Commit | Line | Data |
---|---|---|
bb0727ea VZ |
1 | <?php |
2 | /*************************************************************************** | |
3 | * Copyright (C) 2003-2008 Polytechnique.org * | |
4 | * http://opensource.polytechnique.org/ * | |
5 | * * | |
6 | * This program is free software; you can redistribute it and/or modify * | |
7 | * it under the terms of the GNU General Public License as published by * | |
8 | * the Free Software Foundation; either version 2 of the License, or * | |
9 | * (at your option) any later version. * | |
10 | * * | |
11 | * This program is distributed in the hope that it will be useful, * | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * | |
14 | * GNU General Public License for more details. * | |
15 | * * | |
16 | * You should have received a copy of the GNU General Public License * | |
17 | * along with this program; if not, write to the Free Software * | |
18 | * Foundation, Inc., * | |
19 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * | |
20 | ***************************************************************************/ | |
21 | ||
f5c4bf30 | 22 | // Post-processes the successful Google Apps account creation queue job. |
bb0727ea VZ |
23 | function post_queue_u_create($job) { |
24 | global $globals; | |
25 | ||
26 | // Retrieves the user parameters (userid and forlife). | |
27 | $parameters = json_decode($job['j_parameters'], true); | |
28 | $forlife = isset($parameters['username']) ? $parameters['username'] : null; | |
29 | $userid = $job['q_recipient_id']; | |
30 | if (!$forlife || !$userid) { | |
31 | return; | |
32 | } | |
33 | ||
f5c4bf30 VZ |
34 | // Adds a redirection to the Google Apps delivery address, if requested by |
35 | // the user at creation time. | |
bb0727ea VZ |
36 | $account = new GoogleAppsAccount($userid, $forlife); |
37 | if ($account->activate_mail_redirection) { | |
38 | require_once('emails.inc.php'); | |
afde0a3a | 39 | $storage = new EmailStorage($userid, 'googleapps'); |
94c6c788 | 40 | $storage->activate(); |
bb0727ea VZ |
41 | } |
42 | ||
f5c4bf30 | 43 | // Sends the 'account created' email to the user, with basic documentation. |
bb0727ea VZ |
44 | $res = XDB::query( |
45 | "SELECT FIND_IN_SET('femme', u.flags), prenom | |
46 | FROM auth_user_md5 AS u | |
47 | INNER JOIN aliases AS a ON (a.id = u.user_id) | |
48 | WHERE a.alias = {?}", | |
49 | $forlife); | |
50 | list($sexe, $prenom) = $res->fetchOneRow(); | |
51 | ||
52 | $mailer = new PlMailer('googleapps/create.mail.tpl'); | |
53 | $mailer->assign('account', $account); | |
54 | $mailer->assign('email', $forlife . '@' . $globals->mail->domain); | |
55 | $mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain); | |
56 | $mailer->assign('prenom', $prenom); | |
57 | $mailer->assign('sexe', $sexe); | |
58 | $mailer->send(); | |
59 | } | |
60 | ||
f5c4bf30 | 61 | // Post-processes the successful Google Apps account update queue job. |
bb0727ea VZ |
62 | function post_queue_u_update($job) { |
63 | global $globals; | |
64 | ||
65 | // If the u_update job was an unsuspend request, re-adds the redirection | |
66 | // to the Google Apps delivery address, provided the account is active (it might | |
67 | // have been deleted between the unsuspension and the post-queue processing). | |
68 | $parameters = json_decode($job['j_parameters'], true); | |
69 | $forlife = isset($parameters['username']) ? $parameters['username'] : null; | |
70 | $userid = $job['q_recipient_id']; | |
71 | if (!$forlife || !$userid) { | |
72 | return; | |
73 | } | |
74 | ||
75 | if (isset($parameters['suspended']) && $parameters['suspended'] == false) { | |
76 | require_once('emails.inc.php'); | |
77 | $account = new GoogleAppsAccount($userid, $forlife); | |
f5c4bf30 | 78 | if ($account->active()) { |
bb0727ea VZ |
79 | // Re-adds the email redirection (if the user did request it). |
80 | if ($account->activate_mail_redirection) { | |
afde0a3a | 81 | $storage = new EmailStorage($userid, 'googleapps'); |
94c6c788 | 82 | $storage->activate(); |
bb0727ea VZ |
83 | } |
84 | ||
85 | // Sends an email to the account owner. | |
86 | $res = XDB::query( | |
87 | "SELECT FIND_IN_SET('femme', u.flags), prenom | |
88 | FROM auth_user_md5 AS u | |
89 | INNER JOIN aliases AS a ON (a.id = u.user_id) | |
90 | WHERE a.alias = {?}", | |
91 | $forlife); | |
92 | list($sexe, $prenom) = $res->fetchOneRow(); | |
93 | ||
94 | $mailer = new PlMailer('googleapps/unsuspend.mail.tpl'); | |
95 | $mailer->assign('account', $account); | |
96 | $mailer->assign('email', $forlife . '@' . $globals->mail->domain); | |
97 | $mailer->assign('prenom', $prenom); | |
98 | $mailer->assign('sexe', $sexe); | |
99 | $mailer->send(); | |
100 | } | |
101 | } | |
102 | } | |
103 | ||
104 | // Reprensentation of an SQL-stored Google Apps account. | |
f5c4bf30 VZ |
105 | // This class is the interface with the gappsd SQL tables: gappsd is the python |
106 | // daemon which deals with Google Apps provisioning APIs. | |
107 | // TODO(vincent.zanotti): add the url of gappsd, when available. | |
bb0727ea VZ |
108 | class GoogleAppsAccount |
109 | { | |
f5c4bf30 | 110 | // User identification: user id, and forlife. |
bb0727ea VZ |
111 | private $uid; |
112 | public $g_account_name; | |
113 | ||
f5c4bf30 | 114 | // Local account parameters. |
bb0727ea VZ |
115 | public $sync_password; |
116 | public $activate_mail_redirection; | |
f5c4bf30 VZ |
117 | |
118 | // Account status, obtained from Google Apps provisioning & reporting APIs. | |
0089e594 | 119 | public $g_account_id; |
bb0727ea VZ |
120 | public $g_status; |
121 | public $g_suspension; | |
122 | public $r_disk_usage; | |
123 | public $r_creation; | |
124 | public $r_last_login; | |
125 | public $r_last_webmail; | |
126 | public $reporting_date; | |
127 | ||
f5c4bf30 | 128 | // Pending requests in the gappsd job queue (cf. top note). |
bb0727ea VZ |
129 | public $pending_create; |
130 | public $pending_delete; | |
131 | public $pending_update; | |
132 | public $pending_update_admin; | |
133 | public $pending_update_other; | |
134 | public $pending_update_password; | |
135 | public $pending_update_suspension; | |
136 | ||
f5c4bf30 | 137 | // Pending requests in plat/al validation queue. |
bb0727ea VZ |
138 | public $pending_validation_unsuspend; |
139 | ||
f5c4bf30 VZ |
140 | // Constructs the account object, by retrieving all informations from the |
141 | // GApps account table, from GApps job queue, and from plat/al validation queue. | |
142 | public function __construct($uid, $account_name = NULL) | |
bb0727ea | 143 | { |
f5c4bf30 VZ |
144 | if ($account_name == NULL) { |
145 | require_once 'user.func.inc.php'; | |
146 | $account_name = get_user_forlife($uid, '_silent_user_callback'); | |
147 | } | |
148 | ||
bb0727ea VZ |
149 | $this->uid = $uid; |
150 | $this->g_account_name = $account_name; | |
151 | $this->g_status = NULL; | |
152 | ||
153 | $res = XDB::query( | |
154 | "SELECT l_sync_password, l_activate_mail_redirection, | |
0089e594 | 155 | g_account_name, g_account_id, g_status, g_suspension, r_disk_usage, |
bb0727ea VZ |
156 | UNIX_TIMESTAMP(r_creation) as r_creation, |
157 | UNIX_TIMESTAMP(r_last_login) as r_last_login, | |
158 | UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail | |
159 | FROM gapps_accounts | |
160 | WHERE g_account_name = {?}", | |
161 | $account_name); | |
162 | if ($account = $res->fetchOneAssoc()) { | |
163 | $this->sync_password = $account['l_sync_password']; | |
164 | $this->activate_mail_redirection = $account['l_activate_mail_redirection']; | |
0089e594 | 165 | $this->g_account_id = $account['g_account_id']; |
bb0727ea VZ |
166 | $this->g_status = $account['g_status']; |
167 | $this->g_suspension = $account['g_suspension']; | |
168 | $this->r_disk_usage = $account['r_disk_usage']; | |
169 | $this->r_creation = $account['r_creation']; | |
170 | $this->r_last_login = $account['r_last_webmail']; | |
171 | $this->r_last_webmail = $account['r_last_webmail']; | |
172 | ||
173 | $this->load_pending_counts(); | |
174 | $this->load_pending_validations(); | |
175 | if ($this->pending_update) { | |
176 | $this->load_pending_updates(); | |
177 | } | |
178 | ||
179 | $res = XDB::query("SELECT MAX(date) FROM gapps_reporting"); | |
180 | $this->reporting_date = $res->fetchOneCell(); | |
181 | } | |
182 | } | |
183 | ||
f5c4bf30 VZ |
184 | // Determines if changes to the Google Account are currently waiting in the |
185 | // GApps job queue, and initializes the local values accordingly. | |
bb0727ea VZ |
186 | private function load_pending_counts() |
187 | { | |
bb0727ea VZ |
188 | $res = XDB::query( |
189 | "SELECT SUM(j_type = 'u_create') AS pending_create, | |
190 | SUM(j_type = 'u_update') AS pending_update, | |
191 | SUM(j_type = 'u_delete') AS pending_delete | |
192 | FROM gapps_queue | |
193 | WHERE q_recipient_id = {?} AND | |
194 | p_status IN ('idle', 'active', 'softfail') | |
195 | GROUP BY j_type", | |
196 | $this->uid); | |
197 | $pending = $res->fetchOneAssoc(); | |
198 | $this->pending_create = $pending['pending_create']; | |
199 | $this->pending_update = $pending['pending_update']; | |
200 | $this->pending_delete = $pending['pending_delete']; | |
201 | ||
202 | $this->pending_update_admin = false; | |
203 | $this->pending_update_other = false; | |
204 | $this->pending_update_password = false; | |
205 | $this->pending_update_suspension = false; | |
206 | } | |
207 | ||
f5c4bf30 VZ |
208 | // Checks for unsuspend requests waiting for validation in plat/al |
209 | // validation queue. | |
bb0727ea VZ |
210 | private function load_pending_validations() |
211 | { | |
212 | require_once('validations.inc.php'); | |
213 | $this->pending_validation_unsuspend = | |
214 | Validate::get_typed_requests_count($this->uid, 'gapps-unsuspend'); | |
215 | } | |
216 | ||
f5c4bf30 VZ |
217 | // Retrieves all the pending update job in the gappsd queue for the current |
218 | // user, and analyzes the scope of the update (ie. the fields in the user | |
219 | // account which are going to be updated). | |
bb0727ea VZ |
220 | private function load_pending_updates() |
221 | { | |
bb0727ea VZ |
222 | $res = XDB::iterator( |
223 | "SELECT j_parameters | |
224 | FROM gapps_queue | |
225 | WHERE q_recipient_id = {?} AND | |
226 | p_status IN ('idle', 'active', 'softfail') AND | |
227 | j_type = 'u_update'", | |
228 | $this->uid); | |
229 | while ($update = $res->next()) { | |
230 | $update_data = json_decode($update["j_parameters"], true); | |
231 | ||
232 | if (isset($update_data["suspended"])) { | |
233 | $this->pending_update_suspension = true; | |
234 | } elseif (isset($update_data["password"])) { | |
235 | $this->pending_update_password = true; | |
236 | } elseif (isset($update_data["admin"])) { | |
237 | $this->pending_update_admin = true; | |
238 | } else { | |
239 | $this->pending_update_other = true; | |
240 | } | |
241 | } | |
242 | } | |
243 | ||
244 | // Creates a queue job of the @p type, for the user represented by this | |
f5c4bf30 VZ |
245 | // GoogleAppsAccount object, using @p parameters. @p parameters is supposed |
246 | // to be a one-dimension array of key-value mappings. | |
247 | // The created job as a 'normal' priority, and is scheduled for immediate | |
248 | // execution. | |
bb0727ea VZ |
249 | private function create_queue_job($type, $parameters) { |
250 | $parameters["username"] = $this->g_account_name; | |
251 | XDB::execute( | |
252 | "INSERT INTO gapps_queue | |
253 | SET q_owner_id = {?}, q_recipient_id = {?}, | |
254 | p_entry_date = NOW(), p_notbefore_date = NOW(), | |
255 | p_priority = 'normal', | |
256 | j_type = {?}, j_parameters = {?}", | |
257 | S::v('uid'), | |
258 | $this->uid, | |
259 | $type, | |
260 | json_encode($parameters)); | |
261 | } | |
262 | ||
f5c4bf30 VZ |
263 | |
264 | // Returns true if the account is currently active. | |
265 | public function active() | |
266 | { | |
267 | return $this->g_status == 'active'; | |
268 | } | |
269 | ||
270 | // Returns true if the account exists in Google Apps. | |
271 | public function provisioned() | |
272 | { | |
273 | return $this->g_status == 'active' or $this->g_status == 'disabled'; | |
274 | } | |
275 | ||
276 | // Returns true if the account exists, but cannot be used (user-requested | |
277 | // suspension, or Google-requested suspension). | |
278 | public function suspended() | |
279 | { | |
280 | return $this->g_status == 'disabled'; | |
281 | } | |
282 | ||
283 | ||
bb0727ea VZ |
284 | // Changes the GoogleApps password. |
285 | public function set_password($password) { | |
f5c4bf30 | 286 | if (!$this->provisioned()) { |
bb0727ea VZ |
287 | return; |
288 | } | |
289 | ||
290 | if (!$this->pending_update_password) { | |
291 | $this->create_queue_job('u_update', array('password' => $password)); | |
d73f885f | 292 | $this->pending_update_password = true; |
bb0727ea VZ |
293 | } |
294 | } | |
295 | ||
f5c4bf30 | 296 | |
bb0727ea VZ |
297 | // Changes the password synchronization status ("sync = true" means that the |
298 | // Polytechnique.org password will be replicated to the Google Apps account). | |
299 | public function set_password_sync($sync) { | |
f5c4bf30 | 300 | if (!$this->provisioned()) { |
bb0727ea VZ |
301 | return; |
302 | } | |
303 | ||
304 | $this->sync_password = $sync; | |
305 | XDB::execute( | |
306 | "UPDATE gapps_accounts | |
307 | SET l_sync_password = {?} | |
308 | WHERE g_account_name = {?}", | |
309 | $sync, | |
310 | $this->g_account_name); | |
311 | } | |
312 | ||
313 | // Suspends the Google Apps account. | |
314 | public function suspend() { | |
f5c4bf30 | 315 | if (!$this->provisioned()) { |
bb0727ea VZ |
316 | return; |
317 | } | |
318 | ||
319 | if (!$this->pending_update_suspension) { | |
320 | $this->create_queue_job('u_update', array('suspended' => true)); | |
321 | $this->pending_update_suspension = true; | |
5656271f VZ |
322 | XDB::execute( |
323 | "UPDATE gapps_accounts | |
324 | SET g_status = 'disabled' | |
325 | WHERE g_account_name = {?} AND g_status = 'active'", | |
326 | $this->g_account_name); | |
bb0727ea VZ |
327 | } |
328 | } | |
329 | ||
330 | // Adds an unsuspension request to the validation queue (used on user-request). | |
331 | public function unsuspend($activate_mail_redirection = NULL) { | |
f5c4bf30 | 332 | if (!$this->provisioned()) { |
bb0727ea VZ |
333 | return; |
334 | } | |
335 | if ($activate_mail_redirection !== NULL) { | |
336 | $this->activate_mail_redirection = $activate_mail_redirection; | |
337 | XDB::execute( | |
338 | "UPDATE gapps_accounts | |
339 | SET l_activate_mail_redirection = {?} | |
340 | WHERE g_account_name = {?}", | |
f5c4bf30 VZ |
341 | $activate_mail_redirection, |
342 | $this->g_account_name); | |
bb0727ea VZ |
343 | } |
344 | ||
345 | if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) { | |
346 | require_once('validations.inc.php'); | |
347 | $unsuspend = new GoogleAppsUnsuspendReq($this->uid); | |
348 | $unsuspend->submit(); | |
349 | $this->pending_validation_unsuspend = true; | |
350 | } | |
351 | } | |
352 | ||
353 | // Unsuspends the Google Apps account (used on admin-request, or on validation of | |
354 | // an user-request). | |
355 | public function do_unsuspend() { | |
f5c4bf30 | 356 | if (!$this->provisioned()) { |
bb0727ea VZ |
357 | return; |
358 | } | |
359 | ||
360 | if (!$this->pending_update_suspension) { | |
361 | if ($this->sync_password) { | |
362 | $res = XDB::query( | |
363 | "SELECT password | |
364 | FROM auth_user_md5 | |
365 | WHERE user_id = {?}", | |
366 | $this->uid); | |
367 | $password = ($res->numRows() > 0 ? $res->fetchOneCell() : false); | |
368 | } else { | |
369 | $password = false; | |
370 | } | |
371 | ||
372 | if ($password) { | |
373 | $this->create_queue_job('u_update', array('suspended' => false, 'password' => $password)); | |
374 | } else { | |
375 | $this->create_queue_job('u_update', array('suspended' => false)); | |
376 | } | |
377 | $this->pending_update_suspension = true; | |
378 | return true; | |
379 | } | |
380 | return false; | |
381 | } | |
382 | ||
f5c4bf30 | 383 | // Creates a new Google Apps account with the @p local parameters. |
bb0727ea VZ |
384 | public function create($password_sync, $password, $redirect_mails) { |
385 | if ($this->g_status != NULL) { | |
386 | return; | |
387 | } | |
388 | ||
389 | if (!$this->pending_create) { | |
390 | // Retrieves information on the new account. | |
391 | $res = XDB::query( | |
392 | "SELECT nom, nom_usage, prenom | |
393 | FROM auth_user_md5 | |
394 | WHERE user_id = {?}", | |
395 | $this->uid); | |
396 | list($nom, $nom_usage, $prenom) = $res->fetchOneRow(); | |
397 | ||
f5c4bf30 | 398 | // Adds an 'unprovisioned' entry in the gapps_accounts table. |
bb0727ea VZ |
399 | XDB::execute( |
400 | "INSERT INTO gapps_accounts | |
401 | SET l_userid = {?}, | |
402 | l_sync_password = {?}, | |
403 | l_activate_mail_redirection = {?}, | |
404 | g_account_name = {?}, | |
405 | g_first_name = {?}, | |
406 | g_last_name = {?}, | |
407 | g_status = 'unprovisioned'", | |
408 | $this->uid, | |
409 | $password_sync, | |
410 | $redirect_mails, | |
411 | $this->g_account_name, | |
412 | $prenom, | |
413 | ($nom_usage ? $nom_usage : $nom)); | |
414 | ||
415 | // Adds the creation job in the GApps queue. | |
416 | $this->create_queue_job( | |
417 | 'u_create', | |
418 | array( | |
419 | 'username' => $this->g_account_name, | |
420 | 'first_name' => $prenom, | |
421 | 'last_name' => ($nom_usage ? $nom_usage : $nom), | |
422 | 'password' => $password, | |
423 | )); | |
424 | ||
425 | // Updates the GoogleAppsAccount status. | |
426 | $this->__construct($this->uid, $this->g_account_name); | |
427 | } | |
428 | } | |
f5c4bf30 VZ |
429 | |
430 | ||
431 | // Returns the status of the Google Apps account for @p user, or false | |
432 | // when no account exists. | |
433 | static public function account_status($uid) { | |
434 | $res = XDB::query( | |
435 | "SELECT g_status | |
436 | FROM gapps_accounts | |
437 | WHERE l_userid = {?}", $uid); | |
438 | return ($res->numRows() > 0 ? $res->fetchOneCell() : false); | |
439 | } | |
440 | ||
441 | // Returns true if the @p user is an administrator of the Google Apps domain. | |
442 | static public function is_administrator($uid) { | |
443 | $res = XDB::query( | |
444 | "SELECT g_admin | |
445 | FROM gapps_accounts | |
446 | WHERE l_userid = {?} AND g_status = 'active'", $uid); | |
447 | return ($res->numRows() > 0 ? (bool)$res->fetchOneRow() : false); | |
448 | } | |
bb0727ea VZ |
449 | } |
450 | ||
451 | // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: | |
452 | ?> |