ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1<?php
2 /*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22 */
23
24
33include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34
36{
38 {
39 parent::ilSoapAdministration();
40 }
41
42
43 // Service methods
44 function login($client,$username,$password)
45 {
49 global $ilUser;
50
51 $_COOKIE['ilClientId'] = $client;
52 $_POST['username'] = $username;
53 $_POST['password'] = $password;
54 unset($_COOKIE['PHPSESSID']);
55
56 try
57 {
58 include_once './include/inc.header.php';
59 }
60 catch(Exception $e)
61 {
62 return $this->__raiseError($e->getMessage(), 'Server');
63 }
64
65 ilUtil::setCookie('ilClientId',$client);
66
67 if($ilUser->hasToAcceptTermsOfService())
68 {
69 return $this->__raiseError('User agreement not accepted', 'Server');
70 }
71
72 return (session_id().'::'.$client);
73 }
74
75 // Service methods
76 function loginCAS($client, $PT, $username)
77 {
79 $this->sauth->setClient($client);
80 $this->sauth->setUsername($username);
81 $this->sauth->setPT($PT);
82 $authenticated = true;
83 //include_once("./Services/CAS/classes/class.ilCASAuth.php");
84 //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
85 if(!$this->sauth->authenticate())
86 {
87 $authenticated = false;
88 }
89 if(!$authenticated)
90 {
91 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
92 }
93 return $this->sauth->getSid().'::'.$client;
94 }
95
96 // Service methods
97 function loginLDAP($client, $username, $password)
98 {
99 return $this->login($client, $username, $password);
100 }
101
102 function logout($sid)
103 {
104 $this->initAuth($sid);
105 $this->initIlias();
106
107 if(!$this->__checkSession($sid))
108 {
109 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
110 }
111
112 global $ilAuth;
113 $ilAuth->logout();
114 session_destroy();
115 return true;
116
117 /*
118 if(!$this->sauth->logout())
119 {
120 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
121 }
122
123 return true;
124 */
125 }
126
127 function lookupUser($sid,$user_name)
128 {
129 $this->initAuth($sid);
130 $this->initIlias();
131
132 if(!$this->__checkSession($sid))
133 {
134 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
135 }
136
137 if(!strlen($user_name))
138 {
139 return $this->__raiseError('No username given. Aborting','Client');
140 }
141
142 global $rbacsystem, $ilUser ;
143
144 if(strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
145 {
146 return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
147 }
148
149 $user_id = ilObjUser::getUserIdByLogin($user_name);
150
151
152 return $user_id ? $user_id : "0";
153
154 }
155
156 function getUser($sid,$user_id)
157 {
158 $this->initAuth($sid);
159 $this->initIlias();
160
161 if(!$this->__checkSession($sid))
162 {
163 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
164 }
165
166 global $rbacsystem, $ilUser;
167
168 if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
169 {
170 return $this->__raiseError('Check access failed.','Server');
171 }
172
173 if($ilUser->getLoginByUserId($user_id))
174 {
175 $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
176 $usr_data = $this->__readUserData($tmp_user);
177
178 return $usr_data;
179 }
180 return $this->__raiseError('User does not exist','Client');
181 }
182
186 function updateUser($sid,$user_data)
187 {
191 $this->initAuth($sid);
192 $this->initIlias();
193
194 if(!$this->__checkSession($sid))
195 {
196 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
197 }
198
199 global $rbacsystem, $ilUser, $log;
200
201 if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
202 {
203 return $this->__raiseError('Check access failed.','Server');
204 }
205
206 if(!$user_obj =& ilObjectFactory::getInstanceByObjId($user_data['usr_id'],false))
207 {
208 return $this->__raiseError('User with id '.$user_data['usr_id'].' does not exist.','Client');
209 }
210
211 $user_old = $this->__readUserData($user_obj);
212 $user_new = $this->__substituteUserData($user_old,$user_data);
213
214 if(!$this->__validateUserData($user_new,false))
215 {
216 return $this->__raiseError($this->__getMessage(),'Client');
217 }
218
219 if(strlen($user_data['passwd']) != 32)
220 {
221 $user_new['passwd_type'] = IL_PASSWD_PLAIN;
222 }
223 else
224 {
225 $user_new['passwd_type'] = IL_PASSWD_CRYPTED;
226 }
227 $this->__setUserData($user_obj,$user_new);
228
229 $log->write('SOAP: updateUser()');
230 $user_obj->update();
231
232 if($user_data['accepted_agreement'] && $user_obj->hasToAcceptTermsOfService())
233 {
234 $user_obj->writeAccepted();
235 }
236
237 return true;
238 }
239
243 function updatePassword($sid,$user_id,$new_password)
244 {
245 $this->initAuth($sid);
246 $this->initIlias();
247
248 if(!$this->__checkSession($sid))
249 {
250 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
251 }
252
253 global $rbacsystem;
254
255 if(!$rbacsystem->checkAccess('write',USER_FOLDER_ID))
256 {
257 return $this->__raiseError('Check access failed.','Server');
258 }
259
260 if(!$tmp_user =& ilObjectFactory::getInstanceByObjId($user_id,false))
261 {
262 return $this->__raiseError('No valid user_id given.','Client');
263 }
264
265 $tmp_user->replacePassword($new_password);
266
267 return true;
268 }
269
273 function addUser($sid,$user_data,$global_role_id)
274 {
275 $this->initAuth($sid);
276 $this->initIlias();
277
278 if(!$this->__checkSession($sid))
279 {
280 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
281 }
282
283 global $rbacsystem, $rbacreview, $ilLog, $rbacadmin,$ilSetting;
284
285 if(!$rbacsystem->checkAccess('create_usr',USER_FOLDER_ID))
286 {
287 return $this->__raiseError('Check access failed.','Server');
288 }
289
290 // Validate user_data
291 if(!$this->__validateUserData($user_data))
292 {
293 return $this->__raiseError($this->__getMessage(),'Client');
294 }
295 // Validate global role
296 if(!$global_role_id)
297 {
298 return $this->__raiseError('No role id given','Client');
299 }
300
301 // Validate global role
302
303 $global_roles = $rbacreview->getGlobalRoles();
304
305 if(!in_array($global_role_id,$global_roles))
306 {
307 return $this->__raiseError('Role with id: '.$global_role_id.' is not a valid global role','Client');
308 }
309
310 $new_user =& new ilObjUser();
311
312 if(strlen($user_data['passwd']) != 32)
313 {
314 $user_data['passwd_type'] = IL_PASSWD_PLAIN;
315 }
316 else
317 {
318 $user_data['passwd_type'] = IL_PASSWD_CRYPTED;
319 }
320 $this->__setUserData($new_user,$user_data);
321
322 $ilLog->write('SOAP: addUser()');
323
324 // Need this for entry in object_data
325 $new_user->setTitle($new_user->getFullname());
326 $new_user->setDescription($new_user->getEmail());
327
328 if ($user_data["import_id"] != "")
329 {
330 $new_user->setImportId($user_data["import_id"]);
331 }
332
333 $new_user->create();
334
335
336 $new_user->saveAsNew();
337
338 // If agreement is given. Set user agreement accepted.
339 if($user_data['accepted_agreement'])
340 {
341 $new_user->writeAccepted();
342 }
343
344 // Assign role
345 $rbacadmin->assignUser($global_role_id,$new_user->getId());
346
347 // Assign user prefs
348 $new_user->setLanguage($user_data['user_language']);
349 $new_user->setPref('style',$user_data['user_style']);
350 $new_user->setPref('skin',$user_data['user_skin']);
351 $new_user->setPref('hits_per_page',$ilSetting->get('hits_per_page'));
352 $new_user->setPref('show_users_online',$ilSetting->get('show_users_online'));
353 $new_user->writePrefs();
354
355 return $new_user->getId();
356 }
357
361 function deleteUser($sid,$user_id)
362 {
363 $this->initAuth($sid);
364 $this->initIlias();
365
366 if(!$this->__checkSession($sid))
367 {
368 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
369 }
370
371 if(!isset($user_id))
372 {
373 return $this->__raiseError('No user_id given. Aborting','Client');
374 }
375
376 global $rbacsystem, $ilUser, $log;
377
378 if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
379 {
380 return $this->__raiseError('Check access failed.','Server');
381 }
382
383 if(!$ilUser->getLoginByUserId($user_id))
384 {
385 return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
386 }
387 if($ilUser->getId() == $user_id)
388 {
389 return $this->__raiseError('Cannot delete myself. Aborting','Client');
390 }
391 if($user_id == SYSTEM_USER_ID)
392 {
393 return $this->__raiseError('Cannot delete root account. Aborting','Client');
394 }
395 // Delete him
396 $log->write('SOAP: deleteUser()');
397 $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
398 $delete_user->delete();
399
400 return true;
401 }
402
403
404
405
406 // PRIVATE
407 function __validateUserData(&$user_data,$check_complete = true)
408 {
409 global $lng,$styleDefinition,$ilLog;
410
411 $this->__setMessage('');
412
413 include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
414 $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(
415 ilAuthUtils::_getAuthMode($user_data['auth_mode']));
416
417 if($check_complete)
418 {
419 if(!isset($user_data['login']))
420 {
421 $this->__appendMessage('No login given.');
422 }
423 if(!isset($user_data['passwd']) and !$allow_empty_password)
424 {
425 $this->__appendMessage('No password given.');
426 }
427 if(!isset($user_data['email']))
428 {
429 $this->__appendMessage('No email given');
430 }
431 if(!isset($user_data['user_language']))
432 {
433 $user_data['user_language'] = $lng->getDefaultLanguage();
434 }
435 }
436 foreach($user_data as $field => $value)
437 {
438 switch($field)
439 {
