ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2  /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapUserAdministration extends ilSoapAdministration
36 {
37  function ilSoapUserAdministration()
38  {
39  parent::ilSoapAdministration();
40  }
41 
42 
43  // Service methods
44  function login($client,$username,$password)
45  {
46  $this->__initAuthenticationObject();
47  $this->sauth->setClient($client);
48  $this->sauth->setUsername($username);
49  $this->sauth->setPassword($password);
50 
51  $authenticated = true;
52  if(!$this->sauth->authenticate())
53  {
54  // Check if password is md5 crypted check for it
55  if(strlen($password) == 32)
56  {
57  $this->__initAuthenticationObject();
58  $this->sauth->setClient($client);
59  $this->sauth->setUsername($username);
60  $this->sauth->setPassword($password);
61  $this->sauth->setPasswordType(IL_AUTH_MD5);
62  if(!$this->sauth->authenticate())
63  {
64  $authenticated = false;
65  }
66  }
67  else
68  {
69  $authenticated = false;
70  }
71  }
72  if(!$authenticated)
73  {
74  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
75  }
76  return $this->sauth->getSid().'::'.$client;
77  }
78 
79  // Service methods
80  function loginCAS($client, $PT, $username)
81  {
82  $this->__initAuthenticationObject(AUTH_CAS);
83  $this->sauth->setClient($client);
84  $this->sauth->setUsername($username);
85  $this->sauth->setPT($PT);
86  $authenticated = true;
87  //include_once("./Services/CAS/classes/class.ilCASAuth.php");
88  //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
89  if(!$this->sauth->authenticate())
90  {
91  $authenticated = false;
92  }
93  if(!$authenticated)
94  {
95  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
96  }
97  return $this->sauth->getSid().'::'.$client;
98  }
99 
100  // Service methods
101  function loginLDAP($client, $username, $password)
102  {
103  $this->__initAuthenticationObject(AUTH_LDAP);
104  $this->sauth->setClient($client);
105  $this->sauth->setUsername($username);
106  $this->sauth->setPassword($password);
107  $authenticated = true;
108  if(!$this->sauth->authenticate())
109  {
110  $authenticated = false;
111  }
112  if(!$authenticated)
113  {
114  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
115  }
116  return $this->sauth->getSid().'::'.$client;
117  }
118 
119  function logout($sid)
120  {
121  if(!$this->__checkSession($sid))
122  {
123  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
124  }
125 
126  if(!$this->sauth->logout())
127  {
128  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
129  }
130 
131  return true;
132  }
133 
134  function lookupUser($sid,$user_name)
135  {
136  if(!$this->__checkSession($sid))
137  {
138  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
139  }
140 
141  if(!strlen($user_name))
142  {
143  return $this->__raiseError('No username given. Aborting','Client');
144  }
145 
146  // Include main header
147  include_once './include/inc.header.php';
148  global $rbacsystem, $ilUser ;
149 
150 
151  if($ilUser->getLogin() != $user_name && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
152  {
153  return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
154  }
155 
156  $user_id = ilObjUser::getUserIdByLogin($user_name);
157 
158 
159  return $user_id ? $user_id : "0";
160 
161  }
162 
163  function getUser($sid,$user_id)
164  {
165  if(!$this->__checkSession($sid))
166  {
167  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
168  }
169 
170  // Include main header
171  include_once './include/inc.header.php';
172  global $rbacsystem, $ilUser;
173 
174  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
175  {
176  return $this->__raiseError('Check access failed.','Server');
177  }
178 
179  if($ilUser->getLoginByUserId($user_id))
180  {
181  $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
182  $usr_data = $this->__readUserData($tmp_user);
