ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1<?php
2 /*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22 */
23
24
33include_once './webservice/soap/classes/class.ilSoapAdministration.php';
34
36{
37
46 public function login($client, $username, $password)
47 {
48 unset($_COOKIE[session_name()]);
49 $_COOKIE['ilClientId'] = $client;
50
51 try {
52 $this->initIlias();
53 } catch (Exception $e) {
54 return $this->__raiseError($e->getMessage(), 'Server');
55 }
56
57 // now try authentication
58 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
59 $credentials = new ilAuthFrontendCredentials();
60 $credentials->setUsername($username);
61 $credentials->setPassword($password);
62
63 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
64 $provider_factory = new ilAuthProviderFactory();
65 $providers = $provider_factory->getProviders($credentials);
66
67 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
68 $status = ilAuthStatus::getInstance();
69
70 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
71 $frontend_factory = new ilAuthFrontendFactory();
72 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_CLI);
73 $frontend = $frontend_factory->getFrontend(
74 $GLOBALS['DIC']['ilAuthSession'],
75 $status,
76 $credentials,
77 $providers
78 );
79
80 $frontend->authenticate();
81
82 switch ($status->getStatus()) {
84 ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
85 return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
86
87
88 default:
90 return $this->__raiseError(
91 $status->getReason(),
92 'Server'
93 );
94 }
95 return true;
96 }
97
98 // Service methods
99 public function loginCAS($client, $PT, $username)
100 {
102 $this->sauth->setClient($client);
103 $this->sauth->setUsername($username);
104 $this->sauth->setPT($PT);
105 $authenticated = true;
106 //include_once("./Services/CAS/classes/class.ilCASAuth.php");
107 //include_once("./Services/CAS/phpcas/source/CAS/CAS.php");
108 if (!$this->sauth->authenticate()) {
109 $authenticated = false;
110 }
111 if (!$authenticated) {
112 return $this->__raiseError($this->sauth->getMessage(), $this->sauth->getMessageCode());
113 }
114 return $this->sauth->getSid() . '::' . $client;
115 }
116
117 // Service methods
126 public function loginLDAP($client, $username, $password)
127 {
128 return $this->login($client, $username, $password);
129 }
130
138 public function loginStudipUser($sid, $user_id)
139 {
140 global $DIC;
141
142 $rbacreview = $DIC['rbacreview'];
143 $ilUser = $DIC['ilUser'];
144 $ilIliasIniFile = $DIC['ilIliasIniFile'];
145
146 $this->initAuth($sid);
147 $this->initIlias();
148 list($admin_sid, $client) = $this->__explodeSid($sid);
149
150 if (!$this->__checkSession($sid)) {
151 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
152 }
153
154 if (!$ilIliasIniFile->readVariable('server', 'studip')) {
155 return $this->__raiseError('Stud.IP mode not active.', 'Server');
156 }
157
158 if (!$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)) {
159 return $this->__raiseError('No permission to initialize user session.', 'Server');
160 }
161
162 if ($ilUser->getLoginByUserId($user_id)) {
163 // logout admin
164 include_once './Services/Authentication/classes/class.ilSession.php';
166 $GLOBALS['DIC']['ilAuthSession']->logout();
167 unset($_COOKIE[session_name()]);
168
169 // init session and set user as authenticated
170 $_COOKIE['ilClientId'] = $client;
171 $GLOBALS['DIC']['ilAuthSession']->init();
172 $GLOBALS['DIC']['ilAuthSession']->setAuthenticated(true, $user_id);
173 return (session_id() . '::' . $client);
174 }
175 return $this->__raiseError('User does not exist', 'Client');
176 }
177
183 public function logout($sid)
184 {
185 $this->initAuth($sid);
186 $this->initIlias();
187
188 if (!$this->__checkSession($sid)) {
189 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
190 }
191
192 include_once './Services/Authentication/classes/class.ilSession.php';
194 $GLOBALS['DIC']['ilAuthSession']->logout();
195 return true;
196 }
197
198 public function lookupUser($sid, $user_name)
199 {
200 $this->initAuth($sid);
201 $this->initIlias();
202
