/** * Assigns a role to the given user. * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to assign a role * @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if $roleLimitation is not valid * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If assignment already exists * * @param \eZ\Publish\API\Repository\Values\User\Role $role * @param \eZ\Publish\API\Repository\Values\User\User $user * @param \eZ\Publish\API\Repository\Values\User\Limitation\RoleLimitation $roleLimitation an optional role limitation (which is either a subtree limitation or section limitation) */ public function assignRoleToUser(APIRole $role, User $user, RoleLimitation $roleLimitation = null) { if ($this->repository->canUser('role', 'assign', $user, $role) !== true) { throw new UnauthorizedException('role', 'assign'); } if ($roleLimitation === null) { $limitation = null; } else { $limitationValidationErrors = $this->limitationService->validateLimitation($roleLimitation); if (!empty($limitationValidationErrors)) { throw new LimitationValidationException($limitationValidationErrors); } $limitation = array($roleLimitation->getIdentifier() => $roleLimitation->limitationValues); } // Check if objects exists $spiRole = $this->userHandler->loadRole($role->id); $spiUser = $this->userHandler->load($user->id); $limitation = $this->checkAssignmentAndFilterLimitationValues($spiUser->id, $spiRole, $limitation); $this->repository->beginTransaction(); try { $this->userHandler->assignRole($spiUser->id, $spiRole->id, $limitation); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }
/** * Loads all policies from roles which are assigned to a user or to user groups to which the user belongs * * @throws \eZ\Publish\API\Repository\Exceptions\NotFoundException if a user with the given id was not found * * @param mixed $userId * * @return \eZ\Publish\API\Repository\Values\User\Policy[] */ public function loadPoliciesByUserId($userId) { $spiPolicies = $this->userHandler->loadPoliciesByUserId($userId); $policies = array(); foreach ($spiPolicies as $spiPolicy) { $policies[] = $this->buildDomainPolicyObject($spiPolicy); } if (empty($policies)) { $this->userHandler->load($userId); } // For NotFoundException in case userId is invalid return $policies; }
/** * Loads the users of a user group * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read the users or user group * * @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup * @param int $offset * @param int $limit * * @return \eZ\Publish\API\Repository\Values\User\User[] */ public function loadUsersOfUserGroup(APIUserGroup $userGroup, $offset = 0, $limit = -1) { $loadedUserGroup = $this->loadUserGroup($userGroup->id); if ($loadedUserGroup->getVersionInfo()->getContentInfo()->mainLocationId === null) { return array(); } $mainGroupLocation = $this->repository->getLocationService()->loadLocation($loadedUserGroup->getVersionInfo()->getContentInfo()->mainLocationId); $searchQuery = new Query(); $searchQuery->filter = new CriterionLogicalAnd(array(new CriterionContentTypeId($this->settings['userClassID']), new CriterionParentLocationId($mainGroupLocation->id))); $searchQuery->offset = $offset > 0 ? (int) $offset : 0; $searchQuery->limit = $limit >= 1 ? (int) $limit : null; $searchQuery->sortClauses = array($this->getSortClauseBySortField($mainGroupLocation->sortField, $mainGroupLocation->sortOrder)); $searchResult = $this->repository->getSearchService()->findContent($searchQuery, array()); $users = array(); foreach ($searchResult->searchHits as $resultItem) { $spiUser = $this->userHandler->load($resultItem->valueObject->id); $users[] = $this->buildDomainUserObject($spiUser, $resultItem->valueObject); } return $users; }
/** * Loads the users of a user group. * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to read the users or user group * * @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup * @param int $offset the start offset for paging * @param int $limit the number of users returned * * @return \eZ\Publish\API\Repository\Values\User\User[] */ public function loadUsersOfUserGroup(APIUserGroup $userGroup, $offset = 0, $limit = 25) { $loadedUserGroup = $this->loadUserGroup($userGroup->id); if ($loadedUserGroup->getVersionInfo()->getContentInfo()->mainLocationId === null) { return array(); } $mainGroupLocation = $this->repository->getLocationService()->loadLocation($loadedUserGroup->getVersionInfo()->getContentInfo()->mainLocationId); $searchQuery = new LocationQuery(); $searchQuery->filter = new CriterionLogicalAnd(array(new CriterionContentTypeId($this->settings['userClassID']), new CriterionParentLocationId($mainGroupLocation->id))); $searchQuery->offset = $offset; $searchQuery->limit = $limit; $searchQuery->performCount = false; $searchQuery->sortClauses = $mainGroupLocation->getSortClauses(); $searchResult = $this->repository->getSearchService()->findLocations($searchQuery); $users = array(); foreach ($searchResult->searchHits as $resultItem) { $users[] = $this->buildDomainUserObject($this->userHandler->load($resultItem->valueObject->contentInfo->id), $this->repository->getContentService()->internalLoadContent($resultItem->valueObject->contentInfo->id)); } return $users; }