18.7. Using Google Apps Provisioning
Google Apps is a service which allows DOMain administrators to offer their users managed Access to Google services such as Mail, Calendar, and Docs & Spreadsheets. The Provisioning API offers a programmatic interface to configure this service. Specifically, this API allows administrators the ability to create, retrieve, update, and delete user accounts, nicknames, and email lists.
This library implements version 2.0 of the Provisioning API. Access to your account via the Provisioning API must be manually enabled for each domain using the Google Apps control panel. Only certain account types are able to enable this feature.
For more information on the Google Apps Provisioning API, including instructions for enabling API access, refer to the Provisioning API V2.0 Reference.
Authentication | |
---|---|
The Provisioning API does not support authentication via AuthSub and anonymous access is not permitted. All Http connections must be authenticated using ClientAuth authentication. |
18.7.1. Setting the current domain
In order to use the Provisioning API, the domain being administered needs to be specified in all request URIs. In order to ease development, this information is stored within both the Gapps service and query classes to use when constructing requests.
18.7.1.1. Setting the domain for the service class
To set the domain for requests made by the service class,
either call setDomain()
or specify the domain
when instantiating the service class. For example:
$domain = "example.com"; $gdata = new Zend_Gdata_Gapps($client, $domain);
18.7.1.2. Setting the domain for query classes
Setting the domain for requests made by query classes is
similar to setting it for the service class-either call
setDomain()
or specify the domain when creating
the query. For example:
$domain = "example.com"; $query = new Zend_Gdata_Gapps_UserQuery($domain, $arg);
When using a service class factory method to create a query, the service class will automatically set the query's domain to match its own domain. As a result, it is not necessary to specify the domain as part of the constructor arguments.
$domain = "example.com"; $gdata = new Zend_Gdata_Gapps($client, $domain); $query = $gdata->newUserQuery($arg);
18.7.2. Interacting with users
Each user account on a Google Apps hosted domain is represented as
an instance of Zend_Gdata_Gapps_UserEntry
. This class provides
access to all account properties including name, username,
password, access rights, and current quota.
18.7.2.1. Creating a user account
User accounts can be created by calling the
createUser()
convenience method:
$gdata->createUser('foo', 'Random', 'User', '••••••••');
Users can also be created by instantiating UserEntry,
providing a username, given name, family name, and password,
then calling insertUser()
on a service object to
upload the entry to the server.
$user = $gdata->newUserEntry(); $user->login = $gdata->newLogin(); $user->login->username = 'foo'; $user->login->password = '••••••••'; $user->name = $gdata->newName(); $user->name->givenName = 'Random'; $user->name->familyName = 'User'; $user = $gdata->insertUser($user);
The user's password should normally be provided as cleartext.
Optionally, the password can be provided as an SHA-1 digest if
login->passwordHashFunction
is set to 'SHA-1'.
18.7.2.2. Retrieving a user account
Individual user accounts can be retrieved by calling the
retrieveUser()
convenience method. If the user is
not found, null
will be returned.
$user = $gdata->retrieveUser('foo'); echo 'Username: ' . $user->login->userName . "\n"; echo 'Given Name: ' . $user->login->givenName . "\n"; echo 'Family Name: ' . $user->login->familyName . "\n"; echo 'Suspended: ' . ($user->login->suspended ? 'Yes' : 'No') . "\n"; echo 'Admin: ' . ($user->login->admin ? 'Yes' : 'No') . "\n" echo 'Must Change Password: ' . ($user->login->changePasswordAtNextLogin ? 'Yes' : 'No') . "\n"; echo 'Has Agreed To Terms: ' . ($user->login->agreedToTerms ? 'Yes' : 'No') . "\n";
Users can also be retrieved by creating an
instance of Zend_Gdata_Gapps_UserQuery
, setting its username
property to equal the username of the user that is to be
retrieved, and calling getUserEntry()
on a
service object with that query.
