33include_once
'./webservice/soap/classes/class.ilSoapAdministration.php';
53 }
catch (Exception
$e) {
58 include_once
'./Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
60 $credentials->setUsername($username);
63 include_once
'./Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
65 $providers = $provider_factory->getProviders($credentials);
67 include_once
'./Services/Authentication/classes/class.ilAuthStatus.php';
70 include_once
'./Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
73 $frontend = $frontend_factory->getFrontend(
80 $frontend->authenticate();
82 switch ($status->getStatus()) {
102 $this->sauth->setClient(
$client);
103 $this->sauth->setUsername($username);
104 $this->sauth->setPT($PT);
105 $authenticated =
true;
106 if (!$this->sauth->authenticate()) {
107 $authenticated =
false;
109 if (!$authenticated) {
110 return $this->
__raiseError($this->sauth->getMessage(), $this->sauth->getMessageCode());
112 return $this->sauth->getSid() .
'::' .
$client;
140 $rbacreview =
$DIC[
'rbacreview'];
148 if (!$this->__checkSession($sid)) {
153 return $this->
__raiseError(
'Stud.IP mode not active.',
'Server');
157 return $this->
__raiseError(
'No permission to initialize user session.',
'Server');
160 if (
$ilUser->getLoginByUserId($user_id)) {
162 include_once
'./Services/Authentication/classes/class.ilSession.php';
164 $GLOBALS[
'DIC'][
'ilAuthSession']->logout();
169 $GLOBALS[
'DIC'][
'ilAuthSession']->init();
170 $GLOBALS[
'DIC'][
'ilAuthSession']->setAuthenticated(
true, $user_id);
171 return (session_id() .
'::' .
$client);
173 return $this->
__raiseError(
'User does not exist',
'Client');
186 if (!$this->__checkSession($sid)) {
190 include_once
'./Services/Authentication/classes/class.ilSession.php';
192 $GLOBALS[
'DIC'][
'ilAuthSession']->logout();
206 if (!$this->__checkSession($sid)) {
210 $user_name = trim($user_name);
212 if (!strlen($user_name)) {
213 return $this->
__raiseError(
'No username given. Aborting',
'Client');
219 $access =
$DIC->access();
222 strcasecmp(
$ilUser->getLogin(), $user_name) !== 0 &&
223 !$access->checkAccess(
235 return $user_id ? $user_id :
"0";
250 if (!$this->__checkSession($sid)) {
256 $access =
$DIC->access();
260 !$access->checkAccess(
266 return $this->
__raiseError(
'Check access failed.',
'Server');
269 if (
$ilUser->getLoginByUserId($user_id)) {
275 return $this->
__raiseError(
'User does not exist',
'Client');
287 if (!$this->__checkSession($sid)) {
291 if (!isset($user_id)) {
292 return $this->
__raiseError(
'No user_id given. Aborting',
'Client');
297 $rbacsystem =
$DIC[
'rbacsystem'];
302 return $this->
__raiseError(
'Check access failed.',
'Server');
305 if (!
$ilUser->getLoginByUserId($user_id)) {
306 return $this->
__raiseError(
'User id: ' . $user_id .
' is not a valid identifier. Aborting',
'Client');
308 if (
$ilUser->getId() == $user_id) {
309 return $this->
__raiseError(
'Cannot delete myself. Aborting',
'Client');
312 return $this->
__raiseError(
'Cannot delete root account. Aborting',
'Client');
315 $log->write(
'SOAP: deleteUser()');
317 $delete_user->delete();
324 $usr_data[
'usr_id'] = $usr_obj->
getId();
325 $usr_data[
'login'] = $usr_obj->
getLogin();
326 $usr_data[
'passwd'] = $usr_obj->
getPasswd();
330 $usr_data[
'title'] = $usr_obj->
getUTitle();
331 $usr_data[
'gender'] = $usr_obj->
getGender();
332 $usr_data[
'email'] = $usr_obj->
getEmail();
335 $usr_data[
'street'] = $usr_obj->
getStreet();
336 $usr_data[
'city'] = $usr_obj->
getCity();
337 $usr_data[
'zipcode'] = $usr_obj->
getZipcode();
338 $usr_data[
'country'] = $usr_obj->
getCountry();
343 $usr_data[
'hobby'] = $usr_obj->
getHobby();
347 $usr_data[
'fax'] = $usr_obj->
getFax();
353 $usr_data[
'referral_comment'] = $usr_obj->
getComment();
355 $usr_data[
'active'] = $usr_obj->
getActive();
357 $usr_data[
'user_skin'] = $usr_obj->
getPref(
'skin');
358 $usr_data[
'user_style'] = $usr_obj->
getPref(
'style');
359 $usr_data[
'user_language'] = $usr_obj->
getLanguage();
373 public function importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
378 if (!$this->__checkSession($sid)) {
383 include_once
'./Services/User/classes/class.ilUserImportParser.php';
384 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
385 include_once
'./Services/Object/classes/class.ilObjectFactory.php';
388 $rbacreview =
$DIC[
'rbacreview'];
389 $rbacsystem =
$DIC[
'rbacsystem'];
390 $access =
$DIC->access();
391 $tree =
$DIC[
'tree'];
394 $ilLog =
$DIC[
'ilLog'];
401 $this->dom = @
domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
404 if (is_array($error)) {
405 foreach ($error as $err) {
406 $msg []=
"(" . $err[
"line"] .
"," . $err[
"col"] .
"): " . $err[
"errormessage"];
411 $msg = join(
"\n", $msg);
416 switch ($conflict_rule) {
426 if ($folder_id == 0) {
434 if ($folder_id != 0) {
436 if ($folder_id == -1) {
443 if (!$import_folder) {
444 return $this->
__raiseError(
'Wrong reference id.',
'Server');
448 if ($import_folder->getType() !=
"usrf" && $import_folder->getType() !=
"cat") {
449 return $this->
__raiseError(
'Folder must be a usr folder or a category.',
'Server');
453 if (!$rbacsystem->checkAccess(
'create_usr', $folder_id)) {
454 return $this->
__raiseError(
'Missing permission for creating users within ' . $import_folder->getTitle(),
'Server');
461 $importParser->setXMLContent($usr_xml);
462 $importParser->startParsing();
464 switch ($importParser->getErrorLevel()) {
477 $importParser->setXMLContent($usr_xml);
479 $importParser->startParsing();
481 $roles = $importParser->getCollectedRoles();
488 $permitted_roles = array();
489 foreach ($roles as $role_id => $role) {
490 if (!is_numeric($role_id)) {
494 if (is_numeric($internalId)) {
495 $role_id = $internalId;
496 $role_name = $role_id;
507 $permitted_roles[$role_id] = $role_id;
510 return $this->
__raiseError(
"Could not find role " . $role_name .
". Either you use an invalid/deleted role " .
511 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
'Server');
515 $global_roles = $rbacreview->getGlobalRoles();
521 foreach ($permitted_roles as $role_id => $role_name) {
522 if ($role_id !=
"") {
523 if (in_array($role_id, $global_roles)) {
527 return $this->
__raiseError(
$lng->txt(
"usrimport_with_specified_role_not_permitted") .
" $role_name ($role_id)",
'Server');
530 $rolf = $rbacreview->getFoldersAssignedToRole($role_id,
true);
531 if ($rbacreview->isDeleted($rolf[0])
532 || !$rbacsystem->checkAccess(
'write', $rolf[0])) {
533 return $this->
__raiseError(
$lng->txt(
"usrimport_with_specified_role_not_permitted") .
" $role_name ($role_id)",
"Server");
542 $importParser->setSendMail($send_account_mail);
544 $importParser->setFolderId($folder_id);
545 $importParser->setXMLContent($usr_xml);
547 $importParser->setRoleAssignment($permitted_roles);
549 $importParser->startParsing();
566 static $checked_roles = array();
567 static $global_roles =
null;
570 if (isset($checked_roles[$a_role])) {
571 return $checked_roles[$a_role];
576 $rbacsystem =
$DIC[
'rbacsystem'];
577 $rbacreview =
$DIC[
'rbacreview'];
579 $tree =
$DIC[
'tree'];
580 $ilLog =
$DIC[
'ilLog'];
582 $locations = $rbacreview->getFoldersAssignedToRole($a_role,
true);
587 $ilLog->write(__METHOD__ .
': Check global role');
592 $ilLog->write(__METHOD__ .
': ' . $a_folder);
593 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
595 $ilLog->write(__METHOD__ .
': No assignment allowed');
596 $checked_roles[$a_role] =
false;
602 $ilLog->write(__METHOD__ .
': Anonymous role chosen.');
603 $checked_roles[$a_role] =
false;
608 $ilLog->write(__METHOD__ .
': System role assignment forbidden.');
609 $checked_roles[$a_role] =
false;
614 $ilLog->write(__METHOD__ .
': Assignment allowed.');
615 $checked_roles[$a_role] =
true;
618 $ilLog->write(__METHOD__ .
': Check local role.');
621 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role,
true);
629 if ($rbacreview->isDeleted($rolf)
630 || !$rbacsystem->checkAccess(
'edit_permission', $rolf)) {
631 $ilLog->write(__METHOD__ .
': Role deleted or no permission.');
632 $checked_roles[$a_role] =
false;
643 if ($a_folder !=
USER_FOLDER_ID and $a_folder != 0 and !$tree->isGrandChild($a_folder, $rolf)) {
644 $ilLog->write(__METHOD__ .
': Not in path of category.');
645 $checked_roles[$a_role] =
false;
648 $ilLog->write(__METHOD__ .
': Assignment allowed.');
649 $checked_roles[$a_role] =
true;
663 if (!$this->__checkSession($sid)) {
670 $tree =
$DIC[
'tree'];
671 $rbacreview =
$DIC[
'rbacreview'];
672 $rbacsystem =
$DIC[
'rbacsystem'];
673 $access =
$DIC->access();
687 $object = $this->
checkObjectAccess($ref_id, array(
"crs",
"cat",
"grp",
"usrf",
"sess"),
"read",
true);
693 switch ($object->getType()) {
703 $roles = $object->__getLocalRoles();
705 foreach ($roles as $role_id) {
706 $data = array_merge($rbacreview->assignedUsers($role_id),
$data);
712 $member_ids = $object->getGroupMemberIds();
716 $course_ref_id = $tree->checkForParentType($ref_id,
'crs');
717 if (!$course_ref_id) {
718 return $this->
__raiseError(
"No course for session",
"Client");
722 include_once
'Modules/Session/classes/class.ilEventParticipants.php';
724 $member_ids = array_keys($event_part->getParticipants());
729 if (is_array(
$data)) {
730 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
733 $xmlWriter->setObjects(
$data);
734 $xmlWriter->setAttachRoles($attachRoles);
736 if ($xmlWriter->start()) {
737 return $xmlWriter->getXML();
740 return $this->
__raiseError(
'Error in processing information. This is likely a bug.',
'Server');
752 if (!$this->__checkSession($sid)) {
756 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
760 $rbacreview =
$DIC[
'rbacreview'];
761 $tree =
$DIC->repositoryTree();
763 $access =
$DIC->access();
766 $global_roles = $rbacreview->getGlobalRoles();
769 if (in_array($role_id, $global_roles)) {
773 return $this->
__raiseError(
"Role access not permitted. ($role_id)",
"Server");
777 $rolfs = $rbacreview->getFoldersAssignedToRole($role_id,
true);
778 $access_granted =
true;
779 foreach ($rolfs as $rolf) {
780 if ($tree->isDeleted($rolf)) {
781 $access_granted =
false;
787 if (!$access->checkAccess(
'manage_members',
'', $rolf)) {
788 $access_granted =
false;
792 if (!$access->checkAccess(
'edit_permission',
'', $rolf)) {
793 $access_granted =
false;
800 $access_granted =
false;
802 if (!$access_granted || !count($rolfs)) {
803 return $this->
__raiseError(
'Role access not permitted. ' .
'(' . $role_id .
