ILIAS  release_8 Revision v8.24
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2009 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
30include_once './webservice/soap/classes/class.ilSoapAdministration.php';
31
32class ilSoapUserAdministration extends ilSoapAdministration
33{
34 public const USER_FOLDER_ID = 7;
35
39 public function login(string $client, string $username, string $password)
40 {
41 unset($_COOKIE[session_name()]);
42 $_COOKIE['ilClientId'] = $client;
43
44 try {
45 $this->initIlias();
46 } catch (Exception $e) {
47 return $this->raiseError($e->getMessage(), 'Server');
48 }
49
50 // now try authentication
51 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
52 $credentials = new ilAuthFrontendCredentials();
53 $credentials->setUsername($username);
54 $credentials->setPassword($password);
55
56 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
57 $provider_factory = new ilAuthProviderFactory();
58 $providers = $provider_factory->getProviders($credentials);
59
60 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
61 $status = ilAuthStatus::getInstance();
62
63 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
64 $frontend_factory = new ilAuthFrontendFactory();
65 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_WS);
66 $frontend = $frontend_factory->getFrontend(
67 $GLOBALS['DIC']['ilAuthSession'],
68 $status,
69 $credentials,
70 $providers
71 );
72
73 $frontend->authenticate();
74
75 switch ($status->getStatus()) {
76 case ilAuthStatus::STATUS_AUTHENTICATED:
77 ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
78 return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
79
80 default:
81 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
82 return $this->raiseError(
83 $status->getReason(),
84 'Server'
85 );
86 }
87 }
88
92 public function logout(string $sid)
93 {
94 $this->initAuth($sid);
95 $this->initIlias();
96
97 if (!$this->checkSession($sid)) {
98 return $this->raiseError($this->getMessage(), $this->getMessageCode());
99 }
100
101 include_once './Services/Authentication/classes/class.ilSession.php';
102 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
103 $GLOBALS['DIC']['ilAuthSession']->logout();
104 return true;
105 }
106
110 public function lookupUser(string $sid, string $user_name)
111 {
112 $this->initAuth($sid);
113 $this->initIlias();
114
115 if (!$this->checkSession($sid)) {
116 return $this->raiseError($this->getMessage(), $this->getMessageCode());
117 }
118
119 $user_name = trim($user_name);
120
121 if ($user_name === '') {
122 return $this->raiseError('No username given. Aborting', 'Client');
123 }
124
125 global $DIC;
126
127 $ilUser = $DIC->user();
128 $access = $DIC->access();
129
130 if (
131 strcasecmp($ilUser->getLogin(), $user_name) !== 0 &&
132 !$access->checkAccess(
133 'read_users',
134 '',
135 self::USER_FOLDER_ID
136 )
137 ) {
138 return $this->raiseError('Check access failed. ' . self::USER_FOLDER_ID, 'Server');
139 }
140
141 $user_id = ilObjUser::getUserIdByLogin($user_name);
142
143 return $user_id;
144 }
145
149 public function importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
150 {
151 $this->initAuth($sid);
152 $this->initIlias();
153
154 if (!$this->checkSession($sid)) {
155 return $this->raiseError($this->getMessage(), $this->getMessageCode());
156 }
157
158 include_once './Services/User/classes/class.ilUserImportParser.php';
159 include_once './Services/AccessControl/classes/class.ilObjRole.php';
160 include_once './Services/Object/classes/class.ilObjectFactory.php';
161 global $DIC;
162
163 $rbacreview = $DIC['rbacreview'];
164 $rbacsystem = $DIC['rbacsystem'];
165 $access = $DIC->access();
166 $tree = $DIC['tree'];
167 $lng = $DIC['lng'];
168 $ilUser = $DIC['ilUser'];
169 $ilLog = $DIC['ilLog'];
170
171 // this takes time but is nescessary
172 $error = false;
173
174 // validate to prevent wrong XMLs
175 @domxml_open_mem($usr_xml, DOMXML_LOAD_PARSING, $error);
176 if ($error) {
177 $msg = array();
178 if (is_array($error)) {
179 foreach ($error as $err) {
180 $msg [] = "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
181 }
182 } else {
183 $msg[] = $error;
184 }
185 $msg = implode("\n", $msg);
186 return $this->raiseError($msg, "Client");
187 }
188
189 switch ($conflict_rule) {
190 case 2:
191 $conflict_rule = IL_UPDATE_ON_CONFLICT;
192 break;
193 case 3:
194 $conflict_rule = IL_IGNORE_ON_CONFLICT;
195 break;
196 default:
197 $conflict_rule = IL_FAIL_ON_CONFLICT;
198 }
199 if ($folder_id === 0 && !$access->checkAccess('create_usr', '', self::USER_FOLDER_ID)) {
200 return $this->raiseError(
201 'Missing permission for creating/modifying users accounts' . self::USER_FOLDER_ID . ' ' . $ilUser->getId(),
202 'Server'
203 );
204 }
205
206 // folder id 0, means to check permission on user basis!
207 // must have create user right in time_limit_owner property (which is ref_id of container)
208 if ($folder_id !== 0) {
209 // determine where to import
210 if ($folder_id === -1) {
211 $folder_id = self::USER_FOLDER_ID;
212 }
213
214 // get folder
215 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
216 // id does not exist
217 if (!$import_folder) {
218 return $this->raiseError('Wrong reference id.', 'Server');
219 }
220
221 // folder is not a folder, can also be a category
222 if ($import_folder->getType() !== "usrf" && $import_folder->getType() !== "cat") {
223 return $this->raiseError('Folder must be a usr folder or a category.', 'Server');
224 }
225
226 // check access to folder
227 if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
228 return $this->raiseError(
229 'Missing permission for creating users within ' . $import_folder->getTitle(),
230 'Server'
231 );
232 }
233 }
234
235 // first verify
236 $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
237 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
238 $importParser->setXMLContent($usr_xml);
239 $importParser->startParsing();
240
241 switch ($importParser->getErrorLevel()) {
242 case IL_IMPORT_SUCCESS:
243 break;
244 case IL_IMPORT_WARNING:
245 return $this->getImportProtocolAsXML($importParser->getProtocol());
246 break;
247 case IL_IMPORT_FAILURE:
248 return $this->getImportProtocolAsXML($importParser->getProtocol());
249 }
250
251 // verify is ok, so get role assignments
252
253 $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
254 $importParser->setXMLContent($usr_xml);
255 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
256 $importParser->startParsing();
257
258 $roles = $importParser->getCollectedRoles();
259
260 //print_r($roles);
261
262 // roles to be assigned, skip if one is not allowed!
263 $permitted_roles = array();
264 foreach ($roles as $role_id => $role) {
265 if (!is_numeric($role_id)) {
266 // check if internal id
267 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
268
269 if (is_numeric($internalId) && $internalId > 0) {
270 $role_id = $internalId;
271 $role_name = $role_id;
272 }
273 }
274
275 if ($this->isPermittedRole($folder_id, $role_id)) {
276 $permitted_roles[$role_id] = $role_id;
277 } else {
278 $role_name = ilObject::_lookupTitle($role_id);
279 return $this->raiseError(
280 "Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
281 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
282 'Server'
283 );
284 }
285 }
286
287 $global_roles = $rbacreview->getGlobalRoles();
288
289 //print_r ($global_roles);
290
291 foreach ($permitted_roles as $role_id => $role_name) {
292 if ($role_id != "") {
293 if (in_array($role_id, $global_roles)) {
294 if (
295 (
296 $folder_id !== 0 &&
297 $folder_id !== self::USER_FOLDER_ID &&
298 !ilObjRole::_getAssignUsersStatus($role_id)
299 ) ||
300 (
301 $role_id == SYSTEM_ROLE_ID &&
302 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)
303 )
304 ) {
305 return $this->raiseError(
306 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
307 'Server'
308 );
309 }
310 } else {
311 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
312 if ($rbacreview->isDeleted($rolf[0])
313 || !$rbacsystem->checkAccess('write', $rolf[0])) {
314 return $this->raiseError(
315 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
316 "Server"
317 );
318 }
319 }
320 }
321 }
322
323 //print_r ($permitted_roles);
324
325 $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
326 $importParser->setSendMail($send_account_mail);
327 $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
328 $importParser->setFolderId($folder_id);
329 $importParser->setXMLContent($usr_xml);
330
331 $importParser->setRoleAssignment($permitted_roles);
332
333 $importParser->startParsing();
334
335 if ($importParser->getErrorLevel() !== IL_IMPORT_FAILURE) {
336 return $this->getUserMappingAsXML($importParser->getUserMapping());
337 }
338 return $this->getImportProtocolAsXML($importParser->getProtocol());
339 }
340
341 protected function isPermittedRole(int $a_folder, int $a_role)
342 {
343 static $checked_roles = array();
344 static $global_roles = null;
345
346 if (isset($checked_roles[$a_role])) {
347 return $checked_roles[$a_role];
348 }
349
350 global $DIC;
351
352 $rbacsystem = $DIC['rbacsystem'];
353 $rbacreview = $DIC['rbacreview'];
354 $ilUser = $DIC['ilUser'];
355 $tree = $DIC['tree'];
356 $ilLog = $DIC['ilLog'];
357
358 $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
359 $location = $locations[0];
360
361 // global role
362 if ($location == ROLE_FOLDER_ID) {
363 $ilLog->write(__METHOD__ . ': Check global role');
364 // check assignment permission if called from local admin
365
366 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0) {
367 $ilLog->write(__METHOD__ . ': ' . $a_folder);
368 include_once './Services/AccessControl/classes/class.ilObjRole.php';
369 if (!ilObjRole::_getAssignUsersStatus($a_role)) {
370 $ilLog->write(__METHOD__ . ': No assignment allowed');
371 $checked_roles[$a_role] = false;
372 return false;
373 }
374 }
375 // exclude anonymous role from list
376 if ($a_role === ANONYMOUS_ROLE_ID) {
377 $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
378 $checked_roles[$a_role] = false;
379 return false;
380 }
381 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
382 if ($a_role === SYSTEM_ROLE_ID &&
383 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
384 $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
385 $checked_roles[$a_role] = false;
386 return false;
387 }
388
389 // Global role assignment ok
390 $ilLog->write(__METHOD__ . ': Assignment allowed.');
391 $checked_roles[$a_role] = true;
392 return true;
393 } elseif ($location) {
394 $ilLog->write(__METHOD__ . ': Check local role.');
395
396 // It's a local role
397 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
398 $rolf = $rolfs[0];
399
400 // only process role folders that are not set to status "deleted"
401 // and for which the user has write permissions.
402 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
403 // (The ROLE_FOLDER_ID folder contains the global roles).
404 if ($rbacreview->isDeleted($rolf)
405 || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
406 $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
407 $checked_roles[$a_role] = false;
408 return false;
409 }
410 // A local role is only displayed, if it is contained in the subtree of
411 // the localy administrated category. If the import function has been
412 // invoked from the user folder object, we show all local roles, because
413 // the user folder object is considered the parent of all local roles.
414 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
415 // isInSubtree variable with true. In all other cases it is initialized
416 // with false, and only set to true if we find the object id of the
417 // locally administrated category in the tree path to the local role.
418 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0 && !$tree->isGrandChild($a_folder, $rolf)) {
419 $ilLog->write(__METHOD__ . ': Not in path of category.');
420 $checked_roles[$a_role] = false;
421 return false;
422 }
423 $ilLog->write(__METHOD__ . ': Assignment allowed.');
424 $checked_roles[$a_role] = true;
425 return true;
426 }
427 return false;
428 }
429
433 public function getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
434 {
435 $this->initAuth($sid);
436 $this->initIlias();
437
438 if (!$this->checkSession($sid)) {
439 return $this->raiseError($this->getMessage(), $this->getMessageCode());
440 }
441
442 global $DIC;
443
444 $ilDB = $DIC['ilDB'];
445 $tree = $DIC['tree'];
446 $rbacreview = $DIC['rbacreview'];
447 $rbacsystem = $DIC['rbacsystem'];
448 $access = $DIC->access();
449
450 if ($ref_id === -1) {
451 $ref_id = self::USER_FOLDER_ID;
452 }
453
454 if (
455 $ref_id === self::USER_FOLDER_ID &&
456 !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)
457 ) {
458 return $this->raiseError('Access denied', "Client");
459 }
460
461 $object = $this->checkObjectAccess($ref_id, array("crs", "cat", "grp", "usrf", "sess"), "read", true);
462 if ($this->isFault($object)) {
463 return $object;
464 }
465
466 $data = [];
467 switch ($object->getType()) {
468 case "usrf":
469 $data = ilObjUser::_getUsersForFolder(self::USER_FOLDER_ID, $active);
470 break;
471 case "cat":
472 $data = ilObjUser::_getUsersForFolder($ref_id, $active);
473 break;
474 case "crs":
475 {
476 // GET ALL MEMBERS
477 $roles = $object->__getLocalRoles();
478
479 foreach ($roles as $role_id) {
480 $data = array_merge($rbacreview->assignedUsers($role_id), $data);
481 }
482
483 break;
484 }
485 case "grp":
486 $member_ids = $object->getGroupMemberIds();
487 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
488 break;
489 case "sess":
490 $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
491 if (!$course_ref_id) {
492 return $this->raiseError("No course for session", "Client");
493 }
494
495 $event_obj_id = ilObject::_lookupObjId($ref_id);
496 include_once 'Modules/Session/classes/class.ilEventParticipants.php';
497 $event_part = new ilEventParticipants($event_obj_id);
498 $member_ids = array_keys($event_part->getParticipants());
499 $data = ilObjUser::_getUsersForIds($member_ids, $active);
500 break;
501 }
502
503 include_once './Services/User/classes/class.ilUserXMLWriter.php';
504
505 $xmlWriter = new ilUserXMLWriter();
506 $xmlWriter->setObjects($data);
507 $xmlWriter->setAttachRoles($attachRoles);
508
509 if ($xmlWriter->start()) {
510 return $xmlWriter->getXML();
511 }
512 // @todo for backward compatibility
513 return '';
514 }
515
519 public function getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
520 {
521 $this->initAuth($sid);
522 $this->initIlias();
523
524 if (!$this->checkSession($sid)) {
525 return $this->raiseError($this->getMessage(), $this->getMessageCode());
526 }
527
528 include_once './Services/AccessControl/classes/class.ilObjRole.php';
529 global $DIC;
530
531 $ilDB = $DIC['ilDB'];
532 $rbacreview = $DIC->rbac()->review();
533 $tree = $DIC->repositoryTree();
534 $ilUser = $DIC->user();
535 $access = $DIC->access();
536
537 $global_roles = $rbacreview->getGlobalRoles();
538
539 if (in_array($role_id, $global_roles, true)) {
540 // global roles
541 if ($role_id === SYSTEM_ROLE_ID &&
542 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
543 return $this->raiseError("Role access not permitted. ($role_id)", "Server");
544 }
545 } else {
546 // local roles
547 $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
548 $access_granted = true;
549 foreach ($rolfs as $rolf) {
550 if ($tree->isDeleted($rolf)) {
551 $access_granted = false;
552 }
553 $type = \ilObject::_lookupType($rolf, true);
554 switch ($type) {
555 case 'crs':
556 case 'grp':
557 if (!$access->checkAccess('manage_members', '', $rolf)) {
558 $access_granted = false;
559 }
560 break;
561 default:
562 if (!$access->checkAccess('edit_permission', '', $rolf)) {
563 $access_granted = false;
564 }
565 break;
566 }
567 }
568 // read user data must be granted
569 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
570 $access_granted = false;
571 }
572 if (!$access_granted || !count($rolfs)) {
573 return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
574 }
575 }
576
577 $data = ilObjUser::_getUsersForRole($role_id, $active);
578 include_once './Services/User/classes/class.ilUserXMLWriter.php';
579
580 $xmlWriter = new ilUserXMLWriter();
581 $xmlWriter->setAttachRoles($attachRoles);
582
583 $xmlWriter->setObjects($data);
584
585 if ($xmlWriter->start()) {
586 return $xmlWriter->getXML();
587 }
588 return $this->raiseError('Error in getUsersForRole', 'Server');
589 }
590
594 private function getImportProtocolAsXML(array $a_array) : string
595 {
596 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
597 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
598
599 $xmlResultSet = new ilXMLResultSet();
600 $xmlResultSet->addColumn("userid");
601 $xmlResultSet->addColumn("login");
602 $xmlResultSet->addColumn("action");
603 $xmlResultSet->addColumn("message");
604
605 foreach ($a_array as $username => $messages) {
606 foreach ($messages as $message) {
607 $xmlRow = new ilXMLResultSetRow();
608 $xmlRow->setValue(0, 0);
609 $xmlRow->setValue(1, $username);
610 $xmlRow->setValue(2, "");
611 $xmlRow->setValue(3, $message);
612
613 $xmlResultSet->addRow($xmlRow);
614 }
615 }
616
617 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
618
619 if ($xml_writer->start()) {
620 return $xml_writer->getXML();
621 }
622
623 return $this->raiseError('Error in __getImportProtocolAsXML', 'Server');
624 }
625
630 private function getUserMappingAsXML(array $a_array)
631 {
632 include_once './webservice/soap/classes/class.ilXMLResultSet.php';
633 include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
634
635 $xmlResultSet = new ilXMLResultSet();
636 $xmlResultSet->addColumn("userid");
637 $xmlResultSet->addColumn("login");
638 $xmlResultSet->addColumn("action");
639 $xmlResultSet->addColumn("message");
640
641 if (count($a_array)) {
642 foreach ($a_array as $username => $message) {
643 $xmlRow = new ilXMLResultSetRow();
644 $xmlRow->setValue(0, $username);
645 $xmlRow->setValue(1, $message["login"]);
646 $xmlRow->setValue(2, $message["action"]);
647 $xmlRow->setValue(3, $message["message"]);
648
649 $xmlResultSet->addRow($xmlRow);
650 }
651 }
652
653 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
654
655 if ($xml_writer->start()) {
656 return $xml_writer->getXML();
657 }
658
659 return $this->raiseError('Error in __getUserMappingAsXML', 'Server');
660 }
661
672 public function searchUser(
673 string $sid,
674 array $a_keyfields,
675 string $query_operator,
676 array $a_keyvalues,
677 bool $attach_roles,
678 int $active
679 ) {
680 $this->initAuth($sid);
681 $this->initIlias();
682
683 if (!$this->checkSession($sid)) {
684 return $this->raiseError($this->getMessage(), $this->getMessageCode());
685 }
686
687 global $DIC;
688
689 $ilDB = $DIC['ilDB'];
690 $access = $DIC->access();
691
692 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
693 return $this->raiseError('Check access failed.', 'Server');
694 }
695 if (!count($a_keyfields)) {
696 $this->raiseError('At least one keyfield is needed', 'Client');
697 }
698
699 if (!count($a_keyvalues)) {
700 $this->raiseError('At least one keyvalue is needed', 'Client');
701 }
702
703 if (strcasecmp($query_operator, "and") !== 0 || strcasecmp($query_operator, "or") !== 0) {
704 $this->raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
705 }
706
707 $query = $this->buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
708
709 $query = "SELECT usr_data.*, usr_pref.value AS language
710 FROM usr_data
711 LEFT JOIN usr_pref
712 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
713 $ilDB->quote("language", "text") .
714 " WHERE 1 = 1 " . $query;
715
716 if ($active > -1) {
717 $query .= " AND active = " . $ilDB->quote($active);
718 }
719
720 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
721
722 //echo $query;
723
724 $r = $ilDB->query($query);
725
726 $data = array();
727
728 while ($row = $ilDB->fetchAssoc($r)) {
729 $data[] = $row;
730 }
731
732 include_once './Services/User/classes/class.ilUserXMLWriter.php';
733
734 $xmlWriter = new ilUserXMLWriter();
735 $xmlWriter->setAttachRoles($attach_roles);
736
737 $xmlWriter->setObjects($data);
738
739 if ($xmlWriter->start()) {
740 return $xmlWriter->getXML();
741 }
742 return $this->raiseError('Error in searchUser', 'Server');
743 }
744
748 private function buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues) : string
749 {
750 global $DIC;
751
752 $ilDB = $DIC['ilDB'];
753 $query = array();
754
755 $allowed_fields = array("firstname",
756 "lastname",
757 "email",
758 "login",
759 "matriculation",
760 "institution",
761 "department",
762 "title",
763 "ext_account"
764 );
765
766 foreach ($a_keyfields as $keyfield) {
767 $keyfield = strtolower($keyfield);
768
769 if (!in_array($keyfield, $allowed_fields)) {
770 continue;
771 }
772
773 $field_query = array();
774 foreach ($a_keyvalues as $keyvalue) {
775 if (strlen($keyvalue) >= 3) {
776 $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
777 }
778 }
779 if (count($field_query)) {
780 $query [] = implode(" " . strtoupper($queryOperator) . " ", $field_query);
781 }
782 }
783
784 return count($query) ? " AND ((" . implode(") OR (", $query) . "))" : "AND 0";
785 }
786
790 public function getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
791 {
792 $this->initAuth($sid);
793 $this->initIlias();
794
795 if (!$this->checkSession($sid)) {
796 return $this->raiseError($this->getMessage(), $this->getMessageCode());
797 }
798
799 global $DIC;
800
801 $rbacsystem = $DIC['rbacsystem'];
802 $access = $DIC->access();
803 $ilUser = $DIC['ilUser'];
804 $ilDB = $DIC['ilDB'];
805
806 // check if own account
807 $is_self = false;
808 if (count($a_user_ids) === 1) {
809 $usr_id = (int) end($a_user_ids);
810 if ($usr_id === $ilUser->getId()) {
811 $is_self = true;
812 }
813 }
814
815 if (!$is_self && !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
816 return $this->raiseError('Check access failed.', 'Server');
817 }
818
819 $data = ilObjUser::_getUserData($a_user_ids);
820
821 include_once './Services/User/classes/class.ilUserXMLWriter.php';
822 $xmlWriter = new ilUserXMLWriter();
823 $xmlWriter->setAttachRoles($attach_roles);
824 $xmlWriter->setObjects($data);
825
826 if ($xmlWriter->start()) {
827 return $xmlWriter->getXML();
828 }
829
830 return $this->raiseError('User does not exist', 'Client');
831 }
832
833 public function hasNewMail(string $sid)
834 {
835 $this->initAuth($sid);
836 $this->initIlias();
837
838 if (!$this->checkSession($sid)) {
839 return $this->raiseError($this->getMessage(), $this->getMessageCode());
840 }
841
842 global $DIC;
843
844 $ilUser = $DIC['ilUser'];
845
846 return ilMailGlobalServices::getNewMailsData($ilUser)['count'] > 0;
847 }
848
852 public function getUserIdBySid(string $sid)
853 {
854 $this->initAuth($sid);
855 $this->initIlias();
856
857 if (!$this->checkSession($sid)) {
858 return $this->raiseError($this->getMessage(), $this->getMessageCode());
859 }
860
861 global $DIC;
862
863 $ilDB = $DIC['ilDB'];
864
865 $parts = explode('::', $sid);
866 $query = "SELECT usr_id FROM usr_session "
867 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
868 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
869 $data = $ilDB->fetchAssoc($res);
870
871 if (!(int) $data['usr_id']) {
872 $this->raiseError('User does not exist', 'Client');
873 }
874 return (int) $data['usr_id'];
875 }
876}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
IL_FAIL_ON_CONFLICT
const IL_FAIL_ON_CONFLICT
Definition: class.ilUserImportParser.php:25
IL_USER_MAPPING_ID
const IL_USER_MAPPING_ID
Definition: class.ilUserImportParser.php:34
IL_IMPORT_FAILURE
const IL_IMPORT_FAILURE
Definition: class.ilUserImportParser.php:31
IL_UPDATE_ON_CONFLICT
const IL_UPDATE_ON_CONFLICT
Definition: class.ilUserImportParser.php:26
IL_EXTRACT_ROLES
const IL_EXTRACT_ROLES
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilUserImportParser.php:21
IL_IMPORT_SUCCESS
const IL_IMPORT_SUCCESS
Definition: class.ilUserImportParser.php:29
IL_USER_IMPORT
const IL_USER_IMPORT
Definition: class.ilUserImportParser.php:22
IL_VERIFY
const IL_VERIFY
Definition: class.ilUserImportParser.php:23
IL_IGNORE_ON_CONFLICT
const IL_IGNORE_ON_CONFLICT
Definition: class.ilUserImportParser.php:27
IL_IMPORT_WARNING
const IL_IMPORT_WARNING
Definition: class.ilUserImportParser.php:30
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilEventParticipants
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilEventParticipants.php:30
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilMailGlobalServices\getNewMailsData
static getNewMailsData(ilObjUser $user, int $leftInterval=0)
Definition: class.ilMailGlobalServices.php:73
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObjUser\_getUsersForIds
static _getUsersForIds(array $a_mem_ids, int $active=-1, int $timelimitowner=-1)
return user data for given user id
Definition: class.ilObjUser.php:3355
ilObjUser\_getUserData
static _getUserData(array $a_internalids)
return user data for given user ids
Definition: class.ilObjUser.php:3403
ilObjUser\_getUsersForFolder
static _getUsersForFolder(int $ref_id, int $active)
get users for a category or from system folder
Definition: class.ilObjUser.php:3298
ilObjUser\_getUsersForGroup
static _getUsersForGroup(array $a_mem_ids, int $active=-1)
return user data for group members
Definition: class.ilObjUser.php:3342
ilObjUser\getUserIdByLogin
static getUserIdByLogin(string $a_login)
Definition: class.ilObjUser.php:2033
ilObjUser\_getUsersForRole
static _getUsersForRole(int $role_id, int $active=-1)
return array of complete users which belong to a specific role
Definition: class.ilObjUser.php:3255
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:143
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:930
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:51
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:487
ilSoapAdministration
soap server Base class for all SOAP registered methods.
Definition: class.ilSoapAdministration.php:31
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:183
ilSoapAdministration\checkObjectAccess
checkObjectAccess(int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
Definition: class.ilSoapAdministration.php:208
ilSoapUserAdministration\isPermittedRole
isPermittedRole(int $a_folder, int $a_role)
Definition: class.ilSoapUserAdministration.php:341
ilSoapUserAdministration\getImportProtocolAsXML
getImportProtocolAsXML(array $a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:594
ilSoapUserAdministration\login
login(string $client, string $username, string $password)
Definition: class.ilSoapUserAdministration.php:39
ilSoapUserAdministration\getUserForRole
getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:519
ilSoapUserAdministration\searchUser
searchUser(string $sid, array $a_keyfields, string $query_operator, array $a_keyvalues, bool $attach_roles, int $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:672
ilSoapUserAdministration\lookupUser
lookupUser(string $sid, string $user_name)
Definition: class.ilSoapUserAdministration.php:110
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:433
ilSoapUserAdministration\getUserXML
getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
Definition: class.ilSoapUserAdministration.php:790
ilSoapUserAdministration\getUserMappingAsXML
getUserMappingAsXML(array $a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:630
ilSoapUserAdministration\importUsers
importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
Definition: class.ilSoapUserAdministration.php:149
ilSoapUserAdministration\buildSearchQuery
buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:748
ilUserXMLWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilUserXMLWriter.php:29
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1204
ilXMLResultSetRow
Row Class for XMLResultSet.
Definition: class.ilXMLResultSetRow.php:30
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:11
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
$client
$client
Definition: dummy_client.php:43
$DIC
global $DIC
Definition: feed.php:28
$ilUser
$ilUser
Definition: imgupload.php:34
domxml_open_mem
domxml_open_mem($str, $mode=0, &$error=null)
Definition: inc.xml5compliance.php:45
DOMXML_LOAD_PARSING
const DOMXML_LOAD_PARSING
Definition: inc.xml5compliance.php:40
$ref_id
$ref_id
Definition: ltiauth.php:67
$res
$res
Definition: ltiservices.php:69
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:64
$query
$query
Definition: proxy_ylocal.php:13
$type
$type
Definition: proxy_ylocal.php:10
$lng
$lng
Definition: save_question_post_data.php:24
$messages
$messages
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: xapiexit.php:22
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54