
new CreateRoleSignal( |
|
96
|
|
|
array( |
|
97
|
|
|
'roleId' => $returnValue->id, |
|
98
|
|
|
) |
|
99
|
|
|
) |
|
100
|
|
|
); |
|
101
|
|
|
|
|
102
|
|
|
return $returnValue; |
|
103
|
|
|
} |
|
104
|
|
|
|
|
105
|
|
|
/** |
|
106
|
|
|
* Creates a new RoleDraft for existing Role. |
|
107
|
|
|
* |
|
108
|
|
|
* @since 6.0 |
|
109
|
|
|
* |
|
110
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to create a role |
|
111
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if the Role already has a Role Draft that will need to be removed first |
|
112
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a policy limitation in the $roleCreateStruct is not valid |
|
113
|
|
|
* |
|
114
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
115
|
|
|
* |
|
116
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleDraft |
|
117
|
|
|
*/ |
|
118
|
|
|
public function createRoleDraft(Role $role) |
|
119
|
|
|
{ |
|
120
|
|
|
$returnValue = $this->service->createRoleDraft($role); |
|
121
|
|
|
$this->signalDispatcher->emit( |
|
122
|
|
|
new CreateRoleDraftSignal( |
|
123
|
|
|
array( |
|
124
|
|
|
'roleId' => $returnValue->id, |
|
125
|
|
|
) |
|
126
|
|
|
) |
|
127
|
|
|
); |
|
128
|
|
|
|
|
129
|
|
|
return $returnValue; |
|
130
|
|
|
} |
|
131
|
|
|
|
|
132
|
|
|
/** |
|
133
|
|
|
* Loads a role for the given id. |
|
134
|
|
|
* |
|
135
|
|
|
* @since 6.0 |
|
136
|
|
|
* |
|
137
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read this role |
|
138
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a role with the given id was not found |
|
139
|
|
|
* |
|
140
|
|
|
* @param mixed $id |
|
141
|
|
|
* |
|
142
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleDraft |
|
143
|
|
|
*/ |
|
144
|
|
|
public function loadRoleDraft($id) |
|
145
|
|
|
{ |
|
146
|
|
|
return $this->service->loadRoleDraft($id); |
|
147
|
|
|
} |
|
148
|
|
|
|
|
149
|
|
|
/** |
|
150
|
|
|
* Loads a RoleDraft by the ID of the role it was created from. |
|
151
|
|
|
* |
|
152
|
|
|
* @param mixed $roleId ID of the role the draft was created from. |
|
153
|
|
|
* |
|
154
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read this role |
|
155
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a RoleDraft with the given id was not found |
|
156
|
|
|
* |
|
157
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleDraft |
|
158
|
|
|
*/ |
|
159
|
|
|
public function loadRoleDraftByRoleId($roleId) |
|
160
|
|
|
{ |
|
161
|
|
|
return $this->service->loadRoleDraftByRoleId($roleId); |
|
162
|
|
|
} |
|
163
|
|
|
|
|
164
|
|
|
/** |
|
165
|
|
|
* Updates the properties of a role draft. |
|
166
|
|
|
* |
|
167
|
|
|
* @since 6.0 |
|
168
|
|
|
* |
|
169
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to update a role |
|
170
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if the identifier of the role already exists |
|
171
|
|
|
* |
|
172
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleDraft $roleDraft |
|
173
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleUpdateStruct $roleUpdateStruct |
|
174
|
|
|
* |
|
175
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleDraft |
|
176
|
|
|
*/ |
|
177
|
|
|
public function updateRoleDraft(RoleDraft $roleDraft, RoleUpdateStruct $roleUpdateStruct) |
|
178
|
|
|
{ |
|
179
|
|
|
$returnValue = $this->service->updateRoleDraft($roleDraft, $roleUpdateStruct); |
|
180
|
|
|
$this->signalDispatcher->emit( |
|
181
|
|
|
new UpdateRoleDraftSignal( |
|
182
|
|
|
array( |
|
183
|
|
|
'roleId' => $roleDraft->id, |
|
184
|
|
|
) |
|
185
|
|
|
) |
|
186
|
|
|
); |
|
187
|
|
|
|
|
188
|
|
|
return $returnValue; |
|
189
|
|
|
} |
|
190
|
|
|
|
|
191
|
|
|
/** |
|
192
|
|
|
* Adds a new policy to the role draft. |
|
193
|
|
|
* |
|
194
|
|
|
* @since 6.0 |
|
195
|
|
|
* |
|
196
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to add a policy |
|
197
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if limitation of the same type is repeated in policy create |
|
198
|
|
|
* struct or if limitation is not allowed on module/function |
|
199
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a limitation in the $policyCreateStruct is not valid |
|
200
|
|
|
* |
|
201
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleDraft $roleDraft |
|
202
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\PolicyCreateStruct $policyCreateStruct |
|
203
|
|
|
* |
|
204
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleDraft |
|
205
|
|
|
*/ |
|
206
|
|
|
public function addPolicyByRoleDraft(RoleDraft $roleDraft, PolicyCreateStruct $policyCreateStruct) |
|
207
|
|
|
{ |
|
208
|
|
|
$returnValue = $this->service->addPolicyByRoleDraft($roleDraft, $policyCreateStruct); |
|
209
|
|
|
$this->signalDispatcher->emit( |
|
210
|
|
|
new AddPolicyByRoleDraftSignal( |
|
211
|
|
|
array( |
|
212
|
|
|
'roleId' => $roleDraft->id, |
|
213
|
|
|
'policyId' => $returnValue->id, |
|
214
|
|
|
) |
|
215
|
|
|
) |
|
216
|
|
|
); |
|
217
|
|
|
|
|
218
|
|
|
return $returnValue; |
|
219
|
|
|
} |
|
220
|
|
|
|
|
221
|
|
|
/** |
|
222
|
|
|
* Removes a policy from a role draft. |
|
223
|
|
|
* |
|
224
|
|
|
* @since 6.0 |
|
225
|
|
|
* |
|
226
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to remove a policy |
|
227
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if policy does not belong to the given RoleDraft |
|
228
|
|
|
* |
|
229
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleDraft $roleDraft |
|
230
|
|
|
* @param PolicyDraft $policyDraft the policy to remove from the role |
|
231
|
|
|
* @return RoleDraft if the authenticated user is not allowed to remove a policy |
|
232
|
|
|
*/ |
|
233
|
|
|
public function removePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policyDraft) |
|
234
|
|
|
{ |
|
235
|
|
|
$returnValue = $this->service->removePolicyByRoleDraft($roleDraft, $policyDraft); |
|
236
|
|
|
$this->signalDispatcher->emit( |
|
237
|
|
|
new RemovePolicyByRoleDraftSignal( |
|
238
|
|
|
array( |
|
239
|
|
|
'roleId' => $roleDraft->id, |
|
240
|
|
|
'policyId' => $policyDraft->id, |
|
241
|
|
|
) |
|
242
|
|
|
) |
|
243
|
|
|
); |
|
244
|
|
|
|
|
245
|
|
|
return $returnValue; |
|
246
|
|
|
} |
|
247
|
|
|
|
|
248
|
|
|
/** |
|
249
|
|
|
* Updates the limitations of a policy. The module and function cannot be changed and |
|
250
|
|
|
* the limitations are replaced by the ones in $roleUpdateStruct. |
|
251
|
|
|
* |
|
252
|
|
|
* @since 6.0 |
|
253
|
|
|
* |
|
254
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to update a policy |
|
255
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if limitation of the same type is repeated in policy update |
|
256
|
|
|
* struct or if limitation is not allowed on module/function |
|
257
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a limitation in the $policyUpdateStruct is not valid |
