ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1<?php
2 /*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22 */
23
24
33include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34
36{
37
46 public function login($client, $username, $password)
47 {
51 global $ilUser;
52
53 unset($_COOKIE['PHPSESSID']);
54 $_COOKIE['ilClientId'] = $client;
55
56 try {
57 $this->initIlias();
58 } catch (Exception $e) {
59 return $this->__raiseError($e->getMessage(), 'Server');
60 }
61
62 // now try authentication
63 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
64 $credentials = new ilAuthFrontendCredentials();
65 $credentials->setUsername($username);
66 $credentials->setPassword($password);
67
68 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
69 $provider_factory = new ilAuthProviderFactory();
70 $providers = $provider_factory->getProviders($credentials);
71
72 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
73 $status = ilAuthStatus::getInstance();
74
75 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
76 $frontend_factory = new ilAuthFrontendFactory();
77 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_CLI);
78 $frontend = $frontend_factory->getFrontend(
79 $GLOBALS['DIC']['ilAuthSession'],
80 $status,
81 $credentials,
82 $providers
83 );
84
85 $frontend->authenticate();
86
87 switch ($status->getStatus()) {
89 ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
90 return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
91
92
93 default:
95 return $this->__raiseError(
96 $status->getReason(),
97 'Server'
98 );
99 }
100 return true;
101 }
102
103 // Service methods
104 public function loginCAS($client, $PT, $username)
105 {
107 $this->sauth->setClient($client);
108 $this->sauth->setUsername($username);
109 $this->sauth->setPT($PT);
110 $authenticated = true;
111 //include_once("./Services/CAS/classes/class.ilCASAuth.php");
112 //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
113 if (!$this->sauth->authenticate()) {
114 $authenticated = false;
115 }
116 if (!$authenticated) {
117 return $this->__raiseError($this->sauth->getMessage(), $this->sauth->getMessageCode());
118 }
119 return $this->sauth->getSid() . '::' . $client;
120 }
121
122 // Service methods
131 public function loginLDAP($client, $username, $password)
132 {
133 return $this->login($client, $username, $password);
134 }
135
143 public function loginStudipUser($sid, $user_id)
144 {
145 global $rbacreview, $ilUser, $ilIliasIniFile;
146
147 $this->initAuth($sid);
148 $this->initIlias();
149 list($admin_sid, $client) = $this->__explodeSid($sid);
150
151 if (!$this->__checkSession($sid)) {
152 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
153 }
154
155 if (!$ilIliasIniFile->readVariable('server', 'studip')) {
156 return $this->__raiseError('Stud.IP mode not active.', 'Server');
157 }
158
159 if (!$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)) {
160 return $this->__raiseError('No permission to initialize user session.', 'Server');
161 }
162
163 if ($ilUser->getLoginByUserId($user_id)) {
164 // logout admin
165 include_once './Services/Authentication/classes/class.ilSession.php';
167 $GLOBALS['DIC']['ilAuthSession']->logout();
168 unset($_COOKIE['PHPSESSID']);
169
170 // init session and set user as authenticated
171 $_COOKIE['ilClientId'] = $client;
172 $GLOBALS['DIC']['ilAuthSession']->init();
173 $GLOBALS['DIC']['ilAuthSession']->setAuthenticated(true, $user_id);
174 return (session_id() . '::' . $client);
175 }
176 return $this->__raiseError('User does not exist', 'Client');
177 }
178
184 public function logout($sid)
185 {
186 $this->initAuth($sid);
187 $this->initIlias();
188
189 if (!$this->__checkSession($sid)) {
190 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
191 }
192
193 include_once './Services/Authentication/classes/class.ilSession.php';
195 $GLOBALS['DIC']['ilAuthSession']->logout();
196 return true;
197 }
198
199 public function lookupUser($sid, $user_name)
200 {
201 $this->initAuth($sid);
202 $this->initIlias();
203
204 if (!$this->__checkSession($sid)) {
205 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
206 }
207
208 $user_name = trim($user_name);
209
210 if (!strlen($user_name)) {
211 return $this->__raiseError('No username given. Aborting', 'Client');
212 }
213
214 global $rbacsystem, $ilUser ;
215
216 if (strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read', USER_FOLDER_ID)) {
217 return $this->__raiseError('Check access failed. ' . USER_FOLDER_ID, 'Server');
218 }
219
220 $user_id = ilObjUser::getUserIdByLogin($user_name);
221
222
223 return $user_id ? $user_id : "0";
224 }
225
226 public function getUser($sid, $user_id)
227 {
228 $this->initAuth($sid);
229 $this->initIlias();
230
231 if (!$this->__checkSession($sid)) {
232 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
233 }
234
235 global $rbacsystem, $ilUser;
236
237 if (!$rbacsystem->checkAccess('read', USER_FOLDER_ID)) {
238 return $this->__raiseError('Check access failed.', 'Server');
239 }
240
241 if ($ilUser->getLoginByUserId($user_id)) {
242 $tmp_user =&ilObjectFactory::getInstanceByObjId($user_id);
243 $usr_data = $this->__readUserData($tmp_user);
244
245 return $usr_data;
246 }
247 return $this->__raiseError('User does not exist', 'Client');
248 }
249
250
254 public function deleteUser($sid, $user_id)
255 {
256 $this->initAuth($sid);
257 $this->initIlias();
258
259 if (!$this->__checkSession($sid)) {
260 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
261 }
262
263 if (!isset($user_id)) {
264 return $this->__raiseError('No user_id given. Aborting', 'Client');
265 }
266
267 global $rbacsystem, $ilUser, $log;
268
269 if (!$rbacsystem->checkAccess('delete', USER_FOLDER_ID)) {
270 return $this->__raiseError('Check access failed.', 'Server');
271 }
272
273 if (!$ilUser->getLoginByUserId($user_id)) {
274 return $this->__raiseError('User id: ' . $user_id . ' is not a valid identifier. Aborting', 'Client');
275 }
276 if ($ilUser->getId() == $user_id) {
277 return $this->__raiseError('Cannot delete myself. Aborting', 'Client');
278 }
279 if ($user_id == SYSTEM_USER_ID) {
280 return $this->__raiseError('Cannot delete root account. Aborting', 'Client');
281 }
282 // Delete him
283 $log->write('SOAP: deleteUser()');
284 $delete_user =&ilObjectFactory::getInstanceByObjId($user_id, false);
285 $delete_user->delete();
286
287 return true;
288 }
289
290 public function __readUserData(\ilObjUser &$usr_obj)
291 {
292 $usr_data['usr_id'] = $usr_obj->getId();
293 $usr_data['login'] = $usr_obj->getLogin();
294 $usr_data['passwd'] = $usr_obj->getPasswd();
295 $usr_data['passwd_type'] = $usr_obj->getPasswdType();
296 $usr_data['firstname'] = $usr_obj->getFirstname();
297 $usr_data['lastname'] = $usr_obj->getLastname();
298 $usr_data['title'] = $usr_obj->getUTitle();
299 $usr_data['gender'] = $usr_obj->getGender();
300 $usr_data['email'] = $usr_obj->getEmail();
301 $usr_data['second_email'] = $usr_obj->getSecondEmail();
302 $usr_data['institution'] = $usr_obj->getInstitution();
303 $usr_data['street'] = $usr_obj->getStreet();
304 $usr_data['city'] = $usr_obj->getCity();
305 $usr_data['zipcode'] = $usr_obj->getZipcode();
306 $usr_data['country'] = $usr_obj->getCountry();
307 $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
308 $usr_data['last_login'] = $usr_obj->getLastLogin();
309 $usr_data['last_update'] = $usr_obj->getLastUpdate();
310 $usr_data['create_date'] = $usr_obj->getCreateDate();
311 $usr_data['hobby'] = $usr_obj->getHobby();
312 $usr_data['department'] = $usr_obj->getDepartment();
313 $usr_data['phone_home'] = $usr_obj->getPhoneHome();
314 $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
315 $usr_data['fax'] = $usr_obj->getFax();
316 $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
317 $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
318 $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
319 $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
320 $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
321 $usr_data['referral_comment'] = $usr_obj->getComment();
322 $usr_data['matriculation'] = $usr_obj->getMatriculation();
323 $usr_data['active'] = $usr_obj->getActive();
324 $usr_data['approve_date'] = $usr_obj->getApproveDate();
325 $usr_data['user_skin'] = $usr_obj->getPref('skin');
326 $usr_data['user_style'] = $usr_obj->getPref('style');
327 $usr_data['user_language'] = $usr_obj->getLanguage();
328 $usr_data['auth_mode'] = $usr_obj->getAuthMode();
329 $usr_data['accepted_agreement'] = !$usr_obj->hasToAcceptTermsOfService();
330 $usr_data['import_id'] = $usr_obj->getImportId();
331
332 return $usr_data;
333 }
334
341 public function importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
342 {
343 $this->initAuth($sid);
344 $this->initIlias();
345
346 if (!$this->__checkSession($sid)) {
347 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
348 }
349
350
351 include_once './Services/User/classes/class.ilUserImportParser.php';
352 include_once './Services/AccessControl/classes/class.ilObjRole.php';
353 include_once './Services/Object/classes/class.ilObjectFactory.php';
354 global $rbacreview, $rbacsystem, $tree, $lng,$ilUser,$ilLog,$ilAccess;
355
356 // this takes time but is nescessary
357 $error = false;
358
359
360 // validate to prevent wrong XMLs
361 $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
362 if ($error) {
363 $msg = array();
364 if (is_array($error)) {
365 foreach ($error as $err) {
366 $msg []= "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
367 }
368 } else {
369 $msg[] = $error;
370 }
371 $msg = join("\n", $msg);
372 return $this->__raiseError($msg, "Client");
373 }
374
375
376 switch ($conflict_rule) {
377 case 2:
378 $conflict_rule = IL_UPDATE_ON_CONFLICT;
379 break;
380 case 3:
381 $conflict_rule = IL_IGNORE_ON_CONFLICT;
382 break;
383 default:
384 $conflict_rule = IL_FAIL_ON_CONFLICT;
385 }
386 if ($folder_id == 0) {
387 if (!$ilAccess->checkAccess('create_usr', '', USER_FOLDER_ID)) {
388 return $this->__raiseError('Missing permission for creating/modifying users accounts' . USER_FOLDER_ID . ' ' . $ilUser->getId(), 'Server');
389 }
390 }
391
392 // folder id 0, means to check permission on user basis!
393 // must have create user right in time_limit_owner property (which is ref_id of container)
394 if ($folder_id != 0) {
395 // determine where to import
396 if ($folder_id == -1) {
397 $folder_id = USER_FOLDER_ID;
398 }
399
400 // get folder
401 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
402 // id does not exist
403 if (!$import_folder) {
404 return $this->__raiseError('Wrong reference id.', 'Server');
405 }
406
407 // folder is not a folder, can also be a category
408 if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat") {
409 return $this->__raiseError('Folder must be a usr folder or a category.', 'Server');
410 }
411
412 // check access to folder
413 if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
414 return $this->__raiseError('Missing permission for creating users within ' . $import_folder->getTitle(), 'Server');
415 }
416 }
417
418 // first verify
419 $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
420 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
421 $importParser->setXMLContent($usr_xml);
422 $importParser->startParsing();
423
424 switch ($importParser->getErrorLevel()) {
426 break;
428 return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Warning"));
429 break;
431 return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Failure"));
432 }
433
434 // verify is ok, so get role assignments
435
436 $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
437 $importParser->setXMLContent($usr_xml);
438 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
439 $importParser->startParsing();
440
441 $roles = $importParser->getCollectedRoles();
442
443 //print_r($roles);
444
445
446
447 // roles to be assigned, skip if one is not allowed!
448 $permitted_roles = array();
449 foreach ($roles as $role_id => $role) {
450 if (!is_numeric($role_id)) {
451 // check if internal id
452 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
453
454 if (is_numeric($internalId)) {
455 $role_id = $internalId;
456 $role_name = $role_id;
457 }
458 /* else // perhaps it is a rolename
459 {
460 $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
461 $role_name = $role->title;
462 $role_id = $role->role_id;
463 }*/
464 }
465
466 if ($this->isPermittedRole($folder_id, $role_id)) {
467 $permitted_roles[$role_id] = $role_id;
468 } else {
469 $role_name = ilObject::_lookupTitle($role_id);
470 return $this->__raiseError("Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
471 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.", 'Server');
472 }
473 }
474
475 $global_roles = $rbacreview->getGlobalRoles();
476
477 //print_r ($global_roles);
478
479
480
481 foreach ($permitted_roles as $role_id => $role_name) {
482 if ($role_id != "") {
483 if (in_array($role_id, $global_roles)) {
484 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
485 || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && !ilObjRole::_getAssignUsersStatus($role_id))
486 ) {
487 return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)", 'Server');
488 }
489 } else {
490 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
491 if ($rbacreview->isDeleted($rolf[0])
492 || !$rbacsystem->checkAccess('write', $rolf[0])) {
493 return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)", "Server");
494 }
495 }
496 }
497 }
498
499 //print_r ($permitted_roles);
500
501 $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
502 $importParser->setSendMail($send_account_mail);
503 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
504 $importParser->setFolderId($folder_id);
505 $importParser->setXMLContent($usr_xml);
506
507 $importParser->setRoleAssignment($permitted_roles);
508
509 $importParser->startParsing();
510
511 if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE) {
512 return $this->__getUserMappingAsXML($importParser->getUserMapping());
513 }
514 return $this->__getImportProtocolAsXML($importParser->getProtocol());
515 }
516
524 protected function isPermittedRole($a_folder, $a_role)
525 {
526 static $checked_roles = array();
527 static $global_roles = null;
528
529
530 if (isset($checked_roles[$a_role])) {
531 return $checked_roles[$a_role];
532 }
533
534 global $rbacsystem,$rbacreview,$ilUser,$tree,$ilLog;
535
536 $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
537 $location = $locations[0];
538
539 // global role
540 if ($location == ROLE_FOLDER_ID) {
541 $ilLog->write(__METHOD__ . ': Check global role');
542 // check assignment permission if called from local admin
543
544
545 if ($a_folder != USER_FOLDER_ID and $a_folder != 0) {
546 $ilLog->write(__METHOD__ . ': ' . $a_folder);
547 include_once './Services/AccessControl/classes/class.ilObjRole.php';
548 if (!ilObjRole::_getAssignUsersStatus($a_role)) {
549 $ilLog->write(__METHOD__ . ': No assignment allowed');
550 $checked_roles[$a_role] = false;
551 return false;
552 }
553 }
554 // exclude anonymous role from list
555 if ($a_role == ANONYMOUS_ROLE_ID) {
556 $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
557 $checked_roles[$a_role] = false;
558 return false;
559 }
560 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
561 if ($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))) {
562 $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
563 $checked_roles[$a_role] = false;
564 return false;
565 }
566
567 // Global role assignment ok
568 $ilLog->write(__METHOD__ . ': Assignment allowed.');
569 $checked_roles[$a_role] = true;
570 return true;
571 } elseif ($location) {
572 $ilLog->write(__METHOD__ . ': Check local role.');
573
574 // It's a local role
575 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
576 $rolf = $rolfs[0];
577
578
579 // only process role folders that are not set to status "deleted"
580 // and for which the user has write permissions.
581 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
582 // (The ROLE_FOLDER_ID folder contains the global roles).
583 if ($rbacreview->isDeleted($rolf)
584 || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
585 $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
586 $checked_roles[$a_role] = false;
587 return false;
588 }
589 // A local role is only displayed, if it is contained in the subtree of
590 // the localy administrated category. If the import function has been
591 // invoked from the user folder object, we show all local roles, because
592 // the user folder object is considered the parent of all local roles.
