/**
* removes a role from the given user.
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to remove a role
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If the role is not assigned to the user
*
* @param \eZ\Publish\API\Repository\Values\User\Role $role
* @param \eZ\Publish\API\Repository\Values\User\User $user
*/
public function unassignRoleFromUser(APIRole $role, User $user)
{
if ($this->repository->canUser('role', 'assign', $user, $role) !== true) {
throw new UnauthorizedException('role', 'assign');
}
$spiRoleAssignments = $this->userHandler->loadRoleAssignmentsByGroupId($user->id);
$isAssigned = false;
foreach ($spiRoleAssignments as $spiRoleAssignment) {
if ($spiRoleAssignment->roleId === $role->id) {
$isAssigned = true;
break;
}
}
if (!$isAssigned) {
throw new InvalidArgumentException("\$user", "Role is not assigned to the given User");
}
$this->repository->beginTransaction();
try {
$this->userHandler->unAssignRole($user->id, $role->id);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
}