203 if (!$this->__checkSession($sid)) {
204 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
205 }
206
207 $user_name = trim($user_name);
208
209 if (!strlen($user_name)) {
210 return $this->__raiseError('No username given. Aborting', 'Client');
211 }
212
213 global $DIC;
214
215 $rbacsystem = $DIC['rbacsystem'];
216 $ilUser = $DIC['ilUser'];
217
218 if (strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read', USER_FOLDER_ID)) {
219 return $this->__raiseError('Check access failed. ' . USER_FOLDER_ID, 'Server');
220 }
221
222 $user_id = ilObjUser::getUserIdByLogin($user_name);
223
224
225 return $user_id ? $user_id : "0";
226 }
227
228 public function getUser($sid, $user_id)
229 {
230 $this->initAuth($sid);
231 $this->initIlias();
232
233 if (!$this->__checkSession($sid)) {
234 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
235 }
236
237 global $DIC;
238
239 $rbacsystem = $DIC['rbacsystem'];
240 $ilUser = $DIC['ilUser'];
241
242 if (!$rbacsystem->checkAccess('read', USER_FOLDER_ID)) {
243 return $this->__raiseError('Check access failed.', 'Server');
244 }
245
246 if ($ilUser->getLoginByUserId($user_id)) {
247 $tmp_user =&ilObjectFactory::getInstanceByObjId($user_id);
248 $usr_data = $this->__readUserData($tmp_user);
249
250 return $usr_data;
251 }
252 return $this->__raiseError('User does not exist', 'Client');
253 }
254
255
259 public function deleteUser($sid, $user_id)
260 {
261 $this->initAuth($sid);
262 $this->initIlias();
263
264 if (!$this->__checkSession($sid)) {
265 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
266 }
267
268 if (!isset($user_id)) {
269 return $this->__raiseError('No user_id given. Aborting', 'Client');
270 }
271
272 global $DIC;
273
274 $rbacsystem = $DIC['rbacsystem'];
275 $ilUser = $DIC['ilUser'];
276 $log = $DIC['log'];
277
278 if (!$rbacsystem->checkAccess('delete', USER_FOLDER_ID)) {
279 return $this->__raiseError('Check access failed.', 'Server');
280 }
281
282 if (!$ilUser->getLoginByUserId($user_id)) {
283 return $this->__raiseError('User id: ' . $user_id . ' is not a valid identifier. Aborting', 'Client');
284 }
285 if ($ilUser->getId() == $user_id) {
286 return $this->__raiseError('Cannot delete myself. Aborting', 'Client');
287 }
288 if ($user_id == SYSTEM_USER_ID) {
289 return $this->__raiseError('Cannot delete root account. Aborting', 'Client');
290 }
291 // Delete him
292 $log->write('SOAP: deleteUser()');
293 $delete_user =&ilObjectFactory::getInstanceByObjId($user_id, false);
294 $delete_user->delete();
295
296 return true;
297 }
298
299 public function __readUserData(\ilObjUser &$usr_obj)
300 {
301 $usr_data['usr_id'] = $usr_obj->getId();
302 $usr_data['login'] = $usr_obj->getLogin();
303 $usr_data['passwd'] = $usr_obj->getPasswd();
304 $usr_data['passwd_type'] = $usr_obj->getPasswdType();
305 $usr_data['firstname'] = $usr_obj->getFirstname();
306 $usr_data['lastname'] = $usr_obj->getLastname();
307 $usr_data['title'] = $usr_obj->getUTitle();
308 $usr_data['gender'] = $usr_obj->getGender();
309 $usr_data['email'] = $usr_obj->getEmail();
310 $usr_data['second_email'] = $usr_obj->getSecondEmail();
311 $usr_data['institution'] = $usr_obj->getInstitution();
312 $usr_data['street'] = $usr_obj->getStreet();
313 $usr_data['city'] = $usr_obj->getCity();
314 $usr_data['zipcode'] = $usr_obj->getZipcode();
315 $usr_data['country'] = $usr_obj->getCountry();
316 $usr_data['phone_office'] = $usr_obj->getPhoneOffice();
317 $usr_data['last_login'] = $usr_obj->getLastLogin();
318 $usr_data['last_update'] = $usr_obj->getLastUpdate();
319 $usr_data['create_date'] = $usr_obj->getCreateDate();
320 $usr_data['hobby'] = $usr_obj->getHobby();
321 $usr_data['department'] = $usr_obj->getDepartment();
322 $usr_data['phone_home'] = $usr_obj->getPhoneHome();
323 $usr_data['phone_mobile'] = $usr_obj->getPhoneMobile();
324 $usr_data['fax'] = $usr_obj->getFax();
325 $usr_data['time_limit_owner'] = $usr_obj->getTimeLimitOwner();
326 $usr_data['time_limit_unlimited'] = $usr_obj->getTimeLimitUnlimited();
327 $usr_data['time_limit_from'] = $usr_obj->getTimeLimitFrom();
328 $usr_data['time_limit_until'] = $usr_obj->getTimeLimitUntil();
329 $usr_data['time_limit_message'] = $usr_obj->getTimeLimitMessage();
330 $usr_data['referral_comment'] = $usr_obj->getComment();
331 $usr_data['matriculation'] = $usr_obj->getMatriculation();
332 $usr_data['active'] = $usr_obj->getActive();
333 $usr_data['approve_date'] = $usr_obj->getApproveDate();
334 $usr_data['user_skin'] = $usr_obj->getPref('skin');
335 $usr_data['user_style'] = $usr_obj->getPref('style');
336 $usr_data['user_language'] = $usr_obj->getLanguage();
337 $usr_data['auth_mode'] = $usr_obj->getAuthMode();
338 $usr_data['accepted_agreement'] = !$usr_obj->hasToAcceptTermsOfService();
339 $usr_data['import_id'] = $usr_obj->getImportId();
340
341 return $usr_data;
342 }
343
350 public function importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
351 {
352 $this->initAuth($sid);
353 $this->initIlias();
354
355 if (!$this->__checkSession($sid)) {
356 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
357 }
358
359
360 include_once './Services/User/classes/class.ilUserImportParser.php';
361 include_once './Services/AccessControl/classes/class.ilObjRole.php';
362 include_once './Services/Object/classes/class.ilObjectFactory.php';
363 global $DIC;
364
365 $rbacreview = $DIC['rbacreview'];
366 $rbacsystem = $DIC['rbacsystem'];
367 $access = $DIC->access();
368 $tree = $DIC['tree'];
369 $lng = $DIC['lng'];
370 $ilUser = $DIC['ilUser'];
371 $ilLog = $DIC['ilLog'];
372
373 // this takes time but is nescessary
374 $error = false;
375
376
377 // validate to prevent wrong XMLs
378 $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
379 if ($error) {
380 $msg = array();
381 if (is_array($error)) {
382 foreach ($error as $err) {
383 $msg []= "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
384 }
385 } else {
386 $msg[] = $error;
387 }
388 $msg = join("\n", $msg);
389 return $this->__raiseError($msg, "Client");
390 }
391
392
393 switch ($conflict_rule) {
394 case 2:
395 $conflict_rule = IL_UPDATE_ON_CONFLICT;
396 break;
397 case 3:
398 $conflict_rule = IL_IGNORE_ON_CONFLICT;
399 break;
400 default:
401 $conflict_rule = IL_FAIL_ON_CONFLICT;
402 }
403 if ($folder_id == 0) {
404 if (!$access->checkAccess('create_usr', '', USER_FOLDER_ID)) {
405 return $this->__raiseError('Missing permission for creating/modifying users accounts' . USER_FOLDER_ID . ' ' . $ilUser->getId(), 'Server');
406 }
407 }
408
409 // folder id 0, means to check permission on user basis!
410 // must have create user right in time_limit_owner property (which is ref_id of container)
411 if ($folder_id != 0) {
412 // determine where to import
413 if ($folder_id == -1) {
414 $folder_id = USER_FOLDER_ID;
415 }
416
417 // get folder
418 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
419 // id does not exist
420 if (!$import_folder) {
421 return $this->__raiseError('Wrong reference id.', 'Server');
422 }
423
424 // folder is not a folder, can also be a category
425 if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat") {
426 return $this->__raiseError('Folder must be a usr folder or a category.', 'Server');
427 }
428
429 // check access to folder
430 if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
431 return $this->__raiseError('Missing permission for creating users within ' . $import_folder->getTitle(), 'Server');
432 }
433 }
434
435 // first verify
436 $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
437 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
438 $importParser->setXMLContent($usr_xml);
439 $importParser->startParsing();
440
441 switch ($importParser->getErrorLevel()) {
443 break;
445 return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Warning"));
446 break;
448 return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Failure"));
449 }
450
451 // verify is ok, so get role assignments
452
453 $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
454 $importParser->setXMLContent($usr_xml);
455 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
456 $importParser->startParsing();
457
458 $roles = $importParser->getCollectedRoles();
459
460 //print_r($roles);
461
462
463
464 // roles to be assigned, skip if one is not allowed!
465 $permitted_roles = array();
466 foreach ($roles as $role_id => $role) {
467 if (!is_numeric($role_id)) {
468 // check if internal id
469 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
470
471 if (is_numeric($internalId)) {
472 $role_id = $internalId;
473 $role_name = $role_id;
474 }
475 /* else // perhaps it is a rolename
476 {
477 $role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
478 $role_name = $role->title;
479 $role_id = $role->role_id;
480 }*/
481 }
482
483 if ($this->isPermittedRole($folder_id, $role_id)) {
484 $permitted_roles[$role_id] = $role_id;
485 } else {
486 $role_name = ilObject::_lookupTitle($role_id);
487 return $this->__raiseError("Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
488 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.", 'Server');
489 }
490 }
491
492 $global_roles = $rbacreview->getGlobalRoles();
493
494 //print_r ($global_roles);
495
496
497
498 foreach ($permitted_roles as $role_id => $role_name) {
499 if ($role_id != "") {
500 if (in_array($role_id, $global_roles)) {
501 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
502 || ($folder_id != USER_FOLDER_ID && $folder_id != 0 && !ilObjRole::_getAssignUsersStatus($role_id))
503 ) {
504 return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)", 'Server');
505 }
506 } else {
507 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
508 if ($rbacreview->isDeleted($rolf[0])
509 || !$rbacsystem->checkAccess('write', $rolf[0])) {
510 return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)", "Server");
511 }
512 }
513 }
514 }
515
516 //print_r ($permitted_roles);
517
518 $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
519 $importParser->setSendMail($send_account_mail);
520 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
521 $importParser->setFolderId($folder_id);
522 $importParser->setXMLContent($usr_xml);
523
524 $importParser->setRoleAssignment($permitted_roles);
525
526 $importParser->startParsing();
527
528 if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE) {
529 return $this->__getUserMappingAsXML($importParser->getUserMapping());
530 }
531 return $this->__getImportProtocolAsXML($importParser->getProtocol());
532 }
533
541 protected function isPermittedRole($a_folder, $a_role)
542 {
543 static $checked_roles = array();
544 static $global_roles = null;
545
546
547 if (isset($checked_roles[$a_role])) {
548 return $checked_roles[$a_role];
549 }
550
551 global $DIC;
552
553 $rbacsystem = $DIC['rbacsystem'];
554 $rbacreview = $DIC['rbacreview'];
555 $ilUser = $DIC['ilUser'];
556 $tree = $DIC['tree'];
557 $ilLog = $DIC['ilLog'];
558
559 $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
560 $location = $locations[0];
561
562 // global role
563 if ($location == ROLE_FOLDER_ID) {
564 $ilLog->write(__METHOD__ . ': Check global role');
565 // check assignment permission if called from local admin
566
567
568 if ($a_folder != USER_FOLDER_ID and $a_folder != 0) {
569 $ilLog->write(__METHOD__ . ': ' . $a_folder);
570 include_once './Services/AccessControl/classes/class.ilObjRole.php';
571 if (!ilObjRole::_getAssignUsersStatus($a_role)) {
572 $ilLog->write(__METHOD__ . ': No assignment allowed');
573 $checked_roles[$a_role] = false;
574 return false;
575 }
576 }
577 // exclude anonymous role from list
578 if ($a_role == ANONYMOUS_ROLE_ID) {
579 $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
580 $checked_roles[$a_role] = false;
581 return false;
582 }
583 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
584 if ($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))) {
585 $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
586 $checked_roles[$a_role] = false;
587 return false;
588 }
589
590 // Global role assignment ok
591 $ilLog->write(__METHOD__ . ': Assignment allowed.');
592 $checked_roles[$a_role] = true;
593 return true;
594 } elseif ($location) {
595 $ilLog->write(__METHOD__ . ': Check local role.');
596
597 // It's a local role
598 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
599 $rolf = $rolfs[0];
600
601
602 // only process role folders that are not set to status "deleted"
603 // and for which the user has write permissions.
604 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
605 // (The ROLE_FOLDER_ID folder contains the global roles).
606 if ($rbacreview->isDeleted($rolf)
607 || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
608 $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
609 $checked_roles[$a_role] = false;
610 return false;
611 }
612 // A local role is only displayed, if it is contained in the subtree of
613 // the localy administrated category. If the import function has been
614 // invoked from the user folder object, we show all local roles, because
615 // the user folder object is considered the parent of all local roles.
616 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
617 // isInSubtree variable with true. In all other cases it is initialized
618 // with false, and only set to true if we find the object id of the
619 // locally administrated category in the tree path to the local role.
620 if ($a_folder != USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder, $rolf)) {
621 $ilLog->write(__METHOD__ . ': Not in path of category.');
622 $checked_roles[$a_role] = false;
623 return false;
624 }
625 $ilLog->write(__METHOD__ . ': Assignment allowed.');
626 $checked_roles[$a_role] = true;
627 return true;
628 }
629 }
630
631
635 public function getUsersForContainer($sid, $ref_id, $attachRoles, $active)
636 {
637 $this->initAuth($sid);
638 $this->initIlias();
639
640 if (!$this->__checkSession($sid)) {
641 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
642 }
643
644 global $DIC;
645
646 $ilDB = $DIC['ilDB'];
647 $tree = $DIC['tree'];
648 $rbacreview = $DIC['rbacreview'];
649 $rbacsystem = $DIC['rbacsystem'];
650
651 if ($ref_id == -1) {
652 $ref_id = USER_FOLDER_ID;
653 }
654
655 $object = $this->checkObjectAccess($ref_id, array("crs","cat","grp","usrf","sess"), "read", true);
656 if ($this->isFault($object)) {
657 return $object;
658 }
659
660 $data = array();
661 switch ($object->getType()) {
662 case "usrf":
664 break;
665 case "cat":
666 $data = ilObjUser::_getUsersForFolder($ref_id, $active);
667 break;
668 case "crs":
669 {
670 // GET ALL MEMBERS
671 $roles = $object->__getLocalRoles();
672
673 foreach ($roles as $role_id) {
674 $data = array_merge($rbacreview->assignedUsers($role_id), $data);
675 }
676
677 break;
678 }
679 case "grp":
680 $member_ids = $object->getGroupMemberIds();
681 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
682 break;
683 case "sess":
684 $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
685 if (!$course_ref_id) {
686 return $this->__raiseError("No course for session", "Client");
687 }
688
689 $event_obj_id = ilObject::_lookupObjId($ref_id);
690 include_once 'Modules/Session/classes/class.ilEventParticipants.php';
691 $event_part = new ilEventParticipants($event_obj_id);
692 $member_ids = array_keys($event_part->getParticipants());
693 $data = ilObjUser::_getUsersForIds($member_ids, $active);
694 break;
695 }
696
697 if (is_array($data)) {
698 include_once './Services/User/classes/class.ilUserXMLWriter.php';
699
700 $xmlWriter = new ilUserXMLWriter();
701 $xmlWriter->setObjects($data);
702 $xmlWriter->setAttachRoles($attachRoles);
703
704 if ($xmlWriter->start()) {
705 return $xmlWriter->getXML();
706 }
707 }
708 return $this->__raiseError('Error in processing information. This is likely a bug.', 'Server');
709 }
710
711
715 public function getUserForRole($sid, $role_id, $attachRoles, $active)
716 {
717 $this->initAuth($sid);
718 $this->initIlias();
719
720 if (!$this->__checkSession($sid)) {
721 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
722 }
723
724 include_once './Services/AccessControl/classes/class.ilObjRole.php';
725 global $DIC;
726
727 $ilDB = $DIC['ilDB'];
728 $rbacreview = $DIC['rbacreview'];
729 $tree = $DIC->repositoryTree();
730 $ilUser = $DIC->user();
731 $access = $DIC->access();
732
733
734 $global_roles = $rbacreview->getGlobalRoles();
735
736
737 if (in_array($role_id, $global_roles)) {
738 // global roles
739 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()))
740 ) {
741 return $this->__raiseError("Role access not permitted. ($role_id)", "Server");
742 }
743 } else {
744 // local roles
745 $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
746 $access_granted = true;
747 foreach ($rolfs as $rolf) {
748 if ($tree->isDeleted($rolf)) {
749 $access_granted = false;
750 }
751 $type = \ilObject::_lookupType($rolf, true);
752 switch ($type) {
753 case 'crs':
754 case 'grp':
755 if (!$access->checkAccess('manage_members', '', $rolf)) {
756 $access_granted = false;
757 }
758 break;
759 default:
760 if (!$access->checkAccess('edit_permission', '', $rolf)) {
761 $access_granted = false;
762 }
763 break;
764 }
765 }
766 // read user data must be granted
767 if (!$access->checkAccess('read_users', '', USER_FOLDER_ID)) {
768 $access_granted = false;
769 }
770 if (!$access_granted || !count($rolfs)) {
771 return $this->__raiseError('Role access not permitted. ' . '(' . $role_id .')', 'Server');
772 }
773 }
774
775 $data = ilObjUser::_getUsersForRole($role_id, $active);
776 include_once './Services/User/classes/class.ilUserXMLWriter.php';
777
778 $xmlWriter = new ilUserXMLWriter();
779 $xmlWriter->setAttachRoles($attachRoles);
780
781 $xmlWriter->setObjects($data);
782
783 if ($xmlWriter->start()) {
784 return $xmlWriter->getXML();
785 }
786 return $this->__raiseError('Error in getUsersForRole', 'Server');
787 }
788
789
790
795 public function __getImportProtocolAsXML($a_array)
796 {
797 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
798 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
799
800 $xmlResultSet = new ilXMLResultSet();
801 $xmlResultSet->addColumn("userid");
802 $xmlResultSet->addColumn("login");
803 $xmlResultSet->addColumn("action");
804 $xmlResultSet->addColumn("message");
805
806 foreach ($a_array as $username => $messages) {
807 foreach ($messages as $message) {
808 $xmlRow = new ilXMLResultSetRow();
809 $xmlRow->setValue(0, 0);
810 $xmlRow->setValue(1, $username);
811 $xmlRow->setValue(2, "");
812 $xmlRow->setValue(3, $message);
813
814 $xmlResultSet->addRow($xmlRow);
815 }
816 }
817
818 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
819
820 if ($xml_writer->start()) {
821 return $xml_writer->getXML();
822 }
823
824 return $this->__raiseError('Error in __getImportProtocolAsXML', 'Server');
825 }
826
833 public function __getUserMappingAsXML($a_array)
834 {
835 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
836 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
837
838 $xmlResultSet = new ilXMLResultSet();
839 $xmlResultSet->addColumn("userid");
840 $xmlResultSet->addColumn("login");
841 $xmlResultSet->addColumn("action");
842 $xmlResultSet->addColumn("message");
843
844 if (count($a_array)) {
845 foreach ($a_array as $username => $message) {
846 $xmlRow = new ilXMLResultSetRow();
847 $xmlRow->setValue(0, $username);
848 $xmlRow->setValue(1, $message["login"]);
849 $xmlRow->setValue(2, $message["action"]);
850 $xmlRow->setValue(3, $message["message"]);
851
852 $xmlResultSet->addRow($xmlRow);
853 }
854 }
855
856 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
857
858 if ($xml_writer->start()) {
859 return $xml_writer->getXML();
860 }
861
862 return $this->__raiseError('Error in __getUserMappingAsXML', 'Server');
863 }
864
873 public function searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
874 {
875 $this->initAuth($sid);
876 $this->initIlias();
877
878 if (!$this->__checkSession($sid)) {
879 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
880 }
881
882 global $DIC;
883
884 $ilDB = $DIC['ilDB'];
885 $rbacsystem = $DIC['rbacsystem'];
886
887 if (!$rbacsystem->checkAccess('read', USER_FOLDER_ID)) {
888 return $this->__raiseError('Check access failed.', 'Server');
889 }
890
891
892 if (!count($a_keyfields)) {
893 $this->__raiseError('At least one keyfield is needed', 'Client');
894 }
895
896 if (!count($a_keyvalues)) {
897 $this->__raiseError('At least one keyvalue is needed', 'Client');
898 }
899
900 if (!strcasecmp($query_operator, "and")==0 || !strcasecmp($query_operator, "or") == 0) {
901 $this->__raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
902 }
903
904
905 $query = $this->__buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
906
907 $query = "SELECT usr_data.*, usr_pref.value AS language
908 FROM usr_data
909 LEFT JOIN usr_pref
910 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
911 $ilDB->quote("language", "text") .