183 
184  return $usr_data;
185  }
186  return $this->__raiseError('User does not exist','Client');
187  }
188 
189  function updateUser($sid,$user_data)
190  {
191  if(!$this->__checkSession($sid))
192  {
193  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
194  }
195 
196  // Include main header
197  include_once './include/inc.header.php';
198  global $rbacsystem, $ilUser, $log;
199 
200  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
201  {
202  return $this->__raiseError('Check access failed.','Server');
203  }
204 
205  if(!$user_obj =& ilObjectFactory::getInstanceByObjId($user_data['usr_id'],false))
206  {
207  return $this->__raiseError('User with id '.$user_data['usr_id'].' does not exist.','Client');
208  }
209 
210  $user_old = $this->__readUserData($user_obj);
211  $user_new = $this->__substituteUserData($user_old,$user_data);
212 
213  if(!$this->__validateUserData($user_new,false))
214  {
215  return $this->__raiseError($this->__getMessage(),'Client');
216  }
217 
218  if(strlen($user_data['passwd']) != 32)
219  {
220  $user_new['passwd_type'] = IL_PASSWD_PLAIN;
221  }
222  else
223  {
224  $user_new['passwd_type'] = IL_PASSWD_MD5;
225  }
226  $this->__setUserData($user_obj,$user_new);
227 
228  $log->write('SOAP: updateUser()');
229  $user_obj->update();
230 
231  if($user_data['accepted_agreement'] and !$user_obj->hasAcceptedUserAgreement())
232  {
233  $user_obj->writeAccepted();
234  }
235 
236  return true;
237  }
238 
239  function updatePassword($sid,$user_id,$new_password)
240  {
241  if(!$this->__checkSession($sid))
242  {
243  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
244  }
245 
246  // Include main header
247  include_once './include/inc.header.php';
248  global $rbacsystem;
249 
250  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
251  {
252  return $this->__raiseError('Check access failed.','Server');
253  }
254 
255  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
256  {
257  return $this->__raiseError('No valid user_id given.','Client');
258  }
259 
260  $tmp_user->replacePassword($new_password);
261 
262  return true;
263  }
264 
265  function addUser($sid,$user_data,$global_role_id)
266  {
267  if(!$this->__checkSession($sid))
268  {
269  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
270  }
271 
272  // Include main header
273  include_once './include/inc.header.php';
274  global $rbacsystem, $rbacreview, $ilLog, $rbacadmin,$ilSetting;
275 
276  if(!$rbacsystem->checkAccess('create_user',USER_FOLDER_ID))
277  {
278  return $this->__raiseError('Check access failed.','Server');
279  }
280 
281  // Validate user_data
282  if(!$this->__validateUserData($user_data))
283  {
284  return $this->__raiseError($this->__getMessage(),'Client');
285  }
286  // Validate global role
287  if(!$global_role_id)
288  {
289  return $this->__raiseError('No role id given','Client');
290  }
291 
292  // Validate global role
293 
294  $global_roles = $rbacreview->getGlobalRoles();
295 
296  if(!in_array($global_role_id,$global_roles))
297  {
298  return $this->__raiseError('Role with id: '.$global_role_id.' is not a valid global role','Client');
299  }
300 
301  $new_user =& new ilObjUser();
302 
303  if(strlen($user_data['passwd']) != 32)
304  {
305  $user_data['passwd_type'] = IL_PASSWD_PLAIN;
306  }
307  else
308  {
309  $user_data['passwd_type'] = IL_PASSWD_MD5;
310  }
311  $this->__setUserData($new_user,$user_data);
312 
313  $ilLog->write('SOAP: addUser()');
314 
315  // Need this for entry in object_data
316  $new_user->setTitle($new_user->getFullname());
317  $new_user->setDescription($new_user->getEmail());
318 
319  if ($user_data["import_id"] != "")
320  {
321  $new_user->setImportId($user_data["import_id"]);
322  }
323 
324  $new_user->create();
325 
326 
327  $new_user->saveAsNew();
328 
329  // If agreement is given. Set user agreement accepted.
330  if($user_data['accepted_agreement'])
331  {
332  $new_user->writeAccepted();
333  }
334 
335  // Assign role
336  $rbacadmin->assignUser($global_role_id,$new_user->getId());
337 
338  // Assign user prefs
339  $new_user->setLanguage($user_data['user_language']);
340  $new_user->setPref('style',$user_data['user_style']);
341  $new_user->setPref('skin',$user_data['user_skin']);
342  $new_user->setPref('hits_per_page',$ilSetting->get('hits_per_page'));
343  $new_user->setPref('show_users_online',$ilSetting->get('show_users_online'));
344  $new_user->writePrefs();
345 
346  return $new_user->getId();
347  }
348 
349  function deleteUser($sid,$user_id)
350  {
351  if(!$this->__checkSession($sid))
352  {
353  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
354  }
355 
356  if(!isset($user_id))
357  {
358  return $this->__raiseError('No user_id given. Aborting','Client');
359  }
360 
361  // Include main header
362  include_once './include/inc.header.php';
363  global $rbacsystem, $ilUser, $log;
364 
365  if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
366  {
367  return $this->__raiseError('Check access failed.','Server');
368  }
369 
370  if(!$ilUser->getLoginByUserId($user_id))
371  {
372  return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
373  }
374  if($ilUser->getId() == $user_id)
375  {
376  return $this->__raiseError('Cannot delete myself. Aborting','Client');
377  }
378  if($user_id == SYSTEM_USER_ID)
379  {
380  return $this->__raiseError('Cannot delete root account. Aborting','Client');
381  }
382  // Delete him
383  $log->write('SOAP: deleteUser()');
384  $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
385  $delete_user->delete();
386 
387  return true;
388  }
389 
390 
391 
392 
393  // PRIVATE
394  function __validateUserData(&$user_data,$check_complete = true)
395  {
396  global $lng,$styleDefinition,$ilLog;
397 
398  $this->__setMessage('');
399 
400  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
401  $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(
402  ilAuthUtils::_getAuthMode($user_data['auth_mode']));
403 
404  if($check_complete)
405  {
406  if(!isset($user_data['login']))
407  {
408  $this->__appendMessage('No login given.');
409  }
410  if(!isset($user_data['passwd']) and !$allow_empty_password)
411  {
412  $this->__appendMessage('No password given.');
413  }
414  if(!isset($user_data['email']))
415  {
416  $this->__appendMessage('No email given');
417  }
418  if(!isset($user_data['user_language']))
419  {
420  $user_data['user_language'] = $lng->getDefaultLanguage();
421  }
422  }
423  foreach($user_data as $field => $value)
424  {
425  switch($field)
426  {
427  case 'login':
428  if (!ilUtil::isLogin($value))
429  {
430  $this->__appendMessage('Login invalid.');
431  }
432 
433  // check loginname
434  if($check_complete)
435  {
436  if (ilObjUser::_loginExists($value))
437  {
438  $this->__appendMessage('Login already exists.');
439  }
440  }
441  break;
442 
443  case 'passwd':
444  if(!strlen($value) and $allow_empty_password)
445  {
446  break;
447  }
448  if (!ilUtil::isPassword($value))
449  {
450  $this->__appendMessage('Password invalid.');
451  }
452  break;
453 
454  case 'email':
455  if(!ilUtil::is_email($value))
456  {
457  $this->__appendMessage('Email invalid.');
458  }
459  break;
460 
461  case 'time_limit_unlimited':
462  if($value != 1)
463  {
464  if($user_data['time_limit_from'] >= $user_data['time_limit_until'])
465  {
466  $this->__appendMessage('Time limit invalid');
467  }
468  }
469  break;
470 
471  case 'user_language':
472  $lang_inst = $lng->getInstalledLanguages();
473 
474  if(!in_array($user_data['user_language'],$lang_inst))
475  {
476  $this->__appendMessage('Language: '.$user_data['user_language'].' is not installed');
477  }
478  break;
479 
480 
481  case 'user_skin':
482  case 'user_style':
483  if(($user_data['user_skin'] and !$user_data['user_style']) or
484  (!$user_data['user_skin'] and $user_data['user_style']))
485  {
486  $this->__appendMessage('user_skin, user_style not valid.');
487  }
488  elseif($user_data['user_skin'] and $user_data['user_style'])
489  {
490  $ok = false;
491  $templates = $styleDefinition->getAllTemplates();
492  if (count($templates) > 0 && is_array($templates))
493  {
494  foreach($templates as $template)
495  {