440 case 'login':
441 if (!ilUtil::isLogin($value))
442 {
443 $this->__appendMessage('Login invalid.');
444 }
445
446 // check loginname
447 if($check_complete)
448 {
449 if (ilObjUser::_loginExists($value))
450 {
451 $this->__appendMessage('Login already exists.');
452 }
453 }
454 break;
455
456 case 'passwd':
457 if(!strlen($value) and $allow_empty_password)
458 {
459 break;
460 }
461 if (!ilUtil::isPassword($value))
462 {
463 $this->__appendMessage('Password invalid.');
464 }
465 break;
466
467 case 'email':
468 if(!ilUtil::is_email($value))
469 {
470 $this->__appendMessage('Email invalid.');
471 }
472 break;
473
474 case 'time_limit_unlimited':
475 if($value != 1)
476 {
477 if($user_data['time_limit_from'] >= $user_data['time_limit_until'])
478 {
479 $this->__appendMessage('Time limit invalid');
480 }
481 }
482 break;
483
484 case 'user_language':
485 $lang_inst = $lng->getInstalledLanguages();
486
487 if(!in_array($user_data['user_language'],$lang_inst))
488 {
489 $this->__appendMessage('Language: '.$user_data['user_language'].' is not installed');
490 }
491 break;
492
493
494 case 'user_skin':
495 case 'user_style':
496 if(($user_data['user_skin'] and !$user_data['user_style']) or
497 (!$user_data['user_skin'] and $user_data['user_style']))
498 {
499 $this->__appendMessage('user_skin, user_style not valid.');
500 }
501 elseif($user_data['user_skin'] and $user_data['user_style'])
502 {
503 $ok = false;
504 $templates = $styleDefinition->getAllTemplates();
505 if (count($templates) > 0 && is_array($templates))
506 {
507 foreach($templates as $template)
508 {
509 $styleDef =& new ilStyleDefinition($template["id"]);
510 $styleDef->startParsing();
511 $styles = $styleDef->getStyles();
512 foreach ($styles as $style)
513 {
514 if ($user_data['user_skin'] == $template["id"] &&
515 $user_data['user_style'] == $style["id"])
516 {
517 $ok = true;
518 }
519 }
520 }
521 if(!$ok)
522 {
523 $this->__appendMessage('user_skin, user_style not valid.');
524 }
525 }
526 }
527 break;
528
529 case 'time_limit_owner':
530 $type = ilObject::_lookupType($user_data['time_limit_owner'],true);
531 if($type != 'cat' and $type != 'usrf')
532 {
533 $this->__appendMessage('time_limit_owner must be ref_id of category or user folder'.$type);
534 }
535 break;
536
537
538
539 default:
540 continue;
541 }
542 }
543 return strlen($this->__getMessage()) ? false : true;
544 }
545
546 function __setUserData(&$user_obj,&$user_data)
547 {
548 // Default to unlimited if no access period is given
549 if(!$user_data['time_limit_from'] and
550 !$user_data['time_limit_until'] and
551 !$user_data['time_limit_unlimited'])
552 {
553 $user_data['time_limit_unlimited'] = 1;
554 }
555 if(!$user_data['time_limit_owner'])
556 {
557 $user_data['time_limit_owner'] = USER_FOLDER_ID;
558 }
559
560
561 // not supported fields by update/addUser
562 $user_data['im_icq'] = $user_obj->getInstantMessengerId('icq');
563 $user_data['im_yahoo'] = $user_obj->getInstantMessengerId('yahoo');
564 $user_data['im_msn'] = $user_obj->getInstantMessengerId('msn');
565 $user_data['im_aim'] = $user_obj->getInstantMessengerId('aim');
566 $user_data['im_skype'] = $user_obj->getInstantMessengerId('skype');
567 $user_data['im_jabber'] = $user_obj->getInstantMessengerId('jabber');
568 $user_data['im_voip'] = $user_obj->getInstantMessengerId('voip');
569
570 $user_data['delicious'] = $user_obj->getDelicious();
571 $user_data['latitude'] = $user_obj->getLatitude();
572 $user_data['longitude'] = $user_obj->getLongitude();
573 $user_data['loc_zoom'] = $user_obj->getLocationZoom();
574
575
576 $user_data['auth_mode'] = $user_obj->getAuthMode();
577 $user_data['ext_account'] = $user_obj->getExternalAccount();
578 $user_obj->assignData($user_data);
579
580 if(isset($user_data['user_language']))
581 {
582 $user_obj->setLanguage($user_data['user_language']);
583 }
584 if(isset($user_data['user_skin']) and isset($user_data['user_style']))
585 {
586 $user_obj->setPref('skin',$user_data['user_skin']);
587 $user_obj->setPref('style',$user_data['user_style']);
588 }
589 return true;
590 }
591
592 function __readUserData(&$usr_obj)
593 {
594 $usr_data['usr_id'] = $usr_obj->getId();
595 $usr_data['login'] = $usr_obj->getLogin();
596 $usr_data['passwd'] = $usr_obj->getPasswd();
597 $usr_data['passwd_type'] = $usr_obj->getPasswdType();
598 $usr_data['firstname'] = $usr_obj->getFirstname();
599 $usr_data['lastname'] = $usr_obj->getLastname();
600 $usr_data['title'] = $usr_obj->getUTitle();
601 $usr_data['gender'] = $usr_obj->getGender();
602 $usr_data['email'] = $usr_obj->getEmail();
603 $usr_data['institution'] = $usr_obj->getInstitution();
604 $usr_data['street'] = $usr_obj->getStreet();
605 $usr_data['city'] = $usr_obj->getCity();
606 $usr_data['zipcode'] = $usr_obj->getZipcode();
607 $usr_data['country'] = $usr_obj->getCountry();
608 $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
609 $usr_data['last_login'] = $usr_obj->getLastLogin();
610 $usr_data['last_update'] = $usr_obj->getLastUpdate();
611 $usr_data['create_date'] = $usr_obj->getCreateDate();
612 $usr_data['hobby'] = $usr_obj->getHobby();
613 $usr_data['department'] = $usr_obj->getDepartment();
614 $usr_data['phone_home'] = $usr_obj->getPhoneHome();
615 $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
616 $usr_data['fax'] = $usr_obj->getFax();
617 $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
618 $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
619 $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
620 $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
621 $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
622 $usr_data['referral_comment'] = $usr_obj->getComment();
623 $usr_data['matriculation'] = $usr_obj->getMatriculation();
624 $usr_data['active'] = $usr_obj->getActive();
625 $usr_data['approve_date'] = $usr_obj->getApproveDate();
626 $usr_data['user_skin'] = $usr_obj->getPref('skin');
627 $usr_data['user_style'] = $usr_obj->getPref('style');
628 $usr_data['user_language'] = $usr_obj->getLanguage();
629 $usr_data['auth_mode'] = $usr_obj->getAuthMode();
630 $usr_data['accepted_agreement'] = !$usr_obj->hasToAcceptTermsOfService();
631 $usr_data['import_id'] = $usr_obj->getImportId();
632
633 return $usr_data;
634 }
635
636 function __substituteUserData($user_old,$user_new)
637 {
638 foreach($user_new as $key => $value)
639 {
640 $user_old[$key] = $value;
641 }
642 return $user_old ? $user_old : array();
643 }
644
651 function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
652 {
653 $this->initAuth($sid);
654 $this->initIlias();
655
656 if(!$this->__checkSession($sid))
657 {
658 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
659 }
660
661
662 include_once './Services/User/classes/class.ilUserImportParser.php';
663 include_once './Services/AccessControl/classes/class.ilObjRole.php';
664 include_once './Services/Object/classes/class.ilObjectFactory.php';
665 global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
666
667 // this takes time but is nescessary
668 $error = false;
669
670
671 // validate to prevent wrong XMLs
672 $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
673 if ($error)
674 {
675 $msg = array();
676 if (is_array($error))
677 {
678 foreach ($error as $err) {
679 $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
680 }
681 }
682 else
683 {
684 $msg[] = $error;
685 }
686 $msg = join("\n",$msg);
687 return $this->__raiseError($msg, "Client");
688 }
689
690
691 switch ($conflict_rule)
692 {
693 case 2:
694 $conflict_rule = IL_UPDATE_ON_CONFLICT;
695 break;
696 case 3:
697 $conflict_rule = IL_IGNORE_ON_CONFLICT;
698 break;
699 default:
700 $conflict_rule = IL_FAIL_ON_CONFLICT;
701 }
702
703
704 // folder id 0, means to check permission on user basis!
705 // must have create user right in time_limit_owner property (which is ref_id of container)
706 if ($folder_id != 0)
707 {
708 // determine where to import
709 if ($folder_id == -1)
710 $folder_id = USER_FOLDER_ID;
711
712 // get folder
713 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
714 // id does not exist
715 if (!$import_folder)
716 return $this->__raiseError('Wrong reference id.','Server');
717
718 // folder is not a folder, can also be a category
719 if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
720 return $this->__raiseError('Folder must be a usr folder or a category.','Server');
721
722 // check access to folder
723 if(!$rbacsystem->checkAccess('create_usr',$folder_id))
724 {
725 return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
726 }
727 }
728
729 // first verify
730
731
732 $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
733 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
734 $importParser->setXMLContent($usr_xml);
735 $importParser->startParsing();
736
737 switch ($importParser->getErrorLevel())
738 {
739 case IL_IMPORT_SUCCESS :
740 break;
741 case IL_IMPORT_WARNING :
742 return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
743 break;
744 case IL_IMPORT_FAILURE :
745 return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
746 }
747
748 // verify is ok, so get role assignments
749
750 $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
751 $importParser->setXMLContent($usr_xml);
752 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
753 $importParser->startParsing();
754
755 $roles = $importParser->getCollectedRoles();
756
757 //print_r($roles);
758
759
760
761 // roles to be assigned, skip if one is not allowed!
762 $permitted_roles = array();
763 foreach ($roles as $role_id => $role)
764 {
765 if (!is_numeric ($role_id))
766 {
767 // check if internal id
768 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
769
770 if (is_numeric($internalId))
771 {
772 $role_id = $internalId;
773 $role_name = $role_id;
774 }
775/* else // perhaps it is a rolename
776 {
777 $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
778 $role_name = $role->title;
779 $role_id = $role->role_id;
780 }*/
781 }
782
783 if($this->isPermittedRole($folder_id,$role_id))
784 {
785 $permitted_roles[$role_id] = $role_id;
786 }
787 else
788 {
789 $role_name = ilObject::_lookupTitle($role_id);
790 return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
791 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
792 }
793 }
794
795 $global_roles = $rbacreview->getGlobalRoles();
796
797 //print_r ($global_roles);
798
799
800
801 foreach ($permitted_roles as $role_id => $role_name)
802 {
803 if ($role_id != "")
804 {
805 if (in_array($role_id, $global_roles))
806 {
807 if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
808 || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
809 )
810 {
811 return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
812 }
813 }
814 else
815 {
816 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
817 if ($rbacreview->isDeleted($rolf[0])
818 || ! $rbacsystem->checkAccess('write',$rolf[0]))
819 {
820
821 return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
822 }
823 }
824 }
825 }
826
827 //print_r ($permitted_roles);
828
829 $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
830 $importParser->setSendMail($send_account_mail);
831 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
832 $importParser->setFolderId($folder_id);
833 $importParser->setXMLContent($usr_xml);
834
835 $importParser->setRoleAssignment($permitted_roles);
836
837 $importParser->startParsing();
838
839 if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
840 {
841 return $this->__getUserMappingAsXML ($importParser->getUserMapping());
842 }
843 return $this->__getImportProtocolAsXML ($importParser->getProtocol());
844
845 }
846
854 protected function isPermittedRole($a_folder,$a_role)
855 {
856 static $checked_roles = array();
857 static $global_roles = null;
858
859
860 if(isset($checked_roles[$a_role]))
861 {
862 return $checked_roles[$a_role];
863 }
864
865 global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
866
867 $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
868 $location = $locations[0];
869
870 // global role
871 if($location == ROLE_FOLDER_ID)
872 {
873 $ilLog->write(__METHOD__.': Check global role');
874 // check assignment permission if called from local admin
875
876
877 if($a_folder != USER_FOLDER_ID and $a_folder != 0)
878 {
879 $ilLog->write(__METHOD__.': '.$a_folder);
880 include_once './Services/AccessControl/classes/class.ilObjRole.php';
882 {
883 $ilLog->write(__METHOD__.': No assignment allowed');
884 $checked_roles[$a_role] = false;
885 return false;
886 }
887 }
888 // exclude anonymous role from list
889 if ($a_role == ANONYMOUS_ROLE_ID)
890 {
891 $ilLog->write(__METHOD__.': Anonymous role chosen.');
892 $checked_roles[$a_role] = false;
893 return false;
894 }
895 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
896 if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
897 {
898 $ilLog->write(__METHOD__.': System role assignment forbidden.');
899 $checked_roles[$a_role] = false;
900 return false;
901 }
902
903 // Global role assignment ok
904 $ilLog->write(__METHOD__.': Assignment allowed.');
905 $checked_roles[$a_role] = true;
906 return true;
907 }
908 elseif($location)
909 {
910 $ilLog->write(__METHOD__.': Check local role.');
911
912 // It's a local role
913 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
914 $rolf = $rolfs[0];
915
916
917 // only process role folders that are not set to status "deleted"
918 // and for which the user has write permissions.
919 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
920 // (The ROLE_FOLDER_ID folder contains the global roles).
921 if($rbacreview->isDeleted($rolf)
922 || !$rbacsystem->checkAccess('edit_permission',$rolf))
923 {
924 $ilLog->write(__METHOD__.': Role deleted or no permission.');
925 $checked_roles[$a_role] = false;
926 return false;
927 }
928 // A local role is only displayed, if it is contained in the subtree of
929 // the localy administrated category. If the import function has been
930 // invoked from the user folder object, we show all local roles, because
931 // the user folder object is considered the parent of all local roles.
932 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
933 // isInSubtree variable with true. In all other cases it is initialized
934 // with false, and only set to true if we find the object id of the
935 // locally administrated category in the tree path to the local role.
936 if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
937 {
938 $ilLog->write(__METHOD__.': Not in path of category.');
939 $checked_roles[$a_role] = false;
940 return false;
941 }
942 $ilLog->write(__METHOD__.': Assignment allowed.');
943 $checked_roles[$a_role] = true;
944 return true;
945 }
946 }
947
948
952 function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
953 {
954 $this->initAuth($sid);
955 $this->initIlias();
956
957 if(!$this->__checkSession($sid))
958 {
959 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
960 }
961
962 global $ilDB, $tree, $rbacreview, $rbacsystem;
963
964 if ($ref_id == -1)
966
967 $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
968 if ($this->isFault($object))
969 return $object;
970
971 $data = array();
972 switch ($object->getType()) {
973 case "usrf":
975 break;
976 case "cat":
978 break;
979 case "crs":
980 {
981 // GET ALL MEMBERS
982 $roles = $object->__getLocalRoles();
983
984 foreach($roles as $role_id)
985 {
986 $data = array_merge($rbacreview->assignedUsers($role_id, array()),$data);
987 }
988
989 break;
990 }
991 case "grp":
992 $member_ids = $object->getGroupMemberIds();
993 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
994 break;
995 case "sess":
996 $course_ref_id = $tree->checkForParentType($ref_id,'crs');
997 if(!$course_ref_id)
998 {
999 return $this->__raiseError("No course for session", "Client");
1000 }
1001
1002 $event_obj_id = ilObject::_lookupObjId($ref_id);
1003 include_once 'Modules/Session/classes/class.ilEventParticipants.php';
1004 $event_part = new ilEventParticipants($event_obj_id);
1005 $member_ids = array_keys($event_part->getParticipants());
1006 $data = ilObjUser::_getUsersForIds($member_ids, $active);
1007 break;
1008 }
1009
1010 if (is_array($data))
1011 {
1012 include_once './Services/User/classes/class.ilUserXMLWriter.php';
1013
1014 $xmlWriter = new ilUserXMLWriter();
1015 $xmlWriter->setObjects($data);
1016 $xmlWriter->setAttachRoles ($attachRoles);
1017
1018 if($xmlWriter->start())
1019 {
1020 return $xmlWriter->getXML();
1021 }
1022 }
1023 return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
1024 }
1025
1026
1030 function getUserForRole($sid, $role_id, $attachRoles, $active)
1031 {
1032 $this->initAuth($sid);
1033 $this->initIlias();
1034
1035 if(!$this->__checkSession($sid))
1036 {
1037 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1038 }
1039
1040 include_once './Services/AccessControl/classes/class.ilObjRole.php';
1041 global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
1042
1043
1044 $global_roles = $rbacreview->getGlobalRoles();
1045
1046
1047 if (in_array($role_id, $global_roles))
1048 {
1049 if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
1050 )
1051 {
1052 return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1053 }
1054 }
1055 else
1056 {
1057 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
1058 if ($rbacreview->isDeleted($rolf[0])
1059 || ! $rbacsystem->checkAccess('write',$rolf[0]))
1060 {
1061 return $this->__raiseError("Role access not permitted. ($role_id)","Server");
1062 }
1063 include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
1065 if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
1066 !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
1067 return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
1068 }
1069
1070
1071 }
1072
1073 $data = ilObjUser::_getUsersForRole($role_id, $active);
1074 include_once './Services/User/classes/class.ilUserXMLWriter.php';
1075
1076 $xmlWriter = new ilUserXMLWriter();
1077 $xmlWriter->setAttachRoles($attachRoles);
1078
1079 $xmlWriter->setObjects($data);
1080
1081 if($xmlWriter->start())
1082 {
1083 return $xmlWriter->getXML();
1084 }
1085 return $this->__raiseError('Error in getUsersForRole','Server');
1086 }
1087
1088
1089
1094 function __getImportProtocolAsXML ($a_array)
1095 {
1096 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1097 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1098
1099 $xmlResultSet = new ilXMLResultSet ();
1100 $xmlResultSet->addColumn ("userid");
1101 $xmlResultSet->addColumn ("login");
1102 $xmlResultSet->addColumn ("action");
1103 $xmlResultSet->addColumn ("message");
1104
1105 foreach ($a_array as $username => $messages)
1106 {
1107 foreach ($messages as $message)
1108 {
1109
1110 $xmlRow = new ilXMLResultSetRow ();
1111 $xmlRow->setValue (0, 0);
1112 $xmlRow->setValue (1, $username);
1113 $xmlRow->setValue (2, "");
1114 $xmlRow->setValue (3, $message);
1115
1116 $xmlResultSet->addRow ($xmlRow);
1117 }
1118 }
1119
1120 $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
1121
1122 if ($xml_writer->start ())
1123 return $xml_writer->getXML();
1124
1125 return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
1126 }
1127
1134 function __getUserMappingAsXML ($a_array)
1135 {
1136 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
1137 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
1138
1139 $xmlResultSet = new ilXMLResultSet ();
1140 $xmlResultSet->addColumn ("userid");
1141 $xmlResultSet->addColumn ("login");
1142 $xmlResultSet->addColumn ("action");
1143 $xmlResultSet->addColumn ("message");
1144
1145 if (count($a_array))
1146 foreach ($a_array as $username => $message)
1147 {
1148 $xmlRow = new ilXMLResultSetRow ();
1149 $xmlRow->setValue (0, $username);
1150 $xmlRow->setValue (1, $message["login"]);
1151 $xmlRow->setValue (2, $message["action"]);
1152 $xmlRow->setValue (3, $message["message"]);
1153
1154 $xmlResultSet->addRow ($xmlRow);
1155 }
1156
1157 $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
1158
1159 if ($xml_writer->start ())
1160 return $xml_writer->getXML();
1161
1162 return $this->__raiseError('Error in __getUserMappingAsXML','Server');
1163
1164 }
1165
1174 function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
1175
1176 $this->initAuth($sid);
1177 $this->initIlias();
1178
1179 if(!$this->__checkSession($sid))
1180 {
1181 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1182 }
1183
1184 global $ilDB, $rbacsystem;
1185
1186 if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
1187 {
1188 return $this->__raiseError('Check access failed.','Server');
1189 }
1190
1191
1192 if (!count($a_keyfields))
1193 $this->__raiseError('At least one keyfield is needed','Client');
1194
1195 if (!count ($a_keyvalues))
1196 $this->__raiseError('At least one keyvalue is needed','Client');
1197
1198 if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
1199 $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
1200
1201
1202 $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
1203
1204 $query = "SELECT usr_data.*, usr_pref.value AS language
1205 FROM usr_data
1206 LEFT JOIN usr_pref
1207 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = ".
1208 $ilDB->quote("language", "text").
1209 "'language'
1210 WHERE 1 = 1 ".$query;
1211
1212 if (is_numeric($active) && $active > -1)
1213 $query .= " AND active = ". $ilDB->quote($active);
1214
1215 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
1216
1217 //echo $query;
1218
1219 $r = $ilDB->query($query);
1220
1221 $data = array();
1222
1223 while($row = $ilDB->fetchAssoc($r))
1224 {
1225 $data[] = $row;
1226 }
1227
1228 include_once './Services/User/classes/class.ilUserXMLWriter.php';
1229
1230 $xmlWriter = new ilUserXMLWriter();
1231 $xmlWriter->setAttachRoles($attach_roles);
1232
1233 $xmlWriter->setObjects($data);
1234
1235 if($xmlWriter->start())
1236 {
1237 return $xmlWriter->getXML();
1238 }
1239 return $this->__raiseError('Error in searchUser','Server');
1240 }
1241
1250 function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
1251 global $ilDB;
1252 $query = array();
1253
1254 $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
1255
1256 foreach ($a_keyfields as $keyfield)
1257 {
1258 $keyfield = strtolower($keyfield);
1259
1260 if (!in_array($keyfield, $allowed_fields))
1261 continue;
1262
1263 $field_query = array ();
1264 foreach ($a_keyvalues as $keyvalue)
1265 {
1266 if (strlen($keyvalue) >= 3) {
1267 $field_query []= $keyfield." like '%".$keyvalue."%'";
1268 }
1269
1270 }
1271 if (count($field_query))
1272 $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
1273
1274 }
1275
1276 return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
1277 }
1278
1279
1287 function getUserXML($sid, $a_user_ids, $attach_roles)
1288 {
1289 $this->initAuth($sid);
1290 $this->initIlias();
1291
1292 if(!$this->__checkSession($sid))
1293 {
1294 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1295 }
1296
1297 global $rbacsystem, $ilUser, $ilDB;
1298
1299 // check if own account
1300 $is_self = false;
1301 if(is_array($a_user_ids) and count($a_user_ids) == 1)
1302 {
1303 if(end($a_user_ids) == $ilUser->getId())
1304 {
1305 $is_self = true;
1306 }
1307 }
1308 elseif(is_numeric($a_user_ids))
1309 {
1310 if($a_user_ids == $ilUser->getId())
1311 {
1312 $is_self = true;
1313 }
1314 }
1315
1316 if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID) and !$is_self)
1317 {
1318 return $this->__raiseError('Check access failed.','Server');
1319 }
1320
1321 // begin-patch filemanager
1322 $data = ilObjUser::_getUserData((array) $a_user_ids);
1323 // end-patch filemanager
1324
1325 include_once './Services/User/classes/class.ilUserXMLWriter.php';
1326 $xmlWriter = new ilUserXMLWriter();
1327 $xmlWriter->setAttachRoles($attach_roles);
1328 $xmlWriter->setObjects($data);
1329
1330 if($xmlWriter->start())
1331 {
1332 return $xmlWriter->getXML();
1333 }
1334
1335 return $this->__raiseError('User does not exist','Client');
1336 }
1337
1338
1339 // has new mail
1340 function hasNewMail($sid)
1341 {
1342 $this->initAuth($sid);
1343 $this->initIlias();
1344
1345 if(!$this->__checkSession($sid))
1346 {
1347 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1348 }
1349
1350 global $ilUser;
1351
1352 include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
1354 {
1355 return true;
1356 }
1357 else
1358 {
1359 return false;
1360 }
1361 }
1362
1363 public function getUserIdBySid($sid)
1364 {
1365 $this->initAuth($sid);
1366 $this->initIlias();
1367
1368 if(!$this->__checkSession($sid))
1369 {
1370 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1371 }
1372
1373 global $ilDB;
1374
1375 $parts = explode('::', $sid);
1376 $query = "SELECT usr_id FROM usr_session "
1377 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1378 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1379 $data = $ilDB->fetchAssoc($res);
1380
1381 if(!(int)$data['usr_id'])
1382 {
1383 $this->__raiseError('User does not exist', 'Client');
1384 }
1385
1386 return (int)$data['usr_id'];
1387 }
1388
1389}
1390?>
$location
Definition: buildRTE.php:44
const AUTH_CAS
const USER_FOLDER_ID
Class ilObjUserFolder.
const IL_PASSWD_PLAIN
const IL_PASSWD_CRYPTED
const IL_FAIL_ON_CONFLICT
const IL_USER_MAPPING_ID
const IL_IMPORT_FAILURE
const IL_UPDATE_ON_CONFLICT
const IL_EXTRACT_ROLES
const IL_IMPORT_SUCCESS
const IL_USER_IMPORT
const IL_VERIFY
const IL_IGNORE_ON_CONFLICT
const IL_IMPORT_WARNING
_getAuthMode($a_auth_mode, $a_db_handler='')
static _needsExternalAccountByAuthMode($a_auth_mode)
Check if chosen auth mode needs an external account entry.
static getNumberOfNewMailsByUserId($usr_id)
Determines the number of new mails for the passed user id and stores this information in a local cach...
_getAssignUsersStatus($a_role_id)
static _getUsersForIds($a_mem_ids, $active=-1, $timelimitowner=-1)
return user data for given user id
static _getUsersForRole($role_id, $active=-1)
return array of complete users which belong to a specific role
static _getUserData($a_internalids)
return user data for given user ids
static _getUsersForFolder($ref_id, $active)
getUserIdByLogin($a_login)
static _getUsersForGroup($a_mem_ids, $active=-1)
return user data for group members
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
static _getInstance()
Get instance of ilPrivacySettings.
__initAuthenticationObject($a_auth_mode=AUTH_LOCAL)
__raiseError($a_message, $a_code)
checkObjectAccess($ref_id, $expected_type, $permission, $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
addUser($sid, $user_data, $global_role_id)
__validateUserData(&$user_data, $check_complete=true)
importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
define ("IL_FAIL_ON_CONFLICT", 1); define ("IL_UPDATE_ON_CONFLICT", 2); define ("IL_IGNORE_ON_CONFLIC...
getUserForRole($sid, $role_id, $attachRoles, $active)
getUsersForContainer($sid, $ref_id, $attachRoles, $active)
return list of users following dtd users_3_7
loginLDAP($client, $username, $password)
__getImportProtocolAsXML($a_array)
Create XML ResultSet.
__buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
create search term according to parameters
searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
return user xml following dtd 3.7
isPermittedRole($a_folder, $a_role)
check if assignment is allowed
updatePassword($sid, $user_id, $new_password)
__getUserMappingAsXML($a_array)
return user mapping as xml
getUserXML($sid, $a_user_ids, $attach_roles)
return user xmls for given user ids (csv separated ids) as xml based on usr dtd.
parses the template.xml that defines all styles of the current template
XML writer class.
static is_email($a_email)
This preg-based function checks whether an e-mail address is formally valid.
isLogin($a_login)
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
static isPassword($a_passwd, &$customError=null)
validates a password @access public
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
XML Writer for XMLResultSet.
$_POST['username']
Definition: cron.php:12
$_COOKIE["ilClientId"]
Definition: cron.php:11
const DOMXML_LOAD_VALIDATING
$new_user
domxml_open_mem($str, $mode=DOMXML_LOAD_PARSING, &$error=NULL)
$messages
Definition: en-x-test.php:7
global $lng
Definition: privfeed.php:40
global $ilSetting
Definition: privfeed.php:40
$ref_id
Definition: sahs_server.php:39
global $ilDB
global $ilUser
Definition: imgupload.php:15