|
258
|
|
|
* |
|
259
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleDraft $roleDraft |
|
260
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\PolicyDraft $policy |
|
261
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct $policyUpdateStruct |
|
262
|
|
|
* |
|
263
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\PolicyDraft |
|
264
|
|
|
*/ |
|
265
|
|
View Code Duplication |
public function updatePolicyByRoleDraft(RoleDraft $roleDraft, PolicyDraft $policy, PolicyUpdateStruct $policyUpdateStruct) |
|
266
|
|
|
{ |
|
267
|
|
|
$returnValue = $this->service->updatePolicyByRoleDraft($roleDraft, $policy, $policyUpdateStruct); |
|
268
|
|
|
$this->signalDispatcher->emit( |
|
269
|
|
|
new UpdatePolicySignal( |
|
270
|
|
|
array( |
|
271
|
|
|
'policyId' => $policy->id, |
|
272
|
|
|
) |
|
273
|
|
|
) |
|
274
|
|
|
); |
|
275
|
|
|
|
|
276
|
|
|
return $returnValue; |
|
277
|
|
|
} |
|
278
|
|
|
|
|
279
|
|
|
/** |
|
280
|
|
|
* Deletes the given role draft. |
|
281
|
|
|
* |
|
282
|
|
|
* @since 6.0 |
|
283
|
|
|
* |
|
284
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to delete this role |
|
285
|
|
|
* |
|
286
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleDraft $roleDraft |
|
287
|
|
|
*/ |
|
288
|
|
|
public function deleteRoleDraft(RoleDraft $roleDraft) |
|
289
|
|
|
{ |
|
290
|
|
|
$returnValue = $this->service->deleteRoleDraft($roleDraft); |
|
291
|
|
|
$this->signalDispatcher->emit( |
|
292
|
|
|
new DeleteRoleDraftSignal( |
|
293
|
|
|
array( |
|
294
|
|
|
'roleId' => $roleDraft->id, |
|
295
|
|
|
) |
|
296
|
|
|
) |
|
297
|
|
|
); |
|
298
|
|
|
|
|
299
|
|
|
return $returnValue; |
|
300
|
|
|
} |
|
301
|
|
|
|
|
302
|
|
|
/** |
|
303
|
|
|
* Publishes a given Role draft. |
|
304
|
|
|
* |
|
305
|
|
|
* @since 6.0 |
|
306
|
|
|
* |
|
307
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to publish this role |
|
308
|
|
|
* |
|
309
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleDraft $roleDraft |
|
310
|
|
|
*/ |
|
311
|
|
|
public function publishRoleDraft(RoleDraft $roleDraft) |
|
312
|
|
|
{ |
|
313
|
|
|
$returnValue = $this->service->publishRoleDraft($roleDraft); |
|
314
|
|
|
$this->signalDispatcher->emit( |
|
315
|
|
|
new PublishRoleDraftSignal( |
|
316
|
|
|
array( |
|
317
|
|
|
'roleId' => $roleDraft->id, |
|
318
|
|
|
) |
|
319
|
|
|
) |
|
320
|
|
|
); |
|
321
|
|
|
|
|
322
|
|
|
return $returnValue; |
|
323
|
|
|
} |
|
324
|
|
|
|
|
325
|
|
|
/** |
|
326
|
|
|
* Updates the name of the role. |
|
327
|
|
|
* |
|
328
|
|
|
* @deprecated since 6.0, use {@see updateRoleDraft} |
|
329
|
|
|
* |
|
330
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to update a role |
|
331
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if the name of the role already exists |
|
332
|
|
|
* |
|
333
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
334
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleUpdateStruct $roleUpdateStruct |
|
335
|
|
|
* |
|
336
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\Role |
|
337
|
|
|
*/ |
|
338
|
|
|
public function updateRole(Role $role, RoleUpdateStruct $roleUpdateStruct) |
|
339
|
|
|
{ |
|
340
|
|
|
$returnValue = $this->service->updateRole($role, $roleUpdateStruct); |
|
|
|
|
|
|
341
|
|
|
$this->signalDispatcher->emit( |
|
342
|
|
|
new UpdateRoleSignal( |
|
343
|
|
|
array( |
|
344
|
|
|
'roleId' => $role->id, |
|
345
|
|
|
) |
|
346
