33include_once
'./webservice/soap/classes/class.ilSoapAdministration.php';
53 }
catch (Exception $e) {
58 include_once
'./Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
60 $credentials->setUsername($username);
63 include_once
'./Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
65 $providers = $provider_factory->getProviders($credentials);
67 include_once
'./Services/Authentication/classes/class.ilAuthStatus.php';
70 include_once
'./Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
73 $frontend = $frontend_factory->getFrontend(
80 $frontend->authenticate();
82 switch ($status->getStatus()) {
102 $this->sauth->setClient(
$client);
103 $this->sauth->setUsername($username);
104 $this->sauth->setPT($PT);
105 $authenticated =
true;
108 if (!$this->sauth->authenticate()) {
109 $authenticated =
false;
111 if (!$authenticated) {
112 return $this->
__raiseError($this->sauth->getMessage(), $this->sauth->getMessageCode());
114 return $this->sauth->getSid() .
'::' .
$client;
142 $rbacreview =
$DIC[
'rbacreview'];
150 if (!$this->__checkSession($sid)) {
155 return $this->
__raiseError(
'Stud.IP mode not active.',
'Server');
158 if (!$rbacreview->isAssigned(
$ilUser->getId(), SYSTEM_ROLE_ID)) {
159 return $this->
__raiseError(
'No permission to initialize user session.',
'Server');
162 if (
$ilUser->getLoginByUserId($user_id)) {
164 include_once
'./Services/Authentication/classes/class.ilSession.php';
166 $GLOBALS[
'DIC'][
'ilAuthSession']->logout();
171 $GLOBALS[
'DIC'][
'ilAuthSession']->init();
172 $GLOBALS[
'DIC'][
'ilAuthSession']->setAuthenticated(
true, $user_id);
173 return (session_id() .
'::' .
$client);
175 return $this->
__raiseError(
'User does not exist',
'Client');
188 if (!$this->__checkSession($sid)) {
192 include_once
'./Services/Authentication/classes/class.ilSession.php';
194 $GLOBALS[
'DIC'][
'ilAuthSession']->logout();
203 if (!$this->__checkSession($sid)) {
207 $user_name = trim($user_name);
209 if (!strlen($user_name)) {
210 return $this->
__raiseError(
'No username given. Aborting',
'Client');
215 $rbacsystem =
$DIC[
'rbacsystem'];
218 if (strcasecmp(
$ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess(
'read',
USER_FOLDER_ID)) {
225 return $user_id ? $user_id :
"0";
233 if (!$this->__checkSession($sid)) {
239 $rbacsystem =
$DIC[
'rbacsystem'];
243 return $this->
__raiseError(
'Check access failed.',
'Server');
246 if (
$ilUser->getLoginByUserId($user_id)) {
252 return $this->
__raiseError(
'User does not exist',
'Client');
264 if (!$this->__checkSession($sid)) {
268 if (!isset($user_id)) {
269 return $this->
__raiseError(
'No user_id given. Aborting',
'Client');
274 $rbacsystem =
$DIC[
'rbacsystem'];
279 return $this->
__raiseError(
'Check access failed.',
'Server');
282 if (!
$ilUser->getLoginByUserId($user_id)) {
283 return $this->
__raiseError(
'User id: ' . $user_id .