$query = $gdata->newUserQuery('foo'); $user = $gdata->getUserEntry($query); echo 'Username: ' . $user->login->userName . "\n"; echo 'Given Name: ' . $user->login->givenName . "\n"; echo 'Family Name: ' . $user->login->familyName . "\n"; echo 'Suspended: ' . ($user->login->suspended ? 'Yes' : 'No') . "\n"; echo 'Admin: ' . ($user->login->admin ? 'Yes' : 'No') . "\n" echo 'Must Change Password: ' . ($user->login->changePasswordAtNextLogin ? 'Yes' : 'No') . "\n"; echo 'Has Agreed To Terms: ' . ($user->login->agreedToTerms ? 'Yes' : 'No') . "\n";
If the specified user cannot be located a ServiceException
will be thrown with an error code of
Zend_Gdata_Gapps_Error::ENTITY_DOES_NOT_EXIST
.
ServiceExceptions will be covered in 第 18.7.6 节 “Handling errors”.
18.7.2.3. Retrieving all users in a domain
To retrieve all users in a domain, call the
retrieveAllUsers()
convenience method.
$feed = $gdata->retrieveAllUsers(); foreach ($feed as $user) { echo " * " . $user->login->username . ' (' . $user->name->givenName . ' ' . $user->name->familyName . ")\n"; }
This will create a Zend_Gdata_Gapps_UserFeed
object which
holds each user on the domain.
Alternatively, call getUserFeed()
with no
options. Keep in mind that on larger
domains this feed may be paged by the server. For more
information on paging, see 第 18.1.9 节 “Working with Multi-page Feeds”.
$feed = $gdata->getUserFeed(); foreach ($feed as $user) { echo " * " . $user->login->username . ' (' . $user->name->givenName . ' ' . $user->name->familyName . ")\n"; }
18.7.2.4. Updating a user account
The easiest way to update a user account is to retrieve the
user as described in the previous sections, make any desired
changes, then call save()
on that user. Any
changes made will be propagated to the server.
$user = $gdata->retrieveUser('foo'); $user->name->givenName = 'Foo'; $user->name->familyName = 'Bar'; $user = $user->save();
18.7.2.4.1. Resetting a user's password
A user's password can be reset to a new value by updating
the login->password
property.
$user = $gdata->retrieveUser('foo'); $user->login->password = '••••••••'; $user = $user->save();
Note that it is not possible to recover a password in this manner as stored passwords are not made available via the Provisioning API for security reasons.
18.7.2.4.2. Forcing a user to change their password
A user can be forced to change their password at their
next login by setting the
login->changePasswordAtNextLogin
property to
true
.
$user = $gdata->retrieveUser('foo'); $user->login->changePasswordAtNextLogin = true; $user = $user->save();
Similarly, this can be undone by setting the
login->changePasswordAtNextLogin
property to
false
.
18.7.2.4.3. Suspending a user account
Users can be restricted from logging in without deleting
their user account by instead
suspending their user account.
Accounts can be suspended or restored by using the
suspendUser()
and restoreUser()
convenience methods:
$gdata->suspendUser('foo'); $gdata->restoreUser('foo');
Alternatively, you can set the UserEntry's
login->suspended
property to
true
.
$user = $gdata->retrieveUser('foo'); $user->login->suspended = true; $user = $user->save();
To restore the user's access, set the
login->suspended
property to
false
.
18.7.2.4.4. Granting administrative rights
Users can be granted the ability to administer your domain
by setting their login->admin
property to
true
.
$user = $gdata->retrieveUser('foo'); $user->login->admin = true; $user = $user->save();
And as expected, setting a user's login->admin
property to false
revokes their
administrative rights.
18.7.2.5. Deleting user accounts
Deleting a user account to which you already hold a UserEntry
is a simple as calling delete()
on that
entry.
$user = $gdata->retrieveUser('foo'); $user->delete();
If you do not have access to a UserEntry object for an
account, use the deleteUser()
convenience method.
$gdata->deleteUser('foo');
18.7.3. Interacting with nicknames
Nicknames serve as email aliases for existing users. Each nickname contains precisely two key properties: its name and its owner. Any email addressed to a nickname is forwarded to the user who owns that nickname.
Nicknames are represented as an instances of
Zend_Gdata_Gapps_NicknameEntry
.
18.7.3.1. Creating a nickname
Nicknames can be created by calling the
createNickname()
convenience method:
$gdata->createNickname('foo', 'bar');
Nicknames can also be created by instantiating NicknameEntry,
providing the nickname with a name and an owner, then calling
insertNickname()
on a service object to upload
the entry to the server.
