ILIAS  release_8 Revision v8.23
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
30 include_once './webservice/soap/classes/class.ilSoapAdministration.php';
31 
32 class ilSoapUserAdministration extends ilSoapAdministration
33 {
34  public const USER_FOLDER_ID = 7;
35 
39  public function login(string $client, string $username, string $password)
40  {
41  unset($_COOKIE[session_name()]);
42  $_COOKIE['ilClientId'] = $client;
43 
44  try {
45  $this->initIlias();
46  } catch (Exception $e) {
47  return $this->raiseError($e->getMessage(), 'Server');
48  }
49 
50  // now try authentication
51  include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
52  $credentials = new ilAuthFrontendCredentials();
53  $credentials->setUsername($username);
54  $credentials->setPassword($password);
55 
56  include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
57  $provider_factory = new ilAuthProviderFactory();
58  $providers = $provider_factory->getProviders($credentials);
59 
60  include_once './Services/Authentication/classes/class.ilAuthStatus.php';
61  $status = ilAuthStatus::getInstance();
62 
63  include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
64  $frontend_factory = new ilAuthFrontendFactory();
65  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_WS);
66  $frontend = $frontend_factory->getFrontend(
67  $GLOBALS['DIC']['ilAuthSession'],
68  $status,
69  $credentials,
70  $providers
71  );
72 
73  $frontend->authenticate();
74 
75  switch ($status->getStatus()) {
76  case ilAuthStatus::STATUS_AUTHENTICATED:
77  ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
78  return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
79 
80  default:
81  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
82  return $this->raiseError(
83  $status->getReason(),
84  'Server'
85  );
86  }
87  }
88 
92  public function logout(string $sid)
93  {
94  $this->initAuth($sid);
95  $this->initIlias();
96 
97  if (!$this->checkSession($sid)) {
98  return $this->raiseError($this->getMessage(), $this->getMessageCode());
99  }
100 
101  include_once './Services/Authentication/classes/class.ilSession.php';
102  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
103  $GLOBALS['DIC']['ilAuthSession']->logout();
104  return true;
105  }
106 
110  public function lookupUser(string $sid, string $user_name)
111  {
112  $this->initAuth($sid);
113  $this->initIlias();
114 
115  if (!$this->checkSession($sid)) {
116  return $this->raiseError($this->getMessage(), $this->getMessageCode());
117  }
118 
119  $user_name = trim($user_name);
120 
121  if ($user_name === '') {
122  return $this->raiseError('No username given. Aborting', 'Client');
123  }
124 
125  global $DIC;
126 
127  $ilUser = $DIC->user();
128  $access = $DIC->access();
129 
130  if (
131  strcasecmp($ilUser->getLogin(), $user_name) !== 0 &&
132  !$access->checkAccess(
133  'read_users',
134  '',
135  self::USER_FOLDER_ID
136  )
137  ) {
138  return $this->raiseError('Check access failed. ' . self::USER_FOLDER_ID, 'Server');
139  }
140 
141  $user_id = ilObjUser::getUserIdByLogin($user_name);
142 
143  return $user_id;
144  }
145 
149  public function importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
150  {
151  $this->initAuth($sid);
152  $this->initIlias();
153 
154  if (!$this->checkSession($sid)) {
155  return $this->raiseError($this->getMessage(), $this->getMessageCode());
156  }
157 
158  include_once './Services/User/classes/class.ilUserImportParser.php';
159  include_once './Services/AccessControl/classes/class.ilObjRole.php';
160  include_once './Services/Object/classes/class.ilObjectFactory.php';
161  global $DIC;
162 
163  $rbacreview = $DIC['rbacreview'];
164  $rbacsystem = $DIC['rbacsystem'];
165  $access = $DIC->access();
166  $tree = $DIC['tree'];
167  $lng = $DIC['lng'];
168  $ilUser = $DIC['ilUser'];
169  $ilLog = $DIC['ilLog'];
170 
171  // this takes time but is nescessary
172  $error = false;
173 
174  // validate to prevent wrong XMLs
175  @domxml_open_mem($usr_xml, DOMXML_LOAD_PARSING, $error);
176  if ($error) {
177  $msg = array();
178  if (is_array($error)) {
179  foreach ($error as $err) {
180  $msg [] = "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
181  }
182  } else {
183  $msg[] = $error;
184  }
185  $msg = implode("\n", $msg);
186  return $this->raiseError($msg, "Client");
187  }
188 
189  switch ($conflict_rule) {
190  case 2:
191  $conflict_rule = IL_UPDATE_ON_CONFLICT;
192  break;
193  case 3:
194  $conflict_rule = IL_IGNORE_ON_CONFLICT;
195  break;
196  default:
197  $conflict_rule = IL_FAIL_ON_CONFLICT;
198  }
199  if ($folder_id === 0 && !$access->checkAccess('create_usr', '', self::USER_FOLDER_ID)) {
200  return $this->raiseError(
201  'Missing permission for creating/modifying users accounts' . self::USER_FOLDER_ID . ' ' . $ilUser->getId(),
202  'Server'
203  );
204  }
205 
206  // folder id 0, means to check permission on user basis!
207  // must have create user right in time_limit_owner property (which is ref_id of container)
208  if ($folder_id !== 0) {
209  // determine where to import
210  if ($folder_id === -1) {
211  $folder_id = self::USER_FOLDER_ID;
212  }
213 
214  // get folder
215  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
216  // id does not exist
217  if (!$import_folder) {
218  return $this->raiseError('Wrong reference id.', 'Server');
219  }
220 
221  // folder is not a folder, can also be a category
222  if ($import_folder->getType() !== "usrf" && $import_folder->getType() !== "cat") {
223  return $this->raiseError('Folder must be a usr folder or a category.', 'Server');
224  }
225 
226  // check access to folder
227  if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
228  return $this->raiseError(
229  'Missing permission for creating users within ' . $import_folder->getTitle(),
230  'Server'
231  );
232  }
233  }
234 
235  // first verify
236  $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
237  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
238  $importParser->setXMLContent($usr_xml);
239  $importParser->startParsing();
240 
241  switch ($importParser->getErrorLevel()) {
242  case IL_IMPORT_SUCCESS:
243  break;
244  case IL_IMPORT_WARNING:
245  return $this->getImportProtocolAsXML($importParser->getProtocol());
246  break;
247  case IL_IMPORT_FAILURE:
248  return $this->getImportProtocolAsXML($importParser->getProtocol());
249  }
250 
251  // verify is ok, so get role assignments
252 
253  $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
254  $importParser->setXMLContent($usr_xml);
255  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
256  $importParser->startParsing();
257 
258  $roles = $importParser->getCollectedRoles();
259 
260  //print_r($roles);
261 
262  // roles to be assigned, skip if one is not allowed!
263  $permitted_roles = array();
264  foreach ($roles as $role_id => $role) {
265  if (!is_numeric($role_id)) {
266  // check if internal id
267  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
268 
269  if (is_numeric($internalId) && $internalId > 0) {
270  $role_id = $internalId;
271  $role_name = $role_id;
272  }
273  }
274 
275  if ($this->isPermittedRole($folder_id, $role_id)) {
276  $permitted_roles[$role_id] = $role_id;
277  } else {
278  $role_name = ilObject::_lookupTitle($role_id);
279  return $this->raiseError(
280  "Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
281  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
282  'Server'
283  );
284  }
285  }
286 
287  $global_roles = $rbacreview->getGlobalRoles();
288 
289  //print_r ($global_roles);
290 
291  foreach ($permitted_roles as $role_id => $role_name) {
292  if ($role_id != "") {
293  if (in_array($role_id, $global_roles)) {
294  if (
295  (
296  $folder_id !== 0 &&
297  $folder_id !== self::USER_FOLDER_ID &&
298  !ilObjRole::_getAssignUsersStatus($role_id)
299  ) ||
300  (
301  $role_id == SYSTEM_ROLE_ID &&
302  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)
303  )
304  ) {
305  return $this->raiseError(
306  $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
307  'Server'
308  );
309  }
310  } else {
311  $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
312  if ($rbacreview->isDeleted($rolf[0])
313  || !$rbacsystem->checkAccess('write', $rolf[0])) {
314  return $this->raiseError(
315  $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
316  "Server"
317  );
318  }
319  }
320  }
321  }
322 
323  //print_r ($permitted_roles);
324 
325  $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
326  $importParser->setSendMail($send_account_mail);
327  $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
328  $importParser->setFolderId($folder_id);
329  $importParser->setXMLContent($usr_xml);
330 
331  $importParser->setRoleAssignment($permitted_roles);
332 
333  $importParser->startParsing();
334 
335  if ($importParser->getErrorLevel() !== IL_IMPORT_FAILURE) {
336  return $this->getUserMappingAsXML($importParser->getUserMapping());
337  }
338  return $this->getImportProtocolAsXML($importParser->getProtocol());
339  }
340 
341  protected function isPermittedRole(int $a_folder, int $a_role)
342  {
343  static $checked_roles = array();
344  static $global_roles = null;
345 
346  if (isset($checked_roles[$a_role])) {
347  return $checked_roles[$a_role];
348  }
349 
350  global $DIC;
351 
352  $rbacsystem = $DIC['rbacsystem'];
353  $rbacreview = $DIC['rbacreview'];
354  $ilUser = $DIC['ilUser'];
355  $tree = $DIC['tree'];
356  $ilLog = $DIC['ilLog'];
357 
358  $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
359  $location = $locations[0];
360 
361  // global role
362  if ($location == ROLE_FOLDER_ID) {
363  $ilLog->write(__METHOD__ . ': Check global role');
364  // check assignment permission if called from local admin
365 
366  if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0) {
367  $ilLog->write(__METHOD__ . ': ' . $a_folder);
368  include_once './Services/AccessControl/classes/class.ilObjRole.php';
369  if (!ilObjRole::_getAssignUsersStatus($a_role)) {
370  $ilLog->write(__METHOD__ . ': No assignment allowed');
371  $checked_roles[$a_role] = false;
372  return false;
373  }
374  }
375  // exclude anonymous role from list
376  if ($a_role === ANONYMOUS_ROLE_ID) {
377  $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
378  $checked_roles[$a_role] = false;
379  return false;
380  }
381  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
382  if ($a_role === SYSTEM_ROLE_ID &&
383  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
384  $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
385  $checked_roles[$a_role] = false;
386  return false;
387  }
388 
389  // Global role assignment ok
390  $ilLog->write(__METHOD__ . ': Assignment allowed.');
391  $checked_roles[$a_role] = true;
392  return true;
393  } elseif ($location) {
394  $ilLog->write(__METHOD__ . ': Check local role.');
395 
396  // It's a local role
397  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
398  $rolf = $rolfs[0];
399 
400  // only process role folders that are not set to status "deleted"
401  // and for which the user has write permissions.
402  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
403  // (The ROLE_FOLDER_ID folder contains the global roles).
404  if ($rbacreview->isDeleted($rolf)
405  || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
406  $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
407  $checked_roles[$a_role] = false;
408  return false;
409  }
410  // A local role is only displayed, if it is contained in the subtree of
411  // the localy administrated category. If the import function has been
412  // invoked from the user folder object, we show all local roles, because
413  // the user folder object is considered the parent of all local roles.
414  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
415  // isInSubtree variable with true. In all other cases it is initialized
416  // with false, and only set to true if we find the object id of the
417  // locally administrated category in the tree path to the local role.
