ILIAS  trunk Revision v12.0_alpha-377-g3641b37b9db
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1<?php
2
26class ilSoapUserAdministration extends ilSoapAdministration
27{
28 public const USER_FOLDER_ID = 7;
29
33 public function login(string $client, string $username, string $password)
34 {
35 unset($_COOKIE[session_name()]);
36 $_COOKIE['ilClientId'] = $client;
37
38 try {
39 $this->initIlias();
40 } catch (Exception $e) {
41 return $this->raiseError($e->getMessage(), 'Server');
42 }
43
44 // now try authentication
45 $credentials = new ilAuthFrontendCredentials();
46 $credentials->setUsername($username);
47 $credentials->setPassword($password);
48
49 $provider_factory = new ilAuthProviderFactory();
50 $providers = $provider_factory->getProviders($credentials);
51
52 $status = ilAuthStatus::getInstance();
53
54 $frontend_factory = new ilAuthFrontendFactory();
55 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_WS);
56 $frontend = $frontend_factory->getFrontend(
57 $GLOBALS['DIC']['ilAuthSession'],
58 $status,
59 $credentials,
60 $providers
61 );
62
63 $frontend->authenticate();
64
65 switch ($status->getStatus()) {
66 case ilAuthStatus::STATUS_AUTHENTICATED:
67 ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
68 return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
69
70 default:
71 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
72 return $this->raiseError(
73 $status->getReason(),
74 'Server'
75 );
76 }
77 }
78
82 public function logout(string $sid)
83 {
84 $this->initAuth($sid);
85 $this->initIlias();
86
87 if (!$this->checkSession($sid)) {
88 return $this->raiseError($this->getMessage(), $this->getMessageCode());
89 }
90
91 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
92 $GLOBALS['DIC']['ilAuthSession']->logout();
93 return true;
94 }
95
99 public function lookupUser(string $sid, string $user_name)
100 {
101 $this->initAuth($sid);
102 $this->initIlias();
103
104 if (!$this->checkSession($sid)) {
105 return $this->raiseError($this->getMessage(), $this->getMessageCode());
106 }
107
108 $user_name = trim($user_name);
109
110 if ($user_name === '') {
111 return $this->raiseError('No username given. Aborting', 'Client');
112 }
113
114 global $DIC;
115
116 $ilUser = $DIC->user();
117 $access = $DIC->access();
118
119 if (
120 strcasecmp($ilUser->getLogin(), $user_name) !== 0 &&
121 !$access->checkAccess(
122 'read_users',
123 '',
124 self::USER_FOLDER_ID
125 )
126 ) {
127 return $this->raiseError('Check access failed. ' . self::USER_FOLDER_ID, 'Server');
128 }
129
130 $user_id = ilObjUser::getUserIdByLogin($user_name);
131
132 return $user_id;
133 }
134
138 public function importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
139 {
140 $this->initAuth($sid);
141 $this->initIlias();
142
143 if (!$this->checkSession($sid)) {
144 return $this->raiseError($this->getMessage(), $this->getMessageCode());
145 }
146
147 global $DIC;
148
149 $rbacreview = $DIC['rbacreview'];
150 $rbacsystem = $DIC['rbacsystem'];
151 $access = $DIC->access();
152 $tree = $DIC['tree'];
153 $lng = $DIC['lng'];
154 $ilUser = $DIC['ilUser'];
155 $ilLog = $DIC['ilLog'];
156
157 // validate to prevent wrong XMLs
158 $usr_xml = ltrim($usr_xml); // Remove leading whitespace (including BOM if needed)
159
160 $doc = new DOMDocument();
161 libxml_use_internal_errors(true); // Capture parsing errors
162
163 $is_loadable = $doc->loadXML($usr_xml);
164 $errors = libxml_get_errors();
165 libxml_clear_errors();
166
167 if (!$is_loadable) {
168 $msg = [];
169 foreach ($errors as $err) {
170 $msg[] = "(" . $err->line . "," . $err->column . "): " . trim($err->message);
171 }
172 libxml_clear_errors();
173 $msg = implode("\n", $msg);
174 return $this->raiseError($msg, "Client");
175 }
176
177 switch ($conflict_rule) {
178 case 2:
179 $conflict_rule = ilUserImportParser::IL_UPDATE_ON_CONFLICT;
180 break;
181 case 3:
182 $conflict_rule = ilUserImportParser::IL_IGNORE_ON_CONFLICT;
183 break;
184 default:
185 $conflict_rule = ilUserImportParser::IL_FAIL_ON_CONFLICT;
186 }
187 if ($folder_id === 0 && !$access->checkAccess('create_usr', '', self::USER_FOLDER_ID)) {
188 return $this->raiseError(
189 'Missing permission for creating/modifying users accounts' . self::USER_FOLDER_ID . ' ' . $ilUser->getId(),
190 'Server'
191 );
192 }
193
194 // folder id 0, means to check permission on user basis!
195 // must have create user right in time_limit_owner property (which is ref_id of container)
196 if ($folder_id !== 0) {
197 // determine where to import
198 if ($folder_id === -1) {
199 $folder_id = self::USER_FOLDER_ID;
200 }
201
202 // get folder
203 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
204 // id does not exist
205 if (!$import_folder) {
206 return $this->raiseError('Wrong reference id.', 'Server');
207 }
208
209 // folder is not a folder, can also be a category
210 if ($import_folder->getType() !== "usrf" && $import_folder->getType() !== "cat") {
211 return $this->raiseError('Folder must be a usr folder or a category.', 'Server');
212 }
213
214 // check access to folder
215 if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
216 return $this->raiseError(
217 'Missing permission for creating users within ' . $import_folder->getTitle(),
218 'Server'
219 );
220 }
221 }
222
223 // first verify
224 $importParser = new ilUserImportParser("", ilUserImportParser::IL_VERIFY, $conflict_rule);
225 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
226 $importParser->setXMLContent($usr_xml);
227 $importParser->startParsing();
228
229 switch ($importParser->getErrorLevel()) {
230 case ilUserImportParser::IL_IMPORT_SUCCESS:
231 break;
232 case ilUserImportParser::IL_IMPORT_WARNING:
233 return $this->getImportProtocolAsXML($importParser->getProtocol());
234 break;
235 case ilUserImportParser::IL_IMPORT_FAILURE:
236 return $this->getImportProtocolAsXML($importParser->getProtocol());
237 }
238
239 // verify is ok, so get role assignments
240
241 $importParser = new ilUserImportParser("", ilUserImportParser::IL_EXTRACT_ROLES, $conflict_rule);
242 $importParser->setXMLContent($usr_xml);
243 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
244 $importParser->startParsing();
245
246 $roles = $importParser->getCollectedRoles();
247
248 //print_r($roles);
249
250 // roles to be assigned, skip if one is not allowed!
251 $permitted_roles = array();
252 foreach ($roles as $role_id => $role) {
253 if (!is_numeric($role_id)) {
254 // check if internal id
255 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
256
257 if (is_numeric($internalId) && $internalId > 0) {
258 $role_id = $internalId;
259 $role_name = $role_id;
260 }
261 }
262
263 if ($this->isPermittedRole($folder_id, $role_id)) {
264 $permitted_roles[$role_id] = $role_id;
265 } else {
266 $role_name = ilObject::_lookupTitle($role_id);
267 return $this->raiseError(
268 "Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
269 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
270 'Server'
271 );
272 }
273 }
274
275 $global_roles = $rbacreview->getGlobalRoles();
276
277 //print_r ($global_roles);
278
279 foreach ($permitted_roles as $role_id => $role_name) {
280 if ($role_id != "") {
281 if (in_array($role_id, $global_roles)) {
282 if (
283 (
284 $folder_id !== 0 &&
285 $folder_id !== self::USER_FOLDER_ID &&
286 !ilObjRole::_getAssignUsersStatus($role_id)
287 ) ||
288 (
289 $role_id == SYSTEM_ROLE_ID &&
290 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)
291 )
292 ) {
293 return $this->raiseError(
294 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
295 'Server'
296 );
297 }
298 } else {
299 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
300 if ($rbacreview->isDeleted($rolf[0])
301 || !$rbacsystem->checkAccess('write', $rolf[0])) {
302 return $this->raiseError(
303 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
304 "Server"
305 );
306 }
307 }
308 }
309 }
310
311 //print_r ($permitted_roles);
312
313 $importParser = new ilUserImportParser("", ilUserImportParser::IL_USER_IMPORT, $conflict_rule);
314 $importParser->setSendMail($send_account_mail);
315 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
316 $importParser->setFolderId($folder_id);
317 $importParser->setXMLContent($usr_xml);
318
319 $importParser->setRoleAssignment($permitted_roles);
320
321 $importParser->startParsing();
322
323 if ($importParser->getErrorLevel() !== ilUserImportParser::IL_IMPORT_FAILURE) {
324 return $this->getUserMappingAsXML($importParser->getUserMapping());
325 }
326 return $this->getImportProtocolAsXML($importParser->getProtocol());
327 }
328
329 protected function isPermittedRole(int $a_folder, int $a_role)
330 {
331 static $checked_roles = array();
332 static $global_roles = null;
333
334 if (isset($checked_roles[$a_role])) {
335 return $checked_roles[$a_role];
336 }
337
338 global $DIC;
339
340 $rbacsystem = $DIC['rbacsystem'];
341 $rbacreview = $DIC['rbacreview'];
342 $ilUser = $DIC['ilUser'];
343 $tree = $DIC['tree'];
344 $ilLog = $DIC['ilLog'];
345
346 $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
347 $location = $locations[0];
348
349 // global role
350 if ($location == ROLE_FOLDER_ID) {
351 $ilLog->write(__METHOD__ . ': Check global role');
352 // check assignment permission if called from local admin
353
354 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0) {
355 $ilLog->write(__METHOD__ . ': ' . $a_folder);
356 if (!ilObjRole::_getAssignUsersStatus($a_role)) {
357 $ilLog->write(__METHOD__ . ': No assignment allowed');
358 $checked_roles[$a_role] = false;
359 return false;
360 }
361 }
362 // exclude anonymous role from list
363 if ($a_role === ANONYMOUS_ROLE_ID) {
364 $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
365 $checked_roles[$a_role] = false;
366 return false;
367 }
368 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
369 if ($a_role === SYSTEM_ROLE_ID &&
370 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
371 $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
372 $checked_roles[$a_role] = false;
373 return false;
374 }
375
376 // Global role assignment ok
377 $ilLog->write(__METHOD__ . ': Assignment allowed.');
378 $checked_roles[$a_role] = true;
379 return true;
380 } elseif ($location) {
381 $ilLog->write(__METHOD__ . ': Check local role.');
382
383 // It's a local role
384 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
385 $rolf = $rolfs[0];
386
387 // only process role folders that are not set to status "deleted"
388 // and for which the user has write permissions.
389 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
390 // (The ROLE_FOLDER_ID folder contains the global roles).
391 if ($rbacreview->isDeleted($rolf)
392 || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
393 $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
394 $checked_roles[$a_role] = false;
395 return false;
396 }
397 // A local role is only displayed, if it is contained in the subtree of
398 // the localy administrated category. If the import function has been
399 // invoked from the user folder object, we show all local roles, because
400 // the user folder object is considered the parent of all local roles.
401 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
402 // isInSubtree variable with true. In all other cases it is initialized
403 // with false, and only set to true if we find the object id of the
404 // locally administrated category in the tree path to the local role.
405 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0 && !$tree->isGrandChild($a_folder, $rolf)) {
406 $ilLog->write(__METHOD__ . ': Not in path of category.');
407 $checked_roles[$a_role] = false;
408 return false;
409 }
410 $ilLog->write(__METHOD__ . ': Assignment allowed.');
411 $checked_roles[$a_role] = true;
412 return true;
413 }
414 return false;
415 }
416
420 public function getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
421 {
422 $this->initAuth($sid);
423 $this->initIlias();
424
425 if (!$this->checkSession($sid)) {
426 return $this->raiseError($this->getMessage(), $this->getMessageCode());
427 }
428
429 global $DIC;
430
431 $ilDB = $DIC['ilDB'];
432 $tree = $DIC['tree'];
433 $rbacreview = $DIC['rbacreview'];
434 $rbacsystem = $DIC['rbacsystem'];
435 $access = $DIC->access();
436
437 if ($ref_id === -1) {
438 $ref_id = self::USER_FOLDER_ID;
439 }
440
441 if (
442 $ref_id === self::USER_FOLDER_ID &&
443 !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)
444 ) {
445 return $this->raiseError('Access denied', "Client");
446 }
447
448 $object = $this->checkObjectAccess($ref_id, array("crs", "cat", "grp", "usrf", "sess"), "read", true);
449 if ($this->isFault($object)) {
450 return $object;
451 }
452
453 $data = [];
454 switch ($object->getType()) {
455 case "usrf":
456 $data = ilObjUser::_getUsersForFolder(self::USER_FOLDER_ID, $active);
457 break;
458 case "cat":
459 $data = ilObjUser::_getUsersForFolder($ref_id, $active);
460 break;
461 case "crs":
462 {
463 // GET ALL MEMBERS
464 $roles = $object->__getLocalRoles();
465
