Commit | Line | Data |
---|---|---|
bb0727ea VZ |
1 | <?php |
2 | /*************************************************************************** | |
12262f13 | 3 | * Copyright (C) 2003-2011 Polytechnique.org * |
bb0727ea VZ |
4 | * http://opensource.polytechnique.org/ * |
5 | * * | |
6 | * This program is free software; you can redistribute it and/or modify * | |
7 | * it under the terms of the GNU General Public License as published by * | |
8 | * the Free Software Foundation; either version 2 of the License, or * | |
9 | * (at your option) any later version. * | |
10 | * * | |
11 | * This program is distributed in the hope that it will be useful, * | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * | |
14 | * GNU General Public License for more details. * | |
15 | * * | |
16 | * You should have received a copy of the GNU General Public License * | |
17 | * along with this program; if not, write to the Free Software * | |
18 | * Foundation, Inc., * | |
19 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * | |
20 | ***************************************************************************/ | |
21 | ||
f5c4bf30 | 22 | // Post-processes the successful Google Apps account creation queue job. |
bb0727ea VZ |
23 | function post_queue_u_create($job) { |
24 | global $globals; | |
25 | ||
1bf36cd1 | 26 | // Retrieves the user parameters (GoogleApps username and uid). |
bb0727ea | 27 | $parameters = json_decode($job['j_parameters'], true); |
d56cb887 VZ |
28 | $username = isset($parameters['username']) ? $parameters['username'] : null; |
29 | if (!($user = User::getSilent($username))) { | |
bb0727ea VZ |
30 | return; |
31 | } | |
32 | ||
f5c4bf30 VZ |
33 | // Adds a redirection to the Google Apps delivery address, if requested by |
34 | // the user at creation time. | |
d56cb887 | 35 | $account = new GoogleAppsAccount($user); |
bb0727ea | 36 | if ($account->activate_mail_redirection) { |
b4503762 SJ |
37 | require_once 'emails.inc.php'; |
38 | Email::activate_storage($user, 'googleapps'); | |
bb0727ea VZ |
39 | } |
40 | ||
f5c4bf30 | 41 | // Sends the 'account created' email to the user, with basic documentation. |
bb0727ea VZ |
42 | $mailer = new PlMailer('googleapps/create.mail.tpl'); |
43 | $mailer->assign('account', $account); | |
d56cb887 | 44 | $mailer->assign('email', $user->bestEmail()); |
bb0727ea | 45 | $mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain); |
35accc05 FB |
46 | $mailer->assign('prenom', $user->displayName()); |
47 | $mailer->assign('sexe', $user->isFemale()); | |
bb0727ea VZ |
48 | $mailer->send(); |
49 | } | |
50 | ||
f5c4bf30 | 51 | // Post-processes the successful Google Apps account update queue job. |
bb0727ea VZ |
52 | function post_queue_u_update($job) { |
53 | global $globals; | |
54 | ||
55 | // If the u_update job was an unsuspend request, re-adds the redirection | |
56 | // to the Google Apps delivery address, provided the account is active (it might | |
57 | // have been deleted between the unsuspension and the post-queue processing). | |
58 | $parameters = json_decode($job['j_parameters'], true); | |
d56cb887 VZ |
59 | $username = isset($parameters['username']) ? $parameters['username'] : null; |
60 | if (!($user = User::getSilent($username))) { | |
bb0727ea VZ |
61 | return; |
62 | } | |
63 | ||
64 | if (isset($parameters['suspended']) && $parameters['suspended'] == false) { | |
b4503762 | 65 | require_once 'emails.inc.php'; |
d56cb887 | 66 | $account = new GoogleAppsAccount($user); |
f5c4bf30 | 67 | if ($account->active()) { |
bb0727ea VZ |
68 | // Re-adds the email redirection (if the user did request it). |
69 | if ($account->activate_mail_redirection) { | |
b4503762 | 70 | Email::activate_storage($user, 'googleapps'); |
bb0727ea VZ |
71 | } |
72 | ||
73 | // Sends an email to the account owner. | |
bb0727ea VZ |
74 | $mailer = new PlMailer('googleapps/unsuspend.mail.tpl'); |
75 | $mailer->assign('account', $account); | |
d56cb887 | 76 | $mailer->assign('email', $user->bestEmail()); |
35accc05 FB |
77 | $mailer->assign('prenom', $user->displayName()); |
78 | $mailer->assign('sexe', $user->isFemale()); | |
bb0727ea VZ |
79 | $mailer->send(); |
80 | } | |
81 | } | |
82 | } | |
83 | ||
84 | // Reprensentation of an SQL-stored Google Apps account. | |
f5c4bf30 VZ |
85 | // This class is the interface with the gappsd SQL tables: gappsd is the python |
86 | // daemon which deals with Google Apps provisioning APIs. | |
87 | // TODO(vincent.zanotti): add the url of gappsd, when available. | |
bb0727ea VZ |
88 | class GoogleAppsAccount |
89 | { | |
90c614cd | 90 | // User identification: user id, and hruid. |
d56cb887 | 91 | private $user; |
bb0727ea VZ |
92 | public $g_account_name; |
93 | ||
f5c4bf30 | 94 | // Local account parameters. |
bb0727ea VZ |
95 | public $sync_password; |
96 | public $activate_mail_redirection; | |
f5c4bf30 VZ |
97 | |
98 | // Account status, obtained from Google Apps provisioning & reporting APIs. | |
0089e594 | 99 | public $g_account_id; |
bb0727ea VZ |
100 | public $g_status; |
101 | public $g_suspension; | |
102 | public $r_disk_usage; | |
103 | public $r_creation; | |
104 | public $r_last_login; | |
105 | public $r_last_webmail; | |
106 | public $reporting_date; | |
107 | ||
0536df80 VZ |
108 | // Nicknames (aliases) registered for that user, lazily loaded. |
109 | public $nicknames; | |
110 | ||
f5c4bf30 | 111 | // Pending requests in the gappsd job queue (cf. top note). |
bb0727ea VZ |
112 | public $pending_create; |
113 | public $pending_delete; | |
114 | public $pending_update; | |
115 | public $pending_update_admin; | |
116 | public $pending_update_other; | |
117 | public $pending_update_password; | |
118 | public $pending_update_suspension; | |
119 | ||
f5c4bf30 | 120 | // Pending requests in plat/al validation queue. |
bb0727ea VZ |
121 | public $pending_validation_unsuspend; |
122 | ||
f5c4bf30 VZ |
123 | // Constructs the account object, by retrieving all informations from the |
124 | // GApps account table, from GApps job queue, and from plat/al validation queue. | |
26ba053e | 125 | public function __construct(User $user) |
bb0727ea | 126 | { |
d56cb887 VZ |
127 | $this->user = &$user; |
128 | if (!$this->user || !$this->user->login()) { | |
129 | return; | |
f5c4bf30 VZ |
130 | } |
131 | ||
d56cb887 VZ |
132 | // TODO: switch to multi-domain Google Apps, and use $this->user->forlifeEmail() |
133 | // as Google Apps idenfiant (requires changes in gappsd). | |
134 | $this->g_account_name = $this->user->login(); | |
bb0727ea VZ |
135 | $this->g_status = NULL; |
136 | ||
137 | $res = XDB::query( | |
138 | "SELECT l_sync_password, l_activate_mail_redirection, | |
0089e594 | 139 | g_account_name, g_account_id, g_status, g_suspension, r_disk_usage, |
bb0727ea VZ |
140 | UNIX_TIMESTAMP(r_creation) as r_creation, |
141 | UNIX_TIMESTAMP(r_last_login) as r_last_login, | |
142 | UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail | |
143 | FROM gapps_accounts | |
d56cb887 | 144 | WHERE g_account_name = {?}", $this->g_account_name); |
bb0727ea VZ |
145 | if ($account = $res->fetchOneAssoc()) { |
146 | $this->sync_password = $account['l_sync_password']; | |
147 | $this->activate_mail_redirection = $account['l_activate_mail_redirection']; | |
0089e594 | 148 | $this->g_account_id = $account['g_account_id']; |
bb0727ea VZ |
149 | $this->g_status = $account['g_status']; |
150 | $this->g_suspension = $account['g_suspension']; | |
151 | $this->r_disk_usage = $account['r_disk_usage']; | |
152 | $this->r_creation = $account['r_creation']; | |
153 | $this->r_last_login = $account['r_last_webmail']; | |
154 | $this->r_last_webmail = $account['r_last_webmail']; | |
155 | ||
156 | $this->load_pending_counts(); | |
157 | $this->load_pending_validations(); | |
158 | if ($this->pending_update) { | |
159 | $this->load_pending_updates(); | |
160 | } | |
161 | ||
162 | $res = XDB::query("SELECT MAX(date) FROM gapps_reporting"); | |
163 | $this->reporting_date = $res->fetchOneCell(); | |
164 | } | |
165 | } | |
166 | ||
f5c4bf30 VZ |
167 | // Determines if changes to the Google Account are currently waiting in the |
168 | // GApps job queue, and initializes the local values accordingly. | |
bb0727ea VZ |
169 | private function load_pending_counts() |
170 | { | |
bb0727ea VZ |
171 | $res = XDB::query( |
172 | "SELECT SUM(j_type = 'u_create') AS pending_create, | |
173 | SUM(j_type = 'u_update') AS pending_update, | |
174 | SUM(j_type = 'u_delete') AS pending_delete | |
175 | FROM gapps_queue | |
176 | WHERE q_recipient_id = {?} AND | |
177 | p_status IN ('idle', 'active', 'softfail') | |
d56cb887 | 178 | GROUP BY j_type", $this->user->id()); |
bb0727ea VZ |
179 | $pending = $res->fetchOneAssoc(); |
180 | $this->pending_create = $pending['pending_create']; | |
181 | $this->pending_update = $pending['pending_update']; | |
182 | $this->pending_delete = $pending['pending_delete']; | |
183 | ||
184 | $this->pending_update_admin = false; | |
185 | $this->pending_update_other = false; | |
186 | $this->pending_update_password = false; | |
187 | $this->pending_update_suspension = false; | |
188 | } | |
189 | ||
f5c4bf30 VZ |
190 | // Checks for unsuspend requests waiting for validation in plat/al |
191 | // validation queue. | |
bb0727ea VZ |
192 | private function load_pending_validations() |
193 | { | |
bb0727ea | 194 | $this->pending_validation_unsuspend = |
d56cb887 | 195 | Validate::get_typed_requests_count($this->user->id(), 'gapps-unsuspend'); |
bb0727ea VZ |
196 | } |
197 | ||
f5c4bf30 VZ |
198 | // Retrieves all the pending update job in the gappsd queue for the current |
199 | // user, and analyzes the scope of the update (ie. the fields in the user | |
200 | // account which are going to be updated). | |
bb0727ea VZ |
201 | private function load_pending_updates() |
202 | { | |
bb0727ea VZ |
203 | $res = XDB::iterator( |
204 | "SELECT j_parameters | |
205 | FROM gapps_queue | |
206 | WHERE q_recipient_id = {?} AND | |
207 | p_status IN ('idle', 'active', 'softfail') AND | |
d56cb887 | 208 | j_type = 'u_update'", $this->user->id()); |
bb0727ea VZ |
209 | while ($update = $res->next()) { |
210 | $update_data = json_decode($update["j_parameters"], true); | |
211 | ||
212 | if (isset($update_data["suspended"])) { | |
213 | $this->pending_update_suspension = true; | |
214 | } elseif (isset($update_data["password"])) { | |
215 | $this->pending_update_password = true; | |
216 | } elseif (isset($update_data["admin"])) { | |
217 | $this->pending_update_admin = true; | |
218 | } else { | |
219 | $this->pending_update_other = true; | |
220 | } | |
221 | } | |
222 | } | |
223 | ||
224 | // Creates a queue job of the @p type, for the user represented by this | |
f5c4bf30 VZ |
225 | // GoogleAppsAccount object, using @p parameters. @p parameters is supposed |
226 | // to be a one-dimension array of key-value mappings. | |
d93451de | 227 | // The created job as a 'immediate' priority, and is scheduled for immediate |
f5c4bf30 | 228 | // execution. |
bb0727ea VZ |
229 | private function create_queue_job($type, $parameters) { |
230 | $parameters["username"] = $this->g_account_name; | |
231 | XDB::execute( | |
232 | "INSERT INTO gapps_queue | |
233 | SET q_owner_id = {?}, q_recipient_id = {?}, | |
234 | p_entry_date = NOW(), p_notbefore_date = NOW(), | |
d93451de | 235 | p_priority = 'immediate', |
bb0727ea VZ |
236 | j_type = {?}, j_parameters = {?}", |
237 | S::v('uid'), | |
d56cb887 | 238 | $this->user->id(), |
bb0727ea VZ |
239 | $type, |
240 | json_encode($parameters)); | |
241 | } | |
242 | ||
f5c4bf30 VZ |
243 | |
244 | // Returns true if the account is currently active. | |
245 | public function active() | |
246 | { | |
247 | return $this->g_status == 'active'; | |
248 | } | |
249 | ||
250 | // Returns true if the account exists in Google Apps. | |
251 | public function provisioned() | |
252 | { | |
253 | return $this->g_status == 'active' or $this->g_status == 'disabled'; | |
254 | } | |
255 | ||
256 | // Returns true if the account exists, but cannot be used (user-requested | |
257 | // suspension, or Google-requested suspension). | |
258 | public function suspended() | |
259 | { | |
260 | return $this->g_status == 'disabled'; | |
261 | } | |
262 | ||
0536df80 VZ |
263 | // Loads and returns the list of nicknames for the user. |
264 | public function nicknames() | |
265 | { | |
266 | if ($this->nicknames == null) { | |
267 | $res = XDB::query( | |
268 | "SELECT g_nickname | |
269 | FROM gapps_nicknames | |
270 | WHERE g_account_name = {?} | |
271 | ORDER BY g_nickname", | |
272 | $this->g_account_name); | |
273 | $this->nicknames = $res->fetchColumn(); | |
274 | } | |
275 | return $this->nicknames; | |
276 | } | |
277 | ||
f5c4bf30 | 278 | |
bb0727ea VZ |
279 | // Changes the GoogleApps password. |
280 | public function set_password($password) { | |
f5c4bf30 | 281 | if (!$this->provisioned()) { |
bb0727ea VZ |
282 | return; |
283 | } | |
284 | ||
285 | if (!$this->pending_update_password) { | |
286 | $this->create_queue_job('u_update', array('password' => $password)); | |
d73f885f | 287 | $this->pending_update_password = true; |
bb0727ea VZ |
288 | } |
289 | } | |
290 | ||
f5c4bf30 | 291 | |
bb0727ea VZ |
292 | // Changes the password synchronization status ("sync = true" means that the |
293 | // Polytechnique.org password will be replicated to the Google Apps account). | |
294 | public function set_password_sync($sync) { | |
f5c4bf30 | 295 | if (!$this->provisioned()) { |
bb0727ea VZ |
296 | return; |
297 | } | |
298 | ||
299 | $this->sync_password = $sync; | |
300 | XDB::execute( | |
301 | "UPDATE gapps_accounts | |
302 | SET l_sync_password = {?} | |
303 | WHERE g_account_name = {?}", | |
304 | $sync, | |
305 | $this->g_account_name); | |
306 | } | |
307 | ||
308 | // Suspends the Google Apps account. | |
309 | public function suspend() { | |
f5c4bf30 | 310 | if (!$this->provisioned()) { |
bb0727ea VZ |
311 | return; |
312 | } | |
313 | ||
314 | if (!$this->pending_update_suspension) { | |
315 | $this->create_queue_job('u_update', array('suspended' => true)); | |
316 | $this->pending_update_suspension = true; | |
5656271f VZ |
317 | XDB::execute( |
318 | "UPDATE gapps_accounts | |
319 | SET g_status = 'disabled' | |
320 | WHERE g_account_name = {?} AND g_status = 'active'", | |
321 | $this->g_account_name); | |
bb0727ea VZ |
322 | } |
323 | } | |
324 | ||
325 | // Adds an unsuspension request to the validation queue (used on user-request). | |
326 | public function unsuspend($activate_mail_redirection = NULL) { | |
f5c4bf30 | 327 | if (!$this->provisioned()) { |
bb0727ea VZ |
328 | return; |
329 | } | |
330 | if ($activate_mail_redirection !== NULL) { | |
331 | $this->activate_mail_redirection = $activate_mail_redirection; | |
332 | XDB::execute( | |
333 | "UPDATE gapps_accounts | |
334 | SET l_activate_mail_redirection = {?} | |
335 | WHERE g_account_name = {?}", | |
f5c4bf30 VZ |
336 | $activate_mail_redirection, |
337 | $this->g_account_name); | |
bb0727ea VZ |
338 | } |
339 | ||
340 | if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) { | |
5daf68f6 | 341 | $unsuspend = new GoogleAppsUnsuspendReq($this->user); |
bb0727ea VZ |
342 | $unsuspend->submit(); |
343 | $this->pending_validation_unsuspend = true; | |
344 | } | |
345 | } | |
346 | ||
347 | // Unsuspends the Google Apps account (used on admin-request, or on validation of | |
348 | // an user-request). | |
349 | public function do_unsuspend() { | |
f5c4bf30 | 350 | if (!$this->provisioned()) { |
bb0727ea VZ |
351 | return; |
352 | } | |
353 | ||
354 | if (!$this->pending_update_suspension) { | |
355 | if ($this->sync_password) { | |
7679a55a | 356 | $this->create_queue_job('u_update', array('suspended' => false, 'password' => $this->user->password())); |
bb0727ea VZ |
357 | } else { |
358 | $this->create_queue_job('u_update', array('suspended' => false)); | |
359 | } | |
360 | $this->pending_update_suspension = true; | |
361 | return true; | |
362 | } | |
363 | return false; | |
364 | } | |
365 | ||
f5c4bf30 | 366 | // Creates a new Google Apps account with the @p local parameters. |
38c6fe96 FB |
367 | public function create($password_sync, $password, $redirect_mails) |
368 | { | |
bb0727ea VZ |
369 | if ($this->g_status != NULL) { |
370 | return; | |
371 | } | |
372 | ||
373 | if (!$this->pending_create) { | |
374 | // Retrieves information on the new account. | |
80fc062d SJ |
375 | if (!$this->user->hasProfile()) { |
376 | $prenom = $this->user->displayName(); | |
377 | $nom = $this->user->fullName(); | |
0c1e3a66 | 378 | } else { |
80fc062d SJ |
379 | $prenom = $this->user->profile()->firstName(); |
380 | $nom = $this->user->profile()->lastName(); | |
0c1e3a66 | 381 | } |
bb0727ea | 382 | |
f5c4bf30 | 383 | // Adds an 'unprovisioned' entry in the gapps_accounts table. |
bb0727ea VZ |
384 | XDB::execute( |
385 | "INSERT INTO gapps_accounts | |
386 | SET l_userid = {?}, | |
387 | l_sync_password = {?}, | |
388 | l_activate_mail_redirection = {?}, | |
389 | g_account_name = {?}, | |
390 | g_first_name = {?}, | |
391 | g_last_name = {?}, | |
392 | g_status = 'unprovisioned'", | |
d56cb887 | 393 | $this->user->id(), |
bb0727ea VZ |
394 | $password_sync, |
395 | $redirect_mails, | |
396 | $this->g_account_name, | |
0c1e3a66 | 397 | $prenom, $nom); |
bb0727ea VZ |
398 | |
399 | // Adds the creation job in the GApps queue. | |
400 | $this->create_queue_job( | |
401 | 'u_create', | |
402 | array( | |
403 | 'username' => $this->g_account_name, | |
404 | 'first_name' => $prenom, | |
0c1e3a66 | 405 | 'last_name' => $nom, |
bb0727ea VZ |
406 | 'password' => $password, |
407 | )); | |
408 | ||
409 | // Updates the GoogleAppsAccount status. | |
d56cb887 | 410 | $this->__construct($this->user); |
bb0727ea VZ |
411 | } |
412 | } | |
f5c4bf30 VZ |
413 | |
414 | ||
415 | // Returns the status of the Google Apps account for @p user, or false | |
416 | // when no account exists. | |
417 | static public function account_status($uid) { | |
418 | $res = XDB::query( | |
419 | "SELECT g_status | |
420 | FROM gapps_accounts | |
421 | WHERE l_userid = {?}", $uid); | |
422 | return ($res->numRows() > 0 ? $res->fetchOneCell() : false); | |
423 | } | |
424 | ||
425 | // Returns true if the @p user is an administrator of the Google Apps domain. | |
426 | static public function is_administrator($uid) { | |
427 | $res = XDB::query( | |
428 | "SELECT g_admin | |
429 | FROM gapps_accounts | |
430 | WHERE l_userid = {?} AND g_status = 'active'", $uid); | |
4b67332c | 431 | return ($res->numRows() > 0 ? (bool)$res->fetchOneCell() : false); |
f5c4bf30 | 432 | } |
bb0727ea VZ |
433 | } |
434 | ||
435 | // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: | |
436 | ?> |