From 6720c9511d2a00b0d779d5961e6336e9863dc893 Mon Sep 17 00:00:00 2001 From: Raphael Heer Date: Thu, 1 Sep 2022 12:02:30 +0200 Subject: [PATCH 1/2] Added filter for lockdown accounts (new API field was added) --- .../communication/interface_models/EventoUser.php | 8 ++++++++ .../interface_models/JSONDataValidator.php | 12 ++++-------- classes/import/Logger.php | 4 ++++ classes/import/UserImportTask.php | 14 ++++++++++++-- 4 files changed, 28 insertions(+), 10 deletions(-) diff --git a/classes/communication/interface_models/EventoUser.php b/classes/communication/interface_models/EventoUser.php index 2dc9a16..c565125 100644 --- a/classes/communication/interface_models/EventoUser.php +++ b/classes/communication/interface_models/EventoUser.php @@ -13,6 +13,7 @@ class EventoUser extends ApiDataModelBase const JSON_EMAIL_2 = 'email2'; const JSON_EMAIL_3 = 'email3'; const JSON_ROLES = 'roles'; + const JSON_IS_LOCKDOWN_ACCOUNT = 'isLockdownAccount'; private ?int $evento_id; private ?string $last_name; @@ -21,6 +22,7 @@ class EventoUser extends ApiDataModelBase private ?string $login_name; private ?array $email_list; private ?array $roles; + private ?bool $is_lockdown_account; public function __construct(array $data_set) { @@ -31,6 +33,7 @@ public function __construct(array $data_set) $this->login_name = $this->validateAndReturnString($data_set, self::JSON_LOGIN_NAME); $this->email_list = $this->validateCombineAndReturnListOfNonEmptyStrings($data_set, [self::JSON_EMAIL, self::JSON_EMAIL_2, self::JSON_EMAIL_3], false); $this->roles = $this->validateAndReturnArray($data_set, self::JSON_ROLES); + $this->is_lockdown_account = $this->validateAndReturnBoolean($data_set, self::JSON_IS_LOCKDOWN_ACCOUNT, false, false) ?? false; $this->decoded_api_data = $data_set; $this->checkErrorsAndMaybeThrowException(); @@ -71,6 +74,11 @@ public function getRoles() : array return $this->roles; } + public function isLockdownAccount() : bool + { + return $this->is_lockdown_account; + } + public function getDecodedApiData() : array { return $this->decoded_api_data; diff --git a/classes/communication/interface_models/JSONDataValidator.php b/classes/communication/interface_models/JSONDataValidator.php index 9edc31b..65575b1 100644 --- a/classes/communication/interface_models/JSONDataValidator.php +++ b/classes/communication/interface_models/JSONDataValidator.php @@ -41,16 +41,12 @@ protected function validateAndReturnString(array $data_array, string $key) : ?st return $data_array[$key]; } - /** - * @param array $data_array - * @param string $key - * @param bool $as_string_possible - * @return bool|null - */ - protected function validateAndReturnBoolean(array $data_array, string $key, bool $as_string_possible = false) : ?bool + protected function validateAndReturnBoolean(array $data_array, string $key, bool $as_string_possible = false, bool $is_mandatory = true) : ?bool { if (!isset($data_array[$key])) { - $this->key_errors[$key] = 'Value not set'; + if ($is_mandatory) { + $this->key_errors[$key] = 'Value not set'; + } return null; } diff --git a/classes/import/Logger.php b/classes/import/Logger.php index 8fdef8f..2b17502 100644 --- a/classes/import/Logger.php +++ b/classes/import/Logger.php @@ -79,7 +79,11 @@ class Logger const CREVENTO_USR_UPDATED = 302; const CREVENTO_USR_RENAMED = 303; const CREVENTO_USR_CONVERTED = 304; + const CREVENTO_USR_LOCKDOWN = 305; + + const CREVENTO_USR_NOTICE_CONFLICT = 313; + const CREVENTO_USR_ERROR_ERROR = 324; const TABLE_LOG_USERS = 'crevento_log_users'; diff --git a/classes/import/UserImportTask.php b/classes/import/UserImportTask.php index e6c3dd4..f5a08b2 100644 --- a/classes/import/UserImportTask.php +++ b/classes/import/UserImportTask.php @@ -71,8 +71,18 @@ private function importNextUserPage() : void try { $evento_user = new EventoUser($data_set); - $action = $this->user_import_action_decider->determineImportAction($evento_user); - $action->executeAction(); + if ($evento_user->isLockdownAccount()) { + $this->evento_user_repo->deleteEventoIliasUserConnectionByEventoId($evento_user->getEventoId()); + $this->evento_logger->logUserImport( + Logger::CREVENTO_USR_LOCKDOWN, + $evento_user->getEventoId(), + $evento_user->getLoginName(), + ['api_data' => $evento_user->getDecodedApiData()] + ); + } else { + $action = $this->user_import_action_decider->determineImportAction($evento_user); + $action->executeAction(); + } } catch (\ilEventoImportApiDataException $e) { $data = $e->getApiData(); if (isset($data[EventoUser::JSON_ID])) { From 04892f9fb502a226e60df137d2479840294aaba1 Mon Sep 17 00:00:00 2001 From: Raphael Heer Date: Thu, 1 Sep 2022 12:17:12 +0200 Subject: [PATCH 2/2] Convert and deactivate lockdown account and remove from HLSU-Roles --- classes/import/UserImportTask.php | 25 +++++++++++++------ .../ilias_core_services/IliasUserServices.php | 13 ++++++++++ 2 files changed, 31 insertions(+), 7 deletions(-) diff --git a/classes/import/UserImportTask.php b/classes/import/UserImportTask.php index f5a08b2..a7b40da 100644 --- a/classes/import/UserImportTask.php +++ b/classes/import/UserImportTask.php @@ -72,13 +72,7 @@ private function importNextUserPage() : void $evento_user = new EventoUser($data_set); if ($evento_user->isLockdownAccount()) { - $this->evento_user_repo->deleteEventoIliasUserConnectionByEventoId($evento_user->getEventoId()); - $this->evento_logger->logUserImport( - Logger::CREVENTO_USR_LOCKDOWN, - $evento_user->getEventoId(), - $evento_user->getLoginName(), - ['api_data' => $evento_user->getDecodedApiData()] - ); + $this->handleDeliveredLockdownAccount($evento_user); } else { $action = $this->user_import_action_decider->determineImportAction($evento_user); $action->executeAction(); @@ -98,6 +92,23 @@ private function importNextUserPage() : void } } + private function handleDeliveredLockdownAccount(EventoUser $evento_user) + { + $ilias_user_id = $this->evento_user_repo->getIliasUserIdByEventoId($evento_user->getEventoId()); + $this->evento_user_repo->deleteEventoIliasUserConnectionByEventoId($evento_user->getEventoId()); + + if (!is_null($ilias_user_id)) { + $ilias_user_obj = $this->ilias_user_service->getExistingIliasUserObjectById($ilias_user_id); + $this->ilias_user_service->deactivateUserAccount($ilias_user_obj); + } + $this->evento_logger->logUserImport( + Logger::CREVENTO_USR_LOCKDOWN, + $evento_user->getEventoId(), + $evento_user->getLoginName(), + ['api_data' => $evento_user->getDecodedApiData()] + ); + } + /** * User accounts which are deleted by evento should either be converted to a local account (students) or deactivate (staff) * Since there is no "getDeletedAccounts"-Method anymore, this Plugin has to find those "not anymore imported"-users diff --git a/classes/import/data_management/ilias_core_services/IliasUserServices.php b/classes/import/data_management/ilias_core_services/IliasUserServices.php index f6981d0..a8d86e5 100644 --- a/classes/import/data_management/ilias_core_services/IliasUserServices.php +++ b/classes/import/data_management/ilias_core_services/IliasUserServices.php @@ -240,4 +240,17 @@ private function setUserTimeLimitsBelowThresholdToGivenValue(int $min_threshold_ . " WHERE DATEDIFF(FROM_UNIXTIME(time_limit_until),create_date)< " . $this->db->quote($min_threshold_in_days, \ilDBConstants::T_INTEGER); $this->db->manipulate($q); } + + public function deactivateUserAccount(\ilObjUser $ilias_user) + { + // Deassign user from HSLU roles + foreach ($this->user_settings->getEventoCodeToIliasRoleMapping() as $evento_role_code => $ilias_role_id) { + $this->deassignUserFromRole($ilias_user->getId, $ilias_role_id); + } + + // Set user auth mode to default (local auth) and set expiration date to now + $ilias_user->setAuthMode('local'); + $ilias_user->setTimeLimitUntil($this->user_settings->getNow()->getTimestamp()); // Set user expiration date to now + $ilias_user->update(); + } }