/**
*
* define ("IL_FAIL_ON_CONFLICT", 1);
* define ("IL_UPDATE_ON_CONFLICT", 2);
* define ("IL_IGNORE_ON_CONFLICT", 3);
*/
function importUsers($sid, $folder_id, $usr_xml, $conflict_rule, $send_account_mail)
{
$this->initAuth($sid);
$this->initIlias();
if (!$this->__checkSession($sid)) {
return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
}
include_once './Services/User/classes/class.ilUserImportParser.php';
include_once './Services/AccessControl/classes/class.ilObjRole.php';
include_once './Services/Object/classes/class.ilObjectFactory.php';
global $rbacreview, $rbacsystem, $tree, $lng, $ilUser, $ilLog;
// this takes time but is nescessary
$error = false;
// validate to prevent wrong XMLs
$this->dom = @domxml_open_mem($usr_xml, DOMXML_LOAD_VALIDATING, $error);
if ($error) {
$msg = array();
if (is_array($error)) {
foreach ($error as $err) {
$msg[] = "(" . $err["line"] . "," . $err["col"] . "): " . $err["errormessage"];
}
} else {
$msg[] = $error;
}
$msg = join("\n", $msg);
return $this->__raiseError($msg, "Client");
}
switch ($conflict_rule) {
case 2:
$conflict_rule = IL_UPDATE_ON_CONFLICT;
break;
case 3:
$conflict_rule = IL_IGNORE_ON_CONFLICT;
break;
default:
$conflict_rule = IL_FAIL_ON_CONFLICT;
}
// folder id 0, means to check permission on user basis!
// must have create user right in time_limit_owner property (which is ref_id of container)
if ($folder_id != 0) {
// determine where to import
if ($folder_id == -1) {
$folder_id = USER_FOLDER_ID;
}
// get folder
$import_folder = ilObjectFactory::getInstanceByRefId($folder_id, false);
// id does not exist
if (!$import_folder) {
return $this->__raiseError('Wrong reference id.', 'Server');
}
// folder is not a folder, can also be a category
if ($import_folder->getType() != "usrf" && $import_folder->getType() != "cat") {
return $this->__raiseError('Folder must be a usr folder or a category.', 'Server');
}
// check access to folder
if (!$rbacsystem->checkAccess('create_usr', $folder_id)) {
return $this->__raiseError('Missing permission for creating users within ' . $import_folder->getTitle(), 'Server');
}
}
// first verify
$importParser = new ilUserImportParser("", IL_VERIFY, $conflict_rule);
$importParser->setUserMappingMode(IL_USER_MAPPING_ID);
$importParser->setXMLContent($usr_xml);
$importParser->startParsing();
switch ($importParser->getErrorLevel()) {
case IL_IMPORT_SUCCESS:
break;
case IL_IMPORT_WARNING:
return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Warning"));
break;
case IL_IMPORT_FAILURE:
return $this->__getImportProtocolAsXML($importParser->getProtocol("User Import Log - Failure"));
}
// verify is ok, so get role assignments
$importParser = new ilUserImportParser("", IL_EXTRACT_ROLES, $conflict_rule);
$importParser->setXMLContent($usr_xml);
$importParser->setUserMappingMode(IL_USER_MAPPING_ID);
$importParser->startParsing();
$roles = $importParser->getCollectedRoles();
//print_r($roles);
// roles to be assigned, skip if one is not allowed!
$permitted_roles = array();
foreach ($roles as $role_id => $role) {
if (!is_numeric($role_id)) {
// check if internal id
$internalId = ilUtil::__extractId($role_id, IL_INST_ID);
if (is_numeric($internalId)) {
$role_id = $internalId;
$role_name = $role_id;
}
/* else // perhaps it is a rolename
{
$role = ilSoapUserAdministration::__getRoleForRolename ($role_id);
$role_name = $role->title;
$role_id = $role->role_id;
}*/
}
if ($this->isPermittedRole($folder_id, $role_id)) {
$permitted_roles[$role_id] = $role_id;
} else {
$role_name = ilObject::_lookupTitle($role_id);
return $this->__raiseError("Could not find role " . $role_name . ". Either you use an invalid/deleted role " . "or you try to assign a local role into the non-standard user folder and this role is not in its subtree.", 'Server');
}
}
$global_roles = $rbacreview->getGlobalRoles();
//print_r ($global_roles);
foreach ($permitted_roles as $role_id => $role_name) {
if ($role_id != "") {
if (in_array($role_id, $global_roles)) {
if ($role_id == SYSTEM_ROLE_ID && !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId())) || $folder_id != USER_FOLDER_ID && $folder_id != 0 && !ilObjRole::_getAssignUsersStatus($role_id)) {
return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " {$role_name} ({$role_id})", 'Server');
}
} else {
$rolf = $rbacreview->getFoldersAssignedToRole($role_id, true);
if ($rbacreview->isDeleted($rolf[0]) || !$rbacsystem->checkAccess('write', $tree->getParentId($rolf[0]))) {
return $this->__raiseError($lng->txt("usrimport_with_specified_role_not_permitted") . " {$role_name} ({$role_id})", "Server");
}
}
}
}
//print_r ($permitted_roles);
$importParser = new ilUserImportParser("", IL_USER_IMPORT, $conflict_rule);
$importParser->setSendMail($send_account_mail);
$importParser->setUserMappingMode(IL_USER_MAPPING_ID);
$importParser->setFolderId($folder_id);
$importParser->setXMLContent($usr_xml);
$importParser->setRoleAssignment($permitted_roles);
$importParser->startParsing();
if ($importParser->getErrorLevel() != IL_IMPORT_FAILURE) {
return $this->__getUserMappingAsXML($importParser->getUserMapping());
}
return $this->__getImportProtocolAsXML($importParser->getProtocol());
}