[platal.git] / include / googleapps.inc.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2014 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

// Post-processes the successful Google Apps account creation queue job.
function post_queue_u_create($job) {
    global $globals;

    // Retrieves the user parameters (GoogleApps username and uid).
    $parameters = json_decode($job['j_parameters'], true);
    $username = isset($parameters['username']) ? $parameters['username'] : null;
    if (!($user = User::getSilent($username))) {
        return;
    }

    // Adds a redirection to the Google Apps delivery address, if requested by
    // the user at creation time.
    $account = new GoogleAppsAccount($user);
    if ($account->activate_mail_redirection) {
        require_once 'emails.inc.php';
        Email::activate_storage($user, 'googleapps');
    }

    // Sends the 'account created' email to the user, with basic documentation.
    $mailer = new PlMailer('googleapps/create.mail.tpl');
    $mailer->assign('account', $account);
    $mailer->assign('email', $user->bestEmail());
    $mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain);
    $mailer->assign('prenom', $user->displayName());
    $mailer->assign('sexe', $user->isFemale());
    $mailer->send();
}

// Post-processes the successful Google Apps account update queue job.
function post_queue_u_update($job) {
    global $globals;

    // If the u_update job was an unsuspend request, re-adds the redirection
    // to the Google Apps delivery address, provided the account is active (it might
    // have been deleted between the unsuspension and the post-queue processing).
    $parameters = json_decode($job['j_parameters'], true);
    $username = isset($parameters['username']) ? $parameters['username'] : null;
    if (!($user = User::getSilent($username))) {
        return;
    }

    if (isset($parameters['suspended']) && $parameters['suspended'] == false) {
        require_once 'emails.inc.php';
        $account = new GoogleAppsAccount($user);
        if ($account->active()) {
            // Re-adds the email redirection (if the user did request it).
            if ($account->activate_mail_redirection) {
                Email::activate_storage($user, 'googleapps');
            }

            // Sends an email to the account owner.
            $mailer = new PlMailer('googleapps/unsuspend.mail.tpl');
            $mailer->assign('account', $account);
            $mailer->assign('email', $user->bestEmail());
            $mailer->assign('prenom', $user->displayName());
            $mailer->assign('sexe', $user->isFemale());
            $mailer->send();
        }
    }
}

// Reprensentation of an SQL-stored Google Apps account.
// This class is the interface with the gappsd SQL tables: gappsd is the python
// daemon which deals with Google Apps provisioning APIs.
// TODO(vincent.zanotti): add the url of gappsd, when available.
class GoogleAppsAccount
{
    // User identification: user id, and hruid.
    private $user;
    public $g_account_name;

    // Local account parameters.
    public $sync_password;
    public $activate_mail_redirection;

    // Account status, obtained from Google Apps provisioning & reporting APIs.
    public $g_account_id;
    public $g_status;
    public $g_suspension;
    public $r_disk_usage;
    public $r_creation;
    public $r_last_login;
    public $r_last_webmail;
    public $reporting_date;

    // Nicknames (aliases) registered for that user, lazily loaded.
    public $nicknames;

    // Pending requests in the gappsd job queue (cf. top note).
    public $pending_create;
    public $pending_delete;
    public $pending_update;
    public $pending_update_admin;
    public $pending_update_other;
    public $pending_update_password;
    public $pending_update_suspension;

    // Pending requests in plat/al validation queue.
    public $pending_validation_unsuspend;

    // Constructs the account object, by retrieving all informations from the
    // GApps account table, from GApps job queue, and from plat/al validation queue.
    public function __construct(User $user)
    {
        $this->user = &$user;
        if (!$this->user || !$this->user->login()) {
            return;
        }

        // TODO: switch to multi-domain Google Apps, and use $this->user->forlifeEmail()
        // as Google Apps idenfiant (requires changes in gappsd).
        $this->g_account_name = $this->user->login();
        $this->g_status = NULL;

        $res = XDB::query(
            "SELECT  l_sync_password, l_activate_mail_redirection,
                     g_account_name, g_account_id, g_status, g_suspension, r_disk_usage,
                     UNIX_TIMESTAMP(r_creation) as r_creation,
                     UNIX_TIMESTAMP(r_last_login) as r_last_login,
                     UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail
               FROM  gapps_accounts
              WHERE  g_account_name = {?}", $this->g_account_name);
        if ($account = $res->fetchOneAssoc()) {
            $this->sync_password = $account['l_sync_password'];
            $this->activate_mail_redirection = $account['l_activate_mail_redirection'];
            $this->g_account_id = $account['g_account_id'];
            $this->g_status = $account['g_status'];
            $this->g_suspension = $account['g_suspension'];
            $this->r_disk_usage = $account['r_disk_usage'];
            $this->r_creation = $account['r_creation'];
            $this->r_last_login = $account['r_last_webmail'];
            $this->r_last_webmail = $account['r_last_webmail'];

            $this->load_pending_counts();
            $this->load_pending_validations();
            if ($this->pending_update) {
                $this->load_pending_updates();
            }

            $res = XDB::query("SELECT MAX(date) FROM gapps_reporting");
            $this->reporting_date = $res->fetchOneCell();
        }
    }

    // Determines if changes to the Google Account are currently waiting in the
    // GApps job queue, and initializes the local values accordingly.
    private function load_pending_counts()
    {
        $res = XDB::query(
            "SELECT  SUM(j_type = 'u_create') AS pending_create,
                     SUM(j_type = 'u_update') AS pending_update,
                     SUM(j_type = 'u_delete') AS pending_delete
               FROM  gapps_queue
              WHERE  q_recipient_id = {?} AND
                     p_status IN ('idle', 'active', 'softfail')
           GROUP BY  j_type", $this->user->id());
        $pending = $res->fetchOneAssoc();
        $this->pending_create = $pending['pending_create'];
        $this->pending_update = $pending['pending_update'];
        $this->pending_delete = $pending['pending_delete'];

        $this->pending_update_admin = false;
        $this->pending_update_other = false;
        $this->pending_update_password = false;
        $this->pending_update_suspension = false;
    }

    // Checks for unsuspend requests waiting for validation in plat/al
    // validation queue.
    private function load_pending_validations()
    {
        $this->pending_validation_unsuspend =
            Validate::get_typed_requests_count($this->user->id(), 'gapps-unsuspend');
    }

    // Retrieves all the pending update job in the gappsd queue for the current
    // user, and analyzes the scope of the update (ie. the fields in the user
    // account which are going to be updated).
    private function load_pending_updates()
    {
        $res = XDB::iterator(
            "SELECT  j_parameters
               FROM  gapps_queue
              WHERE  q_recipient_id = {?} AND
                     p_status IN ('idle', 'active', 'softfail') AND
                     j_type = 'u_update'", $this->user->id());
        while ($update = $res->next()) {
            $update_data = json_decode($update["j_parameters"], true);

            if (isset($update_data["suspended"])) {
                $this->pending_update_suspension = true;
            } elseif (isset($update_data["password"])) {
                $this->pending_update_password = true;
            } elseif (isset($update_data["admin"])) {
                $this->pending_update_admin = true;
            } else {
                $this->pending_update_other = true;
            }
        }
    }

    // Creates a queue job of the @p type, for the user represented by this
    // GoogleAppsAccount object, using @p parameters. @p parameters is supposed
    // to be a one-dimension array of key-value mappings.
    // The created job as a 'immediate' priority, and is scheduled for immediate
    // execution.
    private function create_queue_job($type, $parameters) {
        $parameters["username"] = $this->g_account_name;
        XDB::execute(
            "INSERT  INTO gapps_queue
                SET  q_owner_id = {?}, q_recipient_id = {?},
                     p_entry_date = NOW(), p_notbefore_date = NOW(),
                     p_priority = 'immediate',
                     j_type = {?}, j_parameters = {?}",
            S::v('uid'),
            $this->user->id(),
            $type,
            json_encode($parameters));
    }


    // Returns true if the account is currently active.
    public function active()
    {
        return $this->g_status == 'active';
    }

    // Returns true if the account exists in Google Apps.
    public function provisioned()
    {
        return $this->g_status == 'active' or $this->g_status == 'disabled';
    }

    // Returns true if the account exists, but cannot be used (user-requested
    // suspension, or Google-requested suspension).
    public function suspended()
    {
        return $this->g_status == 'disabled';
    }

    // Loads and returns the list of nicknames for the user.
    public function nicknames()
    {
        if ($this->nicknames == null) {
            $res = XDB::query(
                "SELECT  g_nickname
                   FROM  gapps_nicknames
                  WHERE  g_account_name = {?}
               ORDER BY  g_nickname",
                $this->g_account_name);
            $this->nicknames = $res->fetchColumn();
        }
        return $this->nicknames;
    }


    // Changes the GoogleApps password.
    public function set_password($password) {
        if (!$this->provisioned()) {
            return;
        }

        if (!$this->pending_update_password) {
            $this->create_queue_job('u_update', array('password' => $password));
            $this->pending_update_password = true;
        }
    }


    // Changes the password synchronization status ("sync = true" means that the
    // Polytechnique.org password will be replicated to the Google Apps account).
    public function set_password_sync($sync) {
        if (!$this->provisioned()) {
            return;
        }

        $this->sync_password = $sync;
        XDB::execute(
            "UPDATE  gapps_accounts
                SET  l_sync_password = {?}
              WHERE  g_account_name = {?}",
            $sync,
            $this->g_account_name);
    }

    // Suspends the Google Apps account.
    public function suspend() {
        if (!$this->provisioned()) {
            return;
        }

        if (!$this->pending_update_suspension) {
            $this->create_queue_job('u_update', array('suspended' => true));
            $this->pending_update_suspension = true;
            XDB::execute(
                "UPDATE  gapps_accounts
                    SET  g_status = 'disabled'
                  WHERE  g_account_name = {?} AND g_status = 'active'",
                $this->g_account_name);
        }
    }

    // Adds an unsuspension request to the validation queue (used on user-request).
    public function unsuspend($activate_mail_redirection = NULL) {
        if (!$this->provisioned()) {
            return;
        }
        if ($activate_mail_redirection !== NULL) {
            $this->activate_mail_redirection = $activate_mail_redirection;
            XDB::execute(
                "UPDATE  gapps_accounts
                    SET  l_activate_mail_redirection = {?}
                  WHERE  g_account_name = {?}",
                $activate_mail_redirection,
                $this->g_account_name);
        }

        if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) {
            $unsuspend = new GoogleAppsUnsuspendReq($this->user);
            $unsuspend->submit();
            $this->pending_validation_unsuspend = true;
        }
    }

    // Unsuspends the Google Apps account (used on admin-request, or on validation of
    // an user-request).
    public function do_unsuspend() {
        if (!$this->provisioned()) {
            return;
        }

        if (!$this->pending_update_suspension) {
            if ($this->sync_password) {
                $this->create_queue_job('u_update', array('suspended' => false, 'password' => $this->user->password()));
            } else {
                $this->create_queue_job('u_update', array('suspended' => false));
            }
            $this->pending_update_suspension = true;
            return true;
        }
        return false;
    }

    // Creates a new Google Apps account with the @p local parameters.
    public function create($password_sync, $password, $redirect_mails)
    {
        if ($this->g_status != NULL) {
            return;
        }

        if (!$this->pending_create) {
            // Retrieves information on the new account.
            if (!$this->user->hasProfile()) {
                $prenom = $this->user->displayName();
                $nom    = $this->user->fullName();
            } else {
                $prenom = $this->user->profile()->firstName();
                $nom    = $this->user->profile()->lastName();
            }

            // Adds an 'unprovisioned' entry in the gapps_accounts table.
            XDB::execute(
                "INSERT  INTO gapps_accounts
                    SET  l_userid = {?},
                         l_sync_password = {?},
                         l_activate_mail_redirection = {?},
                         g_account_name = {?},
                         g_first_name = {?},
                         g_last_name = {?},
                         g_status = 'unprovisioned'",
                $this->user->id(),
                $password_sync,
                $redirect_mails,
                $this->g_account_name,
                $prenom, $nom);

            // Adds the creation job in the GApps queue.
            $this->create_queue_job(
                'u_create',
                array(
                    'username' => $this->g_account_name,
                    'first_name' => $prenom,
                    'last_name' => $nom,
                    'password' => $password,
                ));

            // Updates the GoogleAppsAccount status.
            $this->__construct($this->user);
        }
    }


    // Returns the status of the Google Apps account for @p user, or false
    // when no account exists.
    static public function account_status($uid) {
        $res = XDB::query(
            "SELECT  g_status
               FROM  gapps_accounts
              WHERE  l_userid = {?}", $uid);
        return ($res->numRows() > 0 ? $res->fetchOneCell() : false);
    }

    // Returns true if the @p user is an administrator of the Google Apps domain.
    static public function is_administrator($uid) {
        $res = XDB::query(
            "SELECT  g_admin
               FROM  gapps_accounts
              WHERE  l_userid = {?} AND g_status = 'active'", $uid);
        return ($res->numRows() > 0 ? (bool)$res->fetchOneCell() : false);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8:
?>
Commit	Line	Data
bb0727ea VZ	1	<?php
bb0727ea VZ	2	/***************************************************************************
c441aabe	3	* Copyright (C) 2003-2014 Polytechnique.org *
bb0727ea VZ	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
f5c4bf30	22	// Post-processes the successful Google Apps account creation queue job.
bb0727ea VZ	23	function post_queue_u_create($job) {
	24	global $globals;
	25
1bf36cd1	26	// Retrieves the user parameters (GoogleApps username and uid).
bb0727ea	27	$parameters = json_decode($job['j_parameters'], true);
d56cb887 VZ	28	$username = isset($parameters['username']) ? $parameters['username'] : null;
d56cb887 VZ	29	if (!($user = User::getSilent($username))) {
bb0727ea VZ	30	return;
	31	}
	32
f5c4bf30 VZ	33	// Adds a redirection to the Google Apps delivery address, if requested by
f5c4bf30 VZ	34	// the user at creation time.
d56cb887	35	$account = new GoogleAppsAccount($user);
bb0727ea	36	if ($account->activate_mail_redirection) {
b4503762 SJ	37	require_once 'emails.inc.php';
b4503762 SJ	38	Email::activate_storage($user, 'googleapps');
bb0727ea VZ	39	}
bb0727ea VZ	40
f5c4bf30	41	// Sends the 'account created' email to the user, with basic documentation.
bb0727ea VZ	42	$mailer = new PlMailer('googleapps/create.mail.tpl');
bb0727ea VZ	43	$mailer->assign('account', $account);
d56cb887	44	$mailer->assign('email', $user->bestEmail());
bb0727ea	45	$mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain);
35accc05 FB	46	$mailer->assign('prenom', $user->displayName());
35accc05 FB	47	$mailer->assign('sexe', $user->isFemale());
bb0727ea VZ	48	$mailer->send();
	49	}
	50
f5c4bf30	51	// Post-processes the successful Google Apps account update queue job.
bb0727ea VZ	52	function post_queue_u_update($job) {
	53	global $globals;
	54
	55	// If the u_update job was an unsuspend request, re-adds the redirection
	56	// to the Google Apps delivery address, provided the account is active (it might
	57	// have been deleted between the unsuspension and the post-queue processing).
	58	$parameters = json_decode($job['j_parameters'], true);
d56cb887 VZ	59	$username = isset($parameters['username']) ? $parameters['username'] : null;
d56cb887 VZ	60	if (!($user = User::getSilent($username))) {
bb0727ea VZ	61	return;
	62	}
	63
	64	if (isset($parameters['suspended']) && $parameters['suspended'] == false) {
b4503762	65	require_once 'emails.inc.php';
d56cb887	66	$account = new GoogleAppsAccount($user);
f5c4bf30	67	if ($account->active()) {
bb0727ea VZ	68	// Re-adds the email redirection (if the user did request it).
bb0727ea VZ	69	if ($account->activate_mail_redirection) {
b4503762	70	Email::activate_storage($user, 'googleapps');
bb0727ea VZ	71	}
	72
	73	// Sends an email to the account owner.
bb0727ea VZ	74	$mailer = new PlMailer('googleapps/unsuspend.mail.tpl');
bb0727ea VZ	75	$mailer->assign('account', $account);
d56cb887	76	$mailer->assign('email', $user->bestEmail());
35accc05 FB	77	$mailer->assign('prenom', $user->displayName());
35accc05 FB	78	$mailer->assign('sexe', $user->isFemale());
bb0727ea VZ	79	$mailer->send();
	80	}
	81	}
	82	}
	83
	84	// Reprensentation of an SQL-stored Google Apps account.
f5c4bf30 VZ	85	// This class is the interface with the gappsd SQL tables: gappsd is the python
	86	// daemon which deals with Google Apps provisioning APIs.
	87	// TODO(vincent.zanotti): add the url of gappsd, when available.
bb0727ea VZ	88	class GoogleAppsAccount
bb0727ea VZ	89	{
90c614cd	90	// User identification: user id, and hruid.
d56cb887	91	private $user;
bb0727ea VZ	92	public $g_account_name;
bb0727ea VZ	93
f5c4bf30	94	// Local account parameters.
bb0727ea VZ	95	public $sync_password;
bb0727ea VZ	96	public $activate_mail_redirection;
f5c4bf30 VZ	97
f5c4bf30 VZ	98	// Account status, obtained from Google Apps provisioning & reporting APIs.
0089e594	99	public $g_account_id;
bb0727ea VZ	100	public $g_status;
	101	public $g_suspension;
	102	public $r_disk_usage;
	103	public $r_creation;
	104	public $r_last_login;
	105	public $r_last_webmail;
	106	public $reporting_date;
	107
0536df80 VZ	108	// Nicknames (aliases) registered for that user, lazily loaded.
	109	public $nicknames;
	110
f5c4bf30	111	// Pending requests in the gappsd job queue (cf. top note).
bb0727ea VZ	112	public $pending_create;
	113	public $pending_delete;
	114	public $pending_update;
	115	public $pending_update_admin;
	116	public $pending_update_other;
	117	public $pending_update_password;
	118	public $pending_update_suspension;
	119
f5c4bf30	120	// Pending requests in plat/al validation queue.
bb0727ea VZ	121	public $pending_validation_unsuspend;
bb0727ea VZ	122
f5c4bf30 VZ	123	// Constructs the account object, by retrieving all informations from the
f5c4bf30 VZ	124	// GApps account table, from GApps job queue, and from plat/al validation queue.
26ba053e	125	public function __construct(User $user)
bb0727ea	126	{
d56cb887 VZ	127	$this->user = &$user;
	128	if (!$this->user \|\| !$this->user->login()) {
	129	return;
f5c4bf30 VZ	130	}
f5c4bf30 VZ	131
d56cb887 VZ	132	// TODO: switch to multi-domain Google Apps, and use $this->user->forlifeEmail()
	133	// as Google Apps idenfiant (requires changes in gappsd).
	134	$this->g_account_name = $this->user->login();
bb0727ea VZ	135	$this->g_status = NULL;
	136
	137	$res = XDB::query(
	138	"SELECT l_sync_password, l_activate_mail_redirection,
0089e594	139	g_account_name, g_account_id, g_status, g_suspension, r_disk_usage,
bb0727ea VZ	140	UNIX_TIMESTAMP(r_creation) as r_creation,
	141	UNIX_TIMESTAMP(r_last_login) as r_last_login,
	142	UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail
	143	FROM gapps_accounts
d56cb887	144	WHERE g_account_name = {?}", $this->g_account_name);
bb0727ea VZ	145	if ($account = $res->fetchOneAssoc()) {
	146	$this->sync_password = $account['l_sync_password'];
	147	$this->activate_mail_redirection = $account['l_activate_mail_redirection'];
0089e594	148	$this->g_account_id = $account['g_account_id'];
bb0727ea VZ	149	$this->g_status = $account['g_status'];
	150	$this->g_suspension = $account['g_suspension'];
	151	$this->r_disk_usage = $account['r_disk_usage'];
	152	$this->r_creation = $account['r_creation'];
	153	$this->r_last_login = $account['r_last_webmail'];
	154	$this->r_last_webmail = $account['r_last_webmail'];
	155
	156	$this->load_pending_counts();
	157	$this->load_pending_validations();
	158	if ($this->pending_update) {
	159	$this->load_pending_updates();
	160	}
	161
	162	$res = XDB::query("SELECT MAX(date) FROM gapps_reporting");
	163	$this->reporting_date = $res->fetchOneCell();
	164	}
	165	}
	166
f5c4bf30 VZ	167	// Determines if changes to the Google Account are currently waiting in the
f5c4bf30 VZ	168	// GApps job queue, and initializes the local values accordingly.
bb0727ea VZ	169	private function load_pending_counts()
bb0727ea VZ	170	{
bb0727ea VZ	171	$res = XDB::query(
	172	"SELECT SUM(j_type = 'u_create') AS pending_create,
	173	SUM(j_type = 'u_update') AS pending_update,
	174	SUM(j_type = 'u_delete') AS pending_delete
	175	FROM gapps_queue
	176	WHERE q_recipient_id = {?} AND
	177	p_status IN ('idle', 'active', 'softfail')
d56cb887	178	GROUP BY j_type", $this->user->id());
bb0727ea VZ	179	$pending = $res->fetchOneAssoc();
	180	$this->pending_create = $pending['pending_create'];
	181	$this->pending_update = $pending['pending_update'];
	182	$this->pending_delete = $pending['pending_delete'];
	183
	184	$this->pending_update_admin = false;
	185	$this->pending_update_other = false;
	186	$this->pending_update_password = false;
	187	$this->pending_update_suspension = false;
	188	}
	189
f5c4bf30 VZ	190	// Checks for unsuspend requests waiting for validation in plat/al
f5c4bf30 VZ	191	// validation queue.
bb0727ea VZ	192	private function load_pending_validations()
bb0727ea VZ	193	{
bb0727ea	194	$this->pending_validation_unsuspend =
d56cb887	195	Validate::get_typed_requests_count($this->user->id(), 'gapps-unsuspend');
bb0727ea VZ	196	}
bb0727ea VZ	197
f5c4bf30 VZ	198	// Retrieves all the pending update job in the gappsd queue for the current
	199	// user, and analyzes the scope of the update (ie. the fields in the user
	200	// account which are going to be updated).
bb0727ea VZ	201	private function load_pending_updates()
bb0727ea VZ	202	{
bb0727ea VZ	203	$res = XDB::iterator(
	204	"SELECT j_parameters
	205	FROM gapps_queue
	206	WHERE q_recipient_id = {?} AND
	207	p_status IN ('idle', 'active', 'softfail') AND
d56cb887	208	j_type = 'u_update'", $this->user->id());
bb0727ea VZ	209	while ($update = $res->next()) {
	210	$update_data = json_decode($update["j_parameters"], true);
	211
	212	if (isset($update_data["suspended"])) {
	213	$this->pending_update_suspension = true;
	214	} elseif (isset($update_data["password"])) {
	215	$this->pending_update_password = true;
	216	} elseif (isset($update_data["admin"])) {
	217	$this->pending_update_admin = true;
	218	} else {
	219	$this->pending_update_other = true;
	220	}
	221	}
	222	}
	223
	224	// Creates a queue job of the @p type, for the user represented by this
f5c4bf30 VZ	225	// GoogleAppsAccount object, using @p parameters. @p parameters is supposed
f5c4bf30 VZ	226	// to be a one-dimension array of key-value mappings.
d93451de	227	// The created job as a 'immediate' priority, and is scheduled for immediate
f5c4bf30	228	// execution.
bb0727ea VZ	229	private function create_queue_job($type, $parameters) {
	230	$parameters["username"] = $this->g_account_name;
	231	XDB::execute(
	232	"INSERT INTO gapps_queue
	233	SET q_owner_id = {?}, q_recipient_id = {?},
	234	p_entry_date = NOW(), p_notbefore_date = NOW(),
d93451de	235	p_priority = 'immediate',
bb0727ea VZ	236	j_type = {?}, j_parameters = {?}",
bb0727ea VZ	237	S::v('uid'),
d56cb887	238	$this->user->id(),
bb0727ea VZ	239	$type,
	240	json_encode($parameters));
	241	}
	242
f5c4bf30 VZ	243
	244	// Returns true if the account is currently active.
	245	public function active()
	246	{
	247	return $this->g_status == 'active';
	248	}
	249
	250	// Returns true if the account exists in Google Apps.
	251	public function provisioned()
	252	{
	253	return $this->g_status == 'active' or $this->g_status == 'disabled';
	254	}
	255
	256	// Returns true if the account exists, but cannot be used (user-requested
	257	// suspension, or Google-requested suspension).
	258	public function suspended()
	259	{
	260	return $this->g_status == 'disabled';
	261	}
	262
0536df80 VZ	263	// Loads and returns the list of nicknames for the user.
	264	public function nicknames()
	265	{
	266	if ($this->nicknames == null) {
	267	$res = XDB::query(
	268	"SELECT g_nickname
	269	FROM gapps_nicknames
	270	WHERE g_account_name = {?}
	271	ORDER BY g_nickname",
	272	$this->g_account_name);
	273	$this->nicknames = $res->fetchColumn();
	274	}
	275	return $this->nicknames;
	276	}
	277
f5c4bf30	278
bb0727ea VZ	279	// Changes the GoogleApps password.
bb0727ea VZ	280	public function set_password($password) {
f5c4bf30	281	if (!$this->provisioned()) {
bb0727ea VZ	282	return;
	283	}
	284
	285	if (!$this->pending_update_password) {
	286	$this->create_queue_job('u_update', array('password' => $password));
d73f885f	287	$this->pending_update_password = true;
bb0727ea VZ	288	}
	289	}
	290
f5c4bf30	291
bb0727ea VZ	292	// Changes the password synchronization status ("sync = true" means that the
	293	// Polytechnique.org password will be replicated to the Google Apps account).
	294	public function set_password_sync($sync) {
f5c4bf30	295	if (!$this->provisioned()) {
bb0727ea VZ	296	return;
	297	}
	298
	299	$this->sync_password = $sync;
	300	XDB::execute(
	301	"UPDATE gapps_accounts
	302	SET l_sync_password = {?}
	303	WHERE g_account_name = {?}",
	304	$sync,
	305	$this->g_account_name);
	306	}
	307
	308	// Suspends the Google Apps account.
	309	public function suspend() {
f5c4bf30	310	if (!$this->provisioned()) {
bb0727ea VZ	311	return;
	312	}
	313
	314	if (!$this->pending_update_suspension) {
	315	$this->create_queue_job('u_update', array('suspended' => true));
	316	$this->pending_update_suspension = true;
5656271f VZ	317	XDB::execute(
	318	"UPDATE gapps_accounts
	319	SET g_status = 'disabled'
	320	WHERE g_account_name = {?} AND g_status = 'active'",
	321	$this->g_account_name);
bb0727ea VZ	322	}
	323	}
	324
	325	// Adds an unsuspension request to the validation queue (used on user-request).
	326	public function unsuspend($activate_mail_redirection = NULL) {
f5c4bf30	327	if (!$this->provisioned()) {
bb0727ea VZ	328	return;
	329	}
	330	if ($activate_mail_redirection !== NULL) {
	331	$this->activate_mail_redirection = $activate_mail_redirection;
	332	XDB::execute(
	333	"UPDATE gapps_accounts
	334	SET l_activate_mail_redirection = {?}
	335	WHERE g_account_name = {?}",
f5c4bf30 VZ	336	$activate_mail_redirection,
f5c4bf30 VZ	337	$this->g_account_name);
bb0727ea VZ	338	}
	339
	340	if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) {
5daf68f6	341	$unsuspend = new GoogleAppsUnsuspendReq($this->user);
bb0727ea VZ	342	$unsuspend->submit();
	343	$this->pending_validation_unsuspend = true;
	344	}
	345	}
	346
	347	// Unsuspends the Google Apps account (used on admin-request, or on validation of
	348	// an user-request).
	349	public function do_unsuspend() {
f5c4bf30	350	if (!$this->provisioned()) {
bb0727ea VZ	351	return;
	352	}
	353
	354	if (!$this->pending_update_suspension) {
	355	if ($this->sync_password) {
7679a55a	356	$this->create_queue_job('u_update', array('suspended' => false, 'password' => $this->user->password()));
bb0727ea VZ	357	} else {
	358	$this->create_queue_job('u_update', array('suspended' => false));
	359	}
	360	$this->pending_update_suspension = true;
	361	return true;
	362	}
	363	return false;
	364	}
	365
f5c4bf30	366	// Creates a new Google Apps account with the @p local parameters.
38c6fe96 FB	367	public function create($password_sync, $password, $redirect_mails)
38c6fe96 FB	368	{
bb0727ea VZ	369	if ($this->g_status != NULL) {
	370	return;
	371	}
	372
	373	if (!$this->pending_create) {
	374	// Retrieves information on the new account.
80fc062d SJ	375	if (!$this->user->hasProfile()) {
	376	$prenom = $this->user->displayName();
	377	$nom = $this->user->fullName();
0c1e3a66	378	} else {
80fc062d SJ	379	$prenom = $this->user->profile()->firstName();
80fc062d SJ	380	$nom = $this->user->profile()->lastName();
0c1e3a66	381	}
bb0727ea	382
f5c4bf30	383	// Adds an 'unprovisioned' entry in the gapps_accounts table.
bb0727ea VZ	384	XDB::execute(
	385	"INSERT INTO gapps_accounts
	386	SET l_userid = {?},
	387	l_sync_password = {?},
	388	l_activate_mail_redirection = {?},
	389	g_account_name = {?},
	390	g_first_name = {?},
	391	g_last_name = {?},
	392	g_status = 'unprovisioned'",
d56cb887	393	$this->user->id(),
bb0727ea VZ	394	$password_sync,
	395	$redirect_mails,
	396	$this->g_account_name,
0c1e3a66	397	$prenom, $nom);
bb0727ea VZ	398
	399	// Adds the creation job in the GApps queue.
	400	$this->create_queue_job(
	401	'u_create',
	402	array(
	403	'username' => $this->g_account_name,
	404	'first_name' => $prenom,
0c1e3a66	405	'last_name' => $nom,
bb0727ea VZ	406	'password' => $password,
	407	));
	408
	409	// Updates the GoogleAppsAccount status.
d56cb887	410	$this->__construct($this->user);
bb0727ea VZ	411	}
bb0727ea VZ	412	}
f5c4bf30 VZ	413
	414
	415	// Returns the status of the Google Apps account for @p user, or false
	416	// when no account exists.
	417	static public function account_status($uid) {
	418	$res = XDB::query(
	419	"SELECT g_status
	420	FROM gapps_accounts
	421	WHERE l_userid = {?}", $uid);
	422	return ($res->numRows() > 0 ? $res->fetchOneCell() : false);
	423	}
	424
	425	// Returns true if the @p user is an administrator of the Google Apps domain.
	426	static public function is_administrator($uid) {
	427	$res = XDB::query(
	428	"SELECT g_admin
	429	FROM gapps_accounts
	430	WHERE l_userid = {?} AND g_status = 'active'", $uid);
4b67332c	431	return ($res->numRows() > 0 ? (bool)$res->fetchOneCell() : false);
f5c4bf30	432	}
bb0727ea VZ	433	}
bb0727ea VZ	434
448c8cdc	435	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8:
bb0727ea	436	?>