1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class userManagement extends management
24 {
25 var $plHeadline = "Users";
26 var $plDescription = "Manage aspects of user accounts like generic, POSIX, samba and mail settings";
27 var $plIcon = "plugins/users/images/user.png";
29 var $sn = "";
30 var $givenName = "";
31 var $uid = "";
32 var $got_uid = "";
33 var $edit_uid = "";
35 var $pwd_change_queue = array();
36 var $force_hash_type = array();
38 // Tab definition
39 protected $tabClass = "usertabs";
40 protected $tabType = "USERTABS";
41 protected $aclCategory = "users";
42 protected $aclPlugin = "user";
43 protected $objectName = "user";
45 protected $proposal = "";
46 protected $proposalEnabled = FALSE;
47 protected $proposalSelected = FALSE;
49 protected $passwordChangeForceable = FALSE;
50 protected $enforcePasswordChange = FALSE;
52 function __construct($config,$ui)
53 {
54 $this->config = $config;
55 $this->ui = $ui;
57 $this->storagePoints = array(get_ou("core", "userRDN"));
59 // Build filter
60 if (session::global_is_set(get_class($this)."_filter")){
61 $filter= session::global_get(get_class($this)."_filter");
62 } else {
63 $filter = new filter(get_template_path("user-filter.xml", true));
64 $filter->setObjectStorage($this->storagePoints);
65 }
66 $this->setFilter($filter);
68 // Build headpage
69 $headpage = new listing(get_template_path("user-list.xml", true));
70 $headpage->registerElementFilter("lockLabel", "userManagement::filterLockLabel");
71 $headpage->registerElementFilter("lockImage", "userManagement::filterLockImage");
72 $headpage->registerElementFilter("filterProperties", "userManagement::filterProperties");
73 $headpage->setFilter($filter);
75 // Add copy&paste and snapshot handler.
76 if ($this->config->boolValueIsTrue("core", "copyPaste")){
77 $this->cpHandler = new CopyPasteHandler($this->config);
78 }
79 if($this->config->get_cfg_value("core","enableSnapshots") == "true"){
80 $this->snapHandler = new SnapshotHandler($this->config);
81 }
83 parent::__construct($config, $ui, "users", $headpage);
85 // Register special user actions
86 $this->registerAction("lock", "lockEntry");
87 $this->registerAction("lockUsers", "lockUsers");
88 $this->registerAction("unlockUsers", "lockUsers");
89 $this->registerAction("new_template", "newTemplate");
90 $this->registerAction("newfromtpl", "newUserFromTemplate");
91 $this->registerAction("templateContinue", "templateContinue");
92 $this->registerAction("templatize", "templatizeUsers");
93 $this->registerAction("templatizeContinue", "templatizeContinue");
95 $this->registerAction("password", "changePassword");
96 $this->registerAction("passwordQueue", "handlePasswordQueue");
97 $this->registerAction("passwordCancel", "closeDialogs");
99 $this->registerAction("sendMessage", "sendMessage");
100 $this->registerAction("saveEventDialog", "saveEventDialog");
101 $this->registerAction("abortEventDialog", "closeDialogs");
103 // Register shortcut icon actions
104 $this->registerAction("edit_user","editEntry");
105 $this->registerAction("edit_posixAccount","editEntry");
106 $this->registerAction("edit_mailAccount","editEntry");
107 $this->registerAction("edit_sambaAccount","editEntry");
108 $this->registerAction("edit_netatalk","editEntry");
109 $this->registerAction("edit_environment","editEntry");
110 $this->registerAction("edit_gofaxAccount","editEntry");
111 $this->registerAction("edit_phoneAccount","editEntry");
112 }
115 // Inject user actions
116 function detectPostActions()
117 {
118 $action = management::detectPostActions();
119 if(isset($_POST['template_continue'])) $action['action'] = "templateContinue";
120 if(isset($_POST['templatize_continue'])) $action['action'] = "templatizeContinue";
121 if(isset($_POST['save_event_dialog'])) $action['action'] = "saveEventDialog";
122 if(isset($_POST['abort_event_dialog'])) $action['action'] = "abortEventDialog";
123 if(isset($_POST['password_cancel'])){
124 $action['action'] = "passwordCancel";
125 }elseif((count($this->pwd_change_queue) || isset($_POST['password_finish']) || isset($_POST['refreshProposal']))){
126 $action['action'] = "passwordQueue";
127 }
128 if(isset($_POST['passwordQueue'])) $action['action'] = "passwordQueue";
129 return($action);
130 }
133 function editEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="")
134 {
135 $str = management::editEntry($action,$target);
136 if($str) return($str);
138 if(preg_match("/^edit_/",$action)){
139 $tab = preg_replace("/^edit_/","",$action);
140 if(isset($this->tabObject->by_object[$tab])){
141 $this->tabObject->current = $tab;
142 }else{
143 trigger_error("Unknown tab: ".$tab);
144 }
145 }
146 }
149 function closeDialogs()
150 {
151 management::closeDialogs();
152 $this->pwd_change_queue = array();
153 }
156 /*! \brief Sends a message to a set of users using gosa-si events.
157 */
158 function sendMessage($action="",$target=array(),$all=array())
159 {
160 if(class_available("DaemonEvent")){
161 $uids = array();
162 $ldap = $this->config->get_ldap_link();
163 $ldap->cd($this->config->current['BASE']);
164 foreach($target as $dn){
165 $ldap->cat($dn,array('uid'));
166 $attrs = $ldap->fetch();
167 if(isset($attrs['uid'][0])){
168 $uids[] = $attrs['uid'][0];
169 }
170 }
171 if(count($uids)){
172 $events = DaemonEvent::get_event_types(USER_EVENT);
173 $event = "DaemonEvent_notify";
174 if(isset($events['BY_CLASS'][$event])){
175 $type = $events['BY_CLASS'][$event];
176 $this->dialogObject = new $type['CLASS_NAME']($this->config);
177 $this->dialogObject->add_users($uids);
178 $this->dialogObject->set_type(SCHEDULED_EVENT);
179 }
180 }
181 }
182 }
185 /*! \brief Sends a message to a set of users using gosa-si events.
186 */
187 function saveEventDialog()
188 {
189 $this->dialogObject->save_object();
190 $msgs = $this->dialogObject->check();
191 if(count($msgs)){
192 msg_dialog::displayChecks($msgs);
193 }else{
194 $o_queue = new gosaSupportDaemon();
195 $o_queue->append($this->dialogObject);
196 if($o_queue->is_error()){
197 msg_dialog::display(_("Infrastructure error"), msgPool::siError($o_queue->get_error()),ERROR_DIALOG);
198 }
199 $this->closeDialogs();
200 }
201 }
204 /*! \brief Intiates template creation.
205 */
206 function newTemplate($action,$entry)
207 {
208 $this->newEntry();
209 $this->tabObject->set_template_mode ();
210 }
213 /*! \brief Queues a set of users for password changes
214 */
215 function changePassword($action="",$target=array(),$all=array())
216 {
217 $this->dn ="";
218 $this->pwd_change_queue = $target;
220 // Check permisions
221 $disallowed = array();
222 foreach($this->pwd_change_queue as $key => $dn){
223 if(!preg_match("/w/",$this->ui->get_permissions($dn,$this->aclCategory."/password"))){
224 unset($this->pwd_change_queue[$key]);
225 $disallowed[] = $dn;
226 }
227 }
228 if(count($disallowed)){
229 msg_dialog::display(_("Permission"),msgPool::permModify($disallowed),INFO_DIALOG);
230 }
232 // Now display change dialog.
233 return($this->handlePasswordQueue());
234 }
238 function refreshProposal()
239 {
240 $this->proposal = passwordMethod::getPasswordProposal($this->config);
241 $this->proposalEnabled = (!empty($this->proposal));
242 }
245 function handlePasswordQueue()
246 {
247 // skip if nothing is to do
248 if(empty($this->dn) && !count($this->pwd_change_queue)) return;
250 // Refresh proposal if requested
251 if(isset($_POST['refreshProposal'])) $this->refreshProposal();
252 if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
254 $this->enforcePasswordChange = isset($_POST['new_password']) && isset($_POST['enforcePasswordChange']);
256 $smarty = get_smarty();
257 $smarty->assign("proposal" , set_post($this->proposal));
258 $smarty->assign("proposalEnabled" , $this->proposalEnabled);
259 $smarty->assign("proposalSelected" , $this->proposalSelected);
261 $smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable);
262 $smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange);
264 // Get next entry from queue.
