ILIAS  trunk Revision v12.0_alpha-1227-g7ff6d300864
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1<?php
2
26class ilSoapUserAdministration extends ilSoapAdministration
27{
28 public const USER_FOLDER_ID = 7;
29
33 public function login(string $client, string $username, string $password)
34 {
35 unset($_COOKIE[session_name()]);
36 $_COOKIE['ilClientId'] = $client;
37
38 try {
39 $this->initIlias();
40 } catch (Exception $e) {
41 return $this->raiseError($e->getMessage(), 'Server');
42 }
43
44 // now try authentication
45 $credentials = new ilAuthFrontendCredentials();
46 $credentials->setUsername($username);
47 $credentials->setPassword($password);
48
49 $provider_factory = new ilAuthProviderFactory();
50 $providers = $provider_factory->getProviders($credentials);
51
52 $status = ilAuthStatus::getInstance();
53
54 $frontend_factory = new ilAuthFrontendFactory();
55 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_WS);
56 $frontend = $frontend_factory->getFrontend(
57 $GLOBALS['DIC']['ilAuthSession'],
58 $status,
59 $credentials,
60 $providers
61 );
62
63 $frontend->authenticate();
64
65 switch ($status->getStatus()) {
66 case ilAuthStatus::STATUS_AUTHENTICATED:
67 ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
68 return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
69
70 default:
71 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
72 return $this->raiseError(
73 $status->getReason(),
74 'Server'
75 );
76 }
77 }
78
82 public function logout(string $sid)
83 {
84 $this->initAuth($sid);
85 $this->initIlias();
86
87 if (!$this->checkSession($sid)) {
88 return $this->raiseError($this->getMessage(), $this->getMessageCode());
89 }
90
91 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
92 $GLOBALS['DIC']['ilAuthSession']->logout();
93 return true;
94 }
95
99 public function lookupUser(string $sid, string $user_name)
100 {
101 $this->initAuth($sid);
102 $this->initIlias();
103
104 if (!$this->checkSession($sid)) {
105 return $this->raiseError($this->getMessage(), $this->getMessageCode());
106 }
107
108 $user_name = trim($user_name);
109
110 if ($user_name === '') {
111 return $this->raiseError('No username given. Aborting', 'Client');
112 }
113
114 global $DIC;
115
116 $ilUser = $DIC->user();
117 $access = $DIC->access();
118
119 if (
120 strcasecmp($ilUser->getLogin(), $user_name) !== 0 &&
121 !$access->checkAccess(
122 'read_users',
123 '',
124 self::USER_FOLDER_ID
125 )
126 ) {
127 return $this->raiseError('Check access failed. ' . self::USER_FOLDER_ID, 'Server');
128 }
129
130 $user_id = ilObjUser::getUserIdByLogin($user_name);
131
132 return $user_id;
133 }
134
138 public function importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
139 {
140 $this->initAuth($sid);
141 $this->initIlias();
142
143 if (!$this->checkSession($sid)) {
144 return $this->raiseError($this->getMessage(), $this->getMessageCode());
145 }
146
147 global $DIC;
148
149 $rbacreview = $DIC['rbacreview'];
150 $rbacsystem = $DIC['rbacsystem'];
151 $access = $DIC->access();
152 $tree = $DIC['tree'];
153 $lng = $DIC['lng'];
154 $ilUser = $DIC['ilUser'];
155 $ilLog = $DIC['ilLog'];
156
157 // validate to prevent wrong XMLs
158 $usr_xml = ltrim($usr_xml); // Remove leading whitespace (including BOM if needed)
159
160 $doc = new DOMDocument();
161 libxml_use_internal_errors(true); // Capture parsing errors
162
163 $is_loadable = $doc->loadXML($usr_xml);
164 $errors = libxml_get_errors();
165 libxml_clear_errors();
166
167 if (!$is_loadable) {
168 $msg = [];
169 foreach ($errors as $err) {
170 $msg[] = "(" . $err->line . "," . $err->column . "): " . trim($err->message);
171 }
172 libxml_clear_errors();
173 $msg = implode("\n", $msg);
174 return $this->raiseError($msg, "Client");
175 }
176
177 switch ($conflict_rule) {
178 case 2:
179 $conflict_rule = ilUserImportParser::IL_UPDATE_ON_CONFLICT;
180 break;
181 case 3:
182 $conflict_rule = ilUserImportParser::IL_IGNORE_ON_CONFLICT;
183 break;
184 default:
185 $conflict_rule = ilUserImportParser::IL_FAIL_ON_CONFLICT;
186 }
187 if ($folder_id === 0 && !$access->checkAccess('create_usr', '', self::USER_FOLDER_ID)) {
188 return $this->raiseError(
189 'Missing permission for creating/modifying users accounts' . self::USER_FOLDER_ID . ' ' . $ilUser->getId(),
190 'Server'
191 );
192 }
193
194 // folder id 0, means to check permission on user basis!
195 // must have create user right in time_limit_owner property (which is ref_id of container)
196 if ($folder_id !== 0) {
197 // determine where to import
198 if ($folder_id === -1) {
199 $folder_id = self::USER_FOLDER_ID;
200 }
201
202 // get folder
203 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
204 // id does not exist
205 if (!$import_folder) {
206 return $this->raiseError('Wrong reference id.', 'Server');
207 }
208
209 // folder is not a folder, can also be a category
210 if ($import_folder->getType() !== "usrf" && $import_folder->getType() !== "cat") {
211 return $this->raiseError('Folder must be a usr folder or a category.', 'Server');
212 }
213
214 // check access to folder
215 if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
216 return $this->raiseError(
217 'Missing permission for creating users within ' . $import_folder->getTitle(),
218 'Server'
219 );
220 }
221 }
222
223 // first verify
224 $importParser = new ilUserImportParser("", ilUserImportParser::IL_VERIFY, $conflict_rule);
225 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
226 $importParser->setXMLContent($usr_xml);
227 $importParser->startParsing();
228
229 switch ($importParser->getErrorLevel()) {
230 case ilUserImportParser::IL_IMPORT_SUCCESS:
231 break;
232 case ilUserImportParser::IL_IMPORT_WARNING:
233 return $this->getImportProtocolAsXML($importParser->getProtocol());
234 break;
235 case ilUserImportParser::IL_IMPORT_FAILURE:
236 return $this->getImportProtocolAsXML($importParser->getProtocol());
237 }
238
239 // verify is ok, so get role assignments
240
241 $importParser = new ilUserImportParser("", ilUserImportParser::IL_EXTRACT_ROLES, $conflict_rule);
242 $importParser->setXMLContent($usr_xml);
243 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
244 $importParser->startParsing();
245
246 $roles = $importParser->getCollectedRoles();
247
248 //print_r($roles);
249
250 // roles to be assigned, skip if one is not allowed!
251 $permitted_roles = array();
252 foreach ($roles as $role_id => $role) {
253 if (!is_numeric($role_id)) {
254 // check if internal id
255 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
256
257 if (is_numeric($internalId) && $internalId > 0) {
258 $role_id = $internalId;
259 $role_name = $role_id;
260 }
261 }
262
263 if ($this->isPermittedRole($folder_id, $role_id)) {
264 $permitted_roles[$role_id] = $role_id;
265 } else {
266 $role_name = ilObject::_lookupTitle($role_id);
267 return $this->raiseError(
268 "Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
269 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
270 'Server'
271 );
272 }
273 }
274
275 $global_roles = $rbacreview->getGlobalRoles();
276
277 //print_r ($global_roles);
278
279 foreach ($permitted_roles as $role_id => $role_name) {
280 if ($role_id != "") {
281 if (in_array($role_id, $global_roles)) {
282 if (
283 (
284 $folder_id !== 0 &&
285 $folder_id !== self::USER_FOLDER_ID &&
286 !ilObjRole::_getAssignUsersStatus($role_id)
287 ) ||
288 (
289 $role_id == SYSTEM_ROLE_ID &&
290 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)
291 )
292 ) {
293 return $this->raiseError(
294 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
295 'Server'
296 );
297 }
298 } else {
299 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
300 if ($rbacreview->isDeleted($rolf[0])
301 || !$rbacsystem->checkAccess('write', $rolf[0])) {
302 return $this->raiseError(
303 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
304 "Server"
305 );
306 }
307 }
308 }
309 }
310
311 //print_r ($permitted_roles);
312
313 $importParser = new ilUserImportParser("", ilUserImportParser::IL_USER_IMPORT, $conflict_rule);
314 $importParser->setSendMail($send_account_mail);
315 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
316 $importParser->setFolderId($folder_id);
317 $importParser->setXMLContent($usr_xml);
318
319 $importParser->setRoleAssignment($permitted_roles);
320
321 $importParser->startParsing();
322
323 if ($importParser->getErrorLevel() !== ilUserImportParser::IL_IMPORT_FAILURE) {
324 return $this->getUserMappingAsXML($importParser->getUserMapping());
325 }
326 return $this->getImportProtocolAsXML($importParser->getProtocol());
327 }
328
329 protected function isPermittedRole(int $a_folder, int $a_role)
330 {
331 static $checked_roles = array();
332 static $global_roles = null;
333
334 if (isset($checked_roles[$a_role])) {
335 return $checked_roles[$a_role];
336 }
337
338 global $DIC;
339
340 $rbacsystem = $DIC['rbacsystem'];
341 $rbacreview = $DIC['rbacreview'];
342 $ilUser = $DIC['ilUser'];
343 $tree = $DIC['tree'];
344 $ilLog = $DIC['ilLog'];
345
346 $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
347 $location = $locations[0];
348
349 // global role
350 if ($location == ROLE_FOLDER_ID) {
351 $ilLog->write(__METHOD__ . ': Check global role');
352 // check assignment permission if called from local admin
353
354 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0) {
355 $ilLog->write(__METHOD__ . ': ' . $a_folder);
356 if (!ilObjRole::_getAssignUsersStatus($a_role)) {
357 $ilLog->write(__METHOD__ . ': No assignment allowed');
358 $checked_roles[$a_role] = false;
359 return false;
360 }
361 }
362 // exclude anonymous role from list
363 if ($a_role === ANONYMOUS_ROLE_ID) {
364 $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
365 $checked_roles[$a_role] = false;
366 return false;
367 }
368 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
369 if ($a_role === SYSTEM_ROLE_ID &&
370 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
371 $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
372 $checked_roles[$a_role] = false;
373 return false;
374 }
375
376 // Global role assignment ok
377 $ilLog->write(__METHOD__ . ': Assignment allowed.');
378 $checked_roles[$a_role] = true;
379 return true;
380 } elseif ($location) {
381 $ilLog->write(__METHOD__ . ': Check local role.');
382
383 // It's a local role
384 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
385 $rolf = $rolfs[0];
386
387 // only process role folders that are not set to status "deleted"
388 // and for which the user has write permissions.
389 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
390 // (The ROLE_FOLDER_ID folder contains the global roles).
391 if ($rbacreview->isDeleted($rolf)
392 || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
393 $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
394 $checked_roles[$a_role] = false;
395 return false;
396 }
397 // A local role is only displayed, if it is contained in the subtree of
398 // the localy administrated category. If the import function has been
399 // invoked from the user folder object, we show all local roles, because
400 // the user folder object is considered the parent of all local roles.
401 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
402 // isInSubtree variable with true. In all other cases it is initialized
403 // with false, and only set to true if we find the object id of the
404 // locally administrated category in the tree path to the local role.
405 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0 && !$tree->isGrandChild($a_folder, $rolf)) {
406 $ilLog->write(__METHOD__ . ': Not in path of category.');
407 $checked_roles[$a_role] = false;
408 return false;
409 }
410 $ilLog->write(__METHOD__ . ': Assignment allowed.');
411 $checked_roles[$a_role] = true;
412 return true;
413 }
414 return false;
415 }
416
420 public function getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
421 {
422 $this->initAuth($sid);
423 $this->initIlias();
424
425 if (!$this->checkSession($sid)) {
426 return $this->raiseError($this->getMessage(), $this->getMessageCode());
427 }
428
429 global $DIC;
430
431 $ilDB = $DIC['ilDB'];
432 $tree = $DIC['tree'];
433 $rbacreview = $DIC['rbacreview'];
434 $rbacsystem = $DIC['rbacsystem'];
435 $access = $DIC->access();
436
437 if ($ref_id === -1) {
438 $ref_id = self::USER_FOLDER_ID;
439 }
440
441 if (
442 $ref_id === self::USER_FOLDER_ID &&
443 !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)
444 ) {
445 return $this->raiseError('Access denied', "Client");
446 }
447
448 $object = $this->checkObjectAccess($ref_id, array("crs", "cat", "grp", "usrf", "sess"), "read", true);
449 if ($this->isFault($object)) {
450 return $object;
451 }
452
453 $data = [];
454 switch ($object->getType()) {
455 case "usrf":
456 $data = ilObjUser::_getUsersForFolder(self::USER_FOLDER_ID, $active);
457 break;
458 case "cat":
459 $data = ilObjUser::_getUsersForFolder($ref_id, $active);
460 break;
461 case "crs":
462 {
463 // GET ALL MEMBERS
464 $roles = $object->__getLocalRoles();
465
466 foreach ($roles as $role_id) {
467 $user_ids = $rbacreview->assignedUsers($role_id);
468 $role_users = ilObjUser::_getUsersForIds($user_ids, $active);
469 $data = array_merge($data, $role_users);
470 }
471
472 break;
473 }
474 case "grp":
475 $member_ids = $object->getGroupMemberIds();
476 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
477 break;
478 case "sess":
479 $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
480 if (!$course_ref_id) {
481 return $this->raiseError("No course for session", "Client");
482 }
483
484 $event_obj_id = ilObject::_lookupObjId($ref_id);
485 $event_part = new ilEventParticipants($event_obj_id);
486 $member_ids = array_keys($event_part->getParticipants());
487 $data = ilObjUser::_getUsersForIds($member_ids, $active);
488 break;
489 }
490
491 $xmlWriter = new ilUserXMLWriter();
492 $xmlWriter->setObjects($data);
493 $xmlWriter->setAttachRoles($attachRoles);
494
495 if ($xmlWriter->start()) {
496 return $xmlWriter->getXML();
497 }
498 // @todo for backward compatibility
499 return '';
500 }
501
505 public function getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
506 {
507 $this->initAuth($sid);
508 $this->initIlias();
509
510 if (!$this->checkSession($sid)) {
511 return $this->raiseError($this->getMessage(), $this->getMessageCode());
512 }
513
514 global $DIC;
515
516 $ilDB = $DIC['ilDB'];
517 $rbacreview = $DIC->rbac()->review();
518 $tree = $DIC->repositoryTree();
519 $ilUser = $DIC->user();
520 $access = $DIC->access();
521
522 $global_roles = $rbacreview->getGlobalRoles();
523
524 if (in_array($role_id, $global_roles, true)) {
525 // global roles
526 if ($role_id === SYSTEM_ROLE_ID &&
527 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
528 return $this->raiseError("Role access not permitted. ($role_id)", "Server");
529 }
530 } else {
531 // local roles
532 $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
533 $access_granted = true;
534 foreach ($rolfs as $rolf) {
535 if ($tree->isDeleted($rolf)) {
536 $access_granted = false;
537 }
538 $type = \ilObject::_lookupType($rolf, true);
539 switch ($type) {
540 case 'crs':
541 case 'grp':
542 if (!$access->checkAccess('manage_members', '', $rolf)) {
543 $access_granted = false;
544 }
545 break;
546 default:
547 if (!$access->checkAccess('edit_permission', '', $rolf)) {
548 $access_granted = false;
549 }
550 break;
551 }
552 }
553 // read user data must be granted
554 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
555 $access_granted = false;
556 }
557 if (!$access_granted || !count($rolfs)) {
558 return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
559 }
560 }
561
562 $data = ilObjUser::_getUsersForRole($role_id, $active);
563
564 $xmlWriter = new ilUserXMLWriter();
565 $xmlWriter->setAttachRoles($attachRoles);
566
567 $xmlWriter->setObjects($data);
568
569 if ($xmlWriter->start()) {
570 return $xmlWriter->getXML();
571 }
572 return $this->raiseError('Error in getUsersForRole', 'Server');
573 }
574
578 private function getImportProtocolAsXML(array $a_array): string
579 {
580 $xmlResultSet = new ilXMLResultSet();
581 $xmlResultSet->addColumn("userid");
582 $xmlResultSet->addColumn("login");
583 $xmlResultSet->addColumn("action");
584 $xmlResultSet->addColumn("message");
585
586 foreach ($a_array as $username => $messages) {
587 foreach ($messages as $message) {
588 $xmlRow = new ilXMLResultSetRow();
589 $xmlRow->setValue(0, 0);
590 $xmlRow->setValue(1, $username);
591 $xmlRow->setValue(2, "");
592 $xmlRow->setValue(3, $message);
593
594 $xmlResultSet->addRow($xmlRow);
595 }
596 }
597
598 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
599
600 if ($xml_writer->start()) {
601 return $xml_writer->getXML();
602 }
603
604 return $this->raiseError('Error in __getImportProtocolAsXML', 'Server');
605 }
606
611 private function getUserMappingAsXML(array $a_array)
612 {
613 $xmlResultSet = new ilXMLResultSet();
614 $xmlResultSet->addColumn("userid");
615 $xmlResultSet->addColumn("login");
616 $xmlResultSet->addColumn("action");
617 $xmlResultSet->addColumn("message");
618
619 if (count($a_array)) {
620 foreach ($a_array as $username => $message) {
621 $xmlRow = new ilXMLResultSetRow();
622 $xmlRow->setValue(0, $username);
623 $xmlRow->setValue(1, $message["login"]);
624 $xmlRow->setValue(2, $message["action"]);
625 $xmlRow->setValue(3, $message["message"]);
626
627 $xmlResultSet->addRow($xmlRow);
