Commit | Line | Data |
---|---|---|
bb0727ea VZ |
1 | <?php |
2 | /*************************************************************************** | |
3 | * Copyright (C) 2003-2008 Polytechnique.org * | |
4 | * http://opensource.polytechnique.org/ * | |
5 | * * | |
6 | * This program is free software; you can redistribute it and/or modify * | |
7 | * it under the terms of the GNU General Public License as published by * | |
8 | * the Free Software Foundation; either version 2 of the License, or * | |
9 | * (at your option) any later version. * | |
10 | * * | |
11 | * This program is distributed in the hope that it will be useful, * | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * | |
14 | * GNU General Public License for more details. * | |
15 | * * | |
16 | * You should have received a copy of the GNU General Public License * | |
17 | * along with this program; if not, write to the Free Software * | |
18 | * Foundation, Inc., * | |
19 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * | |
20 | ***************************************************************************/ | |
21 | ||
f5c4bf30 | 22 | // Post-processes the successful Google Apps account creation queue job. |
bb0727ea VZ |
23 | function post_queue_u_create($job) { |
24 | global $globals; | |
25 | ||
26 | // Retrieves the user parameters (userid and forlife). | |
27 | $parameters = json_decode($job['j_parameters'], true); | |
28 | $forlife = isset($parameters['username']) ? $parameters['username'] : null; | |
29 | $userid = $job['q_recipient_id']; | |
30 | if (!$forlife || !$userid) { | |
31 | return; | |
32 | } | |
33 | ||
f5c4bf30 VZ |
34 | // Adds a redirection to the Google Apps delivery address, if requested by |
35 | // the user at creation time. | |
bb0727ea VZ |
36 | $account = new GoogleAppsAccount($userid, $forlife); |
37 | if ($account->activate_mail_redirection) { | |
38 | require_once('emails.inc.php'); | |
39 | $storage = new MailStorageGoogleApps($userid); | |
40 | $storage->enable(); | |
41 | } | |
42 | ||
f5c4bf30 | 43 | // Sends the 'account created' email to the user, with basic documentation. |
bb0727ea VZ |
44 | $res = XDB::query( |
45 | "SELECT FIND_IN_SET('femme', u.flags), prenom | |
46 | FROM auth_user_md5 AS u | |
47 | INNER JOIN aliases AS a ON (a.id = u.user_id) | |
48 | WHERE a.alias = {?}", | |
49 | $forlife); | |
50 | list($sexe, $prenom) = $res->fetchOneRow(); | |
51 | ||
52 | $mailer = new PlMailer('googleapps/create.mail.tpl'); | |
53 | $mailer->assign('account', $account); | |
54 | $mailer->assign('email', $forlife . '@' . $globals->mail->domain); | |
55 | $mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain); | |
56 | $mailer->assign('prenom', $prenom); | |
57 | $mailer->assign('sexe', $sexe); | |
58 | $mailer->send(); | |
59 | } | |
60 | ||
f5c4bf30 | 61 | // Post-processes the successful Google Apps account update queue job. |
bb0727ea VZ |
62 | function post_queue_u_update($job) { |
63 | global $globals; | |
64 | ||
65 | // If the u_update job was an unsuspend request, re-adds the redirection | |
66 | // to the Google Apps delivery address, provided the account is active (it might | |
67 | // have been deleted between the unsuspension and the post-queue processing). | |
68 | $parameters = json_decode($job['j_parameters'], true); | |
69 | $forlife = isset($parameters['username']) ? $parameters['username'] : null; | |
70 | $userid = $job['q_recipient_id']; | |
71 | if (!$forlife || !$userid) { | |
72 | return; | |
73 | } | |
74 | ||
75 | if (isset($parameters['suspended']) && $parameters['suspended'] == false) { | |
76 | require_once('emails.inc.php'); | |
77 | $account = new GoogleAppsAccount($userid, $forlife); | |
f5c4bf30 | 78 | if ($account->active()) { |
bb0727ea VZ |
79 | // Re-adds the email redirection (if the user did request it). |
80 | if ($account->activate_mail_redirection) { | |
81 | $storage = new MailStorageGoogleApps($userid); | |
82 | $storage->enable(); | |
83 | } | |
84 | ||
85 | // Sends an email to the account owner. | |
86 | $res = XDB::query( | |
87 | "SELECT FIND_IN_SET('femme', u.flags), prenom | |
88 | FROM auth_user_md5 AS u | |
89 | INNER JOIN aliases AS a ON (a.id = u.user_id) | |
90 | WHERE a.alias = {?}", | |
91 | $forlife); | |
92 | list($sexe, $prenom) = $res->fetchOneRow(); | |
93 | ||
94 | $mailer = new PlMailer('googleapps/unsuspend.mail.tpl'); | |
95 | $mailer->assign('account', $account); | |
96 | $mailer->assign('email', $forlife . '@' . $globals->mail->domain); | |
97 | $mailer->assign('prenom', $prenom); | |
98 | $mailer->assign('sexe', $sexe); | |
99 | $mailer->send(); | |
100 | } | |
101 | } | |
102 | } | |
103 | ||
104 | // Reprensentation of an SQL-stored Google Apps account. | |
f5c4bf30 VZ |
105 | // This class is the interface with the gappsd SQL tables: gappsd is the python |
106 | // daemon which deals with Google Apps provisioning APIs. | |
107 | // TODO(vincent.zanotti): add the url of gappsd, when available. | |
bb0727ea VZ |
108 | class GoogleAppsAccount |
109 | { | |
f5c4bf30 | 110 | // User identification: user id, and forlife. |
bb0727ea VZ |
111 | private $uid; |
112 | public $g_account_name; | |
113 | ||
f5c4bf30 | 114 | // Local account parameters. |
bb0727ea VZ |
115 | public $sync_password; |
116 | public $activate_mail_redirection; | |
f5c4bf30 VZ |
117 | |
118 | // Account status, obtained from Google Apps provisioning & reporting APIs. | |
bb0727ea VZ |
119 | public $g_status; |
120 | public $g_suspension; | |
121 | public $r_disk_usage; | |
122 | public $r_creation; | |
123 | public $r_last_login; | |
124 | public $r_last_webmail; | |
125 | public $reporting_date; | |
126 | ||
f5c4bf30 | 127 | // Pending requests in the gappsd job queue (cf. top note). |
bb0727ea VZ |
128 | public $pending_create; |
129 | public $pending_delete; | |
130 | public $pending_update; | |
131 | public $pending_update_admin; | |
132 | public $pending_update_other; | |
133 | public $pending_update_password; | |
134 | public $pending_update_suspension; | |
135 | ||
f5c4bf30 | 136 | // Pending requests in plat/al validation queue. |
bb0727ea VZ |
137 | public $pending_validation_unsuspend; |
138 | ||
f5c4bf30 VZ |
139 | // Constructs the account object, by retrieving all informations from the |
140 | // GApps account table, from GApps job queue, and from plat/al validation queue. | |
141 | public function __construct($uid, $account_name = NULL) | |
bb0727ea | 142 | { |
f5c4bf30 VZ |
143 | if ($account_name == NULL) { |
144 | require_once 'user.func.inc.php'; | |
145 | $account_name = get_user_forlife($uid, '_silent_user_callback'); | |
146 | } | |
147 | ||
bb0727ea VZ |
148 | $this->uid = $uid; |
149 | $this->g_account_name = $account_name; | |
150 | $this->g_status = NULL; | |
151 | ||
152 | $res = XDB::query( | |
153 | "SELECT l_sync_password, l_activate_mail_redirection, | |
154 | g_account_name, g_status, g_suspension, r_disk_usage, | |
155 | UNIX_TIMESTAMP(r_creation) as r_creation, | |
156 | UNIX_TIMESTAMP(r_last_login) as r_last_login, | |
157 | UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail | |
158 | FROM gapps_accounts | |
159 | WHERE g_account_name = {?}", | |
160 | $account_name); | |
161 | if ($account = $res->fetchOneAssoc()) { | |
162 | $this->sync_password = $account['l_sync_password']; | |
163 | $this->activate_mail_redirection = $account['l_activate_mail_redirection']; | |
164 | $this->g_status = $account['g_status']; | |
165 | $this->g_suspension = $account['g_suspension']; | |
166 | $this->r_disk_usage = $account['r_disk_usage']; | |
167 | $this->r_creation = $account['r_creation']; | |
168 | $this->r_last_login = $account['r_last_webmail']; | |
169 | $this->r_last_webmail = $account['r_last_webmail']; | |
170 | ||
171 | $this->load_pending_counts(); | |
172 | $this->load_pending_validations(); | |
173 | if ($this->pending_update) { | |
174 | $this->load_pending_updates(); | |
175 | } | |
176 | ||
177 | $res = XDB::query("SELECT MAX(date) FROM gapps_reporting"); | |
178 | $this->reporting_date = $res->fetchOneCell(); | |
179 | } | |
180 | } | |
181 | ||
f5c4bf30 VZ |
182 | // Determines if changes to the Google Account are currently waiting in the |
183 | // GApps job queue, and initializes the local values accordingly. | |
bb0727ea VZ |
184 | private function load_pending_counts() |
185 | { | |
bb0727ea VZ |
186 | $res = XDB::query( |
187 | "SELECT SUM(j_type = 'u_create') AS pending_create, | |
188 | SUM(j_type = 'u_update') AS pending_update, | |
189 | SUM(j_type = 'u_delete') AS pending_delete | |
190 | FROM gapps_queue | |
191 | WHERE q_recipient_id = {?} AND | |
192 | p_status IN ('idle', 'active', 'softfail') | |
193 | GROUP BY j_type", | |
194 | $this->uid); | |
195 | $pending = $res->fetchOneAssoc(); | |
196 | $this->pending_create = $pending['pending_create']; | |
197 | $this->pending_update = $pending['pending_update']; | |
198 | $this->pending_delete = $pending['pending_delete']; | |
199 | ||
200 | $this->pending_update_admin = false; | |
201 | $this->pending_update_other = false; | |
202 | $this->pending_update_password = false; | |
203 | $this->pending_update_suspension = false; | |
204 | } | |
205 | ||
f5c4bf30 VZ |
206 | // Checks for unsuspend requests waiting for validation in plat/al |
207 | // validation queue. | |
bb0727ea VZ |
208 | private function load_pending_validations() |
209 | { | |
210 | require_once('validations.inc.php'); | |
211 | $this->pending_validation_unsuspend = | |
212 | Validate::get_typed_requests_count($this->uid, 'gapps-unsuspend'); | |
213 | } | |
214 | ||
f5c4bf30 VZ |
215 | // Retrieves all the pending update job in the gappsd queue for the current |
216 | // user, and analyzes the scope of the update (ie. the fields in the user | |
217 | // account which are going to be updated). | |
bb0727ea VZ |
218 | private function load_pending_updates() |
219 | { | |
bb0727ea VZ |
220 | $res = XDB::iterator( |
221 | "SELECT j_parameters | |
222 | FROM gapps_queue | |
223 | WHERE q_recipient_id = {?} AND | |
224 | p_status IN ('idle', 'active', 'softfail') AND | |
225 | j_type = 'u_update'", | |
226 | $this->uid); | |
227 | while ($update = $res->next()) { | |
228 | $update_data = json_decode($update["j_parameters"], true); | |
229 | ||
230 | if (isset($update_data["suspended"])) { | |
231 | $this->pending_update_suspension = true; | |
232 | } elseif (isset($update_data["password"])) { | |
233 | $this->pending_update_password = true; | |
234 | } elseif (isset($update_data["admin"])) { | |
235 | $this->pending_update_admin = true; | |
236 | } else { | |
237 | $this->pending_update_other = true; | |
238 | } | |
239 | } | |
240 | } | |
241 | ||
242 | // Creates a queue job of the @p type, for the user represented by this | |
f5c4bf30 VZ |
243 | // GoogleAppsAccount object, using @p parameters. @p parameters is supposed |
244 | // to be a one-dimension array of key-value mappings. | |
245 | // The created job as a 'normal' priority, and is scheduled for immediate | |
246 | // execution. | |
bb0727ea VZ |
247 | private function create_queue_job($type, $parameters) { |
248 | $parameters["username"] = $this->g_account_name; | |
249 | XDB::execute( | |
250 | "INSERT INTO gapps_queue | |
251 | SET q_owner_id = {?}, q_recipient_id = {?}, | |
252 | p_entry_date = NOW(), p_notbefore_date = NOW(), | |
253 | p_priority = 'normal', | |
254 | j_type = {?}, j_parameters = {?}", | |
255 | S::v('uid'), | |
256 | $this->uid, | |
257 | $type, | |
258 | json_encode($parameters)); | |
259 | } | |
260 | ||
f5c4bf30 VZ |
261 | |
262 | // Returns true if the account is currently active. | |
263 | public function active() | |
264 | { | |
265 | return $this->g_status == 'active'; | |
266 | } | |
267 | ||
268 | // Returns true if the account exists in Google Apps. | |
269 | public function provisioned() | |
270 | { | |
271 | return $this->g_status == 'active' or $this->g_status == 'disabled'; | |
272 | } | |
273 | ||
274 | // Returns true if the account exists, but cannot be used (user-requested | |
275 | // suspension, or Google-requested suspension). | |
276 | public function suspended() | |
277 | { | |
278 | return $this->g_status == 'disabled'; | |
279 | } | |
280 | ||
281 | ||
bb0727ea VZ |
282 | // Changes the GoogleApps password. |
283 | public function set_password($password) { | |
f5c4bf30 | 284 | if (!$this->provisioned()) { |
bb0727ea VZ |
285 | return; |
286 | } | |
287 | ||
288 | if (!$this->pending_update_password) { | |
289 | $this->create_queue_job('u_update', array('password' => $password)); | |
290 | } | |
291 | } | |
292 | ||
f5c4bf30 | 293 | |
bb0727ea VZ |
294 | // Changes the password synchronization status ("sync = true" means that the |
295 | // Polytechnique.org password will be replicated to the Google Apps account). | |
296 | public function set_password_sync($sync) { | |
f5c4bf30 | 297 | if (!$this->provisioned()) { |
bb0727ea VZ |
298 | return; |
299 | } | |
300 | ||
301 | $this->sync_password = $sync; | |
302 | XDB::execute( | |
303 | "UPDATE gapps_accounts | |
304 | SET l_sync_password = {?} | |
305 | WHERE g_account_name = {?}", | |
306 | $sync, | |
307 | $this->g_account_name); | |
308 | } | |
309 | ||
310 | // Suspends the Google Apps account. | |
311 | public function suspend() { | |
f5c4bf30 | 312 | if (!$this->provisioned()) { |
bb0727ea VZ |
313 | return; |
314 | } | |
315 | ||
316 | if (!$this->pending_update_suspension) { | |
317 | $this->create_queue_job('u_update', array('suspended' => true)); | |
318 | $this->pending_update_suspension = true; | |
319 | } | |
320 | } | |
321 | ||
322 | // Adds an unsuspension request to the validation queue (used on user-request). | |
323 | public function unsuspend($activate_mail_redirection = NULL) { | |
f5c4bf30 | 324 | if (!$this->provisioned()) { |
bb0727ea VZ |
325 | return; |
326 | } | |
327 | if ($activate_mail_redirection !== NULL) { | |
328 | $this->activate_mail_redirection = $activate_mail_redirection; | |
329 | XDB::execute( | |
330 | "UPDATE gapps_accounts | |
331 | SET l_activate_mail_redirection = {?} | |
332 | WHERE g_account_name = {?}", | |
f5c4bf30 VZ |
333 | $activate_mail_redirection, |
334 | $this->g_account_name); | |
bb0727ea VZ |
335 | } |
336 | ||
337 | if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) { | |
338 | require_once('validations.inc.php'); | |
339 | $unsuspend = new GoogleAppsUnsuspendReq($this->uid); | |
340 | $unsuspend->submit(); | |
341 | $this->pending_validation_unsuspend = true; | |
342 | } | |
343 | } | |
344 | ||
345 | // Unsuspends the Google Apps account (used on admin-request, or on validation of | |
346 | // an user-request). | |
347 | public function do_unsuspend() { | |
f5c4bf30 | 348 | if (!$this->provisioned()) { |
bb0727ea VZ |
349 | return; |
350 | } | |
351 | ||
352 | if (!$this->pending_update_suspension) { | |
353 | if ($this->sync_password) { | |
354 | $res = XDB::query( | |
355 | "SELECT password | |
356 | FROM auth_user_md5 | |
357 | WHERE user_id = {?}", | |
358 | $this->uid); | |
359 | $password = ($res->numRows() > 0 ? $res->fetchOneCell() : false); | |
360 | } else { | |
361 | $password = false; | |
362 | } | |
363 | ||
364 | if ($password) { | |
365 | $this->create_queue_job('u_update', array('suspended' => false, 'password' => $password)); | |
366 | } else { | |
367 | $this->create_queue_job('u_update', array('suspended' => false)); | |
368 | } | |
369 | $this->pending_update_suspension = true; | |
370 | return true; | |
371 | } | |
372 | return false; | |
373 | } | |
374 | ||
f5c4bf30 | 375 | // Creates a new Google Apps account with the @p local parameters. |
bb0727ea VZ |
376 | public function create($password_sync, $password, $redirect_mails) { |
377 | if ($this->g_status != NULL) { | |
378 | return; | |
379 | } | |
380 | ||
381 | if (!$this->pending_create) { | |
382 | // Retrieves information on the new account. | |
383 | $res = XDB::query( | |
384 | "SELECT nom, nom_usage, prenom | |
385 | FROM auth_user_md5 | |
386 | WHERE user_id = {?}", | |
387 | $this->uid); | |
388 | list($nom, $nom_usage, $prenom) = $res->fetchOneRow(); | |
389 | ||
f5c4bf30 | 390 | // Adds an 'unprovisioned' entry in the gapps_accounts table. |
bb0727ea VZ |
391 | XDB::execute( |
392 | "INSERT INTO gapps_accounts | |
393 | SET l_userid = {?}, | |
394 | l_sync_password = {?}, | |
395 | l_activate_mail_redirection = {?}, | |
396 | g_account_name = {?}, | |
397 | g_first_name = {?}, | |
398 | g_last_name = {?}, | |
399 | g_status = 'unprovisioned'", | |
400 | $this->uid, | |
401 | $password_sync, | |
402 | $redirect_mails, | |
403 | $this->g_account_name, | |
404 | $prenom, | |
405 | ($nom_usage ? $nom_usage : $nom)); | |
406 | ||
407 | // Adds the creation job in the GApps queue. | |
408 | $this->create_queue_job( | |
409 | 'u_create', | |
410 | array( | |
411 | 'username' => $this->g_account_name, | |
412 | 'first_name' => $prenom, | |
413 | 'last_name' => ($nom_usage ? $nom_usage : $nom), | |
414 | 'password' => $password, | |
415 | )); | |
416 | ||
417 | // Updates the GoogleAppsAccount status. | |
418 | $this->__construct($this->uid, $this->g_account_name); | |
419 | } | |
420 | } | |
f5c4bf30 VZ |
421 | |
422 | ||
423 | // Returns the status of the Google Apps account for @p user, or false | |
424 | // when no account exists. | |
425 | static public function account_status($uid) { | |
426 | $res = XDB::query( | |
427 | "SELECT g_status | |
428 | FROM gapps_accounts | |
429 | WHERE l_userid = {?}", $uid); | |
430 | return ($res->numRows() > 0 ? $res->fetchOneCell() : false); | |
431 | } | |
432 | ||
433 | // Returns true if the @p user is an administrator of the Google Apps domain. | |
434 | static public function is_administrator($uid) { | |
435 | $res = XDB::query( | |
436 | "SELECT g_admin | |
437 | FROM gapps_accounts | |
438 | WHERE l_userid = {?} AND g_status = 'active'", $uid); | |
439 | return ($res->numRows() > 0 ? (bool)$res->fetchOneRow() : false); | |
440 | } | |
bb0727ea VZ |
441 | } |
442 | ||
443 | // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: | |
444 | ?> |