projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote branch 'origin/master' into account
[platal.git] / include / googleapps.inc.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2010 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 // Post-processes the successful Google Apps account creation queue job.
23 function post_queue_u_create($job) {
24 global $globals;
25
26 // Retrieves the user parameters (GoogleApps username and uid).
27 $parameters = json_decode($job['j_parameters'], true);
28 $username = isset($parameters['username']) ? $parameters['username'] : null;
29 if (!($user = User::getSilent($username))) {
30 return;
31 }
32
33 // Adds a redirection to the Google Apps delivery address, if requested by
34 // the user at creation time.
35 $account = new GoogleAppsAccount($user);
36 if ($account->activate_mail_redirection) {
37 require_once('emails.inc.php');
38 $storage = new EmailStorage($user, 'googleapps');
39 $storage->activate();
40 }
41
42 // Sends the 'account created' email to the user, with basic documentation.
43 $mailer = new PlMailer('googleapps/create.mail.tpl');
44 $mailer->assign('account', $account);
45 $mailer->assign('email', $user->bestEmail());
46 $mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain);
47 $mailer->assign('prenom', $user->displayName());
48 $mailer->assign('sexe', $user->isFemale());
49 $mailer->send();
50 }
51
52 // Post-processes the successful Google Apps account update queue job.
53 function post_queue_u_update($job) {
54 global $globals;
55
56 // If the u_update job was an unsuspend request, re-adds the redirection
57 // to the Google Apps delivery address, provided the account is active (it might
58 // have been deleted between the unsuspension and the post-queue processing).
59 $parameters = json_decode($job['j_parameters'], true);
60 $username = isset($parameters['username']) ? $parameters['username'] : null;
61 if (!($user = User::getSilent($username))) {
62 return;
63 }
64
65 if (isset($parameters['suspended']) && $parameters['suspended'] == false) {
66 require_once('emails.inc.php');
67 $account = new GoogleAppsAccount($user);
68 if ($account->active()) {
69 // Re-adds the email redirection (if the user did request it).
70 if ($account->activate_mail_redirection) {
71 $storage = new EmailStorage($user, 'googleapps');
72 $storage->activate();
73 }
74
75 // Sends an email to the account owner.
76 $mailer = new PlMailer('googleapps/unsuspend.mail.tpl');
77 $mailer->assign('account', $account);
78 $mailer->assign('email', $user->bestEmail());
79 $mailer->assign('prenom', $user->displayName());
80 $mailer->assign('sexe', $user->isFemale());
81 $mailer->send();
82 }
83 }
84 }
85
86 // Reprensentation of an SQL-stored Google Apps account.
87 // This class is the interface with the gappsd SQL tables: gappsd is the python
88 // daemon which deals with Google Apps provisioning APIs.
89 // TODO(vincent.zanotti): add the url of gappsd, when available.
90 class GoogleAppsAccount
91 {
92 // User identification: user id, and hruid.
93 private $user;
94 public $g_account_name;
95
96 // Local account parameters.
97 public $sync_password;
98 public $activate_mail_redirection;
99
100 // Account status, obtained from Google Apps provisioning & reporting APIs.
101 public $g_account_id;
102 public $g_status;
103 public $g_suspension;
104 public $r_disk_usage;
105 public $r_creation;
106 public $r_last_login;
107 public $r_last_webmail;
108 public $reporting_date;
109
110 // Nicknames (aliases) registered for that user, lazily loaded.
111 public $nicknames;
112
113 // Pending requests in the gappsd job queue (cf. top note).
114 public $pending_create;
115 public $pending_delete;
116 public $pending_update;
117 public $pending_update_admin;
118 public $pending_update_other;
119 public $pending_update_password;
120 public $pending_update_suspension;
121
122 // Pending requests in plat/al validation queue.
123 public $pending_validation_unsuspend;
124
125 // Constructs the account object, by retrieving all informations from the
126 // GApps account table, from GApps job queue, and from plat/al validation queue.
127 public function __construct(User &$user)
128 {
129 $this->user = &$user;
130 if (!$this->user || !$this->user->login()) {
131 return;
132 }
133
134 // TODO: switch to multi-domain Google Apps, and use $this->user->forlifeEmail()
135 // as Google Apps idenfiant (requires changes in gappsd).
136 $this->g_account_name = $this->user->login();
137 $this->g_status = NULL;
138
139 $res = XDB::query(
140 "SELECT l_sync_password, l_activate_mail_redirection,
141 g_account_name, g_account_id, g_status, g_suspension, r_disk_usage,
142 UNIX_TIMESTAMP(r_creation) as r_creation,
143 UNIX_TIMESTAMP(r_last_login) as r_last_login,
144 UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail
145 FROM gapps_accounts
146 WHERE g_account_name = {?}", $this->g_account_name);
147 if ($account = $res->fetchOneAssoc()) {
148 $this->sync_password = $account['l_sync_password'];
149 $this->activate_mail_redirection = $account['l_activate_mail_redirection'];
150 $this->g_account_id = $account['g_account_id'];
151 $this->g_status = $account['g_status'];
152 $this->g_suspension = $account['g_suspension'];
153 $this->r_disk_usage = $account['r_disk_usage'];
154 $this->r_creation = $account['r_creation'];
155 $this->r_last_login = $account['r_last_webmail'];
156 $this->r_last_webmail = $account['r_last_webmail'];
157
158 $this->load_pending_counts();
159 $this->load_pending_validations();
160 if ($this->pending_update) {
161 $this->load_pending_updates();
162 }
163
164 $res = XDB::query("SELECT MAX(date) FROM gapps_reporting");
165 $this->reporting_date = $res->fetchOneCell();
166 }
167 }
168
169 // Determines if changes to the Google Account are currently waiting in the
170 // GApps job queue, and initializes the local values accordingly.
171 private function load_pending_counts()
172 {
173 $res = XDB::query(
174 "SELECT SUM(j_type = 'u_create') AS pending_create,
175 SUM(j_type = 'u_update') AS pending_update,
176 SUM(j_type = 'u_delete') AS pending_delete
177 FROM gapps_queue
178 WHERE q_recipient_id = {?} AND
179 p_status IN ('idle', 'active', 'softfail')
180 GROUP BY j_type", $this->user->id());
181 $pending = $res->fetchOneAssoc();
182 $this->pending_create = $pending['pending_create'];
183 $this->pending_update = $pending['pending_update'];
184 $this->pending_delete = $pending['pending_delete'];
185
186 $this->pending_update_admin = false;
187 $this->pending_update_other = false;
188 $this->pending_update_password = false;
189 $this->pending_update_suspension = false;
190 }
191
192 // Checks for unsuspend requests waiting for validation in plat/al
193 // validation queue.
194 private function load_pending_validations()
195 {
196 require_once('validations.inc.php');
197 $this->pending_validation_unsuspend =
198 Validate::get_typed_requests_count($this->user->id(), 'gapps-unsuspend');
199 }
200
201 // Retrieves all the pending update job in the gappsd queue for the current
202 // user, and analyzes the scope of the update (ie. the fields in the user
203 // account which are going to be updated).
204 private function load_pending_updates()
205 {
206 $res = XDB::iterator(
207 "SELECT j_parameters
208 FROM gapps_queue
209 WHERE q_recipient_id = {?} AND
210 p_status IN ('idle', 'active', 'softfail') AND
211 j_type = 'u_update'", $this->user->id());
212 while ($update = $res->next()) {
213 $update_data = json_decode($update["j_parameters"], true);
214
215 if (isset($update_data["suspended"])) {
216 $this->pending_update_suspension = true;
217 } elseif (isset($update_data["password"])) {
218 $this->pending_update_password = true;
219 } elseif (isset($update_data["admin"])) {
220 $this->pending_update_admin = true;
221 } else {
222 $this->pending_update_other = true;
223 }
224 }
225 }
226
227 // Creates a queue job of the @p type, for the user represented by this
228 // GoogleAppsAccount object, using @p parameters. @p parameters is supposed
229 // to be a one-dimension array of key-value mappings.
230 // The created job as a 'immediate' priority, and is scheduled for immediate
231 // execution.
232 private function create_queue_job($type, $parameters) {
233 $parameters["username"] = $this->g_account_name;
234 XDB::execute(
235 "INSERT INTO gapps_queue
236 SET q_owner_id = {?}, q_recipient_id = {?},
237 p_entry_date = NOW(), p_notbefore_date = NOW(),
238 p_priority = 'immediate',
239 j_type = {?}, j_parameters = {?}",
240 S::v('uid'),
241 $this->user->id(),
242 $type,
243 json_encode($parameters));
244 }
245
246
247 // Returns true if the account is currently active.
248 public function active()
249 {
250 return $this->g_status == 'active';
251 }
252
253 // Returns true if the account exists in Google Apps.
254 public function provisioned()
255 {
256 return $this->g_status == 'active' or $this->g_status == 'disabled';
257 }
258
259 // Returns true if the account exists, but cannot be used (user-requested
260 // suspension, or Google-requested suspension).
261 public function suspended()
262 {
263 return $this->g_status == 'disabled';
264 }
265
266 // Loads and returns the list of nicknames for the user.
267 public function nicknames()
268 {
269 if ($this->nicknames == null) {
270 $res = XDB::query(
271 "SELECT g_nickname
272 FROM gapps_nicknames
273 WHERE g_account_name = {?}
274 ORDER BY g_nickname",
275 $this->g_account_name);
276 $this->nicknames = $res->fetchColumn();
277 }
278 return $this->nicknames;
279 }
280
281
282 // Changes the GoogleApps password.
283 public function set_password($password) {
284 if (!$this->provisioned()) {
285 return;
286 }
287
288 if (!$this->pending_update_password) {
289 $this->create_queue_job('u_update', array('password' => $password));
290 $this->pending_update_password = true;
291 }
292 }
293
294
295 // Changes the password synchronization status ("sync = true" means that the
296 // Polytechnique.org password will be replicated to the Google Apps account).
297 public function set_password_sync($sync) {
298 if (!$this->provisioned()) {
299 return;
300 }
301
302 $this->sync_password = $sync;
303 XDB::execute(
304 "UPDATE gapps_accounts
305 SET l_sync_password = {?}
306 WHERE g_account_name = {?}",
307 $sync,
308 $this->g_account_name);
309 }
310
311 // Suspends the Google Apps account.
312 public function suspend() {
313 if (!$this->provisioned()) {
314 return;
315 }
316
317 if (!$this->pending_update_suspension) {
318 $this->create_queue_job('u_update', array('suspended' => true));
319 $this->pending_update_suspension = true;
320 XDB::execute(
321 "UPDATE gapps_accounts
322 SET g_status = 'disabled'
323 WHERE g_account_name = {?} AND g_status = 'active'",
324 $this->g_account_name);
325 }
326 }
327
328 // Adds an unsuspension request to the validation queue (used on user-request).
329 public function unsuspend($activate_mail_redirection = NULL) {
330 if (!$this->provisioned()) {
331 return;
332 }
333 if ($activate_mail_redirection !== NULL) {
334 $this->activate_mail_redirection = $activate_mail_redirection;
335 XDB::execute(
336 "UPDATE gapps_accounts
337 SET l_activate_mail_redirection = {?}
338 WHERE g_account_name = {?}",
339 $activate_mail_redirection,
340 $this->g_account_name);
341 }
342
343 if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) {
344 require_once('validations.inc.php');
345 $unsuspend = new GoogleAppsUnsuspendReq($this->user);
346 $unsuspend->submit();
347 $this->pending_validation_unsuspend = true;
348 }
349 }
350
351 // Unsuspends the Google Apps account (used on admin-request, or on validation of
352 // an user-request).
353 public function do_unsuspend() {
354 if (!$this->provisioned()) {
355 return;
356 }
357
358 if (!$this->pending_update_suspension) {
359 if ($this->sync_password) {
360 $this->create_queue_job('u_update', array('suspended' => false, 'password' => $this->user->password()));
361 } else {
362 $this->create_queue_job('u_update', array('suspended' => false));
363 }
364 $this->pending_update_suspension = true;
365 return true;
366 }
367 return false;
368 }
369
370 // Creates a new Google Apps account with the @p local parameters.
371 public function create($password_sync, $password, $redirect_mails)
372 {
373 if ($this->g_status != NULL) {
374 return;
375 }
376
377 if (!$this->pending_create) {
378 // Retrieves information on the new account.
379 // TODO: retreive first_name and last_name from the profile.
380 if (!$user->hasProfile()) {
381 $prenom = $user->displayName();
382 $nom = $user->fullName();
383 } else {
384 $prenom = $user->profile()->firstName();
385 $nom = $user->profile()->lastName();
386 }
387
388 // Adds an 'unprovisioned' entry in the gapps_accounts table.
389 XDB::execute(
390 "INSERT INTO gapps_accounts
391 SET l_userid = {?},
392 l_sync_password = {?},
393 l_activate_mail_redirection = {?},
394 g_account_name = {?},
395 g_first_name = {?},
396 g_last_name = {?},
397 g_status = 'unprovisioned'",
398 $this->user->id(),
399 $password_sync,
400 $redirect_mails,
401 $this->g_account_name,
402 $prenom, $nom);
403
404 // Adds the creation job in the GApps queue.
405 $this->create_queue_job(
406 'u_create',
407 array(
408 'username' => $this->g_account_name,
409 'first_name' => $prenom,
410 'last_name' => $nom,
411 'password' => $password,
412 ));
413
414 // Updates the GoogleAppsAccount status.
415 $this->__construct($this->user);
416 }
417 }
418
419
420 // Returns the status of the Google Apps account for @p user, or false
421 // when no account exists.
422 static public function account_status($uid) {
423 $res = XDB::query(
424 "SELECT g_status
425 FROM gapps_accounts
426 WHERE l_userid = {?}", $uid);
427 return ($res->numRows() > 0 ? $res->fetchOneCell() : false);
428 }
429
430 // Returns true if the @p user is an administrator of the Google Apps domain.
431 static public function is_administrator($uid) {
432 $res = XDB::query(
433 "SELECT g_admin
434 FROM gapps_accounts
435 WHERE l_userid = {?} AND g_status = 'active'", $uid);
436 return ($res->numRows() > 0 ? (bool)$res->fetchOneCell() : false);
437 }
438 }
439
440 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
441 ?>
plat/al