33include_once
'./webservice/soap/classes/class.ilSoapAdministration.php';
58 }
catch (Exception $e) {
63 include_once
'./Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
65 $credentials->setUsername($username);
68 include_once
'./Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
70 $providers = $provider_factory->getProviders($credentials);
72 include_once
'./Services/Authentication/classes/class.ilAuthStatus.php';
75 include_once
'./Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
78 $frontend = $frontend_factory->getFrontend(
85 $frontend->authenticate();
87 switch ($status->getStatus()) {
107 $this->sauth->setClient(
$client);
108 $this->sauth->setUsername($username);
109 $this->sauth->setPT($PT);
110 $authenticated =
true;
113 if (!$this->sauth->authenticate()) {
114 $authenticated =
false;
116 if (!$authenticated) {
117 return $this->
__raiseError($this->sauth->getMessage(), $this->sauth->getMessageCode());
119 return $this->sauth->getSid() .
'::' .
$client;
151 if (!$this->__checkSession($sid)) {
155 if (!$ilIliasIniFile->readVariable(
'server',
'studip')) {
156 return $this->
__raiseError(
'Stud.IP mode not active.',
'Server');
159 if (!$rbacreview->isAssigned(
$ilUser->getId(), SYSTEM_ROLE_ID)) {
160 return $this->
__raiseError(
'No permission to initialize user session.',
'Server');
163 if ($ilUser->getLoginByUserId($user_id)) {
165 include_once
'./Services/Authentication/classes/class.ilSession.php';
167 $GLOBALS[
'DIC'][
'ilAuthSession']->logout();
172 $GLOBALS[
'DIC'][
'ilAuthSession']->init();
173 $GLOBALS[
'DIC'][
'ilAuthSession']->setAuthenticated(
true, $user_id);
174 return (session_id() .
'::' .
$client);
176 return $this->
__raiseError(
'User does not exist',
'Client');
189 if (!$this->__checkSession($sid)) {
193 include_once
'./Services/Authentication/classes/class.ilSession.php';
195 $GLOBALS[
'DIC'][
'ilAuthSession']->logout();
204 if (!$this->__checkSession($sid)) {
208 $user_name = trim($user_name);
210 if (!strlen($user_name)) {
211 return $this->
__raiseError(
'No username given. Aborting',
'Client');
216 if (strcasecmp(
$ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess(
'read',
USER_FOLDER_ID)) {
223 return $user_id ? $user_id :
"0";
231 if (!$this->__checkSession($sid)) {
238 return $this->
__raiseError(
'Check access failed.',
'Server');
241 if ($ilUser->getLoginByUserId($user_id)) {
247 return $this->
__raiseError(
'User does not exist',
'Client');
259 if (!$this->__checkSession($sid)) {
263 if (!isset($user_id)) {
264 return $this->
__raiseError(
'No user_id given. Aborting',
'Client');
270 return $this->
__raiseError(
'Check access failed.',
'Server');
273 if (!$ilUser->getLoginByUserId($user_id)) {
274 return $this->
__raiseError(
'User id: ' . $user_id .
' is not a valid identifier. Aborting',
'Client');
276 if (
$ilUser->getId() == $user_id) {
277 return $this->
__raiseError(
'Cannot delete myself. Aborting',
'Client');
279 if ($user_id == SYSTEM_USER_ID) {
280 return $this->
__raiseError(
'Cannot delete root account. Aborting',
'Client');
283 $log->write(
'SOAP: deleteUser()');
285 $delete_user->delete();
292 $usr_data[
'usr_id'] = $usr_obj->
getId();
293 $usr_data[
'login'] = $usr_obj->
getLogin();
294 $usr_data[
'passwd'] = $usr_obj->
getPasswd();
298 $usr_data[
'title'] = $usr_obj->
getUTitle();
299 $usr_data[
'gender'] = $usr_obj->
getGender();
300 $usr_data[
'email'] = $usr_obj->
getEmail();
303 $usr_data[
'street'] = $usr_obj->
getStreet();
304 $usr_data[
'city'] = $usr_obj->
getCity();
305 $usr_data[
'zipcode'] = $usr_obj->
getZipcode();
306 $usr_data[
'country'] = $usr_obj->
getCountry();
311 $usr_data[
'hobby'] = $usr_obj->
getHobby();
315 $usr_data[
'fax'] = $usr_obj->
getFax();
321 $usr_data[
'referral_comment'] = $usr_obj->
getComment();
323 $usr_data[
'active'] = $usr_obj->
getActive();
325 $usr_data[
'user_skin'] = $usr_obj->
getPref(
'skin');
326 $usr_data[
'user_style'] = $usr_obj->
getPref(
'style');
327 $usr_data[
'user_language'] = $usr_obj->
getLanguage();
341 public function importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
346 if (!$this->__checkSession($sid)) {
351 include_once
'./Services/User/classes/class.ilUserImportParser.php';
352 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
353 include_once
'./Services/Object/classes/class.ilObjectFactory.php';
365 foreach (
$error as $err) {
366 $msg []=
"(" . $err[
"line"] .
"," . $err[
"col"] .
"): " . $err[
"errormessage"];
371 $msg = join(
"\n", $msg);
376 switch ($conflict_rule) {
386 if ($folder_id == 0) {
388 return $this->
__raiseError(
'Missing permission for creating/modifying users accounts' .
USER_FOLDER_ID .
' ' . $ilUser->getId(),
'Server');
394 if ($folder_id != 0) {
396 if ($folder_id == -1) {
403 if (!$import_folder) {
404 return $this->
__raiseError(
'Wrong reference id.',
'Server');
408 if ($import_folder->getType() !=
"usrf" && $import_folder->getType() !=
"cat") {
409 return $this->
__raiseError(
'Folder must be a usr folder or a category.',
'Server');
413 if (!$rbacsystem->checkAccess(
'create_usr', $folder_id)) {
414 return $this->
__raiseError(
'Missing permission for creating users within ' . $import_folder->getTitle(),
'Server');
421 $importParser->setXMLContent($usr_xml);
422 $importParser->startParsing();
424 switch ($importParser->getErrorLevel()) {
437 $importParser->setXMLContent($usr_xml);
439 $importParser->startParsing();
441 $roles = $importParser->getCollectedRoles();
448 $permitted_roles = array();
449 foreach ($roles as $role_id => $role) {
450 if (!is_numeric($role_id)) {
454 if (is_numeric($internalId)) {
455 $role_id = $internalId;
456 $role_name = $role_id;
467 $permitted_roles[$role_id] = $role_id;
470 return $this->
__raiseError(
"Could not find role " . $role_name .
". Either you use an invalid/deleted role " .
471 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
'Server');
475 $global_roles = $rbacreview->getGlobalRoles();
481 foreach ($permitted_roles as $role_id => $role_name) {
482 if ($role_id !=
"") {
483 if (in_array($role_id, $global_roles)) {
484 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles(
$ilUser->getId()))
487 return $this->
__raiseError($lng->txt(
"usrimport_with_specified_role_not_permitted") .
" $role_name ($role_id)",
'Server');
490 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,
true);
491 if ($rbacreview->isDeleted($rolf[0])
492 || !$rbacsystem->checkAccess(
'write', $rolf[0])) {
493 return $this->
__raiseError($lng->txt(
"usrimport_with_specified_role_not_permitted") .
" $role_name ($role_id)",
"Server");
502 $importParser->setSendMail($send_account_mail);
504 $importParser->setFolderId($folder_id);
505 $importParser->setXMLContent($usr_xml);
507 $importParser->setRoleAssignment($permitted_roles);
509 $importParser->startParsing();
526 static $checked_roles = array();
527 static $global_roles =
null;
530 if (isset($checked_roles[$a_role])) {
531 return $checked_roles[$a_role];
536 $locations = $rbacreview->getFoldersAssignedToRole($a_role,
true);
541 $ilLog->write(__METHOD__ .
': Check global role');
546 $ilLog->write(__METHOD__ .
': ' . $a_folder);
547 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
549 $ilLog->write(__METHOD__ .
': No assignment allowed');
550 $checked_roles[$a_role] =
false;
555 if ($a_role == ANONYMOUS_ROLE_ID) {
556 $ilLog->write(__METHOD__ .
': Anonymous role chosen.');
557 $checked_roles[$a_role] =
false;
561 if ($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles(
$ilUser->getId()))) {
562 $ilLog->write(__METHOD__ .
': System role assignment forbidden.');
563 $checked_roles[$a_role] =
false;
568 $ilLog->write(__METHOD__ .
': Assignment allowed.');
569 $checked_roles[$a_role] =
true;
572 $ilLog->write(__METHOD__ .
': Check local role.');
575 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,
true);
583 if ($rbacreview->isDeleted($rolf)
584 || !$rbacsystem->checkAccess(
'edit_permission', $rolf)) {
585 $ilLog->write(__METHOD__ .
': Role deleted or no permission.');
586 $checked_roles[$a_role] =
false;
597 if ($a_folder !=
USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder, $rolf)) {
598 $ilLog->write(__METHOD__ .
': Not in path of category.');
599 $checked_roles[$a_role] =
false;
602 $ilLog->write(__METHOD__ .
': Assignment allowed.');
603 $checked_roles[$a_role] =
true;
617 if (!$this->__checkSession($sid)) {
621 global
$ilDB, $tree, $rbacreview, $rbacsystem;
627 $object = $this->
checkObjectAccess($ref_id, array(
"crs",
"cat",
"grp",
"usrf",
"sess"),
"read",
true);
633 switch ($object->getType()) {
643 $roles = $object->__getLocalRoles();
645 foreach ($roles as $role_id) {
646 $data = array_merge($rbacreview->assignedUsers($role_id),
$data);
652 $member_ids = $object->getGroupMemberIds();
656 $course_ref_id = $tree->checkForParentType($ref_id,
'crs');
657 if (!$course_ref_id) {
658 return $this->
__raiseError(
"No course for session",
"Client");
662 include_once
'Modules/Session/classes/class.ilEventParticipants.php';
664 $member_ids = array_keys($event_part->getParticipants());
669 if (is_array(
$data)) {
670 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
673 $xmlWriter->setObjects(
$data);
674 $xmlWriter->setAttachRoles($attachRoles);
676 if ($xmlWriter->start()) {
677 return $xmlWriter->getXML();
680 return $this->
__raiseError(
'Error in processing information. This is likely a bug.',
'Server');
692 if (!$this->__checkSession($sid)) {
696 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
700 $global_roles = $rbacreview->getGlobalRoles();
703 if (in_array($role_id, $global_roles)) {
704 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles(
$ilUser->getId()))
706 return $this->
__raiseError(
"Role access not permitted. ($role_id)",
"Server");
709 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,
true);
710 if ($rbacreview->isDeleted($rolf[0])
711 || !$rbacsystem->checkAccess(
'write', $rolf[0])) {
712 return $this->
__raiseError(
"Role access not permitted. ($role_id)",
"Server");
714 include_once(
'Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
716 if (!$rbacsystem->checkAccess(
'read', SYSTEM_USER_ID) and
717 !$rbacsystem->checkAccess(
'export_member_data', $privacy->getPrivacySettingsRefId())) {
718 return $this->
__raiseError(
"Export of local role members not permitted. ($role_id)",
"Server");
723 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
726 $xmlWriter->setAttachRoles($attachRoles);
728 $xmlWriter->setObjects(
$data);
730 if ($xmlWriter->start()) {
731 return $xmlWriter->getXML();
733 return $this->
__raiseError(
'Error in getUsersForRole',
'Server');
744 include_once
'./webservice/soap/classes/class.ilXMLResultSet.php';
745 include_once
'./webservice/soap/classes/class.ilXMLResultSetWriter.php';
748 $xmlResultSet->addColumn(
"userid");
749 $xmlResultSet->addColumn(
"login");
750 $xmlResultSet->addColumn(
"action");
751 $xmlResultSet->addColumn(
"message");
753 foreach ($a_array as $username =>
$messages) {
756 $xmlRow->setValue(0, 0);
757 $xmlRow->setValue(1, $username);
758 $xmlRow->setValue(2,
"");
761 $xmlResultSet->addRow($xmlRow);
767 if ($xml_writer->start()) {
768 return $xml_writer->getXML();
771 return $this->
__raiseError(
'Error in __getImportProtocolAsXML',
'Server');
782 include_once
'./webservice/soap/classes/class.ilXMLResultSet.php';
783 include_once
'./webservice/soap/classes/class.ilXMLResultSetWriter.php';
786 $xmlResultSet->addColumn(
"userid");
787 $xmlResultSet->addColumn(
"login");
788 $xmlResultSet->addColumn(
"action");
789 $xmlResultSet->addColumn(
"message");
791 if (count($a_array)) {
792 foreach ($a_array as $username =>
$message) {
794 $xmlRow->setValue(0, $username);
795 $xmlRow->setValue(1,
$message[
"login"]);
796 $xmlRow->setValue(2,
$message[
"action"]);
797 $xmlRow->setValue(3,
$message[
"message"]);
799 $xmlResultSet->addRow($xmlRow);
805 if ($xml_writer->start()) {
806 return $xml_writer->getXML();
809 return $this->
__raiseError(
'Error in __getUserMappingAsXML',
'Server');
820 public function searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
825 if (!$this->__checkSession($sid)) {
829 global
$ilDB, $rbacsystem;
832 return $this->
__raiseError(
'Check access failed.',
'Server');
836 if (!count($a_keyfields)) {
837 $this->
__raiseError(
'At least one keyfield is needed',
'Client');
840 if (!count($a_keyvalues)) {
841 $this->
__raiseError(
'At least one keyvalue is needed',
'Client');
844 if (!strcasecmp($query_operator,
"and")==0 || !strcasecmp($query_operator,
"or") == 0) {
845 $this->
__raiseError(
'Query operator must be either \'and\' or \'or\'',
'Client');
851 $query =
"SELECT usr_data.*, usr_pref.value AS language
854 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
855 $ilDB->quote(
"language",
"text") .
859 if (is_numeric($active) && $active > -1) {
860 $query .=
" AND active = " .
$ilDB->quote($active);
863 $query .=
" ORDER BY usr_data.lastname, usr_data.firstname ";
875 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
878 $xmlWriter->setAttachRoles($attach_roles);
880 $xmlWriter->setObjects(
$data);
882 if ($xmlWriter->start()) {
883 return $xmlWriter->getXML();
885 return $this->
__raiseError(
'Error in searchUser',
'Server');
901 $allowed_fields = array(
"firstname",
"lastname",
"email",
"login",
"matriculation",
"institution",
"department",
"title",
"ext_account");
903 foreach ($a_keyfields as $keyfield) {
904 $keyfield = strtolower($keyfield);
906 if (!in_array($keyfield, $allowed_fields)) {
910 $field_query = array();
911 foreach ($a_keyvalues as $keyvalue) {
912 if (strlen($keyvalue) >= 3) {
913 $field_query []= $keyfield .
" like '%" . $keyvalue .
"%'";
916 if (count($field_query)) {
917 $query [] = join(
" " . strtoupper($queryOperator) .
" ", $field_query);
921 return count(
$query) ?
" AND ((" . join(
") OR (",
$query) .
"))" :
"AND 0";
937 if (!$this->__checkSession($sid)) {
945 if (is_array($a_user_ids) and count($a_user_ids) == 1) {
946 if (end($a_user_ids) ==
$ilUser->getId()) {
949 } elseif (is_numeric($a_user_ids)) {
950 if ($a_user_ids ==
$ilUser->getId()) {
955 if (!$rbacsystem->checkAccess(
'read',
USER_FOLDER_ID) and !$is_self) {
956 return $this->
__raiseError(
'Check access failed.',
'Server');
963 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
965 $xmlWriter->setAttachRoles($attach_roles);
966 $xmlWriter->setObjects(
$data);
968 if ($xmlWriter->start()) {
969 return $xmlWriter->getXML();
972 return $this->
__raiseError(
'User does not exist',
'Client');
982 if (!$this->__checkSession($sid)) {
988 include_once
'Services/Mail/classes/class.ilMailGlobalServices.php';
1001 if (!$this->__checkSession($sid)) {
1007 $parts = explode(
'::', $sid);
1008 $query =
"SELECT usr_id FROM usr_session "
1009 .
"INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1013 if (!(
int)
$data[
'usr_id']) {
1017 return (
int) $data[
'usr_id'];
An exception for terminatinating execution or to throw for unit testing.
const USER_FOLDER_ID
Class ilObjUserFolder.
const IL_FAIL_ON_CONFLICT
const IL_UPDATE_ON_CONFLICT
const IL_IGNORE_ON_CONFLICT
Description of class class.
Factory for auth frontend classes.
const STATUS_AUTHENTICATED
static getInstance()
Get status instance.
const STATUS_AUTHENTICATION_FAILED
static getLogger($a_component_id)
Get component logger.
static getNumberOfNewMailsByUserId($usr_id)
Determines the number of new mails for the passed user id and stores this information in a local cach...
static _getAssignUsersStatus($a_role_id)
getPasswdType()
get password type
getPhoneHome()
get home phone @access public
static _getUsersForIds($a_mem_ids, $active=-1, $timelimitowner=-1)
return user data for given user id
static _getUsersForRole($role_id, $active=-1)
return array of complete users which belong to a specific role
getPhoneOffice()
get office phone @access public
static _getUserData($a_internalids)
return user data for given user ids
hasToAcceptTermsOfService()
getActive()
get user active state @access public
getCountry()
Get country (free text)
getFax()
get fax @access public
static getUserIdByLogin($a_login)
getLastname()
get lastname @access public
getUTitle()
get user title (note: don't mix up this method with getTitle() that is derived from ilObject and gets...
getMatriculation()
get matriculation number @access public
getHobby()
get hobby @access public
static _getUsersForFolder($ref_id, $active)
get users for a category or from system folder
getEmail()
get email address @access public
getAuthMode($a_auth_key=false)
get auth mode @access public
getComment()
get referral comment @access public
getStreet()
get street @access public
getInstitution()
get institution @access public
getApproveDate()
get the date when the user account was approved @access public
getFirstname()
get firstname @access public
getZipcode()
get zipcode @access public
getLogin()
get login / username @access public
getPref($a_keyword)
get a user preference
getLastLogin()
returns last login date @access public
static _getUsersForGroup($a_mem_ids, $active=-1)
return user data for group members
getPhoneMobile()
get mobile phone @access public
getCity()
get city @access public
getLanguage()
returns a 2char-language-string @access public
getDepartment()
get department @access public
getGender()
get gender @access public
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
getId()
get object id @access public
getImportId()
get import id
getCreateDate()
get create date @access public
static _getInstance()
Get instance of ilPrivacySettings.
static setClosingContext($a_context)
set closing context (for statistics)
initAuth($sid)
Init authentication.
__initAuthenticationObject($a_auth_mode=AUTH_LOCAL)
__raiseError($a_message, $a_code)
checkObjectAccess($ref_id, $expected_type, $permission, $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
define ("IL_FAIL_ON_CONFLICT", 1); define ("IL_UPDATE_ON_CONFLICT", 2); define ("IL_IGNORE_ON_CONFLIC...
lookupUser($sid, $user_name)
getUserForRole($sid, $role_id, $attachRoles, $active)
getUsersForContainer($sid, $ref_id, $attachRoles, $active)
return list of users following dtd users_3_7
deleteUser($sid, $user_id)
loginLDAP($client, $username, $password)
Not required anymode.
__getImportProtocolAsXML($a_array)
Create XML ResultSet.
logout($sid)
Logout user destroy session.
__buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
create search term according to parameters
searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
return user xml following dtd 3.7
__readUserData(\ilObjUser &$usr_obj)
loginStudipUser($sid, $user_id)
login as user from Stud.IP
isPermittedRole($a_folder, $a_role)
check if assignment is allowed
loginCAS($client, $PT, $username)
__getUserMappingAsXML($a_array)
return user mapping as xml
getUserXML($sid, $a_user_ids, $attach_roles)
return user xmls for given user ids (csv separated ids) as xml based on usr dtd.
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
XML Writer for XMLResultSet.
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
domxml_open_mem($str, $mode=0, &$error=null)
catch(Exception $e) $message
foreach($_POST as $key=> $value) $res