/**
* Create new ILIAS account
*
* @access public
*
* @param string external username
*/
public function create($a_username)
{
$this->writer->xmlStartTag('Users');
// Single users
// Required fields
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), $new_name = ilAuthUtils::_generateLogin($a_username));
// Assign to role only for new users
$this->writer->xmlElement('Role', array('Id' => $this->rad_settings->getDefaultRole(), 'Type' => 'Global', 'Action' => 'Assign'), '');
$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
$this->writer->xmlElement('AuthMode', array('type' => 'radius'), 'radius');
$this->writer->xmlElement('ExternalAccount', array(), $a_username);
$this->writer->xmlEndTag('User');
$this->writer->xmlEndTag('Users');
$this->log->write('Radius: Started creation of user: '******'./Services/User/classes/class.ilUserImportParser.php';
$importParser = new ilUserImportParser();
$importParser->setXMLContent($this->writer->xmlDumpMem(false));
$importParser->setRoleAssignment(array($this->rad_settings->getDefaultRole() => $this->rad_settings->getDefaultRole()));
$importParser->setFolderId(7);
$importParser->startParsing();
return $new_name;
}
/**
* Create new ILIAS account
*
* @access public
*
* @param string external username
*/
public function create($a_username, $a_userdata = array())
{
$a_userdata = $this->parseFullname($a_userdata);
$this->writer->xmlStartTag('Users');
// Single users
// Required fields
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), $new_name = ilAuthUtils::_generateLogin($a_username));
// Assign to role only for new users
$this->writer->xmlElement('Role', array('Id' => $this->settings->getDefaultRole(), 'Type' => 'Global', 'Action' => 'Assign'), '');
if (isset($a_userdata['email'])) {
$this->writer->xmlElement('Email', array(), $a_userdata['email']);
}
if (isset($a_userdata['postcode'])) {
$this->writer->xmlElement('PostalCode', array(), $a_userdata['postcode']);
}
if (isset($a_userdata['dob']) and $a_userdata['dob']) {
$this->writer->xmlElement('Birthday', array(), $a_userdata['dob']);
}
if (isset($a_userdata['gender'])) {
$this->writer->xmlElement('Gender', array(), strtolower($a_userdata['gender']));
}
if (isset($a_userdata['title'])) {
$this->writer->xmlElement('Title', array(), $a_userdata['title']);
}
if (isset($a_userdata['firstname'])) {
$this->writer->xmlElement('Firstname', array(), $a_userdata['firstname']);
}
if (isset($a_userdata['lastname'])) {
$this->writer->xmlElement('Lastname', array(), $a_userdata['lastname']);
}
$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
$this->writer->xmlElement('AuthMode', array('type' => 'openid'), 'openid');
$this->writer->xmlElement('ExternalAccount', array(), $a_username);
$this->writer->xmlEndTag('User');
$this->writer->xmlEndTag('Users');
$this->log->write('OpenId: Started creation of user: '******'./Services/User/classes/class.ilUserImportParser.php';
$importParser = new ilUserImportParser();
$importParser->setXMLContent($this->writer->xmlDumpMem(false));
$importParser->setRoleAssignment(array($this->settings->getDefaultRole() => $this->settings->getDefaultRole()));
$importParser->setFolderId(7);
$importParser->startParsing();
// Assign timezone
if (isset($a_userdata['timezone'])) {
include_once './Services/Calendar/classes/class.ilCalendarUtil.php';
$tzs = ilCalendarUtil::_getShortTimeZoneList();
if (isset($tzs[$a_userdata['timezone']])) {
$usr_id = ilObjUser::_lookupId($new_name);
ilObjUser::_writePref($usr_id, 'user_tz', $a_userdata['timezone']);
}
}
return $new_name;
}
/**
* import users
*/
function importUsersObject()
{
global $rbacreview, $ilUser;
// Blind out tabs for local user import
if ($_GET["baseClass"] == 'ilRepositoryGUI') {
$this->tabs_gui->clearTargets();
}
include_once './Services/AccessControl/classes/class.ilObjRole.php';
include_once './Services/User/classes/class.ilUserImportParser.php';
global $rbacreview, $rbacsystem, $tree, $lng;
switch ($_POST["conflict_handling_choice"]) {
case "update_on_conflict":
$rule = IL_UPDATE_ON_CONFLICT;
break;
case "ignore_on_conflict":
default:
$rule = IL_IGNORE_ON_CONFLICT;
break;
}
$importParser = new ilUserImportParser($_POST["xml_file"], IL_USER_IMPORT, $rule);
$importParser->setFolderId($this->getUserOwnerId());
$import_dir = $this->getImportDir();
// Catch hack attempts
// We check here again, if the role folders are in the tree, and if the
// user has permission on the roles.
if ($_POST["role_assign"]) {
$global_roles = $rbacreview->getGlobalRoles();
$roles_of_user = $rbacreview->assignedRoles($ilUser->getId());
foreach ($_POST["role_assign"] as $role_id) {
if ($role_id != "") {
if (in_array($role_id, $global_roles)) {
if (!in_array(SYSTEM_ROLE_ID, $roles_of_user)) {
if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $roles_of_user) || $this->object->getRefId() != USER_FOLDER_ID && !ilObjRole::_getAssignUsersStatus($role_id)) {
ilUtil::delDir($import_dir);
$this->ilias->raiseError($this->lng->txt("usrimport_with_specified_role_not_permitted"), $this->ilias->error_obj->MESSAGE);
}
}
} else {
$rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
if ($rbacreview->isDeleted($rolf[0]) || !$rbacsystem->checkAccess('write', $tree->getParentId($rolf[0]))) {
ilUtil::delDir($import_dir);
$this->ilias->raiseError($this->lng->txt("usrimport_with_specified_role_not_permitted"), $this->ilias->error_obj->MESSAGE);
return;
}
}
}
}
}
$importParser->setRoleAssignment($_POST["role_assign"]);
$importParser->startParsing();
// purge user import directory
ilUtil::delDir($import_dir);
switch ($importParser->getErrorLevel()) {
case IL_IMPORT_SUCCESS:
ilUtil::sendSuccess($this->lng->txt("user_imported"), true);
break;
case IL_IMPORT_WARNING:
ilUtil::sendInfo($this->lng->txt("user_imported_with_warnings") . $importParser->getProtocolAsHTML($lng->txt("import_warning_log")), true);
break;
case IL_IMPORT_FAILURE:
$this->ilias->raiseError($this->lng->txt("user_import_failed") . $importParser->getProtocolAsHTML($lng->txt("import_failure_log")), $this->ilias->error_obj->MESSAGE);
break;
}
if (strtolower($_GET["baseClass"]) == "iladministrationgui") {
$this->ctrl->redirect($this, "view");
//ilUtil::redirect($this->ctrl->getLinkTarget($this));
} else {
$this->ctrl->redirectByClass('ilobjcategorygui', 'listUsers');
}
}
/**
* Create/Update non existing users
*
* @access public
*
*/
public function refresh()
{
global $rbacadmin;
$this->usersToXML();
include_once './Services/User/classes/class.ilUserImportParser.php';
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
$importParser = new ilUserImportParser();
$importParser->setXMLContent($this->writer->xmlDumpMem(false));
$importParser->setRoleAssignment(ilLDAPRoleAssignmentRules::getAllPossibleRoles());
$importParser->setFolderId(7);
$importParser->startParsing();
$debug = $importParser->getProtocol();
#var_dump("<pre>",$this->writer->xmlDumpMem(),"</pre>");
#print_r($this->writer->xmlDumpMem($format));
return true;
}
/**
*
* define ("IL_FAIL_ON_CONFLICT", 1);
* define ("IL_UPDATE_ON_CONFLICT", 2);
* define ("IL_IGNORE_ON_CONFLICT", 3);
*/
function importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
{
$this->initAuth($sid);
$this->initIlias();
if (!$this->__checkSession($sid)) {
return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
}
include_once './Services/User/classes/class.ilUserImportParser.php';
include_once './Services/AccessControl/classes/class.ilObjRole.php';
include_once './Services/Object/classes/class.ilObjectFactory.php';
global $rbacreview, $rbacsystem, $tree, $lng, $ilUser, $ilLog;
// this takes time but is nescessary
$error = false;
// validate to prevent wrong XMLs
$this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
if ($error) {
$msg = array();
if (is_array($error)) {
foreach ($error as $err) {
$msg[] = "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
}
} else {
$msg[] = $error;
}
$msg = join("\n", $msg);
return $this->__raiseError($msg, "Client");
}
switch ($conflict_rule) {
case 2:
$conflict_rule = IL_UPDATE_ON_CONFLICT;
break;
case 3:
$conflict_rule = IL_IGNORE_ON_CONFLICT;
break;
default:
$conflict_rule = IL_FAIL_ON_CONFLICT;
}
// folder id 0, means to check permission on user basis!
// must have create user right in time_limit_owner property (which is ref_id of container)
if ($folder_id != 0) {
// determine where to import
if ($folder_id == -1) {
$folder_id = USER_FOLDER_ID;
}
// get folder
$import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
// id does not exist
if (!$import_folder) {
return $this->__raiseError('Wrong reference id.', 'Server');
}
// folder is not a folder, can also be a category
if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat") {
return $this->__raiseError('Folder must be a usr folder or a category.', 'Server');
}
// check access to folder
if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
return $this->__raiseError('Missing permission for creating users within ' . $import_folder->getTitle(), 'Server');
}
}
// first verify
$importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
$importParser->setUserMappingMode(IL_USER_MAPPING_ID);
$importParser->setXMLContent($usr_xml);
$importParser->startParsing();
switch ($importParser->getErrorLevel()) {
case IL_IMPORT_SUCCESS:
break;
case IL_IMPORT_WARNING:
return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Warning"));
break;
case IL_IMPORT_FAILURE:
return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Failure"));
}
// verify is ok, so get role assignments
$importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
$importParser->setXMLContent($usr_xml);
$importParser->setUserMappingMode(IL_USER_MAPPING_ID);
$importParser->startParsing();
$roles = $importParser->getCollectedRoles();
//print_r($roles);
// roles to be assigned, skip if one is not allowed!
$permitted_roles = array();
foreach ($roles as $role_id => $role) {
if (!is_numeric($role_id)) {
// check if internal id
$internalId = ilUtil::__extractId($role_id, IL_INST_ID);
if (is_numeric($internalId)) {
$role_id = $internalId;
$role_name = $role_id;
}
/* else // perhaps it is a rolename
{
$role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
$role_name = $role->title;
$role_id = $role->role_id;
}*/
}
if ($this->isPermittedRole($folder_id, $role_id)) {
$permitted_roles[$role_id] = $role_id;
} else {
$role_name = ilObject::_lookupTitle($role_id);
return $this->__raiseError("Could not find role " . $role_name . ". Either you use an invalid/deleted role " . "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.", 'Server');
}
}
$global_roles = $rbacreview->getGlobalRoles();
//print_r ($global_roles);
foreach ($permitted_roles as $role_id => $role_name) {
if ($role_id != "") {
if (in_array($role_id, $global_roles)) {
if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId())) || $folder_id != USER_FOLDER_ID && $folder_id != 0 && !ilObjRole::_getAssignUsersStatus($role_id)) {
return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " {$role_name} ({$role_id})", 'Server');
}
} else {
$rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
if ($rbacreview->isDeleted($rolf[0]) || !$rbacsystem->checkAccess('write', $tree->getParentId($rolf[0]))) {
return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " {$role_name} ({$role_id})", "Server");
}
}
}
}
//print_r ($permitted_roles);
$importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
$importParser->setSendMail($send_account_mail);
$importParser->setUserMappingMode(IL_USER_MAPPING_ID);
$importParser->setFolderId($folder_id);
$importParser->setXMLContent($usr_xml);
$importParser->setRoleAssignment($permitted_roles);
$importParser->startParsing();
if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE) {
return $this->__getUserMappingAsXML($importParser->getUserMapping());
}
return $this->__getImportProtocolAsXML($importParser->getProtocol());
}