' is not a valid identifier. Aborting',
'Client');
285 if (
$ilUser->getId() == $user_id) {
286 return $this->
__raiseError(
'Cannot delete myself. Aborting',
'Client');
288 if ($user_id == SYSTEM_USER_ID) {
289 return $this->
__raiseError(
'Cannot delete root account. Aborting',
'Client');
292 $log->write(
'SOAP: deleteUser()');
294 $delete_user->delete();
301 $usr_data[
'usr_id'] = $usr_obj->
getId();
302 $usr_data[
'login'] = $usr_obj->
getLogin();
303 $usr_data[
'passwd'] = $usr_obj->
getPasswd();
307 $usr_data[
'title'] = $usr_obj->
getUTitle();
308 $usr_data[
'gender'] = $usr_obj->
getGender();
309 $usr_data[
'email'] = $usr_obj->
getEmail();
312 $usr_data[
'street'] = $usr_obj->
getStreet();
313 $usr_data[
'city'] = $usr_obj->
getCity();
314 $usr_data[
'zipcode'] = $usr_obj->
getZipcode();
315 $usr_data[
'country'] = $usr_obj->
getCountry();
320 $usr_data[
'hobby'] = $usr_obj->
getHobby();
324 $usr_data[
'fax'] = $usr_obj->
getFax();
330 $usr_data[
'referral_comment'] = $usr_obj->
getComment();
332 $usr_data[
'active'] = $usr_obj->
getActive();
334 $usr_data[
'user_skin'] = $usr_obj->
getPref(
'skin');
335 $usr_data[
'user_style'] = $usr_obj->
getPref(
'style');
336 $usr_data[
'user_language'] = $usr_obj->
getLanguage();
350 public function importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
355 if (!$this->__checkSession($sid)) {
360 include_once
'./Services/User/classes/class.ilUserImportParser.php';
361 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
362 include_once
'./Services/Object/classes/class.ilObjectFactory.php';
365 $rbacreview =
$DIC[
'rbacreview'];
366 $rbacsystem =
$DIC[
'rbacsystem'];
367 $access =
$DIC->access();
378 $this->dom = @
domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
381 if (is_array($error)) {
382 foreach ($error as $err) {
383 $msg []=
"(" . $err[
"line"] .
"," . $err[
"col"] .
"): " . $err[
"errormessage"];
388 $msg = join(
"\n", $msg);
393 switch ($conflict_rule) {
403 if ($folder_id == 0) {
411 if ($folder_id != 0) {
413 if ($folder_id == -1) {
420 if (!$import_folder) {
421 return $this->
__raiseError(
'Wrong reference id.',
'Server');
425 if ($import_folder->getType() !=
"usrf" && $import_folder->getType() !=
"cat") {
426 return $this->
__raiseError(
'Folder must be a usr folder or a category.',
'Server');
430 if (!$rbacsystem->checkAccess(
'create_usr', $folder_id)) {
431 return $this->
__raiseError(
'Missing permission for creating users within ' . $import_folder->getTitle(),
'Server');
438 $importParser->setXMLContent($usr_xml);
439 $importParser->startParsing();
441 switch ($importParser->getErrorLevel()) {
454 $importParser->setXMLContent($usr_xml);
456 $importParser->startParsing();
458 $roles = $importParser->getCollectedRoles();
465 $permitted_roles = array();
466 foreach ($roles as $role_id => $role) {
467 if (!is_numeric($role_id)) {
471 if (is_numeric($internalId)) {
472 $role_id = $internalId;
473 $role_name = $role_id;
484 $permitted_roles[$role_id] = $role_id;
487 return $this->
__raiseError(
"Could not find role " . $role_name .
". Either you use an invalid/deleted role " .
488 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
'Server');
492 $global_roles = $rbacreview->getGlobalRoles();
498 foreach ($permitted_roles as $role_id => $role_name) {
499 if ($role_id !=
"") {
500 if (in_array($role_id, $global_roles)) {
501 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles(
$ilUser->getId()))
504 return $this->
__raiseError(
$lng->txt(
"usrimport_with_specified_role_not_permitted") .
" $role_name ($role_id)",
'Server');
507 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,
true);
508 if ($rbacreview->isDeleted($rolf[0])
509 || !$rbacsystem->checkAccess(
'write', $rolf[0])) {
510 return $this->
__raiseError(
$lng->txt(
"usrimport_with_specified_role_not_permitted") .
" $role_name ($role_id)",
"Server");
519 $importParser->setSendMail($send_account_mail);
521 $importParser->setFolderId($folder_id);
522 $importParser->setXMLContent($usr_xml);
524 $importParser->setRoleAssignment($permitted_roles);
526 $importParser->startParsing();
543 static $checked_roles = array();
544 static $global_roles =
null;
547 if (isset($checked_roles[$a_role])) {
548 return $checked_roles[$a_role];
553 $rbacsystem =
$DIC[
'rbacsystem'];
554 $rbacreview =
$DIC[
'rbacreview'];
559 $locations = $rbacreview->getFoldersAssignedToRole($a_role,
true);
564 $ilLog->write(__METHOD__ .
': Check global role');
569 $ilLog->write(__METHOD__ .
': ' . $a_folder);
570 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
572 $ilLog->write(__METHOD__ .
': No assignment allowed');
573 $checked_roles[$a_role] =
false;
578 if ($a_role == ANONYMOUS_ROLE_ID) {
579 $ilLog->write(__METHOD__ .
': Anonymous role chosen.');
580 $checked_roles[$a_role] =
false;
584 if ($a_role == SYSTEM_ROLE_ID and !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles(
$ilUser->getId()))) {
585 $ilLog->write(__METHOD__ .
': System role assignment forbidden.');
586 $checked_roles[$a_role] =
false;
591 $ilLog->write(__METHOD__ .
': Assignment allowed.');
592 $checked_roles[$a_role] =
true;
595 $ilLog->write(__METHOD__ .
': Check local role.');
598 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,
true);
606 if ($rbacreview->isDeleted($rolf)
607 || !$rbacsystem->checkAccess(
'edit_permission', $rolf)) {
608 $ilLog->write(__METHOD__ .
': Role deleted or no permission.');
609 $checked_roles[$a_role] =
false;
620 if ($a_folder !=
USER_FOLDER_ID and $a_folder != 0 and !
$tree->isGrandChild($a_folder, $rolf)) {
621 $ilLog->write(__METHOD__ .
': Not in path of category.');
622 $checked_roles[$a_role] =
false;
625 $ilLog->write(__METHOD__ .
': Assignment allowed.');
626 $checked_roles[$a_role] =
true;
640 if (!$this->__checkSession($sid)) {
648 $rbacreview =
$DIC[
'rbacreview'];
649 $rbacsystem =
$DIC[
'rbacsystem'];
655 $object = $this->
checkObjectAccess($ref_id, array(
"crs",
"cat",
"grp",
"usrf",
"sess"),
"read",
true);
661 switch ($object->getType()) {
671 $roles = $object->__getLocalRoles();
673 foreach ($roles as $role_id) {
674 $data = array_merge($rbacreview->assignedUsers($role_id),
$data);
680 $member_ids = $object->getGroupMemberIds();
684 $course_ref_id =
$tree->checkForParentType($ref_id,
'crs');
685 if (!$course_ref_id) {
686 return $this->
__raiseError(
"No course for session",
"Client");
690 include_once
'Modules/Session/classes/class.ilEventParticipants.php';
692 $member_ids = array_keys($event_part->getParticipants());
697 if (is_array(
$data)) {
698 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
701 $xmlWriter->setObjects(
$data);
702 $xmlWriter->setAttachRoles($attachRoles);
704 if ($xmlWriter->start()) {
705 return $xmlWriter->getXML();
708 return $this->
__raiseError(
'Error in processing information. This is likely a bug.',
'Server');
720 if (!$this->__checkSession($sid)) {
724 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
728 $rbacreview =
$DIC[
'rbacreview'];
731 $access =
$DIC->access();
734 $global_roles = $rbacreview->getGlobalRoles();
737 if (in_array($role_id, $global_roles)) {
739 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles(
$ilUser->getId()))
741 return $this->
__raiseError(
"Role access not permitted. ($role_id)",
"Server");
745 $rolfs = $rbacreview->getFoldersAssignedToRole($role_id,
true);
746 $access_granted =
true;
747 foreach ($rolfs as $rolf) {
748 if (
$tree->isDeleted($rolf)) {
749 $access_granted =
false;
755 if (!$access->checkAccess(
'manage_members',
'', $rolf)) {
756 $access_granted =
false;
760 if (!$access->checkAccess(
'edit_permission',
'', $rolf)) {
761 $access_granted =
false;
768 $access_granted =
false;
770 if (!$access_granted || !count($rolfs)) {
771 return $this->
__raiseError(
'Role access not permitted. ' .
'(' . $role_id .
')',
'Server');
776 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
779 $xmlWriter->setAttachRoles($attachRoles);
781 $xmlWriter->setObjects(
$data);
783 if ($xmlWriter->start()) {
784 return $xmlWriter->getXML();
786 return $this->
__raiseError(
'Error in getUsersForRole',
'Server');
797 include_once
'./webservice/soap/classes/class.ilXMLResultSet.php';
798 include_once
'./webservice/soap/classes/class.ilXMLResultSetWriter.php';
801 $xmlResultSet->addColumn(
"userid");
802 $xmlResultSet->addColumn(
"login");
803 $xmlResultSet->addColumn(
"action");
804 $xmlResultSet->addColumn(
"message");
806 foreach ($a_array as $username =>
$messages) {
809 $xmlRow->setValue(0, 0);
810 $xmlRow->setValue(1, $username);
811 $xmlRow->setValue(2,
"");
814 $xmlResultSet->addRow($xmlRow);
820 if ($xml_writer->start()) {
821 return $xml_writer->getXML();
824 return $this->
__raiseError(
'Error in __getImportProtocolAsXML',
'Server');
835 include_once
'./webservice/soap/classes/class.ilXMLResultSet.php';
836 include_once
'./webservice/soap/classes/class.ilXMLResultSetWriter.php';
839 $xmlResultSet->addColumn(
"userid");
840 $xmlResultSet->addColumn(
"login");
841 $xmlResultSet->addColumn(
"action");
842 $xmlResultSet->addColumn(
"message");
844 if (count($a_array)) {
845 foreach ($a_array as $username =>
$message) {
847 $xmlRow->setValue(0, $username);
848 $xmlRow->setValue(1,
$message[
"login"]);
849 $xmlRow->setValue(2,
$message[
"action"]);
850 $xmlRow->setValue(3,
$message[
"message"]);
852 $xmlResultSet->addRow($xmlRow);
858 if ($xml_writer->start()) {
859 return $xml_writer->getXML();
862 return $this->
__raiseError(
'Error in __getUserMappingAsXML',
'Server');
873 public function searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
878 if (!$this->__checkSession($sid)) {
885 $rbacsystem =
$DIC[
'rbacsystem'];
888 return $this->
__raiseError(
'Check access failed.',
'Server');
892 if (!count($a_keyfields)) {
893 $this->
__raiseError(
'At least one keyfield is needed',
'Client');
896 if (!count($a_keyvalues)) {
897 $this->
__raiseError(
'At least one keyvalue is needed',
'Client');
900 if (!strcasecmp($query_operator,
"and")==0 || !strcasecmp($query_operator,
"or") == 0) {
901 $this->
__raiseError(
'Query operator must be either \'and\' or \'or\'',
'Client');
907 $query =
"SELECT usr_data.*, usr_pref.value AS language
910 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
911 $ilDB->quote(
"language",
"text") .
915 if (is_numeric($active) && $active > -1) {
916 $query .=
" AND active = " .
$ilDB->quote($active);
919 $query .=
" ORDER BY usr_data.lastname, usr_data.firstname ";
931 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
934 $xmlWriter->setAttachRoles($attach_roles);
936 $xmlWriter->setObjects(
$data);
938 if ($xmlWriter->start()) {
939 return $xmlWriter->getXML();
941 return $this->
__raiseError(
'Error in searchUser',
'Server');
959 $allowed_fields = array(
"firstname",
"lastname",
"email",
"login",
"matriculation",
"institution",
"department",
"title",
"ext_account");
961 foreach ($a_keyfields as $keyfield) {
962 $keyfield = strtolower($keyfield);
964 if (!in_array($keyfield, $allowed_fields)) {
968 $field_query = array();
969 foreach ($a_keyvalues as $keyvalue) {
970 if (strlen($keyvalue) >= 3) {
971 $field_query []= $keyfield .
" like '%" . $keyvalue .
"%'";
974 if (count($field_query)) {
975 $query [] = join(
" " . strtoupper($queryOperator) .
" ", $field_query);
979 return count(
$query) ?
" AND ((" . join(
") OR (",
$query) .
"))" :
"AND 0";
995 if (!$this->__checkSession($sid)) {
1001 $rbacsystem =
$DIC[
'rbacsystem'];
1007 if (is_array($a_user_ids) and count($a_user_ids) == 1) {
1008 if (end($a_user_ids) ==
$ilUser->getId()) {
1011 } elseif (is_numeric($a_user_ids)) {
1012 if ($a_user_ids ==
$ilUser->getId()) {
1017 if (!$rbacsystem->checkAccess(
'read',
USER_FOLDER_ID) and !$is_self) {
1018 return $this->
__raiseError(
'Check access failed.',
'Server');
1025 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
1027 $xmlWriter->setAttachRoles($attach_roles);
1028 $xmlWriter->setObjects(
$data);
1030 if ($xmlWriter->start()) {
1031 return $xmlWriter->getXML();
1034 return $this->
__raiseError(
'User does not exist',
'Client');
1044 if (!$this->__checkSession($sid)) {
1052 include_once
'Services/Mail/classes/class.ilMailGlobalServices.php';
1065 if (!$this->__checkSession($sid)) {
1073 $parts = explode(
'::', $sid);
1074 $query =
"SELECT usr_id FROM usr_session "
1075 .
"INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1079 if (!(
int)
$data[
'usr_id']) {
1083 return (
int) $data[
'usr_id'];
An exception for terminatinating execution or to throw for unit testing.
const USER_FOLDER_ID
Class ilObjUserFolder.
const IL_FAIL_ON_CONFLICT
const IL_UPDATE_ON_CONFLICT
const IL_IGNORE_ON_CONFLICT
Description of class class.
Factory for auth frontend classes.
const STATUS_AUTHENTICATED
static getInstance()
Get status instance.
const STATUS_AUTHENTICATION_FAILED
static getLogger($a_component_id)
Get component logger.
static getNumberOfNewMailsByUserId($usr_id)
Determines the number of new mails for the passed user id and stores this information in a local cach...
static _getAssignUsersStatus($a_role_id)
getPasswdType()
get password type
getPhoneHome()
get home phone @access public
static _getUsersForIds($a_mem_ids, $active=-1, $timelimitowner=-1)
return user data for given user id
static _getUsersForRole($role_id, $active=-1)
return array of complete users which belong to a specific role
getPhoneOffice()
get office phone @access public
static _getUserData($a_internalids)
return user data for given user ids
hasToAcceptTermsOfService()
getActive()
get user active state @access public
getCountry()
Get country (free text)
getFax()
get fax @access public
static getUserIdByLogin($a_login)
getLastname()
get lastname @access public
getUTitle()
get user title (note: don't mix up this method with getTitle() that is derived from ilObject and gets...
getMatriculation()
get matriculation number @access public
getHobby()
get hobby @access public
static _getUsersForFolder($ref_id, $active)
get users for a category or from system folder
getEmail()
get email address @access public
getAuthMode($a_auth_key=false)
get auth mode @access public
getComment()
get referral comment @access public
getStreet()
get street @access public
getInstitution()
get institution @access public
getApproveDate()
get the date when the user account was approved @access public
getFirstname()
get firstname @access public
getZipcode()
get zipcode @access public
getLogin()
get login / username @access public
getPref($a_keyword)
get a user preference
getLastLogin()
returns last login date @access public
static _getUsersForGroup($a_mem_ids, $active=-1)
return user data for group members
getPhoneMobile()
get mobile phone @access public
getCity()
get city @access public
getLanguage()
returns a 2char-language-string @access public
getDepartment()
get department @access public
getGender()
get gender @access public
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
getImportId()
get import id
getCreateDate()
get create date @access public
static setClosingContext($a_context)
set closing context (for statistics)
initAuth($sid)
Init authentication.
__initAuthenticationObject($a_auth_mode=AUTH_LOCAL)
__raiseError($a_message, $a_code)
checkObjectAccess($ref_id, $expected_type, $permission, $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
define ("IL_FAIL_ON_CONFLICT", 1); define ("IL_UPDATE_ON_CONFLICT", 2); define ("IL_IGNORE_ON_CONFLIC...
lookupUser($sid, $user_name)
getUserForRole($sid, $role_id, $attachRoles, $active)
getUsersForContainer($sid, $ref_id, $attachRoles, $active)
return list of users following dtd users_3_7
deleteUser($sid, $user_id)
loginLDAP($client, $username, $password)
Not required anymode.
__getImportProtocolAsXML($a_array)
Create XML ResultSet.
logout($sid)
Logout user destroy session.
__buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
create search term according to parameters
login($client, $username, $password)
Soap login @global type $ilUser.
searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
return user xml following dtd 3.7
__readUserData(\ilObjUser &$usr_obj)
loginStudipUser($sid, $user_id)
login as user from Stud.IP
isPermittedRole($a_folder, $a_role)
check if assignment is allowed
loginCAS($client, $PT, $username)
__getUserMappingAsXML($a_array)
return user mapping as xml
getUserXML($sid, $a_user_ids, $attach_roles)
return user xmls for given user ids (csv separated ids) as xml based on usr dtd.
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
XML Writer for XMLResultSet.
if($_SERVER['argc']< 4) $client
domxml_open_mem($str, $mode=0, &$error=null)
catch(Exception $e) $message
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
foreach($_POST as $key=> $value) $res