ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2  /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22  */
23 
24 
33 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34 
35 class ilSoapUserAdministration extends ilSoapAdministration
36 {
37 
46  public function login($client,$username,$password)
47  {
51  global $ilUser;
52 
53  unset($_COOKIE['PHPSESSID']);
54  $_COOKIE['ilClientId'] = $client;
55 
56  try
57  {
58  $this->initIlias();
59  }
60  catch(Exception $e)
61  {
62  return $this->__raiseError($e->getMessage(), 'Server');
63  }
64 
65  // now try authentication
66  include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
67  $credentials = new ilAuthFrontendCredentials();
68  $credentials->setUsername($username);
69  $credentials->setPassword($password);
70 
71  include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
72  $provider_factory = new ilAuthProviderFactory();
73  $providers = $provider_factory->getProviders($credentials);
74 
75  include_once './Services/Authentication/classes/class.ilAuthStatus.php';
76  $status = ilAuthStatus::getInstance();
77 
78  include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
79  $frontend_factory = new ilAuthFrontendFactory();
80  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_CLI);
81  $frontend = $frontend_factory->getFrontend(
82  $GLOBALS['DIC']['ilAuthSession'],
83  $status,
84  $credentials,
85  $providers
86  );
87 
88  $frontend->authenticate();
89 
90  switch($status->getStatus())
91  {
92  case ilAuthStatus::STATUS_AUTHENTICATED:
93  ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
94  return $GLOBALS['DIC']['ilAuthSession']->getId().'::'.$client;
95 
96 
97  default:
98  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
99  return $this->__raiseError(
100  $status->getReason(),
101  'Server'
102  );
103  }
104  return true;
105  }
106 
107  // Service methods
108  function loginCAS($client, $PT, $username)
109  {
110  $this->__initAuthenticationObject(AUTH_CAS);
111  $this->sauth->setClient($client);
112  $this->sauth->setUsername($username);
113  $this->sauth->setPT($PT);
114  $authenticated = true;
115  //include_once("./Services/CAS/classes/class.ilCASAuth.php");
116  //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
117  if(!$this->sauth->authenticate())
118  {
119  $authenticated = false;
120  }
121  if(!$authenticated)
122  {
123  return $this->__raiseError($this->sauth->getMessage(),$this->sauth->getMessageCode());
124  }
125  return $this->sauth->getSid().'::'.$client;
126  }
127 
128  // Service methods
137  public function loginLDAP($client, $username, $password)
138  {
139  return $this->login($client, $username, $password);
140  }
141 
149  public function loginStudipUser($sid, $user_id)
150  {
151  global $rbacreview, $ilUser, $ilIliasIniFile;
152 
153  $this->initAuth($sid);
154  $this->initIlias();
155  list($admin_sid,$client) = $this->__explodeSid($sid);
156 
157  if(!$this->__checkSession($sid))
158  {
159  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
160  }
161 
162  if (!$ilIliasIniFile->readVariable('server', 'studip'))
163  {
164  return $this->__raiseError('Stud.IP mode not active.','Server');
165  }
166 
167  if(!$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID))
168  {
169  return $this->__raiseError('No permission to initialize user session.','Server');
170  }
171 
172  if($ilUser->getLoginByUserId($user_id))
173  {
174  // logout admin
175  include_once './Services/Authentication/classes/class.ilSession.php';
176  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
177  $GLOBALS['DIC']['ilAuthSession']->logout();
178  unset($_COOKIE['PHPSESSID']);
179 
180  // init session and set user as authenticated
181  $_COOKIE['ilClientId'] = $client;
182  $GLOBALS['DIC']['ilAuthSession']->init();
183  $GLOBALS['DIC']['ilAuthSession']->setAuthenticated(true, $user_id);
184  return (session_id().'::'.$client);
185  }
186  return $this->__raiseError('User does not exist','Client');
187  }
188 
194  public function logout($sid)
195  {
196  $this->initAuth($sid);
197  $this->initIlias();
198 
199  if(!$this->__checkSession($sid))
200  {
201  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
202  }
203 
204  include_once './Services/Authentication/classes/class.ilSession.php';
205  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
206  $GLOBALS['DIC']['ilAuthSession']->logout();
207  return true;
208  }
209 
210  function lookupUser($sid,$user_name)
211  {
212  $this->initAuth($sid);
213  $this->initIlias();
214 
215  if(!$this->__checkSession($sid))
216  {
217  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
218  }
219 
220  $user_name = trim($user_name);
221 
222  if(!strlen($user_name))
223  {
224  return $this->__raiseError('No username given. Aborting','Client');
225  }
226 
227  global $rbacsystem, $ilUser ;
228 
229  if(strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read',USER_FOLDER_ID))
230  {
231  return $this->__raiseError('Check access failed. '.USER_FOLDER_ID,'Server');
232  }
233 
234  $user_id = ilObjUser::getUserIdByLogin($user_name);
235 
236 
237  return $user_id ? $user_id : "0";
238 
239  }
240 
241  function getUser($sid,$user_id)
242  {
243  $this->initAuth($sid);
244  $this->initIlias();
245 
246  if(!$this->__checkSession($sid))
247  {
248  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
249  }
250 
251  global $rbacsystem, $ilUser;
252 
253  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID))
254  {
255  return $this->__raiseError('Check access failed.','Server');
256  }
257 
258  if($ilUser->getLoginByUserId($user_id))
259  {
260  $tmp_user =& ilObjectFactory::getInstanceByObjId($user_id);
261  $usr_data = $this->__readUserData($tmp_user);
262 
263  return $usr_data;
264  }
265  return $this->__raiseError('User does not exist','Client');
266  }
267 
268 
272  function deleteUser($sid,$user_id)
273  {
274  $this->initAuth($sid);
275  $this->initIlias();
276 
277  if(!$this->__checkSession($sid))
278  {
279  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
280  }
281 
282  if(!isset($user_id))
283  {
284  return $this->__raiseError('No user_id given. Aborting','Client');
285  }
286 
287  global $rbacsystem, $ilUser, $log;
288 
289  if(!$rbacsystem->checkAccess('delete',USER_FOLDER_ID))
290  {
291  return $this->__raiseError('Check access failed.','Server');
292  }
293 
294  if(!$ilUser->getLoginByUserId($user_id))
295  {
296  return $this->__raiseError('User id: '.$user_id.' is not a valid identifier. Aborting','Client');
297  }
298  if($ilUser->getId() == $user_id)
299  {
300  return $this->__raiseError('Cannot delete myself. Aborting','Client');
301  }
302  if($user_id == SYSTEM_USER_ID)
303  {
304  return $this->__raiseError('Cannot delete root account. Aborting','Client');
305  }
306  // Delete him
307  $log->write('SOAP: deleteUser()');
308  $delete_user =& ilObjectFactory::getInstanceByObjId($user_id,false);
309  $delete_user->delete();
310 
311  return true;
312  }
313 
314  function __readUserData(&$usr_obj)
315  {
316  $usr_data['usr_id'] = $usr_obj->getId();
317  $usr_data['login'] = $usr_obj->getLogin();
318  $usr_data['passwd'] = $usr_obj->getPasswd();
319  $usr_data['passwd_type'] = $usr_obj->getPasswdType();
320  $usr_data['firstname'] = $usr_obj->getFirstname();
321  $usr_data['lastname'] = $usr_obj->getLastname();
322  $usr_data['title'] = $usr_obj->getUTitle();
323  $usr_data['gender'] = $usr_obj->getGender();
324  $usr_data['email'] = $usr_obj->getEmail();
325  $usr_data['institution'] = $usr_obj->getInstitution();
326  $usr_data['street'] = $usr_obj->getStreet();
327  $usr_data['city'] = $usr_obj->getCity();
328  $usr_data['zipcode'] = $usr_obj->getZipcode();
329  $usr_data['country'] = $usr_obj->getCountry();
330  $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
331  $usr_data['last_login'] = $usr_obj->getLastLogin();
332  $usr_data['last_update'] = $usr_obj->getLastUpdate();
333  $usr_data['create_date'] = $usr_obj->getCreateDate();
334  $usr_data['hobby'] = $usr_obj->getHobby();
335  $usr_data['department'] = $usr_obj->getDepartment();
336  $usr_data['phone_home'] = $usr_obj->getPhoneHome();
337  $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
338  $usr_data['fax'] = $usr_obj->getFax();
339  $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
340  $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
341  $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
342  $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
343  $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
344  $usr_data['referral_comment'] = $usr_obj->getComment();
345  $usr_data['matriculation'] = $usr_obj->getMatriculation();
346  $usr_data['active'] = $usr_obj->getActive();
347  $usr_data['approve_date'] = $usr_obj->getApproveDate();
348  $usr_data['user_skin'] = $usr_obj->getPref('skin');