$nickname = $gdata->newNicknameEntry(); $nickname->login = $gdata->newLogin('foo'); $nickname->nickname = $gdata->newNickname('bar'); $nickname = $gdata->insertNickname($nickname);
18.7.3.2. Retrieving a nickname
Nicknames can be retrieved by calling the
retrieveNickname()
convenience method. This will
return null
if a user is not found.
$nickname = $gdata->retrieveNickname('bar'); echo 'Nickname: ' . $nickname->nickname->name . "\n"; echo 'Owner: ' . $nickname->login->username . "\n";
Individual nicknames can also be retrieved by creating an
instance of Zend_Gdata_Gapps_NicknameQuery
, setting its
nickname property to equal the nickname that is to be
retrieved, and calling getNicknameEntry()
on a
service object with that query.
$query = $gdata->newNicknameQuery('bar'); $nickname = $gdata->getNicknameEntry($query); echo 'Nickname: ' . $nickname->nickname->name . "\n"; echo 'Owner: ' . $nickname->login->username . "\n";
As with users, if no corresponding nickname is found a
ServiceException will be thrown with an error code of
Zend_Gdata_Gapps_Error::ENTITY_DOES_NOT_EXIST
. Again, these
will be discussed in 第 18.7.6 节 “Handling errors”.
18.7.3.3. Retrieving all nicknames for a user
To retrieve all nicknames associated with a given user, call
the convenience method retrieveNicknames()
.
$feed = $gdata->retrieveNicknames('foo'); foreach ($feed as $nickname) { echo ' * ' . $nickname->nickname->name . "\n"; }
This will create a Zend_Gdata_Gapps_NicknameFeed
object which
holds each nickname associated with the specified user.
Alternatively, create a new Zend_Gdata_Gapps_NicknameQuery
,
set its username property to the desired user, and submit the
query by calling getNicknameFeed()
on a service
object.
$query = $gdata->newNicknameQuery(); $query->setUsername('foo'); $feed = $gdata->getNicknameFeed($query); foreach ($feed as $nickname) { echo ' * ' . $nickname->nickname->name . "\n"; }
18.7.3.4. Retrieving all nicknames in a domain
To retrieve all nicknames in a feed, simply call the
convenience method retrieveAllNicknames()
$feed = $gdata->retrieveAllNicknames(); foreach ($feed as $nickname) { echo ' * ' . $nickname->nickname->name . ' => ' . $nickname->login->username . "\n"; }
This will create a Zend_Gdata_Gapps_NicknameFeed
object which
holds each nickname on the domain.
Alternatively, call getNicknameFeed()
on a
service object with no arguments.
$feed = $gdata->getNicknameFeed(); foreach ($feed as $nickname) { echo ' * ' . $nickname->nickname->name . ' => ' . $nickname->login->username . "\n"; }
18.7.3.5. Deleting a nickname
Deleting a nickname to which you already hold a NicknameEntry
for is a simple as calling delete()
on that
entry.
$nickname = $gdata->retrieveNickname('bar'); $nickname->delete();
For nicknames which you do not hold a NicknameEntry for, use
the deleteNickname()
convenience method.
$gdata->deleteNickname('bar');
18.7.4. Interacting with email lists
Email lists allow several users to retrieve email addressed to a single email address. Users do not need to be a member of this domain in order to subscribe to an email list provided their complete email address (including domain) is used.
Each email list on a domain is represented as an instance of
Zend_Gdata_Gapps_EmailListEntry
.
18.7.4.1. Creating an email list
Email lists can be created by calling the
createEmailList()
convenience method:
$gdata->createEmailList('friends');
Email lists can also be created by instantiating
EmailListEntry, providing a name for the list, then calling
insertEmailList()
on a service object to upload
the entry to the server.
$list = $gdata->newEmailListEntry(); $list->emailList = $gdata->newEmailList('friends'); $list = $gdata->insertEmailList($list);
18.7.4.2. Retrieving all email lists to which a recipient is subscribed
To retrieve all email lists to which a particular recipient is
subscribed, call the retrieveEmailLists()
convenience method:
$feed = $gdata->retrieveEmailLists('[email protected]'); foreach ($feed as $list) { echo ' * ' . $list->emailList->name . "\n"; }
This will create a Zend_Gdata_Gapps_EmailListFeed
object which
holds each email list associated with the specified recipient.
Alternatively, create a new Zend_Gdata_Gapps_EmailListQuery
,
set its recipient property to the desired email address, and
submit the query by calling getEmailListFeed()
on
a service object.
$query = $gdata->newEmailListQuery(); $query->setRecipient('[email protected]'); $feed = $gdata->getEmailListFeed($query); foreach ($feed as $list) { echo ' * ' . $list->emailList->name . "\n"; }
18.7.4.3. Retrieving all email lists in a domain
To retrieve all email lists in a domain, call the convenience
method retrieveAllEmailLists()
.
$feed = $gdata->retrieveAllEmailLists(); foreach ($feed as $list) { echo ' * ' . $list->emailList->name . "\n"; }
This will create a Zend_Gdata_Gapps_EmailListFeed
object which
holds each email list on the domain.
Alternatively, call getEmailListFeed()
on a
service object with no arguments.
$feed = $gdata->getEmailListFeed(); foreach ($feed as $list) { echo ' * ' . $list->emailList->name . "\n"; }
18.7.4.4. Deleting an email list
To delete an email list, call the deleteEmailList() convenience method:
$gdata->deleteEmailList('friends');
18.7.5. Interacting with email list recipients
Each recipient subscribed to an email list is represented by an
instance of Zend_Gdata_Gapps_EmailListRecipient
. Through this
class, individual recipients can be added and removed from email
lists.
18.7.5.1. Adding a recipient to an email list
To add a recipient to an email list, simply call the
addRecipientToEmailList()
convenience method:
$gdata->addRecipientToEmailList('[email protected]', 'friends');
18.7.5.2. Retrieving the list of subscribers to an email list
The convenience method retrieveAllRecipients()
can be used to retrieve the list of subscribers to an email list:
$feed = $gdata->retrieveAllRecipients('friends'); foreach ($feed as $recipient) { echo ' * ' . $recipient->who->email . "\n"; }
Alternatively, construct a new EmailListRecipientQuery, set
its emailListName property to match the desired email list,
and call getEmailListRecipientFeed()
on a service
object.
$query = $gdata->newEmailListRecipientQuery(); $query->setEmailListName('friends'); $feed = $gdata->getEmailListRecipientFeed($query); foreach ($feed as $recipient) { echo ' * ' . $recipient->who->email . "\n"; }
This will create a Zend_Gdata_Gapps_EmailListRecipientFeed
object which holds each recipient for the selected email list.
18.7.5.3. Removing a recipient from an email list
To remove a recipient from an email list, call the
removeRecipientFromEmailList()
convenience
method:
$gdata->removeRecipientFromEmailList('[email protected]', 'friends');
18.7.6. Handling errors
In addition to the standard suite of exceptions thrown by
Zend_Gdata
, requests using the Provisioning API may also throw a
Zend_Gdata_Gapps_ServiceException
. These exceptions
indicate that a API specific error occurred which prevents the
request from completing.
Each ServiceException instance may hold one or more Error objects.
Each of these objects contains an error code, reason, and
(optionally) the input which triggered the exception. A complete
list of known error codes is provided in the Zend Framework API
documentation under Zend_Gdata_Gapps_Error
. Additionally, the
authoritative error list is available online at Google
Apps Provisioning API V2.0 Reference: Appendix D.
While the complete list of errors received is available within
ServiceException as an array by calling getErrors()
,
often it is convenient to know if one specific error occurred. For
these cases the presence of an error can be determined by calling
hasError()
.
The following example demonstrates how to detect if a requested resource doesn't exist and handle the fault gracefully:
function retrieveUser ($username) { $query = $gdata->newUserQuery($username); try { $user = $gdata->getUserEntry($query); } catch (Zend_Gdata_Gapps_ServiceException $e) { // Set the user to null if not found if ($e->hasError(Zend_Gdata_Gapps_Error::ENTITY_DOES_NOT_EXIST)) { $user = null; } else { throw $e; } } return $user; }