ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1<?php
2 /*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22 */
23
24
33include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34
35class ilSoapUserAdministration extends ilSoapAdministration
36{
37
46 public function login($client,$username,$password)
47 {
51 global $ilUser;
52
53 unset($_COOKIE['PHPSESSID']);
54 $_COOKIE['ilClientId'] = $client;
55
56 try
57 {
58 $this->initIlias();
59 }
60 catch(Exception $e)
61 {
62 return $this->__raiseError($e->getMessage(), 'Server');
63 }
64
65 // now try authentication
66 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
67 $credentials = new ilAuthFrontendCredentials();
68 $credentials->setUsername($username);
69 $credentials->setPassword($password);
70
71 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
72 $provider_factory = new ilAuthProviderFactory();
73 $providers = $provider_factory->getProviders($credentials);
74
75 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
76 $status = ilAuthStatus::getInstance();
77
78 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
79 $frontend_factory = new ilAuthFrontendFactory();
80 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_CLI);
81 $frontend = $frontend_factory->getFrontend(
82 $GLOBALS['DIC']['ilAuthSession'],
83 $status,
84 $credentials,
85 $providers
86 );
87
88 $frontend->authenticate();
89
90 switch($status->getStatus())
91 {
92 case ilAuthStatus::STATUS_AUTHENTICATED:
93 ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
94 return $GLOBALS['DIC']['ilAuthSession']->getId().'::'.$client;
95
96
97 default:
98 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
99 return $this->__raiseError(
100 $status->getReason(),
101 'Server'
102 );
103 }
104 return true;
105 }
106
107 // Service methods
108 function loginCAS($client, $PT, $username)
109 {
110 $this->__initAuthenticationObject(AUTH_CAS);
111 $this->sauth->setClient($client);
112 $this->sauth->setUsername($username);
113 $this->sauth->setPT($PT);
114 $authenticated = true;
115 //include_once("./Services/CAS/classes/class.ilCASAuth.php");
116 //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
117 if(!$this->sauth->authenticate())
118 {
119 $authenticated = false;
120 }
121 if(!$authenticated)
122 {
123 return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
124 }
125 return $this->sauth->getSid().'::'.$client;
126 }
127
128 // Service methods
137 public function loginLDAP($client, $username, $password)
138 {
139 return $this->login($client, $username, $password);
140 }
141
149 public function loginStudipUser($sid, $user_id)
150 {
151 global $rbacreview, $ilUser, $ilIliasIniFile;
152
153 $this->initAuth($sid);
154 $this->initIlias();
155 list($admin_sid,$client) = $this->__explodeSid($sid);
156
157 if(!$this->__checkSession($sid))
158 {
159 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
160 }
161
162 if (!$ilIliasIniFile->readVariable('server', 'studip'))
163 {
164 return $this->__raiseError('Stud.IP mode not active.','Server');
165 }
166
167 if(!$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID))
168 {
169 return $this->__raiseError('No permission to initialize user session.','Server');
170 }
171
172 if($ilUser->getLoginByUserId($user_id))
173 {
174 // logout admin
175 include_once './Services/Authentication/classes/class.ilSession.php';
176 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
177 $GLOBALS['DIC']['ilAuthSession']->logout();
178 unset($_COOKIE['PHPSESSID']);
179
180 // init session and set user as authenticated
181 $_COOKIE['ilClientId'] = $client;
182 $GLOBALS['DIC']['ilAuthSession']->init();
183 $GLOBALS['DIC']['ilAuthSession']->setAuthenticated(true, $user_id);
184 return (session_id().'::'.$client);
185 }
186 return $this->__raiseError('User does not exist','Client');
187 }
188
194 public function logout($sid)
195 {
196 $this->initAuth($sid);
197 $this->initIlias();
198
199 if(!$this->__checkSession($sid))
200 {
201 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
202 }
203
204 include_once './Services/Authentication/classes/class.ilSession.php';
205 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
206 $GLOBALS['DIC']['ilAuthSession']->logout();
207 return true;
208 }
209
210 function lookupUser($sid,$user_name)
211 {
212 $this->initAuth($sid);
213 $this->initIlias();
214
215 if(!$this->__checkSession($sid))
216 {
217 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
218 }
219
220 $user_name = trim($user_name);
221
222 if(!strlen($user_name))
223 {
224 return $this->__raiseError('No username given. Aborting','Client');
225 }
226
227 global $rbacsystem, $ilUser ;
228
229 if(strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
230 {
231 return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
232 }
233
234 $user_id = ilObjUser::getUserIdByLogin($user_name);
235
236
237 return $user_id ? $user_id : "0";
238
239 }
240
241 function getUser($sid,$user_id)
242 {
243 $this->initAuth($sid);
244 $this->initIlias();
245
246 if(!$this->__checkSession($sid))
247 {
248 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
249 }
250
251 global $rbacsystem, $ilUser;
252
253 if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
254 {
255 return $this->__raiseError('Check access failed.','Server');
256 }
257
258 if($ilUser->getLoginByUserId($user_id))
259 {
260 $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
261 $usr_data = $this->__readUserData($tmp_user);
262
263 return $usr_data;
264 }
265 return $this->__raiseError('User does not exist','Client');
266 }
267
268
272 function deleteUser($sid,$user_id)
273 {
274 $this->initAuth($sid);
275 $this->initIlias();
276
277 if(!$this->__checkSession($sid))
278 {
279 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
280 }
281
282 if(!isset($user_id))
283 {
284 return $this->__raiseError('No user_id given. Aborting','Client');
285 }
286
287 global $rbacsystem, $ilUser, $log;
288
289 if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
290 {
291 return $this->__raiseError('Check access failed.','Server');
292 }
293
294 if(!$ilUser->getLoginByUserId($user_id))
295 {
296 return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
297 }
298 if($ilUser->getId() == $user_id)
299 {
300 return $this->__raiseError('Cannot delete myself. Aborting','Client');
301 }
302 if($user_id == SYSTEM_USER_ID)
303 {
304 return $this->__raiseError('Cannot delete root account. Aborting','Client');
305 }
306 // Delete him
307 $log->write('SOAP: deleteUser()');
308 $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
309 $delete_user->delete();
310
311 return true;
312 }
313
314 function __readUserData(&$usr_obj)
315 {
316 $usr_data['usr_id'] = $usr_obj->getId();
317 $usr_data['login'] = $usr_obj->getLogin();
318 $usr_data['passwd'] = $usr_obj->getPasswd();
319 $usr_data['passwd_type'] = $usr_obj->getPasswdType();
320 $usr_data['firstname'] = $usr_obj->getFirstname();
321 $usr_data['lastname'] = $usr_obj->getLastname();
322 $usr_data['title'] = $usr_obj->getUTitle();
323 $usr_data['gender'] = $usr_obj->getGender();
324 $usr_data['email'] = $usr_obj->getEmail();
325 $usr_data['institution'] = $usr_obj->getInstitution();
326 $usr_data['street'] = $usr_obj->getStreet();
327 $usr_data['city'] = $usr_obj->getCity();
328 $usr_data['zipcode'] = $usr_obj->getZipcode();
329 $usr_data['country'] = $usr_obj->getCountry();
330 $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
331 $usr_data['last_login'] = $usr_obj->getLastLogin();
332 $usr_data['last_update'] = $usr_obj->getLastUpdate();
333 $usr_data['create_date'] = $usr_obj->getCreateDate();
334 $usr_data['hobby'] = $usr_obj->getHobby();
335 $usr_data['department'] = $usr_obj->getDepartment();
336 $usr_data['phone_home'] = $usr_obj->getPhoneHome();
337 $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
338 $usr_data['fax'] = $usr_obj->getFax();
339 $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
340 $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
341 $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
342 $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
343 $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
344 $usr_data['referral_comment'] = $usr_obj->getComment();
345 $usr_data['matriculation'] = $usr_obj->getMatriculation();
346 $usr_data['active'] = $usr_obj->getActive();
347 $usr_data['approve_date'] = $usr_obj->getApproveDate();
348 $usr_data['user_skin'] = $usr_obj->getPref('skin');
349 $usr_data['user_style'] = $usr_obj->getPref('style');
350 $usr_data['user_language'] = $usr_obj->getLanguage();
351 $usr_data['auth_mode'] = $usr_obj->getAuthMode();
352 $usr_data['accepted_agreement'] = !$usr_obj->hasToAcceptTermsOfService();
353 $usr_data['import_id'] = $usr_obj->getImportId();
354
355 return $usr_data;
356 }
357
364 function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
365 {
366 $this->initAuth($sid);
367 $this->initIlias();
368
369 if(!$this->__checkSession($sid))
370 {
371 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
372 }
373
374
375 include_once './Services/User/classes/class.ilUserImportParser.php';
376 include_once './Services/AccessControl/classes/class.ilObjRole.php';
377 include_once './Services/Object/classes/class.ilObjectFactory.php';
378 global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
379
380 // this takes time but is nescessary
381 $error = false;
382
383
384 // validate to prevent wrong XMLs
385 $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
386 if ($error)
387 {
388 $msg = array();
389 if (is_array($error))
390 {
391 foreach ($error as $err) {
392 $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
393 }
394 }
395 else
396 {
397 $msg[] = $error;
398 }
399 $msg = join("\n",$msg);
400 return $this->__raiseError($msg, "Client");
401 }
402
403
404 switch ($conflict_rule)
405 {
406 case 2:
407 $conflict_rule = IL_UPDATE_ON_CONFLICT;
408 break;
409 case 3:
410 $conflict_rule = IL_IGNORE_ON_CONFLICT;
411 break;
412 default:
413 $conflict_rule = IL_FAIL_ON_CONFLICT;
414 }
415
416
417 // folder id 0, means to check permission on user basis!
418 // must have create user right in time_limit_owner property (which is ref_id of container)
419 if ($folder_id != 0)
420 {
421 // determine where to import
422 if ($folder_id == -1)
423 $folder_id = USER_FOLDER_ID;
424
425 // get folder
426 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
427 // id does not exist
428 if (!$import_folder)
429 return $this->__raiseError('Wrong reference id.','Server');
430
431 // folder is not a folder, can also be a category
432 if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
433 return $this->__raiseError('Folder must be a usr folder or a category.','Server');
434
435 // check access to folder
436 if(!$rbacsystem->checkAccess('create_usr',$folder_id))
437 {
438 return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
439 }
440 }
441
442 // first verify
443
444
445 $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
446 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
447 $importParser->setXMLContent($usr_xml);
448 $importParser->startParsing();
449
450 switch ($importParser->getErrorLevel())
451 {
452 case IL_IMPORT_SUCCESS :
453 break;
454 case IL_IMPORT_WARNING :
455 return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
456 break;
457 case IL_IMPORT_FAILURE :
458 return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
459 }
460
461 // verify is ok, so get role assignments
462
463 $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
464 $importParser->setXMLContent($usr_xml);
465 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
466 $importParser->startParsing();
467
468 $roles = $importParser->getCollectedRoles();
469
470 //print_r($roles);
471
472
473
474 // roles to be assigned, skip if one is not allowed!
475 $permitted_roles = array();
476 foreach ($roles as $role_id => $role)
477 {
478 if (!is_numeric ($role_id))
479 {
480 // check if internal id
481 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
482
483 if (is_numeric($internalId))
484 {
485 $role_id = $internalId;
486 $role_name = $role_id;
487 }
488/* else // perhaps it is a rolename
489 {
490 $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
491 $role_name = $role->title;
492 $role_id = $role->role_id;
493 }*/
494 }
495
496 if($this->isPermittedRole($folder_id,$role_id))
497 {
498 $permitted_roles[$role_id] = $role_id;
499 }
500 else
501 {
502 $role_name = ilObject::_lookupTitle($role_id);
503 return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
504 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
505 }
506 }
507
508 $global_roles = $rbacreview->getGlobalRoles();
509
510 //print_r ($global_roles);
511
512
513
514 foreach ($permitted_roles as $role_id => $role_name)
515 {
516 if ($role_id != "")
517 {
518 if (in_array($role_id, $global_roles))
519 {
520 if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
521 || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
522 )
523 {
524 return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
525 }
526 }
527 else
528 {
529 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
530 if ($rbacreview->isDeleted($rolf[0])
531 || ! $rbacsystem->checkAccess('write',$rolf[0]))
532 {
533
534 return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
535 }
536 }
537 }
538 }
539
540 //print_r ($permitted_roles);
541
542 $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
543 $importParser->setSendMail($send_account_mail);
544 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
545 $importParser->setFolderId($folder_id);
546 $importParser->setXMLContent($usr_xml);
547
548 $importParser->setRoleAssignment($permitted_roles);
549
550 $importParser->startParsing();
551
552 if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
553 {
554 return $this->__getUserMappingAsXML ($importParser->getUserMapping());
555 }
556 return $this->__getImportProtocolAsXML ($importParser->getProtocol());
557
558 }
559
567 protected function isPermittedRole($a_folder,$a_role)
568 {
569 static $checked_roles = array();
570 static $global_roles = null;
571
572
573 if(isset($checked_roles[$a_role]))
574 {
575 return $checked_roles[$a_role];
576 }
577
578 global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
579
580 $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
581 $location = $locations[0];
582
583 // global role
584 if($location == ROLE_FOLDER_ID)
585 {
586 $ilLog->write(__METHOD__.': Check global role');
587 // check assignment permission if called from local admin
588
589
590 if($a_folder != USER_FOLDER_ID and $a_folder != 0)
591 {
592 $ilLog->write(__METHOD__.': '.$a_folder);
593 include_once './Services/AccessControl/classes/class.ilObjRole.php';
594 if(!ilObjRole::_getAssignUsersStatus($a_role))
595 {
596 $ilLog->write(__METHOD__.': No assignment allowed');
597 $checked_roles[$a_role] = false;
598 return false;
599 }
600 }
601 // exclude anonymous role from list
602 if ($a_role == ANONYMOUS_ROLE_ID)
603 {
604 $ilLog->write(__METHOD__.': Anonymous role chosen.');
605 $checked_roles[$a_role] = false;
606 return false;
607 }
608 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
609 if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
610 {
611 $ilLog->write(__METHOD__.': System role assignment forbidden.');
612 $checked_roles[$a_role] = false;
613 return false;
614 }
615
616 // Global role assignment ok
617 $ilLog->write(__METHOD__.': Assignment allowed.');
618 $checked_roles[$a_role] = true;
619 return true;
620 }
621 elseif($location)
622 {
623 $ilLog->write(__METHOD__.': Check local role.');
624
625 // It's a local role
626 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
627 $rolf = $rolfs[0];
628
629
630 // only process role folders that are not set to status "deleted"
631 // and for which the user has write permissions.
632 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
633 // (The ROLE_FOLDER_ID folder contains the global roles).
634 if($rbacreview->isDeleted($rolf)
635 || !$rbacsystem->checkAccess('edit_permission',$rolf))
636 {
637 $ilLog->write(__METHOD__.': Role deleted or no permission.');
638 $checked_roles[$a_role] = false;
639 return false;
640 }
641 // A local role is only displayed, if it is contained in the subtree of
642 // the localy administrated category. If the import function has been
643 // invoked from the user folder object, we show all local roles, because
644 // the user folder object is considered the parent of all local roles.
645 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
646 // isInSubtree variable with true. In all other cases it is initialized
647 // with false, and only set to true if we find the object id of the
648 // locally administrated category in the tree path to the local role.
649 if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
650 {
651 $ilLog->write(__METHOD__.': Not in path of category.');
652 $checked_roles[$a_role] = false;
653 return false;
654 }
655 $ilLog->write(__METHOD__.': Assignment allowed.');
656 $checked_roles[$a_role] = true;
657 return true;
658 }
659 }
660
661
665 function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
666 {
667 $this->initAuth($sid);
668 $this->initIlias();
669
670 if(!$this->__checkSession($sid))
671 {
672 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
673 }
674
675 global $ilDB, $tree, $rbacreview, $rbacsystem;
676
677 if ($ref_id == -1)
678 $ref_id = USER_FOLDER_ID;
679
680 $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
681 if ($this->isFault($object))
682 return $object;
683
684 $data = array();
685 switch ($object->getType()) {
686 case "usrf":
687 $data = ilObjUser::_getUsersForFolder(USER_FOLDER_ID, $active);
688 break;
689 case "cat":
690 $data = ilObjUser::_getUsersForFolder($ref_id, $active);
691 break;
692 case "crs":
693 {
694 // GET ALL MEMBERS
695 $roles = $object->__getLocalRoles();
696
697 foreach($roles as $role_id)
698 {
699 $data = array_merge($rbacreview->assignedUsers($role_id),$data);
700 }
701
702 break;
703 }
704 case "grp":
705 $member_ids = $object->getGroupMemberIds();
706 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
707 break;
708 case "sess":
709 $course_ref_id = $tree->checkForParentType($ref_id,'crs');
710 if(!$course_ref_id)
711 {
712 return $this->__raiseError("No course for session", "Client");
713 }
714
715 $event_obj_id = ilObject::_lookupObjId($ref_id);
716 include_once 'Modules/Session/classes/class.ilEventParticipants.php';
717 $event_part = new ilEventParticipants($event_obj_id);
718 $member_ids = array_keys($event_part->getParticipants());
719 $data = ilObjUser::_getUsersForIds($member_ids, $active);
720 break;
721 }
722
723 if (is_array($data))
724 {
725 include_once './Services/User/classes/class.ilUserXMLWriter.php';
726
727 $xmlWriter = new ilUserXMLWriter();
728 $xmlWriter->setObjects($data);
729 $xmlWriter->setAttachRoles ($attachRoles);
730
731 if($xmlWriter->start())
732 {
733 return $xmlWriter->getXML();
734 }
735 }
736 return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
737 }
738
739
743 function getUserForRole($sid, $role_id, $attachRoles, $active)
744 {
745 $this->initAuth($sid);
746 $this->initIlias();
747
748 if(!$this->__checkSession($sid))
749 {
750 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
751 }
752
753 include_once './Services/AccessControl/classes/class.ilObjRole.php';
754 global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
755
756
757 $global_roles = $rbacreview->getGlobalRoles();
758
759
760 if (in_array($role_id, $global_roles))
761 {
762 if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
763 )
764 {
765 return $this->__raiseError("Role access not permitted. ($role_id)","Server");
766 }
767 }
768 else
769 {
770 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
771 if ($rbacreview->isDeleted($rolf[0])
772 || ! $rbacsystem->checkAccess('write',$rolf[0]))
773 {
774 return $this->__raiseError("Role access not permitted. ($role_id)","Server");
775 }
776 include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
777 $privacy = ilPrivacySettings::_getInstance();
778 if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
779 !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
780 return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
781 }
782
783
784 }
785
786 $data = ilObjUser::_getUsersForRole($role_id, $active);
787 include_once './Services/User/classes/class.ilUserXMLWriter.php';
788
789 $xmlWriter = new ilUserXMLWriter();
790 $xmlWriter->setAttachRoles($attachRoles);
791
792 $xmlWriter->setObjects($data);
793
794 if($xmlWriter->start())
795 {
796 return $xmlWriter->getXML();
797 }
798 return $this->__raiseError('Error in getUsersForRole','Server');
799 }
800
801
802
807 function __getImportProtocolAsXML ($a_array)
808 {
809 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
810 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
811
812 $xmlResultSet = new ilXMLResultSet ();
813 $xmlResultSet->addColumn ("userid");
814 $xmlResultSet->addColumn ("login");
815 $xmlResultSet->addColumn ("action");
816 $xmlResultSet->addColumn ("message");
817
818 foreach ($a_array as $username => $messages)
819 {
820 foreach ($messages as $message)
821 {
822
823 $xmlRow = new ilXMLResultSetRow ();
824 $xmlRow->setValue (0, 0);
825 $xmlRow->setValue (1, $username);
826 $xmlRow->setValue (2, "");
827 $xmlRow->setValue (3, $message);
828
829 $xmlResultSet->addRow ($xmlRow);
830 }
831 }
832
833 $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
834
835 if ($xml_writer->start ())
836 return $xml_writer->getXML();
837
838 return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
839 }
840
847 function __getUserMappingAsXML ($a_array)
848 {
849 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
850 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
851
852 $xmlResultSet = new ilXMLResultSet ();
853 $xmlResultSet->addColumn ("userid");
854 $xmlResultSet->addColumn ("login");
855 $xmlResultSet->addColumn ("action");
856 $xmlResultSet->addColumn ("message");
857
858 if (count($a_array))
859 foreach ($a_array as $username => $message)
860 {
861 $xmlRow = new ilXMLResultSetRow ();
862 $xmlRow->setValue (0, $username);
863 $xmlRow->setValue (1, $message["login"]);
864 $xmlRow->setValue (2, $message["action"]);
865 $xmlRow->setValue (3, $message["message"]);
866
867 $xmlResultSet->addRow ($xmlRow);
868 }
869
870 $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
871
872 if ($xml_writer->start ())
873 return $xml_writer->getXML();
874
875 return $this->__raiseError('Error in __getUserMappingAsXML','Server');
876
877 }
878
887 function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
888
889 $this->initAuth($sid);
890 $this->initIlias();
891
892 if(!$this->__checkSession($sid))
893 {
894 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
895 }
896
897 global $ilDB, $rbacsystem;
898
899 if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
900 {
901 return $this->__raiseError('Check access failed.','Server');
902 }
903
904
905 if (!count($a_keyfields))
906 $this->__raiseError('At least one keyfield is needed','Client');
907
908 if (!count ($a_keyvalues))
909 $this->__raiseError('At least one keyvalue is needed','Client');
910
911 if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
912 $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
913
914
915 $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
916
917 $query = "SELECT usr_data.*, usr_pref.value AS language
918 FROM usr_data
919 LEFT JOIN usr_pref
920 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = ".
921 $ilDB->quote("language", "text").
922 "'language'
923 WHERE 1 = 1 ".$query;
924
925 if (is_numeric($active) && $active > -1)
926 $query .= " AND active = ". $ilDB->quote($active);
927
928 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
929
930 //echo $query;
931
932 $r = $ilDB->query($query);
933
934 $data = array();
935
936 while($row = $ilDB->fetchAssoc($r))
937 {
938 $data[] = $row;
939 }
940
941 include_once './Services/User/classes/class.ilUserXMLWriter.php';
942
943 $xmlWriter = new ilUserXMLWriter();
944 $xmlWriter->setAttachRoles($attach_roles);
945
946 $xmlWriter->setObjects($data);
947
948 if($xmlWriter->start())
949 {
950 return $xmlWriter->getXML();
951 }
952 return $this->__raiseError('Error in searchUser','Server');
953 }
954
963 function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
964 global $ilDB;
965 $query = array();
966
967 $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
968
969 foreach ($a_keyfields as $keyfield)
970 {
971 $keyfield = strtolower($keyfield);
972
973 if (!in_array($keyfield, $allowed_fields))
974 continue;
975
976 $field_query = array ();
977 foreach ($a_keyvalues as $keyvalue)
978 {
979 if (strlen($keyvalue) >= 3) {
980 $field_query []= $keyfield." like '%".$keyvalue."%'";
981 }
982
983 }
984 if (count($field_query))
985 $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
