function execute( $xml )
{
include_once( 'kernel/classes/ezrole.php' );
$assignmentList = $xml->getElementsByTagName( 'RoleAssignment' );
foreach ( $assignmentList as $roleAssignment )
{
$roleID = $this->getReferenceID( $roleAssignment->getAttribute( 'roleID' ) );
$assignTo = $this->getReferenceID( $roleAssignment->getAttribute( 'assignTo' ) );
$sectionLimitation = $this->getReferenceID( $roleAssignment->getAttribute( 'sectionLimitation' ) );
$subtreeLimitation = $this->getReferenceID( $roleAssignment->getAttribute( 'subtreeLimitation' ) );
$role = eZRole::fetch( $roleID );
if ( !$role )
{
$this->writeMessage( "\tRole $roleID does not exist.", 'warning' );
continue;
}
$referenceID = $this->getReferenceID( $assignTo );
if ( !$referenceID )
{
$this->writeMessage( "\tInvalid object $referenceID does not exist.", 'warning' );
continue;
}
if ( $sectionLimitation )
{
$section = $this->getReferenceID( $sectionLimitation );
if ( $section )
{
$role->assignToUser( $referenceID, 'section', $section );
$this->writeMessage( "\tAssigned role $roleID: $referenceID to $section", 'notice' );
}
else
{
$this->writeMessage( "\tInvalid section $sectionLimitation does not exist.", 'warning' );
continue;
}
}
elseif ( $subtreeLimitation )
{
$subtree = $this->getReferenceID( $subtreeLimitation );
if ( $subtree )
{
$role->assignToUser( $referenceID, 'subtree', $subtree );
$this->writeMessage( "\tAssigned role $roleID: $referenceID to $subtree", 'notice' );
}
else
{
$this->writeMessage( "\tInvalid section $subtreeLimitation does not exist.", 'warning' );
continue;
}
}
else
{
$role->assignToUser( $referenceID );
$this->writeMessage( "\tAssigned role $roleID: $referenceID", 'notice' );
}
}
}
return $Module->redirectTo($http->postVariable('BrowseCancelURI'));
}
}
if ($http->hasPostVariable('AssignSectionID') && $http->hasPostVariable('SectionID')) {
$Module->redirectTo('/role/assign/' . $roleID . '/' . $limitIdent . '/' . $http->postVariable('SectionID'));
} else {
if ($http->hasPostVariable('BrowseActionName') and $http->postVariable('BrowseActionName') == 'SelectObjectRelationNode') {
$selectedNodeIDArray = $http->postVariable('SelectedNodeIDArray');
if (count($selectedNodeIDArray) == 1) {
$limitValue = $selectedNodeIDArray[0];
}
$Module->redirectTo('/role/assign/' . $roleID . '/' . $limitIdent . '/' . $limitValue);
} else {
if ($http->hasPostVariable('BrowseActionName') and $http->postVariable('BrowseActionName') == 'AssignRole') {
$selectedObjectIDArray = $http->postVariable('SelectedObjectIDArray');
$role = eZRole::fetch($roleID);
$db = eZDB::instance();
$db->begin();
foreach ($selectedObjectIDArray as $objectID) {
$role->assignToUser($objectID, $limitIdent, $limitValue);
}
// Clear role caches.
eZRole::expireCache();
$db->commit();
if (count($selectedObjectIDArray) > 0) {
eZContentCacheManager::clearAllContentCache();
}
/* Clean up policy cache */
eZUser::cleanupCache();
$Module->redirectTo('/role/view/' . $roleID);
} else {
function fetchRole($roleID)
{
$role = eZRole::fetch($roleID);
return array('result' => $role);
}
$originalRoleID = $originalRole->attribute('id');
// Who changes which role(s) should be logged.
if ($http->hasSessionVariable('RoleWasChanged') and $http->sessionVariable('RoleWasChanged') === true) {
eZAudit::writeAudit('role-change', array('Role ID' => $originalRoleID, 'Role name' => $originalRoleName, 'Comment' => 'Changed the current role: kernel/role/edit.php'));
$http->removeSessionVariable('RoleWasChanged');
}
$originalRole->revertFromTemporaryVersion();
eZContentCacheManager::clearAllContentCache();
$Module->redirectTo($Module->functionURI('view') . '/' . $originalRoleID . '/');
/* Clean up policy cache */
eZUser::cleanupCache();
}
if ($http->hasPostVariable('Discard')) {
$http->removeSessionVariable('RoleWasChanged');
$role = eZRole::fetch($roleID);
$originalRole = eZRole::fetch($role->attribute('version'));
$role->removeThis();
if ($originalRole != null && $originalRole->attribute('is_new') == 1) {
$originalRole->remove();
}
$Module->redirectTo($Module->functionURI('list') . '/');
}
if ($http->hasPostVariable('ChangeRoleName')) {
$role->setAttribute('name', $http->postVariable('NewName'));
// Set flag for audit. If true audit will be processed
$http->setSessionVariable('RoleWasChanged', true);
}
if ($http->hasPostVariable('AddModule')) {
if ($http->hasPostVariable('Modules')) {
$currentModule = $http->postVariable('Modules');
} else {
static function fetchRolesByLimitation($limit_identifier, $limit_value)
{
$db = eZDB::instance();
$limit_identifier = $db->escapeString($limit_identifier);
$limit_value = $db->escapeString($limit_value);
$query = "SELECT DISTINCT\n ezuser_role.role_id as role_id,\n ezuser_role.contentobject_id as user_id\n FROM\n ezuser_role\n WHERE\n ezuser_role.limit_value = '{$limit_value}' AND\n ezuser_role.limit_identifier = '{$limit_identifier}'";
$userRoleArray = $db->arrayQuery($query);
$userRoles = array();
foreach ($userRoleArray as $userRole) {
$role = array();
$role['user'] = eZContentObject::fetch($userRole['user_id']);
$role['role'] = eZRole::fetch($userRole['role_id']);
$userRoles[] = $role;
}
return $userRoles;
}