|
|
|
) |
|
347
|
|
|
); |
|
348
|
|
|
|
|
349
|
|
|
return $returnValue; |
|
350
|
|
|
} |
|
351
|
|
|
|
|
352
|
|
|
/** |
|
353
|
|
|
* Adds a new policy to the role. |
|
354
|
|
|
* |
|
355
|
|
|
* @deprecated since 6.0, use {@see addPolicyByRoleDraft} |
|
356
|
|
|
* |
|
357
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to add a policy |
|
358
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if limitation of the same type is repeated in policy create |
|
359
|
|
|
* struct or if limitation is not allowed on module/function |
|
360
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a limitation in the $policyCreateStruct is not valid |
|
361
|
|
|
* |
|
362
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
363
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\PolicyCreateStruct $policyCreateStruct |
|
364
|
|
|
* |
|
365
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\Role |
|
366
|
|
|
*/ |
|
367
|
|
|
public function addPolicy(Role $role, PolicyCreateStruct $policyCreateStruct) |
|
368
|
|
|
{ |
|
369
|
|
|
$returnValue = $this->service->addPolicy($role, $policyCreateStruct); |
|
|
|
|
|
|
370
|
|
|
$this->signalDispatcher->emit( |
|
371
|
|
|
new AddPolicySignal( |
|
372
|
|
|
array( |
|
373
|
|
|
'roleId' => $role->id, |
|
374
|
|
|
'policyId' => $returnValue->id, |
|
375
|
|
|
) |
|
376
|
|
|
) |
|
377
|
|
|
); |
|
378
|
|
|
|
|
379
|
|
|
return $returnValue; |
|
380
|
|
|
} |
|
381
|
|
|
|
|
382
|
|
|
/** |
|
383
|
|
|
* Delete a policy. |
|
384
|
|
|
* |
|
385
|
|
|
* @deprecated since 6.0, use {@link removePolicyByRoleDraft()} instead. |
|
386
|
|
|
* |
|
387
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to remove a policy |
|
388
|
|
|
* |
|
389
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Policy $policy the policy to delete |
|
390
|
|
|
*/ |
|
391
|
|
|
public function deletePolicy(Policy $policy) |
|
392
|
|
|
{ |
|
393
|
|
|
$returnValue = $this->service->deletePolicy($policy); |
|
|
|
|
|
|
394
|
|
|
$this->signalDispatcher->emit( |
|
395
|
|
|
new RemovePolicySignal( |
|
396
|
|
|
array( |
|
397
|
|
|
'roleId' => $policy->roleId, |
|
398
|
|
|
'policyId' => $policy->id, |
|
399
|
|
|
) |
|
400
|
|
|
) |
|
401
|
|
|
); |
|
402
|
|
|
|
|
403
|
|
|
return $returnValue; |
|
404
|
|
|
} |
|
405
|
|
|
|
|
406
|
|
|
/** |
|
407
|
|
|
* Updates the limitations of a policy. The module and function cannot be changed and |
|
408
|
|
|
* the limitations are replaced by the ones in $roleUpdateStruct. |
|
409
|
|
|
* |
|
410
|
|
|
* @deprecated since 6.0, use {@link updatePolicyByRoleDraft()} instead. |
|
411
|
|
|
* |
|
412
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to update a policy |
|
413
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if limitation of the same type is repeated in policy update |
|
414
|
|
|
* struct or if limitation is not allowed on module/function |
|
415
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a limitation in the $policyUpdateStruct is not valid |
|
416
|
|
|
* |
|
417
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct $policyUpdateStruct |
|
418
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Policy $policy |
|
419
|
|
|
* |
|
420
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\Policy |
|
421
|
|
|
*/ |
|
422
|
|
View Code Duplication |
public function updatePolicy(Policy $policy, PolicyUpdateStruct $policyUpdateStruct) |
|
423
|
