ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2  /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapUserAdministration extends ilSoapAdministration
36 {
37  function ilSoapUserAdministration()
38  {
39  parent::ilSoapAdministration();
40  }
41 
42 
43  // Service methods
44  function login($client,$username,$password)
45  {
46  $_COOKIE['ilClientId'] = $client;
47  $_POST['username'] = $username;
48  $_POST['password'] = $password;
49  unset($_COOKIE['PHPSESSID']);
50 
51  include_once './include/inc.header.php';
52 
53  ilUtil::setCookie('ilClientId',$client);
54 
55  global $ilUser;
56  if(!$ilUser->hasAcceptedUserAgreement())
57  {
58  return $this->__raiseError('User agreement not accepted', 'Server');
59  }
60  return (session_id().'::'.$client);
61  }
62 
63  // Service methods
64  function loginCAS($client, $PT, $username)
65  {
66  $this->__initAuthenticationObject(AUTH_CAS);
67  $this->sauth->setClient($client);
68  $this->sauth->setUsername($username);
69  $this->sauth->setPT($PT);
70  $authenticated = true;
71  //include_once("./Services/CAS/classes/class.ilCASAuth.php");
72  //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
73  if(!$this->sauth->authenticate())
74  {
75  $authenticated = false;
76  }
77  if(!$authenticated)
78  {
79  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
80  }
81  return $this->sauth->getSid().'::'.$client;
82  }
83 
84  // Service methods
85  function loginLDAP($client, $username, $password)
86  {
87  return $this->login($client, $username, $password);
88  }
89 
90  function logout($sid)
91  {
92  $this->initAuth($sid);
93  $this->initIlias();
94 
95  if(!$this->__checkSession($sid))
96  {
97  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
98  }
99 
100  global $ilAuth;
101  $ilAuth->logout();
102  session_destroy();
103  return true;
104 
105  /*
106  if(!$this->sauth->logout())
107  {
108  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
109  }
110 
111  return true;
112  */
113  }
114 
115  function lookupUser($sid,$user_name)
116  {
117  $this->initAuth($sid);
118  $this->initIlias();
119 
120  if(!$this->__checkSession($sid))
121  {
122  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
123  }
124 
125  if(!strlen($user_name))
126  {
127  return $this->__raiseError('No username given. Aborting','Client');
128  }
129 
130  global $rbacsystem, $ilUser ;
131 
132  if(strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
133  {
134  return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
135  }
136 
137  $user_id = ilObjUser::getUserIdByLogin($user_name);
138 
139 
140  return $user_id ? $user_id : "0";
141 
142  }
143 
144  function getUser($sid,$user_id)
145  {
146  $this->initAuth($sid);
147  $this->initIlias();
148 
149  if(!$this->__checkSession($sid))
150  {
151  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
152  }
153 
154  global $rbacsystem, $ilUser;
155 
156  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
157  {
158  return $this->__raiseError('Check access failed.','Server');
159  }
160 
161  if($ilUser->getLoginByUserId($user_id))
162  {
163  $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
164  $usr_data = $this->__readUserData($tmp_user);
165 
166  return $usr_data;
167  }
168  return $this->__raiseError('User does not exist','Client');
169  }
170 
171  function updateUser($sid,$user_data)
172  {
173  $this->initAuth($sid);
174  $this->initIlias();
175 
176  if(!$this->__checkSession($sid))
177  {
178  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
179  }
180 
181  global $rbacsystem, $ilUser, $log;
182 
183  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
184  {
185  return $this->__raiseError('Check access failed.','Server');
186  }
187 
188  if(!$user_obj =& ilObjectFactory::getInstanceByObjId($user_data['usr_id'],false))
189  {
190  return $this->__raiseError('User with id '.$user_data['usr_id'].' does not exist.','Client');
191  }
192 
193  $user_old = $this->__readUserData($user_obj);
194  $user_new = $this->__substituteUserData($user_old,$user_data);
195 
196  if(!$this->__validateUserData($user_new,false))
197  {
198  return $this->__raiseError($this->__getMessage(),'Client');
199  }
200 
201  if(strlen($user_data['passwd']) != 32)
202  {
203  $user_new['passwd_type'] = IL_PASSWD_PLAIN;
204  }
205  else
206  {
207  $user_new['passwd_type'] = IL_PASSWD_MD5;
208  }
209  $this->__setUserData($user_obj,$user_new);
210 
211  $log->write('SOAP: updateUser()');
212  $user_obj->update();
213 
214  if($user_data['accepted_agreement'] and !$user_obj->hasAcceptedUserAgreement())
215  {
216  $user_obj->writeAccepted();
217  }
218 
219  return true;
220  }
221 
222  function updatePassword($sid,$user_id,$new_password)
223  {
224  $this->initAuth($sid);
225  $this->initIlias();
226 
227  if(!$this->__checkSession($sid))
228  {
229  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
230  }
231 
232  global $rbacsystem;
233 
234  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
235  {
236  return $this->__raiseError('Check access failed.','Server');
237  }
238 
239  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
240  {
241  return $this->__raiseError('No valid user_id given.','Client');
242  }
243 
244  $tmp_user->replacePassword($new_password);
245 
246  return true;
247  }
248 
249  function addUser($sid,$user_data,$global_role_id)
250  {
251  $this->initAuth($sid);
252  $this->initIlias();
253 
254  if(!$this->__checkSession($sid))
255  {
256  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
257  }
258 
259  global $rbacsystem, $rbacreview, $ilLog, $rbacadmin,$ilSetting;
260 
261  if(!$rbacsystem->checkAccess('create_usr',USER_FOLDER_ID))
262  {
263  return $this->__raiseError('Check access failed.','Server');
264  }
265 
266  // Validate user_data
267  if(!$this->__validateUserData($user_data))
268  {
269  return $this->__raiseError($this->__getMessage(),'Client');
270  }
271  // Validate global role
272  if(!$global_role_id)
273  {
274  return $this->__raiseError('No role id given','Client');
275  }
276 
277  // Validate global role
278 
279  $global_roles = $rbacreview->getGlobalRoles();
280 
281  if(!in_array($global_role_id,$global_roles))
282  {
283  return $this->__raiseError('Role with id: '.$global_role_id.' is not a valid global role','Client');
284  }
285 
286  $new_user =& new ilObjUser();
287 
288  if(strlen($user_data['passwd']) != 32)
289  {
290  $user_data['passwd_type'] = IL_PASSWD_PLAIN;
291  }
292  else
293  {
294  $user_data['passwd_type'] = IL_PASSWD_MD5;
295  }
296  $this->__setUserData($new_user,$user_data);
297 
298  $ilLog->write('SOAP: addUser()');
299 
300  // Need this for entry in object_data
301  $new_user->setTitle($new_user->getFullname());
302  $new_user->setDescription($new_user->getEmail());
303 
304  if ($user_data["import_id"] != "")
305  {
306  $new_user->setImportId($user_data["import_id"]);
307  }
308 
309  $new_user->create();
310 
311 
312  $new_user->saveAsNew();
313 
314  // If agreement is given. Set user agreement accepted.
315  if($user_data['accepted_agreement'])
316  {
317  $new_user->writeAccepted();
318  }
319 
320  // Assign role
321  $rbacadmin->assignUser($global_role_id,$new_user->getId());
322 
323  // Assign user prefs
324  $new_user->setLanguage($user_data['user_language']);
325  $new_user->setPref('style',$user_data['user_style']);
326  $new_user->setPref('skin',$user_data['user_skin']);
327  $new_user->setPref('hits_per_page',$ilSetting->get('hits_per_page'));
328  $new_user->setPref('show_users_online',$ilSetting->get('show_users_online'));
329  $new_user->writePrefs();
330 
331  return $new_user->getId();
332  }
333 
334  function deleteUser($sid,$user_id)
335  {
336  $this->initAuth($sid);
337  $this->initIlias();
338 
339  if(!$this->__checkSession($sid))
340  {
341  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
342  }
343 
344  if(!isset($user_id))
345  {
346  return $this->__raiseError('No user_id given. Aborting','Client');
347  }
348 
349  global $rbacsystem, $ilUser, $log;
350 
351  if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
352  {
353  return $this->__raiseError('Check access failed.','Server');
354  }
355 
356  if(!$ilUser->getLoginByUserId($user_id))
357  {
358  return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
359  }
360  if($ilUser->getId() == $user_id)
361  {
362  return $this->__raiseError('Cannot delete myself. Aborting','Client');
363  }
364  if($user_id == SYSTEM_USER_ID)
365  {
366  return $this->__raiseError('Cannot delete root account. Aborting','Client');
367  }
368  // Delete him
369  $log->write('SOAP: deleteUser()');
370  $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
371  $delete_user->delete();
372 
373  return true;
374  }
375 
376 
377 
378 
379  // PRIVATE
380  function __validateUserData(&$user_data,$check_complete = true)