418  if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0 && !$tree->isGrandChild($a_folder, $rolf)) {
419  $ilLog->write(__METHOD__ . ': Not in path of category.');
420  $checked_roles[$a_role] = false;
421  return false;
422  }
423  $ilLog->write(__METHOD__ . ': Assignment allowed.');
424  $checked_roles[$a_role] = true;
425  return true;
426  }
427  return false;
428  }
429 
433  public function getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
434  {
435  $this->initAuth($sid);
436  $this->initIlias();
437 
438  if (!$this->checkSession($sid)) {
439  return $this->raiseError($this->getMessage(), $this->getMessageCode());
440  }
441 
442  global $DIC;
443 
444  $ilDB = $DIC['ilDB'];
445  $tree = $DIC['tree'];
446  $rbacreview = $DIC['rbacreview'];
447  $rbacsystem = $DIC['rbacsystem'];
448  $access = $DIC->access();
449 
450  if ($ref_id === -1) {
451  $ref_id = self::USER_FOLDER_ID;
452  }
453 
454  if (
455  $ref_id === self::USER_FOLDER_ID &&
456  !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)
457  ) {
458  return $this->raiseError('Access denied', "Client");
459  }
460 
461  $object = $this->checkObjectAccess($ref_id, array("crs", "cat", "grp", "usrf", "sess"), "read", true);
462  if ($this->isFault($object)) {
463  return $object;
464  }
465 
466  $data = [];
467  switch ($object->getType()) {
468  case "usrf":
469  $data = ilObjUser::_getUsersForFolder(self::USER_FOLDER_ID, $active);
470  break;
471  case "cat":
472  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
473  break;
474  case "crs":
475  {
476  // GET ALL MEMBERS
477  $roles = $object->__getLocalRoles();
478 
479  foreach ($roles as $role_id) {
480  $data = array_merge($rbacreview->assignedUsers($role_id), $data);
481  }
482 
483  break;
484  }
485  case "grp":
486  $member_ids = $object->getGroupMemberIds();
487  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
488  break;
489  case "sess":
490  $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
491  if (!$course_ref_id) {
492  return $this->raiseError("No course for session", "Client");
493  }
494 
495  $event_obj_id = ilObject::_lookupObjId($ref_id);
496  include_once 'Modules/Session/classes/class.ilEventParticipants.php';
497  $event_part = new ilEventParticipants($event_obj_id);
498  $member_ids = array_keys($event_part->getParticipants());
499  $data = ilObjUser::_getUsersForIds($member_ids, $active);
500  break;
501  }
502 
503  include_once './Services/User/classes/class.ilUserXMLWriter.php';
504 
505  $xmlWriter = new ilUserXMLWriter();
506  $xmlWriter->setObjects($data);
507  $xmlWriter->setAttachRoles($attachRoles);
508 
509  if ($xmlWriter->start()) {
510  return $xmlWriter->getXML();
511  }
512  // @todo for backward compatibility
513  return '';
514  }
515 
519  public function getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
520  {
521  $this->initAuth($sid);
522  $this->initIlias();
523 
524  if (!$this->checkSession($sid)) {
525  return $this->raiseError($this->getMessage(), $this->getMessageCode());
526  }
527 
528  include_once './Services/AccessControl/classes/class.ilObjRole.php';
529  global $DIC;
530 
531  $ilDB = $DIC['ilDB'];
532  $rbacreview = $DIC->rbac()->review();
533  $tree = $DIC->repositoryTree();
534  $ilUser = $DIC->user();
535  $access = $DIC->access();
536 
537  $global_roles = $rbacreview->getGlobalRoles();
538 
539  if (in_array($role_id, $global_roles, true)) {
540  // global roles
541  if ($role_id === SYSTEM_ROLE_ID &&
542  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
543  return $this->raiseError("Role access not permitted. ($role_id)", "Server");
544  }
545  } else {
546  // local roles
547  $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
548  $access_granted = true;
549  foreach ($rolfs as $rolf) {
550  if ($tree->isDeleted($rolf)) {
551  $access_granted = false;
552  }
553  $type = \ilObject::_lookupType($rolf, true);
554  switch ($type) {
555  case 'crs':
556  case 'grp':
557  if (!$access->checkAccess('manage_members', '', $rolf)) {
558  $access_granted = false;
559  }
560  break;
561  default:
562  if (!$access->checkAccess('edit_permission', '', $rolf)) {
563  $access_granted = false;
564  }
565  break;
566  }
567  }
568  // read user data must be granted
569  if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
570  $access_granted = false;
571  }
572  if (!$access_granted || !count($rolfs)) {
573  return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
574  }
575  }
576 
577  $data = ilObjUser::_getUsersForRole($role_id, $active);
578  include_once './Services/User/classes/class.ilUserXMLWriter.php';
579 
580  $xmlWriter = new ilUserXMLWriter();
581  $xmlWriter->setAttachRoles($attachRoles);
582 
583  $xmlWriter->setObjects($data);
584 
585  if ($xmlWriter->start()) {
586  return $xmlWriter->getXML();
587  }
588  return $this->raiseError('Error in getUsersForRole', 'Server');
589  }
590 
594  private function getImportProtocolAsXML(array $a_array) : string
595  {
596  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
597  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
598 
599  $xmlResultSet = new ilXMLResultSet();
600  $xmlResultSet->addColumn("userid");
601  $xmlResultSet->addColumn("login");
602  $xmlResultSet->addColumn("action");
603  $xmlResultSet->addColumn("message");
604 
605  foreach ($a_array as $username => $messages) {
606  foreach ($messages as $message) {
607  $xmlRow = new ilXMLResultSetRow();
608  $xmlRow->setValue(0, 0);
609  $xmlRow->setValue(1, $username);
610  $xmlRow->setValue(2, "");
611  $xmlRow->setValue(3, $message);
612 
613  $xmlResultSet->addRow($xmlRow);
614  }
615  }
616 
617  $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
618 
619  if ($xml_writer->start()) {
620  return $xml_writer->getXML();
621  }
622 
623  return $this->raiseError('Error in __getImportProtocolAsXML', 'Server');
624  }
625 
630  private function getUserMappingAsXML(array $a_array)
631  {
632  include_once './webservice/soap/classes/class.ilXMLResultSet.php';
633  include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
634 
635  $xmlResultSet = new ilXMLResultSet();
636  $xmlResultSet->addColumn("userid");
637  $xmlResultSet->addColumn("login");
638  $xmlResultSet->addColumn("action");
639  $xmlResultSet->addColumn("message");
640 
641  if (count($a_array)) {
642  foreach ($a_array as $username => $message) {
643  $xmlRow = new ilXMLResultSetRow();
644  $xmlRow->setValue(0, $username);
645  $xmlRow->setValue(1, $message["login"]);
646  $xmlRow->setValue(2, $message["action"]);
647  $xmlRow->setValue(3, $message["message"]);
648 
649  $xmlResultSet->addRow($xmlRow);
650  }
651  }
652 
653  $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
654 
655  if ($xml_writer->start()) {
656  return $xml_writer->getXML();
657  }
658 
659  return $this->raiseError('Error in __getUserMappingAsXML', 'Server');
660  }
661 
672  public function searchUser(
673  string $sid,
674  array $a_keyfields,
675  string $query_operator,
676  array $a_keyvalues,
677  bool $attach_roles,
678  int $active
679  ) {
680  $this->initAuth($sid);
681  $this->initIlias();
682 
683  if (!$this->checkSession($sid)) {
684  return $this->raiseError($this->getMessage(), $this->getMessageCode());
685  }
686 
687  global $DIC;
688 
689  $ilDB = $DIC['ilDB'];
690  $access = $DIC->access();
691 
692  if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
693  return $this->raiseError('Check access failed.', 'Server');
694  }
695  if (!count($a_keyfields)) {
696  $this->raiseError('At least one keyfield is needed', 'Client');
697  }
698 
699  if (!count($a_keyvalues)) {
700  $this->raiseError('At least one keyvalue is needed', 'Client');
701  }
702 
703  if (strcasecmp($query_operator, "and") !== 0 || strcasecmp($query_operator, "or") !== 0) {
704  $this->raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
705  }
706 
707  $query = $this->buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
708 
709  $query = "SELECT usr_data.*, usr_pref.value AS language
710  FROM usr_data
711  LEFT JOIN usr_pref
712  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
713  $ilDB->quote("language", "text") .
