ILIAS Release_3_9_x_branch .rev 46835: webservice/soap/classes/class.ilSoapUserAdministration.php Source File

Go to the documentation of this file.
00001 <?php
00002   /*
00003    +-----------------------------------------------------------------------------+
00004    | ILIAS open source                                                           |
00005    +-----------------------------------------------------------------------------+
00006    | Copyright (c) 1998-2006 ILIAS open source, University of Cologne            |
00007    |                                                                             |
00008    | This program is free software; you can redistribute it and/or               |
00009    | modify it under the terms of the GNU General Public License                 |
00010    | as published by the Free Software Foundation; either version 2              |
00011    | of the License, or (at your option) any later version.                      |
00012    |                                                                             |
00013    | This program is distributed in the hope that it will be useful,             |
00014    | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
00015    | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
00016    | GNU General Public License for more details.                                |
00017    |                                                                             |
00018    | You should have received a copy of the GNU General Public License           |
00019    | along with this program; if not, write to the Free Software                 |
00020    | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
00021    +-----------------------------------------------------------------------------+
00022   */
00023 
00024 
00033 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
00034 
00035 class ilSoapUserAdministration extends ilSoapAdministration
00036 {
00037         function ilSoapUserAdministration()
00038         {
00039                 parent::ilSoapAdministration();
00040         }
00041 
00042 
00043         // Service methods
00044         function login($client,$username,$password)
00045         {
00046                 $this->__initAuthenticationObject();
00047                 $this->sauth->setClient($client);
00048                 $this->sauth->setUsername($username);
00049                 $this->sauth->setPassword($password);
00050 
00051                 $authenticated = true;
00052                 if(!$this->sauth->authenticate())
00053                 {
00054                         // Check if password is md5 crypted check for it
00055                         if(strlen($password) == 32)
00056                         {
00057                                 $this->__initAuthenticationObject();
00058                                 $this->sauth->setClient($client);
00059                                 $this->sauth->setUsername($username);
00060                                 $this->sauth->setPassword($password);
00061                                 $this->sauth->setPasswordType(IL_AUTH_MD5);
00062                                 if(!$this->sauth->authenticate())
00063                                 {
00064                                         $authenticated = false;
00065                                 }
00066                         }
00067                         else
00068                         {
00069                                 $authenticated = false;
00070                         }
00071                 }
00072                 if(!$authenticated)
00073                 {
00074                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00075                 }
00076                 return $this->sauth->getSid().'::'.$client;
00077         }
00078 
00079         // Service methods
00080         function loginCAS($client, $PT, $username)
00081         {
00082                 $this->__initAuthenticationObject(AUTH_CAS);
00083                 $this->sauth->setClient($client);
00084                 $this->sauth->setUsername($username);
00085                 $this->sauth->setPT($PT);
00086                 $authenticated = true;
00087                 //include_once("./Services/CAS/classes/class.ilCASAuth.php");
00088                 //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
00089                 if(!$this->sauth->authenticate())
00090                 {
00091                         $authenticated = false;
00092                 }
00093                 if(!$authenticated)
00094                 {
00095                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00096                 }
00097                 return $this->sauth->getSid().'::'.$client;
00098         }
00099 
00100                 // Service methods
00101         function loginLDAP($client, $username, $password)
00102         {
00103                 $this->__initAuthenticationObject(AUTH_LDAP);
00104                 $this->sauth->setClient($client);
00105                 $this->sauth->setUsername($username);
00106                 $this->sauth->setPassword($password);
00107                 $authenticated = true;
00108                 if(!$this->sauth->authenticate())
00109                 {
00110                         $authenticated = false;
00111                 }
00112                 if(!$authenticated)
00113                 {
00114                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00115                 }
00116                 return $this->sauth->getSid().'::'.$client;
00117         }
00118 
00119         function logout($sid)
00120         {
00121                 if(!$this->__checkSession($sid))
00122                 {
00123                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00124                 }
00125 
00126                 if(!$this->sauth->logout())
00127                 {
00128                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00129                 }
00130 
00131                 return true;
00132         }
00133 
00134         function lookupUser($sid,$user_name)
00135         {
00136                 if(!$this->__checkSession($sid))
00137                 {
00138                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00139                 }
00140 
00141                 if(!strlen($user_name))
00142                 {
00143                         return $this->__raiseError('No username given. Aborting','Client');
00144                 }
00145 
00146                 // Include main header
00147                 include_once './include/inc.header.php';
00148                 global $rbacsystem, $ilUser ;
00149 
00150 
00151                 if($ilUser->getLogin() != $user_name && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
00152                 {
00153                         return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
00154                 }
00155 
00156                 $user_id = ilObjUser::getUserIdByLogin($user_name);
00157 
00158 
00159                 return $user_id ? $user_id : "0";
00160 
00161         }
00162 
00163         function getUser($sid,$user_id)
00164         {
00165                 if(!$this->__checkSession($sid))
00166                 {
00167                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00168                 }
00169 
00170                 // Include main header
00171                 include_once './include/inc.header.php';
00172                 global $rbacsystem, $ilUser;
00173 
00174                 if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
00175                 {
00176                         return $this->__raiseError('Check access failed.','Server');
00177                 }
00178 
00179                 if($ilUser->getLoginByUserId($user_id))
00180                 {
00181                         $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
00182                         $usr_data = $this->__readUserData($tmp_user);
00183 
00184                         return $usr_data;
00185                 }
00186                 return $this->__raiseError('User does not exist','Client');
00187         }
00188 
00189         function updateUser($sid,$user_data)
00190         {
00191                 if(!$this->__checkSession($sid))
00192                 {
00193                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00194                 }
00195 
00196                 // Include main header
00197                 include_once './include/inc.header.php';
00198                 global $rbacsystem, $ilUser, $log;
00199 
00200                 if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
00201                 {
00202                         return $this->__raiseError('Check access failed.','Server');
00203                 }
00204 
00205                 if(!$user_obj =& ilObjectFactory::getInstanceByObjId($user_data['usr_id'],false))
00206                 {
00207                         return $this->__raiseError('User with id '.$user_data['usr_id'].' does not exist.','Client');
00208                 }
00209 
00210                 $user_old = $this->__readUserData($user_obj);
00211                 $user_new = $this->__substituteUserData($user_old,$user_data);
00212 
00213                 if(!$this->__validateUserData($user_new,false))
00214                 {
00215                         return $this->__raiseError($this->__getMessage(),'Client');
00216                 }
00217 
00218                 if(strlen($user_data['passwd']) != 32)
00219                 {
00220                         $user_new['passwd_type'] = IL_PASSWD_PLAIN;
00221                 }
00222                 else
00223                 {
00224                         $user_new['passwd_type'] = IL_PASSWD_MD5;
00225                 }
00226                 $this->__setUserData($user_obj,$user_new);
00227 
00228                 $log->write('SOAP: updateUser()');
00229                 $user_obj->update();
00230 
00231                 if($user_data['accepted_agreement'] and !$user_obj->hasAcceptedUserAgreement())
00232                 {
00233                         $user_obj->writeAccepted();
00234                 }
00235 
00236                 return true;
00237         }
00238 
00239         function updatePassword($sid,$user_id,$new_password)
00240         {
00241                 if(!$this->__checkSession($sid))
00242                 {
00243                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00244                 }
00245 
00246                 // Include main header
00247                 include_once './include/inc.header.php';
00248                 global $rbacsystem;
00249 
00250                 if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
00251                 {
00252                         return $this->__raiseError('Check access failed.','Server');
00253                 }
00254 
00255                 if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
00256                 {
00257                         return $this->__raiseError('No valid user_id given.','Client');
00258                 }
00259 
00260                 $tmp_user->replacePassword($new_password);
00261 
00262                 return true;
00263         }
00264 
00265         function addUser($sid,$user_data,$global_role_id)
00266         {
00267                 if(!$this->__checkSession($sid))
00268                 {
00269                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00270                 }
00271 
00272                 // Include main header
00273                 include_once './include/inc.header.php';
00274                 global $rbacsystem, $rbacreview, $ilLog, $rbacadmin,$ilSetting;
00275 
00276                 if(!$rbacsystem->checkAccess('create_user',USER_FOLDER_ID))
00277                 {
00278                         return $this->__raiseError('Check access failed.','Server');
00279                 }
00280 
00281                 // Validate user_data
00282                 if(!$this->__validateUserData($user_data))
00283                 {
00284                         return $this->__raiseError($this->__getMessage(),'Client');
00285                 }
00286                 // Validate global role
00287                 if(!$global_role_id)
00288                 {
00289                         return $this->__raiseError('No role id given','Client');
00290                 }
00291 
00292                 // Validate global role
00293 
00294                 $global_roles = $rbacreview->getGlobalRoles();
00295 
00296                 if(!in_array($global_role_id,$global_roles))
00297                 {
00298                         return $this->__raiseError('Role with id: '.$global_role_id.' is not a valid global role','Client');
00299                 }
00300 
00301                 $new_user =& new ilObjUser();
00302 
00303                 if(strlen($user_data['passwd']) != 32)
00304                 {
00305                         $user_data['passwd_type'] = IL_PASSWD_PLAIN;
00306                 }
00307                 else
00308                 {
00309                         $user_data['passwd_type'] = IL_PASSWD_MD5;
00310                 }
00311         $this->__setUserData($new_user,$user_data);
00312 
00313                 $ilLog->write('SOAP: addUser()');
00314 
00315                 // Need this for entry in object_data
00316                 $new_user->setTitle($new_user->getFullname());
00317                 $new_user->setDescription($new_user->getEmail());
00318 
00319                 if ($user_data["import_id"] != "")
00320                 {
00321                         $new_user->setImportId($user_data["import_id"]);
00322                 }
00323 
00324                 $new_user->create();
00325 
00326 
00327                 $new_user->saveAsNew();
00328 
00329                 // If agreement is given. Set user agreement accepted.
00330                 if($user_data['accepted_agreement'])
00331                 {
00332                         $new_user->writeAccepted();
00333                 }
00334 
00335                 // Assign role
00336                 $rbacadmin->assignUser($global_role_id,$new_user->getId());
00337 
00338                 // Assign user prefs
00339                 $new_user->setLanguage($user_data['user_language']);
00340                 $new_user->setPref('style',$user_data['user_style']);
00341                 $new_user->setPref('skin',$user_data['user_skin']);
00342                 $new_user->setPref('hits_per_page',$ilSetting->get('hits_per_page'));
00343                 $new_user->setPref('show_users_online',$ilSetting->get('show_users_online'));
00344                 $new_user->writePrefs();
00345 
00346                 return $new_user->getId();
00347         }
00348 
00349         function deleteUser($sid,$user_id)
00350         {
00351                 if(!$this->__checkSession($sid))
00352                 {
00353                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00354                 }
00355 
00356                 if(!isset($user_id))
00357                 {
00358                         return $this->__raiseError('No user_id given. Aborting','Client');
00359                 }
00360 
00361                 // Include main header
00362                 include_once './include/inc.header.php';
00363                 global $rbacsystem, $ilUser, $log;
00364 
00365                 if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
00366                 {
00367                         return $this->__raiseError('Check access failed.','Server');
00368                 }
00369 
00370                 if(!$ilUser->getLoginByUserId($user_id))
00371                 {
00372                         return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
00373                 }
00374                 if($ilUser->getId() == $user_id)
00375                 {
00376                         return $this->__raiseError('Cannot delete myself. Aborting','Client');
00377                 }
00378                 if($user_id == SYSTEM_USER_ID)
00379                 {
00380                         return $this->__raiseError('Cannot delete root account. Aborting','Client');
00381                 }
00382                 // Delete him
00383                 $log->write('SOAP: deleteUser()');
00384                 $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
00385                 $delete_user->delete();
00386 
00387                 return true;
00388         }
00389 
00390 
00391 
00392 
00393         // PRIVATE
00394         function __validateUserData(&$user_data,$check_complete = true)
00395         {
00396                 global $lng,$styleDefinition,$ilLog;
00397 
00398                 $this->__setMessage('');
00399                 
00400                 include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
00401                 $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(
00402                         ilAuthUtils::_getAuthMode($user_data['auth_mode']));
00403 
00404                 if($check_complete)
00405                 {
00406                         if(!isset($user_data['login']))
00407                         {
00408                                 $this->__appendMessage('No login given.');
00409                         }
00410                         if(!isset($user_data['passwd']) and !$allow_empty_password)
00411                         {
00412                                 $this->__appendMessage('No password given.');
00413                         }
00414                         if(!isset($user_data['email']))
00415                         {
00416                                 $this->__appendMessage('No email given');
00417                         }
00418                         if(!isset($user_data['user_language']))
00419                         {
00420                                 $user_data['user_language'] = $lng->getDefaultLanguage();
00421                         }
00422                 }
00423                 foreach($user_data as $field => $value)
00424                 {
00425                         switch($field)
00426                         {
00427                                 case 'login':
00428                                         if (!ilUtil::isLogin($value))
00429                                         {
00430                                                 $this->__appendMessage('Login invalid.');
00431                                         }
00432 
00433                                         // check loginname
00434                                         if($check_complete)
00435                                         {
00436                                                 if (ilObjUser::_loginExists($value))
00437                                                 {
00438                                                         $this->__appendMessage('Login already exists.');
00439                                                 }
00440                                         }
00441                                         break;
00442 
00443                                 case 'passwd':
00444                                         if(!strlen($value) and $allow_empty_password)
00445                                         {
00446                                                 break;
00447                                         }
00448                                         if (!ilUtil::isPassword($value))
00449                                         {
00450                                                 $this->__appendMessage('Password invalid.');
00451                                         }
00452                                         break;
00453 
00454                                 case 'email':
00455                                         if(!ilUtil::is_email($value))
00456                                         {
00457                                                 $this->__appendMessage('Email invalid.');
00458                                         }
00459                                         break;
00460 
00461                                 case 'time_limit_unlimited':
00462                                         if($value != 1)
00463                                         {
00464                                                 if($user_data['time_limit_from'] >= $user_data['time_limit_until'])
00465                                                 {
00466                                                         $this->__appendMessage('Time limit invalid');
00467                                                 }
00468                                         }
00469                                         break;
00470 
00471                                 case 'user_language':
00472                                         $lang_inst = $lng->getInstalledLanguages();
00473 
00474                                         if(!in_array($user_data['user_language'],$lang_inst))
00475                                         {
00476                                                 $this->__appendMessage('Language: '.$user_data['user_language'].' is not installed');
00477                                         }
00478                                         break;
00479 
00480 
00481                                 case 'user_skin':
00482                                 case 'user_style':
00483                                         if(($user_data['user_skin'] and !$user_data['user_style']) or
00484                                            (!$user_data['user_skin'] and $user_data['user_style']))
00485                                         {
00486                                                 $this->__appendMessage('user_skin, user_style not valid.');
00487                                         }
00488                                         elseif($user_data['user_skin'] and $user_data['user_style'])
00489                                         {
00490                                                 $ok = false;
00491                                                 $templates = $styleDefinition->getAllTemplates();
00492                                                 if (count($templates) > 0 && is_array($templates))
00493                                                 {
00494                                                         foreach($templates as $template)
00495                                                         {
00496                                                                 $styleDef =& new ilStyleDefinition($template["id"]);
00497                                                                 $styleDef->startParsing();
00498                                                                 $styles = $styleDef->getStyles();
00499                                                                 foreach ($styles as $style)
00500                                                                 {
00501                                                                         if ($user_data['user_skin'] == $template["id"] &&
00502                                                                                 $user_data['user_style'] == $style["id"])
00503                                                                         {
00504                                                                                 $ok = true;
00505                                                                         }
00506                                                                 }
00507                                                         }
00508                                                         if(!$ok)
00509                                                         {
00510                                                                 $this->__appendMessage('user_skin, user_style not valid.');
00511                                                         }
00512                                                 }
00513                                         }
00514                                         break;
00515 
00516                                 case 'time_limit_owner':
00517                                         $type = ilObject::_lookupType($user_data['time_limit_owner'],true);
00518                                         if($type != 'cat' and $type != 'usrf')
00519                                         {
00520                                                 $this->__appendMessage('time_limit_owner must be ref_id of category or user folder'.$type);
00521                                         }
00522                                         break;
00523 
00524 
00525 
00526                                 default:
00527                                         continue;
00528                         }
00529                 }
00530                 return strlen($this->__getMessage()) ? false : true;
00531         }
00532 
00533         function __setUserData(&$user_obj,&$user_data)
00534         {
00535                 // Default to unlimited if no access period is given
00536                 if(!$user_data['time_limit_from'] and
00537                    !$user_data['time_limit_until'] and
00538                    !$user_data['time_limit_unlimited'])
00539                 {
00540                         $user_data['time_limit_unlimited'] = 1;
00541                 }
00542                 if(!$user_data['time_limit_owner'])
00543                 {
00544                         $user_data['time_limit_owner'] = USER_FOLDER_ID;
00545                 }
00546 
00547 
00548                 // not supported fields by update/addUser
00549                 $user_data['im_icq'] = $user_obj->getInstantMessengerId('icq');
00550                 $user_data['im_yahoo'] = $user_obj->getInstantMessengerId('yahoo');
00551                 $user_data['im_msn'] = $user_obj->getInstantMessengerId('msn');
00552                 $user_data['im_aim'] = $user_obj->getInstantMessengerId('aim');
00553                 $user_data['im_skype'] = $user_obj->getInstantMessengerId('skype');
00554                 
00555                 $user_data['delicious'] = $user_obj->getDelicious();
00556                 $user_data['latitude'] = $user_obj->getLatitude();
00557                 $user_data['longitude'] = $user_obj->getLongitude();
00558                 $user_data['loc_zoom'] = $user_obj->getLocationZoom();
00559                 
00560                 
00561                 $user_data['auth_mode'] = $user_obj->getAuthMode();
00562                 $user_data['ext_account'] = $user_obj->getExternalAccount();
00563                 $user_obj->assignData($user_data);
00564 
00565                 if(isset($user_data['user_language']))
00566                 {
00567                         $user_obj->setLanguage($user_data['user_language']);
00568                 }
00569                 if(isset($user_data['user_skin']) and isset($user_data['user_style']))
00570                 {
00571                         $user_obj->setPref('skin',$user_data['user_skin']);
00572                         $user_obj->setPref('style',$user_data['user_style']);
00573                 }
00574                 return true;
00575         }
00576 
00577         function __readUserData(&$usr_obj)
00578         {
00579                 $usr_data['usr_id'] = $usr_obj->getId();
00580                 $usr_data['login'] = $usr_obj->getLogin();
00581                 $usr_data['passwd'] = $usr_obj->getPasswd();
00582                 $usr_data['passwd_type'] = $usr_obj->getPasswdType();
00583                 $usr_data['firstname'] = $usr_obj->getFirstname();
00584                 $usr_data['lastname'] = $usr_obj->getLastname();
00585                 $usr_data['title'] = $usr_obj->getUTitle();
00586                 $usr_data['gender'] = $usr_obj->getGender();
00587                 $usr_data['email'] = $usr_obj->getEmail();
00588                 $usr_data['institution'] = $usr_obj->getInstitution();
00589                 $usr_data['street'] = $usr_obj->getStreet();
00590                 $usr_data['city'] = $usr_obj->getCity();
00591                 $usr_data['zipcode'] = $usr_obj->getZipcode();
00592                 $usr_data['country'] = $usr_obj->getCountry();
00593                 $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
00594                 $usr_data['last_login'] = $usr_obj->getLastLogin();
00595                 $usr_data['last_update'] = $usr_obj->getLastUpdate();
00596                 $usr_data['create_date'] = $usr_obj->getCreateDate();
00597                 $usr_data['hobby'] = $usr_obj->getHobby();
00598                 $usr_data['department'] = $usr_obj->getDepartment();
00599                 $usr_data['phone_home'] = $usr_obj->getPhoneHome();
00600                 $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
00601                 $usr_data['fax'] = $usr_obj->getFax();
00602                 $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
00603                 $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
00604                 $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
00605                 $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
00606                 $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
00607                 $usr_data['referral_commment'] = $usr_obj->getComment();
00608                 $usr_data['matriculation'] = $usr_obj->getMatriculation();
00609                 $usr_data['active'] = $usr_obj->getActive();
00610                 $usr_data['approve_date'] = $usr_obj->getApproveDate();
00611                 $usr_data['user_skin'] = $usr_obj->getPref('skin');
00612                 $usr_data['user_style'] = $usr_obj->getPref('style');
00613                 $usr_data['user_language'] = $usr_obj->getLanguage();
00614                 $usr_data['auth_mode'] = $usr_obj->getAuthMode();
00615 
00616                 $usr_data['accepted_agreement'] = $usr_obj->hasAcceptedUserAgreement();
00617 
00618                 return $usr_data;
00619         }
00620 
00621         function __substituteUserData($user_old,$user_new)
00622         {
00623                 foreach($user_new as $key => $value)
00624                 {
00625                         $user_old[$key] = $value;
00626                 }
00627                 return $user_old ? $user_old : array();
00628         }
00629 
00636         function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
00637         {
00638                 if(!$this->__checkSession($sid))
00639                 {
00640                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00641                 }
00642 
00643 
00644                 // Include main header
00645                 include_once './include/inc.header.php';
00646                 include_once './Services/User/classes/class.ilUserImportParser.php';
00647                 include_once './classes/class.ilObjRole.php';
00648                 include_once './classes/class.ilObjectFactory.php';
00649                 global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
00650 
00651         // this takes time but is nescessary
00652                 $error = false;
00653 
00654 
00655                 // validate to prevent wrong XMLs
00656                 $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
00657                 if ($error)
00658                 {
00659                     $msg = array();
00660                     if (is_array($error))
00661                     {
00662                         foreach ($error as $err) {
00663                                         $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
00664                         }
00665                     }
00666                     else 
00667                     {
00668                                 $msg[] = $error;
00669                         }
00670                         $msg = join("\n",$msg);
00671                         return $this->__raiseError($msg, "Client");
00672                 }
00673 
00674 
00675                 switch ($conflict_rule)
00676                 {
00677                         case 2:
00678                                 $conflict_rule = IL_UPDATE_ON_CONFLICT;
00679                                 break;
00680                         case 3:
00681                                 $conflict_rule = IL_IGNORE_ON_CONFLICT;
00682                                 break;
00683                         default:
00684                                 $conflict_rule = IL_FAIL_ON_CONFLICT;
00685                 }
00686 
00687 
00688                 // folder id 0, means to check permission on user basis!
00689                 // must have create user right in time_limit_owner property (which is ref_id of container)
00690                 if ($folder_id != 0)
00691                 {
00692                 // determine where to import
00693                 if ($folder_id == -1)
00694                         $folder_id = USER_FOLDER_ID;
00695 
00696                         // get folder
00697                 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
00698                 // id does not exist
00699                 if (!$import_folder)
00700                                 return $this->__raiseError('Wrong reference id.','Server');
00701 
00702                 // folder is not a folder, can also be a category
00703                 if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
00704                         return $this->__raiseError('Folder must be a usr folder or a category.','Server');
00705 
00706                 // check access to folder
00707                 if(!$rbacsystem->checkAccess('cat_administrate_users',$folder_id))
00708                 {
00709                         return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
00710                 }
00711                 }
00712 
00713                 // first verify
00714 
00715 
00716                 $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
00717             $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
00718                 $importParser->setXMLContent($usr_xml);
00719                 $importParser->startParsing();
00720 
00721                 switch ($importParser->getErrorLevel())
00722                 {
00723                         case IL_IMPORT_SUCCESS :
00724                                 break;
00725                         case IL_IMPORT_WARNING :
00726                                 return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
00727                                 break;
00728                         case IL_IMPORT_FAILURE :
00729                                 return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
00730                 }
00731 
00732                 // verify is ok, so get role assignments
00733 
00734                 $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
00735                 $importParser->setXMLContent($usr_xml);
00736             $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
00737                 $importParser->startParsing();
00738 
00739                 $roles = $importParser->getCollectedRoles();
00740 
00741                 //print_r($roles);
00742 
00743 
00744 
00745                 // roles to be assigned, skip if one is not allowed!
00746                 $permitted_roles = array();
00747                 foreach ($roles as $role_id => $role)
00748                 {
00749                         if (!is_numeric ($role_id))
00750                         {
00751                                 // check if internal id
00752                                 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
00753                                 
00754                                 if (is_numeric($internalId))
00755                                 {
00756                                         $role_id = $internalId;
00757                                         $role_name = $role_id;
00758                                 }
00759 /*                              else // perhaps it is a rolename
00760                                 {
00761                                         $role  = ilSoapUserAdministration::__getRoleForRolename ($role_id);
00762                                         $role_name = $role->title;
00763                                         $role_id = $role->role_id;
00764                                 }*/
00765                         }
00766                         
00767                         if($this->isPermittedRole($folder_id,$role_id))
00768                         {
00769                                 $permitted_roles[$role_id] = $role_id;
00770                         }
00771                         else
00772                         {
00773                                 $role_name = ilObject::_lookupTitle($role_id);
00774                                 return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
00775                                         "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');                           
00776                         }
00777                 }
00778 
00779                 $global_roles = $rbacreview->getGlobalRoles();
00780 
00781                 //print_r ($global_roles);
00782 
00783 
00784 
00785                 foreach ($permitted_roles as $role_id => $role_name)
00786                 {
00787                     if ($role_id != "")
00788                                 {
00789                                         if (in_array($role_id, $global_roles))
00790                                         {
00791                                                 if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
00792                                                 || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
00793                                                 )
00794                                                 {
00795                                                         return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
00796                                                 }
00797                                         }
00798                                         else
00799                                         {
00800                                                 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
00801                                                 if ($rbacreview->isDeleted($rolf[0])
00802                                                                 || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
00803                                                 {
00804 
00805                                                         return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
00806                                                 }
00807                                         }
00808                                 }
00809                 }
00810 
00811                 //print_r ($permitted_roles);
00812 
00813                 $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
00814                 $importParser->setSendMail($send_account_mail);
00815                 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
00816                 $importParser->setFolderId($folder_id);
00817                 $importParser->setXMLContent($usr_xml);
00818 
00819                 $importParser->setRoleAssignment($permitted_roles);
00820 
00821                 $importParser->startParsing();
00822 
00823                 if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
00824                 {
00825                           return $this->__getUserMappingAsXML ($importParser->getUserMapping());
00826                 }
00827                 return $this->__getImportProtocolAsXML ($importParser->getProtocol());
00828 
00829         }
00830         
00838         protected function isPermittedRole($a_folder,$a_role)
00839         {
00840                 static $checked_roles = array();
00841                 static $global_roles = null;
00842                 
00843                 
00844                 if(isset($checked_roles[$a_role]))
00845                 {
00846                         return $checked_roles[$a_role];
00847                 }
00848                 
00849                 global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
00850                 
00851                 $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
00852                 $location = $locations[0];
00853                 
00854                 // global role
00855                 if($location == ROLE_FOLDER_ID)
00856                 {
00857                         $ilLog->write(__METHOD__.': Check global role');
00858                         // check assignment permission if called from local admin
00859                         
00860                         
00861                         if($a_folder != USER_FOLDER_ID and $a_folder != 0)
00862                         {
00863                         $ilLog->write(__METHOD__.': '.$a_folder);
00864                                 include_once './classes/class.ilObjRole.php';
00865                                 if(!ilObjRole::_getAssignUsersStatus($a_role))
00866                                 {
00867                                         $ilLog->write(__METHOD__.': No assignment allowed');
00868                                     $checked_roles[$a_role] = false;
00869                                     return false;
00870                                 }
00871                         }
00872                         // exclude anonymous role from list
00873                         if ($a_role == ANONYMOUS_ROLE_ID)
00874                         {
00875                                 $ilLog->write(__METHOD__.': Anonymous role chosen.');
00876                             $checked_roles[$a_role] = false;
00877                                 return false;
00878                         }
00879                         // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
00880                         if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
00881                         {
00882                                 $ilLog->write(__METHOD__.': System role assignment forbidden.');
00883                             $checked_roles[$a_role] = false;
00884                                 return false;
00885                         }
00886                         
00887                         // Global role assignment ok
00888                         $ilLog->write(__METHOD__.': Assignment allowed.');
00889                     $checked_roles[$a_role] = true;
00890                         return true;
00891                 }
00892                 elseif($location)
00893                 {
00894                         $ilLog->write(__METHOD__.': Check local role.');
00895 
00896                         // It's a local role
00897                         $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
00898                         $rolf = $rolfs[0];
00899 
00900 
00901                         // only process role folders that are not set to status "deleted"
00902                         // and for which the user has write permissions.
00903                         // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
00904                         // (The ROLE_FOLDER_ID folder contains the global roles).
00905                         if($rbacreview->isDeleted($rolf)
00906                                 || !$rbacsystem->checkAccess('edit_permission',$tree->getParentId($rolf)))
00907                         {
00908                                 $ilLog->write(__METHOD__.': Role deleted or no permission.');
00909                             $checked_roles[$a_role] = false;
00910                                 return false;
00911                         }
00912                         // A local role is only displayed, if it is contained in the subtree of
00913                         // the localy administrated category. If the import function has been
00914                         // invoked from the user folder object, we show all local roles, because
00915                         // the user folder object is considered the parent of all local roles.
00916                         // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
00917                         // isInSubtree variable with true. In all other cases it is initialized
00918                         // with false, and only set to true if we find the object id of the
00919                         // locally administrated category in the tree path to the local role.
00920                         if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
00921                         {
00922                                 $ilLog->write(__METHOD__.': Not in path of category.');
00923                             $checked_roles[$a_role] = false;
00924                             return false;
00925                         }
00926                         $ilLog->write(__METHOD__.': Assignment allowed.');
00927                     $checked_roles[$a_role] = true;
00928                     return true;
00929                 }
00930         }
00931 
00932 
00936         function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
00937         {
00938 
00939             if(!$this->__checkSession($sid))
00940                 {
00941                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
00942                 }
00943 
00944                 // Include main header
00945                 include_once './include/inc.header.php';
00946         global $ilDB, $rbacreview, $rbacsystem;
00947 
00948 
00949 
00950                 if ($ref_id == -1)
00951                         $ref_id = USER_FOLDER_ID;
00952 
00953 //echo "ref_id:".$ref_id;
00954 
00955                 if(!$rbacsystem->checkAccess('read', $ref_id))
00956                 {
00957                         return $this->__raiseError('Check access failed.','Server');
00958                 }
00959 
00960                 if (!$object = ilObjectFactory::getInstanceByRefId($ref_id, false))
00961                 {
00962                         return $this->__raiseError("No object for reference id $ref_id", "Server");
00963                 }
00964 
00965 
00966                 $type = $object->getType();
00967 
00968                 if ($type =="cat" || $type == "crs" || $type=="grp" || $type=="usrf")
00969                 {
00970                     $data = array();
00971                         switch ($type) {
00972                             case "usrf":
00973                                 $data = ilObjUser::_getUsersForFolder(USER_FOLDER_ID, $active);
00974                                 break;
00975                                 case "cat":
00976                                         $data =  ilObjUser::_getUsersForFolder($ref_id, $active);
00977                                         break;
00978                                 case "crs":
00979                                 {
00980                                         $object->initCourseMemberObject();
00981 
00982                                         // GET ALL MEMBERS
00983                                         $members = array();
00984                                         $roles = $object->__getLocalRoles();
00985 
00986                                         foreach($roles as $role_id)
00987                                         {
00988                                                 $members = array_merge($rbacreview->assignedUsers($role_id, array()),$members);
00989                                         }
00990 
00991                                         $data = $members;
00992 
00993                                         break;
00994                                 }
00995                                 case "grp":
00996                                         $member_ids = $object->getGroupMemberIds();
00997                                         $data = ilObjUser::_getUsersForGroup($member_ids, $active);
00998                                         break;
00999                         }
01000 
01001                         if (is_array($data))
01002                         {
01003                                 include_once './Services/User/classes/class.ilUserXMLWriter.php';
01004 
01005                                 $xmlWriter = new ilUserXMLWriter();
01006                                 $xmlWriter->setObjects($data);
01007 
01008                                 $xmlWriter->setAttachRoles ($attachRoles);
01009 
01010                                 if($xmlWriter->start())
01011                                 {
01012                                         return $xmlWriter->getXML();
01013                                 }
01014                         }
01015                         return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
01016                 }
01017                 return $this->__raiseError('Type '.$type.' not yet supported','Client');
01018         }
01019 
01020 
01024         function getUserForRole($sid, $role_id, $attachRoles, $active)
01025         {
01026 
01027                 if(!$this->__checkSession($sid))
01028                 {
01029                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
01030                 }
01031 
01032                 // Include main header
01033                 include_once './include/inc.header.php';
01034                 include_once './classes/class.ilObjRole.php';
01035                 global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
01036 
01037 
01038                 $global_roles = $rbacreview->getGlobalRoles();
01039 
01040 
01041                 if (in_array($role_id, $global_roles))
01042                 {
01043                         if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
01044                         )
01045                         {
01046                                 return $this->__raiseError("Role access not permitted. ($role_id)","Server");
01047                         }
01048                 }
01049                 else
01050                 {
01051                         $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
01052                         if ($rbacreview->isDeleted($rolf[0])
01053                                         || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
01054                         {
01055                                 return $this->__raiseError("Role access not permitted. ($role_id)","Server");
01056                         }
01057                         include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
01058                         $privacy = ilPrivacySettings::_getInstance();
01059                         if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
01060                            !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
01061                                         return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
01062                         }
01063                         
01064                         
01065                 }
01066 
01067                 $data = ilObjUser::_getUsersForRole($role_id, $active);
01068                 include_once './Services/User/classes/class.ilUserXMLWriter.php';
01069 
01070                 $xmlWriter = new ilUserXMLWriter();
01071                 $xmlWriter->setAttachRoles($attachRoles);
01072                 $xmlWriter->setObjects($data);
01073 
01074                 if($xmlWriter->start())
01075                 {
01076                         return $xmlWriter->getXML();
01077                 }
01078                 return $this->__raiseError('Error in getUsersForRole','Server');
01079         }
01080 
01081 
01082 
01087         function __getImportProtocolAsXML ($a_array){
01088                 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
01089                 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
01090 
01091                 $xmlResultSet = new ilXMLResultSet ();
01092         $xmlResultSet->addColumn ("userid");
01093                 $xmlResultSet->addColumn ("login");
01094                 $xmlResultSet->addColumn ("action");
01095         $xmlResultSet->addColumn ("message");
01096 
01097                 foreach ($a_array as $username => $messages)
01098                 {
01099                         foreach ($messages as $message)
01100                         {
01101 
01102                                 $xmlRow = new ilXMLResultSetRow ();
01103                                 $xmlRow->setValue (0, 0);
01104                                 $xmlRow->setValue (1, $username);
01105                                 $xmlRow->setValue (2, "");
01106                                 $xmlRow->setValue (3, $message);
01107 
01108                                 $xmlResultSet->addRow ($xmlRow);
01109                         }
01110                 }
01111 
01112                 $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
01113 
01114                 if ($xml_writer->start ())
01115                         return $xml_writer->getXML();
01116 
01117                 return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
01118         }
01119 
01126     function __getUserMappingAsXML ($a_array) {
01127                 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
01128                 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
01129 
01130                 $xmlResultSet = new ilXMLResultSet ();
01131         $xmlResultSet->addColumn ("userid");
01132                 $xmlResultSet->addColumn ("login");
01133                 $xmlResultSet->addColumn ("action");
01134         $xmlResultSet->addColumn ("message");
01135 
01136                 if (count($a_array))
01137         foreach ($a_array as $username => $message)
01138                 {
01139                         $xmlRow = new ilXMLResultSetRow ();
01140                         $xmlRow->setValue (0, $username);
01141                         $xmlRow->setValue (1, $message["login"]);
01142                         $xmlRow->setValue (2, $message["action"]);
01143                         $xmlRow->setValue (3, $message["message"]);
01144 
01145                         $xmlResultSet->addRow ($xmlRow);
01146                 }
01147 
01148                 $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
01149 
01150                 if ($xml_writer->start ())
01151                         return $xml_writer->getXML();
01152 
01153                 return $this->__raiseError('Error in __getUserMappingAsXML','Server');
01154 
01155         }
01156 
01165         function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
01166 
01167             if(!$this->__checkSession($sid))
01168                 {
01169                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
01170                 }
01171 
01172 
01173                 // Include main header
01174                 include_once './include/inc.header.php';
01175 
01176                 global $ilDB, $rbacsystem;
01177 
01178                 if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
01179                 {
01180                         return $this->__raiseError('Check access failed.','Server');
01181                 }
01182 
01183 
01184         if (!count($a_keyfields))
01185            $this->__raiseError('At least one keyfield is needed','Client');
01186 
01187         if (!count ($a_keyvalues))
01188            $this->__raiseError('At least one keyvalue is needed','Client');
01189 
01190         if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
01191            $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
01192 
01193 
01194         $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
01195 
01196                 $query = "SELECT usr_data.*, usr_pref.value AS language
01197                           FROM usr_data
01198                           LEFT JOIN usr_pref
01199                           ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = 'language'
01200                           WHERE 1 ".$query;
01201 
01202              if (is_numeric($active) && $active > -1)
01203                         $query .= " AND active = ". $ilDB->quote($active);
01204 
01205                  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
01206 
01207                  //echo $query;
01208 
01209              $r = $ilDB->query($query);
01210 
01211              $data = array();
01212 
01213                  while($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
01214                  {
01215                       $data[] = $row;
01216                  }
01217 
01218                  include_once './Services/User/classes/class.ilUserXMLWriter.php';
01219 
01220                  $xmlWriter = new ilUserXMLWriter();
01221                  $xmlWriter->setAttachRoles($attach_roles);
01222                  $xmlWriter->setObjects($data);
01223 
01224                  if($xmlWriter->start())
01225                  {
01226                         return $xmlWriter->getXML();
01227                  }
01228 
01229                  return $this->__raiseError('Error in searchUser','Server');
01230            }
01231 
01240         function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
01241                 global $ilDB;
01242             $query = array();
01243 
01244             $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
01245 
01246             foreach ($a_keyfields as $keyfield)
01247             {
01248                 $keyfield = strtolower($keyfield);
01249 
01250                 if (!in_array($keyfield, $allowed_fields))
01251                    continue;
01252 
01253                 $field_query = array ();
01254                 foreach ($a_keyvalues as $keyvalue)
01255                 {
01256                     if (strlen($keyvalue) >= 3) {
01257                         $field_query []= $keyfield." like '%".$keyvalue."%'";
01258                     }
01259 
01260                 }
01261                 if (count($field_query))
01262                    $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
01263 
01264             }
01265 
01266             return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
01267         }
01268 
01269 
01277         function getUserXML($sid, $a_user_ids, $attach_roles)
01278         {
01279                 if(!$this->__checkSession($sid))
01280                 {
01281                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
01282                 }
01283 
01284                 // Include main header
01285                 include_once './include/inc.header.php';
01286                 global $rbacsystem, $ilUser, $ilDB;
01287 
01288                 if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
01289                 {
01290                         return $this->__raiseError('Check access failed.','Server');
01291                 }
01292 
01293                 $data = ilObjUser::_getUserData($a_user_ids);
01294 
01295                 include_once './Services/User/classes/class.ilUserXMLWriter.php';
01296                 $xmlWriter = new ilUserXMLWriter();
01297                 $xmlWriter->setAttachRoles($attach_roles);
01298                 $xmlWriter->setObjects($data);
01299 
01300                 if($xmlWriter->start())
01301                 {
01302                         return $xmlWriter->getXML();
01303                 }
01304 
01305                 return $this->__raiseError('User does not exist','Client');
01306         }
01307 
01308 
01309         // has new mail
01310         function hasNewMail($sid)
01311         {
01312                 if(!$this->__checkSession($sid))
01313                 {
01314                         return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
01315                 }
01316 
01317                 // Include main header
01318                 include_once './include/inc.header.php';
01319                 include_once ("Services/Mail/classes/class.ilMailbox.php");
01320                 global $ilUser;
01321 
01322                 if (ilMailbox::hasNewMail($ilUser->getId()) > 0)
01323                 {
01324                         return true;
01325                 }
01326                 else
01327                 {
01328                         return false;
01329                 }
01330         }
01331 
01332 }
01333 ?>