381  {
382  global $lng,$styleDefinition,$ilLog;
383 
384  $this->__setMessage('');
385 
386  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
387  $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(
388  ilAuthUtils::_getAuthMode($user_data['auth_mode']));
389 
390  if($check_complete)
391  {
392  if(!isset($user_data['login']))
393  {
394  $this->__appendMessage('No login given.');
395  }
396  if(!isset($user_data['passwd']) and !$allow_empty_password)
397  {
398  $this->__appendMessage('No password given.');
399  }
400  if(!isset($user_data['email']))
401  {
402  $this->__appendMessage('No email given');
403  }
404  if(!isset($user_data['user_language']))
405  {
406  $user_data['user_language'] = $lng->getDefaultLanguage();
407  }
408  }
409  foreach($user_data as $field => $value)
410  {
411  switch($field)
412  {
413  case 'login':
414  if (!ilUtil::isLogin($value))
415  {
416  $this->__appendMessage('Login invalid.');
417  }
418 
419  // check loginname
420  if($check_complete)
421  {
422  if (ilObjUser::_loginExists($value))
423  {
424  $this->__appendMessage('Login already exists.');
425  }
426  }
427  break;
428 
429  case 'passwd':
430  if(!strlen($value) and $allow_empty_password)
431  {
432  break;
433  }
434  if (!ilUtil::isPassword($value))
435  {
436  $this->__appendMessage('Password invalid.');
437  }
438  break;
439 
440  case 'email':
441  if(!ilUtil::is_email($value))
442  {
443  $this->__appendMessage('Email invalid.');
444  }
445  break;
446 
447  case 'time_limit_unlimited':
448  if($value != 1)
449  {
450  if($user_data['time_limit_from'] >= $user_data['time_limit_until'])
451  {
452  $this->__appendMessage('Time limit invalid');
453  }
454  }
455  break;
456 
457  case 'user_language':
458  $lang_inst = $lng->getInstalledLanguages();
459 
460  if(!in_array($user_data['user_language'],$lang_inst))
461  {
462  $this->__appendMessage('Language: '.$user_data['user_language'].' is not installed');
463  }
464  break;
465 
466 
467  case 'user_skin':
468  case 'user_style':
469  if(($user_data['user_skin'] and !$user_data['user_style']) or
470  (!$user_data['user_skin'] and $user_data['user_style']))
471  {
472  $this->__appendMessage('user_skin, user_style not valid.');
473  }
474  elseif($user_data['user_skin'] and $user_data['user_style'])
475  {
476  $ok = false;
477  $templates = $styleDefinition->getAllTemplates();
478  if (count($templates) > 0 && is_array($templates))
479  {
480  foreach($templates as $template)
481  {
482  $styleDef =& new ilStyleDefinition($template["id"]);
483  $styleDef->startParsing();
484  $styles = $styleDef->getStyles();
485  foreach ($styles as $style)
486  {
487  if ($user_data['user_skin'] == $template["id"] &&
488  $user_data['user_style'] == $style["id"])
489  {
490  $ok = true;
491  }
492  }
493  }
494  if(!$ok)
495  {
496  $this->__appendMessage('user_skin, user_style not valid.');
497  }
498  }
499  }
500  break;
501 
502  case 'time_limit_owner':
503  $type = ilObject::_lookupType($user_data['time_limit_owner'],true);
504  if($type != 'cat' and $type != 'usrf')
505  {
506  $this->__appendMessage('time_limit_owner must be ref_id of category or user folder'.$type);
507  }
508  break;
509 
510 
511 
512  default:
513  continue;
514  }
515  }
516  return strlen($this->__getMessage()) ? false : true;
517  }
518 
519  function __setUserData(&$user_obj,&$user_data)
520  {
521  // Default to unlimited if no access period is given
522  if(!$user_data['time_limit_from'] and
523  !$user_data['time_limit_until'] and
524  !$user_data['time_limit_unlimited'])
525  {
526  $user_data['time_limit_unlimited'] = 1;
527  }
528  if(!$user_data['time_limit_owner'])
529  {
530  $user_data['time_limit_owner'] = USER_FOLDER_ID;
531  }
532 
533 
534  // not supported fields by update/addUser
535  $user_data['im_icq'] = $user_obj->getInstantMessengerId('icq');
536  $user_data['im_yahoo'] = $user_obj->getInstantMessengerId('yahoo');
537  $user_data['im_msn'] = $user_obj->getInstantMessengerId('msn');
538  $user_data['im_aim'] = $user_obj->getInstantMessengerId('aim');
539  $user_data['im_skype'] = $user_obj->getInstantMessengerId('skype');
540  $user_data['im_jabber'] = $user_obj->getInstantMessengerId('jabber');
541  $user_data['im_voip'] = $user_obj->getInstantMessengerId('voip');
542 
543  $user_data['delicious'] = $user_obj->getDelicious();
544  $user_data['latitude'] = $user_obj->getLatitude();