986
987 }
988
989 return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
990 }
991
992
1000 function getUserXML($sid, $a_user_ids, $attach_roles)
1001 {
1002 $this->initAuth($sid);
1003 $this->initIlias();
1004
1005 if(!$this->__checkSession($sid))
1006 {
1007 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1008 }
1009
1010 global $rbacsystem, $ilUser, $ilDB;
1011
1012 // check if own account
1013 $is_self = false;
1014 if(is_array($a_user_ids) and count($a_user_ids) == 1)
1015 {
1016 if(end($a_user_ids) == $ilUser->getId())
1017 {
1018 $is_self = true;
1019 }
1020 }
1021 elseif(is_numeric($a_user_ids))
1022 {
1023 if($a_user_ids == $ilUser->getId())
1024 {
1025 $is_self = true;
1026 }
1027 }
1028
1029 if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID) and !$is_self)
1030 {
1031 return $this->__raiseError('Check access failed.','Server');
1032 }
1033
1034 // begin-patch filemanager
1035 $data = ilObjUser::_getUserData((array) $a_user_ids);
1036 // end-patch filemanager
1037
1038 include_once './Services/User/classes/class.ilUserXMLWriter.php';
1039 $xmlWriter = new ilUserXMLWriter();
1040 $xmlWriter->setAttachRoles($attach_roles);
1041 $xmlWriter->setObjects($data);
1042
1043 if($xmlWriter->start())
1044 {
1045 return $xmlWriter->getXML();
1046 }
1047
1048 return $this->__raiseError('User does not exist','Client');
1049 }
1050
1051
1052 // has new mail
1053 function hasNewMail($sid)
1054 {
1055 $this->initAuth($sid);
1056 $this->initIlias();
1057
1058 if(!$this->__checkSession($sid))
1059 {
1060 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1061 }
1062
1063 global $ilUser;
1064
1065 include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
1066 if(ilMailGlobalServices::getNumberOfNewMailsByUserId($ilUser->getId()) > 0)
1067 {
1068 return true;
1069 }
1070 else
1071 {
1072 return false;
1073 }
1074 }
1075
1076 public function getUserIdBySid($sid)
1077 {
1078 $this->initAuth($sid);
1079 $this->initIlias();
1080
1081 if(!$this->__checkSession($sid))
1082 {
1083 return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1084 }
1085
1086 global $ilDB;
1087
1088 $parts = explode('::', $sid);
1089 $query = "SELECT usr_id FROM usr_session "
1090 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1091 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1092 $data = $ilDB->fetchAssoc($res);
1093
1094 if(!(int)$data['usr_id'])
1095 {
1096 $this->__raiseError('User does not exist', 'Client');
1097 }
1098
1099 return (int)$data['usr_id'];
1100 }
1101
1102}
1103?>
$_COOKIE
$_COOKIE['ilClientId']
Definition: BPMN2Parser.php:15
$error
$error
Definition: Error.php:17
$location
$location
Definition: buildRTE.php:44
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
USER_FOLDER_ID
const USER_FOLDER_ID
Class ilObjUserFolder.
Definition: class.ilObjUserFolder.php:16
IL_FAIL_ON_CONFLICT
const IL_FAIL_ON_CONFLICT
Definition: class.ilUserImportParser.php:28
IL_USER_MAPPING_ID
const IL_USER_MAPPING_ID
Definition: class.ilUserImportParser.php:37
IL_IMPORT_FAILURE
const IL_IMPORT_FAILURE
Definition: class.ilUserImportParser.php:34
IL_UPDATE_ON_CONFLICT
const IL_UPDATE_ON_CONFLICT
Definition: class.ilUserImportParser.php:29
IL_EXTRACT_ROLES
const IL_EXTRACT_ROLES
Definition: class.ilUserImportParser.php:24
IL_IMPORT_SUCCESS
const IL_IMPORT_SUCCESS
Definition: class.ilUserImportParser.php:32
IL_USER_IMPORT
const IL_USER_IMPORT
Definition: class.ilUserImportParser.php:25
IL_VERIFY
const IL_VERIFY
Definition: class.ilUserImportParser.php:26
IL_IGNORE_ON_CONFLICT
const IL_IGNORE_ON_CONFLICT
Definition: class.ilUserImportParser.php:30
IL_IMPORT_WARNING
const IL_IMPORT_WARNING
Definition: class.ilUserImportParser.php:33
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:12
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:42
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilMailGlobalServices\getNumberOfNewMailsByUserId
static getNumberOfNewMailsByUserId($usr_id)
Determines the number of new mails for the passed user id and stores this information in a local cach...
Definition: class.ilMailGlobalServices.php:97
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:142
ilObjUser\_getUsersForIds
static _getUsersForIds($a_mem_ids, $active=-1, $timelimitowner=-1)
return user data for given user id
Definition: class.ilObjUser.php:4531
ilObjUser\_getUsersForRole
static _getUsersForRole($role_id, $active=-1)
return array of complete users which belong to a specific role
Definition: class.ilObjUser.php:4434
ilObjUser\_getUserData
static _getUserData($a_internalids)
return user data for given user ids
Definition: class.ilObjUser.php:4578
ilObjUser\getUserIdByLogin
static getUserIdByLogin($a_login)
Definition: class.ilObjUser.php:2556
ilObjUser\_getUsersForFolder
static _getUsersForFolder($ref_id, $active)
Definition: class.ilObjUser.php:4477
ilObjUser\_getUsersForGroup
static _getUsersForGroup($a_mem_ids, $active=-1)
return user data for group members
Definition: class.ilObjUser.php:4520
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:142
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1021
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
ilPrivacySettings\_getInstance
static _getInstance()
Get instance of ilPrivacySettings.
Definition: class.ilPrivacySettings.php:77
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:40
ilSession\setClosingContext
static setClosingContext($a_context)
set closing context (for statistics)
Definition: class.ilSession.php:433
ilSoapAdministration\initAuth
initAuth($sid)
Init authentication.
Definition: class.ilSoapAdministration.php:180
ilSoapAdministration\__initAuthenticationObject
__initAuthenticationObject($a_auth_mode=AUTH_LOCAL)
Definition: class.ilSoapAdministration.php:206
ilSoapAdministration\__raiseError
__raiseError($a_message, $a_code)
Definition: class.ilSoapAdministration.php:213
ilSoapAdministration\checkObjectAccess
checkObjectAccess($ref_id, $expected_type, $permission, $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
Definition: class.ilSoapAdministration.php:346
ilSoapUserAdministration\importUsers
importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
define ("IL_FAIL_ON_CONFLICT", 1); define ("IL_UPDATE_ON_CONFLICT", 2); define ("IL_IGNORE_ON_CONFLIC...
Definition: class.ilSoapUserAdministration.php:364
ilSoapUserAdministration\getUserForRole
getUserForRole($sid, $role_id, $attachRoles, $active)
Definition: class.ilSoapUserAdministration.php:743
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer($sid, $ref_id, $attachRoles, $active)
return list of users following dtd users_3_7
Definition: class.ilSoapUserAdministration.php:665
ilSoapUserAdministration\loginLDAP
loginLDAP($client, $username, $password)
Not required anymode.
Definition: class.ilSoapUserAdministration.php:137
ilSoapUserAdministration\__getImportProtocolAsXML
__getImportProtocolAsXML($a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:807
ilSoapUserAdministration\logout
logout($sid)
Logout user destroy session.
Definition: class.ilSoapUserAdministration.php:194
ilSoapUserAdministration\__buildSearchQuery
__buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:963
ilSoapUserAdministration\searchUser
searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:887
ilSoapUserAdministration\loginStudipUser
loginStudipUser($sid, $user_id)
login as user from Stud.IP
Definition: class.ilSoapUserAdministration.php:149
ilSoapUserAdministration\isPermittedRole
isPermittedRole($a_folder, $a_role)
check if assignment is allowed
Definition: class.ilSoapUserAdministration.php:567
ilSoapUserAdministration\__getUserMappingAsXML
__getUserMappingAsXML($a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:847
ilSoapUserAdministration\getUserXML
getUserXML($sid, $a_user_ids, $attach_roles)
return user xmls for given user ids (csv separated ids) as xml based on usr dtd.
Definition: class.ilSoapUserAdministration.php:1000
ilUserXMLWriter
XML writer class.
Definition: class.ilUserXMLWriter.php:21
ilUtil\__extractId
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:4656
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:14
$client
$client
Definition: dummy_client.php:38
$r
$r
Definition: example_031.php:79
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:130
$log
$log
Definition: inc.setup_header.php:129
domxml_open_mem
domxml_open_mem($str, $mode=0, &$error=NULL)
Definition: inc.xml5compliance.php:43
$messages
$messages
Definition: en-x-test.php:7
$lng
global $lng
Definition: privfeed.php:17
$ref_id
$ref_id
Definition: sahs_server.php:39
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilIliasIniFile
$ilIliasIniFile
Definition: imagemanager.php:34
$ilUser
$ilUser
Definition: imgupload.php:18