ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2  /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapUserAdministration extends ilSoapAdministration
36 {
37  function ilSoapUserAdministration()
38  {
39  parent::ilSoapAdministration();
40  }
41 
42 
43  // Service methods
44  function login($client,$username,$password)
45  {
49  global $ilUser;
50 
51  $_COOKIE['ilClientId'] = $client;
52  $_POST['username'] = $username;
53  $_POST['password'] = $password;
54  unset($_COOKIE['PHPSESSID']);
55 
56  try
57  {
58  include_once './include/inc.header.php';
59  }
60  catch(Exception $e)
61  {
62  return $this->__raiseError($e->getMessage(), 'Server');
63  }
64 
65  ilUtil::setCookie('ilClientId',$client);
66 
67  if($ilUser->hasToAcceptTermsOfService())
68  {
69  return $this->__raiseError('User agreement not accepted', 'Server');
70  }
71 
72  return (session_id().'::'.$client);
73  }
74 
75  // Service methods
76  function loginCAS($client, $PT, $username)
77  {
78  $this->__initAuthenticationObject(AUTH_CAS);
79  $this->sauth->setClient($client);
80  $this->sauth->setUsername($username);
81  $this->sauth->setPT($PT);
82  $authenticated = true;
83  //include_once("./Services/CAS/classes/class.ilCASAuth.php");
84  //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
85  if(!$this->sauth->authenticate())
86  {
87  $authenticated = false;
88  }
89  if(!$authenticated)
90  {
91  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
92  }
93  return $this->sauth->getSid().'::'.$client;
94  }
95 
96  // Service methods
97  function loginLDAP($client, $username, $password)
98  {
99  return $this->login($client, $username, $password);
100  }
101 
102  function logout($sid)
103  {
104  $this->initAuth($sid);
105  $this->initIlias();
106 
107  if(!$this->__checkSession($sid))
108  {
109  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
110  }
111 
112  global $ilAuth;
113  $ilAuth->logout();
114  session_destroy();
115  return true;
116 
117  /*
118  if(!$this->sauth->logout())
119  {
120  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
121  }
122 
123  return true;
124  */
125  }
126 
127  function lookupUser($sid,$user_name)
128  {
129  $this->initAuth($sid);
130  $this->initIlias();
131 
132  if(!$this->__checkSession($sid))
133  {
134  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
135  }
136 
137  if(!strlen($user_name))
138  {
139  return $this->__raiseError('No username given. Aborting','Client');
140  }
141 
142  global $rbacsystem, $ilUser ;
143 
144  if(strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
145  {
146  return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
147  }
148 
149  $user_id = ilObjUser::getUserIdByLogin($user_name);
150 
151 
152  return $user_id ? $user_id : "0";
153 
154  }
155 
156  function getUser($sid,$user_id)
157  {
158  $this->initAuth($sid);
159  $this->initIlias();
160 
161  if(!$this->__checkSession($sid))
162  {
163  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
164  }
165 
166  global $rbacsystem, $ilUser;
167 
168  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
169  {
170  return $this->__raiseError('Check access failed.','Server');
171  }
172 
173  if($ilUser->getLoginByUserId($user_id))
174  {
175  $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
176  $usr_data = $this->__readUserData($tmp_user);
177 
178  return $usr_data;
179  }
180  return $this->__raiseError('User does not exist','Client');
181  }
182 
183  function updateUser($sid,$user_data)
184  {
188  $this->initAuth($sid);
189  $this->initIlias();
190 
191  if(!$this->__checkSession($sid))
192  {
193  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
194  }
195 
196  global $rbacsystem, $ilUser, $log;
197 
198  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
199  {
200  return $this->__raiseError('Check access failed.','Server');
201  }
202 
203  if(!$user_obj =& ilObjectFactory::getInstanceByObjId($user_data['usr_id'],false))
204  {
205  return $this->__raiseError('User with id '.$user_data['usr_id'].' does not exist.','Client');
206  }
207 
208  $user_old = $this->__readUserData($user_obj);
209  $user_new = $this->__substituteUserData($user_old,$user_data);
210 
211  if(!$this->__validateUserData($user_new,false))
212  {
213  return $this->__raiseError($this->__getMessage(),'Client');
214  }
215 
216  if(strlen($user_data['passwd']) != 32)
217  {
218  $user_new['passwd_type'] = IL_PASSWD_PLAIN;
219  }
220  else
221  {
222  $user_new['passwd_type'] = IL_PASSWD_MD5;
223  }
224  $this->__setUserData($user_obj,$user_new);
225 
226  $log->write('SOAP: updateUser()');
227  $user_obj->update();
228 
229  if($user_data['accepted_agreement'] && $user_obj->hasToAcceptTermsOfService())
230  {
231  $user_obj->writeAccepted();
232  }
233 
234  return true;
235  }
236 
237  function updatePassword($sid,$user_id,$new_password)
238  {
239  $this->initAuth($sid);
240  $this->initIlias();
241 
242  if(!$this->__checkSession($sid))
243  {
244  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
245  }
246 
247  global $rbacsystem;
248 
249  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
250  {
251  return $this->__raiseError('Check access failed.','Server');
252  }
253 
254  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
255  {
256  return $this->__raiseError('No valid user_id given.','Client');
257  }
258 
259  $tmp_user->replacePassword($new_password);
260 
261  return true;
262  }
263 
264  function addUser($sid,$user_data,$global_role_id)
265  {
266  $this->initAuth($sid);
267  $this->initIlias();
268 
269  if(!$this->__checkSession($sid))
270  {
271  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
272  }
273 
274  global $rbacsystem, $rbacreview, $ilLog, $rbacadmin,$ilSetting;
275 
276  if(!$rbacsystem->checkAccess('create_usr',USER_FOLDER_ID))
277  {
278  return $this->__raiseError('Check access failed.','Server');
279  }
280 
281  // Validate user_data
282  if(!$this->__validateUserData($user_data))
283  {
284  return $this->__raiseError($this->__getMessage(),'Client');
285  }
286  // Validate global role
287  if(!$global_role_id)
288  {
289  return $this->__raiseError('No role id given','Client');
290  }
291 
292  // Validate global role
293 
294  $global_roles = $rbacreview->getGlobalRoles();
295 
296  if(!in_array($global_role_id,$global_roles))
297  {
298  return $this->__raiseError('Role with id: '.$global_role_id.' is not a valid global role','Client');
299  }
300 
301  $new_user =& new ilObjUser();
302 
303  if(strlen($user_data['passwd']) != 32)
304  {
305  $user_data['passwd_type'] = IL_PASSWD_PLAIN;
306  }
307  else
308  {
309  $user_data['passwd_type'] = IL_PASSWD_MD5;
310  }
311  $this->__setUserData($new_user,$user_data);
312 
313  $ilLog->write('SOAP: addUser()');
314 
315  // Need this for entry in object_data
316  $new_user->setTitle($new_user->getFullname());
317  $new_user->setDescription($new_user->getEmail());
318 
319  if ($user_data["import_id"] != "")
320  {
321  $new_user->setImportId($user_data["import_id"]);
322  }
323 
324  $new_user->create();
325 
326 
327  $new_user->saveAsNew();
328 
329  // If agreement is given. Set user agreement accepted.
330  if($user_data['accepted_agreement'])
331  {
332  $new_user->writeAccepted();
333  }
334 
335  // Assign role
336  $rbacadmin->assignUser($global_role_id,$new_user->getId());
337 
338  // Assign user prefs
339  $new_user->setLanguage($user_data['user_language']);
340  $new_user->setPref('style',$user_data['user_style']);
341  $new_user->setPref('skin',$user_data['user_skin']);
342  $new_user->setPref('hits_per_page',$ilSetting->get('hits_per_page'));
343  $new_user->setPref('show_users_online',$ilSetting->get('show_users_online'));
344  $new_user->writePrefs();
345 
346  return $new_user->getId();
347  }
348 
349  function deleteUser($sid,$user_id)
350  {
351  $this->initAuth($sid);
352  $this->initIlias();
353 
354  if(!$this->__checkSession($sid))
355  {
356  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
357  }
358 
359  if(!isset($user_id))
360  {
361  return $this->__raiseError('No user_id given. Aborting','Client');
362  }
363 
364  global $rbacsystem, $ilUser, $log;
365 
366  if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
367  {
368  return $this->__raiseError('Check access failed.','Server');
369  }
370 
371  if(!$ilUser->getLoginByUserId($user_id))
372  {
373  return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
374  }
375  if($ilUser->getId() == $user_id)
376  {
377  return $this->__raiseError('Cannot delete myself. Aborting','Client');
378  }
379  if($user_id == SYSTEM_USER_ID)
380  {
381  return $this->__raiseError('Cannot delete root account. Aborting','Client');
382  }
383  // Delete him
384  $log->write('SOAP: deleteUser()');
385  $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
386  $delete_user->delete();
387 
388  return true;
389  }
390 
391 
392 
393 
394  // PRIVATE
395  function __validateUserData(&$user_data,$check_complete = true)
396  {
397  global $lng,$styleDefinition,$ilLog;
398 
399  $this->__setMessage('');
400 
401  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
402  $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(
403  ilAuthUtils::_getAuthMode($user_data['auth_mode']));
404 
405  if($check_complete)
406  {
407  if(!isset($user_data['login']))
408  {
409  $this->__appendMessage('No login given.');
410  }
411  if(!isset($user_data['passwd']) and !$allow_empty_password)
412  {
413  $this->__appendMessage('No password given.');
414  }
415  if(!isset($user_data['email']))
416  {
417  $this->__appendMessage('No email given');
418  }
419  if(!isset($user_data['user_language']))
420  {
421  $user_data['user_language'] = $lng->getDefaultLanguage();
422  }
423  }
424  foreach($user_data as $field => $value)
425  {
426  switch($field)
427  {
428  case 'login':
429  if (!ilUtil::isLogin($value))
430  {
431  $this->__appendMessage('Login invalid.');
432  }
433 
434  // check loginname
435  if($check_complete)
436  {
437  if (ilObjUser::_loginExists($value))
438  {
439  $this->__appendMessage('Login already exists.');
440  }
441  }
442  break;
443 
444  case 'passwd':
445  if(!strlen($value) and $allow_empty_password)
446  {
447  break;
448  }
449  if (!ilUtil::isPassword($value))
450  {
451  $this->__appendMessage('Password invalid.');
452  }
453  break;
454 
455  case 'email':
456  if(!ilUtil::is_email($value))
457  {
458  $this->__appendMessage('Email invalid.');
459  }
460  break;
461 
462  case 'time_limit_unlimited':
463  if($value != 1)
464  {
465  if($user_data['time_limit_from'] >= $user_data['time_limit_until'])
466  {
467  $this->__appendMessage('Time limit invalid');
468  }
469  }
470  break;
471 
472  case 'user_language':
473  $lang_inst = $lng->getInstalledLanguages();
474 
475  if(!in_array($user_data['user_language'],$lang_inst))
476  {
477  $this->__appendMessage('Language: '.$user_data['user_language'].' is not installed');
478  }
479  break;
480 
481 
482  case 'user_skin':
483  case 'user_style':
484  if(($user_data['user_skin'] and !$user_data['user_style']) or
485  (!$user_data['user_skin'] and $user_data['user_style']))
486  {
487  $this->__appendMessage('user_skin, user_style not valid.');
488  }
489  elseif($user_data['user_skin'] and $user_data['user_style'])
490  {
491  $ok = false;
492  $templates = $styleDefinition->getAllTemplates();
493  if (count($templates) > 0 && is_array($templates))
494  {
495  foreach($templates as $template)
496  {
497  $styleDef =& new ilStyleDefinition($template["id"]);
498  $styleDef->startParsing();
499  $styles = $styleDef->getStyles();
500  foreach ($styles as $style)
501  {
502  if ($user_data['user_skin'] == $template["id"] &&
503  $user_data['user_style'] == $style["id"])
504  {
505  $ok = true;
506  }
507  }
508  }
509  if(!$ok)
510  {
511  $this->__appendMessage('user_skin, user_style not valid.');
512  }
513  }
514  }
515  break;
516 
517  case 'time_limit_owner':
518  $type = ilObject::_lookupType($user_data['time_limit_owner'],true);
519  if($type != 'cat' and $type != 'usrf')
520  {
521  $this->__appendMessage('time_limit_owner must be ref_id of category or user folder'.$type);
522  }
523  break;
524 
525 
526 
527  default:
528  continue;
529  }
530  }
531  return strlen($this->__getMessage()) ? false : true;
532  }
533 
534  function __setUserData(&$user_obj,&$user_data)
535  {
536  // Default to unlimited if no access period is given
537  if(!$user_data['time_limit_from'] and
538  !$user_data['time_limit_until'] and
539  !$user_data['time_limit_unlimited'])
540  {
541  $user_data['time_limit_unlimited'] = 1;
542  }
543  if(!$user_data['time_limit_owner'])
544  {
545  $user_data['time_limit_owner'] = USER_FOLDER_ID;
546  }
547 
548 
549  // not supported fields by update/addUser
550  $user_data['im_icq'] = $user_obj->getInstantMessengerId('icq');
551  $user_data['im_yahoo'] = $user_obj->getInstantMessengerId('yahoo');
552  $user_data['im_msn'] = $user_obj->getInstantMessengerId('msn');
553  $user_data['im_aim'] = $user_obj->getInstantMessengerId('aim');
554  $user_data['im_skype'] = $user_obj->getInstantMessengerId('skype');
555  $user_data['im_jabber'] = $user_obj->getInstantMessengerId('jabber');
556  $user_data['im_voip'] = $user_obj->getInstantMessengerId('voip');
557 
558  $user_data['delicious'] = $user_obj->getDelicious();
559  $user_data['latitude'] = $user_obj->getLatitude();
560  $user_data['longitude'] = $user_obj->getLongitude();
561  $user_data['loc_zoom'] = $user_obj->getLocationZoom();
562 
563 
564  $user_data['auth_mode'] = $user_obj->getAuthMode();
565  $user_data['ext_account'] = $user_obj->getExternalAccount();
566  $user_obj->assignData($user_data);
567 
568  if(isset($user_data['user_language']))
569  {
570  $user_obj->setLanguage($user_data['user_language']);
571  }
572  if(isset($user_data['user_skin']) and isset($user_data['user_style']))
573  {
574  $user_obj->setPref('skin',$user_data['user_skin']);
575  $user_obj->setPref('style',$user_data['user_style']);
576  }
577  return true;
578  }
579 
580  function __readUserData(&$usr_obj)
581  {
582  $usr_data['usr_id'] = $usr_obj->getId();
583  $usr_data['login'] = $usr_obj->getLogin();
584  $usr_data['passwd'] = $usr_obj->getPasswd();
585  $usr_data['passwd_type'] = $usr_obj->getPasswdType();
586  $usr_data['firstname'] = $usr_obj->getFirstname();
587  $usr_data['lastname'] = $usr_obj->getLastname();
588  $usr_data['title'] = $usr_obj->getUTitle();
589  $usr_data['gender'] = $usr_obj->getGender();
590  $usr_data['email'] = $usr_obj->getEmail();
591  $usr_data['institution'] = $usr_obj->getInstitution();
592  $usr_data['street'] = $usr_obj->getStreet();
593  $usr_data['city'] = $usr_obj->getCity();
594  $usr_data['zipcode'] = $usr_obj->getZipcode();
595  $usr_data['country'] = $usr_obj->getCountry();
596  $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
597  $usr_data['last_login'] = $usr_obj->getLastLogin();
598  $usr_data['last_update'] = $usr_obj->getLastUpdate();
599  $usr_data['create_date'] = $usr_obj->getCreateDate();
600  $usr_data['hobby'] = $usr_obj->getHobby();
601  $usr_data['department'] = $usr_obj->getDepartment();
602  $usr_data['phone_home'] = $usr_obj->getPhoneHome();
603  $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
604  $usr_data['fax'] = $usr_obj->getFax();
605  $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
606  $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
607  $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
608  $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
609  $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
610  $usr_data['referral_comment'] = $usr_obj->getComment();
611  $usr_data['matriculation'] = $usr_obj->getMatriculation();
612  $usr_data['active'] = $usr_obj->getActive();
613  $usr_data['approve_date'] = $usr_obj->getApproveDate();
614  $usr_data['user_skin'] = $usr_obj->getPref('skin');
615  $usr_data['user_style'] = $usr_obj->getPref('style');
616  $usr_data['user_language'] = $usr_obj->getLanguage();
617  $usr_data['auth_mode'] = $usr_obj->getAuthMode();
618  $usr_data['accepted_agreement'] = !$usr_obj->hasToAcceptTermsOfService();
619  $usr_data['import_id'] = $usr_obj->getImportId();
620 
621  return $usr_data;
622  }
623 
624  function __substituteUserData($user_old,$user_new)
625  {
626  foreach($user_new as $key => $value)
627  {
628  $user_old[$key] = $value;
629  }
630  return $user_old ? $user_old : array();
631  }
632 
639  function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
640  {
641  $this->initAuth($sid);
642  $this->initIlias();
643 
644  if(!$this->__checkSession($sid))
645  {
646  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
647  }
648 
649 
650  include_once './Services/User/classes/class.ilUserImportParser.php';
651  include_once './Services/AccessControl/classes/class.ilObjRole.php';
652  include_once './Services/Object/classes/class.ilObjectFactory.php';
653  global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
654 
655  // this takes time but is nescessary
656  $error = false;
657 
658 
659  // validate to prevent wrong XMLs
660  $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
661  if ($error)
662  {
663  $msg = array();
664  if (is_array($error))
665  {
666  foreach ($error as $err) {
667  $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
668  }
669  }
670  else
671  {
672  $msg[] = $error;
673  }
674  $msg = join("\n",$msg);
675  return $this->__raiseError($msg, "Client");
676  }
677 
678 
679  switch ($conflict_rule)
680  {
681  case 2:
682  $conflict_rule = IL_UPDATE_ON_CONFLICT;
683  break;
684  case 3:
685  $conflict_rule = IL_IGNORE_ON_CONFLICT;
686  break;
687  default:
688  $conflict_rule = IL_FAIL_ON_CONFLICT;
689  }
690 
691 
692  // folder id 0, means to check permission on user basis!
693  // must have create user right in time_limit_owner property (which is ref_id of container)
694  if ($folder_id != 0)
695  {
696  // determine where to import
697  if ($folder_id == -1)
698  $folder_id = USER_FOLDER_ID;
699 
700  // get folder
701  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
702  // id does not exist
703  if (!$import_folder)
704  return $this->__raiseError('Wrong reference id.','Server');
705 
706  // folder is not a folder, can also be a category
707  if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
708  return $this->__raiseError('Folder must be a usr folder or a category.','Server');
709 
710  // check access to folder
711  if(!$rbacsystem->checkAccess('create_usr',$folder_id))
712  {
713  return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
714  }
715  }
716 
717  // first verify
718 
719 
720  $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
721  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
722  $importParser->setXMLContent($usr_xml);
723  $importParser->startParsing();
724 
725  switch ($importParser->getErrorLevel())
726  {
727  case IL_IMPORT_SUCCESS :
728  break;
729  case IL_IMPORT_WARNING :
730  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
731  break;
732  case IL_IMPORT_FAILURE :
733  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
734  }
735 
736  // verify is ok, so get role assignments
737 
738  $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
739  $importParser->setXMLContent($usr_xml);
740  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
741  $importParser->startParsing();
742 
743  $roles = $importParser->getCollectedRoles();
744 
745  //print_r($roles);
746 
747 
748 
749  // roles to be assigned, skip if one is not allowed!
750  $permitted_roles = array();
751  foreach ($roles as $role_id => $role)
752  {
753  if (!is_numeric ($role_id))
754  {
755  // check if internal id
756  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
757 
758  if (is_numeric($internalId))
759  {
760  $role_id = $internalId;
761  $role_name = $role_id;
762  }
763 /* else // perhaps it is a rolename
764  {
765  $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
766  $role_name = $role->title;
767  $role_id = $role->role_id;
768  }*/
769  }
770 
771  if($this->isPermittedRole($folder_id,$role_id))
772  {
773  $permitted_roles[$role_id] = $role_id;
774  }
775  else
776  {
777  $role_name = ilObject::_lookupTitle($role_id);
778  return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
779  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
780  }
781  }
782 
783  $global_roles = $rbacreview->getGlobalRoles();
784 
785  //print_r ($global_roles);
786 
787 
788 
789  foreach ($permitted_roles as $role_id => $role_name)
790  {
791  if ($role_id != "")
792  {
793  if (in_array($role_id, $global_roles))
794  {
795  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
796  || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
797  )
798  {
799  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
800  }
801  }
802  else
803  {
804  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
805  if ($rbacreview->isDeleted($rolf[0])
806  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
807  {
808 
809  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
810  }
811  }
812  }
813  }
814 
815  //print_r ($permitted_roles);
816 
817  $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
818  $importParser->setSendMail($send_account_mail);
819  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
820  $importParser->setFolderId($folder_id);
821  $importParser->setXMLContent($usr_xml);
822 
823  $importParser->setRoleAssignment($permitted_roles);
824 
825  $importParser->startParsing();
826 
827  if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
828  {
829  return $this->__getUserMappingAsXML ($importParser->getUserMapping());
830  }
831  return $this->__getImportProtocolAsXML ($importParser->getProtocol());
832 
833  }
834 
842  protected function isPermittedRole($a_folder,$a_role)
843  {
844  static $checked_roles = array();
845  static $global_roles = null;
846 
847 
848  if(isset($checked_roles[$a_role]))
849  {
850  return $checked_roles[$a_role];
851  }
852 
853  global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
854 
855  $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
856  $location = $locations[0];
857 
858  // global role
859  if($location == ROLE_FOLDER_ID)
860  {
861  $ilLog->write(__METHOD__.': Check global role');
862  // check assignment permission if called from local admin
863 
864 
865  if($a_folder != USER_FOLDER_ID and $a_folder != 0)
866  {
867  $ilLog->write(__METHOD__.': '.$a_folder);
868  include_once './Services/AccessControl/classes/class.ilObjRole.php';
869  if(!ilObjRole::_getAssignUsersStatus($a_role))
870  {
871  $ilLog->write(__METHOD__.': No assignment allowed');
872  $checked_roles[$a_role] = false;
873  return false;
874  }
875  }
876  // exclude anonymous role from list
877  if ($a_role == ANONYMOUS_ROLE_ID)
878  {
879  $ilLog->write(__METHOD__.': Anonymous role chosen.');
880  $checked_roles[$a_role] = false;
881  return false;
882  }
883  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
884  if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
885  {
886  $ilLog->write(__METHOD__.': System role assignment forbidden.');
887  $checked_roles[$a_role] = false;
888  return false;
889  }
890 
891  // Global role assignment ok
892  $ilLog->write(__METHOD__.': Assignment allowed.');
893  $checked_roles[$a_role] = true;
894  return true;
895  }
896  elseif($location)
897  {
898  $ilLog->write(__METHOD__.': Check local role.');
899 
900  // It's a local role
901  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
902  $rolf = $rolfs[0];
903 
904 
905  // only process role folders that are not set to status "deleted"
906  // and for which the user has write permissions.
907  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
908  // (The ROLE_FOLDER_ID folder contains the global roles).
909  if($rbacreview->isDeleted($rolf)
910  || !$rbacsystem->checkAccess('edit_permission',$tree->getParentId($rolf)))
911  {
912  $ilLog->write(__METHOD__.': Role deleted or no permission.');
913  $checked_roles[$a_role] = false;
914  return false;
915  }
916  // A local role is only displayed, if it is contained in the subtree of
917  // the localy administrated category. If the import function has been
918  // invoked from the user folder object, we show all local roles, because
919  // the user folder object is considered the parent of all local roles.
920  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
921  // isInSubtree variable with true. In all other cases it is initialized
922  // with false, and only set to true if we find the object id of the
923  // locally administrated category in the tree path to the local role.
924  if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
925  {
926  $ilLog->write(__METHOD__.': Not in path of category.');
927  $checked_roles[$a_role] = false;
928  return false;
929  }
930  $ilLog->write(__METHOD__.': Assignment allowed.');
931  $checked_roles[$a_role] = true;
932  return true;
933  }
934  }
935 
936 
940  function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
941  {
942  $this->initAuth($sid);
943  $this->initIlias();
944 
945  if(!$this->__checkSession($sid))
946  {
947  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
948  }
949 
950  global $ilDB, $tree, $rbacreview, $rbacsystem;
951 
952  if ($ref_id == -1)
953  $ref_id = USER_FOLDER_ID;
954 
955  $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
956  if ($this->isFault($object))
957  return $object;
958 
959  $data = array();
960  switch ($object->getType()) {
961  case "usrf":
962  $data = ilObjUser::_getUsersForFolder(USER_FOLDER_ID, $active);
963  break;
964  case "cat":
965  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
966  break;
967  case "crs":
968  {
969  // GET ALL MEMBERS
970  $roles = $object->__getLocalRoles();
971 
972  foreach($roles as $role_id)
973  {
974  $data = array_merge($rbacreview->assignedUsers($role_id, array()),$data);
975  }
976 
977  break;
978  }
979  case "grp":
980  $member_ids = $object->getGroupMemberIds();
981  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
982  break;
983  case "sess":
984  $course_ref_id = $tree->checkForParentType($ref_id,'crs');
985  if(!$course_ref_id)
986  {
987  return $this->__raiseError("No course for session", "Client");
988  }
989 
990  $event_obj_id = ilObject::_lookupObjId($ref_id);
991  include_once 'Modules/Session/classes/class.ilEventParticipants.php';
992  $event_part = new ilEventParticipants($event_obj_id);
993  $member_ids = array_keys($event_part->getParticipants());
994  $data = ilObjUser::_getUsersForIds($member_ids, $active);
995  break;
996  }
997 
998  if (is_array($data))
999  {
1000  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1001 
1002  $xmlWriter = new ilUserXMLWriter();
1003  $xmlWriter->setObjects($data);
1004  $xmlWriter->setAttachRoles ($attachRoles);
1005 
1006  if($xmlWriter->start())
1007  {
1008  return $xmlWriter->getXML();
1009  }
1010  }
1011  return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
1012  }
1013 
1014 
1018  function getUserForRole($sid, $role_id, $attachRoles, $active)
1019  {
1020  $this->initAuth($sid);
1021  $this->initIlias();
1022 
1023  if(!$this->__checkSession($sid))
1024  {
1025  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1026  }
1027 
1028  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1029  global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
1030 
1031 
1032  $global_roles = $rbacreview->getGlobalRoles();
1033 
1034 
1035  if (in_array($role_id, $global_roles))
1036  {
1037  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
1038  )
1039  {
1040  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1041  }
1042  }
1043  else
1044  {
1045  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
1046  if ($rbacreview->isDeleted($rolf[0])
1047  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
1048  {
1049  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1050  }
1051  include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
1052  $privacy = ilPrivacySettings::_getInstance();
1053  if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
1054  !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
1055  return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
1056  }
1057 
1058 
1059  }
1060 
1061  $data = ilObjUser::_getUsersForRole($role_id, $active);
1062  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1063 
1064  $xmlWriter = new ilUserXMLWriter();
1065  $xmlWriter->setAttachRoles($attachRoles);
1066 
1067  $xmlWriter->setObjects($data);
1068 
1069  if($xmlWriter->start())
1070  {
1071  return $xmlWriter->getXML();
1072  }
1073  return $this->__raiseError('Error in getUsersForRole','Server');
1074  }
1075 
1076 
1077 
1082  function __getImportProtocolAsXML ($a_array)
1083  {
1084  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1085  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1086 
1087  $xmlResultSet = new ilXMLResultSet ();
1088  $xmlResultSet->addColumn ("userid");
1089  $xmlResultSet->addColumn ("login");
1090  $xmlResultSet->addColumn ("action");
1091  $xmlResultSet->addColumn ("message");
1092 
1093  foreach ($a_array as $username => $messages)
1094  {
1095  foreach ($messages as $message)
1096  {
1097 
1098  $xmlRow = new ilXMLResultSetRow ();
1099  $xmlRow->setValue (0, 0);
1100  $xmlRow->setValue (1, $username);
1101  $xmlRow->setValue (2, "");
1102  $xmlRow->setValue (3, $message);
1103 
1104  $xmlResultSet->addRow ($xmlRow);
1105  }
1106  }
1107 
1108  $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
1109 
1110  if ($xml_writer->start ())
1111  return $xml_writer->getXML();
1112 
1113  return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
1114  }
1115 
1122  function __getUserMappingAsXML ($a_array)
1123  {
1124  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1125  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1126 
1127  $xmlResultSet = new ilXMLResultSet ();
1128  $xmlResultSet->addColumn ("userid");
1129  $xmlResultSet->addColumn ("login");
1130  $xmlResultSet->addColumn ("action");
1131  $xmlResultSet->addColumn ("message");
1132 
1133  if (count($a_array))
1134  foreach ($a_array as $username => $message)
1135  {
1136  $xmlRow = new ilXMLResultSetRow ();
1137  $xmlRow->setValue (0, $username);
1138  $xmlRow->setValue (1, $message["login"]);
1139  $xmlRow->setValue (2, $message["action"]);
1140  $xmlRow->setValue (3, $message["message"]);
1141 
1142  $xmlResultSet->addRow ($xmlRow);
1143  }
1144 
1145  $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
1146 
1147  if ($xml_writer->start ())
1148  return $xml_writer->getXML();
1149 
1150  return $this->__raiseError('Error in __getUserMappingAsXML','Server');
1151 
1152  }
1153 
1162  function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
1163 
1164  $this->initAuth($sid);
1165  $this->initIlias();
1166 
1167  if(!$this->__checkSession($sid))
1168  {
1169  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1170  }
1171 
1172  global $ilDB, $rbacsystem;
1173 
1174  if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
1175  {
1176  return $this->__raiseError('Check access failed.','Server');
1177  }
1178 
1179 
1180  if (!count($a_keyfields))
1181  $this->__raiseError('At least one keyfield is needed','Client');
1182 
1183  if (!count ($a_keyvalues))
1184  $this->__raiseError('At least one keyvalue is needed','Client');
1185 
1186  if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
1187  $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
1188 
1189 
1190  $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
1191 
1192  $query = "SELECT usr_data.*, usr_pref.value AS language
1193  FROM usr_data
1194  LEFT JOIN usr_pref
1195  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = ".
1196  $ilDB->quote("language", "text").
1197  "'language'
1198  WHERE 1 = 1 ".$query;
1199 
1200  if (is_numeric($active) && $active > -1)
1201  $query .= " AND active = ". $ilDB->quote($active);
1202 
1203  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
1204 
1205  //echo $query;
1206 
1207  $r = $ilDB->query($query);
1208 
1209  $data = array();
1210 
1211  while($row = $ilDB->fetchAssoc($r))
1212  {
1213  $data[] = $row;
1214  }
1215 
1216  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1217 
1218  $xmlWriter = new ilUserXMLWriter();
1219  $xmlWriter->setAttachRoles($attach_roles);
1220 
1221  $xmlWriter->setObjects($data);
1222 
1223  if($xmlWriter->start())
1224  {
1225  return $xmlWriter->getXML();
1226  }
1227  return $this->__raiseError('Error in searchUser','Server');
1228  }
1229 
1238  function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
1239  global $ilDB;
1240  $query = array();
1241 
1242  $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
1243 
1244  foreach ($a_keyfields as $keyfield)
1245  {
1246  $keyfield = strtolower($keyfield);
1247 
1248  if (!in_array($keyfield, $allowed_fields))
1249  continue;
1250 
1251  $field_query = array ();
1252  foreach ($a_keyvalues as $keyvalue)
1253  {
1254  if (strlen($keyvalue) >= 3) {
1255  $field_query []= $keyfield." like '%".$keyvalue."%'";
1256  }
1257 
1258  }
1259  if (count($field_query))
1260  $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
1261 
1262  }
1263 
1264  return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
1265  }
1266 
1267 
1275  function getUserXML($sid, $a_user_ids, $attach_roles)
1276  {
1277  $this->initAuth($sid);
1278  $this->initIlias();
1279 
1280  if(!$this->__checkSession($sid))
1281  {
1282  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1283  }
1284 
1285  global $rbacsystem, $ilUser, $ilDB;
1286 
1287  // check if own account
1288  $is_self = false;
1289  if(is_array($a_user_ids) and count($a_user_ids) == 1)
1290  {
1291  if(end($a_user_ids) == $ilUser->getId())
1292  {
1293  $is_self = true;
1294  }
1295  }
1296  elseif(is_numeric($a_user_ids))
1297  {
1298  if($a_user_ids == $ilUser->getId())
1299  {
1300  $is_self = true;
1301  }
1302  }
1303 
1304  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID) and !$is_self)
1305  {
1306  return $this->__raiseError('Check access failed.','Server');
1307  }
1308 
1309  // begin-patch filemanager
1310  $data = ilObjUser::_getUserData((array) $a_user_ids);
1311  // end-patch filemanager
1312 
1313  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1314  $xmlWriter = new ilUserXMLWriter();
1315  $xmlWriter->setAttachRoles($attach_roles);
1316  $xmlWriter->setObjects($data);
1317 
1318  if($xmlWriter->start())
1319  {
1320  return $xmlWriter->getXML();
1321  }
1322 
1323  return $this->__raiseError('User does not exist','Client');
1324  }
1325 
1326 
1327  // has new mail
1328  function hasNewMail($sid)
1329  {
1330  $this->initAuth($sid);
1331  $this->initIlias();
1332 
1333  if(!$this->__checkSession($sid))
1334  {
1335  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1336  }
1337 
1338  global $ilUser;
1339 
1340  include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
1341  if(ilMailGlobalServices::getNumberOfNewMailsByUserId($ilUser->getId()) > 0)
1342  {
1343  return true;
1344  }
1345  else
1346  {
1347  return false;
1348  }
1349  }
1350 
1351  public function getUserIdBySid($sid)
1352  {
1353  $this->initAuth($sid);
1354  $this->initIlias();
1355 
1356  if(!$this->__checkSession($sid))
1357  {
1358  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1359  }
1360 
1361  global $ilDB;
1362 
1363  $parts = explode('::', $sid);
1364  $query = "SELECT usr_id FROM usr_session "
1365  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1366  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1367  $data = $ilDB->fetchAssoc($res);
1368 
1369  if(!(int)$data['usr_id'])
1370  {
1371  $this->__raiseError('User does not exist', 'Client');
1372  }
1373 
1374  return (int)$data['usr_id'];
1375  }
1376 
1377 }
1378 ?>