265 if(empty($this->dn) && count($this->pwd_change_queue)){
267 // Generate new proposal
268 $this->refreshProposal();
269 $this->proposalSelected = ($this->proposal != "");
270 $this->dn = array_pop($this->pwd_change_queue);
272 // Check if we are able to enforce a password change
273 $ldap = $this->config->get_ldap_link();
274 $ldap->cd($this->config->current['BASE']);
275 $ldap->cat($this->dn);
276 $attrs = $ldap->fetch();
277 $this->passwordChangeForceable =
278 in_array('sambaAccount', $attrs['objectClass']) ||
279 (in_array('posixAccount', $attrs['objectClass']) && isset($attrs['shadowMax']));
280 $smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable);
281 $smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange);
283 // Assign proposal variables
284 $smarty->assign("proposal" , set_post($this->proposal));
285 $smarty->assign("proposalEnabled" , $this->proposalEnabled);
286 $smarty->assign("proposalSelected" , $this->proposalSelected);
288 set_object_info($this->dn);
289 return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
290 }
292 // If we've just refreshed the proposal then do not check the password for validity.
293 if(!isset($_POST['password_finish']) && (isset($_POST['refreshProposal']) || isset($_POST['passwordQueue']))){
294 return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
295 }
297 // Check permissions
298 if(isset($_POST['password_finish'])){
300 $dn = $this->dn;
301 $acl = $this->ui->get_permissions($dn, "users/password");
302 $cacl= $this->ui->get_permissions($dn, "users/user");
303 if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){
305 // Get posted passwords
306 if($this->proposalSelected){
307 $new_password = $this->proposal;
308 $repeated_password = $this->proposal;
309 }else{
310 $new_password = get_post('new_password');
311 $repeated_password = get_post('repeated_password');
312 }
314 // Check posted passwords now.
315 $message= array();
316 if ($new_password != $repeated_password){
317 $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
318 } else {
319 if ($new_password == ""){
320 $message[] = msgPool::required(_("New password"));
321 }
322 }
324 // Display errors
325 if (count($message) != 0){
326 msg_dialog::displayChecks($message);
327 return($smarty->fetch(get_template_path('password.tpl', TRUE)));
328 }
330 // Change cassword
331 if(isset($this->force_hash_type[$this->dn])){
332 if(!change_password ($this->dn, $new_password,0,$this->force_hash_type[$this->dn])){
333 return($smarty->fetch(get_template_path('password.tpl', TRUE)));
334 }
335 }else{
336 if(!change_password ($this->dn, $new_password)){
337 return($smarty->fetch(get_template_path('password.tpl', TRUE)));
338 }
339 }
340 if ($this->config->get_cfg_value("core","passwordHook") != ""){
341 $ldap = $this->config->get_ldap_link();
342 $ldap->cd($this->config->current['BASE']);
343 $ldap->cat($this->dn,array('uid'));
344 $attrs = $ldap->fetch();
345 exec($this->config->get_cfg_value("core","passwordHook")." ".$attrs['uid'][0]." ".$new_password, $resarr);
346 }
348 // The user has to change his password on next login
349 // - We are going to update samba and posix attributes here, to enforce
350 // such a password change.
351 if($this->passwordChangeForceable && $this->enforcePasswordChange){
353 // Check if we are able to enforce a password change
354 $ldap = $this->config->get_ldap_link();
355 $ldap->cd($this->config->current['BASE']);
356 $ldap->cat($this->dn);
357 $attrs = $ldap->fetch();
358 $samba = in_array('sambaSamAccount', $attrs['objectClass']);
359 $posix = in_array('posixAccount', $attrs['objectClass']);
361 // Update the posix shadow flag...
362 if($posix){
364 $current= floor(date("U") /60 /60 /24);
365 $enforceDate = $current - $attrs['shadowMax'][0];
366 $new_attrs = array();
367 $new_attrs['shadowLastChange'] = $enforceDate;
368 $ldap->cd($this->dn);
369 $ldap->modify($new_attrs);
371 # $posixAccount = new posixAccount($this->config, $this->dn);
372 # $posixAccount->is_modified=TRUE;
373 # $posixAccount->activate_shadowExpire=1;
374 # $posixAccount->shadowExpire = date('d.m.Y', time() - (1 * 24 * 60 *60));
375 # $posixAccount->save();
376 }
378 // Update the samba kickoff flag...