496  $styleDef =& new ilStyleDefinition($template["id"]);
497  $styleDef->startParsing();
498  $styles = $styleDef->getStyles();
499  foreach ($styles as $style)
500  {
501  if ($user_data['user_skin'] == $template["id"] &&
502  $user_data['user_style'] == $style["id"])
503  {
504  $ok = true;
505  }
506  }
507  }
508  if(!$ok)
509  {
510  $this->__appendMessage('user_skin, user_style not valid.');
511  }
512  }
513  }
514  break;
515 
516  case 'time_limit_owner':
517  $type = ilObject::_lookupType($user_data['time_limit_owner'],true);
518  if($type != 'cat' and $type != 'usrf')
519  {
520  $this->__appendMessage('time_limit_owner must be ref_id of category or user folder'.$type);
521  }
522  break;
523 
524 
525 
526  default:
527  continue;
528  }
529  }
530  return strlen($this->__getMessage()) ? false : true;
531  }
532 
533  function __setUserData(&$user_obj,&$user_data)
534  {
535  // Default to unlimited if no access period is given
536  if(!$user_data['time_limit_from'] and
537  !$user_data['time_limit_until'] and
538  !$user_data['time_limit_unlimited'])
539  {
540  $user_data['time_limit_unlimited'] = 1;
541  }
542  if(!$user_data['time_limit_owner'])
543  {
544  $user_data['time_limit_owner'] = USER_FOLDER_ID;
545  }
546 
547 
548  // not supported fields by update/addUser
549  $user_data['im_icq'] = $user_obj->getInstantMessengerId('icq');
550  $user_data['im_yahoo'] = $user_obj->getInstantMessengerId('yahoo');
551  $user_data['im_msn'] = $user_obj->getInstantMessengerId('msn');
552  $user_data['im_aim'] = $user_obj->getInstantMessengerId('aim');
553  $user_data['im_skype'] = $user_obj->getInstantMessengerId('skype');
554 
555  $user_data['delicious'] = $user_obj->getDelicious();
556  $user_data['latitude'] = $user_obj->getLatitude();
557  $user_data['longitude'] = $user_obj->getLongitude();
558  $user_data['loc_zoom'] = $user_obj->getLocationZoom();
559 
560 
561  $user_data['auth_mode'] = $user_obj->getAuthMode();
562  $user_data['ext_account'] = $user_obj->getExternalAccount();
563  $user_obj->assignData($user_data);
564 
565  if(isset($user_data['user_language']))
566  {
567  $user_obj->setLanguage($user_data['user_language']);
568  }
569  if(isset($user_data['user_skin']) and isset($user_data['user_style']))
570  {
571  $user_obj->setPref('skin',$user_data['user_skin']);
572  $user_obj->setPref('style',$user_data['user_style']);
573  }
574  return true;
575  }
576 
577  function __readUserData(&$usr_obj)
578  {
579  $usr_data['usr_id'] = $usr_obj->getId();
580  $usr_data['login'] = $usr_obj->getLogin();
581  $usr_data['passwd'] = $usr_obj->getPasswd();
582  $usr_data['passwd_type'] = $usr_obj->getPasswdType();
583  $usr_data['firstname'] = $usr_obj->getFirstname();
584  $usr_data['lastname'] = $usr_obj->getLastname();
585  $usr_data['title'] = $usr_obj->getUTitle();
586  $usr_data['gender'] = $usr_obj->getGender();
587  $usr_data['email'] = $usr_obj->getEmail();
588  $usr_data['institution'] = $usr_obj->getInstitution();
589  $usr_data['street'] = $usr_obj->getStreet();
590  $usr_data['city'] = $usr_obj->getCity();
591  $usr_data['zipcode'] = $usr_obj->getZipcode();
592  $usr_data['country'] = $usr_obj->getCountry();
593  $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
594  $usr_data['last_login'] = $usr_obj->getLastLogin();
595  $usr_data['last_update'] = $usr_obj->getLastUpdate();
596  $usr_data['create_date'] = $usr_obj->getCreateDate();
597  $usr_data['hobby'] = $usr_obj->getHobby();
598  $usr_data['department'] = $usr_obj->getDepartment();
599  $usr_data['phone_home'] = $usr_obj->getPhoneHome();
600  $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
601  $usr_data['fax'] = $usr_obj->getFax();
602  $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
603  $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
604  $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
605  $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
606  $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
607  $usr_data['referral_comment'] = $usr_obj->getComment();
608  $usr_data['matriculation'] = $usr_obj->getMatriculation();
609  $usr_data['active'] = $usr_obj->getActive();
610  $usr_data['approve_date'] = $usr_obj->getApproveDate();
611  $usr_data['user_skin'] = $usr_obj->getPref('skin');
612  $usr_data['user_style'] = $usr_obj->getPref('style');
613  $usr_data['user_language'] = $usr_obj->getLanguage();
614  $usr_data['auth_mode'] = $usr_obj->getAuthMode();
615  $usr_data['accepted_agreement'] = $usr_obj->hasAcceptedUserAgreement();
616  $usr_data['import_id'] = $usr_obj->getImportId();
617 
618  return $usr_data;
619  }
620 
621  function __substituteUserData($user_old,$user_new)
622  {
623  foreach($user_new as $key => $value)
624  {
625  $user_old[$key] = $value;
626  }
627  return $user_old ? $user_old : array();
628  }
629 
636  function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
637  {
638  if(!$this->__checkSession($sid))
639  {
640  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
641  }
642 
643 
644  // Include main header
645  include_once './include/inc.header.php';
646  include_once './Services/User/classes/class.ilUserImportParser.php';
647  include_once './Services/AccessControl/classes/class.ilObjRole.php';
648  include_once './classes/class.ilObjectFactory.php';
649  global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
650 
651  // this takes time but is nescessary
652  $error = false;
653 
654 
655  // validate to prevent wrong XMLs
656  $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
657  if ($error)
658  {
659  $msg = array();
660  if (is_array($error))
661  {
662  foreach ($error as $err) {
663  $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
664  }
665  }
666  else
667  {
668  $msg[] = $error;
669  }
670  $msg = join("\n",$msg);
671  return $this->__raiseError($msg, "Client");
672  }
673 
674 
675  switch ($conflict_rule)
676  {
677  case 2:
678  $conflict_rule = IL_UPDATE_ON_CONFLICT;
679  break;
680  case 3:
681  $conflict_rule = IL_IGNORE_ON_CONFLICT;
682  break;
683  default:
684  $conflict_rule = IL_FAIL_ON_CONFLICT;
685  }
686 
687 
688  // folder id 0, means to check permission on user basis!
689  // must have create user right in time_limit_owner property (which is ref_id of container)
690  if ($folder_id != 0)
691  {
692  // determine where to import
693  if ($folder_id == -1)
694  $folder_id = USER_FOLDER_ID;
695 
696  // get folder
697  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
698  // id does not exist
699  if (!$import_folder)
700  return $this->__raiseError('Wrong reference id.','Server');
701 
702  // folder is not a folder, can also be a category
703  if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
704  return $this->__raiseError('Folder must be a usr folder or a category.','Server');
705 
706  // check access to folder
707  if(!$rbacsystem->checkAccess('create_user',$folder_id))
708  {
709  return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
710  }
711  }
712 
713  // first verify
714 
715 
716  $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
717  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
718  $importParser->setXMLContent($usr_xml);
719  $importParser->startParsing();
720 
721  switch ($importParser->getErrorLevel())
722  {
723  case IL_IMPORT_SUCCESS :
724  break;
725  case IL_IMPORT_WARNING :
726  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
727  break;
728  case IL_IMPORT_FAILURE :
729  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
730  }
731 
732  // verify is ok, so get role assignments
733 
734  $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
735  $importParser->setXMLContent($usr_xml);
736  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
737  $importParser->startParsing();
738 
739  $roles = $importParser->getCollectedRoles();
740 
741  //print_r($roles);
742 
743 
744 
745  // roles to be assigned, skip if one is not allowed!
746  $permitted_roles = array();
747  foreach ($roles as $role_id => $role)
748  {
749  if (!is_numeric ($role_id))
750  {
751  // check if internal id
752  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
753 
754  if (is_numeric($internalId))
755  {
756  $role_id = $internalId;
757  $role_name = $role_id;
758  }
759 /* else // perhaps it is a rolename
760  {
761  $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
762  $role_name = $role->title;
763  $role_id = $role->role_id;
764  }*/
765  }
766 
767  if($this->isPermittedRole($folder_id,$role_id))
768  {
769  $permitted_roles[$role_id] = $role_id;
770  }
771  else
772  {
773  $role_name = ilObject::_lookupTitle($role_id);
774  return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
775  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
776  }
777  }
778 
779  $global_roles = $rbacreview->getGlobalRoles();
780 
781  //print_r ($global_roles);
782 
783 
784 
785  foreach ($permitted_roles as $role_id => $role_name)
786  {
787  if ($role_id != "")
788  {
789  if (in_array($role_id, $global_roles))
790  {
791  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
792  || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
793  )
794  {
795  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
796  }
797  }
798  else
799  {
800  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
801  if ($rbacreview->isDeleted($rolf[0])
802  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
803  {
804 
805  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
806  }
807  }
808  }
809  }
810 
811  //print_r ($permitted_roles);
812 
813  $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
814  $importParser->setSendMail($send_account_mail);
815  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
816  $importParser->setFolderId($folder_id);
817  $importParser->setXMLContent($usr_xml);
818 
819  $importParser->setRoleAssignment($permitted_roles);
820 
821  $importParser->startParsing();
822 
823  if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
824  {
825  return $this->__getUserMappingAsXML ($importParser->getUserMapping());
826  }
827  return $this->__getImportProtocolAsXML ($importParser->getProtocol());
828 
829  }
830 
838  protected function isPermittedRole($a_folder,$a_role)
839  {
840  static $checked_roles = array();
841  static $global_roles = null;
842 
843 
844  if(isset($checked_roles[$a_role]))
845  {
846  return $checked_roles[$a_role];
847  }
848 
849  global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
850 
851  $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
852  $location = $locations[0];
853 
854  // global role
855  if($location == ROLE_FOLDER_ID)
856  {
857  $ilLog->write(__METHOD__.': Check global role');
858  // check assignment permission if called from local admin
859 
860 
861  if($a_folder != USER_FOLDER_ID and $a_folder != 0)
862  {
863  $ilLog->write(__METHOD__.': '.$a_folder);
864  include_once './Services/AccessControl/classes/class.ilObjRole.php';
865  if(!ilObjRole::_getAssignUsersStatus($a_role))
866  {
867  $ilLog->write(__METHOD__.': No assignment allowed');
868  $checked_roles[$a_role] = false;
869  return false;
870  }
871  }
872  // exclude anonymous role from list
873  if ($a_role == ANONYMOUS_ROLE_ID)
874  {
875  $ilLog->write(__METHOD__.': Anonymous role chosen.');
876  $checked_roles[$a_role] = false;
877  return false;
878  }
879  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
880  if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
881  {
882  $ilLog->write(__METHOD__.': System role assignment forbidden.');
883  $checked_roles[$a_role] = false;
884  return false;
885  }
886 
887  // Global role assignment ok
888  $ilLog->write(__METHOD__.': Assignment allowed.');
889  $checked_roles[$a_role] = true;
890  return true;
891  }
892  elseif($location)
893  {
894  $ilLog->write(__METHOD__.': Check local role.');
895 
896  // It's a local role
897  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
898  $rolf = $rolfs[0];
899 
900 
901  // only process role folders that are not set to status "deleted"
902  // and for which the user has write permissions.
903  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
904  // (The ROLE_FOLDER_ID folder contains the global roles).
905  if($rbacreview->isDeleted($rolf)
906  || !$rbacsystem->checkAccess('edit_permission',$tree->getParentId($rolf)))
907  {
908  $ilLog->write(__METHOD__.': Role deleted or no permission.');
909  $checked_roles[$a_role] = false;
910  return false;
911  }
912  // A local role is only displayed, if it is contained in the subtree of
913  // the localy administrated category. If the import function has been
914  // invoked from the user folder object, we show all local roles, because
915  // the user folder object is considered the parent of all local roles.
916  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
917  // isInSubtree variable with true. In all other cases it is initialized
918  // with false, and only set to true if we find the object id of the
919  // locally administrated category in the tree path to the local role.
