L_OK = 0
This class manages user privileges and bindings to institutions
createTemporaryDirectory( purpose = installer, failIsFatal = 1) : mixed|string|int
create a temporary directory and return the location
one of 'installer', 'logo', 'test' defined the purpose of the directory
decides if a creation failure should cause an error; defaults to true
the tuple of: base path, absolute path for directory, directory name
checkTokenValidity( token) :
Checks if a given invitation token exists and is valid in the invitations database returns a string with the following values:
OK-NEW valid token exists, and is not attached to an existing institution. When consuming the token, a new inst will be created OK-EXISTING valid token exists, and is attached to an existing institution. When consuming the token, user will be added as an admin FAIL-NONEXISTINGTOKEN this token does not exist at all in the database FAIL-ALREADYCONSUMED the token exists, but has been used before FAIL-EXPIRED the token exists, but has expired
createIdPFromToken( token, owner) : \core\IdP
This function creates a new IdP in the database based on a valid invitation token - or adds a new administrator to an existing one. The institution is created for the logged-in user (second argument) who presents the token (first argument). The tokens are created via createToken().
The invitation token (must exist in the database and be valid).
Persistent User ID who becomes the administrator of the institution
removeAdminFromIdP(\core\IdP idp, user) :
Deletes an administrator from the IdP. If the IdP and user combination doesn't match, nothing happens.
institution from which the admin is to be deleted.
persistent user ID that is to be deleted as an admin.
This function always returns TRUE.
invalidateToken( token) :
Invalidates a token so that it can't be used any more. Tokens automatically expire after 24h, but can be invalidated earlier, e.g. after having been used to create an institution. If the token doesn't exist in the DB or is already invalidated, nothing happens.
the token to invalidate
This function always returns TRUE.
createToken( isByFedadmin, for, instIdentifier, externalId, country) :
Creates a new invitation token. The token's main purpose is to be sent out by mail. The function either can generate a token for a new administrator of an existing institution, or for a new institution. In the latter case, the institution only actually gets created in the DB if the token is actually consumed via createIdPFromToken().
is the invitation token created for a federation admin (TRUE) or from an existing inst admin (FALSE)
identifier (typically email address) for which the invitation is created
either an instance of the IdP class (for existing institutions to invite new admins) or a string (new institution - this is the inst name then)
if the IdP to be created is related to an external DB entity, this parameter contains that ID
if the institution is new (i.e. $inst is a string) this parameter needs to specify the federation of the new inst
The function returns either the token (as string) or FALSE if something went wrong
listPendingInvitations( idpIdentifier) : mixed|string|int
Retrieves all pending invitations for an institution or for a federation.
the identifier of the institution. If not set, returns invitations for not-yet-created insts
if idp_identifier is set: an array of strings (mail addresses); otherwise an array of tuples (country;name;mail)
listInstitutionsByAdmin( userid) : mixed|string|int
For a given persistent user identifier, returns an array of institution identifiers (not the actual objects!) for which this user is the/a administrator.
persistent user identifier
array of institution IDs