ILIAS  trunk Revision v11.0_alpha-1715-g7fc467680fb
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilSoapUserAdministration.php
Go to the documentation of this file.
1 <?php
24 class ilSoapUserAdministration extends ilSoapAdministration
25 {
26  public const USER_FOLDER_ID = 7;
27 
31  public function login(string $client, string $username, string $password)
32  {
33  unset($_COOKIE[session_name()]);
34  $_COOKIE['ilClientId'] = $client;
35 
36  try {
37  $this->initIlias();
38  } catch (Exception $e) {
39  return $this->raiseError($e->getMessage(), 'Server');
40  }
41 
42  // now try authentication
43  $credentials = new ilAuthFrontendCredentials();
44  $credentials->setUsername($username);
45  $credentials->setPassword($password);
46 
47  $provider_factory = new ilAuthProviderFactory();
48  $providers = $provider_factory->getProviders($credentials);
49 
50  $status = ilAuthStatus::getInstance();
51 
52  $frontend_factory = new ilAuthFrontendFactory();
53  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_WS);
54  $frontend = $frontend_factory->getFrontend(
55  $GLOBALS['DIC']['ilAuthSession'],
56  $status,
57  $credentials,
58  $providers
59  );
60 
61  $frontend->authenticate();
62 
63  switch ($status->getStatus()) {
64  case ilAuthStatus::STATUS_AUTHENTICATED:
65  ilLoggerFactory::getLogger('auth')->debug('Authentication successful.');
66  return $GLOBALS['DIC']['ilAuthSession']->getId() . '::' . $client;
67 
68  default:
69  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
70  return $this->raiseError(
71  $status->getReason(),
72  'Server'
73  );
74  }
75  }
76 
80  public function logout(string $sid)
81  {
82  $this->initAuth($sid);
83  $this->initIlias();
84 
85  if (!$this->checkSession($sid)) {
86  return $this->raiseError($this->getMessage(), $this->getMessageCode());
87  }
88 
89  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
90  $GLOBALS['DIC']['ilAuthSession']->logout();
91  return true;
92  }
93 
97  public function lookupUser(string $sid, string $user_name)
98  {
99  $this->initAuth($sid);
100  $this->initIlias();
101 
102  if (!$this->checkSession($sid)) {
103  return $this->raiseError($this->getMessage(), $this->getMessageCode());
104  }
105 
106  $user_name = trim($user_name);
107 
108  if ($user_name === '') {
109  return $this->raiseError('No username given. Aborting', 'Client');
110  }
111 
112  global $DIC;
113 
114  $ilUser = $DIC->user();
115  $access = $DIC->access();
116 
117  if (
118  strcasecmp($ilUser->getLogin(), $user_name) !== 0 &&
119  !$access->checkAccess(
120  'read_users',
121  '',
122  self::USER_FOLDER_ID
123  )
124  ) {
125  return $this->raiseError('Check access failed. ' . self::USER_FOLDER_ID, 'Server');
126  }
127 
128  $user_id = ilObjUser::getUserIdByLogin($user_name);
129 
130  return $user_id;
131  }
132 
136  public function importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
137  {
138  $this->initAuth($sid);
139  $this->initIlias();
140 
141  if (!$this->checkSession($sid)) {
142  return $this->raiseError($this->getMessage(), $this->getMessageCode());
143  }
144 
145  global $DIC;
146 
147  $rbacreview = $DIC['rbacreview'];
148  $rbacsystem = $DIC['rbacsystem'];
149  $access = $DIC->access();
150  $tree = $DIC['tree'];
151  $lng = $DIC['lng'];
152  $ilUser = $DIC['ilUser'];
153  $ilLog = $DIC['ilLog'];
154 
155  // this takes time but is nescessary
156  $error = false;
157 
158  // validate to prevent wrong XMLs
159  @domxml_open_mem($usr_xml, DOMXML_LOAD_PARSING, $error);
160  if ($error) {
161  $msg = array();
162  if (is_array($error)) {
163  foreach ($error as $err) {
164  $msg [] = "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
165  }
166  } else {
167  $msg[] = $error;
168  }
169  $msg = implode("\n", $msg);
170  return $this->raiseError($msg, "Client");
171  }
172 
173  switch ($conflict_rule) {
174  case 2:
175  $conflict_rule = ilUserImportParser::IL_UPDATE_ON_CONFLICT;
176  break;
177  case 3:
178  $conflict_rule = ilUserImportParser::IL_IGNORE_ON_CONFLICT;
179  break;
180  default:
181  $conflict_rule = ilUserImportParser::IL_FAIL_ON_CONFLICT;
182  }
183  if ($folder_id === 0 && !$access->checkAccess('create_usr', '', self::USER_FOLDER_ID)) {
184  return $this->raiseError(
185  'Missing permission for creating/modifying users accounts' . self::USER_FOLDER_ID . ' ' . $ilUser->getId(),
186  'Server'
187  );
188  }
189 
190  // folder id 0, means to check permission on user basis!
191  // must have create user right in time_limit_owner property (which is ref_id of container)
192  if ($folder_id !== 0) {
193  // determine where to import
194  if ($folder_id === -1) {
195  $folder_id = self::USER_FOLDER_ID;
196  }
197 
198  // get folder
199  $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
200  // id does not exist
201  if (!$import_folder) {
202  return $this->raiseError('Wrong reference id.', 'Server');
203  }
204 
205  // folder is not a folder, can also be a category
206  if ($import_folder->getType() !== "usrf" && $import_folder->getType() !== "cat") {
207  return $this->raiseError('Folder must be a usr folder or a category.', 'Server');
208  }
209 
210  // check access to folder
211  if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
212  return $this->raiseError(
213  'Missing permission for creating users within ' . $import_folder->getTitle(),
214  'Server'
215  );
216  }
217  }
218 
219  // first verify
220  $importParser = new ilUserImportParser("", ilUserImportParser::IL_VERIFY, $conflict_rule);
221  $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
222  $importParser->setXMLContent($usr_xml);
223  $importParser->startParsing();
224 
225  switch ($importParser->getErrorLevel()) {
226  case ilUserImportParser::IL_IMPORT_SUCCESS:
227  break;
228  case ilUserImportParser::IL_IMPORT_WARNING:
229  return $this->getImportProtocolAsXML($importParser->getProtocol());
230  break;
231  case ilUserImportParser::IL_IMPORT_FAILURE:
232  return $this->getImportProtocolAsXML($importParser->getProtocol());
233  }
234 
235  // verify is ok, so get role assignments
236 
237  $importParser = new ilUserImportParser("", ilUserImportParser::IL_EXTRACT_ROLES, $conflict_rule);
238  $importParser->setXMLContent($usr_xml);
239  $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
240  $importParser->startParsing();
241 
242  $roles = $importParser->getCollectedRoles();
243 
244  //print_r($roles);
245 
246  // roles to be assigned, skip if one is not allowed!
247  $permitted_roles = array();
248  foreach ($roles as $role_id => $role) {
249  if (!is_numeric($role_id)) {
250  // check if internal id
251  $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
252 
253  if (is_numeric($internalId) && $internalId > 0) {
254  $role_id = $internalId;
255  $role_name = $role_id;
256  }
257  }
258 
259  if ($this->isPermittedRole($folder_id, $role_id)) {
260  $permitted_roles[$role_id] = $role_id;
261  } else {
262  $role_name = ilObject::_lookupTitle($role_id);
263  return $this->raiseError(
264  "Could not find role " . $role_name . ". Either you use an invalid/deleted role " .
265  "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.",
266  'Server'
267  );
268  }
269  }
270 
271  $global_roles = $rbacreview->getGlobalRoles();
272 
273  //print_r ($global_roles);
274 
275  foreach ($permitted_roles as $role_id => $role_name) {
276  if ($role_id != "") {
277  if (in_array($role_id, $global_roles)) {
278  if (
279  (
280  $folder_id !== 0 &&
281  $folder_id !== self::USER_FOLDER_ID &&
282  !ilObjRole::_getAssignUsersStatus($role_id)
283  ) ||
284  (
285  $role_id == SYSTEM_ROLE_ID &&
286  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)
287  )
288  ) {
289  return $this->raiseError(
290  $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
291  'Server'
292  );
293  }
294  } else {
295  $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
296  if ($rbacreview->isDeleted($rolf[0])
297  || !$rbacsystem->checkAccess('write', $rolf[0])) {
298  return $this->raiseError(
299  $lng->txt("usrimport_with_specified_role_not_permitted") . " $role_name ($role_id)",
300  "Server"
301  );
302  }
303  }
304  }
305  }
306 
307  //print_r ($permitted_roles);
308 
309  $importParser = new ilUserImportParser("", ilUserImportParser::IL_USER_IMPORT, $conflict_rule);
310  $importParser->setSendMail($send_account_mail);
311  $importParser->setUserMappingMode(ilUserImportParser::IL_USER_MAPPING_ID);
312  $importParser->setFolderId($folder_id);
313  $importParser->setXMLContent($usr_xml);
314 
315  $importParser->setRoleAssignment($permitted_roles);
316 
317  $importParser->startParsing();
318 
319  if ($importParser->getErrorLevel() !== ilUserImportParser::IL_IMPORT_FAILURE) {
320  return $this->getUserMappingAsXML($importParser->getUserMapping());
321  }
322  return $this->getImportProtocolAsXML($importParser->getProtocol());
323  }
324 
325  protected function isPermittedRole(int $a_folder, int $a_role)
326  {
327  static $checked_roles = array();
328  static $global_roles = null;
329 
330  if (isset($checked_roles[$a_role])) {
331  return $checked_roles[$a_role];
332  }
333 
334  global $DIC;
335 
336  $rbacsystem = $DIC['rbacsystem'];
337  $rbacreview = $DIC['rbacreview'];
338  $ilUser = $DIC['ilUser'];
339  $tree = $DIC['tree'];
340  $ilLog = $DIC['ilLog'];
341 
342  $locations = $rbacreview->getFoldersAssignedToRole($a_role, true);
343  $location = $locations[0];
344 
345  // global role
346  if ($location == ROLE_FOLDER_ID) {
347  $ilLog->write(__METHOD__ . ': Check global role');
348  // check assignment permission if called from local admin
349 
350  if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0) {
351  $ilLog->write(__METHOD__ . ': ' . $a_folder);
352  if (!ilObjRole::_getAssignUsersStatus($a_role)) {
353  $ilLog->write(__METHOD__ . ': No assignment allowed');
354  $checked_roles[$a_role] = false;
355  return false;
356  }
357  }
358  // exclude anonymous role from list
359  if ($a_role === ANONYMOUS_ROLE_ID) {
360  $ilLog->write(__METHOD__ . ': Anonymous role chosen.');
361  $checked_roles[$a_role] = false;
362  return false;
363  }
364  // do not allow to assign users to administrator role if current user does not has SYSTEM_ROLE_ID
365  if ($a_role === SYSTEM_ROLE_ID &&
366  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
367  $ilLog->write(__METHOD__ . ': System role assignment forbidden.');
368  $checked_roles[$a_role] = false;
369  return false;
370  }
371 
372  // Global role assignment ok
373  $ilLog->write(__METHOD__ . ': Assignment allowed.');
374  $checked_roles[$a_role] = true;
375  return true;
376  } elseif ($location) {
377  $ilLog->write(__METHOD__ . ': Check local role.');
378 
379  // It's a local role
380  $rolfs = $rbacreview->getFoldersAssignedToRole($a_role, true);
381  $rolf = $rolfs[0];
382 
383  // only process role folders that are not set to status "deleted"
384  // and for which the user has write permissions.
