136 lines
4.0 KiB
PHP
136 lines
4.0 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Class for reading/writing to the list of User objects in the database.
|
|
*/
|
|
class UserDirectory extends DBDirectory {
|
|
/**
|
|
* LDAP connection object
|
|
*/
|
|
private $ldap;
|
|
/**
|
|
* Avoid making multiple LDAP lookups on the same person by caching their details here
|
|
*/
|
|
private $cache_uid;
|
|
|
|
public function __construct() {
|
|
parent::__construct();
|
|
global $ldap;
|
|
$this->ldap = $ldap;
|
|
$this->cache_uid = array();
|
|
}
|
|
|
|
/**
|
|
* Create the new user in the database.
|
|
* @param User $user object to add
|
|
*/
|
|
public function add_user(User $user) {
|
|
$user_id = $user->uid;
|
|
$user_name = $user->name;
|
|
$user_active = $user->active;
|
|
$user_admin = $user->admin;
|
|
$user_email = $user->email;
|
|
$stmt = $this->database->prepare("INSERT INTO entity SET type = 'user'");
|
|
$stmt->execute();
|
|
$user->entity_id = $stmt->insert_id;
|
|
$stmt = $this->database->prepare("INSERT INTO user SET entity_id = ?, uid = ?, name = ?, email = ?, active = ?, admin = ?");
|
|
$stmt->bind_param('dsssdd', $user->entity_id, $user_id, $user_name, $user_email, $user_active, $user_admin);
|
|
$stmt->execute();
|
|
$stmt->close();
|
|
}
|
|
|
|
/**
|
|
* Get a user from the database by its entity ID.
|
|
* @param int $entity_id of user
|
|
* @return User with specified entity ID
|
|
* @throws UserNotFoundException if no user with that entity ID exists
|
|
*/
|
|
public function get_user_by_id($id) {
|
|
$stmt = $this->database->prepare("SELECT * FROM user WHERE entity_id = ?");
|
|
$stmt->bind_param('d', $id);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
if($row = $result->fetch_assoc()) {
|
|
$user = new User($row['entity_id'], $row);
|
|
} else {
|
|
throw new UserNotFoundException('User does not exist.');
|
|
}
|
|
$stmt->close();
|
|
return $user;
|
|
}
|
|
|
|
/**
|
|
* Get a user from the database by its uid. If it does not exist in the database, retrieve it
|
|
* from LDAP and store in the database.
|
|
* @param string $uid of user
|
|
* @param bool $login true if getting user as part of login process
|
|
* @return User with specified entity uid
|
|
* @throws UserNotFoundException if no user with that uid exists
|
|
*/
|
|
public function get_user_by_uid($uid, $login = false) {
|
|
if(isset($this->cache_uid[$uid])) {
|
|
return $this->cache_uid[$uid];
|
|
}
|
|
$stmt = $this->database->prepare("SELECT * FROM user WHERE uid = ?");
|
|
$stmt->bind_param('s', $uid);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
if($row = $result->fetch_assoc()) {
|
|
$user = new User($row['entity_id'], $row);
|
|
$this->cache_uid[$uid] = $user;
|
|
} else {
|
|
$user = new User;
|
|
$user->uid = $uid;
|
|
$this->cache_uid[$uid] = $user;
|
|
$user->get_details_from_ldap($login);
|
|
}
|
|
$stmt->close();
|
|
return $user;
|
|
}
|
|
|
|
/**
|
|
* List all users in the database.
|
|
* @param array $include list of extra data to include in response - currently unused
|
|
* @param array $filter list of field/value pairs to filter results on
|
|
* @return array of User objects
|
|
*/
|
|
public function list_users($include = array(), $filter = array()) {
|
|
// WARNING: The search query is not parameterized - be sure to properly escape all input
|
|
$fields = array("user.*");
|
|
$joins = array();
|
|
$where = array();
|
|
foreach($filter as $field => $value) {
|
|
if($value) {
|
|
switch($field) {
|
|
case 'uid':
|
|
$where[] = "uid = '".$this->database->escape_string($value)."'";
|
|
break;
|
|
case 'name':
|
|
$where[] = "name = '".$this->database->escape_string($value)."'";
|
|
break;
|
|
case 'admins_servers':
|
|
$joins[] = "INNER JOIN server_admin ON server_admin.entity_id = user.entity_id";
|
|
$joins[] = "INNER JOIN server ON server.id = server_admin.server_id AND server.key_management <> 'decommissioned'";
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
$stmt = $this->database->prepare("
|
|
SELECT ".implode(", ", $fields)."
|
|
FROM user ".implode(" ", $joins)."
|
|
".(count($where) == 0 ? "" : "WHERE (".implode(") AND (", $where).")")."
|
|
GROUP BY user.entity_id
|
|
ORDER BY user.uid
|
|
");
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
$users = array();
|
|
while($row = $result->fetch_assoc()) {
|
|
$users[] = new User($row['entity_id'], $row);
|
|
}
|
|
return $users;
|
|
}
|
|
}
|
|
|
|
class UserNotFoundException extends Exception {}
|