|
|
{ |
|
424
|
|
|
$returnValue = $this->service->updatePolicy($policy, $policyUpdateStruct); |
|
|
|
|
|
|
425
|
|
|
$this->signalDispatcher->emit( |
|
426
|
|
|
new UpdatePolicySignal( |
|
427
|
|
|
array( |
|
428
|
|
|
'policyId' => $policy->id, |
|
429
|
|
|
) |
|
430
|
|
|
) |
|
431
|
|
|
); |
|
432
|
|
|
|
|
433
|
|
|
return $returnValue; |
|
434
|
|
|
} |
|
435
|
|
|
|
|
436
|
|
|
/** |
|
437
|
|
|
* Loads a role for the given id. |
|
438
|
|
|
* |
|
439
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read this role |
|
440
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a role with the given name was not found |
|
441
|
|
|
* |
|
442
|
|
|
* @param mixed $id |
|
443
|
|
|
* |
|
444
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\Role |
|
445
|
|
|
*/ |
|
446
|
|
|
public function loadRole($id) |
|
447
|
|
|
{ |
|
448
|
|
|
return $this->service->loadRole($id); |
|
449
|
|
|
} |
|
450
|
|
|
|
|
451
|
|
|
/** |
|
452
|
|
|
* Loads a role for the given identifier. |
|
453
|
|
|
* |
|
454
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read this role |
|
455
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a role with the given name was not found |
|
456
|
|
|
* |
|
457
|
|
|
* @param string $identifier |
|
458
|
|
|
* |
|
459
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\Role |
|
460
|
|
|
*/ |
|
461
|
|
|
public function loadRoleByIdentifier($identifier) |
|
462
|
|
|
{ |
|
463
|
|
|
return $this->service->loadRoleByIdentifier($identifier); |
|
464
|
|
|
} |
|
465
|
|
|
|
|
466
|
|
|
/** |
|
467
|
|
|
* Loads all roles. |
|
468
|
|
|
* |
|
469
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read the roles |
|
470
|
|
|
* |
|
471
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\Role[] |
|
472
|
|
|
*/ |
|
473
|
|
|
public function loadRoles() |
|
474
|
|
|
{ |
|
475
|
|
|
return $this->service->loadRoles(); |
|
476
|
|
|
} |
|
477
|
|
|
|
|
478
|
|
|
/** |
|
479
|
|
|
* Deletes the given role. |
|
480
|
|
|
* |
|
481
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to delete this role |
|
482
|
|
|
* |
|
483
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
484
|
|
|
*/ |
|
485
|
|
|
public function deleteRole(Role $role) |
|
486
|
|
|
{ |
|
487
|
|
|
$returnValue = $this->service->deleteRole($role); |
|
488
|
|
|
$this->signalDispatcher->emit( |
|
489
|
|
|
new DeleteRoleSignal( |
|
490
|
|
|
array( |
|
491
|
|
|
'roleId' => $role->id, |
|
492
|
|
|
) |
|
493
|
|
|
) |
|
494
|
|
|
); |
|
495
|
|
|
|
|
496
|
|
|
return $returnValue; |
|
497
|
|
|
} |
|
498
|
|
|
|
|
499
|
|
|
/** |
|
500
|
|
|
* Loads all policies from roles which are assigned to a user or to user groups to which the user belongs. |
|
501
|
|
|
* |
|
502
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given id was not found |
|
503
|
|
|
* |
|
504
|
|
|
* @param mixed $userId |
|
505
|
|
|
* |
|
506
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\Policy[] |
|
507
|
|
|
*/ |
|
508
|
|
|
public function loadPoliciesByUserId($userId) |
|
509
|
|
|
{ |
|
510
|
|
|
return $this->service->loadPoliciesByUserId($userId); |
|
|
|
|
|
|
511
|
|
|
} |
|
512
|
|
|
|
|
513
|
|
|
/** |
|
514
|
|
|
* Assigns a role to the given user group. |
|
515
|
|
|
* |
|
516
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to assign a role |
|
517
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if $roleLimitation is not valid |
