2 /***************************************************************************
3 * Copyright (C) 2003-2009 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
22 // Post-processes the successful Google Apps account creation queue job.
23 function post_queue_u_create($job) {
26 // Retrieves the user parameters (GoogleApps username and user_id).
27 $parameters = json_decode($job['j_parameters'], true
);
28 $username = isset($parameters['username']) ?
$parameters['username'] : null
;
29 if (!($user = User
::getSilent($username))) {
33 // Adds a redirection to the Google Apps delivery address, if requested by
34 // the user at creation time.
35 $account = new GoogleAppsAccount($user);
36 if ($account->activate_mail_redirection
) {
37 require_once('emails.inc.php');
38 $storage = new EmailStorage($user, 'googleapps');
42 // Sends the 'account created' email to the user, with basic documentation.
43 $mailer = new PlMailer('googleapps/create.mail.tpl');
44 $mailer->assign('account', $account);
45 $mailer->assign('email', $user->bestEmail());
46 $mailer->assign('googleapps_domain', $globals->mailstorage
->googleapps_domain
);
47 $mailer->assign('prenom', $user->displayName());
48 $mailer->assign('sexe', $user->isFemale());
52 // Post-processes the successful Google Apps account update queue job.
53 function post_queue_u_update($job) {
56 // If the u_update job was an unsuspend request, re-adds the redirection
57 // to the Google Apps delivery address, provided the account is active (it might
58 // have been deleted between the unsuspension and the post-queue processing).
59 $parameters = json_decode($job['j_parameters'], true
);
60 $username = isset($parameters['username']) ?
$parameters['username'] : null
;
61 if (!($user = User
::getSilent($username))) {
65 if (isset($parameters['suspended']) && $parameters['suspended'] == false
) {
66 require_once('emails.inc.php');
67 $account = new GoogleAppsAccount($user);
68 if ($account->active()) {
69 // Re-adds the email redirection (if the user did request it).
70 if ($account->activate_mail_redirection
) {
71 $storage = new EmailStorage($user, 'googleapps');
75 // Sends an email to the account owner.
76 $mailer = new PlMailer('googleapps/unsuspend.mail.tpl');
77 $mailer->assign('account', $account);
78 $mailer->assign('email', $user->bestEmail());
79 $mailer->assign('prenom', $user->displayName());
80 $mailer->assign('sexe', $user->isFemale());
86 // Reprensentation of an SQL-stored Google Apps account.
87 // This class is the interface with the gappsd SQL tables: gappsd is the python
88 // daemon which deals with Google Apps provisioning APIs.
89 // TODO(vincent.zanotti): add the url of gappsd, when available.
90 class GoogleAppsAccount
92 // User identification: user id, and hruid.
94 public $g_account_name;
96 // Local account parameters.
97 public $sync_password;
98 public $activate_mail_redirection;
100 // Account status, obtained from Google Apps provisioning & reporting APIs.
101 public $g_account_id;
103 public $g_suspension;
104 public $r_disk_usage;
106 public $r_last_login;
107 public $r_last_webmail;
108 public $reporting_date;
110 // Pending requests in the gappsd job queue (cf. top note).
111 public $pending_create;
112 public $pending_delete;
113 public $pending_update;
114 public $pending_update_admin;
115 public $pending_update_other;
116 public $pending_update_password;
117 public $pending_update_suspension;
119 // Pending requests in plat/al validation queue.
120 public $pending_validation_unsuspend;
122 // Constructs the account object, by retrieving all informations from the
123 // GApps account table, from GApps job queue, and from plat/al validation queue.
124 public function __construct(User
&$user)
126 $this->user
= &$user;
127 if (!$this->user ||
!$this->user
->login()) {
131 // TODO: switch to multi-domain Google Apps, and use $this->user->forlifeEmail()
132 // as Google Apps idenfiant (requires changes in gappsd).
133 $this->g_account_name
= $this->user
->login();
134 $this->g_status
= NULL
;
137 "SELECT l_sync_password, l_activate_mail_redirection,
138 g_account_name, g_account_id, g_status, g_suspension, r_disk_usage,
139 UNIX_TIMESTAMP(r_creation) as r_creation,
140 UNIX_TIMESTAMP(r_last_login) as r_last_login,
141 UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail
143 WHERE g_account_name = {?}", $this->g_account_name
);
144 if ($account = $res->fetchOneAssoc()) {
145 $this->sync_password
= $account['l_sync_password'];
146 $this->activate_mail_redirection
= $account['l_activate_mail_redirection'];
147 $this->g_account_id
= $account['g_account_id'];
148 $this->g_status
= $account['g_status'];
149 $this->g_suspension
= $account['g_suspension'];
150 $this->r_disk_usage
= $account['r_disk_usage'];
151 $this->r_creation
= $account['r_creation'];
152 $this->r_last_login
= $account['r_last_webmail'];
153 $this->r_last_webmail
= $account['r_last_webmail'];
155 $this->load_pending_counts();
156 $this->load_pending_validations();
157 if ($this->pending_update
) {
158 $this->load_pending_updates();
161 $res = XDB
::query("SELECT MAX(date) FROM gapps_reporting");
162 $this->reporting_date
= $res->fetchOneCell();
166 // Determines if changes to the Google Account are currently waiting in the
167 // GApps job queue, and initializes the local values accordingly.
168 private function load_pending_counts()
171 "SELECT SUM(j_type = 'u_create') AS pending_create,
172 SUM(j_type = 'u_update') AS pending_update,
173 SUM(j_type = 'u_delete') AS pending_delete
175 WHERE q_recipient_id = {?} AND
176 p_status IN ('idle', 'active', 'softfail')
177 GROUP BY j_type", $this->user
->id());
178 $pending = $res->fetchOneAssoc();
179 $this->pending_create
= $pending['pending_create'];
180 $this->pending_update
= $pending['pending_update'];
181 $this->pending_delete
= $pending['pending_delete'];
183 $this->pending_update_admin
= false
;
184 $this->pending_update_other
= false
;
185 $this->pending_update_password
= false
;
186 $this->pending_update_suspension
= false
;
189 // Checks for unsuspend requests waiting for validation in plat/al
191 private function load_pending_validations()
193 require_once('validations.inc.php');
194 $this->pending_validation_unsuspend
=
195 Validate
::get_typed_requests_count($this->user
->id(), 'gapps-unsuspend');
198 // Retrieves all the pending update job in the gappsd queue for the current
199 // user, and analyzes the scope of the update (ie. the fields in the user
200 // account which are going to be updated).
201 private function load_pending_updates()
203 $res = XDB
::iterator(
206 WHERE q_recipient_id = {?} AND
207 p_status IN ('idle', 'active', 'softfail') AND
208 j_type = 'u_update'", $this->user
->id());
209 while ($update = $res->next()) {
210 $update_data = json_decode($update["j_parameters"], true
);
212 if (isset($update_data["suspended"])) {
213 $this->pending_update_suspension
= true
;
214 } elseif (isset($update_data["password"])) {
215 $this->pending_update_password
= true
;
216 } elseif (isset($update_data["admin"])) {
217 $this->pending_update_admin
= true
;
219 $this->pending_update_other
= true
;
224 // Creates a queue job of the @p type, for the user represented by this
225 // GoogleAppsAccount object, using @p parameters. @p parameters is supposed
226 // to be a one-dimension array of key-value mappings.
227 // The created job as a 'immediate' priority, and is scheduled for immediate
229 private function create_queue_job($type, $parameters) {
230 $parameters["username"] = $this->g_account_name
;
232 "INSERT INTO gapps_queue
233 SET q_owner_id = {?}, q_recipient_id = {?},
234 p_entry_date = NOW(), p_notbefore_date = NOW(),
235 p_priority = 'immediate',
236 j_type = {?}, j_parameters = {?}",
240 json_encode($parameters));
244 // Returns true if the account is currently active.
245 public function active()
247 return $this->g_status
== 'active';
250 // Returns true if the account exists in Google Apps.
251 public function provisioned()
253 return $this->g_status
== 'active' or $this->g_status
== 'disabled';
256 // Returns true if the account exists, but cannot be used (user-requested
257 // suspension, or Google-requested suspension).
258 public function suspended()
260 return $this->g_status
== 'disabled';
264 // Changes the GoogleApps password.
265 public function set_password($password) {
266 if (!$this->provisioned()) {
270 if (!$this->pending_update_password
) {
271 $this->create_queue_job('u_update', array('password' => $password));
272 $this->pending_update_password
= true
;
277 // Changes the password synchronization status ("sync = true" means that the
278 // Polytechnique.org password will be replicated to the Google Apps account).
279 public function set_password_sync($sync) {
280 if (!$this->provisioned()) {
284 $this->sync_password
= $sync;
286 "UPDATE gapps_accounts
287 SET l_sync_password = {?}
288 WHERE g_account_name = {?}",
290 $this->g_account_name
);
293 // Suspends the Google Apps account.
294 public function suspend() {
295 if (!$this->provisioned()) {
299 if (!$this->pending_update_suspension
) {
300 $this->create_queue_job('u_update', array('suspended' => true
));
301 $this->pending_update_suspension
= true
;
303 "UPDATE gapps_accounts
304 SET g_status = 'disabled'
305 WHERE g_account_name = {?} AND g_status = 'active'",
306 $this->g_account_name
);
310 // Adds an unsuspension request to the validation queue (used on user-request).
311 public function unsuspend($activate_mail_redirection = NULL
) {
312 if (!$this->provisioned()) {
315 if ($activate_mail_redirection !== NULL
) {
316 $this->activate_mail_redirection
= $activate_mail_redirection;
318 "UPDATE gapps_accounts
319 SET l_activate_mail_redirection = {?}
320 WHERE g_account_name = {?}",
321 $activate_mail_redirection,
322 $this->g_account_name
);
325 if (!$this->pending_update_suspension
&& !$this->pending_validation_unsuspend
) {
326 require_once('validations.inc.php');
327 $unsuspend = new GoogleAppsUnsuspendReq($this->user
);
328 $unsuspend->submit();
329 $this->pending_validation_unsuspend
= true
;
333 // Unsuspends the Google Apps account (used on admin-request, or on validation of
335 public function do_unsuspend() {
336 if (!$this->provisioned()) {
340 if (!$this->pending_update_suspension
) {
341 if ($this->sync_password
) {
345 WHERE uid = {?}", $this->user
->id());
346 $password = ($res->numRows() > 0 ?
$res->fetchOneCell() : false
);
352 $this->create_queue_job('u_update', array('suspended' => false
, 'password' => $password));
354 $this->create_queue_job('u_update', array('suspended' => false
));
356 $this->pending_update_suspension
= true
;
362 // Creates a new Google Apps account with the @p local parameters.
363 public function create($password_sync, $password, $redirect_mails)
365 if ($this->g_status
!= NULL
) {
369 if (!$this->pending_create
) {
370 // Retrieves information on the new account.
371 // TODO: retreive first_name and last_name from the profile.
372 if (!$user->hasProfile()) {
373 $prenom = $user->displayName();
374 $nom = $user->fullName();
376 $prenom = $user->profile()->firstName();
377 $nom = $user->profile()->lastName();
380 // Adds an 'unprovisioned' entry in the gapps_accounts table.
382 "INSERT INTO gapps_accounts
384 l_sync_password = {?},
385 l_activate_mail_redirection = {?},
386 g_account_name = {?},
389 g_status = 'unprovisioned'",
393 $this->g_account_name
,
396 // Adds the creation job in the GApps queue.
397 $this->create_queue_job(
400 'username' => $this->g_account_name
,
401 'first_name' => $prenom,
403 'password' => $password,
406 // Updates the GoogleAppsAccount status.
407 $this->__construct($this->user
);
412 // Returns the status of the Google Apps account for @p user, or false
413 // when no account exists.
414 static public function account_status($uid) {
418 WHERE l_userid = {?}", $uid);
419 return ($res->numRows() > 0 ?
$res->fetchOneCell() : false
);
422 // Returns true if the @p user is an administrator of the Google Apps domain.
423 static public function is_administrator($uid) {
427 WHERE l_userid = {?} AND g_status = 'active'", $uid);
428 return ($res->numRows() > 0 ?
(bool
)$res->fetchOneCell() : false
);
432 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: