/**
* Assigns a role to the given user.
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to assign a role
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if $roleLimitation is not valid
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If assignment already exists
*
* @param \eZ\Publish\API\Repository\Values\User\Role $role
* @param \eZ\Publish\API\Repository\Values\User\User $user
* @param \eZ\Publish\API\Repository\Values\User\Limitation\RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation)
*/
public function assignRoleToUser(APIRole $role, User $user, RoleLimitation $roleLimitation = null)
{
if ($this->repository->canUser('role', 'assign', $user, $role) !== true) {
throw new UnauthorizedException('role', 'assign');
}
if ($roleLimitation === null) {
$limitation = null;
} else {
$limitationValidationErrors = $this->limitationService->validateLimitation($roleLimitation);
if (!empty($limitationValidationErrors)) {
throw new LimitationValidationException($limitationValidationErrors);
}
$limitation = array($roleLimitation->getIdentifier() => $roleLimitation->limitationValues);
}
// Check if objects exists
$spiRole = $this->userHandler->loadRole($role->id);
$spiUser = $this->userHandler->load($user->id);
$limitation = $this->checkAssignmentAndFilterLimitationValues($spiUser->id, $spiRole, $limitation);
$this->repository->beginTransaction();
try {
$this->userHandler->assignRole($spiUser->id, $spiRole->id, $limitation);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
}
/**
* Loads all policies from roles which are assigned to a user or to user groups to which the user belongs
*
* @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given id was not found
*
* @param mixed $userId
*
* @return \eZ\Publish\API\Repository\Values\User\Policy[]
*/
public function loadPoliciesByUserId($userId)
{
$spiPolicies = $this->userHandler->loadPoliciesByUserId($userId);
$policies = array();
foreach ($spiPolicies as $spiPolicy) {
$policies[] = $this->buildDomainPolicyObject($spiPolicy);
}
if (empty($policies)) {
$this->userHandler->load($userId);
}
// For NotFoundException in case userId is invalid
return $policies;
}
/**
* Loads the users of a user group
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read the users or user group
*
* @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup
* @param int $offset
* @param int $limit
*
* @return \eZ\Publish\API\Repository\Values\User\User[]
*/
public function loadUsersOfUserGroup(APIUserGroup $userGroup, $offset = 0, $limit = -1)
{
$loadedUserGroup = $this->loadUserGroup($userGroup->id);
if ($loadedUserGroup->getVersionInfo()->getContentInfo()->mainLocationId === null) {
return array();
}
$mainGroupLocation = $this->repository->getLocationService()->loadLocation($loadedUserGroup->getVersionInfo()->getContentInfo()->mainLocationId);
$searchQuery = new Query();
$searchQuery->filter = new CriterionLogicalAnd(array(new CriterionContentTypeId($this->settings['userClassID']), new CriterionParentLocationId($mainGroupLocation->id)));
$searchQuery->offset = $offset > 0 ? (int) $offset : 0;
$searchQuery->limit = $limit >= 1 ? (int) $limit : null;
$searchQuery->sortClauses = array($this->getSortClauseBySortField($mainGroupLocation->sortField, $mainGroupLocation->sortOrder));
$searchResult = $this->repository->getSearchService()->findContent($searchQuery, array());
$users = array();
foreach ($searchResult->searchHits as $resultItem) {
$spiUser = $this->userHandler->load($resultItem->valueObject->id);
$users[] = $this->buildDomainUserObject($spiUser, $resultItem->valueObject);
}
return $users;
}
/**
* Loads the users of a user group.
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read the users or user group
*
* @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup
* @param int $offset the start offset for paging
* @param int $limit the number of users returned
*
* @return \eZ\Publish\API\Repository\Values\User\User[]
*/
public function loadUsersOfUserGroup(APIUserGroup $userGroup, $offset = 0, $limit = 25)
{
$loadedUserGroup = $this->loadUserGroup($userGroup->id);
if ($loadedUserGroup->getVersionInfo()->getContentInfo()->mainLocationId === null) {
return array();
}
$mainGroupLocation = $this->repository->getLocationService()->loadLocation($loadedUserGroup->getVersionInfo()->getContentInfo()->mainLocationId);
$searchQuery = new LocationQuery();
$searchQuery->filter = new CriterionLogicalAnd(array(new CriterionContentTypeId($this->settings['userClassID']), new CriterionParentLocationId($mainGroupLocation->id)));
$searchQuery->offset = $offset;
$searchQuery->limit = $limit;
$searchQuery->performCount = false;
$searchQuery->sortClauses = $mainGroupLocation->getSortClauses();
$searchResult = $this->repository->getSearchService()->findLocations($searchQuery);
$users = array();
foreach ($searchResult->searchHits as $resultItem) {
$users[] = $this->buildDomainUserObject($this->userHandler->load($resultItem->valueObject->contentInfo->id), $this->repository->getContentService()->internalLoadContent($resultItem->valueObject->contentInfo->id));
}
return $users;
}