|
518
|
|
|
* |
|
519
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
520
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup |
|
521
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Limitation\RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation) |
|
522
|
|
|
*/ |
|
523
|
|
View Code Duplication |
public function assignRoleToUserGroup(Role $role, UserGroup $userGroup, RoleLimitation $roleLimitation = null) |
|
524
|
|
|
{ |
|
525
|
|
|
$returnValue = $this->service->assignRoleToUserGroup($role, $userGroup, $roleLimitation); |
|
526
|
|
|
$this->signalDispatcher->emit( |
|
527
|
|
|
new AssignRoleToUserGroupSignal( |
|
528
|
|
|
array( |
|
529
|
|
|
'roleId' => $role->id, |
|
530
|
|
|
'userGroupId' => $userGroup->id, |
|
531
|
|
|
'roleLimitation' => $roleLimitation, |
|
532
|
|
|
) |
|
533
|
|
|
) |
|
534
|
|
|
); |
|
535
|
|
|
|
|
536
|
|
|
return $returnValue; |
|
537
|
|
|
} |
|
538
|
|
|
|
|
539
|
|
|
/** |
|
540
|
|
|
* removes a role from the given user group. |
|
541
|
|
|
* |
|
542
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to remove a role |
|
543
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If the role is not assigned to the given user group |
|
544
|
|
|
* |
|
545
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
546
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup |
|
547
|
|
|
*/ |
|
548
|
|
|
public function unassignRoleFromUserGroup(Role $role, UserGroup $userGroup) |
|
549
|
|
|
{ |
|
550
|
|
|
$returnValue = $this->service->unassignRoleFromUserGroup($role, $userGroup); |
|
|
|
|
|
|
551
|
|
|
$this->signalDispatcher->emit( |
|
552
|
|
|
new UnassignRoleFromUserGroupSignal( |
|
553
|
|
|
array( |
|
554
|
|
|
'roleId' => $role->id, |
|
555
|
|
|
'userGroupId' => $userGroup->id, |
|
556
|
|
|
) |
|
557
|
|
|
) |
|
558
|
|
|
); |
|
559
|
|
|
|
|
560
|
|
|
return $returnValue; |
|
561
|
|
|
} |
|
562
|
|
|
|
|
563
|
|
|
/** |
|
564
|
|
|
* Assigns a role to the given user. |
|
565
|
|
|
* |
|
566
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to assign a role |
|
567
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if $roleLimitation is not valid |
|
568
|
|
|
* |
|
569
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
570
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\User $user |
|
571
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Limitation\RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation) |
|
572
|
|
|
*/ |
|
573
|
|
View Code Duplication |
public function assignRoleToUser(Role $role, User $user, RoleLimitation $roleLimitation = null) |
|
574
|
|
|
{ |
|
575
|
|
|
$returnValue = $this->service->assignRoleToUser($role, $user, $roleLimitation); |
|
576
|
|
|
$this->signalDispatcher->emit( |
|
577
|
|
|
new AssignRoleToUserSignal( |
|
578
|
|
|
array( |
|
579
|
|
|
'roleId' => $role->id, |
|
580
|
|
|
'userId' => $user->id, |
|
581
|
|
|
'roleLimitation' => $roleLimitation, |
|
582
|
|
|
) |
|
583
|
|
|
) |
|
584
|
|
|
); |
|
585
|
|
|
|
|
586
|
|
|
return $returnValue; |
|
587
|
|
|
} |
|
588
|
|
|
|
|
589
|
|
|
/** |
|
590
|
|
|
* removes a role from the given user. |
|
591
|
|
|
* |
|
592
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to remove a role |
|
593
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If the role is not assigned to the user |
|
594
|
|
|
* |
|
595
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
596