349  $usr_data['user_style'] = $usr_obj->getPref('style');
350  $usr_data['user_language'] = $usr_obj->getLanguage();
351  $usr_data['auth_mode'] = $usr_obj->getAuthMode();
352  $usr_data['accepted_agreement'] = !$usr_obj->hasToAcceptTermsOfService();
353  $usr_data['import_id'] = $usr_obj->getImportId();
354 
355  return $usr_data;
356  }
357 
364  function importUsers ($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
365  {
366  $this->initAuth($sid);
367  $this->initIlias();
368 
369  if(!$this->__checkSession($sid))
370  {
371  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
372  }
373 
374 
375  include_once './Services/User/classes/class.ilUserImportParser.php';
376  include_once './Services/AccessControl/classes/class.ilObjRole.php';
377  include_once './Services/Object/classes/class.ilObjectFactory.php';
378  global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog;
379 
380  // this takes time but is nescessary
381  $error = false;
382 
383 
384  // validate to prevent wrong XMLs
385  $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
386  if ($error)
387  {
388  $msg = array();
389  if (is_array($error))
390  {
391  foreach ($error as $err) {
392  $msg []= "(".$err["line"].",".$err["col"]."): ".$err["errormessage"];
393  }
394  }
395  else
396  {
397  $msg[] = $error;
398  }
399  $msg = join("\n",$msg);
400  return $this->__raiseError($msg, "Client");
401  }
402 
403 
404  switch ($conflict_rule)
405  {
406  case 2:
407  $conflict_rule = IL_UPDATE_ON_CONFLICT;
408  break;
409  case 3:
410  $conflict_rule = IL_IGNORE_ON_CONFLICT;
411  break;
412  default:
413  $conflict_rule = IL_FAIL_ON_CONFLICT;
414  }
415 
416 
417  // folder id 0, means to check permission on user basis!
418  // must have create user right in time_limit_owner property (which is ref_id of container)
419  if ($folder_id != 0)
420  {
421  // determine where to import
422  if ($folder_id == -1)
423  $folder_id = USER_FOLDER_ID;
424 
425  // get folder
426  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
427  // id does not exist
428  if (!$import_folder)
429  return $this->__raiseError('Wrong reference id.','Server');
430 
431  // folder is not a folder, can also be a category
432  if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat")
433  return $this->__raiseError('Folder must be a usr folder or a category.','Server');
434 
435  // check access to folder
436  if(!$rbacsystem->checkAccess('create_usr',$folder_id))
437  {
438  return $this->__raiseError('Missing permission for creating users within '.$import_folder->getTitle(),'Server');
439  }
440  }
441 
442  // first verify
443 
444 
445  $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
446  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
447  $importParser->setXMLContent($usr_xml);
448  $importParser->startParsing();
449 
450  switch ($importParser->getErrorLevel())
451  {
452  case IL_IMPORT_SUCCESS :
453  break;
454  case IL_IMPORT_WARNING :
455  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Warning"));
456  break;
457  case IL_IMPORT_FAILURE :
458  return $this->__getImportProtocolAsXML ($importParser->getProtocol("User Import Log - Failure"));
459  }
460 
461  // verify is ok, so get role assignments
462 
463  $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
464  $importParser->setXMLContent($usr_xml);
465  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
466  $importParser->startParsing();
467 
468  $roles = $importParser->getCollectedRoles();
469 
470  //print_r($roles);
471 
472 
473 
474  // roles to be assigned, skip if one is not allowed!
475  $permitted_roles = array();
476  foreach ($roles as $role_id => $role)
477  {
478  if (!is_numeric ($role_id))
479  {
480  // check if internal id
481  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
482 
483  if (is_numeric($internalId))
484  {
485  $role_id = $internalId;
486  $role_name = $role_id;
487  }
488 /* else // perhaps it is a rolename
489  {
490  $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
491  $role_name = $role->title;
492  $role_id = $role->role_id;
493  }*/
494  }
495 
496  if($this->isPermittedRole($folder_id,$role_id))
497  {
498  $permitted_roles[$role_id] = $role_id;
499  }
500  else
501  {
502  $role_name = ilObject::_lookupTitle($role_id);
503  return $this->__raiseError("Could not find role ".$role_name.". Either you use an invalid/deleted role ".
504  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",'Server');
505  }
506  }
507 
508  $global_roles = $rbacreview->getGlobalRoles();
509 
510  //print_r ($global_roles);
511 
512 
513 
514  foreach ($permitted_roles as $role_id => $role_name)
515  {
516  if ($role_id != "")
517  {
518  if (in_array($role_id, $global_roles))
519  {
520  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId()))
521  || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && ! ilObjRole::_getAssignUsersStatus($role_id))
522  )
523  {
524  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)",'Server');
525  }
526  }
527  else
528  {
529  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
530  if ($rbacreview->isDeleted($rolf[0])
531  || ! $rbacsystem->checkAccess('write',$rolf[0]))
532  {
533 
534  return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted")." $role_name ($role_id)","Server");
535  }
536  }
537  }
538  }
539 
540  //print_r ($permitted_roles);
541 
542  $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
543  $importParser->setSendMail($send_account_mail);
544  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
545  $importParser->setFolderId($folder_id);
546  $importParser->setXMLContent($usr_xml);
547 
548  $importParser->setRoleAssignment($permitted_roles);
549 
550  $importParser->startParsing();
551 
552  if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE)
553  {
554  return $this->__getUserMappingAsXML ($importParser->getUserMapping());
555  }
556  return $this->__getImportProtocolAsXML ($importParser->getProtocol());
557 
558  }
559 
567  protected function isPermittedRole($a_folder,$a_role)
568  {
569  static $checked_roles = array();
570  static $global_roles = null;
571 
572 
573  if(isset($checked_roles[$a_role]))
574  {
575  return $checked_roles[$a_role];
576  }
577 
578  global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
579 
580  $locations = $rbacreview->getFoldersAssignedToRole($a_role,true);
581  $location = $locations[0];
582 
583  // global role
584  if($location == ROLE_FOLDER_ID)
585  {
586  $ilLog->write(__METHOD__.': Check global role');
587  // check assignment permission if called from local admin
588 
589 
590  if($a_folder != USER_FOLDER_ID and $a_folder != 0)
591  {
592  $ilLog->write(__METHOD__.': '.$a_folder);
593  include_once './Services/AccessControl/classes/class.ilObjRole.php';
594  if(!ilObjRole::_getAssignUsersStatus($a_role))
595  {
596  $ilLog->write(__METHOD__.': No assignment allowed');
597  $checked_roles[$a_role] = false;
598  return false;
599  }
600  }
601  // exclude anonymous role from list
602  if ($a_role == ANONYMOUS_ROLE_ID)
603  {
604  $ilLog->write(__METHOD__.': Anonymous role chosen.');
605  $checked_roles[$a_role] = false;
606  return false;
607  }
608  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
609  if($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID,$rbacreview->assignedRoles($ilUser->getId())))
610  {
611  $ilLog->write(__METHOD__.': System role assignment forbidden.');
612  $checked_roles[$a_role] = false;
613  return false;
614  }
615 
616  // Global role assignment ok
617  $ilLog->write(__METHOD__.': Assignment allowed.');
618  $checked_roles[$a_role] = true;
619  return true;
620  }
621  elseif($location)
622  {
623  $ilLog->write(__METHOD__.': Check local role.');
624 
625  // It's a local role
626  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,true);
627  $rolf = $rolfs[0];
628 
629 
630  // only process role folders that are not set to status "deleted"
631  // and for which the user has write permissions.
632  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
633  // (The ROLE_FOLDER_ID folder contains the global roles).
634  if($rbacreview->isDeleted($rolf)
635  || !$rbacsystem->checkAccess('edit_permission',$rolf))
636  {
637  $ilLog->write(__METHOD__.': Role deleted or no permission.');
638  $checked_roles[$a_role] = false;
639  return false;
640  }
641  // A local role is only displayed, if it is contained in the subtree of
642  // the localy administrated category. If the import function has been
643  // invoked from the user folder object, we show all local roles, because
644  // the user folder object is considered the parent of all local roles.
645  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
646  // isInSubtree variable with true. In all other cases it is initialized
647  // with false, and only set to true if we find the object id of the
648  // locally administrated category in the tree path to the local role.
649  if($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder,$rolf))
650  {
651  $ilLog->write(__METHOD__.': Not in path of category.');
652  $checked_roles[$a_role] = false;
653  return false;
654  }
655  $ilLog->write(__METHOD__.': Assignment allowed.');
656  $checked_roles[$a_role] = true;
657  return true;
658  }
659  }
660 
661 
665  function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
666  {
667  $this->initAuth($sid);
668  $this->initIlias();
669 
670  if(!$this->__checkSession($sid))
671  {
672  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
673  }
674 
675  global $ilDB, $tree, $rbacreview, $rbacsystem;
676 
677  if ($ref_id == -1)
678  $ref_id = USER_FOLDER_ID;
679 
680  $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
681  if ($this->isFault($object))
682  return $object;
683 
684  $data = array();
685  switch ($object->getType()) {
686  case "usrf":
687  $data = ilObjUser::_getUsersForFolder(USER_FOLDER_ID, $active);
688  break;
689  case "cat":
690  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
691  break;
692  case "crs":
693  {
694  // GET ALL MEMBERS
695  $roles = $object->__getLocalRoles();
696 
697  foreach($roles as $role_id)
698  {
699  $data = array_merge($rbacreview->assignedUsers($role_id),$data);
700  }
701 
702  break;
703  }
704  case "grp":
705  $member_ids = $object->getGroupMemberIds();
706  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
707  break;
708  case "sess":
709  $course_ref_id = $tree->checkForParentType($ref_id,'crs');
710  if(!$course_ref_id)
711  {
712  return $this->__raiseError("No course for session", "Client");
713  }
714 
715  $event_obj_id = ilObject::_lookupObjId($ref_id);
716  include_once 'Modules/Session/classes/class.ilEventParticipants.php';
717  $event_part = new ilEventParticipants($event_obj_id);
718  $member_ids = array_keys($event_part->getParticipants());
719  $data = ilObjUser::_getUsersForIds($member_ids, $active);
720  break;
721  }
722 
723  if (is_array($data))
724  {
725  include_once './Services/User/classes/class.ilUserXMLWriter.php';
726 
727  $xmlWriter = new ilUserXMLWriter();
728  $xmlWriter->setObjects($data);
729  $xmlWriter->setAttachRoles ($attachRoles);
730 
731  if($xmlWriter->start())
732  {
733  return $xmlWriter->getXML();
734  }
735  }
736  return $this->__raiseError('Error in processing information. This is likely a bug.','Server');
737  }
738 
739 
743  function getUserForRole($sid, $role_id, $attachRoles, $active)
744  {
745  $this->initAuth($sid);
746  $this->initIlias();
747 
748  if(!$this->__checkSession($sid))
749  {
750  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
751  }
752 
753  include_once './Services/AccessControl/classes/class.ilObjRole.php';
754  global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
755 
756 
757  $global_roles = $rbacreview->getGlobalRoles();
758 
759 
760  if (in_array($role_id, $global_roles))
761  {
762  if ($role_id == SYSTEM_ROLE_ID && ! in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
763  )
764  {
765  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
766  }
767  }
768  else
769  {
770  $rolf = $rbacreview->getFoldersAssignedToRole($role_id,true);
771  if ($rbacreview->isDeleted($rolf[0])
772  || ! $rbacsystem->checkAccess('write',$rolf[0]))
773  {
774  return $this->__raiseError("Role access not permitted. ($role_id)","Server");
775  }
776  include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
777  $privacy = ilPrivacySettings::_getInstance();
778  if(!$rbacsystem->checkAccess('read',SYSTEM_USER_ID) and
779  !$rbacsystem->checkAccess('export_member_data',$privacy->getPrivacySettingsRefId())) {
780  return $this->__raiseError("Export of local role members not permitted. ($role_id)","Server");
781  }
782 
783 
784  }
785 
786  $data = ilObjUser::_getUsersForRole($role_id, $active);
787  include_once './Services/User/classes/class.ilUserXMLWriter.php';
788 
789  $xmlWriter = new ilUserXMLWriter();
790  $xmlWriter->setAttachRoles($attachRoles);
791 
792  $xmlWriter->setObjects($data);
793 
794  if($xmlWriter->start())
795  {
796  return $xmlWriter->getXML();
797  }
798  return $this->__raiseError('Error in getUsersForRole','Server');
799  }
800 
801 
802 
807  function __getImportProtocolAsXML ($a_array)
808  {
809  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