593 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
594 // isInSubtree variable with true. In all other cases it is initialized
595 // with false, and only set to true if we find the object id of the
596 // locally administrated category in the tree path to the local role.
597 if ($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder, $rolf)) {
598 $ilLog->write(__METHOD__ . ': Not in path of category.');
599 $checked_roles[$a_role] = false;
600 return false;
601 }
602 $ilLog->write(__METHOD__ . ': Assignment allowed.');
603 $checked_roles[$a_role] = true;
604 return true;
605 }
606 }
607
608
612 public function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
613 {
614 $this->initAuth($sid);
615 $this->initIlias();
616
617 if (!$this->__checkSession($sid)) {
618 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
619 }
620
621 global $ilDB, $tree, $rbacreview, $rbacsystem;
622
623 if ($ref_id == -1) {
624 $ref_id = USER_FOLDER_ID;
625 }
626
627 $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
628 if ($this->isFault($object)) {
629 return $object;
630 }
631
632 $data = array();
633 switch ($object->getType()) {
634 case "usrf":
636 break;
637 case "cat":
638 $data = ilObjUser::_getUsersForFolder($ref_id, $active);
639 break;
640 case "crs":
641 {
642 // GET ALL MEMBERS
643 $roles = $object->__getLocalRoles();
644
645 foreach ($roles as $role_id) {
646 $data = array_merge($rbacreview->assignedUsers($role_id), $data);
647 }
648
649 break;
650 }
651 case "grp":
652 $member_ids = $object->getGroupMemberIds();
653 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
654 break;
655 case "sess":
656 $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
657 if (!$course_ref_id) {
658 return $this->__raiseError("No course for session", "Client");
659 }
660
661 $event_obj_id = ilObject::_lookupObjId($ref_id);
662 include_once 'Modules/Session/classes/class.ilEventParticipants.php';
663 $event_part = new ilEventParticipants($event_obj_id);
664 $member_ids = array_keys($event_part->getParticipants());
665 $data = ilObjUser::_getUsersForIds($member_ids, $active);
666 break;
667 }
668
669 if (is_array($data)) {
670 include_once './Services/User/classes/class.ilUserXMLWriter.php';
671
672 $xmlWriter = new ilUserXMLWriter();
673 $xmlWriter->setObjects($data);
674 $xmlWriter->setAttachRoles($attachRoles);
675
676 if ($xmlWriter->start()) {
677 return $xmlWriter->getXML();
678 }
679 }
680 return $this->__raiseError('Error in processing information. This is likely a bug.', 'Server');
681 }
682
683
687 public function getUserForRole($sid, $role_id, $attachRoles, $active)
688 {
689 $this->initAuth($sid);
690 $this->initIlias();
691
692 if (!$this->__checkSession($sid)) {
693 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
694 }
695
696 include_once './Services/AccessControl/classes/class.ilObjRole.php';
697 global $ilDB, $rbacreview, $rbacsystem, $tree,$ilUser;
698
699
700 $global_roles = $rbacreview->getGlobalRoles();
701
702
703 if (in_array($role_id, $global_roles)) {
704 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
705 ) {
706 return $this->__raiseError("Role access not permitted. ($role_id)", "Server");
707 }
708 } else {
709 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
710 if ($rbacreview->isDeleted($rolf[0])
711 || !$rbacsystem->checkAccess('write', $rolf[0])) {
712 return $this->__raiseError("Role access not permitted. ($role_id)", "Server");
713 }
714 include_once('Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
716 if (!$rbacsystem->checkAccess('read', SYSTEM_USER_ID) and
717 !$rbacsystem->checkAccess('export_member_data', $privacy->getPrivacySettingsRefId())) {
718 return $this->__raiseError("Export of local role members not permitted. ($role_id)", "Server");
719 }
720 }
721
722 $data = ilObjUser::_getUsersForRole($role_id, $active);
723 include_once './Services/User/classes/class.ilUserXMLWriter.php';
724
725 $xmlWriter = new ilUserXMLWriter();
726 $xmlWriter->setAttachRoles($attachRoles);
727
728 $xmlWriter->setObjects($data);
729
730 if ($xmlWriter->start()) {
731 return $xmlWriter->getXML();
732 }
733 return $this->__raiseError('Error in getUsersForRole', 'Server');
734 }
735
736
737
742 public function __getImportProtocolAsXML($a_array)
743 {
744 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
745 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
746
747 $xmlResultSet = new ilXMLResultSet();
748 $xmlResultSet->addColumn("userid");
749 $xmlResultSet->addColumn("login");
750 $xmlResultSet->addColumn("action");
751 $xmlResultSet->addColumn("message");
752
753 foreach ($a_array as $username => $messages) {
754 foreach ($messages as $message) {
755 $xmlRow = new ilXMLResultSetRow();
756 $xmlRow->setValue(0, 0);
757 $xmlRow->setValue(1, $username);
758 $xmlRow->setValue(2, "");
759 $xmlRow->setValue(3, $message);
760
761 $xmlResultSet->addRow($xmlRow);
762 }
763 }
764
765 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
766
767 if ($xml_writer->start()) {
768 return $xml_writer->getXML();
769 }
770
771 return $this->__raiseError('Error in __getImportProtocolAsXML', 'Server');
772 }
773
780 public function __getUserMappingAsXML($a_array)
781 {
782 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
783 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
784
785 $xmlResultSet = new ilXMLResultSet();
786 $xmlResultSet->addColumn("userid");
787 $xmlResultSet->addColumn("login");
788 $xmlResultSet->addColumn("action");
789 $xmlResultSet->addColumn("message");
790
791 if (count($a_array)) {
792 foreach ($a_array as $username => $message) {
793 $xmlRow = new ilXMLResultSetRow();
794 $xmlRow->setValue(0, $username);
795 $xmlRow->setValue(1, $message["login"]);
796 $xmlRow->setValue(2, $message["action"]);
797 $xmlRow->setValue(3, $message["message"]);
798
799 $xmlResultSet->addRow($xmlRow);
800 }
801 }
802
803 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
804
805 if ($xml_writer->start()) {
806 return $xml_writer->getXML();
807 }
808
809 return $this->__raiseError('Error in __getUserMappingAsXML', 'Server');
810 }
811
820 public function searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
821 {
822 $this->initAuth($sid);
823 $this->initIlias();
824
825 if (!$this->__checkSession($sid)) {
826 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
827 }
828
829 global $ilDB, $rbacsystem;
830
831 if (!$rbacsystem->checkAccess('read', USER_FOLDER_ID)) {
832 return $this->__raiseError('Check access failed.', 'Server');
833 }
834
835
836 if (!count($a_keyfields)) {
837 $this->__raiseError('At least one keyfield is needed', 'Client');
838 }
839
840 if (!count($a_keyvalues)) {
841 $this->__raiseError('At least one keyvalue is needed', 'Client');
842 }
843
844 if (!strcasecmp($query_operator, "and")==0 || !strcasecmp($query_operator, "or") == 0) {
845 $this->__raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
846 }
847
848
849 $query = $this->__buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
850
851 $query = "SELECT usr_data.*, usr_pref.value AS language
852 FROM usr_data
853 LEFT JOIN usr_pref
854 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
855 $ilDB->quote("language", "text") .
856 "'language'
857 WHERE 1 = 1 " . $query;
858
859 if (is_numeric($active) && $active > -1) {
860 $query .= " AND active = " . $ilDB->quote($active);
861 }
862
863 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
864
865 //echo $query;
866
867 $r = $ilDB->query($query);
868
869 $data = array();
870
871 while ($row = $ilDB->fetchAssoc($r)) {
872 $data[] = $row;
873 }
874
875 include_once './Services/User/classes/class.ilUserXMLWriter.php';
876
877 $xmlWriter = new ilUserXMLWriter();
878 $xmlWriter->setAttachRoles($attach_roles);
879
880 $xmlWriter->setObjects($data);
881
882 if ($xmlWriter->start()) {
883 return $xmlWriter->getXML();
884 }
885 return $this->__raiseError('Error in searchUser', 'Server');
886 }
887
896 public function __buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
897 {
898 global $ilDB;
899 $query = array();
900
901 $allowed_fields = array("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
902
903 foreach ($a_keyfields as $keyfield) {
904 $keyfield = strtolower($keyfield);
905
906 if (!in_array($keyfield, $allowed_fields)) {
907 continue;
908 }
909
910 $field_query = array();
911 foreach ($a_keyvalues as $keyvalue) {
912 if (strlen($keyvalue) >= 3) {
913 $field_query []= $keyfield . " like '%" . $keyvalue . "%'";
914 }
915 }
916 if (count($field_query)) {
917 $query [] = join(" " . strtoupper($queryOperator) . " ", $field_query);
918 }
919 }
920
921 return count($query) ? " AND ((" . join(") OR (", $query) . "))" : "AND 0";
922 }
923
924
932 public function getUserXML($sid, $a_user_ids, $attach_roles)
933 {
934 $this->initAuth($sid);
935 $this->initIlias();
936
937 if (!$this->__checkSession($sid)) {
938 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
939 }
940
941 global $rbacsystem, $ilUser, $ilDB;
942
943 // check if own account
944 $is_self = false;
945 if (is_array($a_user_ids) and count($a_user_ids) == 1) {
946 if (end($a_user_ids) == $ilUser->getId()) {
947 $is_self = true;
948 }
949 } elseif (is_numeric($a_user_ids)) {
950 if ($a_user_ids == $ilUser->getId()) {
951 $is_self = true;
952 }
953 }
954
955 if (!$rbacsystem->checkAccess('read', USER_FOLDER_ID) and !$is_self) {
956 return $this->__raiseError('Check access failed.', 'Server');
957 }
958
959 // begin-patch filemanager
960 $data = ilObjUser::_getUserData((array) $a_user_ids);
961 // end-patch filemanager
962
963 include_once './Services/User/classes/class.ilUserXMLWriter.php';
964 $xmlWriter = new ilUserXMLWriter();
965 $xmlWriter->setAttachRoles($attach_roles);
966 $xmlWriter->setObjects($data);
967
968 if ($xmlWriter->start()) {
969 return $xmlWriter->getXML();
970 }
971
972 return $this->__raiseError('User does not exist', 'Client');
973 }
974
975
976 // has new mail
977 public function hasNewMail($sid)
978 {
979 $this->initAuth($sid);
980 $this->initIlias();
981
982 if (!$this->__checkSession($sid)) {
983 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
984 }
985
986 global $ilUser;
987
988 include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
990 return true;
991 } else {
992 return false;
993 }
994 }
995
996 public function getUserIdBySid($sid)
997 {
998 $this->initAuth($sid);
999 $this->initIlias();
1000
1001 if (!$this->__checkSession($sid)) {
1002 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
1003 }
1004
1005 global $ilDB;
1006
1007 $parts = explode('::', $sid);
1008 $query = "SELECT usr_id FROM usr_session "
1009 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1010 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1011 $data = $ilDB->fetchAssoc($res);
1012
1013 if (!(int) $data['usr_id']) {
1014 $this->__raiseError('User does not exist', 'Client');
1015 }
1016
1017 return (int) $data['usr_id'];
1018 }
1019}
$_COOKIE['client_id']
Definition: server.php:9
$location
Definition: buildRTE.php:44
$client
Definition: resume.php:9
An exception for terminatinating execution or to throw for unit testing.
const AUTH_CAS
const USER_FOLDER_ID
Class ilObjUserFolder.
const IL_FAIL_ON_CONFLICT
const IL_USER_MAPPING_ID
const IL_IMPORT_FAILURE
const IL_UPDATE_ON_CONFLICT
const IL_EXTRACT_ROLES
const IL_IMPORT_SUCCESS
const IL_USER_IMPORT
const IL_VERIFY
const IL_IGNORE_ON_CONFLICT
const IL_IMPORT_WARNING
Factory for auth frontend classes.
static getInstance()
Get status instance.
const STATUS_AUTHENTICATION_FAILED
static getLogger($a_component_id)
Get component logger.
static getNumberOfNewMailsByUserId($usr_id)
Determines the number of new mails for the passed user id and stores this information in a local cach...
static _getAssignUsersStatus($a_role_id)
getPasswdType()
get password type
getPhoneHome()
get home phone @access public
static _getUsersForIds($a_mem_ids, $active=-1, $timelimitowner=-1)
return user data for given user id
static _getUsersForRole($role_id, $active=-1)
return array of complete users which belong to a specific role
getPhoneOffice()
get office phone @access public
static _getUserData($a_internalids)
return user data for given user ids
getActive()
get user active state @access public
getCountry()
Get country (free text)
getFax()
get fax @access public
static getUserIdByLogin($a_login)
getLastname()
get lastname @access public
getUTitle()
get user title (note: don't mix up this method with getTitle() that is derived from ilObject and gets...
getMatriculation()
get matriculation number @access public
getHobby()
get hobby @access public
static _getUsersForFolder($ref_id, $active)
get users for a category or from system folder
getEmail()
get email address @access public
getAuthMode($a_auth_key=false)
get auth mode @access public
getComment()
get referral comment @access public
getStreet()
get street @access public
getInstitution()
get institution @access public
getApproveDate()
get the date when the user account was approved @access public
getFirstname()
get firstname @access public
getZipcode()
get zipcode @access public
getLogin()
get login / username @access public
getPasswd()
get password
getPref($a_keyword)
get a user preference
getLastLogin()
returns last login date @access public
static _getUsersForGroup($a_mem_ids, $active=-1)
return user data for group members
getPhoneMobile()
get mobile phone @access public
getCity()
get city @access public
getLanguage()
returns a 2char-language-string @access public
getDepartment()
get department @access public
getGender()
get gender @access public
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
getId()
get object id @access public
getImportId()
get import id
getCreateDate()
get create date @access public
static _getInstance()
Get instance of ilPrivacySettings.
const SESSION_CLOSE_USER
static setClosingContext($a_context)
set closing context (for statistics)
initAuth($sid)
Init authentication.
__initAuthenticationObject($a_auth_mode=AUTH_LOCAL)
__raiseError($a_message, $a_code)
checkObjectAccess($ref_id, $expected_type, $permission, $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
define ("IL_FAIL_ON_CONFLICT", 1); define ("IL_UPDATE_ON_CONFLICT", 2); define ("IL_IGNORE_ON_CONFLIC...
getUserForRole($sid, $role_id, $attachRoles, $active)
getUsersForContainer($sid, $ref_id, $attachRoles, $active)
return list of users following dtd users_3_7
loginLDAP($client, $username, $password)
Not required anymode.
__getImportProtocolAsXML($a_array)
Create XML ResultSet.
logout($sid)
Logout user destroy session.
__buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
create search term according to parameters
searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
return user xml following dtd 3.7
loginStudipUser($sid, $user_id)
login as user from Stud.IP
isPermittedRole($a_folder, $a_role)
check if assignment is allowed
__getUserMappingAsXML($a_array)
return user mapping as xml
getUserXML($sid, $a_user_ids, $attach_roles)
return user xmls for given user ids (csv separated ids) as xml based on usr dtd.
XML writer class.
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
XML Writer for XMLResultSet.
$r
Definition: example_031.php:79
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
domxml_open_mem($str, $mode=0, &$error=null)
$error
Definition: Error.php:17
catch(Exception $e) $message
$messages
Definition: en-x-test.php:7
global $lng
Definition: privfeed.php:17
$query
$password
Definition: pwgen.php:17
foreach($_POST as $key=> $value) $res
global $ilDB
$ilIliasIniFile
$ilUser
Definition: imgupload.php:18