ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
31 class ilSoapUserAdministration extends ilSoapAdministration
32 {
33  public const USER_FOLDER_ID = 7;
34 
38  public function login(string $client, string $username, string $password)
39  {
40  unset($_COOKIE[session_name()]);
41  $_COOKIE['ilClientId'] = $client;
42 
43  try {
44  $this->initIlias();
45  } catch (Exception $e) {
46  return $this->raiseError($e->getMessage(), 'Server');
47  }
48 
49  // now try authentication
50  $credentials = new ilAuthFrontendCredentials();
51  $credentials->setUsername($username);
52  $credentials->setPassword($password);
53 
54  $provider_factory = new ilAuthProviderFactory();
55  $providers = $provider_factory->getProviders($credentials);
56 
57  $status = ilAuthStatus::getInstance();
58 
59  $frontend_factory = new ilAuthFrontendFactory();
60  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_WS);
61  $frontend = $frontend_factory->getFrontend(
62  $GLOBALS['DIC']['ilAuthSession'],
63  $status,
64  $credentials,
65  $providers
66  );
67 
68  $frontend->authenticate();
69 
70  switch ($status->getStatus()) {
71  case ilAuthStatus::STATUS_AUTHENTICATED:
72  ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
73  return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
74 
75  default:
76  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
77  return $this->raiseError(
78  $status->getReason(),
79  'Server'
80  );
81  }
82  }
83 
87  public function logout(string $sid)
88  {
89  $this->initAuth($sid);
90  $this->initIlias();
91 
92  if (!$this->checkSession($sid)) {
93  return $this->raiseError($this->getMessage(), $this->getMessageCode());
94  }
95 
96  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
97  $GLOBALS['DIC']['ilAuthSession']->logout();
98  return true;
99  }
100 
104  public function lookupUser(string $sid, string $user_name)
105  {
106  $this->initAuth($sid);
107  $this->initIlias();
108 
109  if (!$this->checkSession($sid)) {
110  return $this->raiseError($this->getMessage(), $this->getMessageCode());
111  }
112 
113  $user_name = trim($user_name);
114 
115  if ($user_name === '') {
116  return $this->raiseError('No username given. Aborting', 'Client');
117  }
118 
119  global $DIC;
120 
121  $ilUser = $DIC->user();
122  $access = $DIC->access();
123 
124  if (
125  strcasecmp($ilUser->getLogin(), $user_name) !== 0 &&
126  !$access->checkAccess(
127  'read_users',
128  '',
129  self::USER_FOLDER_ID
130  )
131  ) {
132  return $this->raiseError('Check access failed. ' . self::USER_FOLDER_ID, 'Server');
133  }
134 
135  $user_id = ilObjUser::getUserIdByLogin($user_name);
136 
137  return $user_id;
138  }
139 
143  public function importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
144  {
145  $this->initAuth($sid);
146  $this->initIlias();
147 
148  if (!$this->checkSession($sid)) {
149  return $this->raiseError($this->getMessage(), $this->getMessageCode());
150  }
151 
152  global $DIC;
153 
154  $rbacreview = $DIC['rbacreview'];
155  $rbacsystem = $DIC['rbacsystem'];
156  $access = $DIC->access();
157  $tree = $DIC['tree'];
158  $lng = $DIC['lng'];
159  $ilUser = $DIC['ilUser'];
160  $ilLog = $DIC['ilLog'];
161 
162  // this takes time but is nescessary
163  $error = false;
164 
165  // validate to prevent wrong XMLs
166  @domxml_open_mem($usr_xml, DOMXML_LOAD_PARSING, $error);
167  if ($error) {
168  $msg = array();
169  if (is_array($error)) {
170  foreach ($error as $err) {
171  $msg [] = "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
172  }
173  } else {
174  $msg[] = $error;
175  }
176  $msg = implode("\n", $msg);
177  return $this->raiseError($msg, "Client");
178  }
179 
180  switch ($conflict_rule) {
181  case 2:
182  $conflict_rule = ilUserImportParser::IL_UPDATE_ON_CONFLICT;
183  break;
184  case 3:
185  $conflict_rule = ilUserImportParser::IL_IGNORE_ON_CONFLICT;
186  break;
187  default:
188  $conflict_rule = ilUserImportParser::IL_FAIL_ON_CONFLICT;
189  }
190  if ($folder_id === 0 && !$access->checkAccess('create_usr', '', self::USER_FOLDER_ID)) {
191  return $this->raiseError(
192  'Missing permission for creating/modifying users accounts' . self::USER_FOLDER_ID . ' ' . $ilUser->getId(),
193  'Server'
194  );
195  }
196 
197  // folder id 0, means to check permission on user basis!
198  // must have create user right in time_limit_owner property (which is ref_id of container)
199  if ($folder_id !== 0) {
200  // determine where to import
201  if ($folder_id === -1) {
202  $folder_id = self::USER_FOLDER_ID;
203  }
204 
205  // get folder
206  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
207  // id does not exist
208  if (!$import_folder) {
209  return $this->raiseError('Wrong reference id.', 'Server');
210  }
211 
212  // folder is not a folder, can also be a category
213  if ($import_folder->getType() !== "usrf" && $import_folder->getType() !== "cat") {
214  return $this->raiseError('Folder must be a usr folder or a category.', 'Server');
215  }
216 
217  // check access to folder
218  if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
219  return $this->raiseError(
220  'Missing permission for creating users within ' . $import_folder->getTitle(),
221  'Server'
222  );
223  }
224  }
225 
226  // first verify
227  $importParser = new ilUserImportParser("", ilUserImportParser::IL_VERIFY, $conflict_rule);
228  $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
229  $importParser->setXMLContent($usr_xml);
230  $importParser->startParsing();
231 
232  switch ($importParser->getErrorLevel()) {
233  case ilUserImportParser::IL_IMPORT_SUCCESS:
234  break;
235  case ilUserImportParser::IL_IMPORT_WARNING:
236  return $this->getImportProtocolAsXML($importParser->getProtocol());
237  break;
238  case ilUserImportParser::IL_IMPORT_FAILURE:
239  return $this->getImportProtocolAsXML($importParser->getProtocol());
240  }
241 
242  // verify is ok, so get role assignments
243 
244  $importParser = new ilUserImportParser("", ilUserImportParser::IL_EXTRACT_ROLES, $conflict_rule);
245  $importParser->setXMLContent($usr_xml);
246  $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
247  $importParser->startParsing();
248 
249  $roles = $importParser->getCollectedRoles();
250 
251  //print_r($roles);
252 
253  // roles to be assigned, skip if one is not allowed!
254  $permitted_roles = array();
255  foreach ($roles as $role_id => $role) {
256  if (!is_numeric($role_id)) {
257  // check if internal id
258  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
259 
260  if (is_numeric($internalId) && $internalId > 0) {
261  $role_id = $internalId;
262  $role_name = $role_id;
263  }
264  }
265 
266  if ($this->isPermittedRole($folder_id, $role_id)) {
267  $permitted_roles[$role_id] = $role_id;
268  } else {
269  $role_name = ilObject::_lookupTitle($role_id);
270  return $this->raiseError(
271  "Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
272  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
273  'Server'
274  );
275  }
276  }
277 
278  $global_roles = $rbacreview->getGlobalRoles();
279 
280  //print_r ($global_roles);
281 
282  foreach ($permitted_roles as $role_id => $role_name) {
283  if ($role_id != "") {
284  if (in_array($role_id, $global_roles)) {
285  if (
286  (
287  $folder_id !== 0 &&
288  $folder_id !== self::USER_FOLDER_ID &&
289  !ilObjRole::_getAssignUsersStatus($role_id)
290  ) ||
291  (
292  $role_id == SYSTEM_ROLE_ID &&
293  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)
294  )
295  ) {
296  return $this->raiseError(
297  $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
298  'Server'
299  );
300  }
301  } else {
302  $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
303  if ($rbacreview->isDeleted($rolf[0])
304  || !$rbacsystem->checkAccess('write', $rolf[0])) {
305  return $this->raiseError(
306  $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
307  "Server"
308  );
309  }
310  }
311  }
312  }
313 
314  //print_r ($permitted_roles);
315 
316  $importParser = new ilUserImportParser("", ilUserImportParser::IL_USER_IMPORT, $conflict_rule);
317  $importParser->setSendMail($send_account_mail);
318  $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
319  $importParser->setFolderId($folder_id);
320  $importParser->setXMLContent($usr_xml);
321 
322  $importParser->setRoleAssignment($permitted_roles);
323 
324  $importParser->startParsing();
325 
326  if ($importParser->getErrorLevel() !== ilUserImportParser::IL_IMPORT_FAILURE) {
327  return $this->getUserMappingAsXML($importParser->getUserMapping());
328  }
329  return $this->getImportProtocolAsXML($importParser->getProtocol());
330  }
331 
332  protected function isPermittedRole(int $a_folder, int $a_role)
333  {
334  static $checked_roles = array();
335  static $global_roles = null;
336 
337  if (isset($checked_roles[$a_role])) {
338  return $checked_roles[$a_role];
339  }
340 
341  global $DIC;
342 
343  $rbacsystem = $DIC['rbacsystem'];
344  $rbacreview = $DIC['rbacreview'];
345  $ilUser = $DIC['ilUser'];
346  $tree = $DIC['tree'];
347  $ilLog = $DIC['ilLog'];
348 
349  $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
350  $location = $locations[0];
351 
352  // global role
353  if ($location == ROLE_FOLDER_ID) {
354  $ilLog->write(__METHOD__ . ': Check global role');
355  // check assignment permission if called from local admin
356 
357  if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0) {
358  $ilLog->write(__METHOD__ . ': ' . $a_folder);
359  if (!ilObjRole::_getAssignUsersStatus($a_role)) {
360  $ilLog->write(__METHOD__ . ': No assignment allowed');
361  $checked_roles[$a_role] = false;
362  return false;
363  }
364  }
365  // exclude anonymous role from list
366  if ($a_role === ANONYMOUS_ROLE_ID) {
367  $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
368  $checked_roles[$a_role] = false;
369  return false;
370  }
371  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
372  if ($a_role === SYSTEM_ROLE_ID &&
373  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
374  $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
375  $checked_roles[$a_role] = false;
376  return false;
377  }
378 
379  // Global role assignment ok
380  $ilLog->write(__METHOD__ . ': Assignment allowed.');
381  $checked_roles[$a_role] = true;
382  return true;
383  } elseif ($location) {
384  $ilLog->write(__METHOD__ . ': Check local role.');
385 
386  // It's a local role
387  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
388  $rolf = $rolfs[0];
389 
390  // only process role folders that are not set to status "deleted"
391  // and for which the user has write permissions.
392  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
393  // (The ROLE_FOLDER_ID folder contains the global roles).
394  if ($rbacreview->isDeleted($rolf)
395  || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
396  $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
397  $checked_roles[$a_role] = false;
398  return false;
399  }
400  // A local role is only displayed, if it is contained in the subtree of
401  // the localy administrated category. If the import function has been
402  // invoked from the user folder object, we show all local roles, because
403  // the user folder object is considered the parent of all local roles.
404  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
405  // isInSubtree variable with true. In all other cases it is initialized
406  // with false, and only set to true if we find the object id of the
407  // locally administrated category in the tree path to the local role.
408  if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0 && !$tree->isGrandChild($a_folder, $rolf)) {
409  $ilLog->write(__METHOD__ . ': Not in path of category.');
410  $checked_roles[$a_role] = false;
411  return false;
412  }
413  $ilLog->write(__METHOD__ . ': Assignment allowed.');
414  $checked_roles[$a_role] = true;
415  return true;
416  }
417  return false;
418  }
419 
423  public function getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
424  {
425  $this->initAuth($sid);
426  $this->initIlias();
427 
428  if (!$this->checkSession($sid)) {
429  return $this->raiseError($this->getMessage(), $this->getMessageCode());
430  }
431 
432  global $DIC;
433 
434  $ilDB = $DIC['ilDB'];
435  $tree = $DIC['tree'];
436  $rbacreview = $DIC['rbacreview'];
437  $rbacsystem = $DIC['rbacsystem'];
438  $access = $DIC->access();
439 
440  if ($ref_id === -1) {
441  $ref_id = self::USER_FOLDER_ID;
442  }
443 
444  if (
445  $ref_id === self::USER_FOLDER_ID &&
446  !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)
447  ) {
448  return $this->raiseError('Access denied', "Client");
449  }
450 
451  $object = $this->checkObjectAccess($ref_id, array("crs", "cat", "grp", "usrf", "sess"), "read", true);
452  if ($this->isFault($object)) {
453  return $object;
454  }
455 
456  $data = [];
457  switch ($object->getType()) {
458  case "usrf":
459  $data = ilObjUser::_getUsersForFolder(self::USER_FOLDER_ID, $active);
460  break;
461  case "cat":
462  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
463  break;
464  case "crs":
465  {
466  // GET ALL MEMBERS
467  $roles = $object->__getLocalRoles();
468 
469  foreach ($roles as $role_id) {
470  $data = array_merge($rbacreview->assignedUsers($role_id), $data);
471  }
472 
473  break;
474  }
475  case "grp":
476  $member_ids = $object->getGroupMemberIds();