920  if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
921  {
922  $ilLog->write(__METHOD__.': Not in path of category.');
923  $checked_roles[$a_role] = false;
924  return false;
925  }
926  $ilLog->write(__METHOD__.': Assignment allowed.');
927  $checked_roles[$a_role] = true;
928  return true;
929  }
930  }
931 
932 
936  function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
937  {
938 
939  if(!$this->__checkSession($sid))
940  {
941  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
942  }
943 
944  // Include main header
945  include_once './include/inc.header.php';
946  global $ilDB, $tree, $rbacreview, $rbacsystem;
947 
948  if ($ref_id == -1)
949  $ref_id = USER_FOLDER_ID;
950 
951  $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
952  if ($this->isFault($object))
953  return $object;
954 
955  $data = array();
956  switch ($object->getType()) {
957  case "usrf":
958  $data = ilObjUser::_getUsersForFolder(USER_FOLDER_ID, $active);
959  break;
960  case "cat":
961  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
962  break;
963  case "crs":
964  {
965  $object->initCourseMemberObject();
966 
967  // GET ALL MEMBERS
968  $roles = $object->__getLocalRoles();
969 
970  foreach($roles as $role_id)
971  {
972  $data = array_merge($rbacreview->assignedUsers($role_id, array()),$data);
973  }
974 
975  break;
976  }
977  case "grp":
978  $member_ids = $object->getGroupMemberIds();
979  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
980  break;
981  case "sess":
982  $course_ref_id = $tree->checkForParentType($ref_id,'crs');
983  if(!$course_ref_id)
984  {
985  return $this->__raiseError("No course for session", "Client");
986  }
987 
988  $event_obj_id = ilObject::_lookupObjId($ref_id);
989  include_once 'Modules/Session/classes/class.ilEventParticipants.php';
990  $event_part = new ilEventParticipants($event_obj_id);
991  $member_ids = array_keys($event_part->getParticipants());
992  $data = ilObjUser::_getUsersForIds($member_ids, $active);
993  break;
994  }
995 
996  if (is_array($data))
997  {
998  include_once './Services/User/classes/class.ilUserXMLWriter.php';
999 
1000  $xmlWriter = new ilUserXMLWriter();
1001  $xmlWriter->setObjects($data);
1002  $xmlWriter->setAttachRoles ($attachRoles);
1003 
1004  if($xmlWriter->start())
1005  {
1006  return $xmlWriter->getXML();
1007  }
1008  }
1009  return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
1010  }
1011 
1012 
1016  function getUserForRole($sid, $role_id, $attachRoles, $active)
1017  {
1018 
1019  if(!$this->__checkSession($sid))
1020  {
1021  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
1022  }
1023 
1024  // Include main header
1025  include_once './include/inc.header.php';
1026  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1027  global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
1028 
1029 
1030  $global_roles = $rbacreview->getGlobalRoles();
1031 
1032 
1033  if (in_array($role_id, $global_roles))
1034  {
1035  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
1036  )
1037  {
1038  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1039  }
1040  }
1041  else
1042  {
1043  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
1044  if ($rbacreview->isDeleted($rolf[0])
1045  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
1046  {
1047  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1048  }
1049  include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
1050  $privacy = ilPrivacySettings::_getInstance();
1051  if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
1052  !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
1053  return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
1054  }
1055 
1056 
1057  }
1058 
1059  $data = ilObjUser::_getUsersForRole($role_id, $active);
1060  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1061 
1062  $xmlWriter = new ilUserXMLWriter();
1063  $xmlWriter->setAttachRoles($attachRoles);
1064 
1065  $xmlWriter->setObjects($data);
1066 
1067  if($xmlWriter->start())
1068  {
1069  return $xmlWriter->getXML();
1070  }
1071  return $this->__raiseError('Error in getUsersForRole','Server');
1072  }
1073 
1074 
1075 
1080  function __getImportProtocolAsXML ($a_array){
1081  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1082  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1083 
1084  $xmlResultSet = new ilXMLResultSet ();
1085  $xmlResultSet->addColumn ("userid");
1086  $xmlResultSet->addColumn ("login");
1087  $xmlResultSet->addColumn ("action");
1088  $xmlResultSet->addColumn ("message");
1089 
1090  foreach ($a_array as $username => $messages)
1091  {
1092  foreach ($messages as $message)
1093  {
1094 
1095  $xmlRow = new ilXMLResultSetRow ();
1096  $xmlRow->setValue (0, 0);
1097  $xmlRow->setValue (1, $username);
1098  $xmlRow->setValue (2, "");
1099  $xmlRow->setValue (3, $message);
1100 
1101  $xmlResultSet->addRow ($xmlRow);
1102  }
1103  }
1104 
1105  $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
1106 
1107  if ($xml_writer->start ())
1108  return $xml_writer->getXML();
1109 