466 foreach ($roles as $role_id) {
467 $data = array_merge($rbacreview->assignedUsers($role_id), $data);
468 }
469
470 break;
471 }
472 case "grp":
473 $member_ids = $object->getGroupMemberIds();
474 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
475 break;
476 case "sess":
477 $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
478 if (!$course_ref_id) {
479 return $this->raiseError("No course for session", "Client");
480 }
481
482 $event_obj_id = ilObject::_lookupObjId($ref_id);
483 $event_part = new ilEventParticipants($event_obj_id);
484 $member_ids = array_keys($event_part->getParticipants());
485 $data = ilObjUser::_getUsersForIds($member_ids, $active);
486 break;
487 }
488
489 $xmlWriter = new ilUserXMLWriter();
490 $xmlWriter->setObjects($data);
491 $xmlWriter->setAttachRoles($attachRoles);
492
493 if ($xmlWriter->start()) {
494 return $xmlWriter->getXML();
495 }
496 // @todo for backward compatibility
497 return '';
498 }
499
503 public function getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
504 {
505 $this->initAuth($sid);
506 $this->initIlias();
507
508 if (!$this->checkSession($sid)) {
509 return $this->raiseError($this->getMessage(), $this->getMessageCode());
510 }
511
512 global $DIC;
513
514 $ilDB = $DIC['ilDB'];
515 $rbacreview = $DIC->rbac()->review();
516 $tree = $DIC->repositoryTree();
517 $ilUser = $DIC->user();
518 $access = $DIC->access();
519
520 $global_roles = $rbacreview->getGlobalRoles();
521
522 if (in_array($role_id, $global_roles, true)) {
523 // global roles
524 if ($role_id === SYSTEM_ROLE_ID &&
525 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
526 return $this->raiseError("Role access not permitted. ($role_id)", "Server");
527 }
528 } else {
529 // local roles
530 $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
531 $access_granted = true;
532 foreach ($rolfs as $rolf) {
533 if ($tree->isDeleted($rolf)) {
534 $access_granted = false;
535 }
536 $type = \ilObject::_lookupType($rolf, true);
537 switch ($type) {
538 case 'crs':
539 case 'grp':
540 if (!$access->checkAccess('manage_members', '', $rolf)) {
541 $access_granted = false;
542 }
543 break;
544 default:
545 if (!$access->checkAccess('edit_permission', '', $rolf)) {
546 $access_granted = false;
547 }
548 break;
549 }
550 }
551 // read user data must be granted
552 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
553 $access_granted = false;
554 }
555 if (!$access_granted || !count($rolfs)) {
556 return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
557 }
558 }
559
560 $data = ilObjUser::_getUsersForRole($role_id, $active);
561
562 $xmlWriter = new ilUserXMLWriter();
563 $xmlWriter->setAttachRoles($attachRoles);
564
565 $xmlWriter->setObjects($data);
566
567 if ($xmlWriter->start()) {
568 return $xmlWriter->getXML();
569 }
570 return $this->raiseError('Error in getUsersForRole', 'Server');
571 }
572
576 private function getImportProtocolAsXML(array $a_array): string
577 {
578 $xmlResultSet = new ilXMLResultSet();
579 $xmlResultSet->addColumn("userid");
580 $xmlResultSet->addColumn("login");
581 $xmlResultSet->addColumn("action");
582 $xmlResultSet->addColumn("message");
583
584 foreach ($a_array as $username => $messages) {
585 foreach ($messages as $message) {
586 $xmlRow = new ilXMLResultSetRow();
587 $xmlRow->setValue(0, 0);
588 $xmlRow->setValue(1, $username);
589 $xmlRow->setValue(2, "");
590 $xmlRow->setValue(3, $message);
591
592 $xmlResultSet->addRow($xmlRow);
593 }
594 }
595
596 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
597
598 if ($xml_writer->start()) {
599 return $xml_writer->getXML();
600 }
601
602 return $this->raiseError('Error in __getImportProtocolAsXML', 'Server');
603 }
604
609 private function getUserMappingAsXML(array $a_array)
610 {
611 $xmlResultSet = new ilXMLResultSet();
612 $xmlResultSet->addColumn("userid");
613 $xmlResultSet->addColumn("login");
614 $xmlResultSet->addColumn("action");
615 $xmlResultSet->addColumn("message");
616
617 if (count($a_array)) {
618 foreach ($a_array as $username => $message) {
619 $xmlRow = new ilXMLResultSetRow();
620 $xmlRow->setValue(0, $username);
621 $xmlRow->setValue(1, $message["login"]);
622 $xmlRow->setValue(2, $message["action"]);
623 $xmlRow->setValue(3, $message["message"]);
624
625 $xmlResultSet->addRow($xmlRow);
626 }
627 }
628
629 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
630
631 if ($xml_writer->start()) {
632 return $xml_writer->getXML();
633 }
634
635 return $this->raiseError('Error in __getUserMappingAsXML', 'Server');
636 }
637
648 public function searchUser(
649 string $sid,
650 array $a_keyfields,
651 string $query_operator,
652 array $a_keyvalues,
653 bool $attach_roles,
654 int $active
655 ) {
656 $this->initAuth($sid);
657 $this->initIlias();
658
659 if (!$this->checkSession($sid)) {
660 return $this->raiseError($this->getMessage(), $this->getMessageCode());
661 }
662
663 global $DIC;
664
665 $ilDB = $DIC['ilDB'];
666 $access = $DIC->access();
667
668 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
669 return $this->raiseError('Check access failed.', 'Server');
670 }
671 if (!count($a_keyfields)) {
672 $this->raiseError('At least one keyfield is needed', 'Client');
673 }
674
675 if (!count($a_keyvalues)) {
676 $this->raiseError('At least one keyvalue is needed', 'Client');
677 }
678
679 if (strcasecmp($query_operator, "and") !== 0 || strcasecmp($query_operator, "or") !== 0) {
680 $this->raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
681 }
682
683 $query = $this->buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
684
685 $query = "SELECT usr_data.*, usr_pref.value AS language
686 FROM usr_data
687 LEFT JOIN usr_pref
688 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
689 $ilDB->quote("language", "text") .
690 " WHERE 1 = 1 " . $query;
691
692 if ($active > -1) {
693 $query .= " AND active = " . $ilDB->quote($active);
694 }
695
696 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
697
698 //echo $query;
699
700 $r = $ilDB->query($query);
701
702 $data = array();
703
704 while ($row = $ilDB->fetchAssoc($r)) {
705 $data[] = $row;
706 }
707
708 $xmlWriter = new ilUserXMLWriter();
709 $xmlWriter->setAttachRoles($attach_roles);
710
711 $xmlWriter->setObjects($data);
712
713 if ($xmlWriter->start()) {
714 return $xmlWriter->getXML();
715 }
716 return $this->raiseError('Error in searchUser', 'Server');
717 }
718
722 private function buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues): string
723 {
724 global $DIC;
725
726 $ilDB = $DIC['ilDB'];
727 $query = array();
728
729 $allowed_fields = array("firstname",
730 "lastname",
731 "email",
732 "login",
733 "matriculation",
734 "institution",
735 "department",
736 "title",
737 "ext_account"
738 );
739
740 foreach ($a_keyfields as $keyfield) {
741 $keyfield = strtolower($keyfield);
742
743 if (!in_array($keyfield, $allowed_fields)) {
744 continue;
745 }
746
747 $field_query = array();
748 foreach ($a_keyvalues as $keyvalue) {
749 if (strlen($keyvalue) >= 3) {
750 $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
751 }
752 }
753 if (count($field_query)) {
754 $query [] = implode(" " . strtoupper($queryOperator) . " ", $field_query);
755 }
756 }
757
758 return count($query) ? " AND ((" . implode(") OR (", $query) . "))" : "AND 0";
759 }
760
764 public function getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
765 {
766 $this->initAuth($sid);
767 $this->initIlias();
768
769 if (!$this->checkSession($sid)) {
770 return $this->raiseError($this->getMessage(), $this->getMessageCode());
771 }
772
773 global $DIC;
774
775 $rbacsystem = $DIC['rbacsystem'];
776 $access = $DIC->access();
777 $ilUser = $DIC['ilUser'];
778 $ilDB = $DIC['ilDB'];
779
780 // check if own account
781 $is_self = false;
782 if (count($a_user_ids) === 1) {
783 $usr_id = (int) end($a_user_ids);
784 if ($usr_id === $ilUser->getId()) {
785 $is_self = true;
786 }
787 }
788
789 if (!$is_self && !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
790 return $this->raiseError('Check access failed.', 'Server');
791 }
792
793 $data = ilObjUser::_getUserData($a_user_ids);
794
795 $xmlWriter = new ilUserXMLWriter();
796 $xmlWriter->setAttachRoles($attach_roles);
797 $xmlWriter->setObjects($data);
798
799 if ($xmlWriter->start()) {
800 return $xmlWriter->getXML();
801 }
802
803 return $this->raiseError('User does not exist', 'Client');
804 }
805
806 public function hasNewMail(string $sid)
807 {
808 $this->initAuth($sid);
809 $this->initIlias();
810
811 if (!$this->checkSession($sid)) {
812 return $this->raiseError($this->getMessage(), $this->getMessageCode());
813 }
814
815 global $DIC;
816
817 $ilUser = $DIC['ilUser'];
818
819 return ilMailGlobalServices::getNewMailsData($ilUser)['count'] > 0;
820 }
821
825 public function getUserIdBySid(string $sid)
826 {
827 $this->initAuth($sid);
828 $this->initIlias();
829
830 if (!$this->checkSession($sid)) {
831 return $this->raiseError($this->getMessage(), $this->getMessageCode());
832 }
833
834 global $DIC;
835
836 $ilDB = $DIC['ilDB'];
837
838 $parts = explode('::', $sid);
839 $query = "SELECT usr_id FROM usr_session "
840 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
841 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
842 $data = $ilDB->fetchAssoc($res);
843
844 if (!(int) $data['usr_id']) {
845 $this->raiseError('User does not exist', 'Client');
846 }
847 return (int) $data['usr_id'];
848 }
849}
$location
$location
Definition: buildRTE.php:22
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilEventParticipants
class ilEventParticipants
Definition: class.ilEventParticipants.php:29
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilMailGlobalServices\getNewMailsData
static getNewMailsData(ilObjUser $user, int $left_interval=0)
Definition: class.ilMailGlobalServices.php:71
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObjUser\_getUsersForIds
static _getUsersForIds(array $a_mem_ids, int $active=-1, int $timelimitowner=-1)
Definition: class.ilObjUser.php:2034
ilObjUser\_getUserData
static _getUserData(array $a_internalids)
Definition: class.ilObjUser.php:2075
ilObjUser\_getUsersForFolder
static _getUsersForFolder(int $ref_id, int $active)
Definition: class.ilObjUser.php:1989
ilObjUser\_getUsersForGroup
static _getUsersForGroup(array $a_mem_ids, int $active=-1)
Definition: class.ilObjUser.php:2027
ilObjUser\getUserIdByLogin
static getUserIdByLogin(string $a_login)
Definition: class.ilObjUser.php:2780
ilObjUser\_getUsersForRole
static _getUsersForRole(int $role_id, int $active=-1)
Definition: class.ilObjUser.php:1951
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:413
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
ilSoapAdministration\checkObjectAccess
checkObjectAccess(int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
Definition: class.ilSoapAdministration.php:213
ilSoapUserAdministration\isPermittedRole
isPermittedRole(int $a_folder, int $a_role)
Definition: class.ilSoapUserAdministration.php:329
ilSoapUserAdministration\getImportProtocolAsXML
getImportProtocolAsXML(array $a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:576
ilSoapUserAdministration\login
login(string $client, string $username, string $password)
Definition: class.ilSoapUserAdministration.php:33
ilSoapUserAdministration\getUserForRole
getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:503
ilSoapUserAdministration\searchUser
searchUser(string $sid, array $a_keyfields, string $query_operator, array $a_keyvalues, bool $attach_roles, int $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:648
ilSoapUserAdministration\lookupUser
lookupUser(string $sid, string $user_name)
Definition: class.ilSoapUserAdministration.php:99
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:420
ilSoapUserAdministration\getUserXML
getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
Definition: class.ilSoapUserAdministration.php:764
ilSoapUserAdministration\getUserMappingAsXML
getUserMappingAsXML(array $a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:609
ilSoapUserAdministration\importUsers
importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
Definition: class.ilSoapUserAdministration.php:138
ilSoapUserAdministration\buildSearchQuery
buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:722
ilUserXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilUserXMLWriter.php:40
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1200
ilXMLResultSetRow
Row Class for XMLResultSet.
Definition: class.ilXMLResultSetRow.php:26
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:27
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
$client
$client
Definition: dummy_client.php:45
$ref_id
$ref_id
Definition: ltiauth.php:66
$res
$res
Definition: ltiservices.php:69
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61
$lng
global $lng
Definition: privfeed.php:31
$DIC
global $DIC
Definition: shib_login.php:26
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:52