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\User $user |
|
597
|
|
|
*/ |
|
598
|
|
|
public function unassignRoleFromUser(Role $role, User $user) |
|
599
|
|
|
{ |
|
600
|
|
|
$returnValue = $this->service->unassignRoleFromUser($role, $user); |
|
|
|
|
|
|
601
|
|
|
$this->signalDispatcher->emit( |
|
602
|
|
|
new UnassignRoleFromUserSignal( |
|
603
|
|
|
array( |
|
604
|
|
|
'roleId' => $role->id, |
|
605
|
|
|
'userId' => $user->id, |
|
606
|
|
|
) |
|
607
|
|
|
) |
|
608
|
|
|
); |
|
609
|
|
|
|
|
610
|
|
|
return $returnValue; |
|
611
|
|
|
} |
|
612
|
|
|
|
|
613
|
|
|
/** |
|
614
|
|
|
* Removes the given role assignment. |
|
615
|
|
|
* |
|
616
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to remove a role assignment |
|
617
|
|
|
* |
|
618
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\RoleAssignment $roleAssignment |
|
619
|
|
|
*/ |
|
620
|
|
|
public function removeRoleAssignment(RoleAssignment $roleAssignment) |
|
621
|
|
|
{ |
|
622
|
|
|
$returnValue = $this->service->removeRoleAssignment($roleAssignment); |
|
623
|
|
|
$this->signalDispatcher->emit( |
|
624
|
|
|
new RemoveRoleAssignmentSignal([ |
|
625
|
|
|
'roleAssignmentId' => $roleAssignment->id, |
|
626
|
|
|
]) |
|
627
|
|
|
); |
|
628
|
|
|
|
|
629
|
|
|
return $returnValue; |
|
630
|
|
|
} |
|
631
|
|
|
|
|
632
|
|
|
/** |
|
633
|
|
|
* Loads a role assignment for the given id. |
|
634
|
|
|
* |
|
635
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read this role |
|
636
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException If the role assignment was not found |
|
637
|
|
|
* |
|
638
|
|
|
* @param mixed $roleAssignmentId |
|
639
|
|
|
* |
|
640
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleAssignment |
|
641
|
|
|
*/ |
|
642
|
|
|
public function loadRoleAssignment($roleAssignmentId) |
|
643
|
|
|
{ |
|
644
|
|
|
return $this->service->loadRoleAssignment($roleAssignmentId); |
|
645
|
|
|
} |
|
646
|
|
|
|
|
647
|
|
|
/** |
|
648
|
|
|
* Returns the assigned user and user groups to this role. |
|
649
|
|
|
* |
|
650
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read a role |
|
651
|
|
|
* |
|
652
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\Role $role |
|
653
|
|
|
* |
|
654
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleAssignment[] |
|
655
|
|
|
*/ |
|
656
|
|
|
public function getRoleAssignments(Role $role) |
|
657
|
|
|
{ |
|
658
|
|
|
return $this->service->getRoleAssignments($role); |
|
659
|
|
|
} |
|
660
|
|
|
|
|
661
|
|
|
/** |
|
662
|
|
|
* @see \eZ\Publish\API\Repository\RoleService::getRoleAssignmentsForUser() |
|
663
|
|
|
*/ |
|
664
|
|
|
public function getRoleAssignmentsForUser(User $user, $inherited = false) |
|
665
|
|
|
{ |
|
666
|
|
|
return $this->service->getRoleAssignmentsForUser($user, $inherited); |
|
667
|
|
|
} |
|
668
|
|
|
|
|
669
|
|
|
/** |
|
670
|
|
|
* Returns the roles assigned to the given user group. |
|
671
|
|
|
* |
|
672
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read a user group |
|
673
|
|
|
* |
|
674
|
|
|
* @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup |
|
675
|
|
|
* |
|
676
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\UserGroupRoleAssignment[] |
|
677
|
|
|
*/ |
|
678
|
|
|
public function getRoleAssignmentsForUserGroup(UserGroup $userGroup) |
|
679
|
|
|
{ |
|
680
|
|
|
return $this->service->getRoleAssignmentsForUserGroup($userGroup); |