545  $user_data['longitude'] = $user_obj->getLongitude();
546  $user_data['loc_zoom'] = $user_obj->getLocationZoom();
547 
548 
549  $user_data['auth_mode'] = $user_obj->getAuthMode();
550  $user_data['ext_account'] = $user_obj->getExternalAccount();
551  $user_obj->assignData($user_data);
552 
553  if(isset($user_data['user_language']))
554  {
555  $user_obj->setLanguage($user_data['user_language']);
556  }
557  if(isset($user_data['user_skin']) and isset($user_data['user_style']))
558  {
559  $user_obj->setPref('skin',$user_data['user_skin']);
560  $user_obj->setPref('style',$user_data['user_style']);
561  }
562  return true;
563  }
564 
565  function __readUserData(&$usr_obj)
566  {
567  $usr_data['usr_id'] = $usr_obj->getId();
568  $usr_data['login'] = $usr_obj->getLogin();
569  $usr_data['passwd'] = $usr_obj->getPasswd();
570  $usr_data['passwd_type'] = $usr_obj->getPasswdType();
571  $usr_data['firstname'] = $usr_obj->getFirstname();
572  $usr_data['lastname'] = $usr_obj->getLastname();
573  $usr_data['title'] = $usr_obj->getUTitle();
574  $usr_data['gender'] = $usr_obj->getGender();
575  $usr_data['email'] = $usr_obj->getEmail();
576  $usr_data['institution'] = $usr_obj->getInstitution();
577  $usr_data['street'] = $usr_obj->getStreet();
578  $usr_data['city'] = $usr_obj->getCity();
579  $usr_data['zipcode'] = $usr_obj->getZipcode();
580  $usr_data['country'] = $usr_obj->getCountry();
581  $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
582  $usr_data['last_login'] = $usr_obj->getLastLogin();
583  $usr_data['last_update'] = $usr_obj->getLastUpdate();
584  $usr_data['create_date'] = $usr_obj->getCreateDate();
585  $usr_data['hobby'] = $usr_obj->getHobby();
586  $usr_data['department'] = $usr_obj->getDepartment();
587  $usr_data['phone_home'] = $usr_obj->getPhoneHome();
588  $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
589  $usr_data['fax'] = $usr_obj->getFax();
590  $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
591  $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
592  $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
593  $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
594  $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
595  $usr_data['referral_comment'] = $usr_obj->getComment();
596  $usr_data['matriculation'] = $usr_obj->getMatriculation();
597  $usr_data['active'] = $usr_obj->getActive();
598  $usr_data['approve_date'] = $usr_obj->getApproveDate();
599  $usr_data['user_skin'] = $usr_obj->getPref('skin');
600  $usr_data['user_style'] = $usr_obj->getPref('style');
601  $usr_data['user_language'] = $usr_obj->getLanguage();
602  $usr_data['auth_mode'] = $usr_obj->getAuthMode();
603  $usr_data['accepted_agreement'] = $usr_obj->hasAcceptedUserAgreement();
604  $usr_data['import_id'] = $usr_obj->getImportId();
605 
606  return $usr_data;
607  }
608 
609  function __substituteUserData($user_old,$user_new)
610  {
611  foreach($user_new as $key => $value)
612  {
613  $user_old[$key] = $value;
614  }
615  return $user_old ? $user_old : array();
616  }
617 
624  function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
625  {
626  $this->initAuth($sid);
627  $this->initIlias();
628 
629  if(!$this->__checkSession($sid))
630  {
631  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
632  }
633 
634 
635  include_once './Services/User/classes/class.ilUserImportParser.php';
636  include_once './Services/AccessControl/classes/class.ilObjRole.php';
637  include_once './classes/class.ilObjectFactory.php';
638  global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
639 
640  // this takes time but is nescessary
641  $error = false;
642 
643 
644  // validate to prevent wrong XMLs
645  $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
646  if ($error)
647  {
648  $msg = array();
649  if (is_array($error))
650  {
651  foreach ($error as $err) {
652  $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
653  }
654  }
655  else
656  {
657  $msg[] = $error;
658  }
659  $msg = join("\n",$msg);
660  return $this->__raiseError($msg, "Client");
661  }
662 
663 
664  switch ($conflict_rule)
665  {
666  case 2:
667  $conflict_rule = IL_UPDATE_ON_CONFLICT;
668  break;
669  case 3:
670  $conflict_rule = IL_IGNORE_ON_CONFLICT;
671  break;
672  default:
673  $conflict_rule = IL_FAIL_ON_CONFLICT;
674  }
675 
676 
677  // folder id 0, means to check permission on user basis!