477  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
478  break;
479  case "sess":
480  $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
481  if (!$course_ref_id) {
482  return $this->raiseError("No course for session", "Client");
483  }
484 
485  $event_obj_id = ilObject::_lookupObjId($ref_id);
486  $event_part = new ilEventParticipants($event_obj_id);
487  $member_ids = array_keys($event_part->getParticipants());
488  $data = ilObjUser::_getUsersForIds($member_ids, $active);
489  break;
490  }
491 
492  $xmlWriter = new ilUserXMLWriter();
493  $xmlWriter->setObjects($data);
494  $xmlWriter->setAttachRoles($attachRoles);
495 
496  if ($xmlWriter->start()) {
497  return $xmlWriter->getXML();
498  }
499  // @todo for backward compatibility
500  return '';
501  }
502 
506  public function getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
507  {
508  $this->initAuth($sid);
509  $this->initIlias();
510 
511  if (!$this->checkSession($sid)) {
512  return $this->raiseError($this->getMessage(), $this->getMessageCode());
513  }
514 
515  global $DIC;
516 
517  $ilDB = $DIC['ilDB'];
518  $rbacreview = $DIC->rbac()->review();
519  $tree = $DIC->repositoryTree();
520  $ilUser = $DIC->user();
521  $access = $DIC->access();
522 
523  $global_roles = $rbacreview->getGlobalRoles();
524 
525  if (in_array($role_id, $global_roles, true)) {
526  // global roles
527  if ($role_id === SYSTEM_ROLE_ID &&
528  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
529  return $this->raiseError("Role access not permitted. ($role_id)", "Server");
530  }
531  } else {
532  // local roles
533  $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
534  $access_granted = true;
535  foreach ($rolfs as $rolf) {
536  if ($tree->isDeleted($rolf)) {
537  $access_granted = false;
538  }
539  $type = \ilObject::_lookupType($rolf, true);
540  switch ($type) {
541  case 'crs':
542  case 'grp':
543  if (!$access->checkAccess('manage_members', '', $rolf)) {
544  $access_granted = false;
545  }
546  break;
547  default:
548  if (!$access->checkAccess('edit_permission', '', $rolf)) {
549  $access_granted = false;
550  }
551  break;
552  }
553  }
554  // read user data must be granted
555  if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
556  $access_granted = false;
557  }
558  if (!$access_granted || !count($rolfs)) {
559  return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
560  }
561  }
562 
563  $data = ilObjUser::_getUsersForRole($role_id, $active);
564 
565  $xmlWriter = new ilUserXMLWriter();
566  $xmlWriter->setAttachRoles($attachRoles);
567 
568  $xmlWriter->setObjects($data);
569 
570  if ($xmlWriter->start()) {
571  return $xmlWriter->getXML();
572  }
573  return $this->raiseError('Error in getUsersForRole', 'Server');
574  }
575 
579  private function getImportProtocolAsXML(array $a_array): string
580  {
581  $xmlResultSet = new ilXMLResultSet();
582  $xmlResultSet->addColumn("userid");
583  $xmlResultSet->addColumn("login");
584  $xmlResultSet->addColumn("action");
585  $xmlResultSet->addColumn("message");
586 
587  foreach ($a_array as $username => $messages) {
588  foreach ($messages as $message) {
589  $xmlRow = new ilXMLResultSetRow();
590  $xmlRow->setValue(0, 0);
591  $xmlRow->setValue(1, $username);
592  $xmlRow->setValue(2, "");
593  $xmlRow->setValue(3, $message);
594 
595  $xmlResultSet->addRow($xmlRow);
596  }
597  }
598 
599  $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
600 
601  if ($xml_writer->start()) {
602  return $xml_writer->getXML();
603  }
604 
605  return $this->raiseError('Error in __getImportProtocolAsXML', 'Server');
606  }
607 
612  private function getUserMappingAsXML(array $a_array)
613  {
614  $xmlResultSet = new ilXMLResultSet();
615  $xmlResultSet->addColumn("userid");
616  $xmlResultSet->addColumn("login");
617  $xmlResultSet->addColumn("action");
618  $xmlResultSet->addColumn("message");
619 
620  if (count($a_array)) {
621  foreach ($a_array as $username => $message) {
622  $xmlRow = new ilXMLResultSetRow();
623  $xmlRow->setValue(0, $username);
624  $xmlRow->setValue(1, $message["login"]);
625  $xmlRow->setValue(2, $message["action"]);
626  $xmlRow->setValue(3, $message["message"]);
627 
628  $xmlResultSet->addRow($xmlRow);
629  }
630  }
631 
632  $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
633 
634  if ($xml_writer->start()) {
635  return $xml_writer->getXML();
636  }
637 
638  return $this->raiseError('Error in __getUserMappingAsXML', 'Server');
639  }
640 
651  public function searchUser(
652  string $sid,
653  array $a_keyfields,
654  string $query_operator,
655  array $a_keyvalues,
656  bool $attach_roles,
657  int $active
658  ) {
659  $this->initAuth($sid);
660  $this->initIlias();
661 
662  if (!$this->checkSession($sid)) {
663  return $this->raiseError($this->getMessage(), $this->getMessageCode());
664  }
665 
666  global $DIC;
667 
668  $ilDB = $DIC['ilDB'];
669  $access = $DIC->access();
670 
671  if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
672  return $this->raiseError('Check access failed.', 'Server');
673  }
674  if (!count($a_keyfields)) {
675  $this->raiseError('At least one keyfield is needed', 'Client');
676  }
677 
678  if (!count($a_keyvalues)) {
679  $this->raiseError('At least one keyvalue is needed', 'Client');
680  }
681 
682  if (strcasecmp($query_operator, "and") !== 0 || strcasecmp($query_operator, "or") !== 0) {
683  $this->raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
684  }
685 
686  $query = $this->buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
687 
688  $query = "SELECT usr_data.*, usr_pref.value AS language
689  FROM usr_data
690  LEFT JOIN usr_pref
691  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
692  $ilDB->quote("language", "text") .
693  " WHERE 1 = 1 " . $query;
694 
695  if ($active > -1) {
696  $query .= " AND active = " . $ilDB->quote($active);
697  }
698 
699  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
700 
701  //echo $query;
702 
703  $r = $ilDB->query($query);
704 
705  $data = array();
706 
707  while ($row = $ilDB->fetchAssoc($r)) {
708  $data[] = $row;
709  }
710 
711  $xmlWriter = new ilUserXMLWriter();
712  $xmlWriter->setAttachRoles($attach_roles);
713 
714  $xmlWriter->setObjects($data);
715 
716  if ($xmlWriter->start()) {
717  return $xmlWriter->getXML();
718  }
719  return $this->raiseError('Error in searchUser', 'Server');
720  }
721 
725  private function buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues): string
726  {
727  global $DIC;
728 
729  $ilDB = $DIC['ilDB'];
730  $query = array();
731 
732  $allowed_fields = array("firstname",
733  "lastname",
734  "email",
735  "login",
736  "matriculation",
737  "institution",
738  "department",
739  "title",
740  "ext_account"
741  );
742 
743  foreach ($a_keyfields as $keyfield) {
744  $keyfield = strtolower($keyfield);
745 
746  if (!in_array($keyfield, $allowed_fields)) {
747  continue;
748  }
749 
750  $field_query = array();
751  foreach ($a_keyvalues as $keyvalue) {
752  if (strlen($keyvalue) >= 3) {
753  $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
754  }
755  }
756  if (count($field_query)) {
757  $query [] = implode(" " . strtoupper($queryOperator) . " ", $field_query);
758  }
759  }
760 
761  return count($query) ? " AND ((" . implode(") OR (", $query) . "))" : "AND 0";
762  }
763 
767  public function getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
768  {
769  $this->initAuth($sid);
770  $this->initIlias();
771 
772  if (!$this->checkSession($sid)) {
773  return $this->raiseError($this->getMessage(), $this->getMessageCode());
774  }
775 
776  global $DIC;
777 
778  $rbacsystem = $DIC['rbacsystem'];
779  $access = $DIC->access();
780  $ilUser = $DIC['ilUser'];
781  $ilDB = $DIC['ilDB'];
782 
783  // check if own account
784  $is_self = false;
785  if (count($a_user_ids) === 1) {
786  $usr_id = (int) end($a_user_ids);
787  if ($usr_id === $ilUser->getId()) {
788  $is_self = true;
789  }
790  }
791 
792  if (!$is_self && !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
793  return $this->raiseError('Check access failed.', 'Server');
794  }
795 
796  $data = ilObjUser::_getUserData($a_user_ids);
797 
798  $xmlWriter = new ilUserXMLWriter();
799  $xmlWriter->setAttachRoles($attach_roles);
800  $xmlWriter->setObjects($data);
801 
802  if ($xmlWriter->start()) {
803  return $xmlWriter->getXML();
804  }
805 
806  return $this->raiseError('User does not exist', 'Client');
807  }
808 
809  public function hasNewMail(string $sid)
810  {
811  $this->initAuth($sid);
812  $this->initIlias();
813 
814  if (!$this->checkSession($sid)) {
815  return $this->raiseError($this->getMessage(), $this->getMessageCode());
816  }
817 
818  global $DIC;
819 
820  $ilUser = $DIC['ilUser'];
821 
822  return ilMailGlobalServices::getNewMailsData($ilUser)['count'] > 0;
823  }
824 
828  public function getUserIdBySid(string $sid)
829  {
830  $this->initAuth($sid);
831  $this->initIlias();
832 
833  if (!$this->checkSession($sid)) {
834  return $this->raiseError($this->getMessage(), $this->getMessageCode());
835  }
836 
837  global $DIC;
838 
839  $ilDB = $DIC['ilDB'];
840 
841  $parts = explode('::', $sid);
842  $query = "SELECT usr_id FROM usr_session "
843  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
844  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
845  $data = $ilDB->fetchAssoc($res);
846 
847  if (!(int) $data['usr_id']) {
848  $this->raiseError('User does not exist', 'Client');
849  }
850  return (int) $data['usr_id'];
851  }
852 }
$res
$res
Definition: ltiservices.php:69
ilObjUser\_getUsersForRole
static _getUsersForRole(int $role_id, int $active=-1)
return array of complete users which belong to a specific role
Definition: class.ilObjUser.php:3297
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:12
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:90
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
ilSoapUserAdministration\buildSearchQuery
buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:725
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilSoapUserAdministration\getUserMappingAsXML
getUserMappingAsXML(array $a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:612
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
ilSoapUserAdministration\isPermittedRole
isPermittedRole(int $a_folder, int $a_role)
Definition: class.ilSoapUserAdministration.php:332
ilXMLResultSetRow
Row Class for XMLResultSet.
Definition: class.ilXMLResultSetRow.php:31
ilObjUser\_getUsersForGroup
static _getUsersForGroup(array $a_mem_ids, int $active=-1)
return user data for group members
Definition: class.ilObjUser.php:3384
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:924
$client
$client
Definition: dummy_client.php:43
ilObjUser\getUserIdByLogin
static getUserIdByLogin(string $a_login)
Definition: class.ilObjUser.php:2078
ilMailGlobalServices\getNewMailsData
static getNewMailsData(ilObjUser $user, int $leftInterval=0)
Definition: class.ilMailGlobalServices.php:72
$ref_id
$ref_id
Definition: ltiauth.php:66
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:831
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:30
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:33
ilUserXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilUserXMLWriter.php:30
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
$DIC
global $DIC
Definition: shib_login.php:25
ilObjUser\_getUserData
static _getUserData(array $a_internalids)
return user data for given user ids
Definition: class.ilObjUser.php:3445
ilSoapAdministration\checkObjectAccess
checkObjectAccess(int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true ...
Definition: class.ilSoapAdministration.php:213
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilSoapUserAdministration\login
login(string $client, string $username, string $password)
Definition: class.ilSoapUserAdministration.php:38
ilEventParticipants
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilEventParticipants.php:29
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:423
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ilSoapUserAdministration\lookupUser
lookupUser(string $sid, string $user_name)
Definition: class.ilSoapUserAdministration.php:104
ilObjUser\_getUsersForFolder
static _getUsersForFolder(int $ref_id, int $active)
get users for a category or from system folder
Definition: class.ilObjUser.php:3340
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1194
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:429
$lng
global $lng
Definition: privfeed.php:32
ilSoapUserAdministration\importUsers
importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
Definition: class.ilSoapUserAdministration.php:143
ilSoapUserAdministration\searchUser
searchUser(string $sid, array $a_keyfields, string $query_operator, array $a_keyvalues, bool $attach_roles, int $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:651
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:52
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1085
ilSoapUserAdministration\getUserXML
getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
Definition: class.ilSoapUserAdministration.php:767
ilObjUser\_getUsersForIds
static _getUsersForIds(array $a_mem_ids, int $active=-1, int $timelimitowner=-1)
return user data for given user id
Definition: class.ilObjUser.php:3397
ilSoapUserAdministration\getImportProtocolAsXML
getImportProtocolAsXML(array $a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:579
ilSoapUserAdministration\getUserForRole
getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:506
$r
$r
Definition: shib_logout.php:137