ILIAS  trunk Revision v12.0_alpha-1540-g00f839d5fa1
Public Member Functions | Data Fields | Protected Member Functions | Private Member Functions
ilSoapUserAdministration Class Reference
+ Inheritance diagram for ilSoapUserAdministration:
+ Collaboration diagram for ilSoapUserAdministration:

Public Member Functions

 login (string $client, string $username, string $password)
 
 logout (string $sid)
 
 lookupUser (string $sid, string $user_name)
 
 importUsers (string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
 
 getUsersForContainer (string $sid, int $ref_id, bool $attachRoles, int $active)
 
 getUserForRole (string $sid, int $role_id, bool $attachRoles, int $active)
 
 searchUser (string $sid, array $a_keyfields, string $query_operator, array $a_keyvalues, bool $attach_roles, int $active)
 return user xml following dtd 3.7 More...
 
 getUserXML (string $sid, array $a_user_ids, bool $attach_roles)
 
 hasNewMail (string $sid)
 
 getUserIdBySid (string $sid)
 
- Public Member Functions inherited from ilSoapAdministration
 __construct (bool $use_nusoap=true)
 
 getMessage ()
 
 appendMessage (string $a_str)
 
 setMessageCode (string $a_code)
 
 getMessageCode ()
 
 reInitUser ()
 
 isFault ($object)
 
 getInstallationInfoXML ()
 
 getClientInfoXML (string $clientid)
 

Data Fields

const USER_FOLDER_ID = 7
 
- Data Fields inherited from ilSoapAdministration
const NUSOAP = 1
 
const PHP5 = 2
 
int $error_method
 Defines type of error handling (PHP5 || NUSOAP) More...
 

Protected Member Functions

 isPermittedRole (int $a_folder, int $a_role)
 
- Protected Member Functions inherited from ilSoapAdministration
 checkSession (string $sid)
 
 explodeSid (string $sid)
 
 setMessage (string $a_str)
 
 initAuth (string $sid)
 
 initIlias ()
 
 initAuthenticationObject ()
 
 raiseError (string $a_message, $a_code)
 
 checkObjectAccess (int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
 check access for ref id: expected type, permission, return object instance if returnobject is true More...
 

Private Member Functions

 getImportProtocolAsXML (array $a_array)
 Create XML ResultSet. More...
 
 getUserMappingAsXML (array $a_array)
 return user mapping as xml More...
 
 buildSearchQuery (array $a_keyfields, string $queryOperator, array $a_keyvalues)
 create search term according to parameters More...
 

Additional Inherited Members

- Protected Attributes inherited from ilSoapAdministration
bool $soap_check = true
 
string $message = ''
 
string $message_code = ''
 

Detailed Description

Definition at line 26 of file class.ilSoapUserAdministration.php.

Member Function Documentation

◆ buildSearchQuery()

ilSoapUserAdministration::buildSearchQuery ( array  $a_keyfields,
string  $queryOperator,
array  $a_keyvalues 
)
private

create search term according to parameters

Definition at line 730 of file class.ilSoapUserAdministration.php.

730 : string
731 {
732 global $DIC;
733
734 $ilDB = $DIC['ilDB'];
735 $query = array();
736
737 $allowed_fields = array("firstname",
738 "lastname",
739 "email",
740 "login",
741 "matriculation",
742 "institution",
743 "department",
744 "title",
745 "ext_account"
746 );
747
748 foreach ($a_keyfields as $keyfield) {
749 $keyfield = strtolower($keyfield);
750
751 if (!in_array($keyfield, $allowed_fields)) {
752 continue;
753 }
754
755 $field_query = array();
756 foreach ($a_keyvalues as $keyvalue) {
757 if (strlen($keyvalue) >= 3) {
758 $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
759 }
760 }
761 if (count($field_query)) {
762 $query [] = implode(" " . strtoupper($queryOperator) . " ", $field_query);
763 }
764 }
765
766 return count($query) ? " AND ((" . implode(") OR (", $query) . "))" : "AND 0";
767 }
$DIC
global $DIC
Definition: shib_login.php:26

References $DIC, and $ilDB.

Referenced by searchUser().

+ Here is the caller graph for this function:

◆ getImportProtocolAsXML()

ilSoapUserAdministration::getImportProtocolAsXML ( array  $a_array)
private

Create XML ResultSet.

Definition at line 584 of file class.ilSoapUserAdministration.php.

584 : string
585 {
586 $xmlResultSet = new ilXMLResultSet();
587 $xmlResultSet->addColumn("userid");
588 $xmlResultSet->addColumn("login");
589 $xmlResultSet->addColumn("action");
590 $xmlResultSet->addColumn("message");
591
592 foreach ($a_array as $username => $messages) {
593 foreach ($messages as $message) {
594 $xmlRow = new ilXMLResultSetRow();
595 $xmlRow->setValue(0, 0);
596 $xmlRow->setValue(1, $username);
597 $xmlRow->setValue(2, "");
598 $xmlRow->setValue(3, $message);
599
600 $xmlResultSet->addRow($xmlRow);
601 }
602 }
603
604 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
605
606 if ($xml_writer->start()) {
607 return $xml_writer->getXML();
608 }
609
610 return $this->raiseError('Error in __getImportProtocolAsXML', 'Server');
611 }
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:187
ilXMLResultSetRow
Row Class for XMLResultSet.
Definition: class.ilXMLResultSetRow.php:26
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:27

References ilSoapAdministration\$message, and ilSoapAdministration\raiseError().

Referenced by importUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUserForRole()

ilSoapUserAdministration::getUserForRole ( string  $sid,
int  $role_id,
bool  $attachRoles,
int  $active 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 505 of file class.ilSoapUserAdministration.php.

506 {
507 $this->initAuth($sid);
508 $this->initIlias();
509
510 if (!$this->checkSession($sid)) {
511 return $this->raiseError($this->getMessage(), $this->getMessageCode());
512 }
513
514 global $DIC;
515
516 $ilDB = $DIC['ilDB'];
517 $rbacreview = $DIC->rbac()->review();
518 $tree = $DIC->repositoryTree();
519 $ilUser = $DIC->user();
520 $access = $DIC->access();
521 $rbacsystem = $DIC->rbac()->system();
522
523 $global_roles = $rbacreview->getGlobalRoles();
524
525 if (in_array($role_id, $global_roles, true)) {
526 $actor_has_system_role = in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true);
527
528 if ($role_id === SYSTEM_ROLE_ID && !$actor_has_system_role) {
529 return $this->raiseError("Role access not permitted. ($role_id)", "Server");
530 }
531
532 if (!$actor_has_system_role &&
533 !$rbacsystem->checkAccessOfUser($ilUser->getId(), 'edit_userassignment', ROLE_FOLDER_ID)) {
534 return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
535 }
536 } else {
537 // local roles
538 $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
539 $access_granted = true;
540 foreach ($rolfs as $rolf) {
541 if ($tree->isDeleted($rolf)) {
542 $access_granted = false;
543 }
544 $type = \ilObject::_lookupType($rolf, true);
545 switch ($type) {
546 case 'crs':
547 case 'grp':
548 if (!$access->checkAccess('manage_members', '', $rolf)) {
549 $access_granted = false;
550 }
551 break;
552 default:
553 if (!$access->checkAccess('edit_permission', '', $rolf)) {
554 $access_granted = false;
555 }
556 break;
557 }
558 }
559 // read user data must be granted
560 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
561 $access_granted = false;
562 }
563 if (!$access_granted || !count($rolfs)) {
564 return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
565 }
566 }
567
568 $data = ilObjUser::_getUsersForRole($role_id, $active);
569
570 $xmlWriter = new ilUserXMLWriter();
571 $xmlWriter->setAttachRoles($attachRoles);
572
573 $xmlWriter->setObjects($data);
574
575 if ($xmlWriter->start()) {
576 return $xmlWriter->getXML();
577 }
578 return $this->raiseError('Error in getUsersForRole', 'Server');
579 }
ilObjUser\_getUsersForRole
static _getUsersForRole(int $role_id, int $active=-1)
Definition: class.ilObjUser.php:1948
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1108
ilUserXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilUserXMLWriter.php:40
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34

References $data, $DIC, $ilDB, ilObjUser\_getUsersForRole(), ilObject\_lookupType(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), ROLE_FOLDER_ID, SYSTEM_ROLE_ID, and USER_FOLDER_ID.

+ Here is the call graph for this function:

◆ getUserIdBySid()

ilSoapUserAdministration::getUserIdBySid ( string  $sid)
Returns
int|soap_fault|SoapFault|null

Definition at line 833 of file class.ilSoapUserAdministration.php.

834 {
835 $this->initAuth($sid);
836 $this->initIlias();
837
838 if (!$this->checkSession($sid)) {
839 return $this->raiseError($this->getMessage(), $this->getMessageCode());
840 }
841
842 global $DIC;
843
844 $ilDB = $DIC['ilDB'];
845
846 $parts = explode('::', $sid);
847 $query = "SELECT usr_id FROM usr_session "
848 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
849 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
850 $data = $ilDB->fetchAssoc($res);
851
852 if (!(int) $data['usr_id']) {
853 return $this->raiseError('User does not exist', 'Client');
854 }
855 return (int) $data['usr_id'];
856 }
$res
$res
Definition: ltiservices.php:69
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61

References $data, $DIC, $ilDB, $parts, $res, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ getUserMappingAsXML()

ilSoapUserAdministration::getUserMappingAsXML ( array  $a_array)
private

return user mapping as xml

Parameters
array(user_id => login) $a_array

Definition at line 617 of file class.ilSoapUserAdministration.php.

618 {
619 $xmlResultSet = new ilXMLResultSet();
620 $xmlResultSet->addColumn("userid");
621 $xmlResultSet->addColumn("login");
622 $xmlResultSet->addColumn("action");
623 $xmlResultSet->addColumn("message");
624
625 if (count($a_array)) {
626 foreach ($a_array as $username => $message) {
627 $xmlRow = new ilXMLResultSetRow();
628 $xmlRow->setValue(0, $username);
629 $xmlRow->setValue(1, $message["login"]);
630 $xmlRow->setValue(2, $message["action"]);
631 $xmlRow->setValue(3, $message["message"]);
632
633 $xmlResultSet->addRow($xmlRow);
634 }
635 }
636
637 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
638
639 if ($xml_writer->start()) {
640 return $xml_writer->getXML();
641 }
642
643 return $this->raiseError('Error in __getUserMappingAsXML', 'Server');
644 }

References ilSoapAdministration\$message, and ilSoapAdministration\raiseError().

Referenced by importUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUsersForContainer()

ilSoapUserAdministration::getUsersForContainer ( string  $sid,
int  $ref_id,
bool  $attachRoles,
int  $active 
)
Returns
ilObject|mixed|soap_fault|SoapFault|string|null

Definition at line 420 of file class.ilSoapUserAdministration.php.

421 {
422 $this->initAuth($sid);
423 $this->initIlias();
424
425 if (!$this->checkSession($sid)) {
426 return $this->raiseError($this->getMessage(), $this->getMessageCode());
427 }
428
429 global $DIC;
430
431 $ilDB = $DIC['ilDB'];
432 $tree = $DIC['tree'];
433 $rbacreview = $DIC['rbacreview'];
434 $rbacsystem = $DIC['rbacsystem'];
435 $access = $DIC->access();
436
437 if ($ref_id === -1) {
438 $ref_id = self::USER_FOLDER_ID;
439 }
440
441 if (
442 $ref_id === self::USER_FOLDER_ID &&
443 !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)
444 ) {
445 return $this->raiseError('Access denied', "Client");
446 }
447
448 $object = $this->checkObjectAccess($ref_id, array("crs", "cat", "grp", "usrf", "sess"), "read", true);
449 if ($this->isFault($object)) {
450 return $object;
451 }
452
453 $data = [];
454 switch ($object->getType()) {
455 case "usrf":
456 $data = ilObjUser::_getUsersForFolder(self::USER_FOLDER_ID, $active);
457 break;
458 case "cat":
459 $data = ilObjUser::_getUsersForFolder($ref_id, $active);
460 break;
461 case "crs":
462 {
463 // GET ALL MEMBERS
464 $roles = $object->__getLocalRoles();
465
466 foreach ($roles as $role_id) {
467 $user_ids = $rbacreview->assignedUsers($role_id);
468 $role_users = ilObjUser::_getUsersForIds($user_ids, $active);
469 $data = array_merge($data, $role_users);
470 }
471
472 break;
473 }
474 case "grp":
475 $member_ids = $object->getGroupMemberIds();
476 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
477 break;
478 case "sess":
479 $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
480 if (!$course_ref_id) {
481 return $this->raiseError("No course for session", "Client");
482 }
483
484 $event_obj_id = ilObject::_lookupObjId($ref_id);
485 $event_part = new ilEventParticipants($event_obj_id);
486 $member_ids = array_keys($event_part->getParticipants());
487 $data = ilObjUser::_getUsersForIds($member_ids, $active);
488 break;
489 }
490
491 $xmlWriter = new ilUserXMLWriter();
492 $xmlWriter->setObjects($data);
493 $xmlWriter->setAttachRoles($attachRoles);
494
495 if ($xmlWriter->start()) {
496 return $xmlWriter->getXML();
497 }
498 // @todo for backward compatibility
499 return '';
500 }
ilEventParticipants
class ilEventParticipants
Definition: class.ilEventParticipants.php:29
ilObjUser\_getUsersForIds
static _getUsersForIds(array $a_mem_ids, int $active=-1, int $timelimitowner=-1)
Definition: class.ilObjUser.php:2031
ilObjUser\_getUsersForFolder
static _getUsersForFolder(int $ref_id, int $active)
Definition: class.ilObjUser.php:1986
ilObjUser\_getUsersForGroup
static _getUsersForGroup(array $a_mem_ids, int $active=-1)
Definition: class.ilObjUser.php:2024
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:947
ilSoapAdministration\checkObjectAccess
checkObjectAccess(int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
Definition: class.ilSoapAdministration.php:214
$ref_id
$ref_id
Definition: ltiauth.php:66

References $data, $DIC, $ilDB, $ref_id, ilObjUser\_getUsersForFolder(), ilObjUser\_getUsersForGroup(), ilObjUser\_getUsersForIds(), ilObject\_lookupObjId(), ilSoapAdministration\checkObjectAccess(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\isFault(), ilSoapAdministration\raiseError(), USER_FOLDER_ID, and USER_FOLDER_ID.

+ Here is the call graph for this function:

◆ getUserXML()

ilSoapUserAdministration::getUserXML ( string  $sid,
array  $a_user_ids,
bool  $attach_roles 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 772 of file class.ilSoapUserAdministration.php.

773 {
774 $this->initAuth($sid);
775 $this->initIlias();
776
777 if (!$this->checkSession($sid)) {
778 return $this->raiseError($this->getMessage(), $this->getMessageCode());
779 }
780
781 global $DIC;
782
783 $rbacsystem = $DIC['rbacsystem'];
784 $access = $DIC->access();
785 $ilUser = $DIC['ilUser'];
786 $ilDB = $DIC['ilDB'];
787
788 // check if own account
789 $is_self = false;
790 if (count($a_user_ids) === 1) {
791 $usr_id = (int) end($a_user_ids);
792 if ($usr_id === $ilUser->getId()) {
793 $is_self = true;
794 }
795 }
796
797 if (!$is_self && !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
798 return $this->raiseError('Check access failed.', 'Server');
799 }
800
801 $data = ilObjUser::_getUserData($a_user_ids);
802
803 $xmlWriter = new ilUserXMLWriter();
804 $xmlWriter->setAttachRoles($attach_roles);
805 $xmlWriter->setObjects($data);
806
807 if ($xmlWriter->start()) {
808 return $xmlWriter->getXML();
809 }
810
811 return $this->raiseError('User does not exist', 'Client');
812 }
ilObjUser\_getUserData
static _getUserData(array $a_internalids)
Definition: class.ilObjUser.php:2072

References $data, $DIC, $ilDB, ilObjUser\_getUserData(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ILIAS\Repository\int(), ilSoapAdministration\raiseError(), and USER_FOLDER_ID.

+ Here is the call graph for this function:

◆ hasNewMail()

ilSoapUserAdministration::hasNewMail ( string  $sid)

Definition at line 814 of file class.ilSoapUserAdministration.php.

815 {
816 $this->initAuth($sid);
817 $this->initIlias();
818
819 if (!$this->checkSession($sid)) {
820 return $this->raiseError($this->getMessage(), $this->getMessageCode());
821 }
822
823 global $DIC;
824
825 $ilUser = $DIC['ilUser'];
826
827 return ilMailGlobalServices::getNewMailsData($ilUser)['count'] > 0;
828 }
ilMailGlobalServices\getNewMailsData
static getNewMailsData(ilObjUser $user, int $left_interval=0)
Definition: class.ilMailGlobalServices.php:71

References $DIC, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilMailGlobalServices\getNewMailsData(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), and ilSoapAdministration\raiseError().

+ Here is the call graph for this function:

◆ importUsers()

ilSoapUserAdministration::importUsers ( string  $sid,
int  $folder_id,
string  $usr_xml,
int  $conflict_rule,
bool  $send_account_mail 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 138 of file class.ilSoapUserAdministration.php.

139 {
140 $this->initAuth($sid);
141 $this->initIlias();
142
143 if (!$this->checkSession($sid)) {
144 return $this->raiseError($this->getMessage(), $this->getMessageCode());
145 }
146
147 global $DIC;
148
149 $rbacreview = $DIC['rbacreview'];
150 $rbacsystem = $DIC['rbacsystem'];
151 $access = $DIC->access();
152 $tree = $DIC['tree'];
153 $lng = $DIC['lng'];
154 $ilUser = $DIC['ilUser'];
155 $ilLog = $DIC['ilLog'];
156
157 // validate to prevent wrong XMLs
158 $usr_xml = ltrim($usr_xml); // Remove leading whitespace (including BOM if needed)
159
160 $doc = new DOMDocument();
161 libxml_use_internal_errors(true); // Capture parsing errors
162
163 $is_loadable = $doc->loadXML($usr_xml);
164 $errors = libxml_get_errors();
165 libxml_clear_errors();
166
167 if (!$is_loadable) {
168 $msg = [];
169 foreach ($errors as $err) {
170 $msg[] = "(" . $err->line . "," . $err->column . "): " . trim($err->message);
171 }
172 libxml_clear_errors();
173 $msg = implode("\n", $msg);
174 return $this->raiseError($msg, "Client");
175 }
176
177 switch ($conflict_rule) {
178 case 2:
179 $conflict_rule = ilUserImportParser::IL_UPDATE_ON_CONFLICT;
180 break;
181 case 3:
182 $conflict_rule = ilUserImportParser::IL_IGNORE_ON_CONFLICT;
183 break;
184 default:
185 $conflict_rule = ilUserImportParser::IL_FAIL_ON_CONFLICT;
186 }
187 if ($folder_id === 0 && !$access->checkAccess('create_usr', '', self::USER_FOLDER_ID)) {
188 return $this->raiseError(
189 'Missing permission for creating/modifying users accounts' . self::USER_FOLDER_ID . ' ' . $ilUser->getId(),
190 'Server'
191 );
192 }
193
194 // folder id 0, means to check permission on user basis!
195 // must have create user right in time_limit_owner property (which is ref_id of container)
196 if ($folder_id !== 0) {
197 // determine where to import
198 if ($folder_id === -1) {
199 $folder_id = self::USER_FOLDER_ID;
200 }
201
202 // get folder
203 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
204 // id does not exist
205 if (!$import_folder) {
206 return $this->raiseError('Wrong reference id.', 'Server');
207 }
208
209 // folder is not a folder, can also be a category
210 if ($import_folder->getType() !== "usrf" && $import_folder->getType() !== "cat") {
211 return $this->raiseError('Folder must be a usr folder or a category.', 'Server');
212 }
213
214 // check access to folder
215 if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
216 return $this->raiseError(
217 'Missing permission for creating users within ' . $import_folder->getTitle(),
218 'Server'
219 );
220 }
221 }
222
223 // first verify
224 $importParser = new ilUserImportParser("", ilUserImportParser::IL_VERIFY, $conflict_rule);
225 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
226 $importParser->setXMLContent($usr_xml);
227 $importParser->startParsing();
228
229 switch ($importParser->getErrorLevel()) {
230 case ilUserImportParser::IL_IMPORT_SUCCESS:
231 break;
232 case ilUserImportParser::IL_IMPORT_WARNING:
233 return $this->getImportProtocolAsXML($importParser->getProtocol());
234 break;
235 case ilUserImportParser::IL_IMPORT_FAILURE:
236 return $this->getImportProtocolAsXML($importParser->getProtocol());
237 }
238
239 // verify is ok, so get role assignments
240
241 $importParser = new ilUserImportParser("", ilUserImportParser::IL_EXTRACT_ROLES, $conflict_rule);
242 $importParser->setXMLContent($usr_xml);
243 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
244 $importParser->startParsing();
245
246 $roles = $importParser->getCollectedRoles();
247
248 //print_r($roles);
249
250 // roles to be assigned, skip if one is not allowed!
251 $permitted_roles = array();
252 foreach ($roles as $role_id => $role) {
253 if (!is_numeric($role_id)) {
254 // check if internal id
255 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
256
257 if (is_numeric($internalId) && $internalId > 0) {
258 $role_id = $internalId;
259 $role_name = $role_id;
260 }
261 }
262
263 if ($this->isPermittedRole($folder_id, $role_id)) {
264 $permitted_roles[$role_id] = $role_id;
265 } else {
266 $role_name = ilObject::_lookupTitle($role_id);
267 return $this->raiseError(
268 "Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
269 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
270 'Server'
271 );
272 }
273 }
274
275 $global_roles = $rbacreview->getGlobalRoles();
276
277 //print_r ($global_roles);
278
279 foreach ($permitted_roles as $role_id => $role_name) {
280 if ($role_id != "") {
281 if (in_array($role_id, $global_roles)) {
282 if (
283 (
284 $folder_id !== 0 &&
285 $folder_id !== self::USER_FOLDER_ID &&
286 !ilObjRole::_getAssignUsersStatus($role_id)
287 ) ||
288 (
289 $role_id == SYSTEM_ROLE_ID &&
290 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)
291 )
292 ) {
293 return $this->raiseError(
294 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
295 'Server'
296 );
297 }
298 } else {
299 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
300 if ($rbacreview->isDeleted($rolf[0])
301 || !$rbacsystem->checkAccess('write', $rolf[0])) {
302 return $this->raiseError(
303 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
304 "Server"
305 );
306 }
307 }
308 }
309 }
310
311 //print_r ($permitted_roles);
312
313 $importParser = new ilUserImportParser("", ilUserImportParser::IL_USER_IMPORT, $conflict_rule);
314 $importParser->setSendMail($send_account_mail);
315 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
316 $importParser->setFolderId($folder_id);
317 $importParser->setXMLContent($usr_xml);
318
319 $importParser->setRoleAssignment($permitted_roles);
320
321 $importParser->startParsing();
322
323 if ($importParser->getErrorLevel() !== ilUserImportParser::IL_IMPORT_FAILURE) {
324 return $this->getUserMappingAsXML($importParser->getUserMapping());
325 }
326 return $this->getImportProtocolAsXML($importParser->getProtocol());
327 }
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:854
ilSoapUserAdministration\isPermittedRole
isPermittedRole(int $a_folder, int $a_role)
Definition: class.ilSoapUserAdministration.php:329
ilSoapUserAdministration\getImportProtocolAsXML
getImportProtocolAsXML(array $a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:584
ilSoapUserAdministration\getUserMappingAsXML
getUserMappingAsXML(array $a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:617
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1200
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
$lng
global $lng
Definition: privfeed.php:26

References $DIC, $lng, ilUtil\__extractId(), ilObjRole\_getAssignUsersStatus(), ilObject\_lookupTitle(), ilSoapAdministration\checkSession(), getImportProtocolAsXML(), ilObjectFactory\getInstanceByRefId(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), getUserMappingAsXML(), ilUserImportParser\IL_EXTRACT_ROLES, ilUserImportParser\IL_FAIL_ON_CONFLICT, ilUserImportParser\IL_IGNORE_ON_CONFLICT, ilUserImportParser\IL_IMPORT_FAILURE, ilUserImportParser\IL_IMPORT_SUCCESS, ilUserImportParser\IL_IMPORT_WARNING, IL_INST_ID, ilUserImportParser\IL_UPDATE_ON_CONFLICT, ilUserImportParser\IL_USER_IMPORT, ilUserImportParser\IL_USER_MAPPING_ID, ilUserImportParser\IL_VERIFY, ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), isPermittedRole(), ilSoapAdministration\raiseError(), SYSTEM_ROLE_ID, USER_FOLDER_ID, and USER_FOLDER_ID.

+ Here is the call graph for this function:

◆ isPermittedRole()

ilSoapUserAdministration::isPermittedRole ( int  $a_folder,
int  $a_role 
)
protected

Definition at line 329 of file class.ilSoapUserAdministration.php.

330 {
331 static $checked_roles = array();
332 static $global_roles = null;
333
334 if (isset($checked_roles[$a_role])) {
335 return $checked_roles[$a_role];
336 }
337
338 global $DIC;
339
340 $rbacsystem = $DIC['rbacsystem'];
341 $rbacreview = $DIC['rbacreview'];
342 $ilUser = $DIC['ilUser'];
343 $tree = $DIC['tree'];
344 $ilLog = $DIC['ilLog'];
345
346 $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
347 $location = $locations[0];
348
349 // global role
350 if ($location == ROLE_FOLDER_ID) {
351 $ilLog->write(__METHOD__ . ': Check global role');
352 // check assignment permission if called from local admin
353
354 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0) {
355 $ilLog->write(__METHOD__ . ': ' . $a_folder);
356 if (!ilObjRole::_getAssignUsersStatus($a_role)) {
357 $ilLog->write(__METHOD__ . ': No assignment allowed');
358 $checked_roles[$a_role] = false;
359 return false;
360 }
361 }
362 // exclude anonymous role from list
363 if ($a_role === ANONYMOUS_ROLE_ID) {
364 $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
365 $checked_roles[$a_role] = false;
366 return false;
367 }
368 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
369 if ($a_role === SYSTEM_ROLE_ID &&
370 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
371 $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
372 $checked_roles[$a_role] = false;
373 return false;
374 }
375
376 // Global role assignment ok
377 $ilLog->write(__METHOD__ . ': Assignment allowed.');
378 $checked_roles[$a_role] = true;
379 return true;
380 } elseif ($location) {
381 $ilLog->write(__METHOD__ . ': Check local role.');
382
383 // It's a local role
384 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
385 $rolf = $rolfs[0];
386
387 // only process role folders that are not set to status "deleted"
388 // and for which the user has write permissions.
389 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
390 // (The ROLE_FOLDER_ID folder contains the global roles).
391 if ($rbacreview->isDeleted($rolf)
392 || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
393 $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
394 $checked_roles[$a_role] = false;
395 return false;
396 }
397 // A local role is only displayed, if it is contained in the subtree of
398 // the localy administrated category. If the import function has been
399 // invoked from the user folder object, we show all local roles, because
400 // the user folder object is considered the parent of all local roles.
401 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
402 // isInSubtree variable with true. In all other cases it is initialized
403 // with false, and only set to true if we find the object id of the
404 // locally administrated category in the tree path to the local role.
405 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0 && !$tree->isGrandChild($a_folder, $rolf)) {
406 $ilLog->write(__METHOD__ . ': Not in path of category.');
407 $checked_roles[$a_role] = false;
408 return false;
409 }
410 $ilLog->write(__METHOD__ . ': Assignment allowed.');
411 $checked_roles[$a_role] = true;
412 return true;
413 }
414 return false;
415 }
$location
$location
Definition: buildRTE.php:22
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28

References $DIC, $location, ilObjRole\_getAssignUsersStatus(), ANONYMOUS_ROLE_ID, ROLE_FOLDER_ID, SYSTEM_ROLE_ID, and USER_FOLDER_ID.

Referenced by importUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ login()

ilSoapUserAdministration::login ( string  $client,
string  $username,
string  $password 
)
Returns
soap_fault|SoapFault|string|null

Definition at line 33 of file class.ilSoapUserAdministration.php.

34 {
35 unset($_COOKIE[session_name()]);
36 $_COOKIE['ilClientId'] = $client;
37
38 try {
39 $this->initIlias();
40 } catch (Exception $e) {
41 return $this->raiseError($e->getMessage(), 'Server');
42 }
43
44 // now try authentication
45 $credentials = new ilAuthFrontendCredentials();
46 $credentials->setUsername($username);
47 $credentials->setPassword($password);
48
49 $provider_factory = new ilAuthProviderFactory();
50 $providers = $provider_factory->getProviders($credentials);
51
52 $status = ilAuthStatus::getInstance();
53
54 $frontend_factory = new ilAuthFrontendFactory();
55 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_WS);
56 $frontend = $frontend_factory->getFrontend(
57 $GLOBALS['DIC']['ilAuthSession'],
58 $status,
59 $credentials,
60 $providers
61 );
62
63 $frontend->authenticate();
64
65 switch ($status->getStatus()) {
66 case ilAuthStatus::STATUS_AUTHENTICATED:
67 ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
68 return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
69
70 default:
71 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
72 return $this->raiseError(
73 $status->getReason(),
74 'Server'
75 );
76 }
77 }
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
$client
$client
Definition: dummy_client.php:45
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:52

References $_COOKIE, $client, Vendor\Package\$e, $GLOBALS, ilAuthFrontendFactory\CONTEXT_WS, ilAuthStatus\getInstance(), ilLoggerFactory\getLogger(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), ilAuthStatus\STATUS_AUTHENTICATED, and ilAuthStatus\STATUS_AUTHENTICATION_FAILED.

+ Here is the call graph for this function:

◆ logout()

ilSoapUserAdministration::logout ( string  $sid)
Returns
bool|soap_fault|SoapFault|null

Definition at line 82 of file class.ilSoapUserAdministration.php.

83 {
84 $this->initAuth($sid);
85 $this->initIlias();
86
87 if (!$this->checkSession($sid)) {
88 return $this->raiseError($this->getMessage(), $this->getMessageCode());
89 }
90
91 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
92 $GLOBALS['DIC']['ilAuthSession']->logout();
93 return true;
94 }
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:419
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28

References $GLOBALS, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), ilSession\SESSION_CLOSE_USER, and ilSession\setClosingContext().

+ Here is the call graph for this function:

◆ lookupUser()

ilSoapUserAdministration::lookupUser ( string  $sid,
string  $user_name 
)
Returns
int|soap_fault|SoapFault|null

Definition at line 99 of file class.ilSoapUserAdministration.php.

100 {
101 $this->initAuth($sid);
102 $this->initIlias();
103
104 if (!$this->checkSession($sid)) {
105 return $this->raiseError($this->getMessage(), $this->getMessageCode());
106 }
107
108 $user_name = trim($user_name);
109
110 if ($user_name === '') {
111 return $this->raiseError('No username given. Aborting', 'Client');
112 }
113
114 global $DIC;
115
116 $ilUser = $DIC->user();
117 $access = $DIC->access();
118
119 if (
120 strcasecmp($ilUser->getLogin(), $user_name) !== 0 &&
121 !$access->checkAccess(
122 'read_users',
123 '',
124 self::USER_FOLDER_ID
125 )
126 ) {
127 return $this->raiseError('Check access failed. ' . self::USER_FOLDER_ID, 'Server');
128 }
129
130 $user_id = ilObjUser::getUserIdByLogin($user_name);
131
132 return $user_id;
133 }
ilObjUser\getUserIdByLogin
static getUserIdByLogin(string $a_login)
Definition: class.ilObjUser.php:2778

References $DIC, $user_id, ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilObjUser\getUserIdByLogin(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and USER_FOLDER_ID.

+ Here is the call graph for this function:

◆ searchUser()

ilSoapUserAdministration::searchUser ( string  $sid,
array  $a_keyfields,
string  $query_operator,
array  $a_keyvalues,
bool  $attach_roles,
int  $active 
)

return user xml following dtd 3.7

Parameters
string$sidsession id
array$a_keyfieldsarray of user fieldname, following dtd 3.7
string$queryOperatorany logical operator
array$a_keyValuesvalues separated by space, at least 3 chars per search term
bool
int
Returns
soap_fault|SoapFault|null|string

Definition at line 656 of file class.ilSoapUserAdministration.php.

663 {
664 $this->initAuth($sid);
665 $this->initIlias();
666
667 if (!$this->checkSession($sid)) {
668 return $this->raiseError($this->getMessage(), $this->getMessageCode());
669 }
670
671 global $DIC;
672
673 $ilDB = $DIC['ilDB'];
674 $access = $DIC->access();
675
676 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
677 return $this->raiseError('Check access failed.', 'Server');
678 }
679 if (!count($a_keyfields)) {
680 return $this->raiseError('At least one keyfield is needed', 'Client');
681 }
682
683 if (!count($a_keyvalues)) {
684 return $this->raiseError('At least one keyvalue is needed', 'Client');
685 }
686
687 if (strcasecmp($query_operator, "and") !== 0 && strcasecmp($query_operator, "or") !== 0) {
688 return $this->raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
689 }
690
691 $query = $this->buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
692
693 $query = "SELECT usr_data.*, usr_pref.value AS language
694 FROM usr_data
695 LEFT JOIN usr_pref
696 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
697 $ilDB->quote("language", "text") .
698 " WHERE 1 = 1 " . $query;
699
700 if ($active > -1) {
701 $query .= " AND active = " . $ilDB->quote($active);
702 }
703
704 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
705
706 //echo $query;
707
708 $r = $ilDB->query($query);
709
710 $data = array();
711
712 while ($row = $ilDB->fetchAssoc($r)) {
713 $data[] = $row;
714 }
715
716 $xmlWriter = new ilUserXMLWriter();
717 $xmlWriter->setAttachRoles($attach_roles);
718
719 $xmlWriter->setObjects($data);
720
721 if ($xmlWriter->start()) {
722 return $xmlWriter->getXML();
723 }
724 return $this->raiseError('Error in searchUser', 'Server');
725 }
ilSoapUserAdministration\buildSearchQuery
buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:730

References $data, $DIC, $ilDB, buildSearchQuery(), ilSoapAdministration\checkSession(), ilSoapAdministration\getMessage(), ilSoapAdministration\getMessageCode(), ilSoapAdministration\initAuth(), ilSoapAdministration\initIlias(), ilSoapAdministration\raiseError(), and USER_FOLDER_ID.

+ Here is the call graph for this function:

Field Documentation

◆ USER_FOLDER_ID

const ilSoapUserAdministration::USER_FOLDER_ID = 7

Definition at line 28 of file class.ilSoapUserAdministration.php.

Referenced by getUsersForContainer(), and importUsers().

The documentation for this class was generated from the following file: