/**
* Validates Policies and Limitations in Role create struct.
*
* @uses validatePolicy()
*
* @param \eZ\Publish\API\Repository\Values\User\RoleCreateStruct $roleCreateStruct
*
* @return \eZ\Publish\Core\FieldType\ValidationError[][][]
*/
protected function validateRoleCreateStruct(APIRoleCreateStruct $roleCreateStruct)
{
$allErrors = array();
foreach ($roleCreateStruct->getPolicies() as $key => $policyCreateStruct) {
$errors = $this->validatePolicy($policyCreateStruct->module, $policyCreateStruct->function, $policyCreateStruct->getLimitations());
if (!empty($errors)) {
$allErrors[$key] = $errors;
}
}
return $allErrors;
}
/**
* Instantiates a role create class.
*
* @param string $name
*/
public function __construct($name)
{
parent::__construct(array('identifier' => $name));
}
/**
* Add policy to a new role.
*
* @param \eZ\Publish\API\Repository\Values\User\RoleCreateStruct $roleCreateStruct
* @param string $module
* @param string $function
* @param \eZ\Publish\API\Repository\Values\User\Limitation[] $limitations
*/
protected function addPolicyToNewRole(RoleCreateStruct $roleCreateStruct, $module, $function, array $limitations)
{
$roleService = $this->getRepository()->getRoleService();
$policyCreateStruct = $roleService->newPolicyCreateStruct($module, $function);
foreach ($limitations as $limitation) {
$policyCreateStruct->addLimitation($limitation);
}
$roleCreateStruct->addPolicy($policyCreateStruct);
}
/**
* Creates SPI Role create struct from provided API role create struct.
*
* @param \eZ\Publish\API\Repository\Values\User\RoleCreateStruct $roleCreateStruct
*
* @return \eZ\Publish\SPI\Persistence\User\RoleCreateStruct
*/
public function buildPersistenceRoleCreateStruct(APIRoleCreateStruct $roleCreateStruct)
{
$policiesToCreate = array();
foreach ($roleCreateStruct->getPolicies() as $policyCreateStruct) {
$policiesToCreate[] = $this->buildPersistencePolicyObject($policyCreateStruct->module, $policyCreateStruct->function, $policyCreateStruct->getLimitations());
}
return new SPIRoleCreateStruct(array('identifier' => $roleCreateStruct->identifier, 'policies' => $policiesToCreate));
}
/**
* Creates a new Role
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to create a role
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if the name of the role already exists
*
* @param \eZ\Publish\API\Repository\Values\User\RoleCreateStruct $roleCreateStruct
*
* @return \eZ\Publish\API\Repository\Values\User\Role
*/
public function createRole(RoleCreateStruct $roleCreateStruct)
{
if (false === $this->repository->hasAccess('role', '*')) {
throw new UnauthorizedExceptionStub('What error code should be used?');
}
if (isset($this->nameToRoleId[$roleCreateStruct->identifier])) {
throw new InvalidArgumentExceptionStub('What error code should be used?');
}
$role = new RoleStub(array('id' => ++$this->nextRoleId, 'identifier' => $roleCreateStruct->identifier));
$this->roles[$role->id] = $role;
$this->nameToRoleId[$role->identifier] = $role->id;
foreach ($roleCreateStruct->getPolicies() as $policy) {
$role = $this->addPolicy($role, $policy);
}
return $role;
}