912 "'language'
913 WHERE 1 = 1 " . $query;
914
915 if (is_numeric($active) && $active > -1) {
916 $query .= " AND active = " . $ilDB->quote($active);
917 }
918
919 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
920
921 //echo $query;
922
923 $r = $ilDB->query($query);
924
925 $data = array();
926
927 while ($row = $ilDB->fetchAssoc($r)) {
928 $data[] = $row;
929 }
930
931 include_once './Services/User/classes/class.ilUserXMLWriter.php';
932
933 $xmlWriter = new ilUserXMLWriter();
934 $xmlWriter->setAttachRoles($attach_roles);
935
936 $xmlWriter->setObjects($data);
937
938 if ($xmlWriter->start()) {
939 return $xmlWriter->getXML();
940 }
941 return $this->__raiseError('Error in searchUser', 'Server');
942 }
943
952 public function __buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
953 {
954 global $DIC;
955
956 $ilDB = $DIC['ilDB'];
957 $query = array();
958
959 $allowed_fields = array("firstname","lastname","email","login","matriculation","institution","department","title","ext_account");
960
961 foreach ($a_keyfields as $keyfield) {
962 $keyfield = strtolower($keyfield);
963
964 if (!in_array($keyfield, $allowed_fields)) {
965 continue;
966 }
967
968 $field_query = array();
969 foreach ($a_keyvalues as $keyvalue) {
970 if (strlen($keyvalue) >= 3) {
971 $field_query []= $keyfield . " like '%" . $keyvalue . "%'";
972 }
973 }
974 if (count($field_query)) {
975 $query [] = join(" " . strtoupper($queryOperator) . " ", $field_query);
976 }
977 }
978
979 return count($query) ? " AND ((" . join(") OR (", $query) . "))" : "AND 0";
980 }
981
982
990 public function getUserXML($sid, $a_user_ids, $attach_roles)
991 {
992 $this->initAuth($sid);
993 $this->initIlias();
994
995 if (!$this->__checkSession($sid)) {
996 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
997 }
998
999 global $DIC;
1000
1001 $rbacsystem = $DIC['rbacsystem'];
1002 $ilUser = $DIC['ilUser'];
1003 $ilDB = $DIC['ilDB'];
1004
1005 // check if own account
1006 $is_self = false;
1007 if (is_array($a_user_ids) and count($a_user_ids) == 1) {
1008 if (end($a_user_ids) == $ilUser->getId()) {
1009 $is_self = true;
1010 }
1011 } elseif (is_numeric($a_user_ids)) {
1012 if ($a_user_ids == $ilUser->getId()) {
1013 $is_self = true;
1014 }
1015 }
1016
1017 if (!$rbacsystem->checkAccess('read', USER_FOLDER_ID) and !$is_self) {
1018 return $this->__raiseError('Check access failed.', 'Server');
1019 }
1020
1021 // begin-patch filemanager
1022 $data = ilObjUser::_getUserData((array) $a_user_ids);
1023 // end-patch filemanager
1024
1025 include_once './Services/User/classes/class.ilUserXMLWriter.php';
1026 $xmlWriter = new ilUserXMLWriter();
1027 $xmlWriter->setAttachRoles($attach_roles);
1028 $xmlWriter->setObjects($data);
1029
1030 if ($xmlWriter->start()) {
1031 return $xmlWriter->getXML();
1032 }
1033
1034 return $this->__raiseError('User does not exist', 'Client');
1035 }
1036
1037
1038 // has new mail
1039 public function hasNewMail($sid)
1040 {
1041 $this->initAuth($sid);
1042 $this->initIlias();
1043
1044 if (!$this->__checkSession($sid)) {
1045 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
1046 }
1047
1048 global $DIC;
1049
1050 $ilUser = $DIC['ilUser'];
1051
1052 include_once 'Services/Mail/classes/class.ilMailGlobalServices.php';
1054 return true;
1055 } else {
1056 return false;
1057 }
1058 }
1059
1060 public function getUserIdBySid($sid)
1061 {
1062 $this->initAuth($sid);
1063 $this->initIlias();
1064
1065 if (!$this->__checkSession($sid)) {
1066 return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
1067 }
1068
1069 global $DIC;
1070
1071 $ilDB = $DIC['ilDB'];
1072
1073 $parts = explode('::', $sid);
1074 $query = "SELECT usr_id FROM usr_session "
1075 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1076 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
1077 $data = $ilDB->fetchAssoc($res);
1078
1079 if (!(int) $data['usr_id']) {
1080 $this->__raiseError('User does not exist', 'Client');
1081 }
1082
1083 return (int) $data['usr_id'];
1084 }
1085}
$_COOKIE['client_id']
Definition: server.php:9
$location
Definition: buildRTE.php:44
An exception for terminatinating execution or to throw for unit testing.