1110  return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
1111  }
1112 
1119  function __getUserMappingAsXML ($a_array) {
1120  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1121  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1122 
1123  $xmlResultSet = new ilXMLResultSet ();
1124  $xmlResultSet->addColumn ("userid");
1125  $xmlResultSet->addColumn ("login");
1126  $xmlResultSet->addColumn ("action");
1127  $xmlResultSet->addColumn ("message");
1128 
1129  if (count($a_array))
1130  foreach ($a_array as $username => $message)
1131  {
1132  $xmlRow = new ilXMLResultSetRow ();
1133  $xmlRow->setValue (0, $username);
1134  $xmlRow->setValue (1, $message["login"]);
1135  $xmlRow->setValue (2, $message["action"]);
1136  $xmlRow->setValue (3, $message["message"]);
1137 
1138  $xmlResultSet->addRow ($xmlRow);
1139  }
1140 
1141  $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
1142 
1143  if ($xml_writer->start ())
1144  return $xml_writer->getXML();
1145 
1146  return $this->__raiseError('Error in __getUserMappingAsXML','Server');
1147 
1148  }
1149 
1158  function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
1159 
1160  if(!$this->__checkSession($sid))
1161  {
1162  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
1163  }
1164 
1165 
1166  // Include main header
1167  include_once './include/inc.header.php';
1168 
1169  global $ilDB, $rbacsystem;
1170 
1171  if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
1172  {
1173  return $this->__raiseError('Check access failed.','Server');
1174  }
1175 
1176 
1177  if (!count($a_keyfields))
1178  $this->__raiseError('At least one keyfield is needed','Client');
1179 
1180  if (!count ($a_keyvalues))
1181  $this->__raiseError('At least one keyvalue is needed','Client');
1182 
1183  if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
1184  $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
1185 
1186 
1187  $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
1188 
1189  $query = "SELECT usr_data.*, usr_pref.value AS language
1190  FROM usr_data
1191  LEFT JOIN usr_pref
1192  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = 'language'
1193  WHERE 1 ".$query;
1194 
1195  if (is_numeric($active) && $active > -1)
1196  $query .= " AND active = ". $ilDB->quote($active);
1197 
1198  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
1199 
1200  //echo $query;
1201 
1202  $r = $ilDB->query($query);
1203 
1204  $data = array();
1205 
1206  while($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
1207  {
1208  $data[] = $row;
1209  }
1210 
1211  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1212 
1213  $xmlWriter = new ilUserXMLWriter();
1214  $xmlWriter->setAttachRoles($attach_roles);
1215 
1216  $xmlWriter->setObjects($data);
1217 
1218  if($xmlWriter->start())
1219  {
1220  return $xmlWriter->getXML();
1221  }
1222 
1223  return $this->__raiseError('Error in searchUser','Server');
1224  }
1225 
1234  function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
1235  global $ilDB;
1236  $query = array();
1237 
1238  $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
1239 
1240  foreach ($a_keyfields as $keyfield)
1241  {
1242  $keyfield = strtolower($keyfield);
1243 
1244  if (!in_array($keyfield, $allowed_fields))
1245  continue;
1246 
1247  $field_query = array ();
1248  foreach ($a_keyvalues as $keyvalue)
1249  {
1250  if (strlen($keyvalue) >= 3) {
1251  $field_query []= $keyfield." like '%".$keyvalue."%'";
1252  }
1253 
1254  }
1255  if (count($field_query))
1256  $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
1257 
1258  }
1259 
1260  return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
1261  }
1262 
1263 
1271  function getUserXML($sid, $a_user_ids, $attach_roles)
1272  {
1273  if(!$this->__checkSession($sid))
1274  {
1275  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
1276  }
1277 
1278  // Include main header
1279  include_once './include/inc.header.php';
1280  global $rbacsystem, $ilUser, $ilDB;
1281 
1282  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
1283  {
1284  return $this->__raiseError('Check access failed.','Server');
1285  }
1286 
1287  $data = ilObjUser::_getUserData($a_user_ids);
1288 
1289  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1290  $xmlWriter = new ilUserXMLWriter();
1291  $xmlWriter->setAttachRoles($attach_roles);
1292  $xmlWriter->setObjects($data);
1293 
1294  if($xmlWriter->start())
1295  {
1296  return $xmlWriter->getXML();
1297  }
1298 
1299  return $this->__raiseError('User does not exist','Client');
1300  }
1301 
1302 
1303  // has new mail
1304  function hasNewMail($sid)
1305  {
1306  if(!$this->__checkSession($sid))
1307  {
1308  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
1309  }
1310 
1311  // Include main header
1312  include_once './include/inc.header.php';
1313  include_once ("Services/Mail/classes/class.ilMailbox.php");
1314  global $ilUser;
1315 
1316  if (ilMailbox::hasNewMail($ilUser->getId()) > 0)
1317  {
1318  return true;
1319  }
1320  else
1321  {
1322  return false;
1323  }
1324  }
1325 
1326 }
1327 ?>