ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1<?php
24class ilSoapUserAdministration extends ilSoapAdministration
25{
26 public const USER_FOLDER_ID = 7;
27
31 public function login(string $client, string $username, string $password)
32 {
33 unset($_COOKIE[session_name()]);
34 $_COOKIE['ilClientId'] = $client;
35
36 try {
37 $this->initIlias();
38 } catch (Exception $e) {
39 return $this->raiseError($e->getMessage(), 'Server');
40 }
41
42 // now try authentication
43 $credentials = new ilAuthFrontendCredentials();
44 $credentials->setUsername($username);
45 $credentials->setPassword($password);
46
47 $provider_factory = new ilAuthProviderFactory();
48 $providers = $provider_factory->getProviders($credentials);
49
50 $status = ilAuthStatus::getInstance();
51
52 $frontend_factory = new ilAuthFrontendFactory();
53 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_WS);
54 $frontend = $frontend_factory->getFrontend(
55 $GLOBALS['DIC']['ilAuthSession'],
56 $status,
57 $credentials,
58 $providers
59 );
60
61 $frontend->authenticate();
62
63 switch ($status->getStatus()) {
64 case ilAuthStatus::STATUS_AUTHENTICATED:
65 ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
66 return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
67
68 default:
69 case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
70 return $this->raiseError(
71 $status->getReason(),
72 'Server'
73 );
74 }
75 }
76
80 public function logout(string $sid)
81 {
82 $this->initAuth($sid);
83 $this->initIlias();
84
85 if (!$this->checkSession($sid)) {
86 return $this->raiseError($this->getMessage(), $this->getMessageCode());
87 }
88
89 ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
90 $GLOBALS['DIC']['ilAuthSession']->logout();
91 return true;
92 }
93
97 public function lookupUser(string $sid, string $user_name)
98 {
99 $this->initAuth($sid);
100 $this->initIlias();
101
102 if (!$this->checkSession($sid)) {
103 return $this->raiseError($this->getMessage(), $this->getMessageCode());
104 }
105
106 $user_name = trim($user_name);
107
108 if ($user_name === '') {
109 return $this->raiseError('No username given. Aborting', 'Client');
110 }
111
112 global $DIC;
113
114 $ilUser = $DIC->user();
115 $access = $DIC->access();
116
117 if (
118 strcasecmp($ilUser->getLogin(), $user_name) !== 0 &&
119 !$access->checkAccess(
120 'read_users',
121 '',
122 self::USER_FOLDER_ID
123 )
124 ) {
125 return $this->raiseError('Check access failed. ' . self::USER_FOLDER_ID, 'Server');
126 }
127
128 $user_id = ilObjUser::getUserIdByLogin($user_name);
129
130 return $user_id;
131 }
132
136 public function importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
137 {
138 $this->initAuth($sid);
139 $this->initIlias();
140
141 if (!$this->checkSession($sid)) {
142 return $this->raiseError($this->getMessage(), $this->getMessageCode());
143 }
144
145 global $DIC;
146
147 $rbacreview = $DIC['rbacreview'];
148 $rbacsystem = $DIC['rbacsystem'];
149 $access = $DIC->access();
150 $tree = $DIC['tree'];
151 $lng = $DIC['lng'];
152 $ilUser = $DIC['ilUser'];
153 $ilLog = $DIC['ilLog'];
154
155 // this takes time but is nescessary
156 $error = false;
157
158 // validate to prevent wrong XMLs
159 @domxml_open_mem($usr_xml, DOMXML_LOAD_PARSING, $error);
160 if ($error) {
161 $msg = array();
162 if (is_array($error)) {
163 foreach ($error as $err) {
164 $msg [] = "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
165 }
166 } else {
167 $msg[] = $error;
168 }
169 $msg = implode("\n", $msg);
170 return $this->raiseError($msg, "Client");
171 }
172
173 switch ($conflict_rule) {
174 case 2:
175 $conflict_rule = ilUserImportParser::IL_UPDATE_ON_CONFLICT;
176 break;
177 case 3:
178 $conflict_rule = ilUserImportParser::IL_IGNORE_ON_CONFLICT;
179 break;
180 default:
181 $conflict_rule = ilUserImportParser::IL_FAIL_ON_CONFLICT;
182 }
183 if ($folder_id === 0 && !$access->checkAccess('create_usr', '', self::USER_FOLDER_ID)) {
184 return $this->raiseError(
185 'Missing permission for creating/modifying users accounts' . self::USER_FOLDER_ID . ' ' . $ilUser->getId(),
186 'Server'
187 );
188 }
189
190 // folder id 0, means to check permission on user basis!
191 // must have create user right in time_limit_owner property (which is ref_id of container)
192 if ($folder_id !== 0) {
193 // determine where to import
194 if ($folder_id === -1) {
195 $folder_id = self::USER_FOLDER_ID;
196 }
197
198 // get folder
199 $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
200 // id does not exist
201 if (!$import_folder) {
202 return $this->raiseError('Wrong reference id.', 'Server');
203 }
204
205 // folder is not a folder, can also be a category
206 if ($import_folder->getType() !== "usrf" && $import_folder->getType() !== "cat") {
207 return $this->raiseError('Folder must be a usr folder or a category.', 'Server');
208 }
209
210 // check access to folder
211 if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
212 return $this->raiseError(
213 'Missing permission for creating users within ' . $import_folder->getTitle(),
214 'Server'
215 );
216 }
217 }
218
219 // first verify
220 $importParser = new ilUserImportParser("", ilUserImportParser::IL_VERIFY, $conflict_rule);
221 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
222 $importParser->setXMLContent($usr_xml);
223 $importParser->startParsing();
224
225 switch ($importParser->getErrorLevel()) {
226 case ilUserImportParser::IL_IMPORT_SUCCESS:
227 break;
228 case ilUserImportParser::IL_IMPORT_WARNING:
229 return $this->getImportProtocolAsXML($importParser->getProtocol());
230 break;
231 case ilUserImportParser::IL_IMPORT_FAILURE:
232 return $this->getImportProtocolAsXML($importParser->getProtocol());
233 }
234
235 // verify is ok, so get role assignments
236
237 $importParser = new ilUserImportParser("", ilUserImportParser::IL_EXTRACT_ROLES, $conflict_rule);
238 $importParser->setXMLContent($usr_xml);
239 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
240 $importParser->startParsing();
241
242 $roles = $importParser->getCollectedRoles();
243
244 //print_r($roles);
245
246 // roles to be assigned, skip if one is not allowed!
247 $permitted_roles = array();
248 foreach ($roles as $role_id => $role) {
249 if (!is_numeric($role_id)) {
250 // check if internal id
251 $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
252
253 if (is_numeric($internalId) && $internalId > 0) {
254 $role_id = $internalId;
255 $role_name = $role_id;
256 }
257 }
258
259 if ($this->isPermittedRole($folder_id, $role_id)) {
260 $permitted_roles[$role_id] = $role_id;
261 } else {
262 $role_name = ilObject::_lookupTitle($role_id);
263 return $this->raiseError(
264 "Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
265 "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
266 'Server'
267 );
268 }
269 }
270
271 $global_roles = $rbacreview->getGlobalRoles();
272
273 //print_r ($global_roles);
274
275 foreach ($permitted_roles as $role_id => $role_name) {
276 if ($role_id != "") {
277 if (in_array($role_id, $global_roles)) {
278 if (
279 (
280 $folder_id !== 0 &&
281 $folder_id !== self::USER_FOLDER_ID &&
282 !ilObjRole::_getAssignUsersStatus($role_id)
283 ) ||
284 (
285 $role_id == SYSTEM_ROLE_ID &&
286 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)
287 )
288 ) {
289 return $this->raiseError(
290 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
291 'Server'
292 );
293 }
294 } else {
295 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
296 if ($rbacreview->isDeleted($rolf[0])
297 || !$rbacsystem->checkAccess('write', $rolf[0])) {
298 return $this->raiseError(
299 $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
300 "Server"
301 );
302 }
303 }
304 }
305 }
306
307 //print_r ($permitted_roles);
308
309 $importParser = new ilUserImportParser("", ilUserImportParser::IL_USER_IMPORT, $conflict_rule);
310 $importParser->setSendMail($send_account_mail);
311 $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
312 $importParser->setFolderId($folder_id);
313 $importParser->setXMLContent($usr_xml);
314
315 $importParser->setRoleAssignment($permitted_roles);
316
317 $importParser->startParsing();
318
319 if ($importParser->getErrorLevel() !== ilUserImportParser::IL_IMPORT_FAILURE) {
320 return $this->getUserMappingAsXML($importParser->getUserMapping());
321 }
322 return $this->getImportProtocolAsXML($importParser->getProtocol());
323 }
324
325 protected function isPermittedRole(int $a_folder, int $a_role)
326 {
327 static $checked_roles = array();
328 static $global_roles = null;
329
330 if (isset($checked_roles[$a_role])) {