379 if($samba){
380 $sambaAccount = new sambaAccount($this->config, $this->dn);
381 $sambaAccount->is_modified=TRUE;
382 $sambaAccount->flag_enforcePasswordChange = TRUE;
383 $sambaAccount->flag_cannotChangePassword = FALSE;
384 $sambaAccount->save();
385 }
386 }
388 new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed");
389 $this->dn ="";
391 } else {
392 msg_dialog::display(_("Password change"),
393 _("You have no permission to change this users password!"),
394 WARNING_DIALOG);
395 }
396 }
398 // Cleanup
399 if(!count($this->pwd_change_queue) && $this->dn=""){
400 $this->remove_lock();
401 $this->closeDialogs();
402 }else{
403 return($this->handlePasswordQueue());
404 }
405 }
408 /*! \brief Save user modifications.
409 * Whenever we save a 'new' user, request a password change for him.
410 */
411 function saveChanges()
412 {
413 $str = management::saveChanges();
415 if(!empty($str)) return($str);
417 if($this->last_tabObject instanceOf multi_plug){
418 foreach($this->last_tabObject->a_handles as $user){
419 if($user->password_change_needed()){
420 $this->force_hash_type[$user->dn] = $user->by_object['user']->pw_storage;
421 $this->pwd_change_queue[] = $user->dn;
422 }
423 }
424 return($this->handlePasswordQueue());
425 }
427 if(isset($this->last_tabObject->by_object['user']) && $this->last_tabObject->by_object['user']->password_change_needed()){
428 $this->force_hash_type[$this->last_tabObject->dn] = $this->last_tabObject->by_object['user']->pw_storage;
429 $this->pwd_change_queue[] = $this->last_tabObject->dn;
430 return($this->handlePasswordQueue());
431 }
432 }
434 function cancelEdit()
435 {
436 $str = management::cancelEdit();
437 if(!empty($str)) return($str);
439 if(isset($this->last_tabObject->by_object['user']) &&
440 $this->last_tabObject->by_object['user']->dn != "new" &&
441 $this->last_tabObject->by_object['user']->password_change_needed()){
442 $this->force_hash_type[$this->last_tabObject->dn] = $this->last_tabObject->by_object['user']->pw_storage;
443 $this->pwd_change_queue[] = $this->last_tabObject->dn;
444 return($this->handlePasswordQueue());
445 }
446 }
449 /*! \brief Intiates user creation.
450 * If we've user templates, then the user will be asked to use to use one.
451 * -> See 'templateContinue' for further handling.
452 */
453 function newUserFromTemplate($action="",$target=array(),$all=array())
454 {
455 // Call parent method, it knows whats to do, locking and so on ...
456 $str = management::newEntry($action,$target,$all);
457 if(!empty($str)) return($str);
459 // Reset uid selection.
460 $this->got_uid= "";
462 // Use template if there are any of them
463 $templates = array();
464 $templates['none']= _("none");
465 $templates = array_merge($templates,$this->get_templates());
467 // We've templates, so preset the current template and display the input dialog.
468 if (count($templates)){
469 $smarty = get_smarty();
470 foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
471 $smarty->assign("$attr", "");
472 }
473 $smarty->assign("template", array_pop($target));
474 $smarty->assign("templates", $templates);
475 $smarty->assign("edit_uid", "");
476 return($smarty->fetch(get_template_path('template.tpl', TRUE)));
478 // -> See 'templateContinue' for further handling!
479 }
480 }
484 /*! \brief Intiates user creation.
485 * If we've user templates, then the user will be asked
486 * if he wants to use one.
487 * -> See 'templateContinue' for further handling.
488 */
489 function newEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="")
490 {
492 // Call parent method, it manages everything, locking, object creation...
493 $str = management::newEntry($action,$target,$all);
494 if(!empty($str)) return($str);
496 // If we've at least one template, then ask the user if he wants to use one?
497 $templates = array();
498 $templates['none']= _("none");
499 $templates = array_merge($templates,$this->get_templates());
501 // Display template selection
502 if (count($templates) > 1){
503 $smarty = get_smarty();
505 // Set default variables, normally empty.
506 foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
507 $smarty->assign($attr, "");
508 }
509 $smarty->assign("template", "none");
510 $smarty->assign("templates", $templates);
511 $smarty->assign("edit_uid", "");
512 return($smarty->fetch(get_template_path('template.tpl', TRUE)));
514 // -> See 'templateContinue' for further handling!
515 }
516 }
519 /* !\brief This method is called whenever a template selection was displayed.
520 * Here we act on the use selection.
521 * - Does the user want to create a user from template?
522 * - Create user without template?
523 * - Input correct, every value given and valid?
524 */
525 function templateContinue()
526 {
527 // Get the list of available templates.
528 $templates = array();
529 $templates['none']= _("none");
530 $templates = array_merge($templates,$this->get_templates());
532 // Input validation, if someone wants to create a user from a template
533 // then validate the given values.
534 $message = array();
535 if(!isset($_POST['template']) || (empty($_POST['template']))){
536 $message[]= msgPool::invalid(_("Template"));
537 }
538 if(!isset($_POST['sn']) || (empty($_POST['sn']))){
539 $message[]= msgPool::required(_("Name"));
540 }
541 if(!isset($_POST['givenName']) || (empty($_POST['givenName']))){
542 $message[]= msgPool::required(_("Given name"));
543 }
545 /********************
546 * 1 We've had input errors - Display errors and show input dialog again.
547 ********************/
549 if (count($message) > 0){
550 msg_dialog::displayChecks($message);
552 // Preset input fields with user input.
553 $smarty = get_smarty();
554 foreach(array("sn", "givenName", "uid", "template") as $attr){
555 if(isset($_POST[$attr])){
556 $smarty->assign("$attr", set_post(get_post($attr)));
557 }else{
558 $smarty->assign("$attr", "");
559 }
560 }
562 $smarty->assign("templates",$templates);
563 $smarty->assign("got_uid", $this->got_uid);
564 $smarty->assign("edit_uid",false);
565 return($smarty->fetch(get_template_path('template.tpl', TRUE)));
566 }
568 /********************
569 * 2 There was a template selected, now ask for the uid.
570 ********************/
572 if ($_POST['template'] != 'none' && !isset($_POST['uid'])){
574 // Remember user input.
575 $smarty = get_smarty();
576 $this->sn = get_post('sn');
577 $this->givenName = get_post('givenName');
579 // Avoid duplicate entries, check if such a user already exists.
580 $dn= preg_replace("/^[^,]+,/i", "", get_post('template'));
581 $ldap= $this->config->get_ldap_link();
582 $ldap->cd ($dn);
583 $ldap->search ("(&(sn=".normalizeLdap($this->sn).")(givenName=".normalizeLdap($this->givenName)."))", array("givenName"));
585 if ($ldap->count () != 0){
586 msg_dialog::displayChecks(array(msgPool::duplicated(_("Name"))));
587 }else{
589 // Preset uid field by using the idGenerator
590 $attributes= array('sn' => $this->sn, 'givenName' => $this->givenName);
591 if ($this->config->get_cfg_value("core","idGenerator") != ""){
592 $uids= gen_uids ($this->config->get_cfg_value("core","idGenerator"), $attributes);
593 if (count($uids)){
594 $smarty->assign("edit_uid", "false");
595 $smarty->assign("uids", $uids);
596 $this->uid= current($uids);
597 }
598 } else {
599 $smarty->assign("edit_uid", "");
600 $this->uid= "";
601 }
602 $this->got_uid= true;
603 }
605 // Assign user input
606 foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
607 $smarty->assign("$attr", set_post($this->$attr));
608 }
609 if (isset($_POST['template'])){
610 $smarty->assign("template", get_post('template'));
611 }
612 $smarty->assign("templates",$templates);
613 return($smarty->fetch(get_template_path('template.tpl', TRUE)));
614 }
617 /********************
618 * 3 No template - Ok. Lets fill the data into the user object and skip templating here.
619 ********************/
620 if (get_post('template') == 'none'){
621 foreach(array("sn", "givenName", "uid") as $attr){
622 if (isset($_POST[$attr])){
623 $this->tabObject->by_object['user']->$attr= get_post($attr);
624 }
625 }
627 // The user Tab object is already instantiated, so just go back and let the
628 // management class do the rest.
