projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fixes "googleapps administrator" status determination.
[platal.git] / include / googleapps.inc.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2008 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 // Post-processes the successful Google Apps account creation queue job.
23 function post_queue_u_create($job) {
24 global $globals;
25
26 // Retrieves the user parameters (userid and forlife).
27 $parameters = json_decode($job['j_parameters'], true);
28 $forlife = isset($parameters['username']) ? $parameters['username'] : null;
29 $userid = $job['q_recipient_id'];
30 if (!$forlife || !$userid) {
31 return;
32 }
33
34 // Adds a redirection to the Google Apps delivery address, if requested by
35 // the user at creation time.
36 $account = new GoogleAppsAccount($userid, $forlife);
37 if ($account->activate_mail_redirection) {
38 require_once('emails.inc.php');
39 $storage = new EmailStorage($userid, 'googleapps');
40 $storage->activate();
41 }
42
43 // Sends the 'account created' email to the user, with basic documentation.
44 $res = XDB::query(
45 "SELECT FIND_IN_SET('femme', u.flags), prenom
46 FROM auth_user_md5 AS u
47 INNER JOIN aliases AS a ON (a.id = u.user_id)
48 WHERE a.alias = {?}",
49 $forlife);
50 list($sexe, $prenom) = $res->fetchOneRow();
51
52 $mailer = new PlMailer('googleapps/create.mail.tpl');
53 $mailer->assign('account', $account);
54 $mailer->assign('email', $forlife . '@' . $globals->mail->domain);
55 $mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain);
56 $mailer->assign('prenom', $prenom);
57 $mailer->assign('sexe', $sexe);
58 $mailer->send();
59 }
60
61 // Post-processes the successful Google Apps account update queue job.
62 function post_queue_u_update($job) {
63 global $globals;
64
65 // If the u_update job was an unsuspend request, re-adds the redirection
66 // to the Google Apps delivery address, provided the account is active (it might
67 // have been deleted between the unsuspension and the post-queue processing).
68 $parameters = json_decode($job['j_parameters'], true);
69 $forlife = isset($parameters['username']) ? $parameters['username'] : null;
70 $userid = $job['q_recipient_id'];
71 if (!$forlife || !$userid) {
72 return;
73 }
74
75 if (isset($parameters['suspended']) && $parameters['suspended'] == false) {
76 require_once('emails.inc.php');
77 $account = new GoogleAppsAccount($userid, $forlife);
78 if ($account->active()) {
79 // Re-adds the email redirection (if the user did request it).
80 if ($account->activate_mail_redirection) {
81 $storage = new EmailStorage($userid, 'googleapps');
82 $storage->activate();
83 }
84
85 // Sends an email to the account owner.
86 $res = XDB::query(
87 "SELECT FIND_IN_SET('femme', u.flags), prenom
88 FROM auth_user_md5 AS u
89 INNER JOIN aliases AS a ON (a.id = u.user_id)
90 WHERE a.alias = {?}",
91 $forlife);
92 list($sexe, $prenom) = $res->fetchOneRow();
93
94 $mailer = new PlMailer('googleapps/unsuspend.mail.tpl');
95 $mailer->assign('account', $account);
96 $mailer->assign('email', $forlife . '@' . $globals->mail->domain);
97 $mailer->assign('prenom', $prenom);
98 $mailer->assign('sexe', $sexe);
99 $mailer->send();
100 }
101 }
102 }
103
104 // Reprensentation of an SQL-stored Google Apps account.
105 // This class is the interface with the gappsd SQL tables: gappsd is the python
106 // daemon which deals with Google Apps provisioning APIs.
107 // TODO(vincent.zanotti): add the url of gappsd, when available.
108 class GoogleAppsAccount
109 {
110 // User identification: user id, and forlife.
111 private $uid;
112 public $g_account_name;
113
114 // Local account parameters.
115 public $sync_password;
116 public $activate_mail_redirection;
117
118 // Account status, obtained from Google Apps provisioning & reporting APIs.
119 public $g_account_id;
120 public $g_status;
121 public $g_suspension;
122 public $r_disk_usage;
123 public $r_creation;
124 public $r_last_login;
125 public $r_last_webmail;
126 public $reporting_date;
127
128 // Pending requests in the gappsd job queue (cf. top note).
129 public $pending_create;
130 public $pending_delete;
131 public $pending_update;
132 public $pending_update_admin;
133 public $pending_update_other;
134 public $pending_update_password;
135 public $pending_update_suspension;
136
137 // Pending requests in plat/al validation queue.
138 public $pending_validation_unsuspend;
139
140 // Constructs the account object, by retrieving all informations from the
141 // GApps account table, from GApps job queue, and from plat/al validation queue.
142 public function __construct($uid, $account_name = NULL)
143 {
144 if ($account_name == NULL) {
145 require_once 'user.func.inc.php';
146 $account_name = get_user_forlife($uid, '_silent_user_callback');
147 }
148
149 $this->uid = $uid;
150 $this->g_account_name = $account_name;
151 $this->g_status = NULL;
152
153 $res = XDB::query(
154 "SELECT l_sync_password, l_activate_mail_redirection,
155 g_account_name, g_account_id, g_status, g_suspension, r_disk_usage,
156 UNIX_TIMESTAMP(r_creation) as r_creation,
157 UNIX_TIMESTAMP(r_last_login) as r_last_login,
158 UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail
159 FROM gapps_accounts
160 WHERE g_account_name = {?}",
161 $account_name);
162 if ($account = $res->fetchOneAssoc()) {
163 $this->sync_password = $account['l_sync_password'];
164 $this->activate_mail_redirection = $account['l_activate_mail_redirection'];
165 $this->g_account_id = $account['g_account_id'];
166 $this->g_status = $account['g_status'];
167 $this->g_suspension = $account['g_suspension'];
168 $this->r_disk_usage = $account['r_disk_usage'];
169 $this->r_creation = $account['r_creation'];
170 $this->r_last_login = $account['r_last_webmail'];
171 $this->r_last_webmail = $account['r_last_webmail'];
172
173 $this->load_pending_counts();
174 $this->load_pending_validations();
175 if ($this->pending_update) {
176 $this->load_pending_updates();
177 }
178
179 $res = XDB::query("SELECT MAX(date) FROM gapps_reporting");
180 $this->reporting_date = $res->fetchOneCell();
181 }
182 }
183
184 // Determines if changes to the Google Account are currently waiting in the
185 // GApps job queue, and initializes the local values accordingly.
186 private function load_pending_counts()
187 {
188 $res = XDB::query(
189 "SELECT SUM(j_type = 'u_create') AS pending_create,
190 SUM(j_type = 'u_update') AS pending_update,
191 SUM(j_type = 'u_delete') AS pending_delete
192 FROM gapps_queue
193 WHERE q_recipient_id = {?} AND
194 p_status IN ('idle', 'active', 'softfail')
195 GROUP BY j_type",
196 $this->uid);
197 $pending = $res->fetchOneAssoc();
198 $this->pending_create = $pending['pending_create'];
199 $this->pending_update = $pending['pending_update'];
200 $this->pending_delete = $pending['pending_delete'];
201
202 $this->pending_update_admin = false;
203 $this->pending_update_other = false;
204 $this->pending_update_password = false;
205 $this->pending_update_suspension = false;
206 }
207
208 // Checks for unsuspend requests waiting for validation in plat/al
209 // validation queue.
210 private function load_pending_validations()
211 {
212 require_once('validations.inc.php');
213 $this->pending_validation_unsuspend =
214 Validate::get_typed_requests_count($this->uid, 'gapps-unsuspend');
215 }
216
217 // Retrieves all the pending update job in the gappsd queue for the current
218 // user, and analyzes the scope of the update (ie. the fields in the user
219 // account which are going to be updated).
220 private function load_pending_updates()
221 {
222 $res = XDB::iterator(
223 "SELECT j_parameters
224 FROM gapps_queue
225 WHERE q_recipient_id = {?} AND
226 p_status IN ('idle', 'active', 'softfail') AND
227 j_type = 'u_update'",
228 $this->uid);
229 while ($update = $res->next()) {
230 $update_data = json_decode($update["j_parameters"], true);
231
232 if (isset($update_data["suspended"])) {
233 $this->pending_update_suspension = true;
234 } elseif (isset($update_data["password"])) {
235 $this->pending_update_password = true;
236 } elseif (isset($update_data["admin"])) {
237 $this->pending_update_admin = true;
238 } else {
239 $this->pending_update_other = true;
240 }
241 }
242 }
243
244 // Creates a queue job of the @p type, for the user represented by this
245 // GoogleAppsAccount object, using @p parameters. @p parameters is supposed
246 // to be a one-dimension array of key-value mappings.
247 // The created job as a 'normal' priority, and is scheduled for immediate
248 // execution.
249 private function create_queue_job($type, $parameters) {
250 $parameters["username"] = $this->g_account_name;
251 XDB::execute(
252 "INSERT INTO gapps_queue
253 SET q_owner_id = {?}, q_recipient_id = {?},
254 p_entry_date = NOW(), p_notbefore_date = NOW(),
255 p_priority = 'normal',
256 j_type = {?}, j_parameters = {?}",
257 S::v('uid'),
258 $this->uid,
259 $type,
260 json_encode($parameters));
261 }
262
263
264 // Returns true if the account is currently active.
265 public function active()
266 {
267 return $this->g_status == 'active';
268 }
269
270 // Returns true if the account exists in Google Apps.
271 public function provisioned()
272 {
273 return $this->g_status == 'active' or $this->g_status == 'disabled';
274 }
275
276 // Returns true if the account exists, but cannot be used (user-requested
277 // suspension, or Google-requested suspension).
278 public function suspended()
279 {
280 return $this->g_status == 'disabled';
281 }
282
283
284 // Changes the GoogleApps password.
285 public function set_password($password) {
286 if (!$this->provisioned()) {
287 return;
288 }
289
290 if (!$this->pending_update_password) {
291 $this->create_queue_job('u_update', array('password' => $password));
292 $this->pending_update_password = true;
293 }
294 }
295
296
297 // Changes the password synchronization status ("sync = true" means that the
298 // Polytechnique.org password will be replicated to the Google Apps account).
299 public function set_password_sync($sync) {
300 if (!$this->provisioned()) {
301 return;
302 }
303
304 $this->sync_password = $sync;
305 XDB::execute(
306 "UPDATE gapps_accounts
307 SET l_sync_password = {?}
308 WHERE g_account_name = {?}",
309 $sync,
310 $this->g_account_name);
311 }
312
313 // Suspends the Google Apps account.
314 public function suspend() {
315 if (!$this->provisioned()) {
316 return;
317 }
318
319 if (!$this->pending_update_suspension) {
320 $this->create_queue_job('u_update', array('suspended' => true));
321 $this->pending_update_suspension = true;
322 XDB::execute(
323 "UPDATE gapps_accounts
324 SET g_status = 'disabled'
325 WHERE g_account_name = {?} AND g_status = 'active'",
326 $this->g_account_name);
327 }
328 }
329
330 // Adds an unsuspension request to the validation queue (used on user-request).
331 public function unsuspend($activate_mail_redirection = NULL) {
332 if (!$this->provisioned()) {
333 return;
334 }
335 if ($activate_mail_redirection !== NULL) {
336 $this->activate_mail_redirection = $activate_mail_redirection;
337 XDB::execute(
338 "UPDATE gapps_accounts
339 SET l_activate_mail_redirection = {?}
340 WHERE g_account_name = {?}",
341 $activate_mail_redirection,
342 $this->g_account_name);
343 }
344
345 if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) {
346 require_once('validations.inc.php');
347 $unsuspend = new GoogleAppsUnsuspendReq($this->uid);
348 $unsuspend->submit();
349 $this->pending_validation_unsuspend = true;
350 }
351 }
352
353 // Unsuspends the Google Apps account (used on admin-request, or on validation of
354 // an user-request).
355 public function do_unsuspend() {
356 if (!$this->provisioned()) {
357 return;
358 }
359
360 if (!$this->pending_update_suspension) {
361 if ($this->sync_password) {
362 $res = XDB::query(
363 "SELECT password
364 FROM auth_user_md5
365 WHERE user_id = {?}",
366 $this->uid);
367 $password = ($res->numRows() > 0 ? $res->fetchOneCell() : false);
368 } else {
369 $password = false;
370 }
371
372 if ($password) {
373 $this->create_queue_job('u_update', array('suspended' => false, 'password' => $password));
374 } else {
375 $this->create_queue_job('u_update', array('suspended' => false));
376 }
377 $this->pending_update_suspension = true;
378 return true;
379 }
380 return false;
381 }
382
383 // Creates a new Google Apps account with the @p local parameters.
384 public function create($password_sync, $password, $redirect_mails) {
385 if ($this->g_status != NULL) {
386 return;
387 }
388
389 if (!$this->pending_create) {
390 // Retrieves information on the new account.
391 $res = XDB::query(
392 "SELECT nom, nom_usage, prenom
393 FROM auth_user_md5
394 WHERE user_id = {?}",
395 $this->uid);
396 list($nom, $nom_usage, $prenom) = $res->fetchOneRow();
397
398 // Adds an 'unprovisioned' entry in the gapps_accounts table.
399 XDB::execute(
400 "INSERT INTO gapps_accounts
401 SET l_userid = {?},
402 l_sync_password = {?},
403 l_activate_mail_redirection = {?},
404 g_account_name = {?},
405 g_first_name = {?},
406 g_last_name = {?},
407 g_status = 'unprovisioned'",
408 $this->uid,
409 $password_sync,
410 $redirect_mails,
411 $this->g_account_name,
412 $prenom,
413 ($nom_usage ? $nom_usage : $nom));
414
415 // Adds the creation job in the GApps queue.
416 $this->create_queue_job(
417 'u_create',
418 array(
419 'username' => $this->g_account_name,
420 'first_name' => $prenom,
421 'last_name' => ($nom_usage ? $nom_usage : $nom),
422 'password' => $password,
423 ));
424
425 // Updates the GoogleAppsAccount status.
426 $this->__construct($this->uid, $this->g_account_name);
427 }
428 }
429
430
431 // Returns the status of the Google Apps account for @p user, or false
432 // when no account exists.
433 static public function account_status($uid) {
434 $res = XDB::query(
435 "SELECT g_status
436 FROM gapps_accounts
437 WHERE l_userid = {?}", $uid);
438 return ($res->numRows() > 0 ? $res->fetchOneCell() : false);
439 }
440
441 // Returns true if the @p user is an administrator of the Google Apps domain.
442 static public function is_administrator($uid) {
443 $res = XDB::query(
444 "SELECT g_admin
445 FROM gapps_accounts
446 WHERE l_userid = {?} AND g_status = 'active'", $uid);
447 return ($res->numRows() > 0 ? (bool)$res->fetchOneCell() : false);
448 }
449 }
450
451 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
452 ?>
plat/al