678  // must have create user right in time_limit_owner property (which is ref_id of container)
679  if ($folder_id != 0)
680  {
681  // determine where to import
682  if ($folder_id == -1)
683  $folder_id = USER_FOLDER_ID;
684 
685  // get folder
686  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
687  // id does not exist
688  if (!$import_folder)
689  return $this->__raiseError('Wrong reference id.','Server');
690 
691  // folder is not a folder, can also be a category
692  if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
693  return $this->__raiseError('Folder must be a usr folder or a category.','Server');
694 
695  // check access to folder
696  if(!$rbacsystem->checkAccess('create_usr',$folder_id))
697  {
698  return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
699  }
700  }
701 
702  // first verify
703 
704 
705  $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
706  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
707  $importParser->setXMLContent($usr_xml);
708  $importParser->startParsing();
709 
710  switch ($importParser->getErrorLevel())
711  {
712  case IL_IMPORT_SUCCESS :
713  break;
714  case IL_IMPORT_WARNING :
715  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
716  break;
717  case IL_IMPORT_FAILURE :
718  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
719  }
720 
721  // verify is ok, so get role assignments
722 
723  $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
724  $importParser->setXMLContent($usr_xml);
725  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
726  $importParser->startParsing();
727 
728  $roles = $importParser->getCollectedRoles();
729 
730  //print_r($roles);
731 
732 
733 
734  // roles to be assigned, skip if one is not allowed!
735  $permitted_roles = array();
736  foreach ($roles as $role_id => $role)
737  {
738  if (!is_numeric ($role_id))
739  {
740  // check if internal id
741  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
742 
743  if (is_numeric($internalId))
744  {
745  $role_id = $internalId;
746  $role_name = $role_id;
747  }
748 /* else // perhaps it is a rolename
749  {
750  $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
751  $role_name = $role->title;
752  $role_id = $role->role_id;
753  }*/
754  }
755 
756  if($this->isPermittedRole($folder_id,$role_id))
757  {
758  $permitted_roles[$role_id] = $role_id;
759  }
760  else
761  {
762  $role_name = ilObject::_lookupTitle($role_id);
763  return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
764  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
765  }
766  }
767 
768  $global_roles = $rbacreview->getGlobalRoles();
769 
770  //print_r ($global_roles);
771 
772 
773 
774  foreach ($permitted_roles as $role_id => $role_name)
775  {
776  if ($role_id != "")
777  {
778  if (in_array($role_id, $global_roles))
779  {
780  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
781  || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
782  )
783  {
784  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
785  }
786  }
787  else
788  {
789  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
790  if ($rbacreview->isDeleted($rolf[0])
791  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
792  {
793 
794  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
795  }
796  }
797  }
798  }
799 
800  //print_r ($permitted_roles);
801 
802  $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
803  $importParser->setSendMail($send_account_mail);
804  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
805  $importParser->setFolderId($folder_id);
806  $importParser->setXMLContent($usr_xml);
807 
808  $importParser->setRoleAssignment($permitted_roles);
809 
810  $importParser->startParsing();
811 
812  if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
813  {
814  return $this->__getUserMappingAsXML ($importParser->getUserMapping());
815  }
816  return $this->__getImportProtocolAsXML ($importParser->getProtocol());
817 
818  }
819 
827  protected function isPermittedRole($a_folder,$a_role)
828  {
829  static $checked_roles = array();
830  static $global_roles = null;
831 
832 
833  if(isset($checked_roles[$a_role]))
834  {
835  return $checked_roles[$a_role];
836  }
837 
838  global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
839 
840  $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
841  $location = $locations[0];
842 
843  // global role
844  if($location == ROLE_FOLDER_ID)
845  {
846  $ilLog->write(__METHOD__.': Check global role');
847  // check assignment permission if called from local admin
848 
849 
850  if($a_folder != USER_FOLDER_ID and $a_folder != 0)
851  {
852  $ilLog->write(__METHOD__.': '.$a_folder);
853  include_once './Services/AccessControl/classes/class.ilObjRole.php';
854  if(!ilObjRole::_getAssignUsersStatus($a_role))
855  {
856  $ilLog->write(__METHOD__.': No assignment allowed');
857  $checked_roles[$a_role] = false;
858  return false;
859  }
860  }
861  // exclude anonymous role from list
862  if ($a_role == ANONYMOUS_ROLE_ID)
863  {
864  $ilLog->write(__METHOD__.': Anonymous role chosen.');
865  $checked_roles[$a_role] = false;
866  return false;
867  }
868  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
869  if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
870  {
871  $ilLog->write(__METHOD__.': System role assignment forbidden.');
872  $checked_roles[$a_role] = false;
873  return false;
874  }
875 
876  // Global role assignment ok
877  $ilLog->write(__METHOD__.': Assignment allowed.');
878  $checked_roles[$a_role] = true;
879  return true;
880  }
881  elseif($location)
882  {
883  $ilLog->write(__METHOD__.': Check local role.');
884 
885  // It's a local role
886  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
887  $rolf = $rolfs[0];
888 
889 
890  // only process role folders that are not set to status "deleted"
891  // and for which the user has write permissions.
892  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
893  // (The ROLE_FOLDER_ID folder contains the global roles).
894  if($rbacreview->isDeleted($rolf)
895  || !$rbacsystem->checkAccess('edit_permission',$tree->getParentId($rolf)))
896  {
897  $ilLog->write(__METHOD__.': Role deleted or no permission.');
898  $checked_roles[$a_role] = false;
899  return false;
900  }
901  // A local role is only displayed, if it is contained in the subtree of
902  // the localy administrated category. If the import function has been
903  // invoked from the user folder object, we show all local roles, because
904  // the user folder object is considered the parent of all local roles.
905  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
906  // isInSubtree variable with true. In all other cases it is initialized
907  // with false, and only set to true if we find the object id of the
908  // locally administrated category in the tree path to the local role.
909  if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
910  {
911  $ilLog->write(__METHOD__.': Not in path of category.');
912  $checked_roles[$a_role] = false;
913  return false;
914  }
915  $ilLog->write(__METHOD__.': Assignment allowed.');
916  $checked_roles[$a_role] = true;
917  return true;
918  }
919  }
920 
921 
925  function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
926  {
927  $this->initAuth($sid);
928  $this->initIlias();
929 
930  if(!$this->__checkSession($sid))
931  {
932  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
933  }
934 
935  global $ilDB, $tree, $rbacreview, $rbacsystem;
936 
937  if ($ref_id == -1)
938  $ref_id = USER_FOLDER_ID;
939 
940  $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
941  if ($this->isFault($object))
942  return $object;
943 
944  $data = array();
945  switch ($object->getType()) {
946  case "usrf":
947  $data = ilObjUser::_getUsersForFolder(USER_FOLDER_ID, $active);
948  break;
949  case "cat":
950  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
951  break;
952  case "crs":
953  {
954  // GET ALL MEMBERS
955  $roles = $object->__getLocalRoles();
956 
957  foreach($roles as $role_id)
958  {
959  $data = array_merge($rbacreview->assignedUsers($role_id, array()),$data);
960  }
961 
962  break;
963  }
964  case "grp":
965  $member_ids = $object->getGroupMemberIds();
966  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
967  break;
968  case "sess":
969  $course_ref_id = $tree->checkForParentType($ref_id,'crs');
970  if(!$course_ref_id)
971  {
972  return $this->__raiseError("No course for session", "Client");
973  }
974 
975  $event_obj_id = ilObject::_lookupObjId($ref_id);
976  include_once 'Modules/Session/classes/class.ilEventParticipants.php';
977  $event_part = new ilEventParticipants($event_obj_id);
978  $member_ids = array_keys($event_part->getParticipants());
979  $data = ilObjUser::_getUsersForIds($member_ids, $active);
980  break;
981  }
982 
983  if (is_array($data))
984  {
985  include_once './Services/User/classes/class.ilUserXMLWriter.php';
986 
987  $xmlWriter = new ilUserXMLWriter();
988  $xmlWriter->setObjects($data);
989  $xmlWriter->setAttachRoles ($attachRoles);
990 
991  if($xmlWriter->start())
992  {
993  return $xmlWriter->getXML();
994  }
995  }
996  return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
997  }
998 
999 
1003  function getUserForRole($sid, $role_id, $attachRoles, $active)
1004  {
1005  $this->initAuth($sid);
1006  $this->initIlias();
1007 
1008  if(!$this->__checkSession($sid))
1009  {
1010  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1011  }
1012 
1013  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1014  global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
1015 
1016 
1017  $global_roles = $rbacreview->getGlobalRoles();
1018 
1019 
1020  if (in_array($role_id, $global_roles))
1021  {
1022  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
1023  )
1024  {
1025  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1026  }
1027  }
1028  else
1029  {
1030  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
1031  if ($rbacreview->isDeleted($rolf[0])
1032  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
1033  {
1034  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1035  }
1036  include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
1037  $privacy = ilPrivacySettings::_getInstance();
1038  if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
1039  !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
1040  return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
1041  }
1042 
1043 
1044  }
1045 
1046  $data = ilObjUser::_getUsersForRole($role_id, $active);
1047  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1048 
1049  $xmlWriter = new ilUserXMLWriter();
1050  $xmlWriter->setAttachRoles($attachRoles);
1051 
1052  $xmlWriter->setObjects($data);
1053 
1054  if($xmlWriter->start())
1055  {
1056  return $xmlWriter->getXML();
1057  }
1058  return $this->__raiseError('Error in getUsersForRole','Server');
1059  }
1060 
1061 
1062 
1067  function __getImportProtocolAsXML ($a_array)
1068  {
1069  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1070  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1071 
1072  $xmlResultSet = new ilXMLResultSet ();
1073  $xmlResultSet->addColumn ("userid");
1074  $xmlResultSet->addColumn ("login");
1075  $xmlResultSet->addColumn ("action");
1076  $xmlResultSet->addColumn ("message");
1077 
1078  foreach ($a_array as $username => $messages)
1079  {
1080  foreach ($messages as $message)
1081  {
1082 
1083  $xmlRow = new ilXMLResultSetRow ();
1084  $xmlRow->setValue (0, 0);
1085  $xmlRow->setValue (1, $username);
1086  $xmlRow->setValue (2, "");
1087  $xmlRow->setValue (3, $message);
1088 
1089  $xmlResultSet->addRow ($xmlRow);
1090  }
1091  }
1092 
1093  $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
1094 
1095  if ($xml_writer->start ())
1096  return $xml_writer->getXML();
1097 
1098  return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
1099  }
1100 
1107  function __getUserMappingAsXML ($a_array)
1108  {
1109  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1110  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1111 
1112  $xmlResultSet = new ilXMLResultSet ();
1113  $xmlResultSet->addColumn ("userid");
1114  $xmlResultSet->addColumn ("login");
1115  $xmlResultSet->addColumn ("action");
1116  $xmlResultSet->addColumn ("message");
1117 
1118  if (count($a_array))
1119  foreach ($a_array as $username => $message)
1120  {
1121  $xmlRow = new ilXMLResultSetRow ();
1122  $xmlRow->setValue (0, $username);
1123  $xmlRow->setValue (1, $message["login"]);
1124  $xmlRow->setValue (2, $message["action"]);
1125  $xmlRow->setValue (3, $message["message"]);
1126 
1127  $xmlResultSet->addRow ($xmlRow);
1128  }
1129 
1130  $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
1131 
1132  if ($xml_writer->start ())
1133  return $xml_writer->getXML();
1134 
1135  return $this->__raiseError('Error in __getUserMappingAsXML','Server');
1136 
1137  }
1138 
1147  function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
1148 
1149  $this->initAuth($sid);
1150  $this->initIlias();
1151 
1152  if(!$this->__checkSession($sid))
1153  {
1154  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1155  }
1156 
1157  global $ilDB, $rbacsystem;
1158 
1159  if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
1160  {
1161  return $this->__raiseError('Check access failed.','Server');
1162  }
1163 
1164 
1165  if (!count($a_keyfields))
1166  $this->__raiseError('At least one keyfield is needed','Client');
1167 
1168  if (!count ($a_keyvalues))
1169  $this->__raiseError('At least one keyvalue is needed','Client');
1170 
1171  if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
1172  $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
1173 
1174 
1175  $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
1176 
1177  $query = "SELECT usr_data.*, usr_pref.value AS language
1178  FROM usr_data
1179  LEFT JOIN usr_pref
1180  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = ".
1181  $ilDB->quote("language", "text").
1182  "'language'
1183  WHERE 1 = 1 ".$query;
1184 
1185  if (is_numeric($active) && $active > -1)
1186  $query .= " AND active = ". $ilDB->quote($active);
1187 
1188  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
1189 
1190  //echo $query;
1191 
1192  $r = $ilDB->query($query);
1193 
1194  $data = array();
1195 
1196  while($row = $ilDB->fetchAssoc($r))
1197  {
1198  $data[] = $row;
1199  }
1200 
1201  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1202 
1203  $xmlWriter = new ilUserXMLWriter();
1204  $xmlWriter->setAttachRoles($attach_roles);
1205 
1206  $xmlWriter->setObjects($data);
1207 
1208  if($xmlWriter->start())
1209  {
1210  return $xmlWriter->getXML();
1211  }
1212  return $this->__raiseError('Error in searchUser','Server');
1213  }
1214 
1223  function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
1224  global $ilDB;
1225  $query = array();
1226 
1227  $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
1228 
1229  foreach ($a_keyfields as $keyfield)
1230  {
1231  $keyfield = strtolower($keyfield);
1232 
1233  if (!in_array($keyfield, $allowed_fields))
1234  continue;
1235 
1236  $field_query = array ();
1237  foreach ($a_keyvalues as $keyvalue)
1238  {
1239  if (strlen($keyvalue) >= 3) {
1240  $field_query []= $keyfield." like '%".$keyvalue."%'";
1241  }
1242 
1243  }
1244  if (count($field_query))
1245  $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
1246 
1247  }
1248 
1249  return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
1250  }
1251 
1252 
1260  function getUserXML($sid, $a_user_ids, $attach_roles)
1261  {
1262  $this->initAuth($sid);
1263  $this->initIlias();
1264 
1265  if(!$this->__checkSession($sid))
1266  {
1267  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1268  }
1269 
1270  global $rbacsystem, $ilUser, $ilDB;
1271 
1272  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
1273  {
1274  return $this->__raiseError('Check access failed.','Server');
1275  }
1276 
1277  $data = ilObjUser::_getUserData($a_user_ids);
1278 
1279  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1280  $xmlWriter = new ilUserXMLWriter();
1281  $xmlWriter->setAttachRoles($attach_roles);
1282  $xmlWriter->setObjects($data);
1283 
1284  if($xmlWriter->start())
1285  {
1286  return $xmlWriter->getXML();
1287  }
1288 
1289  return $this->__raiseError('User does not exist','Client');
1290  }
1291 
1292 
1293  // has new mail
1294  function hasNewMail($sid)
1295  {
1296  $this->initAuth($sid);
1297  $this->initIlias();
1298 
1299  if(!$this->__checkSession($sid))
1300  {
1301  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1302  }
1303 
1304  global $ilUser;
1305 
1306  include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
1307  if(ilMailGlobalServices::getNumberOfNewMailsByUserId($ilUser->getId()) > 0)
1308  {
1309  return true;
1310  }
1311  else
1312  {
1313  return false;
1314  }
1315  }
1316 
1317  public function getUserIdBySid($sid)
1318  {
1319  $this->initAuth($sid);
1320  $this->initIlias();
1321 
1322  if(!$this->__checkSession($sid))
1323  {
1324  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1325  }
1326 
1327  global $ilDB;
1328 
1329  $parts = explode('::', $sid);
1330  $query = "SELECT usr_id FROM usr_session "
1331  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1332  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1333  $data = $ilDB->fetchAssoc($res);
1334 
1335  if(!(int)$data['usr_id'])
1336  {
1337  $this->__raiseError('User does not exist', 'Client');
1338  }
1339 
1340  return (int)$data['usr_id'];
1341  }
1342 
1343 }
1344 ?>