714  " WHERE 1 = 1 " . $query;
715 
716  if ($active > -1) {
717  $query .= " AND active = " . $ilDB->quote($active);
718  }
719 
720  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
721 
722  //echo $query;
723 
724  $r = $ilDB->query($query);
725 
726  $data = array();
727 
728  while ($row = $ilDB->fetchAssoc($r)) {
729  $data[] = $row;
730  }
731 
732  include_once './Services/User/classes/class.ilUserXMLWriter.php';
733 
734  $xmlWriter = new ilUserXMLWriter();
735  $xmlWriter->setAttachRoles($attach_roles);
736 
737  $xmlWriter->setObjects($data);
738 
739  if ($xmlWriter->start()) {
740  return $xmlWriter->getXML();
741  }
742  return $this->raiseError('Error in searchUser', 'Server');
743  }
744 
748  private function buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues) : string
749  {
750  global $DIC;
751 
752  $ilDB = $DIC['ilDB'];
753  $query = array();
754 
755  $allowed_fields = array("firstname",
756  "lastname",
757  "email",
758  "login",
759  "matriculation",
760  "institution",
761  "department",
762  "title",
763  "ext_account"
764  );
765 
766  foreach ($a_keyfields as $keyfield) {
767  $keyfield = strtolower($keyfield);
768 
769  if (!in_array($keyfield, $allowed_fields)) {
770  continue;
771  }
772 
773  $field_query = array();
774  foreach ($a_keyvalues as $keyvalue) {
775  if (strlen($keyvalue) >= 3) {
776  $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
777  }
778  }
779  if (count($field_query)) {
780  $query [] = implode(" " . strtoupper($queryOperator) . " ", $field_query);
781  }
782  }
783 
784  return count($query) ? " AND ((" . implode(") OR (", $query) . "))" : "AND 0";
785  }
786 
790  public function getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
791  {
792  $this->initAuth($sid);
793  $this->initIlias();
794 
795  if (!$this->checkSession($sid)) {
796  return $this->raiseError($this->getMessage(), $this->getMessageCode());
797  }
798 
799  global $DIC;
800 
801  $rbacsystem = $DIC['rbacsystem'];
802  $access = $DIC->access();
803  $ilUser = $DIC['ilUser'];
804  $ilDB = $DIC['ilDB'];
805 
806  // check if own account
807  $is_self = false;
808  if (count($a_user_ids) === 1) {
809  $usr_id = (int) end($a_user_ids);
810  if ($usr_id === $ilUser->getId()) {
811  $is_self = true;
812  }
813  }
814 
815  if (!$is_self && !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
816  return $this->raiseError('Check access failed.', 'Server');
817  }
818 
819  $data = ilObjUser::_getUserData($a_user_ids);
820 
821  include_once './Services/User/classes/class.ilUserXMLWriter.php';
822  $xmlWriter = new ilUserXMLWriter();
823  $xmlWriter->setAttachRoles($attach_roles);
824  $xmlWriter->setObjects($data);
825 
826  if ($xmlWriter->start()) {
827  return $xmlWriter->getXML();
828  }
829 
830  return $this->raiseError('User does not exist', 'Client');
831  }
832 
833  public function hasNewMail(string $sid)
834  {
835  $this->initAuth($sid);
836  $this->initIlias();
837 
838  if (!$this->checkSession($sid)) {
839  return $this->raiseError($this->getMessage(), $this->getMessageCode());
840  }
841 
842  global $DIC;
843 
844  $ilUser = $DIC['ilUser'];
845 
846  return ilMailGlobalServices::getNewMailsData($ilUser)['count'] > 0;
847  }
848 
852  public function getUserIdBySid(string $sid)
853  {
854  $this->initAuth($sid);
855  $this->initIlias();
856 
857  if (!$this->checkSession($sid)) {
858  return $this->raiseError($this->getMessage(), $this->getMessageCode());
859  }
860 
861  global $DIC;
862 
863  $ilDB = $DIC['ilDB'];
864 
865  $parts = explode('::', $sid);
866  $query = "SELECT usr_id FROM usr_session "
867  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
868  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
869  $data = $ilDB->fetchAssoc($res);
870 
871  if (!(int) $data['usr_id']) {
872  $this->raiseError('User does not exist', 'Client');
873  }
874  return (int) $data['usr_id'];
875  }
876 }
$res
$res
Definition: ltiservices.php:69
ilObjUser\_getUsersForRole
static _getUsersForRole(int $role_id, int $active=-1)
return array of complete users which belong to a specific role
Definition: class.ilObjUser.php:3255
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:10
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
ilSoapUserAdministration\buildSearchQuery
buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:748
$type
$type
Definition: proxy_ylocal.php:10
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:64
$lng
$lng
Definition: save_question_post_data.php:24
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
IL_USER_IMPORT
const IL_USER_IMPORT
Definition: class.ilUserImportParser.php:22
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
IL_IMPORT_FAILURE
const IL_IMPORT_FAILURE
Definition: class.ilUserImportParser.php:31
ilSoapUserAdministration\getUserMappingAsXML
getUserMappingAsXML(array $a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:630
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:27
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
ilSoapUserAdministration\isPermittedRole
isPermittedRole(int $a_folder, int $a_role)
Definition: class.ilSoapUserAdministration.php:341
ilXMLResultSetRow
Row Class for XMLResultSet.
Definition: class.ilXMLResultSetRow.php:29
IL_EXTRACT_ROLES
const IL_EXTRACT_ROLES
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilUserImportParser.php:21
IL_FAIL_ON_CONFLICT
const IL_FAIL_ON_CONFLICT
Definition: class.ilUserImportParser.php:25
IL_IMPORT_WARNING
const IL_IMPORT_WARNING
Definition: class.ilUserImportParser.php:30
ilObjUser\_getUsersForGroup
static _getUsersForGroup(array $a_mem_ids, int $active=-1)
return user data for group members
Definition: class.ilObjUser.php:3342
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:930
$DIC
global $DIC
Definition: feed.php:28
$client
$client
Definition: dummy_client.php:43
IL_IMPORT_SUCCESS
const IL_IMPORT_SUCCESS
Definition: class.ilUserImportParser.php:29
ilObjUser\getUserIdByLogin
static getUserIdByLogin(string $a_login)
Definition: class.ilObjUser.php:2033
$messages
$messages
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: xapiexit.php:22
ilMailGlobalServices\getNewMailsData
static getNewMailsData(ilObjUser $user, int $leftInterval=0)
Definition: class.ilMailGlobalServices.php:73
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
domxml_open_mem
domxml_open_mem($str, $mode=0, &$error=null)
Definition: inc.xml5compliance.php:45
IL_USER_MAPPING_ID
const IL_USER_MAPPING_ID
Definition: class.ilUserImportParser.php:34
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:51
ilUserXMLWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilUserXMLWriter.php:28
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilObjUser\_getUserData
static _getUserData(array $a_internalids)
return user data for given user ids
Definition: class.ilObjUser.php:3403
ilSoapAdministration\checkObjectAccess
checkObjectAccess(int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true ...
Definition: class.ilSoapAdministration.php:208
$query
$query
Definition: proxy_ylocal.php:13
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilSoapUserAdministration\login
login(string $client, string $username, string $password)
Definition: class.ilSoapUserAdministration.php:39
ilEventParticipants
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilEventParticipants.php:29
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:433
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
IL_VERIFY
const IL_VERIFY
Definition: class.ilUserImportParser.php:23
ilSoapUserAdministration\lookupUser
lookupUser(string $sid, string $user_name)
Definition: class.ilSoapUserAdministration.php:110
ilObjUser\_getUsersForFolder
static _getUsersForFolder(int $ref_id, int $active)
get users for a category or from system folder
Definition: class.ilObjUser.php:3298
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1204
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:487
$ilUser
$ilUser
Definition: imgupload.php:34
ilSoapUserAdministration\importUsers
importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
Definition: class.ilSoapUserAdministration.php:149
ilSoapUserAdministration\searchUser
searchUser(string $sid, array $a_keyfields, string $query_operator, array $a_keyvalues, bool $attach_roles, int $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:672
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ilSoapUserAdministration\getUserXML
getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
Definition: class.ilSoapUserAdministration.php:790
ilObjUser\_getUsersForIds
static _getUsersForIds(array $a_mem_ids, int $active=-1, int $timelimitowner=-1)
return user data for given user id
Definition: class.ilObjUser.php:3355
IL_UPDATE_ON_CONFLICT
const IL_UPDATE_ON_CONFLICT
Definition: class.ilUserImportParser.php:26
ilSoapUserAdministration\getImportProtocolAsXML
getImportProtocolAsXML(array $a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:594
DOMXML_LOAD_PARSING
const DOMXML_LOAD_PARSING
Definition: inc.xml5compliance.php:40
IL_IGNORE_ON_CONFLICT
const IL_IGNORE_ON_CONFLICT
Definition: class.ilUserImportParser.php:27
ilSoapUserAdministration\getUserForRole
getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:519