/**
  *
  * define ("IL_FAIL_ON_CONFLICT", 1);
  * define ("IL_UPDATE_ON_CONFLICT", 2);
  * define ("IL_IGNORE_ON_CONFLICT", 3);
  */
 function importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
 {
     $this->initAuth($sid);
     $this->initIlias();
     if (!$this->__checkSession($sid)) {
         return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
     }
     include_once './Services/User/classes/class.ilUserImportParser.php';
     include_once './Services/AccessControl/classes/class.ilObjRole.php';
     include_once './Services/Object/classes/class.ilObjectFactory.php';
     global $rbacreview, $rbacsystem, $tree, $lng, $ilUser, $ilLog;
     // this takes time but is nescessary
     $error = false;
     // validate to prevent wrong XMLs
     $this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
     if ($error) {
         $msg = array();
         if (is_array($error)) {
             foreach ($error as $err) {
                 $msg[] = "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
             }
         } else {
             $msg[] = $error;
         }
         $msg = join("\n", $msg);
         return $this->__raiseError($msg, "Client");
     }
     switch ($conflict_rule) {
         case 2:
             $conflict_rule = IL_UPDATE_ON_CONFLICT;
             break;
         case 3:
             $conflict_rule = IL_IGNORE_ON_CONFLICT;
             break;
         default:
             $conflict_rule = IL_FAIL_ON_CONFLICT;
     }
     // folder id 0, means to check permission on user basis!
     // must have create user right in time_limit_owner property (which is ref_id of container)
     if ($folder_id != 0) {
         // determine where to import
         if ($folder_id == -1) {
             $folder_id = USER_FOLDER_ID;
         }
         // get folder
         $import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
         // id does not exist
         if (!$import_folder) {
             return $this->__raiseError('Wrong reference id.', 'Server');
         }
         // folder is not a folder, can also be a category
         if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat") {
             return $this->__raiseError('Folder must be a usr folder or a category.', 'Server');
         }
         // check access to folder
         if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
             return $this->__raiseError('Missing permission for creating users within ' . $import_folder->getTitle(), 'Server');
         }
     }
     // first verify
     $importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
     $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
     $importParser->setXMLContent($usr_xml);
     $importParser->startParsing();
     switch ($importParser->getErrorLevel()) {
         case IL_IMPORT_SUCCESS:
             break;
         case IL_IMPORT_WARNING:
             return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Warning"));
             break;
         case IL_IMPORT_FAILURE:
             return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Failure"));
     }
     // verify is ok, so get role assignments
     $importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
     $importParser->setXMLContent($usr_xml);
     $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
     $importParser->startParsing();
     $roles = $importParser->getCollectedRoles();
     //print_r($roles);
     // roles to be assigned, skip if one is not allowed!
     $permitted_roles = array();
     foreach ($roles as $role_id => $role) {
         if (!is_numeric($role_id)) {
             // check if internal id
             $internalId = ilUtil::__extractId($role_id, IL_INST_ID);
             if (is_numeric($internalId)) {
                 $role_id = $internalId;
                 $role_name = $role_id;
             }
             /*				else // perhaps it is a rolename
             				{
             					$role  = ilSoapUserAdministration::__getRoleForRolename ($role_id);
             					$role_name = $role->title;
             					$role_id = $role->role_id;
             				}*/
         }
         if ($this->isPermittedRole($folder_id, $role_id)) {
             $permitted_roles[$role_id] = $role_id;
         } else {
             $role_name = ilObject::_lookupTitle($role_id);
             return $this->__raiseError("Could not find role " . $role_name . ". Either you use an invalid/deleted role " . "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.", 'Server');
         }
     }
     $global_roles = $rbacreview->getGlobalRoles();
     //print_r ($global_roles);
     foreach ($permitted_roles as $role_id => $role_name) {
         if ($role_id != "") {
             if (in_array($role_id, $global_roles)) {
                 if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId())) || $folder_id != USER_FOLDER_ID && $folder_id != 0 && !ilObjRole::_getAssignUsersStatus($role_id)) {
                     return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " {$role_name} ({$role_id})", 'Server');
                 }
             } else {
                 $rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
                 if ($rbacreview->isDeleted($rolf[0]) || !$rbacsystem->checkAccess('write', $tree->getParentId($rolf[0]))) {
                     return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " {$role_name} ({$role_id})", "Server");
                 }
             }
         }
     }
     //print_r ($permitted_roles);
     $importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
     $importParser->setSendMail($send_account_mail);
     $importParser->setUserMappingMode(IL_USER_MAPPING_ID);
     $importParser->setFolderId($folder_id);
     $importParser->setXMLContent($usr_xml);
     $importParser->setRoleAssignment($permitted_roles);
     $importParser->startParsing();
     if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE) {
         return $this->__getUserMappingAsXML($importParser->getUserMapping());
     }
     return $this->__getImportProtocolAsXML($importParser->getProtocol());
 }