')',
'Server');
808 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
811 $xmlWriter->setAttachRoles($attachRoles);
813 $xmlWriter->setObjects(
$data);
815 if ($xmlWriter->start()) {
816 return $xmlWriter->getXML();
818 return $this->
__raiseError(
'Error in getUsersForRole',
'Server');
829 include_once
'./webservice/soap/classes/class.ilXMLResultSet.php';
830 include_once
'./webservice/soap/classes/class.ilXMLResultSetWriter.php';
833 $xmlResultSet->addColumn(
"userid");
834 $xmlResultSet->addColumn(
"login");
835 $xmlResultSet->addColumn(
"action");
836 $xmlResultSet->addColumn(
"message");
838 foreach ($a_array as $username =>
$messages) {
841 $xmlRow->setValue(0, 0);
842 $xmlRow->setValue(1, $username);
843 $xmlRow->setValue(2,
"");
846 $xmlResultSet->addRow($xmlRow);
852 if ($xml_writer->start()) {
853 return $xml_writer->getXML();
856 return $this->
__raiseError(
'Error in __getImportProtocolAsXML',
'Server');
867 include_once
'./webservice/soap/classes/class.ilXMLResultSet.php';
868 include_once
'./webservice/soap/classes/class.ilXMLResultSetWriter.php';
871 $xmlResultSet->addColumn(
"userid");
872 $xmlResultSet->addColumn(
"login");
873 $xmlResultSet->addColumn(
"action");
874 $xmlResultSet->addColumn(
"message");
876 if (count($a_array)) {
877 foreach ($a_array as $username =>
$message) {
879 $xmlRow->setValue(0, $username);
880 $xmlRow->setValue(1,
$message[
"login"]);
881 $xmlRow->setValue(2,
$message[
"action"]);
882 $xmlRow->setValue(3,
$message[
"message"]);
884 $xmlResultSet->addRow($xmlRow);
890 if ($xml_writer->start()) {
891 return $xml_writer->getXML();
894 return $this->
__raiseError(
'Error in __getUserMappingAsXML',
'Server');
905 public function searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
910 if (!$this->__checkSession($sid)) {
917 $access =
$DIC->access();
920 return $this->
__raiseError(
'Check access failed.',
'Server');
922 if (!count($a_keyfields)) {
923 $this->
__raiseError(
'At least one keyfield is needed',
'Client');
926 if (!count($a_keyvalues)) {
927 $this->
__raiseError(
'At least one keyvalue is needed',
'Client');
930 if (!strcasecmp($query_operator,
"and")==0 || !strcasecmp($query_operator,
"or") == 0) {
931 $this->
__raiseError(
'Query operator must be either \'and\' or \'or\'',
'Client');
937 $query =
"SELECT usr_data.*, usr_pref.value AS language
940 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
941 $ilDB->quote(
"language",
"text") .
944 if (is_numeric($active) && $active > -1) {
945 $query .=
" AND active = " .
$ilDB->quote($active);
948 $query .=
" ORDER BY usr_data.lastname, usr_data.firstname ";
956 while ($row =
$ilDB->fetchAssoc($r)) {
960 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
963 $xmlWriter->setAttachRoles($attach_roles);
965 $xmlWriter->setObjects(
$data);
967 if ($xmlWriter->start()) {
968 return $xmlWriter->getXML();
970 return $this->
__raiseError(
'Error in searchUser',
'Server');
988 $allowed_fields = array(
"firstname",
"lastname",
"email",
"login",
"matriculation",
"institution",
"department",
"title",
"ext_account");
990 foreach ($a_keyfields as $keyfield) {
991 $keyfield = strtolower($keyfield);
993 if (!in_array($keyfield, $allowed_fields)) {
997 $field_query = array();
998 foreach ($a_keyvalues as $keyvalue) {
999 if (strlen($keyvalue) >= 3) {
1000 $field_query [] =
$ilDB->like(
$ilDB->quoteIdentifier($keyfield),
'text',
'%' . $keyvalue .
"%");
1003 if (count($field_query)) {
1004 $query [] = join(
" " . strtoupper($queryOperator) .
" ", $field_query);
1008 return count(
$query) ?
" AND ((" . join(
") OR (",
$query) .
"))" :
"AND 0";
1024 if (!$this->__checkSession($sid)) {
1030 $rbacsystem =
$DIC[
'rbacsystem'];
1031 $access =
$DIC->access();
1037 if (is_array($a_user_ids) and count($a_user_ids) == 1) {
1038 if (end($a_user_ids) ==
$ilUser->getId()) {
1041 } elseif (is_numeric($a_user_ids)) {
1042 if ($a_user_ids ==
$ilUser->getId()) {
1047 if (!$access->checkAccess(
'read_users',
'',
USER_FOLDER_ID) && !$is_self) {
1048 return $this->
__raiseError(
'Check access failed.',
'Server');
1056 include_once
'./Services/User/classes/class.ilUserXMLWriter.php';
1058 $xmlWriter->setAttachRoles($attach_roles);
1059 $xmlWriter->setObjects(
$data);
1061 if ($xmlWriter->start()) {
1062 return $xmlWriter->getXML();
1065 return $this->
__raiseError(
'User does not exist',
'Client');
1075 if (!$this->__checkSession($sid)) {
1095 if (!$this->__checkSession($sid)) {
1103 $parts = explode(
'::', $sid);
1104 $query =
"SELECT usr_id FROM usr_session "
1105 .
"INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
1109 if (!(
int)
$data[
'usr_id']) {
1113 return (
int) $data[
'usr_id'];
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
An exception for terminatinating execution or to throw for unit testing.
const IL_FAIL_ON_CONFLICT
const IL_UPDATE_ON_CONFLICT
const IL_IGNORE_ON_CONFLICT
Description of class class.
Factory for auth frontend classes.
const STATUS_AUTHENTICATED
static getInstance()
Get status instance.
const STATUS_AUTHENTICATION_FAILED
static getLogger($a_component_id)
Get component logger.
static getNewMailsData(int $usr_id, int $leftInterval=0)
Determines the number of new mails for the passed user id and stores this information in a local cach...
static _getAssignUsersStatus($a_role_id)
getPasswdType()
get password type
getPhoneHome()
get home phone @access public
static _getUsersForIds($a_mem_ids, $active=-1, $timelimitowner=-1)
return user data for given user id
static _getUsersForRole($role_id, $active=-1)
return array of complete users which belong to a specific role
getPhoneOffice()
get office phone @access public
static _getUserData($a_internalids)
return user data for given user ids
hasToAcceptTermsOfService()
getActive()
get user active state @access public
getCountry()
Get country (free text)
getFax()
get fax @access public
static getUserIdByLogin($a_login)
getLastname()
get lastname @access public
getUTitle()
get user title (note: don't mix up this method with getTitle() that is derived from ilObject and gets...
getMatriculation()
get matriculation number @access public
getHobby()
get hobby @access public
static _getUsersForFolder($ref_id, $active)
get users for a category or from system folder
getEmail()
get email address @access public
getAuthMode($a_auth_key=false)
get auth mode @access public
getComment()
get referral comment @access public
getStreet()
get street @access public
getInstitution()
get institution @access public
getApproveDate()
get the date when the user account was approved @access public
getFirstname()
get firstname @access public
getZipcode()
get zipcode @access public
getLogin()
get login / username @access public
getPref($a_keyword)
get a user preference
getLastLogin()
returns last login date @access public
static _getUsersForGroup($a_mem_ids, $active=-1)
return user data for group members
getPhoneMobile()
get mobile phone @access public
getCity()
get city @access public
getLanguage()
returns a 2char-language-string @access public
getDepartment()
get department @access public
getGender()
get gender @access public
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
getImportId()
get import id
getCreateDate()
get create date @access public
static setClosingContext($a_context)
set closing context (for statistics)
initAuth($sid)
Init authentication.
__initAuthenticationObject($a_auth_mode=AUTH_LOCAL)
__raiseError($a_message, $a_code)
checkObjectAccess($ref_id, $expected_type, $permission, $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
define ("IL_FAIL_ON_CONFLICT", 1); define ("IL_UPDATE_ON_CONFLICT", 2); define ("IL_IGNORE_ON_CONFLIC...
lookupUser($sid, $user_name)
getUserForRole($sid, $role_id, $attachRoles, $active)
getUsersForContainer($sid, $ref_id, $attachRoles, $active)
return list of users following dtd users_3_7
deleteUser($sid, $user_id)
loginLDAP($client, $username, $password)
Not required anymode.
__getImportProtocolAsXML($a_array)
Create XML ResultSet.
logout($sid)
Logout user destroy session.
__buildSearchQuery($a_keyfields, $queryOperator, $a_keyvalues)
create search term according to parameters
login($client, $username, $password)
Soap login @global type $ilUser.
searchUser($sid, $a_keyfields, $query_operator, $a_keyvalues, $attach_roles, $active)
return user xml following dtd 3.7
__readUserData(\ilObjUser &$usr_obj)
loginStudipUser($sid, $user_id)
login as user from Stud.IP
isPermittedRole($a_folder, $a_role)
check if assignment is allowed
loginCAS($client, $PT, $username)
__getUserMappingAsXML($a_array)
return user mapping as xml
getUserXML($sid, $a_user_ids, $attach_roles)
return user xmls for given user ids (csv separated ids) as xml based on usr dtd.
static __extractId($ilias_id, $inst_id)
extract ref id from role title, e.g.
XML Writer for XMLResultSet.
const SYSTEM_USER_ID
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
if($_SERVER['argc']< 4) $client
domxml_open_mem($str, $mode=0, &$error=null)
foreach($_POST as $key=> $value) $res