const AUTH_CAS
const USER_FOLDER_ID
Class ilObjUserFolder.
const IL_FAIL_ON_CONFLICT
const IL_USER_MAPPING_ID
const IL_IMPORT_FAILURE
const IL_UPDATE_ON_CONFLICT
const IL_EXTRACT_ROLES
const IL_IMPORT_SUCCESS
const IL_USER_IMPORT
const IL_VERIFY
const IL_IGNORE_ON_CONFLICT
const IL_IMPORT_WARNING
Factory for auth frontend classes.
static getInstance()
Get status instance.
const STATUS_AUTHENTICATION_FAILED
static getLogger($a_component_id)
Get component logger.
static getNumberOfNewMailsByUserId($usr_id)
Determines the number of new mails for the passed user id and stores this information in a local cach...
static _getAssignUsersStatus($a_role_id)
getPasswdType()
get password type
getPhoneHome()
get home phone @access public
static _getUsersForIds($a_mem_ids, $active=-1, $timelimitowner=-1)
return user data for given user id
static _getUsersForRole($role_id, $active=-1)
return array of complete users which belong to a specific role
getPhoneOffice()
get office phone @access public
static _getUserData($a_internalids)
return user data for given user ids
getActive()
get user active state @access public
getCountry()
Get country (free text)
getFax()
get fax @access public
static getUserIdByLogin($a_login)
getLastname()
get lastname @access public
getUTitle()
get user title (note: don't mix up this method with getTitle() that is derived from ilObject and gets...
getMatriculation()
get matriculation number @access public
getHobby()
get hobby @access public
static _getUsersForFolder($ref_id, $active)
get users for a category or from system folder
getEmail()
get email address @access public
getAuthMode($a_auth_key=false)
get auth mode @access public
getComment()
get referral comment @access public
getStreet()
get street @access public
getInstitution()
get institution @access public
getApproveDate()
get the date when the user account was approved @access public
getFirstname()
get firstname @access public
getZipcode()
get zipcode @access public
getLogin()
get login / username @access public
getPasswd()
get password
getPref($a_keyword)
get a user preference
getLastLogin()
returns last login date @access public
static _getUsersForGroup($a_mem_ids, $active=-1)
return user data for group members
getPhoneMobile()
get mobile phone @access public
getCity()
get city @access public
getLanguage()
returns a 2char-language-string @access public
getDepartment()
get department @access public
getGender()
get gender @access public
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
getImportId()
get import id
getCreateDate()
get create date @access public
const SESSION_CLOSE_USER
static setClosingContext($a_context)
set closing context (for statistics)
initAuth($sid)
Init authentication.
__initAuthenticationObject($a_auth_mode=AUTH_LOCAL)
__raiseError($a_message, $a_code)
checkObjectAccess($ref_id, $expected_type, $permission, $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
define ("IL_FAIL_ON_CONFLICT", 1); define ("IL_UPDATE_ON_CONFLICT", 2); define ("IL_IGNORE_ON_CONFLIC...
getUserForRole($sid, $role_id, $attachRoles, $active)
getUsersForContainer($sid, $ref_id, $attachRoles, $active)
return list of users following dtd users_3_7
loginLDAP($client, $username, $password)
Not required anymode.
__getImportProtocolAsXML($a_array)
Create XML ResultSet.
logout($sid)
Logout user destroy session.
__buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
create search term according to parameters
login($client, $username, $password)
Soap login @global type $ilUser.
searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
return user xml following dtd 3.7
loginStudipUser($sid, $user_id)
login as user from Stud.IP
isPermittedRole($a_folder, $a_role)
check if assignment is allowed
__getUserMappingAsXML($a_array)
return user mapping as xml
getUserXML($sid, $a_user_ids, $attach_roles)
return user xmls for given user ids (csv separated ids) as xml based on usr dtd.
XML writer class.
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
XML Writer for XMLResultSet.
$password
Definition: cron.php:14
if($_SERVER['argc']< 4) $client
Definition: cron.php:12
$messages
Definition: en.php:5
$r
Definition: example_031.php:79
domxml_open_mem($str, $mode=0, &$error=null)
catch(Exception $e) $message
$row
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
$query
$type
$log
Definition: sabredav.php:21
global $DIC
Definition: saml.php:7
$lng
foreach($_POST as $key=> $value) $res
global $ilDB
$ilIliasIniFile
$ilUser
Definition: imgupload.php:18
$data
Definition: bench.php:6