/** * Assigns a role to the given user * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to assign a role * @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if $roleLimitation is not valid * * @param \eZ\Publish\API\Repository\Values\User\Role $role * @param \eZ\Publish\API\Repository\Values\User\User $user * @param \eZ\Publish\API\Repository\Values\User\Limitation\RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation) */ public function assignRoleToUser(APIRole $role, User $user, RoleLimitation $roleLimitation = null) { if ($this->repository->canUser('role', 'assign', $user, $role) !== true) { throw new UnauthorizedException('role', 'assign'); } if ($roleLimitation === null) { $limitation = null; } else { $limitationValidationErrors = $this->validateLimitation($roleLimitation); if (!empty($limitationValidationErrors)) { throw new LimitationValidationException($limitationValidationErrors); } $limitation = array($roleLimitation->getIdentifier() => $roleLimitation->limitationValues); } $loadedRole = $this->loadRole($role->id); $loadedUser = $this->repository->getUserService()->loadUser($user->id); $this->repository->beginTransaction(); try { $this->userHandler->assignRole($loadedUser->id, $loadedRole->id, $limitation); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }