[platal.git] / include / googleapps.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2008 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

// Post-processes the successful Google Apps account creation queue job.
function post_queue_u_create($job) {
    global $globals;

    // Retrieves the user parameters (userid and forlife).
    $parameters = json_decode($job['j_parameters'], true);
    $forlife = isset($parameters['username']) ? $parameters['username'] : null;
    $userid = $job['q_recipient_id'];
    if (!$forlife || !$userid) {
        return;
    }

    // Adds a redirection to the Google Apps delivery address, if requested by
    // the user at creation time.
    $account = new GoogleAppsAccount($userid, $forlife);
    if ($account->activate_mail_redirection) {
        require_once('emails.inc.php');
        $storage = new MailStorageGoogleApps($userid);
        $storage->enable();
    }

    // Sends the 'account created' email to the user, with basic documentation.
    $res = XDB::query(
        "SELECT  FIND_IN_SET('femme', u.flags), prenom
           FROM  auth_user_md5 AS u
     INNER JOIN  aliases AS a ON (a.id = u.user_id)
          WHERE  a.alias = {?}",
        $forlife);
    list($sexe, $prenom) = $res->fetchOneRow();

    $mailer = new PlMailer('googleapps/create.mail.tpl');
    $mailer->assign('account', $account);
    $mailer->assign('email', $forlife . '@' . $globals->mail->domain);
    $mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain);
    $mailer->assign('prenom', $prenom);
    $mailer->assign('sexe', $sexe);
    $mailer->send();
}

// Post-processes the successful Google Apps account update queue job.
function post_queue_u_update($job) {
    global $globals;

    // If the u_update job was an unsuspend request, re-adds the redirection
    // to the Google Apps delivery address, provided the account is active (it might
    // have been deleted between the unsuspension and the post-queue processing).
    $parameters = json_decode($job['j_parameters'], true);
    $forlife = isset($parameters['username']) ? $parameters['username'] : null;
    $userid = $job['q_recipient_id'];
    if (!$forlife || !$userid) {
        return;
    }

    if (isset($parameters['suspended']) && $parameters['suspended'] == false) {
        require_once('emails.inc.php');
        $account = new GoogleAppsAccount($userid, $forlife);
        if ($account->active()) {
            // Re-adds the email redirection (if the user did request it).
            if ($account->activate_mail_redirection) {
                $storage = new MailStorageGoogleApps($userid);
                $storage->enable();
            }

            // Sends an email to the account owner.
            $res = XDB::query(
                "SELECT  FIND_IN_SET('femme', u.flags), prenom
                   FROM  auth_user_md5 AS u
             INNER JOIN  aliases AS a ON (a.id = u.user_id)
                  WHERE  a.alias = {?}",
                $forlife);
            list($sexe, $prenom) = $res->fetchOneRow();

            $mailer = new PlMailer('googleapps/unsuspend.mail.tpl');
            $mailer->assign('account', $account);
            $mailer->assign('email', $forlife . '@' . $globals->mail->domain);
            $mailer->assign('prenom', $prenom);
            $mailer->assign('sexe', $sexe);
            $mailer->send();
        }
    }
}

// Reprensentation of an SQL-stored Google Apps account.
// This class is the interface with the gappsd SQL tables: gappsd is the python
// daemon which deals with Google Apps provisioning APIs.
// TODO(vincent.zanotti): add the url of gappsd, when available.
class GoogleAppsAccount
{
    // User identification: user id, and forlife.
    private $uid;
    public $g_account_name;

    // Local account parameters.
    public $sync_password;
    public $activate_mail_redirection;

    // Account status, obtained from Google Apps provisioning & reporting APIs.
    public $g_account_id;
    public $g_status;
    public $g_suspension;
    public $r_disk_usage;
    public $r_creation;
    public $r_last_login;
    public $r_last_webmail;
    public $reporting_date;

    // Pending requests in the gappsd job queue (cf. top note).
    public $pending_create;
    public $pending_delete;
    public $pending_update;
    public $pending_update_admin;
    public $pending_update_other;
    public $pending_update_password;
    public $pending_update_suspension;

    // Pending requests in plat/al validation queue.
    public $pending_validation_unsuspend;

    // Constructs the account object, by retrieving all informations from the
    // GApps account table, from GApps job queue, and from plat/al validation queue.
    public function __construct($uid, $account_name = NULL)
    {
        if ($account_name == NULL) {
            require_once 'user.func.inc.php';
            $account_name = get_user_forlife($uid, '_silent_user_callback');
        }

        $this->uid = $uid;
        $this->g_account_name = $account_name;
        $this->g_status = NULL;

        $res = XDB::query(
            "SELECT  l_sync_password, l_activate_mail_redirection,
                     g_account_name, g_account_id, g_status, g_suspension, r_disk_usage,
                     UNIX_TIMESTAMP(r_creation) as r_creation,
                     UNIX_TIMESTAMP(r_last_login) as r_last_login,
                     UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail
               FROM  gapps_accounts
              WHERE  g_account_name = {?}",
            $account_name);
        if ($account = $res->fetchOneAssoc()) {
            $this->sync_password = $account['l_sync_password'];
            $this->activate_mail_redirection = $account['l_activate_mail_redirection'];
            $this->g_account_id = $account['g_account_id'];
            $this->g_status = $account['g_status'];
            $this->g_suspension = $account['g_suspension'];
            $this->r_disk_usage = $account['r_disk_usage'];
            $this->r_creation = $account['r_creation'];
            $this->r_last_login = $account['r_last_webmail'];
            $this->r_last_webmail = $account['r_last_webmail'];

            $this->load_pending_counts();
            $this->load_pending_validations();
            if ($this->pending_update) {
                $this->load_pending_updates();
            }

            $res = XDB::query("SELECT MAX(date) FROM gapps_reporting");
            $this->reporting_date = $res->fetchOneCell();
        }
    }

    // Determines if changes to the Google Account are currently waiting in the
    // GApps job queue, and initializes the local values accordingly.
    private function load_pending_counts()
    {
        $res = XDB::query(
            "SELECT  SUM(j_type = 'u_create') AS pending_create,
                     SUM(j_type = 'u_update') AS pending_update,
                     SUM(j_type = 'u_delete') AS pending_delete
               FROM  gapps_queue
              WHERE  q_recipient_id = {?} AND
                     p_status IN ('idle', 'active', 'softfail')
           GROUP BY  j_type",
            $this->uid);
        $pending = $res->fetchOneAssoc();
        $this->pending_create = $pending['pending_create'];
        $this->pending_update = $pending['pending_update'];
        $this->pending_delete = $pending['pending_delete'];

        $this->pending_update_admin = false;
        $this->pending_update_other = false;
        $this->pending_update_password = false;
        $this->pending_update_suspension = false;
    }

    // Checks for unsuspend requests waiting for validation in plat/al
    // validation queue.
    private function load_pending_validations()
    {
        require_once('validations.inc.php');
        $this->pending_validation_unsuspend =
            Validate::get_typed_requests_count($this->uid, 'gapps-unsuspend');
    }

    // Retrieves all the pending update job in the gappsd queue for the current
    // user, and analyzes the scope of the update (ie. the fields in the user
    // account which are going to be updated).
    private function load_pending_updates()
    {
        $res = XDB::iterator(
            "SELECT  j_parameters
               FROM  gapps_queue
              WHERE  q_recipient_id = {?} AND
                     p_status IN ('idle', 'active', 'softfail') AND
                     j_type = 'u_update'",
            $this->uid);
        while ($update = $res->next()) {
            $update_data = json_decode($update["j_parameters"], true);

            if (isset($update_data["suspended"])) {
                $this->pending_update_suspension = true;
            } elseif (isset($update_data["password"])) {
                $this->pending_update_password = true;
            } elseif (isset($update_data["admin"])) {
                $this->pending_update_admin = true;
            } else {
                $this->pending_update_other = true;
            }
        }
    }

