diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 89acde84b4cf1372683e687ef8841f7e366b0f2b..e1819b2ee82534569cecb5e49027e15643ceda10 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -54,6 +54,7 @@ class TgExtra {
$this->connection['resource'] = $this->rbac->getConnection( "resource" );
$this->connection['role'] = $this->rbac->getConnection( "role" );
+ $this->connection['session'] = $this->rbac->getConnection( "session" );
}
@@ -351,74 +352,75 @@ class TgExtra {
-
- // -----------------------------------------------------
- // Function: addMember
- // Input: auth / xsd:string
- // log / xsd:string
- // username / xsd:string
- // role / xsd:string
- // Output: result / xsd:boolean
- // Description
- // Tries to add a user to a project. This is only possible
- // if the user exists and the session has the permission
- // "delegate" on the project.
- // -----------------------------------------------------
- public function addMember( $inRequest ) {
-
- $arrSplit = Array();
- $project = false;
- $result = new booleanResponse(); // The return-result
-
-
- // Extract the project from the role
- $arrSplit = preg_split( "/[,]/", $inRequest->role );
-
- for( $i = 0; $i < sizeof( $arrSplit ); $i++ ) {
-
- if( preg_match( "/^tgpr[0-9]+$/i", $arrSplit[$i] ) ) {
-
- $project = $arrSplit[$i];
-
- }
-
- }
-
-
- if( $project
- && $this->rbac->checkAccess( $inRequest->auth, "delegate", $project ) ) {
-
- try {
-
- if( $this->rbac->assignUser( $inRequest->username, $inRequest->role ) ) {
-
- $result->result = true;
-
- }
- else {
-
- $result->result = false;
-
- }
-
- }
- catch( RBACException $e ) {
-
- return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
-
- }
-
- }
- else {
-
- $result->result = false;
-
- }
-
-
- return $result;
-
- }
+// this does not activate the role in the user's session(s), see below for revised addMember function
+// // -----------------------------------------------------
+// // Function: addMember
+// // Input: auth / xsd:string
+// // log / xsd:string
+// // username / xsd:string
+// // role / xsd:string
+// // Output: result / xsd:boolean
+// // Description
+// // Tries to add a user to a project. This is only possible
+// // if the user exists and the session has the permission
+// // "delegate" on the project.
+// // -----------------------------------------------------
+// public function addMember( $inRequest ) {
+//
+// $arrSplit = Array();
+// $project = false;
+// $result = new booleanResponse(); // The return-result
+//
+//
+// // Extract the project from the role
+// $arrSplit = preg_split( "/[,]/", $inRequest->role );
+//
+// for( $i = 0; $i < sizeof( $arrSplit ); $i++ ) {
+//
+// if( preg_match( "/^tgpr[0-9]+$/i", $arrSplit[$i] ) ) {
+//
+// $project = $arrSplit[$i];
+//
+// }
+//
+// }
+//
+//
+// if( $project
+// && $this->rbac->checkAccess( $inRequest->auth, "delegate", $project ) ) {
+//
+// try {
+//
+// if( $this->rbac->assignUser( $inRequest->username, $inRequest->role ) ) {
+//
+//
+// $result->result = true;
+//
+// }
+// else {
+//
+// $result->result = false;
+//
+// }
+//
+// }
+// catch( RBACException $e ) {
+//
+// return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+//
+// }
+//
+// }
+// else {
+//
+// $result->result = false;
+//
+// }
+//
+//
+// return $result;
+//
+// }
@@ -2545,5 +2547,103 @@ class TgExtra {
}
+
+
+
+ // -----------------------------------------------------
+ // Function: addMember // tgAssignUser
+ // Input: auth / xsd:string
+ // username / xsd:string
+ // role / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Tries to authorize the user. If this is
+ // successful the given user is assigned to the
+ // role. In addition the new role is activated in
+ // all of the users sessions.
+ // -----------------------------------------------------
+ function addMember ( $inRequest ) {
+
+ $assignUserResult = false; // The result of the RBAC-call
+ $result = new booleanResponse(); // The result
+
+
+ $arrRoleSplit = preg_split( "/[,]/", $inRequest->role );
+
+ for( $i = 0; $i < sizeof( $arrRoleSplit ); $i++ ) {
+
+ if( preg_match( "/^TGPR[0-9]+$/i", $arrRoleSplit[$i] ) ) {
+
+ $projectName = $arrRoleSplit[$i];
+ break;
+
+ }
+
+ }
+
+
+ // Test if the user has apropriate rights to assign a user
+ // to the given role. The user may have directly the right
+ // to modify the given role or the user may have the right to
+ // modify the whole role-tree.
+ if( $this->rbac->checkAccess( $inRequest->auth, "delegate", $projectName )
+ || $this->rbac->checkAccess( $inRequest->auth, "administer", "role_base" ) ) {
+
+ fwrite( $file, "User has right to modify roles\n\n " );
+
+ try {
+
+ $assignUserResult = $this->rbac->assignUser( $inRequest->username, $inRequest->role );
+
+
+ $result->result = $assignUserResult;
+
+ }
+ catch( RBACException $e ) {
+
+ return new SoapFault( "rbacFault", $e->getCode(), get_class( $this->rbac ), $e->getMessage() );
+
+ }
+
+ }
+ else {
+
+ return new SoapFault( "rbacFault",
+ $this->config->getValue( "errorCode", "INSUFFICIENT_ACCESS" ),
+ get_class( $this ),
+ $this->config->getValue( "errorDescription", "INSUFFICIENT_ACCESS" ) );
+
+ }
+
+
+ if( $result->result ) {
+
+ // Now activate the new role in all of the user's
+ // sessions.
+ $filter = "(&(objectClass=rbacSession)(rbacSessionUser=" . $inRequest->username . "))";
+ $arrSession = $this->connection['session']->search( $this->rbac->getConfiguration()->getValue( "session", "base" ), $filter, "one" );
+
+
+ for( $i = 0; $i < sizeof( $arrSession ); $i++ ) {
+
+ try {
+
+ $this->rbac->addActiveRole( $inRequest->username, $arrSession[$i]['rbacname'][0], $inRequest->role );
+
+ }
+ catch( RBACException $e ) {
+
+ // Do nothing
+
+ }
+
+ }
+
+ }
+
+
+ return $result;
+
+ }
}
?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignUser.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignUser.php
index c4aa257dd7e8edf82cdcb6b97f22168d54f5f16f..4b0dc85f992bd2a08536208ab57a0c19696f55ed 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignUser.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/examples/assignUser.php
@@ -14,9 +14,7 @@ require_once( "../soapTypes.inc.php" );
// -----------------------------------------------------
// You'll need these services
// -----------------------------------------------------
-$soapExtra = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgextra.wsdl" );
-$soapSystem = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgsystem.wsdl" );
-$soapAdministration = new SoapClient( "http://textgrid.regengedanken.de/rbacSoap/wsdl/tgadministration.wsdl" );
+$soapExtra = new SoapClient( "../wsdl/tgextra.wsdl" );
echo "<BODY><HTML>";
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgadministration.wsdl b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgadministration.wsdl
index 86b13625f7ed56fbf49d5ccd01cba8ae74757ca7..1b8ea285fa10f7b855875b89a0975f3150c92b92 100644
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgadministration.wsdl
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgadministration.wsdl
@@ -68,7 +68,7 @@
</xsd:complexType>
</xsd:element>
- <!-- #### assignUser #### //-->
+ <!-- #### deassignUser #### //-->
<xsd:element name="deassignUserRequest">
<xsd:complexType>
<xsd:sequence>