ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2  /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapUserAdministration extends ilSoapAdministration
36 {
37  function ilSoapUserAdministration()
38  {
39  parent::ilSoapAdministration();
40  }
41 
42 
43  // Service methods
44  function login($client,$username,$password)
45  {
49  global $ilUser;
50 
51  $_COOKIE['ilClientId'] = $client;
52  $_POST['username'] = $username;
53  $_POST['password'] = $password;
54  unset($_COOKIE['PHPSESSID']);
55 
56  try
57  {
58  include_once './include/inc.header.php';
59  }
60  catch(Exception $e)
61  {
62  return $this->__raiseError($e->getMessage(), 'Server');
63  }
64 
65  ilUtil::setCookie('ilClientId',$client);
66 
67  if($ilUser->hasToAcceptTermsOfService())
68  {
69  return $this->__raiseError('User agreement not accepted', 'Server');
70  }
71 
72  return (session_id().'::'.$client);
73  }
74 
75  // Service methods
76  function loginCAS($client, $PT, $username)
77  {
78  $this->__initAuthenticationObject(AUTH_CAS);
79  $this->sauth->setClient($client);
80  $this->sauth->setUsername($username);
81  $this->sauth->setPT($PT);
82  $authenticated = true;
83  //include_once("./Services/CAS/classes/class.ilCASAuth.php");
84  //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
85  if(!$this->sauth->authenticate())
86  {
87  $authenticated = false;
88  }
89  if(!$authenticated)
90  {
91  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
92  }
93  return $this->sauth->getSid().'::'.$client;
94  }
95 
96  // Service methods
97  function loginLDAP($client, $username, $password)
98  {
99  return $this->login($client, $username, $password);
100  }
101 
102  function logout($sid)
103  {
104  $this->initAuth($sid);
105  $this->initIlias();
106 
107  if(!$this->__checkSession($sid))
108  {
109  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
110  }
111 
112  global $ilAuth;
113  $ilAuth->logout();
114  session_destroy();
115  return true;
116 
117  /*
118  if(!$this->sauth->logout())
119  {
120  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
121  }
122 
123  return true;
124  */
125  }
126 
127  function lookupUser($sid,$user_name)
128  {
129  $this->initAuth($sid);
130  $this->initIlias();
131 
132  if(!$this->__checkSession($sid))
133  {
134  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
135  }
136 
137  if(!strlen($user_name))
138  {
139  return $this->__raiseError('No username given. Aborting','Client');
140  }
141 
142  global $rbacsystem, $ilUser ;
143 
144  if(strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
145  {
146  return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
147  }
148 
149  $user_id = ilObjUser::getUserIdByLogin($user_name);
150 
151 
152  return $user_id ? $user_id : "0";
153 
154  }
155 
156  function getUser($sid,$user_id)
157  {
158  $this->initAuth($sid);
159  $this->initIlias();
160 
161  if(!$this->__checkSession($sid))
162  {
163  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
164  }
165 
166  global $rbacsystem, $ilUser;
167 
168  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
169  {
170  return $this->__raiseError('Check access failed.','Server');
171  }
172 
173  if($ilUser->getLoginByUserId($user_id))
174  {
175  $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
176  $usr_data = $this->__readUserData($tmp_user);
177 
178  return $usr_data;
179  }
180  return $this->__raiseError('User does not exist','Client');
181  }
182 
186  function updateUser($sid,$user_data)
187  {
191  $this->initAuth($sid);
192  $this->initIlias();
193 
194  if(!$this->__checkSession($sid))
195  {
196  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
197  }
198 
199  global $rbacsystem, $ilUser, $log;
200 
201  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
202  {
203  return $this->__raiseError('Check access failed.','Server');
204  }
205 
206  if(!$user_obj =& ilObjectFactory::getInstanceByObjId($user_data['usr_id'],false))
207  {
208  return $this->__raiseError('User with id '.$user_data['usr_id'].' does not exist.','Client');
209  }
210 
211  $user_old = $this->__readUserData($user_obj);
212  $user_new = $this->__substituteUserData($user_old,$user_data);
213 
214  if(!$this->__validateUserData($user_new,false))
215  {
216  return $this->__raiseError($this->__getMessage(),'Client');
217  }
218 
219  if(strlen($user_data['passwd']) != 32)
220  {
221  $user_new['passwd_type'] = IL_PASSWD_PLAIN;
222  }
223  else
224  {
225  $user_new['passwd_type'] = IL_PASSWD_CRYPTED;
226  }
227  $this->__setUserData($user_obj,$user_new);
228 
229  $log->write('SOAP: updateUser()');
230  $user_obj->update();
231 
232  if($user_data['accepted_agreement'] && $user_obj->hasToAcceptTermsOfService())
233  {
234  $user_obj->writeAccepted();
235  }
236 
237  return true;
238  }
239 
243  function updatePassword($sid,$user_id,$new_password)
244  {
245  $this->initAuth($sid);
246  $this->initIlias();
247 
248  if(!$this->__checkSession($sid))
249  {
250  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
251  }
252 
253  global $rbacsystem;
254 
255  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
256  {
257  return $this->__raiseError('Check access failed.','Server');
258  }
259 
260  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
261  {
262  return $this->__raiseError('No valid user_id given.','Client');
263  }
264 
265  $tmp_user->replacePassword($new_password);
266 
267  return true;
268  }
269 
273  function addUser($sid,$user_data,$global_role_id)
274  {
275  $this->initAuth($sid);
276  $this->initIlias();
277 
278  if(!$this->__checkSession($sid))
279  {
280  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
281  }
282 
283  global $rbacsystem, $rbacreview, $ilLog, $rbacadmin,$ilSetting;
284 
285  if(!$rbacsystem->checkAccess('create_usr',USER_FOLDER_ID))
286  {
287  return $this->__raiseError('Check access failed.','Server');
288  }
289 
290  // Validate user_data
291  if(!$this->__validateUserData($user_data))
292  {
293  return $this->__raiseError($this->__getMessage(),'Client');
294  }
295  // Validate global role
296  if(!$global_role_id)
297  {
298  return $this->__raiseError('No role id given','Client');
299  }
300 
301  // Validate global role
302 
303  $global_roles = $rbacreview->getGlobalRoles();
304 
305  if(!in_array($global_role_id,$global_roles))
306  {
307  return $this->__raiseError('Role with id: '.$global_role_id.' is not a valid global role','Client');
308  }
309 
310  $new_user =& new ilObjUser();
311 
312  if(strlen($user_data['passwd']) != 32)
313  {
314  $user_data['passwd_type'] = IL_PASSWD_PLAIN;
315  }
316  else
317  {
318  $user_data['passwd_type'] = IL_PASSWD_CRYPTED;
319  }
320  $this->__setUserData($new_user,$user_data);
321 
322  $ilLog->write('SOAP: addUser()');
323 
324  // Need this for entry in object_data
325  $new_user->setTitle($new_user->getFullname());
326  $new_user->setDescription($new_user->getEmail());
327 
328  if ($user_data["import_id"] != "")
329  {
330  $new_user->setImportId($user_data["import_id"]);
331  }
332 
333  $new_user->create();
334 
335 
336  $new_user->saveAsNew();
337 
338  // If agreement is given. Set user agreement accepted.
339  if($user_data['accepted_agreement'])
340  {
341  $new_user->writeAccepted();
342  }
343 
344  // Assign role
345  $rbacadmin->assignUser($global_role_id,$new_user->getId());
346 
347  // Assign user prefs
348  $new_user->setLanguage($user_data['user_language']);
349  $new_user->setPref('style',$user_data['user_style']);
350  $new_user->setPref('skin',$user_data['user_skin']);
351  $new_user->setPref('hits_per_page',$ilSetting->get('hits_per_page'));
352  $new_user->setPref('show_users_online',$ilSetting->get('show_users_online'));
353  $new_user->writePrefs();
354 
355  return $new_user->getId();
356  }
357 
361  function deleteUser($sid,$user_id)
362  {
363  $this->initAuth($sid);
364  $this->initIlias();
365 
366  if(!$this->__checkSession($sid))
367  {
368  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
369  }
370 
371  if(!isset($user_id))
372  {
373  return $this->__raiseError('No user_id given. Aborting','Client');
374  }
375 
376  global $rbacsystem, $ilUser, $log;
377 
378  if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
379  {
380  return $this->__raiseError('Check access failed.','Server');
381  }
382 
383  if(!$ilUser->getLoginByUserId($user_id))
384  {
385  return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
386  }
387  if($ilUser->getId() == $user_id)
388  {
389  return $this->__raiseError('Cannot delete myself. Aborting','Client');
390  }
391  if($user_id == SYSTEM_USER_ID)
392  {
393  return $this->__raiseError('Cannot delete root account. Aborting','Client');
394  }
395  // Delete him
396  $log->write('SOAP: deleteUser()');
397  $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
398  $delete_user->delete();
399 
400  return true;
401  }
402 
403 
404 
405 
406  // PRIVATE
407  function __validateUserData(&$user_data,$check_complete = true)
408  {
409  global $lng,$styleDefinition,$ilLog;
410 
411  $this->__setMessage('');
412 
413  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
414  $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(
415  ilAuthUtils::_getAuthMode($user_data['auth_mode']));
416 
417  if($check_complete)
418  {
419  if(!isset($user_data['login']))
420  {
421  $this->__appendMessage('No login given.');
422  }
423  if(!isset($user_data['passwd']) and !$allow_empty_password)
424  {
425  $this->__appendMessage('No password given.');
426  }
427  if(!isset($user_data['email']))
428  {
429  $this->__appendMessage('No email given');
430  }
431  if(!isset($user_data['user_language']))
432  {
433  $user_data['user_language'] = $lng->getDefaultLanguage();
434  }
435  }
436  foreach($user_data as $field => $value)
437  {
438  switch($field)
439  {
440  case 'login':
441  if (!ilUtil::isLogin($value))
442  {
443  $this->__appendMessage('Login invalid.');
444  }
445 
446  // check loginname
447  if($check_complete)
448  {
449  if (ilObjUser::_loginExists($value))
450  {
451  $this->__appendMessage('Login already exists.');
452  }
453  }
454  break;
455 
456  case 'passwd':
457  if(!strlen($value) and $allow_empty_password)
458  {
459  break;
460  }
461  if (!ilUtil::isPassword($value))
462  {
463  $this->__appendMessage('Password invalid.');
464  }
465  break;
466 
467  case 'email':
468  if(!ilUtil::is_email($value))
469  {
470  $this->__appendMessage('Email invalid.');
471  }
472  break;
473 
474  case 'time_limit_unlimited':
475  if($value != 1)
476  {
477  if($user_data['time_limit_from'] >= $user_data['time_limit_until'])
478  {
479  $this->__appendMessage('Time limit invalid');
480  }
481  }
482  break;
483 
484  case 'user_language':
485  $lang_inst = $lng->getInstalledLanguages();
486 
487  if(!in_array($user_data['user_language'],$lang_inst))
488  {
489  $this->__appendMessage('Language: '.$user_data['user_language'].' is not installed');
490  }
491  break;
492 
493 
494  case 'user_skin':
495  case 'user_style':
496  if(($user_data['user_skin'] and !$user_data['user_style']) or
497  (!$user_data['user_skin'] and $user_data['user_style']))
498  {
499  $this->__appendMessage('user_skin, user_style not valid.');
500  }
501  elseif($user_data['user_skin'] and $user_data['user_style'])
502  {
503  $ok = false;
504  $templates = $styleDefinition->getAllTemplates();
505  if (count($templates) > 0 && is_array($templates))
506  {
507  foreach($templates as $template)
508  {
509  $styleDef =& new ilStyleDefinition($template["id"]);
510  $styleDef->startParsing();
511  $styles = $styleDef->getStyles();
512  foreach ($styles as $style)
513  {
514  if ($user_data['user_skin'] == $template["id"] &&
515  $user_data['user_style'] == $style["id"])
516  {
517  $ok = true;
518  }
519  }
520  }
521  if(!$ok)
522  {
523  $this->__appendMessage('user_skin, user_style not valid.');
524  }
525  }
526  }
527  break;
528 
529  case 'time_limit_owner':
530  $type = ilObject::_lookupType($user_data['time_limit_owner'],true);
531  if($type != 'cat' and $type != 'usrf')
532  {
533  $this->__appendMessage('time_limit_owner must be ref_id of category or user folder'.$type);
534  }
535  break;
536 
537 
538 
539  default:
540  continue;
541  }
542  }
543  return strlen($this->__getMessage()) ? false : true;
544  }
545 
546  function __setUserData(&$user_obj,&$user_data)
547  {
548  // Default to unlimited if no access period is given
549  if(!$user_data['time_limit_from'] and
550  !$user_data['time_limit_until'] and
551  !$user_data['time_limit_unlimited'])
552  {
553  $user_data['time_limit_unlimited'] = 1;
554  }
555  if(!$user_data['time_limit_owner'])
556  {
557  $user_data['time_limit_owner'] = USER_FOLDER_ID;
558  }
559 
560 
561  // not supported fields by update/addUser
562  $user_data['im_icq'] = $user_obj->getInstantMessengerId('icq');
563  $user_data['im_yahoo'] = $user_obj->getInstantMessengerId('yahoo');
564  $user_data['im_msn'] = $user_obj->getInstantMessengerId('msn');
565  $user_data['im_aim'] = $user_obj->getInstantMessengerId('aim');
566  $user_data['im_skype'] = $user_obj->getInstantMessengerId('skype');
567  $user_data['im_jabber'] = $user_obj->getInstantMessengerId('jabber');
568  $user_data['im_voip'] = $user_obj->getInstantMessengerId('voip');
569 
570  $user_data['delicious'] = $user_obj->getDelicious();
571  $user_data['latitude'] = $user_obj->getLatitude();
572  $user_data['longitude'] = $user_obj->getLongitude();
573  $user_data['loc_zoom'] = $user_obj->getLocationZoom();
574 
575 
576  $user_data['auth_mode'] = $user_obj->getAuthMode();
577  $user_data['ext_account'] = $user_obj->getExternalAccount();
578  $user_obj->assignData($user_data);
579 
580  if(isset($user_data['user_language']))
581  {
582  $user_obj->setLanguage($user_data['user_language']);
583  }
584  if(isset($user_data['user_skin']) and isset($user_data['user_style']))
585  {
586  $user_obj->setPref('skin',$user_data['user_skin']);
587  $user_obj->setPref('style',$user_data['user_style']);
588  }
589  return true;
590  }
591 
592  function __readUserData(&$usr_obj)
593  {
594  $usr_data['usr_id'] = $usr_obj->getId();
595  $usr_data['login'] = $usr_obj->getLogin();
596  $usr_data['passwd'] = $usr_obj->getPasswd();
597  $usr_data['passwd_type'] = $usr_obj->getPasswdType();
598  $usr_data['firstname'] = $usr_obj->getFirstname();
599  $usr_data['lastname'] = $usr_obj->getLastname();
600  $usr_data['title'] = $usr_obj->getUTitle();
601  $usr_data['gender'] = $usr_obj->getGender();
602  $usr_data['email'] = $usr_obj->getEmail();
603  $usr_data['institution'] = $usr_obj->getInstitution();
604  $usr_data['street'] = $usr_obj->getStreet();
605  $usr_data['city'] = $usr_obj->getCity();
606  $usr_data['zipcode'] = $usr_obj->getZipcode();
607  $usr_data['country'] = $usr_obj->getCountry();
608  $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
609  $usr_data['last_login'] = $usr_obj->getLastLogin();
610  $usr_data['last_update'] = $usr_obj->getLastUpdate();
611  $usr_data['create_date'] = $usr_obj->getCreateDate();
612  $usr_data['hobby'] = $usr_obj->getHobby();
613  $usr_data['department'] = $usr_obj->getDepartment();
614  $usr_data['phone_home'] = $usr_obj->getPhoneHome();
615  $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
616  $usr_data['fax'] = $usr_obj->getFax();
617  $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
618  $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
619  $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
620  $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
621  $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
622  $usr_data['referral_comment'] = $usr_obj->getComment();
623  $usr_data['matriculation'] = $usr_obj->getMatriculation();
624  $usr_data['active'] = $usr_obj->getActive();
625  $usr_data['approve_date'] = $usr_obj->getApproveDate();
626  $usr_data['user_skin'] = $usr_obj->getPref('skin');
627  $usr_data['user_style'] = $usr_obj->getPref('style');
628  $usr_data['user_language'] = $usr_obj->getLanguage();
629  $usr_data['auth_mode'] = $usr_obj->getAuthMode();
630  $usr_data['accepted_agreement'] = !$usr_obj->hasToAcceptTermsOfService();
631  $usr_data['import_id'] = $usr_obj->getImportId();
632 
633  return $usr_data;
634  }
635 
636  function __substituteUserData($user_old,$user_new)
637  {
638  foreach($user_new as $key => $value)
639  {
640  $user_old[$key] = $value;
641  }
642  return $user_old ? $user_old : array();
643  }
644 
651  function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
652  {
653  $this->initAuth($sid);
654  $this->initIlias();
655 
656  if(!$this->__checkSession($sid))
657  {
658  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
659  }
660 
661 
662  include_once './Services/User/classes/class.ilUserImportParser.php';
663  include_once './Services/AccessControl/classes/class.ilObjRole.php';
664  include_once './Services/Object/classes/class.ilObjectFactory.php';
665  global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
666 
667  // this takes time but is nescessary
668  $error = false;
669 
670 
671  // validate to prevent wrong XMLs
672  $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
673  if ($error)
674  {
675  $msg = array();
676  if (is_array($error))
677  {
678  foreach ($error as $err) {
679  $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
680  }
681  }
682  else
683  {
684  $msg[] = $error;
685  }
686  $msg = join("\n",$msg);
687  return $this->__raiseError($msg, "Client");
688  }
689 
690 
691  switch ($conflict_rule)
692  {
693  case 2:
694  $conflict_rule = IL_UPDATE_ON_CONFLICT;
695  break;
696  case 3:
697  $conflict_rule = IL_IGNORE_ON_CONFLICT;
698  break;
699  default:
700  $conflict_rule = IL_FAIL_ON_CONFLICT;
701  }
702 
703 
704  // folder id 0, means to check permission on user basis!
705  // must have create user right in time_limit_owner property (which is ref_id of container)
706  if ($folder_id != 0)
707  {
708  // determine where to import
709  if ($folder_id == -1)
710  $folder_id = USER_FOLDER_ID;
711 
712  // get folder
713  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
714  // id does not exist
715  if (!$import_folder)
716  return $this->__raiseError('Wrong reference id.','Server');
717 
718  // folder is not a folder, can also be a category
719  if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
720  return $this->__raiseError('Folder must be a usr folder or a category.','Server');
721 
722  // check access to folder
723  if(!$rbacsystem->checkAccess('create_usr',$folder_id))
724  {
725  return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
726  }
727  }
728 
729  // first verify
730 
731 
732  $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
733  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
734  $importParser->setXMLContent($usr_xml);
735  $importParser->startParsing();
736 
737  switch ($importParser->getErrorLevel())
738  {
739  case IL_IMPORT_SUCCESS :
740  break;
741  case IL_IMPORT_WARNING :
742  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
743  break;
744  case IL_IMPORT_FAILURE :
745  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
746  }
747 
748  // verify is ok, so get role assignments
749 
750  $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
751  $importParser->setXMLContent($usr_xml);
752  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
753  $importParser->startParsing();
754 
755  $roles = $importParser->getCollectedRoles();
756 
757  //print_r($roles);
758 
759 
760 
761  // roles to be assigned, skip if one is not allowed!
762  $permitted_roles = array();
763  foreach ($roles as $role_id => $role)
764  {
765  if (!is_numeric ($role_id))
766  {
767  // check if internal id
768  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
769 
770  if (is_numeric($internalId))
771  {
772  $role_id = $internalId;
773  $role_name = $role_id;
774  }
775 /* else // perhaps it is a rolename
776  {
777  $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
778  $role_name = $role->title;
779  $role_id = $role->role_id;
780  }*/
781  }
782 
783  if($this->isPermittedRole($folder_id,$role_id))
784  {
785  $permitted_roles[$role_id] = $role_id;
786  }
787  else
788  {
789  $role_name = ilObject::_lookupTitle($role_id);
790  return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
791  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
792  }
793  }
794 
795  $global_roles = $rbacreview->getGlobalRoles();
796 
797  //print_r ($global_roles);
798 
799 
800 
801  foreach ($permitted_roles as $role_id => $role_name)
802  {
803  if ($role_id != "")
804  {
805  if (in_array($role_id, $global_roles))
806  {
807  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
808  || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
809  )
810  {
811  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
812  }
813  }
814  else
815  {
816  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
817  if ($rbacreview->isDeleted($rolf[0])
818  || ! $rbacsystem->checkAccess('write',$rolf[0]))
819  {
820 
821  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
822  }
823  }
824  }
825  }
826 
827  //print_r ($permitted_roles);
828 
829  $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
830  $importParser->setSendMail($send_account_mail);
831  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
832  $importParser->setFolderId($folder_id);
833  $importParser->setXMLContent($usr_xml);
834 
835  $importParser->setRoleAssignment($permitted_roles);
836 
837  $importParser->startParsing();
838 
839  if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
840  {
841  return $this->__getUserMappingAsXML ($importParser->getUserMapping());
842  }
843  return $this->__getImportProtocolAsXML ($importParser->getProtocol());
844 
845  }
846 
854  protected function isPermittedRole($a_folder,$a_role)
855  {
856  static $checked_roles = array();
857  static $global_roles = null;
858 
859 
860  if(isset($checked_roles[$a_role]))
861  {
862  return $checked_roles[$a_role];
863  }
864 
865  global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
866 
867  $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
868  $location = $locations[0];
869 
870  // global role
871  if($location == ROLE_FOLDER_ID)
872  {
873  $ilLog->write(__METHOD__.': Check global role');
874  // check assignment permission if called from local admin
875 
876 
877  if($a_folder != USER_FOLDER_ID and $a_folder != 0)
878  {
879  $ilLog->write(__METHOD__.': '.$a_folder);
880  include_once './Services/AccessControl/classes/class.ilObjRole.php';
881  if(!ilObjRole::_getAssignUsersStatus($a_role))
882  {
883  $ilLog->write(__METHOD__.': No assignment allowed');
884  $checked_roles[$a_role] = false;
885  return false;
886  }
887  }
888  // exclude anonymous role from list
889  if ($a_role == ANONYMOUS_ROLE_ID)
890  {
891  $ilLog->write(__METHOD__.': Anonymous role chosen.');
892  $checked_roles[$a_role] = false;
893  return false;
894  }
895  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
896  if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
897  {
898  $ilLog->write(__METHOD__.': System role assignment forbidden.');
899  $checked_roles[$a_role] = false;
900  return false;
901  }
902 
903  // Global role assignment ok
904  $ilLog->write(__METHOD__.': Assignment allowed.');
905  $checked_roles[$a_role] = true;
906  return true;
907  }
908  elseif($location)
909  {
910  $ilLog->write(__METHOD__.': Check local role.');
911 
912  // It's a local role
913  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
914  $rolf = $rolfs[0];
915 
916 
917  // only process role folders that are not set to status "deleted"
918  // and for which the user has write permissions.
919  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
920  // (The ROLE_FOLDER_ID folder contains the global roles).
921  if($rbacreview->isDeleted($rolf)
922  || !$rbacsystem->checkAccess('edit_permission',$rolf))
923  {
924  $ilLog->write(__METHOD__.': Role deleted or no permission.');
925  $checked_roles[$a_role] = false;
926  return false;
927  }
928  // A local role is only displayed, if it is contained in the subtree of
929  // the localy administrated category. If the import function has been
930  // invoked from the user folder object, we show all local roles, because
931  // the user folder object is considered the parent of all local roles.
932  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
933  // isInSubtree variable with true. In all other cases it is initialized
934  // with false, and only set to true if we find the object id of the
935  // locally administrated category in the tree path to the local role.
936  if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
937  {
938  $ilLog->write(__METHOD__.': Not in path of category.');
939  $checked_roles[$a_role] = false;
940  return false;
941  }
942  $ilLog->write(__METHOD__.': Assignment allowed.');
943  $checked_roles[$a_role] = true;
944  return true;
945  }
946  }
947 
948 
952  function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
953  {
954  $this->initAuth($sid);
955  $this->initIlias();
956 
957  if(!$this->__checkSession($sid))
958  {
959  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
960  }
961 
962  global $ilDB, $tree, $rbacreview, $rbacsystem;
963 
964  if ($ref_id == -1)
965  $ref_id = USER_FOLDER_ID;
966 
967  $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
968  if ($this->isFault($object))
969  return $object;
970 
971  $data = array();
972  switch ($object->getType()) {
973  case "usrf":
974  $data = ilObjUser::_getUsersForFolder(USER_FOLDER_ID, $active);
975  break;
976  case "cat":
977  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
978  break;
979  case "crs":
980  {
981  // GET ALL MEMBERS
982  $roles = $object->__getLocalRoles();
983 
984  foreach($roles as $role_id)
985  {
986  $data = array_merge($rbacreview->assignedUsers($role_id, array()),$data);
987  }
988 
989  break;
990  }
991  case "grp":
992  $member_ids = $object->getGroupMemberIds();
993  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
994  break;
995  case "sess":
996  $course_ref_id = $tree->checkForParentType($ref_id,'crs');
997  if(!$course_ref_id)
998  {
999  return $this->__raiseError("No course for session", "Client");
1000  }
1001 
1002  $event_obj_id = ilObject::_lookupObjId($ref_id);
1003  include_once 'Modules/Session/classes/class.ilEventParticipants.php';
1004  $event_part = new ilEventParticipants($event_obj_id);
1005  $member_ids = array_keys($event_part->getParticipants());
1006  $data = ilObjUser::_getUsersForIds($member_ids, $active);
1007  break;
1008  }
1009 
1010  if (is_array($data))
1011  {
1012  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1013 
1014  $xmlWriter = new ilUserXMLWriter();
1015  $xmlWriter->setObjects($data);
1016  $xmlWriter->setAttachRoles ($attachRoles);
1017 
1018  if($xmlWriter->start())
1019  {
1020  return $xmlWriter->getXML();
1021  }
1022  }
1023  return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
1024  }
1025 
1026 
1030  function getUserForRole($sid, $role_id, $attachRoles, $active)
1031  {
1032  $this->initAuth($sid);
1033  $this->initIlias();
1034 
1035  if(!$this->__checkSession($sid))
1036  {
1037  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1038  }
1039 
1040  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1041  global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
1042 
1043 
1044  $global_roles = $rbacreview->getGlobalRoles();
1045 
1046 
1047  if (in_array($role_id, $global_roles))
1048  {
1049  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
1050  )
1051  {
1052  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1053  }
1054  }
1055  else
1056  {
1057  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
1058  if ($rbacreview->isDeleted($rolf[0])
1059  || ! $rbacsystem->checkAccess('write',$rolf[0]))
1060  {
1061  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1062  }
1063  include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
1064  $privacy = ilPrivacySettings::_getInstance();
1065  if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
1066  !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
1067  return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
1068  }
1069 
1070 
1071  }
1072 
1073  $data = ilObjUser::_getUsersForRole($role_id, $active);
1074  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1075 
1076  $xmlWriter = new ilUserXMLWriter();
1077  $xmlWriter->setAttachRoles($attachRoles);
1078 
1079  $xmlWriter->setObjects($data);
1080 
1081  if($xmlWriter->start())
1082  {
1083  return $xmlWriter->getXML();
1084  }
1085  return $this->__raiseError('Error in getUsersForRole','Server');
1086  }
1087 
1088 
1089 
1094  function __getImportProtocolAsXML ($a_array)
1095  {
1096  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1097  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1098 
1099  $xmlResultSet = new ilXMLResultSet ();
1100  $xmlResultSet->addColumn ("userid");
1101  $xmlResultSet->addColumn ("login");
1102  $xmlResultSet->addColumn ("action");
1103  $xmlResultSet->addColumn ("message");
1104 
1105  foreach ($a_array as $username => $messages)
1106  {
1107  foreach ($messages as $message)
1108  {
1109 
1110  $xmlRow = new ilXMLResultSetRow ();
1111  $xmlRow->setValue (0, 0);
1112  $xmlRow->setValue (1, $username);
1113  $xmlRow->setValue (2, "");
1114  $xmlRow->setValue (3, $message);
1115 
1116  $xmlResultSet->addRow ($xmlRow);
1117  }
1118  }
1119 
1120  $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
1121 
1122  if ($xml_writer->start ())
1123  return $xml_writer->getXML();
1124 
1125  return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
1126  }
1127 
1134  function __getUserMappingAsXML ($a_array)
1135  {
1136  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1137  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1138 
1139  $xmlResultSet = new ilXMLResultSet ();
1140  $xmlResultSet->addColumn ("userid");
1141  $xmlResultSet->addColumn ("login");
1142  $xmlResultSet->addColumn ("action");
1143  $xmlResultSet->addColumn ("message");
1144 
1145  if (count($a_array))
1146  foreach ($a_array as $username => $message)
1147  {
1148  $xmlRow = new ilXMLResultSetRow ();
1149  $xmlRow->setValue (0, $username);
1150  $xmlRow->setValue (1, $message["login"]);
1151  $xmlRow->setValue (2, $message["action"]);
1152  $xmlRow->setValue (3, $message["message"]);
1153 
1154  $xmlResultSet->addRow ($xmlRow);
1155  }
1156 
1157  $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
1158 
1159  if ($xml_writer->start ())
1160  return $xml_writer->getXML();
1161 
1162  return $this->__raiseError('Error in __getUserMappingAsXML','Server');
1163 
1164  }
1165 
1174  function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
1175 
1176  $this->initAuth($sid);
1177  $this->initIlias();
1178 
1179  if(!$this->__checkSession($sid))
1180  {
1181  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1182  }
1183 
1184  global $ilDB, $rbacsystem;
1185 
1186  if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
1187  {
1188  return $this->__raiseError('Check access failed.','Server');
1189  }
1190 
1191 
1192  if (!count($a_keyfields))
1193  $this->__raiseError('At least one keyfield is needed','Client');
1194 
1195  if (!count ($a_keyvalues))
1196  $this->__raiseError('At least one keyvalue is needed','Client');
1197 
1198  if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
1199  $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
1200 
1201 
1202  $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
1203 
1204  $query = "SELECT usr_data.*, usr_pref.value AS language
1205  FROM usr_data
1206  LEFT JOIN usr_pref
1207  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = ".
1208  $ilDB->quote("language", "text").
1209  "'language'
1210  WHERE 1 = 1 ".$query;
1211 
1212  if (is_numeric($active) && $active > -1)
1213  $query .= " AND active = ". $ilDB->quote($active);
1214 
1215  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
1216 
1217  //echo $query;
1218 
1219  $r = $ilDB->query($query);
1220 
1221  $data = array();
1222 
1223  while($row = $ilDB->fetchAssoc($r))
1224  {
1225  $data[] = $row;
1226  }
1227 
1228  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1229 
1230  $xmlWriter = new ilUserXMLWriter();
1231  $xmlWriter->setAttachRoles($attach_roles);
1232 
1233  $xmlWriter->setObjects($data);
1234 
1235  if($xmlWriter->start())
1236  {
1237  return $xmlWriter->getXML();
1238  }
1239  return $this->__raiseError('Error in searchUser','Server');
1240  }
1241 
1250  function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
1251  global $ilDB;
1252  $query = array();
1253 
1254  $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
1255 
1256  foreach ($a_keyfields as $keyfield)
1257  {
1258  $keyfield = strtolower($keyfield);
1259 
1260  if (!in_array($keyfield, $allowed_fields))
1261  continue;
1262 
1263  $field_query = array ();
1264  foreach ($a_keyvalues as $keyvalue)
1265  {
1266  if (strlen($keyvalue) >= 3) {
1267  $field_query []= $keyfield." like '%".$keyvalue."%'";
1268  }
1269 
1270  }
1271  if (count($field_query))
1272  $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
1273 
1274  }
1275 
1276  return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
1277  }
1278 
1279 
1287  function getUserXML($sid, $a_user_ids, $attach_roles)
1288  {
1289  $this->initAuth($sid);
1290  $this->initIlias();
1291 
1292  if(!$this->__checkSession($sid))
1293  {
1294  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1295  }
1296 
1297  global $rbacsystem, $ilUser, $ilDB;
1298 
1299  // check if own account
1300  $is_self = false;
1301  if(is_array($a_user_ids) and count($a_user_ids) == 1)
1302  {
1303  if(end($a_user_ids) == $ilUser->getId())
1304  {
1305  $is_self = true;
1306  }
1307  }
1308  elseif(is_numeric($a_user_ids))
1309  {
1310  if($a_user_ids == $ilUser->getId())
1311  {
1312  $is_self = true;
1313  }
1314  }
1315 
1316  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID) and !$is_self)
1317  {
1318  return $this->__raiseError('Check access failed.','Server');
1319  }
1320 
1321  // begin-patch filemanager
1322  $data = ilObjUser::_getUserData((array) $a_user_ids);
1323  // end-patch filemanager
1324 
1325  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1326  $xmlWriter = new ilUserXMLWriter();
1327  $xmlWriter->setAttachRoles($attach_roles);
1328  $xmlWriter->setObjects($data);
1329 
1330  if($xmlWriter->start())
1331  {
1332  return $xmlWriter->getXML();
1333  }
1334 
1335  return $this->__raiseError('User does not exist','Client');
1336  }
1337 
1338 
1339  // has new mail
1340  function hasNewMail($sid)
1341  {
1342  $this->initAuth($sid);
1343  $this->initIlias();
1344 
1345  if(!$this->__checkSession($sid))
1346  {
1347  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1348  }
1349 
1350  global $ilUser;
1351 
1352  include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
1353  if(ilMailGlobalServices::getNumberOfNewMailsByUserId($ilUser->getId()) > 0)
1354  {
1355  return true;
1356  }
1357  else
1358  {
1359  return false;
1360  }
1361  }
1362 
1363  public function getUserIdBySid($sid)
1364  {
1365  $this->initAuth($sid);
1366  $this->initIlias();
1367 
1368  if(!$this->__checkSession($sid))
1369  {
1370  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1371  }
1372 
1373  global $ilDB;
1374 
1375  $parts = explode('::', $sid);
1376  $query = "SELECT usr_id FROM usr_session "
1377  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1378  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1379  $data = $ilDB->fetchAssoc($res);
1380 
1381  if(!(int)$data['usr_id'])
1382  {
1383  $this->__raiseError('User does not exist', 'Client');
1384  }
1385 
1386  return (int)$data['usr_id'];
1387  }
1388 
1389 }
1390 ?>