628 }
629 }
630
631 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
632
633 if ($xml_writer->start()) {
634 return $xml_writer->getXML();
635 }
636
637 return $this->raiseError('Error in __getUserMappingAsXML', 'Server');
638 }
639
650 public function searchUser(
651 string $sid,
652 array $a_keyfields,
653 string $query_operator,
654 array $a_keyvalues,
655 bool $attach_roles,
656 int $active
657 ) {
658 $this->initAuth($sid);
659 $this->initIlias();
660
661 if (!$this->checkSession($sid)) {
662 return $this->raiseError($this->getMessage(), $this->getMessageCode());
663 }
664
665 global $DIC;
666
667 $ilDB = $DIC['ilDB'];
668 $access = $DIC->access();
669
670 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
671 return $this->raiseError('Check access failed.', 'Server');
672 }
673 if (!count($a_keyfields)) {
674 return $this->raiseError('At least one keyfield is needed', 'Client');
675 }
676
677 if (!count($a_keyvalues)) {
678 return $this->raiseError('At least one keyvalue is needed', 'Client');
679 }
680
681 if (strcasecmp($query_operator, "and") !== 0 || strcasecmp($query_operator, "or") !== 0) {
682 $this->raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
683 }
684
685 $query = $this->buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
686
687 $query = "SELECT usr_data.*, usr_pref.value AS language
688 FROM usr_data
689 LEFT JOIN usr_pref
690 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
691 $ilDB->quote("language", "text") .
692 " WHERE 1 = 1 " . $query;
693
694 if ($active > -1) {
695 $query .= " AND active = " . $ilDB->quote($active);
696 }
697
698 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
699
700 //echo $query;
701
702 $r = $ilDB->query($query);
703
704 $data = array();
705
706 while ($row = $ilDB->fetchAssoc($r)) {
707 $data[] = $row;
708 }
709
710 $xmlWriter = new ilUserXMLWriter();
711 $xmlWriter->setAttachRoles($attach_roles);
712
713 $xmlWriter->setObjects($data);
714
715 if ($xmlWriter->start()) {
716 return $xmlWriter->getXML();
717 }
718 return $this->raiseError('Error in searchUser', 'Server');
719 }
720
724 private function buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues): string
725 {
726 global $DIC;
727
728 $ilDB = $DIC['ilDB'];
729 $query = array();
730
731 $allowed_fields = array("firstname",
732 "lastname",
733 "email",
734 "login",
735 "matriculation",
736 "institution",
737 "department",
738 "title",
739 "ext_account"
740 );
741
742 foreach ($a_keyfields as $keyfield) {
743 $keyfield = strtolower($keyfield);
744
745 if (!in_array($keyfield, $allowed_fields)) {
746 continue;
747 }
748
749 $field_query = array();
750 foreach ($a_keyvalues as $keyvalue) {
751 if (strlen($keyvalue) >= 3) {
752 $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
753 }
754 }
755 if (count($field_query)) {
756 $query [] = implode(" " . strtoupper($queryOperator) . " ", $field_query);
757 }
758 }
759
760 return count($query) ? " AND ((" . implode(") OR (", $query) . "))" : "AND 0";
761 }
762
766 public function getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
767 {
768 $this->initAuth($sid);
769 $this->initIlias();
770
771 if (!$this->checkSession($sid)) {
772 return $this->raiseError($this->getMessage(), $this->getMessageCode());
773 }
774
775 global $DIC;
776
777 $rbacsystem = $DIC['rbacsystem'];
778 $access = $DIC->access();
779 $ilUser = $DIC['ilUser'];
780 $ilDB = $DIC['ilDB'];
781
782 // check if own account
783 $is_self = false;
784 if (count($a_user_ids) === 1) {
785 $usr_id = (int) end($a_user_ids);
786 if ($usr_id === $ilUser->getId()) {
787 $is_self = true;
788 }
789 }
790
791 if (!$is_self && !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
792 return $this->raiseError('Check access failed.', 'Server');
793 }
794
795 $data = ilObjUser::_getUserData($a_user_ids);
796
797 $xmlWriter = new ilUserXMLWriter();
798 $xmlWriter->setAttachRoles($attach_roles);
799 $xmlWriter->setObjects($data);
800
801 if ($xmlWriter->start()) {
802 return $xmlWriter->getXML();
803 }
804
805 return $this->raiseError('User does not exist', 'Client');
806 }
807
808 public function hasNewMail(string $sid)
809 {
810 $this->initAuth($sid);
811 $this->initIlias();
812
813 if (!$this->checkSession($sid)) {
814 return $this->raiseError($this->getMessage(), $this->getMessageCode());
815 }
816
817 global $DIC;
818
819 $ilUser = $DIC['ilUser'];
820
821 return ilMailGlobalServices::getNewMailsData($ilUser)['count'] > 0;
822 }
823
827 public function getUserIdBySid(string $sid)
828 {
829 $this->initAuth($sid);
830 $this->initIlias();
831
832 if (!$this->checkSession($sid)) {
833 return $this->raiseError($this->getMessage(), $this->getMessageCode());
834 }
835
836 global $DIC;
837
838 $ilDB = $DIC['ilDB'];
839
840 $parts = explode('::', $sid);
841 $query = "SELECT usr_id FROM usr_session "
842 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
843 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
844 $data = $ilDB->fetchAssoc($res);
845
846 if (!(int) $data['usr_id']) {
847 return $this->raiseError('User does not exist', 'Client');
848 }
849 return (int) $data['usr_id'];
850 }
851}
$location
$location
Definition: buildRTE.php:22
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilEventParticipants
class ilEventParticipants
Definition: class.ilEventParticipants.php:29
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilMailGlobalServices\getNewMailsData
static getNewMailsData(ilObjUser $user, int $left_interval=0)
Definition: class.ilMailGlobalServices.php:71
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObjUser\_getUsersForIds
static _getUsersForIds(array $a_mem_ids, int $active=-1, int $timelimitowner=-1)
Definition: class.ilObjUser.php:2034
ilObjUser\_getUserData
static _getUserData(array $a_internalids)
Definition: class.ilObjUser.php:2075
ilObjUser\_getUsersForFolder
static _getUsersForFolder(int $ref_id, int $active)
Definition: class.ilObjUser.php:1989
ilObjUser\_getUsersForGroup
static _getUsersForGroup(array $a_mem_ids, int $active=-1)
Definition: class.ilObjUser.php:2027
ilObjUser\getUserIdByLogin
static getUserIdByLogin(string $a_login)
Definition: class.ilObjUser.php:2780
ilObjUser\_getUsersForRole
static _getUsersForRole(int $role_id, int $active=-1)
Definition: class.ilObjUser.php:1951
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:419
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:187
ilSoapAdministration\checkObjectAccess
checkObjectAccess(int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
Definition: class.ilSoapAdministration.php:214
ilSoapUserAdministration\isPermittedRole
isPermittedRole(int $a_folder, int $a_role)
Definition: class.ilSoapUserAdministration.php:329
ilSoapUserAdministration\getImportProtocolAsXML
getImportProtocolAsXML(array $a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:578
ilSoapUserAdministration\login
login(string $client, string $username, string $password)
Definition: class.ilSoapUserAdministration.php:33
ilSoapUserAdministration\getUserForRole
getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:505
ilSoapUserAdministration\searchUser
searchUser(string $sid, array $a_keyfields, string $query_operator, array $a_keyvalues, bool $attach_roles, int $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:650
ilSoapUserAdministration\lookupUser
lookupUser(string $sid, string $user_name)
Definition: class.ilSoapUserAdministration.php:99
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:420
ilSoapUserAdministration\getUserXML
getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
Definition: class.ilSoapUserAdministration.php:766
ilSoapUserAdministration\getUserMappingAsXML
getUserMappingAsXML(array $a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:611
ilSoapUserAdministration\importUsers
importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
Definition: class.ilSoapUserAdministration.php:138
ilSoapUserAdministration\buildSearchQuery
buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:724
ilUserXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilUserXMLWriter.php:40
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1200
ilXMLResultSetRow
Row Class for XMLResultSet.
Definition: class.ilXMLResultSetRow.php:26
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:27
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
$client
$client
Definition: dummy_client.php:45
$ref_id
$ref_id
Definition: ltiauth.php:66
$res
$res
Definition: ltiservices.php:69
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61
$lng
global $lng
Definition: privfeed.php:31
$DIC
global $DIC
Definition: shib_login.php:26
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:52