ILIAS  Release_4_3_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2  /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapUserAdministration extends ilSoapAdministration
36 {
37  function ilSoapUserAdministration()
38  {
39  parent::ilSoapAdministration();
40  }
41 
42 
43  // Service methods
44  function login($client,$username,$password)
45  {
46  $_COOKIE['ilClientId'] = $client;
47  $_POST['username'] = $username;
48  $_POST['password'] = $password;
49  unset($_COOKIE['PHPSESSID']);
50 
51  try
52  {
53  include_once './include/inc.header.php';
54  }
55  catch(Exception $e)
56  {
57  return $this->__raiseError($e->getMessage(), 'Server');
58  }
59 
60  ilUtil::setCookie('ilClientId',$client);
61 
62  global $ilUser;
63  if(!$ilUser->hasAcceptedUserAgreement())
64  {
65  return $this->__raiseError('User agreement not accepted', 'Server');
66  }
67  return (session_id().'::'.$client);
68  }
69 
70  // Service methods
71  function loginCAS($client, $PT, $username)
72  {
73  $this->__initAuthenticationObject(AUTH_CAS);
74  $this->sauth->setClient($client);
75  $this->sauth->setUsername($username);
76  $this->sauth->setPT($PT);
77  $authenticated = true;
78  //include_once("./Services/CAS/classes/class.ilCASAuth.php");
79  //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
80  if(!$this->sauth->authenticate())
81  {
82  $authenticated = false;
83  }
84  if(!$authenticated)
85  {
86  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
87  }
88  return $this->sauth->getSid().'::'.$client;
89  }
90 
91  // Service methods
92  function loginLDAP($client, $username, $password)
93  {
94  return $this->login($client, $username, $password);
95  }
96 
97  function logout($sid)
98  {
99  $this->initAuth($sid);
100  $this->initIlias();
101 
102  if(!$this->__checkSession($sid))
103  {
104  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
105  }
106 
107  global $ilAuth;
108  $ilAuth->logout();
109  session_destroy();
110  return true;
111 
112  /*
113  if(!$this->sauth->logout())
114  {
115  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
116  }
117 
118  return true;
119  */
120  }
121 
122  function lookupUser($sid,$user_name)
123  {
124  $this->initAuth($sid);
125  $this->initIlias();
126 
127  if(!$this->__checkSession($sid))
128  {
129  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
130  }
131 
132  if(!strlen($user_name))
133  {
134  return $this->__raiseError('No username given. Aborting','Client');
135  }
136 
137  global $rbacsystem, $ilUser ;
138 
139  if(strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
140  {
141  return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
142  }
143 
144  $user_id = ilObjUser::getUserIdByLogin($user_name);
145 
146 
147  return $user_id ? $user_id : "0";
148 
149  }
150 
151  function getUser($sid,$user_id)
152  {
153  $this->initAuth($sid);
154  $this->initIlias();
155 
156  if(!$this->__checkSession($sid))
157  {
158  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
159  }
160 
161  global $rbacsystem, $ilUser;
162 
163  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
164  {
165  return $this->__raiseError('Check access failed.','Server');
166  }
167 
168  if($ilUser->getLoginByUserId($user_id))
169  {
170  $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
171  $usr_data = $this->__readUserData($tmp_user);
172 
173  return $usr_data;
174  }
175  return $this->__raiseError('User does not exist','Client');
176  }
177 
178  function updateUser($sid,$user_data)
179  {
180  $this->initAuth($sid);
181  $this->initIlias();
182 
183  if(!$this->__checkSession($sid))
184  {
185  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
186  }
187 
188  global $rbacsystem, $ilUser, $log;
189 
190  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
191  {
192  return $this->__raiseError('Check access failed.','Server');
193  }
194 
195  if(!$user_obj =& ilObjectFactory::getInstanceByObjId($user_data['usr_id'],false))
196  {
197  return $this->__raiseError('User with id '.$user_data['usr_id'].' does not exist.','Client');
198  }
199 
200  $user_old = $this->__readUserData($user_obj);
201  $user_new = $this->__substituteUserData($user_old,$user_data);
202 
203  if(!$this->__validateUserData($user_new,false))
204  {
205  return $this->__raiseError($this->__getMessage(),'Client');
206  }
207 
208  if(strlen($user_data['passwd']) != 32)
209  {
210  $user_new['passwd_type'] = IL_PASSWD_PLAIN;
211  }
212  else
213  {
214  $user_new['passwd_type'] = IL_PASSWD_MD5;
215  }
216  $this->__setUserData($user_obj,$user_new);
217 
218  $log->write('SOAP: updateUser()');
219  $user_obj->update();
220 
221  if($user_data['accepted_agreement'] and !$user_obj->hasAcceptedUserAgreement())
222  {
223  $user_obj->writeAccepted();
224  }
225 
226  return true;
227  }
228 
229  function updatePassword($sid,$user_id,$new_password)
230  {
231  $this->initAuth($sid);
232  $this->initIlias();
233 
234  if(!$this->__checkSession($sid))
235  {
236  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
237  }
238 
239  global $rbacsystem;
240 
241  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
242  {
243  return $this->__raiseError('Check access failed.','Server');
244  }
245 
246  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
247  {
248  return $this->__raiseError('No valid user_id given.','Client');
249  }
250 
251  $tmp_user->replacePassword($new_password);
252 
253  return true;
254  }
255 
256  function addUser($sid,$user_data,$global_role_id)
257  {
258  $this->initAuth($sid);
259  $this->initIlias();
260 
261  if(!$this->__checkSession($sid))
262  {
263  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
264  }
265 
266  global $rbacsystem, $rbacreview, $ilLog, $rbacadmin,$ilSetting;
267 
268  if(!$rbacsystem->checkAccess('create_usr',USER_FOLDER_ID))
269  {
270  return $this->__raiseError('Check access failed.','Server');
271  }
272 
273  // Validate user_data
274  if(!$this->__validateUserData($user_data))
275  {
276  return $this->__raiseError($this->__getMessage(),'Client');
277  }
278  // Validate global role
279  if(!$global_role_id)
280  {
281  return $this->__raiseError('No role id given','Client');
282  }
283 
284  // Validate global role
285 
286  $global_roles = $rbacreview->getGlobalRoles();
287 
288  if(!in_array($global_role_id,$global_roles))
289  {
290  return $this->__raiseError('Role with id: '.$global_role_id.' is not a valid global role','Client');
291  }
292 
293  $new_user =& new ilObjUser();
294 
295  if(strlen($user_data['passwd']) != 32)
296  {
297  $user_data['passwd_type'] = IL_PASSWD_PLAIN;
298  }
299  else
300  {
301  $user_data['passwd_type'] = IL_PASSWD_MD5;
302  }
303  $this->__setUserData($new_user,$user_data);
304 
305  $ilLog->write('SOAP: addUser()');
306 
307  // Need this for entry in object_data
308  $new_user->setTitle($new_user->getFullname());
309  $new_user->setDescription($new_user->getEmail());
310 
311  if ($user_data["import_id"] != "")
312  {
313  $new_user->setImportId($user_data["import_id"]);
314  }
315 
316  $new_user->create();
317 
318 
319  $new_user->saveAsNew();
320 
321  // If agreement is given. Set user agreement accepted.
322  if($user_data['accepted_agreement'])
323  {
324  $new_user->writeAccepted();
325  }
326 
327  // Assign role
328  $rbacadmin->assignUser($global_role_id,$new_user->getId());
329 
330  // Assign user prefs
331  $new_user->setLanguage($user_data['user_language']);
332  $new_user->setPref('style',$user_data['user_style']);
333  $new_user->setPref('skin',$user_data['user_skin']);
334  $new_user->setPref('hits_per_page',$ilSetting->get('hits_per_page'));
335  $new_user->setPref('show_users_online',$ilSetting->get('show_users_online'));
336  $new_user->writePrefs();
337 
338  return $new_user->getId();
339  }
340 
341  function deleteUser($sid,$user_id)
342  {
343  $this->initAuth($sid);
344  $this->initIlias();
345 
346  if(!$this->__checkSession($sid))
347  {
348  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
349  }
350 
351  if(!isset($user_id))
352  {
353  return $this->__raiseError('No user_id given. Aborting','Client');
354  }
355 
356  global $rbacsystem, $ilUser, $log;
357 
358  if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
359  {
360  return $this->__raiseError('Check access failed.','Server');
361  }
362 
363  if(!$ilUser->getLoginByUserId($user_id))
364  {
365  return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
366  }
367  if($ilUser->getId() == $user_id)
368  {
369  return $this->__raiseError('Cannot delete myself. Aborting','Client');
370  }
371  if($user_id == SYSTEM_USER_ID)
372  {
373  return $this->__raiseError('Cannot delete root account. Aborting','Client');
374  }
375  // Delete him
376  $log->write('SOAP: deleteUser()');
377  $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
378  $delete_user->delete();
379 
380  return true;
381  }
382 
383 
384 
385 
386  // PRIVATE
387  function __validateUserData(&$user_data,$check_complete = true)
388  {
389  global $lng,$styleDefinition,$ilLog;
390 
391  $this->__setMessage('');
392 
393  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
394  $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(
395  ilAuthUtils::_getAuthMode($user_data['auth_mode']));
396 
397  if($check_complete)
398  {
399  if(!isset($user_data['login']))
400  {
401  $this->__appendMessage('No login given.');
402  }
403  if(!isset($user_data['passwd']) and !$allow_empty_password)
404  {
405  $this->__appendMessage('No password given.');
406  }
407  if(!isset($user_data['email']))
408  {
409  $this->__appendMessage('No email given');
410  }
411  if(!isset($user_data['user_language']))
412  {
413  $user_data['user_language'] = $lng->getDefaultLanguage();
414  }
415  }
416  foreach($user_data as $field => $value)
417  {
418  switch($field)
419  {
420  case 'login':
421  if (!ilUtil::isLogin($value))
422  {
423  $this->__appendMessage('Login invalid.');
424  }
425 
426  // check loginname
427  if($check_complete)
428  {
429  if (ilObjUser::_loginExists($value))
430  {
431  $this->__appendMessage('Login already exists.');
432  }
433  }
434  break;
435 
436  case 'passwd':
437  if(!strlen($value) and $allow_empty_password)
438  {
439  break;
440  }
441  if (!ilUtil::isPassword($value))
442  {
443  $this->__appendMessage('Password invalid.');
444  }
445  break;
446 
447  case 'email':
448  if(!ilUtil::is_email($value))
449  {
450  $this->__appendMessage('Email invalid.');
451  }
452  break;
453 
454  case 'time_limit_unlimited':
455  if($value != 1)
456  {
457  if($user_data['time_limit_from'] >= $user_data['time_limit_until'])
458  {
459  $this->__appendMessage('Time limit invalid');
460  }
461  }
462  break;
463 
464  case 'user_language':
465  $lang_inst = $lng->getInstalledLanguages();
466 
467  if(!in_array($user_data['user_language'],$lang_inst))
468  {
469  $this->__appendMessage('Language: '.$user_data['user_language'].' is not installed');
470  }
471  break;
472 
473 
474  case 'user_skin':
475  case 'user_style':
476  if(($user_data['user_skin'] and !$user_data['user_style']) or
477  (!$user_data['user_skin'] and $user_data['user_style']))
478  {
479  $this->__appendMessage('user_skin, user_style not valid.');
480  }
481  elseif($user_data['user_skin'] and $user_data['user_style'])
482  {
483  $ok = false;
484  $templates = $styleDefinition->getAllTemplates();
485  if (count($templates) > 0 && is_array($templates))
486  {
487  foreach($templates as $template)
488  {
489  $styleDef =& new ilStyleDefinition($template["id"]);
490  $styleDef->startParsing();
491  $styles = $styleDef->getStyles();
492  foreach ($styles as $style)
493  {
494  if ($user_data['user_skin'] == $template["id"] &&
495  $user_data['user_style'] == $style["id"])
496  {
497  $ok = true;
498  }
499  }
500  }
501  if(!$ok)
502  {
503  $this->__appendMessage('user_skin, user_style not valid.');
504  }
505  }
506  }
507  break;
508 
509  case 'time_limit_owner':
510  $type = ilObject::_lookupType($user_data['time_limit_owner'],true);
511  if($type != 'cat' and $type != 'usrf')
512  {
513  $this->__appendMessage('time_limit_owner must be ref_id of category or user folder'.$type);
514  }
515  break;
516 
517 
518 
519  default:
520  continue;
521  }
522  }
523  return strlen($this->__getMessage()) ? false : true;
524  }
525 
526  function __setUserData(&$user_obj,&$user_data)
527  {
528  // Default to unlimited if no access period is given
529  if(!$user_data['time_limit_from'] and
530  !$user_data['time_limit_until'] and
531  !$user_data['time_limit_unlimited'])
532  {
533  $user_data['time_limit_unlimited'] = 1;
534  }
535  if(!$user_data['time_limit_owner'])
536  {
537  $user_data['time_limit_owner'] = USER_FOLDER_ID;
538  }
539 
540 
541  // not supported fields by update/addUser
542  $user_data['im_icq'] = $user_obj->getInstantMessengerId('icq');
543  $user_data['im_yahoo'] = $user_obj->getInstantMessengerId('yahoo');
544  $user_data['im_msn'] = $user_obj->getInstantMessengerId('msn');
545  $user_data['im_aim'] = $user_obj->getInstantMessengerId('aim');
546  $user_data['im_skype'] = $user_obj->getInstantMessengerId('skype');
547  $user_data['im_jabber'] = $user_obj->getInstantMessengerId('jabber');
548  $user_data['im_voip'] = $user_obj->getInstantMessengerId('voip');
549 
550  $user_data['delicious'] = $user_obj->getDelicious();
551  $user_data['latitude'] = $user_obj->getLatitude();
552  $user_data['longitude'] = $user_obj->getLongitude();
553  $user_data['loc_zoom'] = $user_obj->getLocationZoom();
554 
555 
556  $user_data['auth_mode'] = $user_obj->getAuthMode();
557  $user_data['ext_account'] = $user_obj->getExternalAccount();
558  $user_obj->assignData($user_data);
559 
560  if(isset($user_data['user_language']))
561  {
562  $user_obj->setLanguage($user_data['user_language']);
563  }
564  if(isset($user_data['user_skin']) and isset($user_data['user_style']))
565  {
566  $user_obj->setPref('skin',$user_data['user_skin']);
567  $user_obj->setPref('style',$user_data['user_style']);
568  }
569  return true;
570  }
571 
572  function __readUserData(&$usr_obj)
573  {
574  $usr_data['usr_id'] = $usr_obj->getId();
575  $usr_data['login'] = $usr_obj->getLogin();
576  $usr_data['passwd'] = $usr_obj->getPasswd();
577  $usr_data['passwd_type'] = $usr_obj->getPasswdType();
578  $usr_data['firstname'] = $usr_obj->getFirstname();
579  $usr_data['lastname'] = $usr_obj->getLastname();
580  $usr_data['title'] = $usr_obj->getUTitle();
581  $usr_data['gender'] = $usr_obj->getGender();
582  $usr_data['email'] = $usr_obj->getEmail();
583  $usr_data['institution'] = $usr_obj->getInstitution();
584  $usr_data['street'] = $usr_obj->getStreet();
585  $usr_data['city'] = $usr_obj->getCity();
586  $usr_data['zipcode'] = $usr_obj->getZipcode();
587  $usr_data['country'] = $usr_obj->getCountry();
588  $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
589  $usr_data['last_login'] = $usr_obj->getLastLogin();
590  $usr_data['last_update'] = $usr_obj->getLastUpdate();
591  $usr_data['create_date'] = $usr_obj->getCreateDate();
592  $usr_data['hobby'] = $usr_obj->getHobby();
593  $usr_data['department'] = $usr_obj->getDepartment();
594  $usr_data['phone_home'] = $usr_obj->getPhoneHome();
595  $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
596  $usr_data['fax'] = $usr_obj->getFax();
597  $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
598  $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
599  $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
600  $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
601  $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
602  $usr_data['referral_comment'] = $usr_obj->getComment();
603  $usr_data['matriculation'] = $usr_obj->getMatriculation();
604  $usr_data['active'] = $usr_obj->getActive();
605  $usr_data['approve_date'] = $usr_obj->getApproveDate();
606  $usr_data['user_skin'] = $usr_obj->getPref('skin');
607  $usr_data['user_style'] = $usr_obj->getPref('style');
608  $usr_data['user_language'] = $usr_obj->getLanguage();
609  $usr_data['auth_mode'] = $usr_obj->getAuthMode();
610  $usr_data['accepted_agreement'] = $usr_obj->hasAcceptedUserAgreement();
611  $usr_data['import_id'] = $usr_obj->getImportId();
612 
613  return $usr_data;
614  }
615 
616  function __substituteUserData($user_old,$user_new)
617  {
618  foreach($user_new as $key => $value)
619  {
620  $user_old[$key] = $value;
621  }
622  return $user_old ? $user_old : array();
623  }
624 
631  function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
632  {
633  $this->initAuth($sid);
634  $this->initIlias();
635 
636  if(!$this->__checkSession($sid))
637  {
638  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
639  }
640 
641 
642  include_once './Services/User/classes/class.ilUserImportParser.php';
643  include_once './Services/AccessControl/classes/class.ilObjRole.php';
644  include_once './Services/Object/classes/class.ilObjectFactory.php';
645  global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
646 
647  // this takes time but is nescessary
648  $error = false;
649 
650 
651  // validate to prevent wrong XMLs
652  $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
653  if ($error)
654  {
655  $msg = array();
656  if (is_array($error))
657  {
658  foreach ($error as $err) {
659  $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
660  }
661  }
662  else
663  {
664  $msg[] = $error;
665  }
666  $msg = join("\n",$msg);
667  return $this->__raiseError($msg, "Client");
668  }
669 
670 
671  switch ($conflict_rule)
672  {
673  case 2:
674  $conflict_rule = IL_UPDATE_ON_CONFLICT;
675  break;
676  case 3:
677  $conflict_rule = IL_IGNORE_ON_CONFLICT;
678  break;
679  default:
680  $conflict_rule = IL_FAIL_ON_CONFLICT;
681  }
682 
683 
684  // folder id 0, means to check permission on user basis!
685  // must have create user right in time_limit_owner property (which is ref_id of container)
686  if ($folder_id != 0)
687  {
688  // determine where to import
689  if ($folder_id == -1)
690  $folder_id = USER_FOLDER_ID;
691 
692  // get folder
693  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
694  // id does not exist
695  if (!$import_folder)
696  return $this->__raiseError('Wrong reference id.','Server');
697 
698  // folder is not a folder, can also be a category
699  if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
700  return $this->__raiseError('Folder must be a usr folder or a category.','Server');
701 
702  // check access to folder
703  if(!$rbacsystem->checkAccess('create_usr',$folder_id))
704  {
705  return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
706  }
707  }
708 
709  // first verify
710 
711 
712  $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
713  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
714  $importParser->setXMLContent($usr_xml);
715  $importParser->startParsing();
716 
717  switch ($importParser->getErrorLevel())
718  {
719  case IL_IMPORT_SUCCESS :
720  break;
721  case IL_IMPORT_WARNING :
722  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
723  break;
724  case IL_IMPORT_FAILURE :
725  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
726  }
727 
728  // verify is ok, so get role assignments
729 
730  $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
731  $importParser->setXMLContent($usr_xml);
732  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
733  $importParser->startParsing();
734 
735  $roles = $importParser->getCollectedRoles();
736 
737  //print_r($roles);
738 
739 
740 
741  // roles to be assigned, skip if one is not allowed!
742  $permitted_roles = array();
743  foreach ($roles as $role_id => $role)
744  {
745  if (!is_numeric ($role_id))
746  {
747  // check if internal id
748  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
749 
750  if (is_numeric($internalId))
751  {
752  $role_id = $internalId;
753  $role_name = $role_id;
754  }
755 /* else // perhaps it is a rolename
756  {
757  $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
758  $role_name = $role->title;
759  $role_id = $role->role_id;
760  }*/
761  }
762 
763  if($this->isPermittedRole($folder_id,$role_id))
764  {
765  $permitted_roles[$role_id] = $role_id;
766  }
767  else
768  {
769  $role_name = ilObject::_lookupTitle($role_id);
770  return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
771  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
772  }
773  }
774 
775  $global_roles = $rbacreview->getGlobalRoles();
776 
777  //print_r ($global_roles);
778 
779 
780 
781  foreach ($permitted_roles as $role_id => $role_name)
782  {
783  if ($role_id != "")
784  {
785  if (in_array($role_id, $global_roles))
786  {
787  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
788  || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
789  )
790  {
791  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
792  }
793  }
794  else
795  {
796  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
797  if ($rbacreview->isDeleted($rolf[0])
798  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
799  {
800 
801  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
802  }
803  }
804  }
805  }
806 
807  //print_r ($permitted_roles);
808 
809  $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
810  $importParser->setSendMail($send_account_mail);
811  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
812  $importParser->setFolderId($folder_id);
813  $importParser->setXMLContent($usr_xml);
814 
815  $importParser->setRoleAssignment($permitted_roles);
816 
817  $importParser->startParsing();
818 
819  if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
820  {
821  return $this->__getUserMappingAsXML ($importParser->getUserMapping());
822  }
823  return $this->__getImportProtocolAsXML ($importParser->getProtocol());
824 
825  }
826 
834  protected function isPermittedRole($a_folder,$a_role)
835  {
836  static $checked_roles = array();
837  static $global_roles = null;
838 
839 
840  if(isset($checked_roles[$a_role]))
841  {
842  return $checked_roles[$a_role];
843  }
844 
845  global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
846 
847  $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
848  $location = $locations[0];
849 
850  // global role
851  if($location == ROLE_FOLDER_ID)
852  {
853  $ilLog->write(__METHOD__.': Check global role');
854  // check assignment permission if called from local admin
855 
856 
857  if($a_folder != USER_FOLDER_ID and $a_folder != 0)
858  {
859  $ilLog->write(__METHOD__.': '.$a_folder);
860  include_once './Services/AccessControl/classes/class.ilObjRole.php';
861  if(!ilObjRole::_getAssignUsersStatus($a_role))
862  {
863  $ilLog->write(__METHOD__.': No assignment allowed');
864  $checked_roles[$a_role] = false;
865  return false;
866  }
867  }
868  // exclude anonymous role from list
869  if ($a_role == ANONYMOUS_ROLE_ID)
870  {
871  $ilLog->write(__METHOD__.': Anonymous role chosen.');
872  $checked_roles[$a_role] = false;
873  return false;
874  }
875  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
876  if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
877  {
878  $ilLog->write(__METHOD__.': System role assignment forbidden.');
879  $checked_roles[$a_role] = false;
880  return false;
881  }
882 
883  // Global role assignment ok
884  $ilLog->write(__METHOD__.': Assignment allowed.');
885  $checked_roles[$a_role] = true;
886  return true;
887  }
888  elseif($location)
889  {
890  $ilLog->write(__METHOD__.': Check local role.');
891 
892  // It's a local role
893  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
894  $rolf = $rolfs[0];
895 
896 
897  // only process role folders that are not set to status "deleted"
898  // and for which the user has write permissions.
899  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
900  // (The ROLE_FOLDER_ID folder contains the global roles).
901  if($rbacreview->isDeleted($rolf)
902  || !$rbacsystem->checkAccess('edit_permission',$tree->getParentId($rolf)))
903  {
904  $ilLog->write(__METHOD__.': Role deleted or no permission.');
905  $checked_roles[$a_role] = false;
906  return false;
907  }
908  // A local role is only displayed, if it is contained in the subtree of
909  // the localy administrated category. If the import function has been
910  // invoked from the user folder object, we show all local roles, because
911  // the user folder object is considered the parent of all local roles.
912  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
913  // isInSubtree variable with true. In all other cases it is initialized
914  // with false, and only set to true if we find the object id of the
915  // locally administrated category in the tree path to the local role.
916  if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
917  {
918  $ilLog->write(__METHOD__.': Not in path of category.');
919  $checked_roles[$a_role] = false;
920  return false;
921  }
922  $ilLog->write(__METHOD__.': Assignment allowed.');
923  $checked_roles[$a_role] = true;
924  return true;
925  }
926  }
927 
928 
932  function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
933  {
934  $this->initAuth($sid);
935  $this->initIlias();
936 
937  if(!$this->__checkSession($sid))
938  {
939  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
940  }
941 
942  global $ilDB, $tree, $rbacreview, $rbacsystem;
943 
944  if ($ref_id == -1)
945  $ref_id = USER_FOLDER_ID;
946 
947  $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
948  if ($this->isFault($object))
949  return $object;
950 
951  $data = array();
952  switch ($object->getType()) {
953  case "usrf":
954  $data = ilObjUser::_getUsersForFolder(USER_FOLDER_ID, $active);
955  break;
956  case "cat":
957  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
958  break;
959  case "crs":
960  {
961  // GET ALL MEMBERS
962  $roles = $object->__getLocalRoles();
963 
964  foreach($roles as $role_id)
965  {
966  $data = array_merge($rbacreview->assignedUsers($role_id, array()),$data);
967  }
968 
969  break;
970  }
971  case "grp":
972  $member_ids = $object->getGroupMemberIds();
973  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
974  break;
975  case "sess":
976  $course_ref_id = $tree->checkForParentType($ref_id,'crs');
977  if(!$course_ref_id)
978  {
979  return $this->__raiseError("No course for session", "Client");
980  }
981 
982  $event_obj_id = ilObject::_lookupObjId($ref_id);
983  include_once 'Modules/Session/classes/class.ilEventParticipants.php';
984  $event_part = new ilEventParticipants($event_obj_id);
985  $member_ids = array_keys($event_part->getParticipants());
986  $data = ilObjUser::_getUsersForIds($member_ids, $active);
987  break;
988  }
989 
990  if (is_array($data))
991  {
992  include_once './Services/User/classes/class.ilUserXMLWriter.php';
993 
994  $xmlWriter = new ilUserXMLWriter();
995  $xmlWriter->setObjects($data);
996  $xmlWriter->setAttachRoles ($attachRoles);
997 
998  if($xmlWriter->start())
999  {
1000  return $xmlWriter->getXML();
1001  }
1002  }
1003  return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
1004  }
1005 
1006 
1010  function getUserForRole($sid, $role_id, $attachRoles, $active)
1011  {
1012  $this->initAuth($sid);
1013  $this->initIlias();
1014 
1015  if(!$this->__checkSession($sid))
1016  {
1017  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1018  }
1019 
1020  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1021  global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
1022 
1023 
1024  $global_roles = $rbacreview->getGlobalRoles();
1025 
1026 
1027  if (in_array($role_id, $global_roles))
1028  {
1029  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
1030  )
1031  {
1032  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1033  }
1034  }
1035  else
1036  {
1037  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
1038  if ($rbacreview->isDeleted($rolf[0])
1039  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
1040  {
1041  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1042  }
1043  include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
1044  $privacy = ilPrivacySettings::_getInstance();
1045  if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
1046  !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
1047  return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
1048  }
1049 
1050 
1051  }
1052 
1053  $data = ilObjUser::_getUsersForRole($role_id, $active);
1054  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1055 
1056  $xmlWriter = new ilUserXMLWriter();
1057  $xmlWriter->setAttachRoles($attachRoles);
1058 
1059  $xmlWriter->setObjects($data);
1060 
1061  if($xmlWriter->start())
1062  {
1063  return $xmlWriter->getXML();
1064  }
1065  return $this->__raiseError('Error in getUsersForRole','Server');
1066  }
1067 
1068 
1069 
1074  function __getImportProtocolAsXML ($a_array)
1075  {
1076  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1077  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1078 
1079  $xmlResultSet = new ilXMLResultSet ();
1080  $xmlResultSet->addColumn ("userid");
1081  $xmlResultSet->addColumn ("login");
1082  $xmlResultSet->addColumn ("action");
1083  $xmlResultSet->addColumn ("message");
1084 
1085  foreach ($a_array as $username => $messages)
1086  {
1087  foreach ($messages as $message)
1088  {
1089 
1090  $xmlRow = new ilXMLResultSetRow ();
1091  $xmlRow->setValue (0, 0);
1092  $xmlRow->setValue (1, $username);
1093  $xmlRow->setValue (2, "");
1094  $xmlRow->setValue (3, $message);
1095 
1096  $xmlResultSet->addRow ($xmlRow);
1097  }
1098  }
1099 
1100  $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
1101 
1102  if ($xml_writer->start ())
1103  return $xml_writer->getXML();
1104 
1105  return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
1106  }
1107 
1114  function __getUserMappingAsXML ($a_array)
1115  {
1116  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1117  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1118 
1119  $xmlResultSet = new ilXMLResultSet ();
1120  $xmlResultSet->addColumn ("userid");
1121  $xmlResultSet->addColumn ("login");
1122  $xmlResultSet->addColumn ("action");
1123  $xmlResultSet->addColumn ("message");
1124 
1125  if (count($a_array))
1126  foreach ($a_array as $username => $message)
1127  {
1128  $xmlRow = new ilXMLResultSetRow ();
1129  $xmlRow->setValue (0, $username);
1130  $xmlRow->setValue (1, $message["login"]);
1131  $xmlRow->setValue (2, $message["action"]);
1132  $xmlRow->setValue (3, $message["message"]);
1133 
1134  $xmlResultSet->addRow ($xmlRow);
1135  }
1136 
1137  $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
1138 
1139  if ($xml_writer->start ())
1140  return $xml_writer->getXML();
1141 
1142  return $this->__raiseError('Error in __getUserMappingAsXML','Server');
1143 
1144  }
1145 
1154  function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
1155 
1156  $this->initAuth($sid);
1157  $this->initIlias();
1158 
1159  if(!$this->__checkSession($sid))
1160  {
1161  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1162  }
1163 
1164  global $ilDB, $rbacsystem;
1165 
1166  if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
1167  {
1168  return $this->__raiseError('Check access failed.','Server');
1169  }
1170 
1171 
1172  if (!count($a_keyfields))
1173  $this->__raiseError('At least one keyfield is needed','Client');
1174 
1175  if (!count ($a_keyvalues))
1176  $this->__raiseError('At least one keyvalue is needed','Client');
1177 
1178  if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
1179  $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
1180 
1181 
1182  $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
1183 
1184  $query = "SELECT usr_data.*, usr_pref.value AS language
1185  FROM usr_data
1186  LEFT JOIN usr_pref
1187  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = ".
1188  $ilDB->quote("language", "text").
1189  "'language'
1190  WHERE 1 = 1 ".$query;
1191 
1192  if (is_numeric($active) && $active > -1)
1193  $query .= " AND active = ". $ilDB->quote($active);
1194 
1195  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
1196 
1197  //echo $query;
1198 
1199  $r = $ilDB->query($query);
1200 
1201  $data = array();
1202 
1203  while($row = $ilDB->fetchAssoc($r))
1204  {
1205  $data[] = $row;
1206  }
1207 
1208  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1209 
1210  $xmlWriter = new ilUserXMLWriter();
1211  $xmlWriter->setAttachRoles($attach_roles);
1212 
1213  $xmlWriter->setObjects($data);
1214 
1215  if($xmlWriter->start())
1216  {
1217  return $xmlWriter->getXML();
1218  }
1219  return $this->__raiseError('Error in searchUser','Server');
1220  }
1221 
1230  function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
1231  global $ilDB;
1232  $query = array();
1233 
1234  $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
1235 
1236  foreach ($a_keyfields as $keyfield)
1237  {
1238  $keyfield = strtolower($keyfield);
1239 
1240  if (!in_array($keyfield, $allowed_fields))
1241  continue;
1242 
1243  $field_query = array ();
1244  foreach ($a_keyvalues as $keyvalue)
1245  {
1246  if (strlen($keyvalue) >= 3) {
1247  $field_query []= $keyfield." like '%".$keyvalue."%'";
1248  }
1249 
1250  }
1251  if (count($field_query))
1252  $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
1253 
1254  }
1255 
1256  return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
1257  }
1258 
1259 
1267  function getUserXML($sid, $a_user_ids, $attach_roles)
1268  {
1269  $this->initAuth($sid);
1270  $this->initIlias();
1271 
1272  if(!$this->__checkSession($sid))
1273  {
1274  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1275  }
1276 
1277  global $rbacsystem, $ilUser, $ilDB;
1278 
1279  // check if own account
1280  $is_self = false;
1281  if(is_array($a_user_ids) and count($a_user_ids) == 1)
1282  {
1283  if(end($a_user_ids) == $ilUser->getId())
1284  {
1285  $is_self = true;
1286  }
1287  }
1288  elseif(is_numeric($a_user_ids))
1289  {
1290  if($a_user_ids == $ilUser->getId())
1291  {
1292  $is_self = true;
1293  }
1294  }
1295 
1296  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID) and !$is_self)
1297  {
1298  return $this->__raiseError('Check access failed.','Server');
1299  }
1300 
1301  // begin-patch filemanager
1302  $data = ilObjUser::_getUserData((array) $a_user_ids);
1303  // end-patch filemanager
1304 
1305  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1306  $xmlWriter = new ilUserXMLWriter();
1307  $xmlWriter->setAttachRoles($attach_roles);
1308  $xmlWriter->setObjects($data);
1309 
1310  if($xmlWriter->start())
1311  {
1312  return $xmlWriter->getXML();
1313  }
1314 
1315  return $this->__raiseError('User does not exist','Client');
1316  }
1317 
1318 
1319  // has new mail
1320  function hasNewMail($sid)
1321  {
1322  $this->initAuth($sid);
1323  $this->initIlias();
1324 
1325  if(!$this->__checkSession($sid))
1326  {
1327  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1328  }
1329 
1330  global $ilUser;
1331 
1332  include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
1333  if(ilMailGlobalServices::getNumberOfNewMailsByUserId($ilUser->getId()) > 0)
1334  {
1335  return true;
1336  }
1337  else
1338  {
1339  return false;
1340  }
1341  }
1342 
1343  public function getUserIdBySid($sid)
1344  {
1345  $this->initAuth($sid);
1346  $this->initIlias();
1347 
1348  if(!$this->__checkSession($sid))
1349  {
1350  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1351  }
1352 
1353  global $ilDB;
1354 
1355  $parts = explode('::', $sid);
1356  $query = "SELECT usr_id FROM usr_session "
1357  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1358  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1359  $data = $ilDB->fetchAssoc($res);
1360 
1361  if(!(int)$data['usr_id'])
1362  {
1363  $this->__raiseError('User does not exist', 'Client');
1364  }
1365 
1366  return (int)$data['usr_id'];
1367  }
1368 
1369 }
1370 ?>