|
681
|
|
|
} |
|
682
|
|
|
|
|
683
|
|
|
/** |
|
684
|
|
|
* Instantiates a role create class. |
|
685
|
|
|
* |
|
686
|
|
|
* @param string $name |
|
687
|
|
|
* |
|
688
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleCreateStruct |
|
689
|
|
|
*/ |
|
690
|
|
|
public function newRoleCreateStruct($name) |
|
691
|
|
|
{ |
|
692
|
|
|
return $this->service->newRoleCreateStruct($name); |
|
693
|
|
|
} |
|
694
|
|
|
|
|
695
|
|
|
/** |
|
696
|
|
|
* Instantiates a policy create class. |
|
697
|
|
|
* |
|
698
|
|
|
* @param string $module |
|
699
|
|
|
* @param string $function |
|
700
|
|
|
* |
|
701
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\PolicyCreateStruct |
|
702
|
|
|
*/ |
|
703
|
|
|
public function newPolicyCreateStruct($module, $function) |
|
704
|
|
|
{ |
|
705
|
|
|
return $this->service->newPolicyCreateStruct($module, $function); |
|
706
|
|
|
} |
|
707
|
|
|
|
|
708
|
|
|
/** |
|
709
|
|
|
* Instantiates a policy update class. |
|
710
|
|
|
* |
|
711
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct |
|
712
|
|
|
*/ |
|
713
|
|
|
public function newPolicyUpdateStruct() |
|
714
|
|
|
{ |
|
715
|
|
|
return $this->service->newPolicyUpdateStruct(); |
|
716
|
|
|
} |
|
717
|
|
|
|
|
718
|
|
|
/** |
|
719
|
|
|
* Instantiates a policy update class. |
|
720
|
|
|
* |
|
721
|
|
|
* @return \eZ\Publish\API\Repository\Values\User\RoleUpdateStruct |
|
722
|
|
|
*/ |
|
723
|
|
|
public function newRoleUpdateStruct() |
|
724
|
|
|
{ |
|
725
|
|
|
return $this->service->newRoleUpdateStruct(); |
|
726
|
|
|
} |
|
727
|
|
|
|
|
728
|
|
|
/** |
|
729
|
|
|
* Returns the LimitationType registered with the given identifier. |
|
730
|
|
|
* |
|
731
|
|
|
* @param string $identifier |
|
732
|
|
|
* |
|
733
|
|
|
* @return \eZ\Publish\SPI\Limitation\Type |
|
734
|
|
|
* |
|
735
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if there is no LimitationType with $identifier |
|
736
|
|
|
*/ |
|
737
|
|
|
public function getLimitationType($identifier) |
|
738
|
|
|
{ |
|
739
|
|
|
return $this->service->getLimitationType($identifier); |
|
740
|
|
|
} |
|
741
|
|
|
|
|
742
|
|
|
/** |
|
743
|
|
|
* Returns the LimitationType's assigned to a given module/function. |
|
744
|
|
|
* |
|
745
|
|
|
* Typically used for: |
|
746
|
|
|
* - Internal validation limitation value use on Policies |
|
747
|
|
|
* - Role admin gui for editing policy limitations incl list limitation options via valueSchema() |
|
748
|
|
|
* |
|
749
|
|
|
* @param string $module Legacy name of "controller", it's a unique identifier like "content" |
|
750
|
|
|
* @param string $function Legacy name of a controller "action", it's a unique within the controller like "read" |
|
751
|
|
|
* |
|
752
|
|
|
* @return \eZ\Publish\SPI\Limitation\Type[] |
|
753
|
|
|
* |
|
754
|
|
|
* @throws \eZ\Publish\API\Repository\Exceptions\BadStateException If module/function to limitation type mapping |
|
755
|
|
|
* refers to a non existing identifier. |
|
756
|
|
|
*/ |
|
757
|
|
|
public function getLimitationTypesByModuleFunction($module, $function) |
|
758
|
|
|
{ |
|
759
|
|
|
return $this->service->getLimitationTypesByModuleFunction($module, $function); |
|
760
|
|
|
} |
|
761
|
|
|
} |
|
762
|
|
|
|
ezsystems /
ezpublish-kernel
Loading history...
This method has been deprecated. The supplier of the class has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead.