Resolve "Accountmanagement für verknüpfte ILIAS-Accounts in Stud.IP"

Closes #4263 Merge request studip/studip!3368

Resolve "Accountmanagement für verknüpfte ILIAS-Accounts in Stud.IP"
7cbba1ec · Arne Schröder, M. A. · Rasmus Fuhse · 147a30d2 · 7cbba1ec · 7cbba1ec
Commit 7cbba1ec authored 7 months ago by Arne Schröder, M. A. Committed by Rasmus Fuhse 7 months ago
--- a/app/controllers/admin/ilias_interface.php
+++ b/app/controllers/admin/ilias_interface.php
@@ -129,6 +129,7 @@ class Admin_IliasInterfaceController extends AuthenticatedController
                            'url' => _('https://<URL zur ILIAS-Installation>'),
                            'client' => '',
                            'ldap_enable' => '',
+                            'reconnect_accounts' => false,
                            'no_account_updates' => false,
                            'admin' => 'ilias_soap_admin',
                            'admin_pw' => '',
@@ -351,6 +352,7 @@ class Admin_IliasInterfaceController extends AuthenticatedController
                        $this->ilias_configs[$index]['course_veranstaltungsnummer'] = Request::get('ilias_course_veranstaltungsnummer');
                    }
                    $this->ilias_configs[$index]['delete_ilias_users'] = Request::get('ilias_delete_ilias_users');
+                    $this->ilias_configs[$index]['reconnect_accounts'] = Request::bool('ilias_reconnect_accounts', false);
                    $this->ilias_configs[$index]['delete_ilias_courses'] = Request::get('ilias_delete_ilias_courses');
                    $this->ilias_configs[$index]['category_create_on_add_module'] = Request::get('ilias_category_create_on_add_module');
                    $this->ilias_configs[$index]['category_to_desktop'] = Request::get('ilias_category_to_desktop');

--- a/app/controllers/admin/user.php
+++ b/app/controllers/admin/user.php
@@ -415,6 +415,18 @@ class Admin_UserController extends AuthenticatedController
        $this->user_roles = $this->user->getRoles();
+        // get ilias account data 
+        if ($GLOBALS['perm']->have_perm('root') && Config::get()->ILIAS_INTERFACE_ENABLE) {
+            $this->ilias_list = [];
+            foreach (Config::get()->ILIAS_INTERFACE_SETTINGS as $ilias_index => $ilias_config) {
+                if ($ilias_config['is_active']) {
+                    $this->ilias_list[$ilias_index] = new ConnectedIlias($ilias_index);
+                    $this->ilias_list[$ilias_index]->soap_client->clearCache();
+                    $this->ilias_user[$ilias_index] = new IliasUser($ilias_index, $ilias_config['version'], $user_id);
+                }
+            }
+        }
        // Änderungen speichern
        if (Request::submitted('edit')) {
            CSRFProtection::verifyUnsafeRequest();

--- a/app/controllers/my_ilias_accounts.php
+++ b/app/controllers/my_ilias_accounts.php
@@ -161,6 +161,70 @@ class MyIliasAccountsController extends AuthenticatedController
        $this->redirect($this->url_for('my_ilias_accounts/index'));
    }
+    /**
+     * Administrate account for ILIAS installation
+     * @param $user_id studip user id
+     * @param $index Index of ILIAS installation
+     * @param $mode action type
+     */
+    public function administrate_account_action($user_id, $index)
+    {
+        if (!$GLOBALS['perm']->have_perm('root')) {
+            throw new AccessDeniedException();
+        }
+        $ilias_configs = Config::get()->ILIAS_INTERFACE_SETTINGS;
+        if ($ilias_configs[$index]['is_active']) {
+            $this->ilias = new ConnectedIlias($index);
+            $this->ilias_index = $index;
+            $this->ilias_login = '';
+            $this->matched_user = false;
+            $this->external_account_login = '';
+            $this->external_account_id = false;
+            $this->user_exists = false;
+            $this->user = new IliasUser($index, $ilias_configs[$index]['version'], $user_id);
+            if (Request::submitted('lookup_account')) {
+                $this->ilias_login = trim(Request::option('ilias_login'));
+                $this->matched_user = $this->ilias->soap_client->lookupUser($this->ilias_login);
+                if (empty($this->matched_user)) {
+                    PageLayout::postError(sprintf(_('Es wurde kein Account mit dem Loginnamen "%s" gefunden.'), htmlReady($this->ilias_login)));
+                } else {
+                    PageLayout::postInfo(sprintf(_('Account "%s" wurde gefunden.'), htmlReady($this->ilias_login)));
+                }
+            } elseif (Request::submitted('connect_account')) {
+                $new_user = $this->ilias->soap_client->getUser(Request::option('ilias_user_id'));
+                if ($new_user['usr_id'] && $new_user['login']) {
+                    $this->user->id = $new_user['usr_id'];
+                    $this->user->login = $new_user['login'];
+                    $this->user->setConnection(IliasUser::USER_TYPE_ORIGINAL);
+                    PageLayout::postSuccess(_('Account zugeordnet.'));
+                }
+            } elseif (Request::submitted('disconnect_account')) {
+                if ($this->user->unsetConnection(true)) {
+                    PageLayout::postSuccess(_('Account-Zuordnung entfernt.'));
+                }
+            } elseif (Request::submitted('new_account')) {
+                $this->ilias->user = new IliasUser($index, $ilias_configs[$index]['version'], $user_id);
+                $this->ilias->soap_client->setCachingStatus(false);
+                $this->ilias->soap_client->clearCache();
+                $this->ilias->newUser();
+                PageLayout::postSuccess(_('Account angelegt.'));
+            }
+            // check if connection is valid / available
+            if ($this->user->isConnected()) {
+                $existing_user = $this->ilias->soap_client->getUser($this->user->id);
+                if ($existing_user && $existing_user['usr_id'] === $this->user->id) {
+                    $this->user_exists = true;
+                }
+            } else {
+                $this->external_account_login = $ilias_configs[$index]['user_prefix'] . $this->user->studip_login;
+                $this->external_account_id = $this->ilias->soap_client->lookupUser($this->external_account_login);
+            }
+        }
+    }
    /**
     * Redirect to ILIAS installation
     * @param $index Index of ILIAS installation

--- a/app/views/admin/ilias_interface/edit_content.php
+++ b/app/views/admin/ilias_interface/edit_content.php
@@ -38,6 +38,10 @@
        <input type="checkbox" name="ilias_delete_ilias_users" value="1" <?= $ilias_config['delete_ilias_users'] ? 'checked' : '' ?>>
        <span><?= _('Beim Löschen von Stud.IP-Accounts ILIAS-Accounts ebenfalls löschen (alle zugehörigen Objekte werden gelöscht!)') ?></span>
    </label>
+    <label>
+        <input type="checkbox" name="ilias_reconnect_accounts" value="1" <?= $ilias_config['reconnect_accounts'] ? 'checked' : '' ?>>
+        <span><?= _('Externe User-Accounts automatisch verbinden, wenn sie den passenden Loginnamen haben') ?></span>
+    </label>
    <label>
        <span><?= _('Prefix für automatisch angelegte Usernamen') ?></span>
        <? if ($ilias_config['is_active']) : ?>

--- a/app/views/admin/user/edit.php
+++ b/app/views/admin/user/edit.php
@@ -232,8 +232,6 @@ use Studip\Button, Studip\LinkButton;
        <? endif ?>
    </fieldset>
    <fieldset>
        <legend>
            <?= _('Registrierungsdaten') ?>
@@ -368,6 +366,41 @@ use Studip\Button, Studip\LinkButton;
        </section>
    </fieldset>
+    <? if ($GLOBALS['perm']->have_perm('root') && Config::get()->ILIAS_INTERFACE_ENABLE) : ?>
+        <? foreach ($ilias_list as $ilias_index => $ilias) : ?>
+            <fieldset>
+                <legend>
+                    <?= htmlReady(sprintf(_('Account in %s'), htmlReady($ilias->getName()))) ?>
+                </legend>
+                <? if ($ilias_user[$ilias_index]->isConnected()) : ?>
+                    <label>
+                        <?= _('Loginname des verknüpften Accounts:') ?>
+                        <?= htmlReady($ilias_user[$ilias_index]->getUsername()) ?>
+                    </label>
+                    <label>
+                        <?= LinkButton::create(
+                            _('Verknüpfung bearbeiten'),
+                            $controller->url_for('my_ilias_accounts/administrate_account/' . $ilias_user[$ilias_index]->studip_id . '/' . $ilias_index . '/edit'),
+                            ['data-dialog' => 'reload-on-close']
+                        ) ?>
+                    </label>
+                <? else : ?>
+                    <label>
+                        <?= _('Kein Account verknüpft') ?>
+                    </label>
+                    <label>
+                        <?= LinkButton::create(
+                            _('Verknüpfung erstellen'),
+                            $controller->url_for('my_ilias_accounts/administrate_account/' . $ilias_user[$ilias_index]->studip_id . '/' . $ilias_index . '/edit'),
+                            ['data-dialog' => 'reload-on-close']
+                        ) ?>
+                    </label>
+                <? endif ?>
+            </fieldset>
+        <? endforeach ?>
+    <? endif ?>
    <? if (in_array($user->perms, ['autor', 'tutor', 'dozent'])): ?>
    <fieldset>
        <legend>

--- a/app/views/my_ilias_accounts/administrate_account.php
+++ b/app/views/my_ilias_accounts/administrate_account.php
+<form class="default" action="<?= $controller->link_for('my_ilias_accounts/administrate_account/' . $user->studip_id . '/' . $ilias_index) ?>" method="post" data-dialog="reload-on-close">
+    <?= CSRFProtection::tokenTag() ?>
+    <fieldset>
+        <legend>
+            <?= _('Bestehenden Account zuordnen') ?>
+        </legend>
+        <? if (!$matched_user) : ?>
+            <label>
+                <span><?= _('Loginname') ?></span>
+                <input type="text" name="ilias_login" size="50" maxlength="50" value="<?= htmlReady($ilias_login) ?>">
+                <?= Studip\Button::createAccept(_('Account Suchen'), 'lookup_account') ?>
+            </label>
+        <? else : ?>
+            <label>
+                <span><?= htmlReady(sprintf(_('ILIAS Account %s (ID %s)'), $ilias_login, $matched_user)) ?></span>
+            </label>
+            <input type="hidden" name="ilias_user_id" value="<?= htmlReady($matched_user) ?>">
+            <?= Studip\Button::createAccept(_('Account zuordnen'), 'connect_account') ?>
+        <? endif ?>
+    </fieldset>
+    <? if ($user->isConnected()) : ?>
+        <fieldset>
+            <legend>
+                <?= _('Verknüpfter Account') ?>
+            </legend>
+            <table class="default nohover">
+                <tr>
+                    <td><?= _('Loginname des verknüpften Accounts:') ?></td>
+                    <td>
+                        <?= htmlReady($user->getUsername()) ?>
+                        <? if (!$user_exists): ?>
+                            - <?= _('Der verknüpfte Account wurde im angebundenen ILIAS-System nicht gefunden!') ?>
+                        <? endif; ?>
+                    </td>
+                </tr>
+                <tr>
+                    <td><?= _('Eigene Kategorie:') ?></td>
+                    <td><?= !empty($user->getCategory()) ? _('ID') . ' ' . htmlReady($user->getCategory()) : _('nicht vorhanden') ?></td>
+                </tr>
+                <tr>
+                    <td><?= _('Account-Typ:') ?></td>
+                    <td><?= $user->getUserType() == IliasUser::USER_TYPE_ORIGINAL ? _('Lokaler ILIAS-Account') : _('Automatisch erstellter Account') ?></td>
+                </tr>
+            </table>
+            <?= Studip\Button::createCancel(_('Verknüpfung aufheben'), 'disconnect_account') ?>
+        </fieldset>
+    <? else : ?>
+        <fieldset>
+            <legend>
+                <?= _('Kein Account verknüpft') ?>
+            </legend>
+            <? if ($external_account_id) : ?>
+                <label>
+                    <?= sprintf(_('Es existiert bereits ein ILIAS-Account mit dem Loginnamen %s.'), htmlReady($external_account_login)) ?>
+                    <input type="hidden" name="ilias_user_id" value="<?= htmlReady($external_account_id) ?>">
+                    <?= Studip\Button::createAccept(_('Mit externem Account verknüpfen'), 'connect_account') ?>
+                </label>
+            <? else : ?>
+                <label>
+                    <?= Studip\Button::createAccept(_('Neuen Account anlegen'), 'new_account') ?>
+                </label>
+            <? endif ?>
+        </fieldset>
+    <? endif ?>
+</form>
\ No newline at end of file
--- a/lib/ilias_interface/ConnectedIlias.php
+++ b/lib/ilias_interface/ConnectedIlias.php
@@ -336,8 +336,17 @@ class ConnectedIlias
                ($this->user->auth_plugin == $this->ilias_config['ldap_enable'])) {
            $this->user->id = $user_exists;
            $this->user->login = $user_data["login"];
-            $this->user->setConnection($this->user->getUserType(), true);
+            $this->user->setConnection($this->user->getUserType());
-            PageLayout::postSuccess(sprintf(_("Verbindung mit Nutzer ID %s wiederhergestellt."), $this->user->id));
+            PageLayout::postSuccess(sprintf(
+                _('Verbindung mit Account ID %s wiederhergestellt.'),
+                htmlReady($this->user->id)
+            ));
+            return true;
+        } elseif ($user_exists && $this->ilias_config['reconnect_accounts']) {
+            $this->user->id = $user_exists;
+            $this->user->login = $user_data["login"];
+            $this->user->setConnection($this->user->getUserType());
+            PageLayout::postSuccess(sprintf(_('Verbindung mit Account ID %s wiederhergestellt.'), htmlReady($this->user->id)));
            return true;
        } elseif ($user_exists) {
            $this->error[] = sprintf(_('Externer Account konnte nicht angelegt werden. Es existiert bereits ein User mit dem Login %s in %s'), $user_data["login"], $this->ilias_config['name']);
@@ -361,7 +370,7 @@ class ConnectedIlias
        }
        // set role according to Stud.IP perm
-        if (User::findCurrent()->perms === 'root') {
+        if (User::find($this->user->studip_id)->perms === 'root') {
            $role_id = 2;
        } else {
            $role_id = 4;
@@ -519,7 +528,7 @@ class ConnectedIlias
        // data for user category in ILIAS
        $object_data["title"] = sprintf(_("Eigene Daten von %s (%s)."), $this->user->getName(), $this->user->getId());
-        $object_data["description"] = sprintf(_("Hier befinden sich die persönlichen Lernmodule des Benutzers %s."), $this->user->getName());
+        $object_data['description'] = sprintf(_('Hier befinden sich die persönlichen Lernmodule von %s.'), $this->user->getName());
        $object_data["type"] = "cat";
        $object_data["owner"] = $this->user->getId();

--- a/lib/ilias_interface/IliasUser.php
+++ b/lib/ilias_interface/IliasUser.php
@@ -502,7 +502,7 @@ class IliasUser
    function unsetConnection($ignore_usertype = false)
    {
        if (!$ignore_usertype && ($this->getUserType() != self::USER_TYPE_ORIGINAL)) {
-            return;
+            return false;
        }
        $query = "DELETE FROM auth_extern WHERE studip_user_id = ? AND external_user_system_type = ? AND external_user_type = ?";
@@ -515,6 +515,7 @@ class IliasUser
        $this->is_connected = false;
        $this->readData();
+        return true;
    }
    /**