From 991c215b050da399477cca6fe6ad4c7d0c8b2f97 Mon Sep 17 00:00:00 2001 From: jerome Date: Mon, 16 Mar 2009 02:08:12 +0000 Subject: [PATCH] web service MDL-12886 specify params for update and delete user ws functions. Check that the user exists into update_user core function. --- user/external.php | 114 +++++++++++++++++-- user/lib.php | 275 ++++++++++++++++++++++++---------------------- 2 files changed, 243 insertions(+), 146 deletions(-) diff --git a/user/external.php b/user/external.php index bb4b0985a7..363d60c428 100644 --- a/user/external.php +++ b/user/external.php @@ -81,17 +81,69 @@ final class user_external { $userids = array(); foreach ($params as $userparams) { - $user = array(); - foreach (array_keys($userparams) as $key) { - $user[$key] = clean_param($userparams[$key], PARAM_ALPHANUMEXT); + $user = new stdClass(); + if (array_key_exists('email', $userparams)) { + $user->email = clean_param($userparams['email'], PARAM_NOTAGS); } - if (array_key_exists('email', $userparams)) { - $user['email'] = clean_param($userparams['email'], PARAM_NOTAGS); + if (array_key_exists('password', $userparams)) { + $user->password = clean_param($userparams['password'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('idnumber', $userparams)) { + $user->idnumber = clean_param($userparams['idnumber'], PARAM_ALPHANUMEXT); } if (array_key_exists('description', $userparams)) { - $user['description'] = clean_param($userparams['description'], PARAM_TEXT); + $user->description = clean_param($userparams['description'], PARAM_TEXT); + } + + if (array_key_exists('username', $userparams)) { + $user->username = clean_param($userparams['username'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('auth', $userparams)) { + $user->auth = clean_param($userparams['auth'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('confirmed', $userparams)) { + $user->confirmed = clean_param($userparams['confirmed'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('firstname', $userparams)) { + $user->firstname = clean_param($userparams['firstname'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('lastname', $userparams)) { + $user->lastname = clean_param($userparams['lastname'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('emailstop', $userparams)) { + $user->emailstop = clean_param($userparams['emailstop'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('lang', $userparams)) { + $user->lang = clean_param($userparams['lang'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('theme', $userparams)) { + $user->theme = clean_param($userparams['theme'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('timezone', $userparams)) { + $user->timezone = clean_param($userparams['timezone'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('city', $userparams)) { + $user->city = clean_param($userparams['city'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('country', $userparams)) { + $user->country = clean_param($userparams['country'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('mailformat', $userparams)) { + $user->mailformat = clean_param($userparams['mailformat'], PARAM_ALPHANUMEXT); } try { @@ -113,7 +165,6 @@ final class user_external { * @global object $DB * @param array|struct $params - need to be define as struct for XMLRPC * @subparam string $params:user->username - * @subparam integer $params:user->mnethostid * @return boolean result true if success */ static function tmp_delete_users($params) { @@ -146,7 +197,6 @@ final class user_external { * @global object $DB * @param array|struct $params - need to be define as struct for XMLRPC * @subparam string $params:user->username - * @subparam integer $params:user->mnethostid * @subparam string $params:user->newusername * @subparam string $params:user->firstname * @return boolean result true if success @@ -167,10 +217,6 @@ final class user_external { throw new moodle_exception('wscouldnotupdatenoexistinguser'); } - foreach (array_keys($userparams) as $key) { - $user->$key = clean_param($userparams[$key], PARAM_ALPHANUMEXT); - } - if (array_key_exists('email', $userparams)) { $user->email = clean_param($userparams['email'], PARAM_NOTAGS); } @@ -183,6 +229,50 @@ final class user_external { $user->username = clean_param($userparams['newusername'], PARAM_ALPHANUMEXT); } + if (array_key_exists('auth', $userparams)) { + $user->auth = clean_param($userparams['auth'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('confirmed', $userparams)) { + $user->confirmed = clean_param($userparams['confirmed'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('firstname', $userparams)) { + $user->firstname = clean_param($userparams['firstname'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('lastname', $userparams)) { + $user->lastname = clean_param($userparams['lastname'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('emailstop', $userparams)) { + $user->emailstop = clean_param($userparams['emailstop'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('lang', $userparams)) { + $user->lang = clean_param($userparams['lang'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('theme', $userparams)) { + $user->theme = clean_param($userparams['theme'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('timezone', $userparams)) { + $user->timezone = clean_param($userparams['timezone'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('city', $userparams)) { + $user->city = clean_param($userparams['city'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('country', $userparams)) { + $user->country = clean_param($userparams['country'], PARAM_ALPHANUMEXT); + } + + if (array_key_exists('mailformat', $userparams)) { + $user->mailformat = clean_param($userparams['mailformat'], PARAM_ALPHANUMEXT); + } + try { if( !tmp_update_user($user)) { $updatesuccessfull = false; diff --git a/user/lib.php b/user/lib.php index b4a8b2c672..32647c4779 100644 --- a/user/lib.php +++ b/user/lib.php @@ -1,164 +1,171 @@ search string A simple string to search for + * ->confirmed bool A switch to allow/disallow unconfirmed users + * ->exceptions array(int) A list of IDs to ignore, eg 2,4,5,8,9,10 + * ->firstinitial string ? + * ->lastinitial string ? + * @return array|false Array of {@link $USER} objects. False is returned if an error is encountered. */ +function tmp_get_users($sort='firstname ASC', $recordsperpage=999999, $page=0, $fields='*', $selectioncriteria=NULL) { + global $DB; - /** - * Returns a subset of users (DO NOT COUNT) - * @global object $DB - * @param string $sort A SQL snippet for the sorting criteria to use - * @param string $recordsperpage how many records do pages have - * @param string $page which page to return (starts from 0) - * @param string $fields A comma separated list of fields to be returned from the chosen table. - * @param object $selectioncriteria: - * ->search string A simple string to search for - * ->confirmed bool A switch to allow/disallow unconfirmed users - * ->exceptions array(int) A list of IDs to ignore, eg 2,4,5,8,9,10 - * ->firstinitial string ? - * ->lastinitial string ? - * @return array|false Array of {@link $USER} objects. False is returned if an error is encountered. - */ - function tmp_get_users($sort='firstname ASC', $recordsperpage=999999, $page=0, $fields='*', $selectioncriteria=NULL) { - global $DB; - - ///WS: convert array into an object - if (!empty($selectioncriteria) && is_array($selectioncriteria)) { - $selectioncriteria = (object) $selectioncriteria; - } + ///WS: convert array into an object + if (!empty($selectioncriteria) && is_array($selectioncriteria)) { + $selectioncriteria = (object) $selectioncriteria; + } - $LIKE = $DB->sql_ilike(); - $fullname = $DB->sql_fullname(); + $LIKE = $DB->sql_ilike(); + $fullname = $DB->sql_fullname(); - $select = " username <> :guest AND deleted = 0"; - $params = array('guest'=>'guest'); + $select = " username <> :guest AND deleted = 0"; + $params = array('guest'=>'guest'); - if (!empty($selectioncriteria->search)){ - $selectioncriteria->search = trim($selectioncriteria->search); - $select .= " AND ($fullname $LIKE :search1 OR email $LIKE :search2 OR username = :search3)"; - $params['search1'] = "%".$selectioncriteria->search."%"; - $params['search2'] = "%".$selectioncriteria->search."%"; - $params['search3'] = $selectioncriteria->search; - } + if (!empty($selectioncriteria->search)){ + $selectioncriteria->search = trim($selectioncriteria->search); + $select .= " AND ($fullname $LIKE :search1 OR email $LIKE :search2 OR username = :search3)"; + $params['search1'] = "%".$selectioncriteria->search."%"; + $params['search2'] = "%".$selectioncriteria->search."%"; + $params['search3'] = $selectioncriteria->search; + } - if (!empty($selectioncriteria->confirmed)) { - $select .= " AND confirmed = 1"; - } + if (!empty($selectioncriteria->confirmed)) { + $select .= " AND confirmed = 1"; + } - if (!empty($selectioncriteria->exceptions)) { - list($selectioncriteria->exceptions, $eparams) = $DB->get_in_or_equal($selectioncriteria->exceptions, SQL_PARAMS_NAMED, 'ex0000', false); - $params = $params + $eparams; - $except = " AND id ".$selectioncriteria->exceptions; - } + if (!empty($selectioncriteria->exceptions)) { + list($selectioncriteria->exceptions, $eparams) = $DB->get_in_or_equal($selectioncriteria->exceptions, SQL_PARAMS_NAMED, 'ex0000', false); + $params = $params + $eparams; + $except = " AND id ".$selectioncriteria->exceptions; + } - if (!empty($selectioncriteria->firstinitial)) { - $select .= " AND firstname $LIKE :fni"; - $params['fni'] = $selectioncriteria->firstinitial."%"; - } - if (!empty($selectioncriteria->lastinitial)) { - $select .= " AND lastname $LIKE :lni"; - $params['lni'] = $selectioncriteria->lastinitial."%"; - } + if (!empty($selectioncriteria->firstinitial)) { + $select .= " AND firstname $LIKE :fni"; + $params['fni'] = $selectioncriteria->firstinitial."%"; + } + if (!empty($selectioncriteria->lastinitial)) { + $select .= " AND lastname $LIKE :lni"; + $params['lni'] = $selectioncriteria->lastinitial."%"; + } - if (!empty($selectioncriteria->extraselect)) { - $select .= " AND ".$selectioncriteria->extraselect; - if (empty($selectioncriteria->extraparams)){ - $params = $params + (array)$selectioncriteria->extraparams; - } + if (!empty($selectioncriteria->extraselect)) { + $select .= " AND ".$selectioncriteria->extraselect; + if (empty($selectioncriteria->extraparams)){ + $params = $params + (array)$selectioncriteria->extraparams; } - - return $DB->get_records_select('user', $select, $params, $sort, $fields, $page, $recordsperpage); } - - /** - * Creates an User with given information. Required fields are: - * -username - * -idnumber - * -firstname - * -lastname - * -email - * - * And there's some interesting fields: - * -password - * -auth - * -confirmed - * -timezone - * -country - * -emailstop - * -theme - * -lang - * -mailformat - * - * @param assoc array or object $user - * - * @return string or thrown exceptions - */ - function tmp_create_user($user) { - global $CFG, $DB; + return $DB->get_records_select('user', $select, $params, $sort, $fields, $page, $recordsperpage); +} + + +/** + * Creates an User with given information. Required fields are: + * -username + * -idnumber + * -firstname + * -lastname + * -email + * + * And there's some interesting fields: + * -password + * -auth + * -confirmed + * -timezone + * -country + * -emailstop + * -theme + * -lang + * -mailformat + * + * @param assoc array or object $user + * + * @return string or thrown exceptions + */ +function tmp_create_user($user) { + global $CFG, $DB; /// WS: convert user array into an user object - if (is_array($user)) { - $user = (object) $user; - } + if (is_array($user)) { + $user = (object) $user; + } /// check auth fields - if (!isset($user->auth)) { - $user->auth = 'manual'; - } else { - /// check that the auth value exists - $authplugin = get_directory_list($CFG->dirroot."/auth", '', false, true, false); - if (array_search($user->auth, $authplugin)===false) { - throw new moodle_exception('authnotexisting'); - } + if (!isset($user->auth)) { + $user->auth = 'manual'; + } else { + /// check that the auth value exists + $authplugin = get_directory_list($CFG->dirroot."/auth", '', false, true, false); + if (array_search($user->auth, $authplugin)===false) { + throw new moodle_exception('authnotexisting'); } + } - $required = array('username','firstname','lastname','email', 'password'); - foreach ($required as $req) { - if (!isset($user->{$req})) { - throw new moodle_exception('missingrequiredfield'); - } + $required = array('username','firstname','lastname','email', 'password'); + foreach ($required as $req) { + if (!isset($user->{$req})) { + throw new moodle_exception('missingrequiredfield'); } - $password = hash_internal_user_password($user->password); - $record = create_user_record($user->username, $password, $user->auth); - if ($record) { - $user->id = $record->id; - if ($DB->update_record('user',$user)) { - return $record->id; - } else { - //we could not update properly the newly created user, we need to delete it - $DB->delete_record('user',array('id' => $record->id)); - throw new moodle_exception('usernotcreated'); - } + } + $password = hash_internal_user_password($user->password); + $record = create_user_record($user->username, $password, $user->auth); + if ($record) { + $user->id = $record->id; + if ($DB->update_record('user',$user)) { + return $record->id; + } else { + //we could not update properly the newly created user, we need to delete it + $DB->delete_record('user',array('id' => $record->id)); + throw new moodle_exception('usernotcreated'); } - throw new moodle_exception('usernotcreated'); } + throw new moodle_exception('usernotcreated'); +} - - /** - * Update a user record from its id - * Warning: no checks are done on the data!!! - * @param object $user - * @return boolean - */ - function tmp_update_user($user) { - global $DB; - if ($DB->update_record('user', $user)) { - $DB->commit_sql(); - events_trigger('user_updated', $user); - return true; - } else { - $DB->rollback_sql(); - return false; - } + +/** +* Update a user record from its id +* Warning: no checks are done on the data!!! +* @param object $user +* @return boolean +*/ +function tmp_update_user($user) { + global $DB; + + //check that the user exist + $existinguser = $DB->get_record('user', array('id'=>$user->id)); + if (empty($existinguser)) { + throw new moodle_exception('couldnotupdatenoexistinguser'); + } + + if ($DB->update_record('user', $user)) { + $DB->commit_sql(); + events_trigger('user_updated', $user); + return true; + } else { + $DB->rollback_sql(); + return false; } +} -- 2.39.5