/** * removes a role from the given user. * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to remove a role * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException If the role is not assigned to the user * * @param \eZ\Publish\API\Repository\Values\User\Role $role * @param \eZ\Publish\API\Repository\Values\User\User $user */ public function unassignRoleFromUser(APIRole $role, User $user) { if ($this->repository->canUser('role', 'assign', $user, $role) !== true) { throw new UnauthorizedException('role', 'assign'); } $spiRoleAssignments = $this->userHandler->loadRoleAssignmentsByGroupId($user->id); $isAssigned = false; foreach ($spiRoleAssignments as $spiRoleAssignment) { if ($spiRoleAssignment->roleId === $role->id) { $isAssigned = true; break; } } if (!$isAssigned) { throw new InvalidArgumentException("\$user", "Role is not assigned to the given User"); } $this->repository->beginTransaction(); try { $this->userHandler->unAssignRole($user->id, $role->id); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } }