ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2  /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
36 {
38  {
40  }
41 
42 
43  // Service methods
44  function login($client,$username,$password)
45  {
46  $_COOKIE['ilClientId'] = $client;
47  $_POST['username'] = $username;
48  $_POST['password'] = $password;
49  unset($_COOKIE['PHPSESSID']);
50 
51  include_once './include/inc.header.php';
52 
53  ilUtil::setCookie('ilClientId',$client);
54 
55  global $ilUser;
56  if(!$ilUser->hasAcceptedUserAgreement())
57  {
58  return $this->__raiseError('User agreement not accepted', 'Server');
59  }
60  return (session_id().'::'.$client);
61  }
62 
63  // Service methods
64  function loginCAS($client, $PT, $username)
65  {
67  $this->sauth->setClient($client);
68  $this->sauth->setUsername($username);
69  $this->sauth->setPT($PT);
70  $authenticated = true;
71  //include_once("./Services/CAS/classes/class.ilCASAuth.php");
72  //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
73  if(!$this->sauth->authenticate())
74  {
75  $authenticated = false;
76  }
77  if(!$authenticated)
78  {
79  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
80  }
81  return $this->sauth->getSid().'::'.$client;
82  }
83 
84  // Service methods
85  function loginLDAP($client, $username, $password)
86  {
87  return $this->login($client, $username, $password);
88  }
89 
90  function logout($sid)
91  {
92  $this->initAuth($sid);
93  $this->initIlias();
94 
95  if(!$this->__checkSession($sid))
96  {
97  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
98  }
99 
100  global $ilAuth;
101  $ilAuth->logout();
102  session_destroy();
103  return true;
104 
105  /*
106  if(!$this->sauth->logout())
107  {
108  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
109  }
110 
111  return true;
112  */
113  }
114 
115  function lookupUser($sid,$user_name)
116  {
117  $this->initAuth($sid);
118  $this->initIlias();
119 
120  if(!$this->__checkSession($sid))
121  {
122  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
123  }
124 
125  if(!strlen($user_name))
126  {
127  return $this->__raiseError('No username given. Aborting','Client');
128  }
129 
130  global $rbacsystem, $ilUser ;
131 
132 
133  if($ilUser->getLogin() != $user_name && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
134  {
135  return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
136  }
137 
138  $user_id = ilObjUser::getUserIdByLogin($user_name);
139 
140 
141  return $user_id ? $user_id : "0";
142 
143  }
144 
145  function getUser($sid,$user_id)
146  {
147  $this->initAuth($sid);
148  $this->initIlias();
149 
150  if(!$this->__checkSession($sid))
151  {
152  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
153  }
154 
155  global $rbacsystem, $ilUser;
156 
157  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
158  {
159  return $this->__raiseError('Check access failed.','Server');
160  }
161 
162  if($ilUser->getLoginByUserId($user_id))
163  {
164  $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
165  $usr_data = $this->__readUserData($tmp_user);
166 
167  return $usr_data;
168  }
169  return $this->__raiseError('User does not exist','Client');
170  }
171 
172  function updateUser($sid,$user_data)
173  {
174  $this->initAuth($sid);
175  $this->initIlias();
176 
177  if(!$this->__checkSession($sid))
178  {
179  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
180  }
181 
182  global $rbacsystem, $ilUser, $log;
183 
184  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
185  {
186  return $this->__raiseError('Check access failed.','Server');
187  }
188 
189  if(!$user_obj =& ilObjectFactory::getInstanceByObjId($user_data['usr_id'],false))
190  {
191  return $this->__raiseError('User with id '.$user_data['usr_id'].' does not exist.','Client');
192  }
193 
194  $user_old = $this->__readUserData($user_obj);
195  $user_new = $this->__substituteUserData($user_old,$user_data);
196 
197  if(!$this->__validateUserData($user_new,false))
198  {
199  return $this->__raiseError($this->__getMessage(),'Client');
200  }
201 
202  if(strlen($user_data['passwd']) != 32)
203  {
204  $user_new['passwd_type'] = IL_PASSWD_PLAIN;
205  }
206  else
207  {
208  $user_new['passwd_type'] = IL_PASSWD_MD5;
209  }
210  $this->__setUserData($user_obj,$user_new);
211 
212  $log->write('SOAP: updateUser()');
213  $user_obj->update();
214 
215  if($user_data['accepted_agreement'] and !$user_obj->hasAcceptedUserAgreement())
216  {
217  $user_obj->writeAccepted();
218  }
219 
220  return true;
221  }
222 
223  function updatePassword($sid,$user_id,$new_password)
224  {
225  $this->initAuth($sid);
226  $this->initIlias();
227 
228  if(!$this->__checkSession($sid))
229  {
230  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
231  }
232 
233  global $rbacsystem;
234 
235  if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
236  {
237  return $this->__raiseError('Check access failed.','Server');
238  }
239 
240  if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
241  {
242  return $this->__raiseError('No valid user_id given.','Client');
243  }
244 
245  $tmp_user->replacePassword($new_password);
246 
247  return true;
248  }
249 
250  function addUser($sid,$user_data,$global_role_id)
251  {
252  $this->initAuth($sid);
253  $this->initIlias();
254 
255  if(!$this->__checkSession($sid))
256  {
257  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
258  }
259 
260  global $rbacsystem, $rbacreview, $ilLog, $rbacadmin,$ilSetting;
261 
262  if(!$rbacsystem->checkAccess('create_usr',USER_FOLDER_ID))
263  {
264  return $this->__raiseError('Check access failed.','Server');
265  }
266 
267  // Validate user_data
268  if(!$this->__validateUserData($user_data))
269  {
270  return $this->__raiseError($this->__getMessage(),'Client');
271  }
272  // Validate global role
273  if(!$global_role_id)
274  {
275  return $this->__raiseError('No role id given','Client');
276  }
277 
278  // Validate global role
279 
280  $global_roles = $rbacreview->getGlobalRoles();
281 
282  if(!in_array($global_role_id,$global_roles))
283  {
284  return $this->__raiseError('Role with id: '.$global_role_id.' is not a valid global role','Client');
285  }
286 
287  $new_user =& new ilObjUser();
288 
289  if(strlen($user_data['passwd']) != 32)
290  {
291  $user_data['passwd_type'] = IL_PASSWD_PLAIN;
292  }
293  else
294  {
295  $user_data['passwd_type'] = IL_PASSWD_MD5;
296  }
297  $this->__setUserData($new_user,$user_data);
298 
299  $ilLog->write('SOAP: addUser()');
300 
301  // Need this for entry in object_data
302  $new_user->setTitle($new_user->getFullname());
303  $new_user->setDescription($new_user->getEmail());
304 
305  if ($user_data["import_id"] != "")
306  {
307  $new_user->setImportId($user_data["import_id"]);
308  }
309 
310  $new_user->create();
311 
312 
313  $new_user->saveAsNew();
314 
315  // If agreement is given. Set user agreement accepted.
316  if($user_data['accepted_agreement'])
317  {
318  $new_user->writeAccepted();
319  }
320 
321  // Assign role
322  $rbacadmin->assignUser($global_role_id,$new_user->getId());
323 
324  // Assign user prefs
325  $new_user->setLanguage($user_data['user_language']);
326  $new_user->setPref('style',$user_data['user_style']);
327  $new_user->setPref('skin',$user_data['user_skin']);
328  $new_user->setPref('hits_per_page',$ilSetting->get('hits_per_page'));
329  $new_user->setPref('show_users_online',$ilSetting->get('show_users_online'));
330  $new_user->writePrefs();
331 
332  return $new_user->getId();
333  }
334 
335  function deleteUser($sid,$user_id)
336  {
337  $this->initAuth($sid);
338  $this->initIlias();
339 
340  if(!$this->__checkSession($sid))
341  {
342  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
343  }
344 
345  if(!isset($user_id))
346  {
347  return $this->__raiseError('No user_id given. Aborting','Client');
348  }
349 
350  global $rbacsystem, $ilUser, $log;
351 
352  if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
353  {
354  return $this->__raiseError('Check access failed.','Server');
355  }
356 
357  if(!$ilUser->getLoginByUserId($user_id))
358  {
359  return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
360  }
361  if($ilUser->getId() == $user_id)
362  {
363  return $this->__raiseError('Cannot delete myself. Aborting','Client');
364  }
365  if($user_id == SYSTEM_USER_ID)
366  {
367  return $this->__raiseError('Cannot delete root account. Aborting','Client');
368  }
369  // Delete him
370  $log->write('SOAP: deleteUser()');
371  $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
372  $delete_user->delete();
373 
374  return true;
375  }
376 
377 
378 
379 
380  // PRIVATE
381  function __validateUserData(&$user_data,$check_complete = true)
382  {
383  global $lng,$styleDefinition,$ilLog;
384 
385  $this->__setMessage('');
386 
387  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
388  $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(
389  ilAuthUtils::_getAuthMode($user_data['auth_mode']));
390 
391  if($check_complete)
392  {
393  if(!isset($user_data['login']))
394  {
395  $this->__appendMessage('No login given.');
396  }
397  if(!isset($user_data['passwd']) and !$allow_empty_password)
398  {
399  $this->__appendMessage('No password given.');
400  }
401  if(!isset($user_data['email']))
402  {
403  $this->__appendMessage('No email given');
404  }
405  if(!isset($user_data['user_language']))
406  {
407  $user_data['user_language'] = $lng->getDefaultLanguage();
408  }
409  }
410  foreach($user_data as $field => $value)
411  {
412  switch($field)
413  {
414  case 'login':
415  if (!ilUtil::isLogin($value))
416  {
417  $this->__appendMessage('Login invalid.');
418  }
419 
420  // check loginname
421  if($check_complete)
422  {
423  if (ilObjUser::_loginExists($value))
424  {
425  $this->__appendMessage('Login already exists.');
426  }
427  }
428  break;
429 
430  case 'passwd':
431  if(!strlen($value) and $allow_empty_password)
432  {
433  break;
434  }
435  if (!ilUtil::isPassword($value))
436  {
437  $this->__appendMessage('Password invalid.');
438  }
439  break;
440 
441  case 'email':
442  if(!ilUtil::is_email($value))
443  {
444  $this->__appendMessage('Email invalid.');
445  }
446  break;
447 
448  case 'time_limit_unlimited':
449  if($value != 1)
450  {
451  if($user_data['time_limit_from'] >= $user_data['time_limit_until'])
452  {
453  $this->__appendMessage('Time limit invalid');
454  }
455  }
456  break;
457 
458  case 'user_language':
459  $lang_inst = $lng->getInstalledLanguages();
460 
461  if(!in_array($user_data['user_language'],$lang_inst))
462  {
463  $this->__appendMessage('Language: '.$user_data['user_language'].' is not installed');
464  }
465  break;
466 
467 
468  case 'user_skin':
469  case 'user_style':
470  if(($user_data['user_skin'] and !$user_data['user_style']) or
471  (!$user_data['user_skin'] and $user_data['user_style']))
472  {
473  $this->__appendMessage('user_skin, user_style not valid.');
474  }
475  elseif($user_data['user_skin'] and $user_data['user_style'])
476  {
477  $ok = false;
478  $templates = $styleDefinition->getAllTemplates();
479  if (count($templates) > 0 && is_array($templates))
480  {
481  foreach($templates as $template)
482  {
483  $styleDef =& new ilStyleDefinition($template["id"]);
484  $styleDef->startParsing();
485  $styles = $styleDef->getStyles();
486  foreach ($styles as $style)
487  {
488  if ($user_data['user_skin'] == $template["id"] &&
489  $user_data['user_style'] == $style["id"])
490  {
491  $ok = true;
492  }
493  }
494  }
495  if(!$ok)
496  {
497  $this->__appendMessage('user_skin, user_style not valid.');
498  }
499  }
500  }
501  break;
502 
503  case 'time_limit_owner':
504  $type = ilObject::_lookupType($user_data['time_limit_owner'],true);
505  if($type != 'cat' and $type != 'usrf')
506  {
507  $this->__appendMessage('time_limit_owner must be ref_id of category or user folder'.$type);
508  }
509  break;
510 
511 
512 
513  default:
514  continue;
515  }
516  }
517  return strlen($this->__getMessage()) ? false : true;
518  }
519 
520  function __setUserData(&$user_obj,&$user_data)
521  {
522  // Default to unlimited if no access period is given
523  if(!$user_data['time_limit_from'] and
524  !$user_data['time_limit_until'] and
525  !$user_data['time_limit_unlimited'])
526  {
527  $user_data['time_limit_unlimited'] = 1;
528  }
529  if(!$user_data['time_limit_owner'])
530  {
531  $user_data['time_limit_owner'] = USER_FOLDER_ID;
532  }
533 
534 
535  // not supported fields by update/addUser
536  $user_data['im_icq'] = $user_obj->getInstantMessengerId('icq');
537  $user_data['im_yahoo'] = $user_obj->getInstantMessengerId('yahoo');
538  $user_data['im_msn'] = $user_obj->getInstantMessengerId('msn');
539  $user_data['im_aim'] = $user_obj->getInstantMessengerId('aim');
540  $user_data['im_skype'] = $user_obj->getInstantMessengerId('skype');
541  $user_data['im_jabber'] = $user_obj->getInstantMessengerId('jabber');
542  $user_data['im_voip'] = $user_obj->getInstantMessengerId('voip');
543 
544  $user_data['delicious'] = $user_obj->getDelicious();
545  $user_data['latitude'] = $user_obj->getLatitude();
546  $user_data['longitude'] = $user_obj->getLongitude();
547  $user_data['loc_zoom'] = $user_obj->getLocationZoom();
548 
549 
550  $user_data['auth_mode'] = $user_obj->getAuthMode();
551  $user_data['ext_account'] = $user_obj->getExternalAccount();
552  $user_obj->assignData($user_data);
553 
554  if(isset($user_data['user_language']))
555  {
556  $user_obj->setLanguage($user_data['user_language']);
557  }
558  if(isset($user_data['user_skin']) and isset($user_data['user_style']))
559  {
560  $user_obj->setPref('skin',$user_data['user_skin']);
561  $user_obj->setPref('style',$user_data['user_style']);
562  }
563  return true;
564  }
565 
566  function __readUserData(&$usr_obj)
567  {
568  $usr_data['usr_id'] = $usr_obj->getId();
569  $usr_data['login'] = $usr_obj->getLogin();
570  $usr_data['passwd'] = $usr_obj->getPasswd();
571  $usr_data['passwd_type'] = $usr_obj->getPasswdType();
572  $usr_data['firstname'] = $usr_obj->getFirstname();
573  $usr_data['lastname'] = $usr_obj->getLastname();
574  $usr_data['title'] = $usr_obj->getUTitle();
575  $usr_data['gender'] = $usr_obj->getGender();
576  $usr_data['email'] = $usr_obj->getEmail();
577  $usr_data['institution'] = $usr_obj->getInstitution();
578  $usr_data['street'] = $usr_obj->getStreet();
579  $usr_data['city'] = $usr_obj->getCity();
580  $usr_data['zipcode'] = $usr_obj->getZipcode();
581  $usr_data['country'] = $usr_obj->getCountry();
582  $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
583  $usr_data['last_login'] = $usr_obj->getLastLogin();
584  $usr_data['last_update'] = $usr_obj->getLastUpdate();
585  $usr_data['create_date'] = $usr_obj->getCreateDate();
586  $usr_data['hobby'] = $usr_obj->getHobby();
587  $usr_data['department'] = $usr_obj->getDepartment();
588  $usr_data['phone_home'] = $usr_obj->getPhoneHome();
589  $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
590  $usr_data['fax'] = $usr_obj->getFax();
591  $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
592  $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
593  $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
594  $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
595  $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
596  $usr_data['referral_comment'] = $usr_obj->getComment();
597  $usr_data['matriculation'] = $usr_obj->getMatriculation();
598  $usr_data['active'] = $usr_obj->getActive();
599  $usr_data['approve_date'] = $usr_obj->getApproveDate();
600  $usr_data['user_skin'] = $usr_obj->getPref('skin');
601  $usr_data['user_style'] = $usr_obj->getPref('style');
602  $usr_data['user_language'] = $usr_obj->getLanguage();
603  $usr_data['auth_mode'] = $usr_obj->getAuthMode();
604  $usr_data['accepted_agreement'] = $usr_obj->hasAcceptedUserAgreement();
605  $usr_data['import_id'] = $usr_obj->getImportId();
606 
607  return $usr_data;
608  }
609 
610  function __substituteUserData($user_old,$user_new)
611  {
612  foreach($user_new as $key => $value)
613  {
614  $user_old[$key] = $value;
615  }
616  return $user_old ? $user_old : array();
617  }
618 
625  function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
626  {
627  $this->initAuth($sid);
628  $this->initIlias();
629 
630  if(!$this->__checkSession($sid))
631  {
632  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
633  }
634 
635 
636  include_once './Services/User/classes/class.ilUserImportParser.php';
637  include_once './Services/AccessControl/classes/class.ilObjRole.php';
638  include_once './classes/class.ilObjectFactory.php';
639  global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
640 
641  // this takes time but is nescessary
642  $error = false;
643 
644 
645  // validate to prevent wrong XMLs
646  $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
647  if ($error)
648  {
649  $msg = array();
650  if (is_array($error))
651  {
652  foreach ($error as $err) {
653  $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
654  }
655  }
656  else
657  {
658  $msg[] = $error;
659  }
660  $msg = join("\n",$msg);
661  return $this->__raiseError($msg, "Client");
662  }
663 
664 
665  switch ($conflict_rule)
666  {
667  case 2:
668  $conflict_rule = IL_UPDATE_ON_CONFLICT;
669  break;
670  case 3:
671  $conflict_rule = IL_IGNORE_ON_CONFLICT;
672  break;
673  default:
674  $conflict_rule = IL_FAIL_ON_CONFLICT;
675  }
676 
677 
678  // folder id 0, means to check permission on user basis!
679  // must have create user right in time_limit_owner property (which is ref_id of container)
680  if ($folder_id != 0)
681  {
682  // determine where to import
683  if ($folder_id == -1)
684  $folder_id = USER_FOLDER_ID;
685 
686  // get folder
687  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
688  // id does not exist
689  if (!$import_folder)
690  return $this->__raiseError('Wrong reference id.','Server');
691 
692  // folder is not a folder, can also be a category
693  if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
694  return $this->__raiseError('Folder must be a usr folder or a category.','Server');
695 
696  // check access to folder
697  if(!$rbacsystem->checkAccess('create_usr',$folder_id))
698  {
699  return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
700  }
701  }
702 
703  // first verify
704 
705 
706  $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
707  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
708  $importParser->setXMLContent($usr_xml);
709  $importParser->startParsing();
710 
711  switch ($importParser->getErrorLevel())
712  {
713  case IL_IMPORT_SUCCESS :
714  break;
715  case IL_IMPORT_WARNING :
716  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
717  break;
718  case IL_IMPORT_FAILURE :
719  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
720  }
721 
722  // verify is ok, so get role assignments
723 
724  $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
725  $importParser->setXMLContent($usr_xml);
726  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
727  $importParser->startParsing();
728 
729  $roles = $importParser->getCollectedRoles();
730 
731  //print_r($roles);
732 
733 
734 
735  // roles to be assigned, skip if one is not allowed!
736  $permitted_roles = array();
737  foreach ($roles as $role_id => $role)
738  {
739  if (!is_numeric ($role_id))
740  {
741  // check if internal id
742  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
743  $original_role_id = $role_id;
744 
745  if (is_numeric($internalId))
746  {
747  $role_id = $internalId;
748  $role_name = $role_id;
749  }
750  else
751  {
752  return $this->__raiseError("Only internal numeric role IDs are supported at this time, and ".$internalId." doesn't seem to be either",'Server');
753  }
754 
755 /* THE FOLLOWING CODE IS INVALID AS __getRoleForRolename DOES NOT EXIST YET.
756  (warkusm, 2010-12-08) */
757 /* else // perhaps it is a rolename
758  {
759  $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
760  $role_name = $role->title;
761  $role_id = $role->role_id;
762  }*/
763  }
764 
765  if($this->isPermittedRole($folder_id,$role_id))
766  {
767  $permitted_roles[$role_id] = $role_id;
768  }
769  else
770  {
771  $role_name = ilObject::_lookupTitle($role_id);
772  return $this->__raiseError("Could not find role ".$role_name." (original input ".$original_role_id."). Either you use an invalid/deleted role ".
773  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
774  }
775  }
776 
777  $global_roles = $rbacreview->getGlobalRoles();
778 
779  //print_r ($global_roles);
780 
781 
782 
783  foreach ($permitted_roles as $role_id => $role_name)
784  {
785  if ($role_id != "")
786  {
787  if (in_array($role_id, $global_roles))
788  {
789  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
790  || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
791  )
792  {
793  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
794  }
795  }
796  else
797  {
798  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
799  if ($rbacreview->isDeleted($rolf[0])
800  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
801  {
802 
803  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
804  }
805  }
806  }
807  }
808 
809  //print_r ($permitted_roles);
810 
811  $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
812  $importParser->setSendMail($send_account_mail);
813  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
814  $importParser->setFolderId($folder_id);
815  $importParser->setXMLContent($usr_xml);
816 
817  $importParser->setRoleAssignment($permitted_roles);
818 
819  $importParser->startParsing();
820 
821  if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
822  {
823  return $this->__getUserMappingAsXML ($importParser->getUserMapping());
824  }
825  return $this->__getImportProtocolAsXML ($importParser->getProtocol());
826 
827  }
828 
836  protected function isPermittedRole($a_folder,$a_role)
837  {
838  static $checked_roles = array();
839  static $global_roles = null;
840 
841 
842  if(isset($checked_roles[$a_role]))
843  {
844  return $checked_roles[$a_role];
845  }
846 
847  global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
848 
849  $ilLog->write(__METHOD__.': Getting folders assigned to role '.$a_role);
850  $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
851  $location = $locations[0];
852 
853  // global role
854  if($location == ROLE_FOLDER_ID)
855  {
856  $ilLog->write(__METHOD__.': Check global role');
857  // check assignment permission if called from local admin
858 
859 
860  if($a_folder != USER_FOLDER_ID and $a_folder != 0)
861  {
862  $ilLog->write(__METHOD__.': '.$a_folder);
863  include_once './Services/AccessControl/classes/class.ilObjRole.php';
865  {
866  $ilLog->write(__METHOD__.': No assignment allowed');
867  $checked_roles[$a_role] = false;
868  return false;
869  }
870  }
871  // exclude anonymous role from list
872  if ($a_role == ANONYMOUS_ROLE_ID)
873  {
874  $ilLog->write(__METHOD__.': Anonymous role chosen.');
875  $checked_roles[$a_role] = false;
876  return false;
877  }
878  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
879  if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
880  {
881  $ilLog->write(__METHOD__.': System role assignment forbidden.');
882  $checked_roles[$a_role] = false;
883  return false;
884  }
885 
886  // Global role assignment ok
887  $ilLog->write(__METHOD__.': Assignment allowed.');
888  $checked_roles[$a_role] = true;
889  return true;
890  }
891  elseif($location)
892  {
893  $ilLog->write(__METHOD__.': Check local role.');
894 
895  // It's a local role
896  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
897  $rolf = $rolfs[0];
898 
899 
900  // only process role folders that are not set to status "deleted"
901  // and for which the user has write permissions.
902  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
903  // (The ROLE_FOLDER_ID folder contains the global roles).
904  if($rbacreview->isDeleted($rolf)
905  || !$rbacsystem->checkAccess('edit_permission',$tree->getParentId($rolf)))
906  {
907  $ilLog->write(__METHOD__.': Role deleted or no permission.');
908  $checked_roles[$a_role] = false;
909  return false;
910  }
911  // A local role is only displayed, if it is contained in the subtree of
912  // the localy administrated category. If the import function has been
913  // invoked from the user folder object, we show all local roles, because
914  // the user folder object is considered the parent of all local roles.
915  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
916  // isInSubtree variable with true. In all other cases it is initialized
917  // with false, and only set to true if we find the object id of the
918  // locally administrated category in the tree path to the local role.
919  if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
920  {
921  $ilLog->write(__METHOD__.': Not in path of category.');
922  $checked_roles[$a_role] = false;
923  return false;
924  }
925  $ilLog->write(__METHOD__.': Assignment allowed.');
926  $checked_roles[$a_role] = true;
927  return true;
928  }
929  }
930 
931 
935  function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
936  {
937  $this->initAuth($sid);
938  $this->initIlias();
939 
940  if(!$this->__checkSession($sid))
941  {
942  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
943  }
944 
945  global $ilDB, $tree, $rbacreview, $rbacsystem;
946 
947  if ($ref_id == -1)
949 
950  $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
951  if ($this->isFault($object))
952  return $object;
953 
954  $data = array();
955  switch ($object->getType()) {
956  case "usrf":
958  break;
959  case "cat":
961  break;
962  case "crs":
963  {
964  $object->initCourseMemberObject();
965 
966  // GET ALL MEMBERS
967  $roles = $object->__getLocalRoles();
968 
969  foreach($roles as $role_id)
970  {
971  $data = array_merge($rbacreview->assignedUsers($role_id, array()),$data);
972  }
973 
974  break;
975  }
976  case "grp":
977  $member_ids = $object->getGroupMemberIds();
978  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
979  break;
980  case "sess":
981  $course_ref_id = $tree->checkForParentType($ref_id,'crs');
982  if(!$course_ref_id)
983  {
984  return $this->__raiseError("No course for session", "Client");
985  }
986 
987  $event_obj_id = ilObject::_lookupObjId($ref_id);
988  include_once 'Modules/Session/classes/class.ilEventParticipants.php';
989  $event_part = new ilEventParticipants($event_obj_id);
990  $member_ids = array_keys($event_part->getParticipants());
991  $data = ilObjUser::_getUsersForIds($member_ids, $active);
992  break;
993  }
994 
995  if (is_array($data))
996  {
997  include_once './Services/User/classes/class.ilUserXMLWriter.php';
998 
999  $xmlWriter = new ilUserXMLWriter();
1000  $xmlWriter->setObjects($data);
1001  $xmlWriter->setAttachRoles ($attachRoles);
1002 
1003  if($xmlWriter->start())
1004  {
1005  return $xmlWriter->getXML();
1006  }
1007  }
1008  return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
1009  }
1010 
1011 
1015  function getUserForRole($sid, $role_id, $attachRoles, $active)
1016  {
1017  $this->initAuth($sid);
1018  $this->initIlias();
1019 
1020  if(!$this->__checkSession($sid))
1021  {
1022  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1023  }
1024 
1025  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1026  global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
1027 
1028 
1029  $global_roles = $rbacreview->getGlobalRoles();
1030 
1031 
1032  if (in_array($role_id, $global_roles))
1033  {
1034  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
1035  )
1036  {
1037  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1038  }
1039  }
1040  else
1041  {
1042  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
1043  if ($rbacreview->isDeleted($rolf[0])
1044  || ! $rbacsystem->checkAccess('write',$tree->getParentId($rolf[0])))
1045  {
1046  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1047  }
1048  include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
1049  $privacy = ilPrivacySettings::_getInstance();
1050  if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
1051  !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
1052  return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
1053  }
1054 
1055 
1056  }
1057 
1058  $data = ilObjUser::_getUsersForRole($role_id, $active);
1059  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1060 
1061  $xmlWriter = new ilUserXMLWriter();
1062  $xmlWriter->setAttachRoles($attachRoles);
1063 
1064  $xmlWriter->setObjects($data);
1065 
1066  if($xmlWriter->start())
1067  {
1068  return $xmlWriter->getXML();
1069  }
1070  return $this->__raiseError('Error in getUsersForRole','Server');
1071  }
1072 
1073 
1074 
1079  function __getImportProtocolAsXML ($a_array)
1080  {
1081  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1082  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1083 
1084  $xmlResultSet = new ilXMLResultSet ();
1085  $xmlResultSet->addColumn ("userid");
1086  $xmlResultSet->addColumn ("login");
1087  $xmlResultSet->addColumn ("action");
1088  $xmlResultSet->addColumn ("message");
1089 
1090  foreach ($a_array as $username => $messages)
1091  {
1092  foreach ($messages as $message)
1093  {
1094 
1095  $xmlRow = new ilXMLResultSetRow ();
1096  $xmlRow->setValue (0, 0);
1097  $xmlRow->setValue (1, $username);
1098  $xmlRow->setValue (2, "");
1099  $xmlRow->setValue (3, $message);
1100 
1101  $xmlResultSet->addRow ($xmlRow);
1102  }
1103  }
1104 
1105  $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
1106 
1107  if ($xml_writer->start ())
1108  return $xml_writer->getXML();
1109 
1110  return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
1111  }
1112 
1119  function __getUserMappingAsXML ($a_array)
1120  {
1121  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1122  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1123 
1124  $xmlResultSet = new ilXMLResultSet ();
1125  $xmlResultSet->addColumn ("userid");
1126  $xmlResultSet->addColumn ("login");
1127  $xmlResultSet->addColumn ("action");
1128  $xmlResultSet->addColumn ("message");
1129 
1130  if (count($a_array))
1131  foreach ($a_array as $username => $message)
1132  {
1133  $xmlRow = new ilXMLResultSetRow ();
1134  $xmlRow->setValue (0, $username);
1135  $xmlRow->setValue (1, $message["login"]);
1136  $xmlRow->setValue (2, $message["action"]);
1137  $xmlRow->setValue (3, $message["message"]);
1138 
1139  $xmlResultSet->addRow ($xmlRow);
1140  }
1141 
1142  $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
1143 
1144  if ($xml_writer->start ())
1145  return $xml_writer->getXML();
1146 
1147  return $this->__raiseError('Error in __getUserMappingAsXML','Server');
1148 
1149  }
1150 
1159  function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
1160 
1161  $this->initAuth($sid);
1162  $this->initIlias();
1163 
1164  if(!$this->__checkSession($sid))
1165  {
1166  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1167  }
1168 
1169  global $ilDB, $rbacsystem;
1170 
1171  if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
1172  {
1173  return $this->__raiseError('Check access failed.','Server');
1174  }
1175 
1176 
1177  if (!count($a_keyfields))
1178  $this->__raiseError('At least one keyfield is needed','Client');
1179 
1180  if (!count ($a_keyvalues))
1181  $this->__raiseError('At least one keyvalue is needed','Client');
1182 
1183  if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
1184  $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
1185 
1186 
1187  $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
1188 
1189  $query = "SELECT usr_data.*, usr_pref.value AS language
1190  FROM usr_data
1191  LEFT JOIN usr_pref
1192  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = ".
1193  $ilDB->quote("language", "text").
1194  "'language'
1195  WHERE 1 = 1 ".$query;
1196 
1197  if (is_numeric($active) && $active > -1)
1198  $query .= " AND active = ". $ilDB->quote($active);
1199 
1200  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
1201 
1202  //echo $query;
1203 
1204  $r = $ilDB->query($query);
1205 
1206  $data = array();
1207 
1208  while($row = $ilDB->fetchAssoc($r))
1209  {
1210  $data[] = $row;
1211  }
1212 
1213  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1214 
1215  $xmlWriter = new ilUserXMLWriter();
1216  $xmlWriter->setAttachRoles($attach_roles);
1217 
1218  $xmlWriter->setObjects($data);
1219 
1220  if($xmlWriter->start())
1221  {
1222  return $xmlWriter->getXML();
1223  }
1224  return $this->__raiseError('Error in searchUser','Server');
1225  }
1226 
1235  function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
1236  global $ilDB;
1237  $query = array();
1238 
1239  $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
1240 
1241  foreach ($a_keyfields as $keyfield)
1242  {
1243  $keyfield = strtolower($keyfield);
1244 
1245  if (!in_array($keyfield, $allowed_fields))
1246  continue;
1247 
1248  $field_query = array ();
1249  foreach ($a_keyvalues as $keyvalue)
1250  {
1251  if (strlen($keyvalue) >= 3) {
1252  $field_query []= $keyfield." like '%".$keyvalue."%'";
1253  }
1254 
1255  }
1256  if (count($field_query))
1257  $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
1258 
1259  }
1260 
1261  return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
1262  }
1263 
1264 
1272  function getUserXML($sid, $a_user_ids, $attach_roles)
1273  {
1274  $this->initAuth($sid);
1275  $this->initIlias();
1276 
1277  if(!$this->__checkSession($sid))
1278  {
1279  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1280  }
1281 
1282  global $rbacsystem, $ilUser, $ilDB;
1283 
1284  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
1285  {
1286  return $this->__raiseError('Check access failed.','Server');
1287  }
1288 
1289  $data = ilObjUser::_getUserData($a_user_ids);
1290 
1291  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1292  $xmlWriter = new ilUserXMLWriter();
1293  $xmlWriter->setAttachRoles($attach_roles);
1294  $xmlWriter->setObjects($data);
1295 
1296  if($xmlWriter->start())
1297  {
1298  return $xmlWriter->getXML();
1299  }
1300 
1301  return $this->__raiseError('User does not exist','Client');
1302  }
1303 
1304 
1305  // has new mail
1306  function hasNewMail($sid)
1307  {
1308  $this->initAuth($sid);
1309  $this->initIlias();
1310 
1311  if(!$this->__checkSession($sid))
1312  {
1313  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1314  }
1315 
1316  include_once ("Services/Mail/classes/class.ilMailbox.php");
1317  global $ilUser;
1318 
1319  if (ilMailbox::_countNewMails($ilUser->getId()) > 0)
1320  {
1321  return true;
1322  }
1323  else
1324  {
1325  return false;
1326  }
1327  }
1328 
1329  public function getUserIdBySid($sid)
1330  {
1331  $this->initAuth($sid);
1332  $this->initIlias();
1333 
1334  if(!$this->__checkSession($sid))
1335  {
1336  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1337  }
1338 
1339  global $ilDB;
1340 
1341  $parts = explode('::', $sid);
1342  $query = "SELECT usr_id FROM usr_session "
1343  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1344  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1345  $data = $ilDB->fetchAssoc($res);
1346 
1347  if(!(int)$data['usr_id'])
1348  {
1349  $this->__raiseError('User does not exist', 'Client');
1350  }
1351 
1352  return (int)$data['usr_id'];
1353  }
1354 
1355 }
1356 ?>