> Zend Framework中文手册 > 18.7. Using Google Apps Provisioning

18.7. Using Google Apps Provisioning

Google Apps is a service which allows DOMain administrators to offer their users managed Access to Google services such as Mail, Calendar, and Docs & Spreadsheets. The Provisioning API offers a programmatic interface to configure this service. Specifically, this API allows administrators the ability to create, retrieve, update, and delete user accounts, nicknames, and email lists.

This library implements version 2.0 of the Provisioning API. Access to your account via the Provisioning API must be manually enabled for each domain using the Google Apps control panel. Only certain account types are able to enable this feature.

For more information on the Google Apps Provisioning API, including instructions for enabling API access, refer to the Provisioning API V2.0 Reference.

18.7. Using Google Apps Provisioning Authentication

The Provisioning API does not support authentication via AuthSub and anonymous access is not permitted. All Http connections must be authenticated using ClientAuth authentication.

18.7.1. Setting the current domain

In order to use the Provisioning API, the domain being administered needs to be specified in all request URIs. In order to ease development, this information is stored within both the Gapps service and query classes to use when constructing requests.

18.7.1.1. Setting the domain for the service class

To set the domain for requests made by the service class, either call setDomain() or specify the domain when instantiating the service class. For example:

$domain = "example.com";
$gdata = new Zend_Gdata_Gapps($client, $domain);

            

18.7.1.2. Setting the domain for query classes

Setting the domain for requests made by query classes is similar to setting it for the service class-either call setDomain() or specify the domain when creating the query. For example:

$domain = "example.com";
$query = new Zend_Gdata_Gapps_UserQuery($domain, $arg);

            

When using a service class factory method to create a query, the service class will automatically set the query's domain to match its own domain. As a result, it is not necessary to specify the domain as part of the constructor arguments.

$domain = "example.com";
$gdata = new Zend_Gdata_Gapps($client, $domain);
$query = $gdata->newUserQuery($arg);

            

18.7.2. Interacting with users

Each user account on a Google Apps hosted domain is represented as an instance of Zend_Gdata_Gapps_UserEntry. This class provides access to all account properties including name, username, password, access rights, and current quota.

18.7.2.1. Creating a user account

User accounts can be created by calling the createUser() convenience method:

$gdata->createUser('foo', 'Random', 'User', '••••••••');

            

Users can also be created by instantiating UserEntry, providing a username, given name, family name, and password, then calling insertUser() on a service object to upload the entry to the server.

$user = $gdata->newUserEntry();
$user->login = $gdata->newLogin();
$user->login->username = 'foo';
$user->login->password = '••••••••';
$user->name = $gdata->newName();
$user->name->givenName = 'Random';
$user->name->familyName = 'User';
$user = $gdata->insertUser($user);

            

The user's password should normally be provided as cleartext. Optionally, the password can be provided as an SHA-1 digest if login->passwordHashFunction is set to 'SHA-1'.

18.7.2.2. Retrieving a user account

Individual user accounts can be retrieved by calling the retrieveUser() convenience method. If the user is not found, null will be returned.

$user = $gdata->retrieveUser('foo');

echo 'Username: ' . $user->login->userName . "\n";
echo 'Given Name: ' . $user->login->givenName . "\n";
echo 'Family Name: ' . $user->login->familyName . "\n";
echo 'Suspended: ' . ($user->login->suspended ? 'Yes' : 'No') . "\n";
echo 'Admin: ' . ($user->login->admin ? 'Yes' : 'No') . "\n"
echo 'Must Change Password: ' .
     ($user->login->changePasswordAtNextLogin ? 'Yes' : 'No') . "\n";
echo 'Has Agreed To Terms: ' .
     ($user->login->agreedToTerms ? 'Yes' : 'No') . "\n";

            

Users can also be retrieved by creating an instance of Zend_Gdata_Gapps_UserQuery, setting its username property to equal the username of the user that is to be retrieved, and calling getUserEntry() on a service object with that query.

$query = $gdata->newUserQuery('foo');
$user = $gdata->getUserEntry($query);

echo 'Username: ' . $user->login->userName . "\n";
echo 'Given Name: ' . $user->login->givenName . "\n";
echo 'Family Name: ' . $user->login->familyName . "\n";
echo 'Suspended: ' . ($user->login->suspended ? 'Yes' : 'No') . "\n";
echo 'Admin: ' . ($user->login->admin ? 'Yes' : 'No') . "\n"
echo 'Must Change Password: ' .
     ($user->login->changePasswordAtNextLogin ? 'Yes' : 'No') . "\n";
echo 'Has Agreed To Terms: ' .
     ($user->login->agreedToTerms ? 'Yes' : 'No') . "\n";

            

If the specified user cannot be located a ServiceException will be thrown with an error code of Zend_Gdata_Gapps_Error::ENTITY_DOES_NOT_EXIST. ServiceExceptions will be covered in 第 18.7.6 节 “Handling errors”.

18.7.2.3. Retrieving all users in a domain

To retrieve all users in a domain, call the retrieveAllUsers() convenience method.

$feed = $gdata->retrieveAllUsers();

foreach ($feed as $user) {
    echo "  * " . $user->login->username . ' (' . $user->name->givenName .
        ' ' . $user->name->familyName . ")\n";
}

            

This will create a Zend_Gdata_Gapps_UserFeed object which holds each user on the domain.

Alternatively, call getUserFeed() with no options. Keep in mind that on larger domains this feed may be paged by the server. For more information on paging, see 第 18.1.9 节 “Working with Multi-page Feeds”.

$feed = $gdata->getUserFeed();

foreach ($feed as $user) {
    echo "  * " . $user->login->username . ' (' . $user->name->givenName .
        ' ' . $user->name->familyName . ")\n";
}

            

18.7.2.4. Updating a user account

The easiest way to update a user account is to retrieve the user as described in the previous sections, make any desired changes, then call save() on that user. Any changes made will be propagated to the server.

$user = $gdata->retrieveUser('foo');
$user->name->givenName = 'Foo';
$user->name->familyName = 'Bar';
$user = $user->save();

            
18.7.2.4.1. Resetting a user's password

A user's password can be reset to a new value by updating the login->password property.

$user = $gdata->retrieveUser('foo');
$user->login->password = '••••••••';
$user = $user->save();

                

Note that it is not possible to recover a password in this manner as stored passwords are not made available via the Provisioning API for security reasons.

18.7.2.4.2. Forcing a user to change their password

A user can be forced to change their password at their next login by setting the login->changePasswordAtNextLogin property to true.

$user = $gdata->retrieveUser('foo');
$user->login->changePasswordAtNextLogin = true;
$user = $user->save();

                

Similarly, this can be undone by setting the login->changePasswordAtNextLogin property to false.

18.7.2.4.3. Suspending a user account

Users can be restricted from logging in without deleting their user account by instead suspending their user account. Accounts can be suspended or restored by using the suspendUser() and restoreUser() convenience methods:

$gdata->suspendUser('foo');
$gdata->restoreUser('foo');

                

Alternatively, you can set the UserEntry's login->suspended property to true.

$user = $gdata->retrieveUser('foo');
$user->login->suspended = true;
$user = $user->save();

                

To restore the user's access, set the login->suspended property to false.

18.7.2.4.4. Granting administrative rights

Users can be granted the ability to administer your domain by setting their login->admin property to true.

$user = $gdata->retrieveUser('foo');
$user->login->admin = true;
$user = $user->save();

                

And as expected, setting a user's login->admin property to false revokes their administrative rights.

18.7.2.5. Deleting user accounts

Deleting a user account to which you already hold a UserEntry is a simple as calling delete() on that entry.

$user = $gdata->retrieveUser('foo');
$user->delete();

            

If you do not have access to a UserEntry object for an account, use the deleteUser() convenience method.

$gdata->deleteUser('foo');

            

18.7.3. Interacting with nicknames

Nicknames serve as email aliases for existing users. Each nickname contains precisely two key properties: its name and its owner. Any email addressed to a nickname is forwarded to the user who owns that nickname.

Nicknames are represented as an instances of Zend_Gdata_Gapps_NicknameEntry.

18.7.3.1. Creating a nickname

Nicknames can be created by calling the createNickname() convenience method:

$gdata->createNickname('foo', 'bar');

            

Nicknames can also be created by instantiating NicknameEntry, providing the nickname with a name and an owner, then calling insertNickname() on a service object to upload the entry to the server.

$nickname = $gdata->newNicknameEntry();
$nickname->login = $gdata->newLogin('foo');
$nickname->nickname = $gdata->newNickname('bar');
$nickname = $gdata->insertNickname($nickname);

            

18.7.3.2. Retrieving a nickname

Nicknames can be retrieved by calling the retrieveNickname() convenience method. This will return null if a user is not found.

$nickname = $gdata->retrieveNickname('bar');

echo 'Nickname: ' . $nickname->nickname->name . "\n";
echo 'Owner: ' . $nickname->login->username . "\n";

            

Individual nicknames can also be retrieved by creating an instance of Zend_Gdata_Gapps_NicknameQuery, setting its nickname property to equal the nickname that is to be retrieved, and calling getNicknameEntry() on a service object with that query.

$query = $gdata->newNicknameQuery('bar');
$nickname = $gdata->getNicknameEntry($query);

echo 'Nickname: ' . $nickname->nickname->name . "\n";
echo 'Owner: ' . $nickname->login->username . "\n";

            

As with users, if no corresponding nickname is found a ServiceException will be thrown with an error code of Zend_Gdata_Gapps_Error::ENTITY_DOES_NOT_EXIST. Again, these will be discussed in 第 18.7.6 节 “Handling errors”.

18.7.3.3. Retrieving all nicknames for a user

To retrieve all nicknames associated with a given user, call the convenience method retrieveNicknames().

$feed = $gdata->retrieveNicknames('foo');

foreach ($feed as $nickname) {
    echo '  * ' . $nickname->nickname->name . "\n";
}

            

This will create a Zend_Gdata_Gapps_NicknameFeed object which holds each nickname associated with the specified user.

Alternatively, create a new Zend_Gdata_Gapps_NicknameQuery, set its username property to the desired user, and submit the query by calling getNicknameFeed() on a service object.

$query = $gdata->newNicknameQuery();
$query->setUsername('foo');
$feed = $gdata->getNicknameFeed($query);

foreach ($feed as $nickname) {
    echo '  * ' . $nickname->nickname->name . "\n";
}

            

18.7.3.4. Retrieving all nicknames in a domain

To retrieve all nicknames in a feed, simply call the convenience method retrieveAllNicknames()

$feed = $gdata->retrieveAllNicknames();

foreach ($feed as $nickname) {
    echo '  * ' . $nickname->nickname->name . ' => ' .
        $nickname->login->username . "\n";
}

            

This will create a Zend_Gdata_Gapps_NicknameFeed object which holds each nickname on the domain.

Alternatively, call getNicknameFeed() on a service object with no arguments.

$feed = $gdata->getNicknameFeed();

foreach ($feed as $nickname) {
    echo '  * ' . $nickname->nickname->name . ' => ' .
        $nickname->login->username . "\n";
}

            

18.7.3.5. Deleting a nickname

Deleting a nickname to which you already hold a NicknameEntry for is a simple as calling delete() on that entry.

$nickname = $gdata->retrieveNickname('bar');
$nickname->delete();

            

For nicknames which you do not hold a NicknameEntry for, use the deleteNickname() convenience method.

$gdata->deleteNickname('bar');

            

18.7.4. Interacting with email lists

Email lists allow several users to retrieve email addressed to a single email address. Users do not need to be a member of this domain in order to subscribe to an email list provided their complete email address (including domain) is used.

Each email list on a domain is represented as an instance of Zend_Gdata_Gapps_EmailListEntry.

18.7.4.1. Creating an email list

Email lists can be created by calling the createEmailList() convenience method:

$gdata->createEmailList('friends');

            

Email lists can also be created by instantiating EmailListEntry, providing a name for the list, then calling insertEmailList() on a service object to upload the entry to the server.

$list = $gdata->newEmailListEntry();
$list->emailList = $gdata->newEmailList('friends');
$list = $gdata->insertEmailList($list);

            

18.7.4.2. Retrieving all email lists to which a recipient is subscribed

To retrieve all email lists to which a particular recipient is subscribed, call the retrieveEmailLists() convenience method:

$feed = $gdata->retrieveEmailLists('[email protected]');

foreach ($feed as $list) {
    echo '  * ' . $list->emailList->name . "\n";
}

            

This will create a Zend_Gdata_Gapps_EmailListFeed object which holds each email list associated with the specified recipient.

Alternatively, create a new Zend_Gdata_Gapps_EmailListQuery, set its recipient property to the desired email address, and submit the query by calling getEmailListFeed() on a service object.

$query = $gdata->newEmailListQuery();
$query->setRecipient('[email protected]');
$feed = $gdata->getEmailListFeed($query);

foreach ($feed as $list) {
    echo '  * ' . $list->emailList->name . "\n";
}

            

18.7.4.3. Retrieving all email lists in a domain

To retrieve all email lists in a domain, call the convenience method retrieveAllEmailLists().

$feed = $gdata->retrieveAllEmailLists();

foreach ($feed as $list) {
    echo '  * ' . $list->emailList->name . "\n";
}

            

This will create a Zend_Gdata_Gapps_EmailListFeed object which holds each email list on the domain.

Alternatively, call getEmailListFeed() on a service object with no arguments.

$feed = $gdata->getEmailListFeed();

foreach ($feed as $list) {
    echo '  * ' . $list->emailList->name . "\n";
}

            

18.7.4.4. Deleting an email list

To delete an email list, call the deleteEmailList() convenience method:

$gdata->deleteEmailList('friends');

            

18.7.5. Interacting with email list recipients

Each recipient subscribed to an email list is represented by an instance of Zend_Gdata_Gapps_EmailListRecipient. Through this class, individual recipients can be added and removed from email lists.

18.7.5.1. Adding a recipient to an email list

To add a recipient to an email list, simply call the addRecipientToEmailList() convenience method:

$gdata->addRecipientToEmailList('[email protected]', 'friends');

            

18.7.5.2. Retrieving the list of subscribers to an email list

The convenience method retrieveAllRecipients() can be used to retrieve the list of subscribers to an email list:

$feed = $gdata->retrieveAllRecipients('friends');

foreach ($feed as $recipient) {
    echo '  * ' . $recipient->who->email . "\n";
}

            

Alternatively, construct a new EmailListRecipientQuery, set its emailListName property to match the desired email list, and call getEmailListRecipientFeed() on a service object.

$query = $gdata->newEmailListRecipientQuery();
$query->setEmailListName('friends');
$feed = $gdata->getEmailListRecipientFeed($query);

foreach ($feed as $recipient) {
    echo '  * ' . $recipient->who->email . "\n";
}

            

This will create a Zend_Gdata_Gapps_EmailListRecipientFeed object which holds each recipient for the selected email list.

18.7.5.3. Removing a recipient from an email list

To remove a recipient from an email list, call the removeRecipientFromEmailList() convenience method:

$gdata->removeRecipientFromEmailList('[email protected]', 'friends');

            

18.7.6. Handling errors

In addition to the standard suite of exceptions thrown by Zend_Gdata, requests using the Provisioning API may also throw a Zend_Gdata_Gapps_ServiceException. These exceptions indicate that a API specific error occurred which prevents the request from completing.

Each ServiceException instance may hold one or more Error objects. Each of these objects contains an error code, reason, and (optionally) the input which triggered the exception. A complete list of known error codes is provided in the Zend Framework API documentation under Zend_Gdata_Gapps_Error. Additionally, the authoritative error list is available online at Google Apps Provisioning API V2.0 Reference: Appendix D.

While the complete list of errors received is available within ServiceException as an array by calling getErrors(), often it is convenient to know if one specific error occurred. For these cases the presence of an error can be determined by calling hasError().

The following example demonstrates how to detect if a requested resource doesn't exist and handle the fault gracefully:

function retrieveUser ($username) {
    $query = $gdata->newUserQuery($username);
    try {
        $user = $gdata->getUserEntry($query);
    } catch (Zend_Gdata_Gapps_ServiceException $e) {
        // Set the user to null if not found
        if ($e->hasError(Zend_Gdata_Gapps_Error::ENTITY_DOES_NOT_EXIST)) {
            $user = null;
        } else {
            throw $e;
        }
    }
    return $user;
}