331 return $checked_roles[$a_role];
332 }
333
334 global $DIC;
335
336 $rbacsystem = $DIC['rbacsystem'];
337 $rbacreview = $DIC['rbacreview'];
338 $ilUser = $DIC['ilUser'];
339 $tree = $DIC['tree'];
340 $ilLog = $DIC['ilLog'];
341
342 $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
343 $location = $locations[0];
344
345 // global role
346 if ($location == ROLE_FOLDER_ID) {
347 $ilLog->write(__METHOD__ . ': Check global role');
348 // check assignment permission if called from local admin
349
350 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0) {
351 $ilLog->write(__METHOD__ . ': ' . $a_folder);
352 if (!ilObjRole::_getAssignUsersStatus($a_role)) {
353 $ilLog->write(__METHOD__ . ': No assignment allowed');
354 $checked_roles[$a_role] = false;
355 return false;
356 }
357 }
358 // exclude anonymous role from list
359 if ($a_role === ANONYMOUS_ROLE_ID) {
360 $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
361 $checked_roles[$a_role] = false;
362 return false;
363 }
364 // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
365 if ($a_role === SYSTEM_ROLE_ID &&
366 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
367 $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
368 $checked_roles[$a_role] = false;
369 return false;
370 }
371
372 // Global role assignment ok
373 $ilLog->write(__METHOD__ . ': Assignment allowed.');
374 $checked_roles[$a_role] = true;
375 return true;
376 } elseif ($location) {
377 $ilLog->write(__METHOD__ . ': Check local role.');
378
379 // It's a local role
380 $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
381 $rolf = $rolfs[0];
382
383 // only process role folders that are not set to status "deleted"
384 // and for which the user has write permissions.
385 // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
386 // (The ROLE_FOLDER_ID folder contains the global roles).
387 if ($rbacreview->isDeleted($rolf)
388 || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
389 $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
390 $checked_roles[$a_role] = false;
391 return false;
392 }
393 // A local role is only displayed, if it is contained in the subtree of
394 // the localy administrated category. If the import function has been
395 // invoked from the user folder object, we show all local roles, because
396 // the user folder object is considered the parent of all local roles.
397 // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
398 // isInSubtree variable with true. In all other cases it is initialized
399 // with false, and only set to true if we find the object id of the
400 // locally administrated category in the tree path to the local role.
401 if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0 && !$tree->isGrandChild($a_folder, $rolf)) {
402 $ilLog->write(__METHOD__ . ': Not in path of category.');
403 $checked_roles[$a_role] = false;
404 return false;
405 }
406 $ilLog->write(__METHOD__ . ': Assignment allowed.');
407 $checked_roles[$a_role] = true;
408 return true;
409 }
410 return false;
411 }
412
416 public function getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
417 {
418 $this->initAuth($sid);
419 $this->initIlias();
420
421 if (!$this->checkSession($sid)) {
422 return $this->raiseError($this->getMessage(), $this->getMessageCode());
423 }
424
425 global $DIC;
426
427 $ilDB = $DIC['ilDB'];
428 $tree = $DIC['tree'];
429 $rbacreview = $DIC['rbacreview'];
430 $rbacsystem = $DIC['rbacsystem'];
431 $access = $DIC->access();
432
433 if ($ref_id === -1) {
434 $ref_id = self::USER_FOLDER_ID;
435 }
436
437 if (
438 $ref_id === self::USER_FOLDER_ID &&
439 !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)
440 ) {
441 return $this->raiseError('Access denied', "Client");
442 }
443
444 $object = $this->checkObjectAccess($ref_id, array("crs", "cat", "grp", "usrf", "sess"), "read", true);
445 if ($this->isFault($object)) {
446 return $object;
447 }
448
449 $data = [];
450 switch ($object->getType()) {
451 case "usrf":
452 $data = ilObjUser::_getUsersForFolder(self::USER_FOLDER_ID, $active);
453 break;
454 case "cat":
455 $data = ilObjUser::_getUsersForFolder($ref_id, $active);
456 break;
457 case "crs":
458 {
459 // GET ALL MEMBERS
460 $roles = $object->__getLocalRoles();
461
462 foreach ($roles as $role_id) {
463 $data = array_merge($rbacreview->assignedUsers($role_id), $data);
464 }
465
466 break;
467 }
468 case "grp":
469 $member_ids = $object->getGroupMemberIds();
470 $data = ilObjUser::_getUsersForGroup($member_ids, $active);
471 break;
472 case "sess":
473 $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
474 if (!$course_ref_id) {
475 return $this->raiseError("No course for session", "Client");
476 }
477
478 $event_obj_id = ilObject::_lookupObjId($ref_id);
479 $event_part = new ilEventParticipants($event_obj_id);
480 $member_ids = array_keys($event_part->getParticipants());
481 $data = ilObjUser::_getUsersForIds($member_ids, $active);
482 break;
483 }
484
485 $xmlWriter = new ilUserXMLWriter();
486 $xmlWriter->setObjects($data);
487 $xmlWriter->setAttachRoles($attachRoles);
488
489 if ($xmlWriter->start()) {
490 return $xmlWriter->getXML();
491 }
492 // @todo for backward compatibility
493 return '';
494 }
495
499 public function getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
500 {
501 $this->initAuth($sid);
502 $this->initIlias();
503
504 if (!$this->checkSession($sid)) {
505 return $this->raiseError($this->getMessage(), $this->getMessageCode());
506 }
507
508 global $DIC;
509
510 $ilDB = $DIC['ilDB'];
511 $rbacreview = $DIC->rbac()->review();
512 $tree = $DIC->repositoryTree();
513 $ilUser = $DIC->user();
514 $access = $DIC->access();
515
516 $global_roles = $rbacreview->getGlobalRoles();
517
518 if (in_array($role_id, $global_roles, true)) {
519 // global roles
520 if ($role_id === SYSTEM_ROLE_ID &&
521 !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
522 return $this->raiseError("Role access not permitted. ($role_id)", "Server");
523 }
524 } else {
525 // local roles
526 $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
527 $access_granted = true;
528 foreach ($rolfs as $rolf) {
529 if ($tree->isDeleted($rolf)) {
530 $access_granted = false;
531 }
532 $type = \ilObject::_lookupType($rolf, true);
533 switch ($type) {
534 case 'crs':
535 case 'grp':
536 if (!$access->checkAccess('manage_members', '', $rolf)) {
537 $access_granted = false;
538 }
539 break;
540 default:
541 if (!$access->checkAccess('edit_permission', '', $rolf)) {
542 $access_granted = false;
543 }
544 break;
545 }
546 }
547 // read user data must be granted
548 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
549 $access_granted = false;
550 }
551 if (!$access_granted || !count($rolfs)) {
552 return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
553 }
554 }
555
556 $data = ilObjUser::_getUsersForRole($role_id, $active);
557
558 $xmlWriter = new ilUserXMLWriter();
559 $xmlWriter->setAttachRoles($attachRoles);
560
561 $xmlWriter->setObjects($data);
562
563 if ($xmlWriter->start()) {
564 return $xmlWriter->getXML();
565 }
566 return $this->raiseError('Error in getUsersForRole', 'Server');
567 }
568
572 private function getImportProtocolAsXML(array $a_array): string
573 {
574 $xmlResultSet = new ilXMLResultSet();
575 $xmlResultSet->addColumn("userid");
576 $xmlResultSet->addColumn("login");
577 $xmlResultSet->addColumn("action");
578 $xmlResultSet->addColumn("message");
579
580 foreach ($a_array as $username => $messages) {
581 foreach ($messages as $message) {
582 $xmlRow = new ilXMLResultSetRow();
583 $xmlRow->setValue(0, 0);
584 $xmlRow->setValue(1, $username);
585 $xmlRow->setValue(2, "");
586 $xmlRow->setValue(3, $message);
587
588 $xmlResultSet->addRow($xmlRow);
589 }
590 }
591
592 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
593
594 if ($xml_writer->start()) {
595 return $xml_writer->getXML();
596 }
597
598 return $this->raiseError('Error in __getImportProtocolAsXML', 'Server');
599 }
600
605 private function getUserMappingAsXML(array $a_array)
606 {
607 $xmlResultSet = new ilXMLResultSet();
608 $xmlResultSet->addColumn("userid");
609 $xmlResultSet->addColumn("login");
610 $xmlResultSet->addColumn("action");
611 $xmlResultSet->addColumn("message");
612
613 if (count($a_array)) {
614 foreach ($a_array as $username => $message) {
615 $xmlRow = new ilXMLResultSetRow();
616 $xmlRow->setValue(0, $username);
617 $xmlRow->setValue(1, $message["login"]);
618 $xmlRow->setValue(2, $message["action"]);
619 $xmlRow->setValue(3, $message["message"]);
620
621 $xmlResultSet->addRow($xmlRow);
622 }
623 }
624
625 $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
626
627 if ($xml_writer->start()) {
628 return $xml_writer->getXML();
629 }
630
631 return $this->raiseError('Error in __getUserMappingAsXML', 'Server');
632 }
633
644 public function searchUser(
645 string $sid,
646 array $a_keyfields,
647 string $query_operator,
648 array $a_keyvalues,
649 bool $attach_roles,
650 int $active
651 ) {
652 $this->initAuth($sid);
653 $this->initIlias();
654
655 if (!$this->checkSession($sid)) {
656 return $this->raiseError($this->getMessage(), $this->getMessageCode());
657 }
658
659 global $DIC;
660
661 $ilDB = $DIC['ilDB'];
662 $access = $DIC->access();
663
664 if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
665 return $this->raiseError('Check access failed.', 'Server');
666 }
667 if (!count($a_keyfields)) {
668 $this->raiseError('At least one keyfield is needed', 'Client');
669 }
670
671 if (!count($a_keyvalues)) {
672 $this->raiseError('At least one keyvalue is needed', 'Client');
673 }
674
675 if (strcasecmp($query_operator, "and") !== 0 || strcasecmp($query_operator, "or") !== 0) {
676 $this->raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
677 }
678
679 $query = $this->buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
680
681 $query = "SELECT usr_data.*, usr_pref.value AS language
682 FROM usr_data
683 LEFT JOIN usr_pref
684 ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
685 $ilDB->quote("language", "text") .
686 " WHERE 1 = 1 " . $query;
687
688 if ($active > -1) {
689 $query .= " AND active = " . $ilDB->quote($active);
690 }
691
692 $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
693
694 //echo $query;
695
696 $r = $ilDB->query($query);
697
698 $data = array();
699
700 while ($row = $ilDB->fetchAssoc($r)) {
701 $data[] = $row;
702 }
703
704 $xmlWriter = new ilUserXMLWriter();
705 $xmlWriter->setAttachRoles($attach_roles);
706
707 $xmlWriter->setObjects($data);
708
709 if ($xmlWriter->start()) {
710 return $xmlWriter->getXML();
711 }
712 return $this->raiseError('Error in searchUser', 'Server');
713 }
714
718 private function buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues): string
719 {
720 global $DIC;
721
722 $ilDB = $DIC['ilDB'];
723 $query = array();
724
725 $allowed_fields = array("firstname",
726 "lastname",
727 "email",
728 "login",
729 "matriculation",
730 "institution",
731 "department",
732 "title",
733 "ext_account"
734 );
735
736 foreach ($a_keyfields as $keyfield) {
737 $keyfield = strtolower($keyfield);
738
739 if (!in_array($keyfield, $allowed_fields)) {
740 continue;
741 }
742
743 $field_query = array();
744 foreach ($a_keyvalues as $keyvalue) {
745 if (strlen($keyvalue) >= 3) {
746 $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
747 }
748 }
749 if (count($field_query)) {
750 $query [] = implode(" " . strtoupper($queryOperator) . " ", $field_query);
751 }
752 }
753
754 return count($query) ? " AND ((" . implode(") OR (", $query) . "))" : "AND 0";
755 }
756
760 public function getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
761 {
762 $this->initAuth($sid);
763 $this->initIlias();
764
765 if (!$this->checkSession($sid)) {
766 return $this->raiseError($this->getMessage(), $this->getMessageCode());
767 }
768
769 global $DIC;
770
771 $rbacsystem = $DIC['rbacsystem'];
772 $access = $DIC->access();
773 $ilUser = $DIC['ilUser'];
774 $ilDB = $DIC['ilDB'];
775
776 // check if own account
777 $is_self = false;
778 if (count($a_user_ids) === 1) {
779 $usr_id = (int) end($a_user_ids);
780 if ($usr_id === $ilUser->getId()) {
781 $is_self = true;
782 }
783 }
784
785 if (!$is_self && !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
786 return $this->raiseError('Check access failed.', 'Server');
787 }
788
789 $data = ilObjUser::_getUserData($a_user_ids);
790
791 $xmlWriter = new ilUserXMLWriter();
792 $xmlWriter->setAttachRoles($attach_roles);
793 $xmlWriter->setObjects($data);
794
795 if ($xmlWriter->start()) {
796 return $xmlWriter->getXML();
797 }
798
799 return $this->raiseError('User does not exist', 'Client');
800 }
801
802 public function hasNewMail(string $sid)
803 {
804 $this->initAuth($sid);
805 $this->initIlias();
806
807 if (!$this->checkSession($sid)) {
808 return $this->raiseError($this->getMessage(), $this->getMessageCode());
809 }
810
811 global $DIC;
812
813 $ilUser = $DIC['ilUser'];
814
815 return ilMailGlobalServices::getNewMailsData($ilUser)['count'] > 0;
816 }
817
821 public function getUserIdBySid(string $sid)
822 {
823 $this->initAuth($sid);
824 $this->initIlias();
825
826 if (!$this->checkSession($sid)) {
827 return $this->raiseError($this->getMessage(), $this->getMessageCode());
828 }
829
830 global $DIC;
831
832 $ilDB = $DIC['ilDB'];
833
834 $parts = explode('::', $sid);
835 $query = "SELECT usr_id FROM usr_session "
836 . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
837 $res = $ilDB->queryF($query, array('text'), array($parts[0]));
838 $data = $ilDB->fetchAssoc($res);
839
840 if (!(int) $data['usr_id']) {
841 $this->raiseError('User does not exist', 'Client');
842 }
843 return (int) $data['usr_id'];
844 }
845}
$location
$location
Definition: buildRTE.php:22
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const int STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:29
ilAuthStatus\STATUS_AUTHENTICATED
const int STATUS_AUTHENTICATED
Definition: class.ilAuthStatus.php:28
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:52
ilEventParticipants
class ilEventParticipants
Definition: class.ilEventParticipants.php:29
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilMailGlobalServices\getNewMailsData
static getNewMailsData(ilObjUser $user, int $left_interval=0)
Definition: class.ilMailGlobalServices.php:71
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObjUser\_getUsersForIds
static _getUsersForIds(array $a_mem_ids, int $active=-1, int $timelimitowner=-1)
Definition: class.ilObjUser.php:2059
ilObjUser\_getUserData
static _getUserData(array $a_internalids)
Definition: class.ilObjUser.php:2100
ilObjUser\_getUsersForFolder
static _getUsersForFolder(int $ref_id, int $active)
Definition: class.ilObjUser.php:2014
ilObjUser\_getUsersForGroup
static _getUsersForGroup(array $a_mem_ids, int $active=-1)
Definition: class.ilObjUser.php:2052
ilObjUser\getUserIdByLogin
static getUserIdByLogin(string $a_login)
Definition: class.ilObjUser.php:2872
ilObjUser\_getUsersForRole
static _getUsersForRole(int $role_id, int $active=-1)
Definition: class.ilObjUser.php:1976
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:413
ilSession\SESSION_CLOSE_USER
const int SESSION_CLOSE_USER
Definition: class.ilSession.php:28
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
ilSoapAdministration\checkObjectAccess
checkObjectAccess(int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true
Definition: class.ilSoapAdministration.php:213
ilSoapUserAdministration\isPermittedRole
isPermittedRole(int $a_folder, int $a_role)
Definition: class.ilSoapUserAdministration.php:325
ilSoapUserAdministration\getImportProtocolAsXML
getImportProtocolAsXML(array $a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:572
ilSoapUserAdministration\login
login(string $client, string $username, string $password)
Definition: class.ilSoapUserAdministration.php:31
ilSoapUserAdministration\getUserForRole
getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:499
ilSoapUserAdministration\searchUser
searchUser(string $sid, array $a_keyfields, string $query_operator, array $a_keyvalues, bool $attach_roles, int $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:644
ilSoapUserAdministration\lookupUser
lookupUser(string $sid, string $user_name)
Definition: class.ilSoapUserAdministration.php:97
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:416
ilSoapUserAdministration\getUserXML
getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
Definition: class.ilSoapUserAdministration.php:760
ilSoapUserAdministration\getUserMappingAsXML
getUserMappingAsXML(array $a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:605
ilSoapUserAdministration\importUsers
importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
Definition: class.ilSoapUserAdministration.php:136
ilSoapUserAdministration\buildSearchQuery
buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:718
ilUserXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilUserXMLWriter.php:35
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1200
ilXMLResultSetRow
Row Class for XMLResultSet.
Definition: class.ilXMLResultSetRow.php:26
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:27
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
$client
$client
Definition: dummy_client.php:45
$ref_id
$ref_id
Definition: ltiauth.php:66
$res
$res
Definition: ltiservices.php:69
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61
$lng
global $lng
Definition: privfeed.php:31
$DIC
global $DIC
Definition: shib_login.php:26
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:54
$messages
$messages
Definition: xapiexit.php:21
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54