385  // We also don't show the roles which are in the ROLE_FOLDER_ID folder.
386  // (The ROLE_FOLDER_ID folder contains the global roles).
387  if ($rbacreview->isDeleted($rolf)
388  || !$rbacsystem->checkAccess('edit_permission', $rolf)) {
389  $ilLog->write(__METHOD__ . ': Role deleted or no permission.');
390  $checked_roles[$a_role] = false;
391  return false;
392  }
393  // A local role is only displayed, if it is contained in the subtree of
394  // the localy administrated category. If the import function has been
395  // invoked from the user folder object, we show all local roles, because
396  // the user folder object is considered the parent of all local roles.
397  // Thus, if we start from the user folder object, we initializ$isInSubtree = $folder_id == USER_FOLDER_ID || $folder_id == 0;e the
398  // isInSubtree variable with true. In all other cases it is initialized
399  // with false, and only set to true if we find the object id of the
400  // locally administrated category in the tree path to the local role.
401  if ($a_folder !== self::USER_FOLDER_ID && $a_folder !== 0 && !$tree->isGrandChild($a_folder, $rolf)) {
402  $ilLog->write(__METHOD__ . ': Not in path of category.');
403  $checked_roles[$a_role] = false;
404  return false;
405  }
406  $ilLog->write(__METHOD__ . ': Assignment allowed.');
407  $checked_roles[$a_role] = true;
408  return true;
409  }
410  return false;
411  }
412 
416  public function getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
417  {
418  $this->initAuth($sid);
419  $this->initIlias();
420 
421  if (!$this->checkSession($sid)) {
422  return $this->raiseError($this->getMessage(), $this->getMessageCode());
423  }
424 
425  global $DIC;
426 
427  $ilDB = $DIC['ilDB'];
428  $tree = $DIC['tree'];
429  $rbacreview = $DIC['rbacreview'];
430  $rbacsystem = $DIC['rbacsystem'];
431  $access = $DIC->access();
432 
433  if ($ref_id === -1) {
434  $ref_id = self::USER_FOLDER_ID;
435  }
436 
437  if (
438  $ref_id === self::USER_FOLDER_ID &&
439  !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)
440  ) {
441  return $this->raiseError('Access denied', "Client");
442  }
443 
444  $object = $this->checkObjectAccess($ref_id, array("crs", "cat", "grp", "usrf", "sess"), "read", true);
445  if ($this->isFault($object)) {
446  return $object;
447  }
448 
449  $data = [];
450  switch ($object->getType()) {
451  case "usrf":
452  $data = ilObjUser::_getUsersForFolder(self::USER_FOLDER_ID, $active);
453  break;
454  case "cat":
455  $data = ilObjUser::_getUsersForFolder($ref_id, $active);
456  break;
457  case "crs":
458  {
459  // GET ALL MEMBERS
460  $roles = $object->__getLocalRoles();
461 
462  foreach ($roles as $role_id) {
463  $data = array_merge($rbacreview->assignedUsers($role_id), $data);
464  }
465 
466  break;
467  }
468  case "grp":
469  $member_ids = $object->getGroupMemberIds();
470  $data = ilObjUser::_getUsersForGroup($member_ids, $active);
471  break;
472  case "sess":
473  $course_ref_id = $tree->checkForParentType($ref_id, 'crs');
474  if (!$course_ref_id) {
475  return $this->raiseError("No course for session", "Client");
476  }
477 
478  $event_obj_id = ilObject::_lookupObjId($ref_id);
479  $event_part = new ilEventParticipants($event_obj_id);
480  $member_ids = array_keys($event_part->getParticipants());
481  $data = ilObjUser::_getUsersForIds($member_ids, $active);
482  break;
483  }
484 
485  $xmlWriter = new ilUserXMLWriter();
486  $xmlWriter->setObjects($data);
487  $xmlWriter->setAttachRoles($attachRoles);
488 
489  if ($xmlWriter->start()) {
490  return $xmlWriter->getXML();
491  }
492  // @todo for backward compatibility
493  return '';
494  }
495 
499  public function getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
500  {
501  $this->initAuth($sid);
502  $this->initIlias();
503 
504  if (!$this->checkSession($sid)) {
505  return $this->raiseError($this->getMessage(), $this->getMessageCode());
506  }
507 
508  global $DIC;
509 
510  $ilDB = $DIC['ilDB'];
511  $rbacreview = $DIC->rbac()->review();
512  $tree = $DIC->repositoryTree();
513  $ilUser = $DIC->user();
514  $access = $DIC->access();
515 
516  $global_roles = $rbacreview->getGlobalRoles();
517 
518  if (in_array($role_id, $global_roles, true)) {
519  // global roles
520  if ($role_id === SYSTEM_ROLE_ID &&
521  !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
522  return $this->raiseError("Role access not permitted. ($role_id)", "Server");
523  }
524  } else {
525  // local roles
526  $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);
527  $access_granted = true;
528  foreach ($rolfs as $rolf) {
529  if ($tree->isDeleted($rolf)) {
530  $access_granted = false;
531  }
532  $type = \ilObject::_lookupType($rolf, true);
533  switch ($type) {
534  case 'crs':
535  case 'grp':
536  if (!$access->checkAccess('manage_members', '', $rolf)) {
537  $access_granted = false;
538  }
539  break;
540  default:
541  if (!$access->checkAccess('edit_permission', '', $rolf)) {
542  $access_granted = false;
543  }
544  break;
545  }
546  }
547  // read user data must be granted
548  if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
549  $access_granted = false;
550  }
551  if (!$access_granted || !count($rolfs)) {
552  return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
553  }
554  }
555 
556  $data = ilObjUser::_getUsersForRole($role_id, $active);
557 
558  $xmlWriter = new ilUserXMLWriter();
559  $xmlWriter->setAttachRoles($attachRoles);
560 
561  $xmlWriter->setObjects($data);
562 
563  if ($xmlWriter->start()) {
564  return $xmlWriter->getXML();
565  }
566  return $this->raiseError('Error in getUsersForRole', 'Server');
567  }
568 
572  private function getImportProtocolAsXML(array $a_array): string
573  {
574  $xmlResultSet = new ilXMLResultSet();
575  $xmlResultSet->addColumn("userid");
576  $xmlResultSet->addColumn("login");
577  $xmlResultSet->addColumn("action");
578  $xmlResultSet->addColumn("message");
579 
580  foreach ($a_array as $username => $messages) {
581  foreach ($messages as $message) {
582  $xmlRow = new ilXMLResultSetRow();
583  $xmlRow->setValue(0, 0);
584  $xmlRow->setValue(1, $username);
585  $xmlRow->setValue(2, "");
586  $xmlRow->setValue(3, $message);
587 
588  $xmlResultSet->addRow($xmlRow);
589  }
590  }
591 
592  $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
593 
594  if ($xml_writer->start()) {
595  return $xml_writer->getXML();
596  }
597 
598  return $this->raiseError('Error in __getImportProtocolAsXML', 'Server');
599  }
600 
605  private function getUserMappingAsXML(array $a_array)
606  {
607  $xmlResultSet = new ilXMLResultSet();
608  $xmlResultSet->addColumn("userid");
609  $xmlResultSet->addColumn("login");
610  $xmlResultSet->addColumn("action");
611  $xmlResultSet->addColumn("message");
612 
613  if (count($a_array)) {
614  foreach ($a_array as $username => $message) {
615  $xmlRow = new ilXMLResultSetRow();
616  $xmlRow->setValue(0, $username);
617  $xmlRow->setValue(1, $message["login"]);
618  $xmlRow->setValue(2, $message["action"]);
619  $xmlRow->setValue(3, $message["message"]);
620 
621  $xmlResultSet->addRow($xmlRow);
622  }
623  }
624 
625  $xml_writer = new ilXMLResultSetWriter($xmlResultSet);
626 
627  if ($xml_writer->start()) {
628  return $xml_writer->getXML();
629  }
630 
631  return $this->raiseError('Error in __getUserMappingAsXML', 'Server');
632  }
633 
644  public function searchUser(
645  string $sid,
646  array $a_keyfields,
647  string $query_operator,
648  array $a_keyvalues,
649  bool $attach_roles,
650  int $active
651  ) {
652  $this->initAuth($sid);
653  $this->initIlias();
654 
655  if (!$this->checkSession($sid)) {
656  return $this->raiseError($this->getMessage(), $this->getMessageCode());
657  }
658 
659  global $DIC;
660 
661  $ilDB = $DIC['ilDB'];
662  $access = $DIC->access();
663 
664  if (!$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
665  return $this->raiseError('Check access failed.', 'Server');
666  }
667  if (!count($a_keyfields)) {
668  $this->raiseError('At least one keyfield is needed', 'Client');
669  }
670 
671  if (!count($a_keyvalues)) {
672  $this->raiseError('At least one keyvalue is needed', 'Client');
673  }
674 
675  if (strcasecmp($query_operator, "and") !== 0 || strcasecmp($query_operator, "or") !== 0) {
676  $this->raiseError('Query operator must be either \'and\' or \'or\'', 'Client');
677  }
678 
679  $query = $this->buildSearchQuery($a_keyfields, $query_operator, $a_keyvalues);
680 
681  $query = "SELECT usr_data.*, usr_pref.value AS language
682  FROM usr_data
683  LEFT JOIN usr_pref
684  ON usr_pref.usr_id = usr_data.usr_id AND usr_pref.keyword = " .
685  $ilDB->quote("language", "text") .
686  " WHERE 1 = 1 " . $query;
687 
688  if ($active > -1) {
689  $query .= " AND active = " . $ilDB->quote($active);
690  }
691 
692  $query .= " ORDER BY usr_data.lastname, usr_data.firstname ";
693 
694  //echo $query;
695 
696  $r = $ilDB->query($query);
697 
698  $data = array();
699 
700  while ($row = $ilDB->fetchAssoc($r)) {
701  $data[] = $row;
702  }
703 
704  $xmlWriter = new ilUserXMLWriter();
705  $xmlWriter->setAttachRoles($attach_roles);
706 
707  $xmlWriter->setObjects($data);
708 
709  if ($xmlWriter->start()) {
710  return $xmlWriter->getXML();
711  }
712  return $this->raiseError('Error in searchUser', 'Server');
713  }
714 
718  private function buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues): string
719  {
720  global $DIC;
721 
722  $ilDB = $DIC['ilDB'];
723  $query = array();
724 
725  $allowed_fields = array("firstname",
726  "lastname",
727  "email",
728  "login",
729  "matriculation",
730  "institution",
731  "department",
732  "title",
733  "ext_account"
734  );
735 
736  foreach ($a_keyfields as $keyfield) {
737  $keyfield = strtolower($keyfield);
738 
739  if (!in_array($keyfield, $allowed_fields)) {
740  continue;
741  }
742 
743  $field_query = array();
744  foreach ($a_keyvalues as $keyvalue) {
745  if (strlen($keyvalue) >= 3) {
746  $field_query [] = $ilDB->like($ilDB->quoteIdentifier($keyfield), 'text', '%' . $keyvalue . "%");
747  }
748  }
749  if (count($field_query)) {
750  $query [] = implode(" " . strtoupper($queryOperator) . " ", $field_query);
751  }
752  }
753 
754  return count($query) ? " AND ((" . implode(") OR (", $query) . "))" : "AND 0";
755  }
756 
760  public function getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
761  {
762  $this->initAuth($sid);
763  $this->initIlias();
764 
765  if (!$this->checkSession($sid)) {
766  return $this->raiseError($this->getMessage(), $this->getMessageCode());
767  }
768 
769  global $DIC;
770 
771  $rbacsystem = $DIC['rbacsystem'];
772  $access = $DIC->access();
773  $ilUser = $DIC['ilUser'];
774  $ilDB = $DIC['ilDB'];
775 
776  // check if own account
777  $is_self = false;
778  if (count($a_user_ids) === 1) {
779  $usr_id = (int) end($a_user_ids);
780  if ($usr_id === $ilUser->getId()) {
781  $is_self = true;
782  }
783  }
784 
785  if (!$is_self && !$access->checkAccess('read_users', '', self::USER_FOLDER_ID)) {
786  return $this->raiseError('Check access failed.', 'Server');
787  }
788 
789  $data = ilObjUser::_getUserData($a_user_ids);
790 
791  $xmlWriter = new ilUserXMLWriter();
792  $xmlWriter->setAttachRoles($attach_roles);
793  $xmlWriter->setObjects($data);
794 
795  if ($xmlWriter->start()) {
796  return $xmlWriter->getXML();
797  }
798 
799  return $this->raiseError('User does not exist', 'Client');
800  }
801 
802  public function hasNewMail(string $sid)
803  {
804  $this->initAuth($sid);
805  $this->initIlias();
806 
807  if (!$this->checkSession($sid)) {
808  return $this->raiseError($this->getMessage(), $this->getMessageCode());
809  }
810 
811  global $DIC;
812 
813  $ilUser = $DIC['ilUser'];
814 
815  return ilMailGlobalServices::getNewMailsData($ilUser)['count'] > 0;
816  }
817 
821  public function getUserIdBySid(string $sid)
822  {
823  $this->initAuth($sid);
824  $this->initIlias();
825 
826  if (!$this->checkSession($sid)) {
827  return $this->raiseError($this->getMessage(), $this->getMessageCode());
828  }
829 
830  global $DIC;
831 
832  $ilDB = $DIC['ilDB'];
833 
834  $parts = explode('::', $sid);
835  $query = "SELECT usr_id FROM usr_session "
836  . "INNER JOIN usr_data ON usr_id = user_id WHERE session_id = %s";
837  $res = $ilDB->queryF($query, array('text'), array($parts[0]));
838  $data = $ilDB->fetchAssoc($res);
839 
840  if (!(int) $data['usr_id']) {
841  $this->raiseError('User does not exist', 'Client');
842  }
843  return (int) $data['usr_id'];
844  }
845 }
$res
$res
Definition: ltiservices.php:66
ilObjUser\_getUsersForRole
static _getUsersForRole(int $role_id, int $active=-1)
return array of complete users which belong to a specific role
Definition: class.ilObjUser.php:3291
ilXMLResultSetWriter
XML Writer for XMLResultSet.
Definition: class.ilXMLResultSetWriter.php:26
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
USER_FOLDER_ID
const USER_FOLDER_ID
Definition: constants.php:33
ilSoapUserAdministration\buildSearchQuery
buildSearchQuery(array $a_keyfields, string $queryOperator, array $a_keyvalues)
create search term according to parameters
Definition: class.ilSoapUserAdministration.php:718
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61
$location
$location
Definition: buildRTE.php:22
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilSoapUserAdministration\getUserMappingAsXML
getUserMappingAsXML(array $a_array)
return user mapping as xml
Definition: class.ilSoapUserAdministration.php:605
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:27
ilSoapAdministration\raiseError
raiseError(string $a_message, $a_code)
Definition: class.ilSoapAdministration.php:186
ilSoapUserAdministration\isPermittedRole
isPermittedRole(int $a_folder, int $a_role)
Definition: class.ilSoapUserAdministration.php:325
ilXMLResultSetRow
Row Class for XMLResultSet.
Definition: class.ilXMLResultSetRow.php:25
ilObjUser\_getUsersForGroup
static _getUsersForGroup(array $a_mem_ids, int $active=-1)
return user data for group members
Definition: class.ilObjUser.php:3378
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:923
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
$client
$client
Definition: dummy_client.php:45
ilObjUser\getUserIdByLogin
static getUserIdByLogin(string $a_login)
Definition: class.ilObjUser.php:2079
$messages
$messages
Definition: xapiexit.php:21
ilMailGlobalServices\getNewMailsData
static getNewMailsData(ilObjUser $user, int $leftInterval=0)
Definition: class.ilMailGlobalServices.php:72
$ref_id
$ref_id
Definition: ltiauth.php:65
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:33
ilUserXMLWriter
XML writer class Class to simplify manual writing of xml documents.
Definition: class.ilUserXMLWriter.php:30
ilObjectFactory\getInstanceByRefId
static getInstanceByRefId(int $ref_id, bool $stop_on_error=true)
get an instance of an Ilias object by reference id
Definition: class.ilObjectFactory.php:141
$DIC
global $DIC
Definition: shib_login.php:22
ilObjUser\_getUserData
static _getUserData(array $a_internalids)
return user data for given user ids
Definition: class.ilObjUser.php:3439
ilSoapAdministration\checkObjectAccess
checkObjectAccess(int $ref_id, array $expected_type, string $permission, bool $returnObject=false)
check access for ref id: expected type, permission, return object instance if returnobject is true ...
Definition: class.ilSoapAdministration.php:213
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilSoapUserAdministration\login
login(string $client, string $username, string $password)
Definition: class.ilSoapUserAdministration.php:31
ilEventParticipants
class ilEventParticipants
Definition: class.ilEventParticipants.php:28
ilSoapUserAdministration\getUsersForContainer
getUsersForContainer(string $sid, int $ref_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:416
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ilSoapUserAdministration\lookupUser
lookupUser(string $sid, string $user_name)
Definition: class.ilSoapUserAdministration.php:97
ilObjUser\_getUsersForFolder
static _getUsersForFolder(int $ref_id, int $active)
get users for a category or from system folder
Definition: class.ilObjUser.php:3334
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
ilUtil\__extractId
static __extractId(string $ilias_id, int $inst_id)
extract ref id from role title, e.g.
Definition: class.ilUtil.php:1193
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:429
$lng
global $lng
Definition: privfeed.php:31
ilSoapUserAdministration\importUsers
importUsers(string $sid, int $folder_id, string $usr_xml, int $conflict_rule, bool $send_account_mail)
Definition: class.ilSoapUserAdministration.php:136
ilSoapUserAdministration\searchUser
searchUser(string $sid, array $a_keyfields, string $query_operator, array $a_keyvalues, bool $attach_roles, int $active)
return user xml following dtd 3.7
Definition: class.ilSoapUserAdministration.php:644
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
ilSoapUserAdministration\getUserXML
getUserXML(string $sid, array $a_user_ids, bool $attach_roles)
Definition: class.ilSoapUserAdministration.php:760
ilObjUser\_getUsersForIds
static _getUsersForIds(array $a_mem_ids, int $active=-1, int $timelimitowner=-1)
return user data for given user id
Definition: class.ilObjUser.php:3391
ilSoapUserAdministration\getImportProtocolAsXML
getImportProtocolAsXML(array $a_array)
Create XML ResultSet.
Definition: class.ilSoapUserAdministration.php:572
ilSoapUserAdministration\getUserForRole
getUserForRole(string $sid, int $role_id, bool $attachRoles, int $active)
Definition: class.ilSoapUserAdministration.php:499
$r
$r
Definition: shib_logout.php:140