    // Creates a queue job of the @p type, for the user represented by this
    // GoogleAppsAccount object, using @p parameters. @p parameters is supposed
    // to be a one-dimension array of key-value mappings.
    // The created job as a 'normal' priority, and is scheduled for immediate
    // execution.
    private function create_queue_job($type, $parameters) {
        $parameters["username"] = $this->g_account_name;
        XDB::execute(
            "INSERT  INTO gapps_queue
                SET  q_owner_id = {?}, q_recipient_id = {?},
                     p_entry_date = NOW(), p_notbefore_date = NOW(),
                     p_priority = 'normal',
                     j_type = {?}, j_parameters = {?}",
            S::v('uid'),
            $this->uid,
            $type,
            json_encode($parameters));
    }


    // Returns true if the account is currently active.
    public function active()
    {
        return $this->g_status == 'active';
    }

    // Returns true if the account exists in Google Apps.
    public function provisioned()
    {
        return $this->g_status == 'active' or $this->g_status == 'disabled';
    }

    // Returns true if the account exists, but cannot be used (user-requested
    // suspension, or Google-requested suspension).
    public function suspended()
    {
        return $this->g_status == 'disabled';
    }


    // Changes the GoogleApps password.
    public function set_password($password) {
        if (!$this->provisioned()) {
            return;
        }

        if (!$this->pending_update_password) {
            $this->create_queue_job('u_update', array('password' => $password));
        }
    }


    // Changes the password synchronization status ("sync = true" means that the
    // Polytechnique.org password will be replicated to the Google Apps account).
    public function set_password_sync($sync) {
        if (!$this->provisioned()) {
            return;
        }

        $this->sync_password = $sync;
        XDB::execute(
            "UPDATE  gapps_accounts
                SET  l_sync_password = {?}
              WHERE  g_account_name = {?}",
            $sync,
            $this->g_account_name);
    }

    // Suspends the Google Apps account.
    public function suspend() {
        if (!$this->provisioned()) {
            return;
        }

        if (!$this->pending_update_suspension) {
            $this->create_queue_job('u_update', array('suspended' => true));
            $this->pending_update_suspension = true;
        }
    }

    // Adds an unsuspension request to the validation queue (used on user-request).
    public function unsuspend($activate_mail_redirection = NULL) {
        if (!$this->provisioned()) {
            return;
        }
        if ($activate_mail_redirection !== NULL) {
            $this->activate_mail_redirection = $activate_mail_redirection;
            XDB::execute(
                "UPDATE  gapps_accounts
                    SET  l_activate_mail_redirection = {?}
                  WHERE  g_account_name = {?}",
                $activate_mail_redirection,
                $this->g_account_name);
        }

        if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) {
            require_once('validations.inc.php');
            $unsuspend = new GoogleAppsUnsuspendReq($this->uid);
            $unsuspend->submit();
            $this->pending_validation_unsuspend = true;
        }
    }

    // Unsuspends the Google Apps account (used on admin-request, or on validation of
    // an user-request).
    public function do_unsuspend() {
        if (!$this->provisioned()) {
            return;
        }

        if (!$this->pending_update_suspension) {
            if ($this->sync_password) {
                $res = XDB::query(
                    "SELECT  password
                       FROM  auth_user_md5
                      WHERE  user_id = {?}",
                    $this->uid);
                $password = ($res->numRows() > 0 ? $res->fetchOneCell() : false);
            } else {
                $password = false;
            }

            if ($password) {
                $this->create_queue_job('u_update', array('suspended' => false, 'password' => $password));
            } else {
                $this->create_queue_job('u_update', array('suspended' => false));
            }
            $this->pending_update_suspension = true;
            return true;
        }
        return false;
    }

    // Creates a new Google Apps account with the @p local parameters.
    public function create($password_sync, $password, $redirect_mails) {
        if ($this->g_status != NULL) {
            return;
        }

        if (!$this->pending_create) {
            // Retrieves information on the new account.
            $res = XDB::query(
                "SELECT  nom, nom_usage, prenom
                   FROM  auth_user_md5
                  WHERE  user_id = {?}",
                $this->uid);
            list($nom, $nom_usage, $prenom) = $res->fetchOneRow();

            // Adds an 'unprovisioned' entry in the gapps_accounts table.
            XDB::execute(
                "INSERT  INTO gapps_accounts
                    SET  l_userid = {?},
                         l_sync_password = {?},
                         l_activate_mail_redirection = {?},
                         g_account_name = {?},
                         g_first_name = {?},
                         g_last_name = {?},
                         g_status = 'unprovisioned'",
                $this->uid,
                $password_sync,
                $redirect_mails,
                $this->g_account_name,
                $prenom,
                ($nom_usage ? $nom_usage : $nom));

            // Adds the creation job in the GApps queue.
            $this->create_queue_job(
                'u_create',
                array(
                    'username' => $this->g_account_name,
                    'first_name' => $prenom,
                    'last_name' => ($nom_usage ? $nom_usage : $nom),
                    'password' => $password,
                ));

            // Updates the GoogleAppsAccount status.
            $this->__construct($this->uid, $this->g_account_name);
        }
    }


    // Returns the status of the Google Apps account for @p user, or false
    // when no account exists.
    static public function account_status($uid) {
        $res = XDB::query(
            "SELECT  g_status
               FROM  gapps_accounts
              WHERE  l_userid = {?}", $uid);
        return ($res->numRows() > 0 ? $res->fetchOneCell() : false);
    }

    // Returns true if the @p user is an administrator of the Google Apps domain.
    static public function is_administrator($uid) {
        $res = XDB::query(
            "SELECT  g_admin
               FROM  gapps_accounts
              WHERE  l_userid = {?} AND g_status = 'active'", $uid);
        return ($res->numRows() > 0 ? (bool)$res->fetchOneRow() : false);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
bb0727ea VZ	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2008 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
f5c4bf30	22	// Post-processes the successful Google Apps account creation queue job.
bb0727ea VZ	23	function post_queue_u_create($job) {
	24	global $globals;
	25
	26	// Retrieves the user parameters (userid and forlife).
	27	$parameters = json_decode($job['j_parameters'], true);
	28	$forlife = isset($parameters['username']) ? $parameters['username'] : null;
	29	$userid = $job['q_recipient_id'];
	30	if (!$forlife \|\| !$userid) {
	31	return;
	32	}
	33
f5c4bf30 VZ	34	// Adds a redirection to the Google Apps delivery address, if requested by
f5c4bf30 VZ	35	// the user at creation time.
bb0727ea VZ	36	$account = new GoogleAppsAccount($userid, $forlife);
	37	if ($account->activate_mail_redirection) {
	38	require_once('emails.inc.php');
	39	$storage = new MailStorageGoogleApps($userid);
	40	$storage->enable();
	41	}
	42
f5c4bf30	43	// Sends the 'account created' email to the user, with basic documentation.
bb0727ea VZ	44	$res = XDB::query(
	45	"SELECT FIND_IN_SET('femme', u.flags), prenom
	46	FROM auth_user_md5 AS u
	47	INNER JOIN aliases AS a ON (a.id = u.user_id)
	48	WHERE a.alias = {?}",
	49	$forlife);
	50	list($sexe, $prenom) = $res->fetchOneRow();
	51
	52	$mailer = new PlMailer('googleapps/create.mail.tpl');
	53	$mailer->assign('account', $account);
	54	$mailer->assign('email', $forlife . '@' . $globals->mail->domain);
	55	$mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain);
	56	$mailer->assign('prenom', $prenom);
	57	$mailer->assign('sexe', $sexe);
	58	$mailer->send();
	59	}
	60
f5c4bf30	61	// Post-processes the successful Google Apps account update queue job.
bb0727ea VZ	62	function post_queue_u_update($job) {
	63	global $globals;
	64
	65	// If the u_update job was an unsuspend request, re-adds the redirection
	66	// to the Google Apps delivery address, provided the account is active (it might
	67	// have been deleted between the unsuspension and the post-queue processing).
	68	$parameters = json_decode($job['j_parameters'], true);
	69	$forlife = isset($parameters['username']) ? $parameters['username'] : null;
	70	$userid = $job['q_recipient_id'];
	71	if (!$forlife \|\| !$userid) {
	72	return;
	73	}
	74
	75	if (isset($parameters['suspended']) && $parameters['suspended'] == false) {
	76	require_once('emails.inc.php');
	77	$account = new GoogleAppsAccount($userid, $forlife);
f5c4bf30	78	if ($account->active()) {
bb0727ea VZ	79	// Re-adds the email redirection (if the user did request it).
	80	if ($account->activate_mail_redirection) {
	81	$storage = new MailStorageGoogleApps($userid);
	82	$storage->enable();
	83	}
	84
	85	// Sends an email to the account owner.
	86	$res = XDB::query(
	87	"SELECT FIND_IN_SET('femme', u.flags), prenom
	88	FROM auth_user_md5 AS u
	89	INNER JOIN aliases AS a ON (a.id = u.user_id)
	90	WHERE a.alias = {?}",
	91	$forlife);
	92	list($sexe, $prenom) = $res->fetchOneRow();
	93
	94	$mailer = new PlMailer('googleapps/unsuspend.mail.tpl');
	95	$mailer->assign('account', $account);
	96	$mailer->assign('email', $forlife . '@' . $globals->mail->domain);
	97	$mailer->assign('prenom', $prenom);
	98	$mailer->assign('sexe', $sexe);
	99	$mailer->send();
	100	}
	101	}
	102	}
	103
	104	// Reprensentation of an SQL-stored Google Apps account.
f5c4bf30 VZ	105	// This class is the interface with the gappsd SQL tables: gappsd is the python
	106	// daemon which deals with Google Apps provisioning APIs.
	107	// TODO(vincent.zanotti): add the url of gappsd, when available.
bb0727ea VZ	108	class GoogleAppsAccount
bb0727ea VZ	109	{
f5c4bf30	110	// User identification: user id, and forlife.
bb0727ea VZ	111	private $uid;
	112	public $g_account_name;
	113
f5c4bf30	114	// Local account parameters.
bb0727ea VZ	115	public $sync_password;
bb0727ea VZ	116	public $activate_mail_redirection;
f5c4bf30 VZ	117
f5c4bf30 VZ	118	// Account status, obtained from Google Apps provisioning & reporting APIs.
0089e594	119	public $g_account_id;
bb0727ea VZ	120	public $g_status;
	121	public $g_suspension;
	122	public $r_disk_usage;
	123	public $r_creation;
	124	public $r_last_login;
	125	public $r_last_webmail;
	126	public $reporting_date;
	127
f5c4bf30	128	// Pending requests in the gappsd job queue (cf. top note).
bb0727ea VZ	129	public $pending_create;
	130	public $pending_delete;
	131	public $pending_update;
	132	public $pending_update_admin;
	133	public $pending_update_other;
	134	public $pending_update_password;
	135	public $pending_update_suspension;
	136
f5c4bf30	137	// Pending requests in plat/al validation queue.
bb0727ea VZ	138	public $pending_validation_unsuspend;
bb0727ea VZ	139
f5c4bf30 VZ	140	// Constructs the account object, by retrieving all informations from the
	141	// GApps account table, from GApps job queue, and from plat/al validation queue.
	142	public function __construct($uid, $account_name = NULL)
bb0727ea	143	{
f5c4bf30 VZ	144	if ($account_name == NULL) {
	145	require_once 'user.func.inc.php';
	146	$account_name = get_user_forlife($uid, '_silent_user_callback');
	147	}
	148
bb0727ea VZ	149	$this->uid = $uid;
	150	$this->g_account_name = $account_name;
	151	$this->g_status = NULL;
	152
	153	$res = XDB::query(
	154	"SELECT l_sync_password, l_activate_mail_redirection,
0089e594	155	g_account_name, g_account_id, g_status, g_suspension, r_disk_usage,
bb0727ea VZ	156	UNIX_TIMESTAMP(r_creation) as r_creation,
	157	UNIX_TIMESTAMP(r_last_login) as r_last_login,
	158	UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail
	159	FROM gapps_accounts
	160	WHERE g_account_name = {?}",
	161	$account_name);
	162	if ($account = $res->fetchOneAssoc()) {
	163	$this->sync_password = $account['l_sync_password'];
	164	$this->activate_mail_redirection = $account['l_activate_mail_redirection'];
0089e594	165	$this->g_account_id = $account['g_account_id'];
bb0727ea VZ	166	$this->g_status = $account['g_status'];
	167	$this->g_suspension = $account['g_suspension'];
	168	$this->r_disk_usage = $account['r_disk_usage'];
	169	$this->r_creation = $account['r_creation'];
	170	$this->r_last_login = $account['r_last_webmail'];
	171	$this->r_last_webmail = $account['r_last_webmail'];
	172
	173	$this->load_pending_counts();
	174	$this->load_pending_validations();
	175	if ($this->pending_update) {
	176	$this->load_pending_updates();
	177	}
	178
	179	$res = XDB::query("SELECT MAX(date) FROM gapps_reporting");
	180	$this->reporting_date = $res->fetchOneCell();
	181	}
	182	}
	183
f5c4bf30 VZ	184	// Determines if changes to the Google Account are currently waiting in the
f5c4bf30 VZ	185	// GApps job queue, and initializes the local values accordingly.
bb0727ea VZ	186	private function load_pending_counts()
bb0727ea VZ	187	{
bb0727ea VZ	188	$res = XDB::query(
	189	"SELECT SUM(j_type = 'u_create') AS pending_create,
	190	SUM(j_type = 'u_update') AS pending_update,
	191	SUM(j_type = 'u_delete') AS pending_delete
	192	FROM gapps_queue
	193	WHERE q_recipient_id = {?} AND
	194	p_status IN ('idle', 'active', 'softfail')
	195	GROUP BY j_type",
	196	$this->uid);
	197	$pending = $res->fetchOneAssoc();
	198	$this->pending_create = $pending['pending_create'];
	199	$this->pending_update = $pending['pending_update'];
	200	$this->pending_delete = $pending['pending_delete'];
	201
	202	$this->pending_update_admin = false;
	203	$this->pending_update_other = false;
	204	$this->pending_update_password = false;
	205	$this->pending_update_suspension = false;
	206	}
	207
f5c4bf30 VZ	208	// Checks for unsuspend requests waiting for validation in plat/al
f5c4bf30 VZ	209	// validation queue.
bb0727ea VZ	210	private function load_pending_validations()
	211	{
	212	require_once('validations.inc.php');
	213	$this->pending_validation_unsuspend =
	214	Validate::get_typed_requests_count($this->uid, 'gapps-unsuspend');
	215	}
	216
f5c4bf30 VZ	217	// Retrieves all the pending update job in the gappsd queue for the current
	218	// user, and analyzes the scope of the update (ie. the fields in the user
	219	// account which are going to be updated).
bb0727ea VZ	220	private function load_pending_updates()
bb0727ea VZ	221	{
bb0727ea VZ	222	$res = XDB::iterator(
	223	"SELECT j_parameters
	224	FROM gapps_queue
	225	WHERE q_recipient_id = {?} AND
	226	p_status IN ('idle', 'active', 'softfail') AND
	227	j_type = 'u_update'",
	228	$this->uid);
	229	while ($update = $res->next()) {
	230	$update_data = json_decode($update["j_parameters"], true);
	231
	232	if (isset($update_data["suspended"])) {
	233	$this->pending_update_suspension = true;
	234	} elseif (isset($update_data["password"])) {
	235	$this->pending_update_password = true;
	236	} elseif (isset($update_data["admin"])) {
	237	$this->pending_update_admin = true;
	238	} else {
	239	$this->pending_update_other = true;
	240	}
	241	}
	242	}
	243
	244	// Creates a queue job of the @p type, for the user represented by this
f5c4bf30 VZ	245	// GoogleAppsAccount object, using @p parameters. @p parameters is supposed
	246	// to be a one-dimension array of key-value mappings.
	247	// The created job as a 'normal' priority, and is scheduled for immediate
	248	// execution.
bb0727ea VZ	249	private function create_queue_job($type, $parameters) {
	250	$parameters["username"] = $this->g_account_name;
	251	XDB::execute(
	252	"INSERT INTO gapps_queue
	253	SET q_owner_id = {?}, q_recipient_id = {?},
	254	p_entry_date = NOW(), p_notbefore_date = NOW(),
	255	p_priority = 'normal',
	256	j_type = {?}, j_parameters = {?}",
	257	S::v('uid'),
	258	$this->uid,
	259	$type,
	260	json_encode($parameters));
	261	}
	262
f5c4bf30 VZ	263
	264	// Returns true if the account is currently active.
	265	public function active()
	266	{
	267	return $this->g_status == 'active';
	268	}
	269
	270	// Returns true if the account exists in Google Apps.
	271	public function provisioned()
	272	{
	273	return $this->g_status == 'active' or $this->g_status == 'disabled';
	274	}
	275
	276	// Returns true if the account exists, but cannot be used (user-requested
	277	// suspension, or Google-requested suspension).
	278	public function suspended()
	279	{
	280	return $this->g_status == 'disabled';
	281	}
	282
	283
bb0727ea VZ	284	// Changes the GoogleApps password.
bb0727ea VZ	285	public function set_password($password) {
f5c4bf30	286	if (!$this->provisioned()) {
bb0727ea VZ	287	return;
	288	}
	289
	290	if (!$this->pending_update_password) {
	291	$this->create_queue_job('u_update', array('password' => $password));
	292	}
	293	}
	294
f5c4bf30	295
bb0727ea VZ	296	// Changes the password synchronization status ("sync = true" means that the
	297	// Polytechnique.org password will be replicated to the Google Apps account).
	298	public function set_password_sync($sync) {
f5c4bf30	299	if (!$this->provisioned()) {
bb0727ea VZ	300	return;
	301	}
	302
	303	$this->sync_password = $sync;
	304	XDB::execute(
	305	"UPDATE gapps_accounts
	306	SET l_sync_password = {?}
	307	WHERE g_account_name = {?}",
	308	$sync,
	309	$this->g_account_name);
	310	}
	311
	312	// Suspends the Google Apps account.
	313	public function suspend() {
f5c4bf30	314	if (!$this->provisioned()) {
bb0727ea VZ	315	return;
	316	}
	317
	318	if (!$this->pending_update_suspension) {
	319	$this->create_queue_job('u_update', array('suspended' => true));
	320	$this->pending_update_suspension = true;
	321	}
	322	}
	323
	324	// Adds an unsuspension request to the validation queue (used on user-request).
	325	public function unsuspend($activate_mail_redirection = NULL) {
f5c4bf30	326	if (!$this->provisioned()) {
bb0727ea VZ	327	return;
	328	}
	329	if ($activate_mail_redirection !== NULL) {
	330	$this->activate_mail_redirection = $activate_mail_redirection;
	331	XDB::execute(
	332	"UPDATE gapps_accounts
	333	SET l_activate_mail_redirection = {?}
	334	WHERE g_account_name = {?}",
f5c4bf30 VZ	335	$activate_mail_redirection,
f5c4bf30 VZ	336	$this->g_account_name);
bb0727ea VZ	337	}
	338
	339	if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) {
	340	require_once('validations.inc.php');
	341	$unsuspend = new GoogleAppsUnsuspendReq($this->uid);
	342	$unsuspend->submit();
	343	$this->pending_validation_unsuspend = true;
	344	}
	345	}
	346
	347	// Unsuspends the Google Apps account (used on admin-request, or on validation of
	348	// an user-request).
	349	public function do_unsuspend() {
f5c4bf30	350	if (!$this->provisioned()) {
bb0727ea VZ	351	return;
	352	}
	353
	354	if (!$this->pending_update_suspension) {
	355	if ($this->sync_password) {
	356	$res = XDB::query(
	357	"SELECT password
	358	FROM auth_user_md5
	359	WHERE user_id = {?}",
	360	$this->uid);
	361	$password = ($res->numRows() > 0 ? $res->fetchOneCell() : false);
	362	} else {
	363	$password = false;
	364	}
	365
	366	if ($password) {
	367	$this->create_queue_job('u_update', array('suspended' => false, 'password' => $password));
	368	} else {
	369	$this->create_queue_job('u_update', array('suspended' => false));
	370	}
	371	$this->pending_update_suspension = true;
	372	return true;
	373	}
	374	return false;
	375	}
	376
f5c4bf30	377	// Creates a new Google Apps account with the @p local parameters.
bb0727ea VZ	378	public function create($password_sync, $password, $redirect_mails) {
	379	if ($this->g_status != NULL) {
	380	return;
	381	}
	382
	383	if (!$this->pending_create) {
	384	// Retrieves information on the new account.
	385	$res = XDB::query(
	386	"SELECT nom, nom_usage, prenom
	387	FROM auth_user_md5
	388	WHERE user_id = {?}",
	389	$this->uid);
	390	list($nom, $nom_usage, $prenom) = $res->fetchOneRow();
	391
f5c4bf30	392	// Adds an 'unprovisioned' entry in the gapps_accounts table.
bb0727ea VZ	393	XDB::execute(
	394	"INSERT INTO gapps_accounts
	395	SET l_userid = {?},
	396	l_sync_password = {?},
	397	l_activate_mail_redirection = {?},
	398	g_account_name = {?},
	399	g_first_name = {?},
	400	g_last_name = {?},
	401	g_status = 'unprovisioned'",
	402	$this->uid,
	403	$password_sync,
	404	$redirect_mails,
	405	$this->g_account_name,
	406	$prenom,
	407	($nom_usage ? $nom_usage : $nom));
	408
	409	// Adds the creation job in the GApps queue.
	410	$this->create_queue_job(
	411	'u_create',
	412	array(
	413	'username' => $this->g_account_name,
	414	'first_name' => $prenom,
	415	'last_name' => ($nom_usage ? $nom_usage : $nom),
	416	'password' => $password,
	417	));
	418
	419	// Updates the GoogleAppsAccount status.
	420	$this->__construct($this->uid, $this->g_account_name);
	421	}
	422	}
f5c4bf30 VZ	423
	424
	425	// Returns the status of the Google Apps account for @p user, or false
	426	// when no account exists.
	427	static public function account_status($uid) {
	428	$res = XDB::query(
	429	"SELECT g_status
	430	FROM gapps_accounts
	431	WHERE l_userid = {?}", $uid);
	432	return ($res->numRows() > 0 ? $res->fetchOneCell() : false);
	433	}
	434
	435	// Returns true if the @p user is an administrator of the Google Apps domain.
	436	static public function is_administrator($uid) {
	437	$res = XDB::query(
	438	"SELECT g_admin
	439	FROM gapps_accounts
	440	WHERE l_userid = {?} AND g_status = 'active'", $uid);
	441	return ($res->numRows() > 0 ? (bool)$res->fetchOneRow() : false);
	442	}
bb0727ea VZ	443	}
	444
	445	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
	446	?>