810  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
811 
812  $xmlResultSet = new ilXMLResultSet ();
813  $xmlResultSet->addColumn ("userid");
814  $xmlResultSet->addColumn ("login");
815  $xmlResultSet->addColumn ("action");
816  $xmlResultSet->addColumn ("message");
817 
818  foreach ($a_array as $username => $messages)
819  {
820  foreach ($messages as $message)
821  {
822 
823  $xmlRow = new ilXMLResultSetRow ();
824  $xmlRow->setValue (0, 0);
825  $xmlRow->setValue (1, $username);
826  $xmlRow->setValue (2, "");
827  $xmlRow->setValue (3, $message);
828 
829  $xmlResultSet->addRow ($xmlRow);
830  }
831  }
832 
833  $xml_writer = new ilXMLResultSetWriter ($xmlResultSet);
834 
835  if ($xml_writer->start ())
836  return $xml_writer->getXML();
837 
838  return $this->__raiseError('Error in __getImportProtocolAsXML','Server');
839  }
840 
847  function __getUserMappingAsXML ($a_array)
848  {
849  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
850  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
851 
852  $xmlResultSet = new ilXMLResultSet ();
853  $xmlResultSet->addColumn ("userid");
854  $xmlResultSet->addColumn ("login");
855  $xmlResultSet->addColumn ("action");
856  $xmlResultSet->addColumn ("message");
857 
858  if (count($a_array))
859  foreach ($a_array as $username => $message)
860  {
861  $xmlRow = new ilXMLResultSetRow ();
862  $xmlRow->setValue (0, $username);
863  $xmlRow->setValue (1, $message["login"]);
864  $xmlRow->setValue (2, $message["action"]);
865  $xmlRow->setValue (3, $message["message"]);
866 
867  $xmlResultSet->addRow ($xmlRow);
868  }
869 
870  $xml_writer = new ilXMLResultSetWriter ( $xmlResultSet);
871 
872  if ($xml_writer->start ())
873  return $xml_writer->getXML();
874 
875  return $this->__raiseError('Error in __getUserMappingAsXML','Server');
876 
877  }
878 
887  function searchUser ($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active) {
888 
889  $this->initAuth($sid);
890  $this->initIlias();
891 
892  if(!$this->__checkSession($sid))
893  {
894  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
895  }
896 
897  global $ilDB, $rbacsystem;
898 
899  if(!$rbacsystem->checkAccess('read', USER_FOLDER_ID))
900  {
901  return $this->__raiseError('Check access failed.','Server');
902  }
903 
904 
905  if (!count($a_keyfields))
906  $this->__raiseError('At least one keyfield is needed','Client');
907 
908  if (!count ($a_keyvalues))
909  $this->__raiseError('At least one keyvalue is needed','Client');
910 
911  if (!strcasecmp($query_operator,"and")==0 || !strcasecmp($query_operator,"or") == 0)
912  $this->__raiseError('Query operator must be either \'and\' or \'or\'','Client');
913 
914 
915  $query = $this->__buildSearchQuery ($a_keyfields, $query_operator, $a_keyvalues);
916 
917  $query = "SELECT usr_data.*, usr_pref.value AS language
918  FROM usr_data
919  LEFT JOIN usr_pref
920  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = ".
921  $ilDB->quote("language", "text").
922  "'language'
923  WHERE 1 = 1 ".$query;
924 
925  if (is_numeric($active) && $active > -1)
926  $query .= " AND active = ". $ilDB->quote($active);
927 
928  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
929 
930  //echo $query;
931 
932  $r = $ilDB->query($query);
933 
934  $data = array();
935 
936  while($row = $ilDB->fetchAssoc($r))
937  {
938  $data[] = $row;
939  }
940 
941  include_once './Services/User/classes/class.ilUserXMLWriter.php';
942 
943  $xmlWriter = new ilUserXMLWriter();
944  $xmlWriter->setAttachRoles($attach_roles);
945 
946  $xmlWriter->setObjects($data);
947 
948  if($xmlWriter->start())
949  {
950  return $xmlWriter->getXML();
951  }
952  return $this->__raiseError('Error in searchUser','Server');
953  }
954 
963  function __buildSearchQuery ($a_keyfields, $queryOperator, $a_keyvalues) {
964  global $ilDB;
965  $query = array();
966 
967  $allowed_fields = array ("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
968 
969  foreach ($a_keyfields as $keyfield)
970  {
971  $keyfield = strtolower($keyfield);
972 
973  if (!in_array($keyfield, $allowed_fields))
974  continue;
975 
976  $field_query = array ();
977  foreach ($a_keyvalues as $keyvalue)
978  {
979  if (strlen($keyvalue) >= 3) {
980  $field_query []= $keyfield." like '%".$keyvalue."%'";
981  }
982 
983  }
984  if (count($field_query))
985  $query [] = join(" ".strtoupper($queryOperator)." ", $field_query);
986 
987  }
988 
989  return count ($query) ? " AND ((". join(") OR (", $query) ."))" : "AND 0";
990  }
991 
992 
1000  function getUserXML($sid, $a_user_ids, $attach_roles)
1001  {
1002  $this->initAuth($sid);
1003  $this->initIlias();
1004 
1005  if(!$this->__checkSession($sid))
1006  {
1007  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1008  }
1009 
1010  global $rbacsystem, $ilUser, $ilDB;
1011 
1012  // check if own account
1013  $is_self = false;
1014  if(is_array($a_user_ids) and count($a_user_ids) == 1)
1015  {
1016  if(end($a_user_ids) == $ilUser->getId())
1017  {
1018  $is_self = true;
1019  }
1020  }
1021  elseif(is_numeric($a_user_ids))
1022  {
1023  if($a_user_ids == $ilUser->getId())
1024  {
1025  $is_self = true;
1026  }
1027  }
1028 
1029  if(!$rbacsystem->checkAccess('read',USER_FOLDER_ID) and !$is_self)
1030  {
1031  return $this->__raiseError('Check access failed.','Server');
1032  }
1033 
1034  // begin-patch filemanager
1035  $data = ilObjUser::_getUserData((array) $a_user_ids);
1036  // end-patch filemanager
1037 
1038  include_once './Services/User/classes/class.ilUserXMLWriter.php';
1039  $xmlWriter = new ilUserXMLWriter();
1040  $xmlWriter->setAttachRoles($attach_roles);
1041  $xmlWriter->setObjects($data);
1042 
1043  if($xmlWriter->start())
1044  {
1045  return $xmlWriter->getXML();
1046  }
1047 
1048  return $this->__raiseError('User does not exist','Client');
1049  }
1050 
1051 
1052  // has new mail
1053  function hasNewMail($sid)
1054  {
1055  $this->initAuth($sid);
1056  $this->initIlias();
1057 
1058  if(!$this->__checkSession($sid))
1059  {
1060  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1061  }
1062 
1063  global $ilUser;
1064 
1065  include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
1066  if(ilMailGlobalServices::getNumberOfNewMailsByUserId($ilUser->getId()) > 0)
1067  {
1068  return true;
1069  }
1070  else
1071  {
1072  return false;
1073  }
1074  }
1075 
1076  public function getUserIdBySid($sid)
1077  {
1078  $this->initAuth($sid);
1079  $this->initIlias();
1080 
1081  if(!$this->__checkSession($sid))
1082  {
1083  return $this->__raiseError($this->__getMessage(),$this->__getMessageCode());
1084  }
1085 
1086  global $ilDB;
1087 
1088  $parts = explode('::', $sid);
1089  $query = "SELECT usr_id FROM usr_session "
1090  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1091  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1092  $data = $ilDB->fetchAssoc($res);
1093 
1094  if(!(int)$data['usr_id'])
1095  {
1096  $this->__raiseError('User does not exist', 'Client');
1097  }
1098 
1099  return (int)$data['usr_id'];
1100  }
1101 
1102 }
1103 ?>
ilObjUser\getUserIdByLogin
static getUserIdByLogin($a_login)
Definition: class.ilObjUser.php:2556
$error
$error
Definition: Error.php:17
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:13
ilSoapUserAdministration\__buildSearchQuery
__buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:963
ilSoapAdministration\checkObjectAccess
checkObjectAccess($ref_id, $expected_type, $permission, $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true ...
Definition: class.ilSoapAdministration.php:346
ilSoapUserAdministration\searchUser
searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:887
$location
$location
Definition: buildRTE.php:44
IL_USER_IMPORT
const IL_USER_IMPORT
Definition: class.ilUserImportParser.php:25
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:19
IL_IMPORT_FAILURE
const IL_IMPORT_FAILURE
Definition: class.ilUserImportParser.php:34
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:11
AUTH_CAS
const AUTH_CAS
Definition: class.ilAuthUtils.php:12
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
IL_EXTRACT_ROLES
const IL_EXTRACT_ROLES
Definition: class.ilUserImportParser.php:24
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
IL_FAIL_ON_CONFLICT
const IL_FAIL_ON_CONFLICT
Definition: class.ilUserImportParser.php:28
ilSoapAdministration\__initAuthenticationObject
__initAuthenticationObject($a_auth_mode=AUTH_LOCAL)
Definition: class.ilSoapAdministration.php:206
IL_IMPORT_WARNING
const IL_IMPORT_WARNING
Definition: class.ilUserImportParser.php:33
ilSoapUserAdministration\getUserXML
getUserXML($sid, $a_user_ids, $attach_roles)
return user xmls for given user ids (csv separated ids) as xml based on usr dtd.
Definition: class.ilSoapUserAdministration.php:1000
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:142
ilSoapUserAdministration\isPermittedRole
isPermittedRole($a_folder, $a_role)
check if assignment is allowed
Definition: class.ilSoapUserAdministration.php:567
ilSoapUserAdministration\getUserForRole
getUserForRole($sid, $role_id, $attachRoles, $active)
Definition: class.ilSoapUserAdministration.php:743
$client
$client
Definition: dummy_client.php:38
IL_IMPORT_SUCCESS
const IL_IMPORT_SUCCESS
Definition: class.ilUserImportParser.php:32
$r
$r
Definition: example_031.php:79
ilSoapUserAdministration\__getImportProtocolAsXML
__getImportProtocolAsXML($a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:807
ilSoapUserAdministration\loginLDAP
loginLDAP($client, $username, $password)
Not required anymode.
Definition: class.ilSoapUserAdministration.php:137
ilSoapUserAdministration\loginStudipUser
loginStudipUser($sid, $user_id)
login as user from Stud.IP
Definition: class.ilSoapUserAdministration.php:149
IL_USER_MAPPING_ID
const IL_USER_MAPPING_ID
Definition: class.ilUserImportParser.php:37
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:40
ilUserXMLWriter
XML writer class.
Definition: class.ilUserXMLWriter.php:20
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1021
ilSoapAdministration\__raiseError
__raiseError($a_message, $a_code)
Definition: class.ilSoapAdministration.php:213
$ilUser
$ilUser
Definition: imgupload.php:18
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
$ilLog
$ilLog
Definition: inc.setup_header.php:130
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObjUser\_getUsersForFolder
static _getUsersForFolder($ref_id, $active)
get users for a category or from system folder
Definition: class.ilObjUser.php:4477
IL_VERIFY
const IL_VERIFY
Definition: class.ilUserImportParser.php:26
$messages
$messages
Definition: en-x-test.php:7
ilObjUser\_getUsersForGroup
static _getUsersForGroup($a_mem_ids, $active=-1)
return user data for group members
Definition: class.ilObjUser.php:4520
ilSoapUserAdministration\logout
logout($sid)
Logout user destroy session.
Definition: class.ilSoapUserAdministration.php:194
ilSession\setClosingContext
static setClosingContext($a_context)
set closing context (for statistics)
Definition: class.ilSession.php:433
$ref_id
$ref_id
Definition: sahs_server.php:39
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer($sid, $ref_id, $attachRoles, $active)
return list of users following dtd users_3_7
Definition: class.ilSoapUserAdministration.php:665
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:42
$lng
global $lng
Definition: privfeed.php:17
ilSoapAdministration\initAuth
initAuth($sid)
Init authentication.
Definition: class.ilSoapAdministration.php:180
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilSoapUserAdministration\importUsers
importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
define ("IL_FAIL_ON_CONFLICT", 1); define ("IL_UPDATE_ON_CONFLICT", 2); define ("IL_IGNORE_ON_CONFLIC...
Definition: class.ilSoapUserAdministration.php:364
$_COOKIE
$_COOKIE['ilClientId']
Definition: BPMN2Parser.php:15
ilObjUser\_getUsersForIds
static _getUsersForIds($a_mem_ids, $active=-1, $timelimitowner=-1)
return user data for given user id
Definition: class.ilObjUser.php:4531
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:142
USER_FOLDER_ID
const USER_FOLDER_ID
Class ilObjUserFolder.
Definition: class.ilObjUserFolder.php:16
ilMailGlobalServices\getNumberOfNewMailsByUserId
static getNumberOfNewMailsByUserId($usr_id)
Determines the number of new mails for the passed user id and stores this information in a local cach...
Definition: class.ilMailGlobalServices.php:97
$ilIliasIniFile
$ilIliasIniFile
Definition: imagemanager.php:34
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
domxml_open_mem
domxml_open_mem($str, $mode=0, &$error=NULL)
Definition: inc.xml5compliance.php:43
ilPrivacySettings\_getInstance
static _getInstance()
Get instance of ilPrivacySettings.
Definition: class.ilPrivacySettings.php:77
ilObjUser\_getUsersForRole
static _getUsersForRole($role_id, $active=-1)
return array of complete users which belong to a specific role
Definition: class.ilObjUser.php:4434
ilUtil\__extractId
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:4656
ilObjUser\_getUserData
static _getUserData($a_internalids)
return user data for given user ids
Definition: class.ilObjUser.php:4578
ilSoapUserAdministration\__getUserMappingAsXML
__getUserMappingAsXML($a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:847
IL_UPDATE_ON_CONFLICT
const IL_UPDATE_ON_CONFLICT
Definition: class.ilUserImportParser.php:29
$log
$log
Definition: inc.setup_header.php:129
IL_IGNORE_ON_CONFLICT
const IL_IGNORE_ON_CONFLICT
Definition: class.ilUserImportParser.php:30