629 return("");
630 }
633 /********************
634 * 4 Template selected and uid given - Ok, then lets adapt tempalte values.
635 ********************/
636 if(isset($_POST['uid'])){
638 // Move user supplied data to sub plugins
639 foreach(array("uid","sn","givenName") as $attr){
640 $this->$attr = get_post($attr);
641 $this->tabObject->$attr = $this->$attr;
642 $this->tabObject->by_object['user']->$attr = $this->$attr;
643 }
645 // Adapt template values.
646 $template_dn = get_post('template');
647 $this->tabObject->adapt_from_template($template_dn, array("uid","cn","givenName","sn"));
648 $template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/i')."/", '', $template_dn);
649 $this->tabObject->by_object['user']->base= $template_base;
651 // The user Tab object is already instantiated, so just go back and let the
652 // management class do the rest.
653 return("");
654 }
655 }
658 /* !\brief This method applies a template to a set of users.
659 */
660 function templatizeUsers($action="",$target=array(),$all=array())
661 {
662 $this->dns = array();
663 if(count($target)){
665 // Get the list of available templates.
666 $templates = $this->get_templates();
668 // Check entry locking
669 foreach($target as $dn){
670 if (($user= get_lock($dn)) != ""){
671 $this->dn = $dn;
672 return(gen_locked_message ($user, $dn));
673 }
674 $this->dns[] = $dn;
675 }
677 // Display template
678 $smarty = get_smarty();
679 $smarty->assign("templates", $templates);
680 return($smarty->fetch(get_template_path('templatize.tpl', TRUE)));
681 }
682 }
685 /* !\brief This method is called whenever the templatize dialog was used.
686 */
687 function templatizeContinue()
688 {
689 // Template readable?
690 $template= get_post('template');
691 $acl = $this->ui->get_permissions($template, $this->aclCategory."/".$this->aclPlugin);
692 if (preg_match('/r/', $acl)){
693 $tab = $this->tabClass;
694 foreach ($this->dns as $dn){
696 // User writeable
697 $acl = $this->ui->get_permissions($dn, $this->aclCategory."/".$this->aclPlugin);
698 if (preg_match('/w/', $acl)){
699 $this->tabObject= new $tab($this->config, $this->config->data['TABS'][$this->tabType], $dn, $this->aclCategory);
700 $this->tabObject->adapt_from_template($template, array("sn", "givenName", "uid"));
701 $this->tabObject->save();
702 } else {
703 msg_dialog::display(_("Permission error"), msgPool::permModify($dn), ERROR_DIALOG);
704 }
705 }
706 } else {
707 msg_dialog::display(_("Permission error"), msgPool::permView($template), ERROR_DIALOG);
708 }
710 // Cleanup!
711 $this->remove_lock();
712 $this->closeDialogs();
713 }
716 /* !\brief Lock/unlock multiple users.
717 */
718 function lockUsers($action,$target,$all)
719 {
720 if(!count($target)) return;
721 if($action == "lockUsers"){
722 $this->lockEntry($action,$target, $all, "lock");
723 }else{
724 $this->lockEntry($action,$target, $all, "unlock");
725 }
726 }
729 /* !\brief Locks/unlocks the given user(s).
730 */
731 function lockEntry($action,$entry, $all, $type = "toggle")
732 {
734 // Filter out entries we are not allowed to modify
735 $disallowed = array();
736 $dns = array();
737 foreach($entry as $dn){
738 if (!preg_match("/w/",$this->ui->get_permissions($dn,"users/password"))){
739 $disallowed[] = $dn;
740 }else{
741 $allowed[] = $dn;
742 }
743 }
744 if(count($disallowed)){
745 msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
746 }
748 // Try to lock/unlock the rest of the entries.
749 $ldap = $this->config->get_ldap_link();
750 foreach($allowed as $dn){
751 $ldap->cat($dn, array('userPassword'));
752 if($ldap->count() == 1){
754 // We can't lock empty passwords.
755 $val = $ldap->fetch();
756 if(!isset($val['userPassword'])){
757 continue;
758 }
760 // Detect the password method and try to lock/unlock.
761 $pwd = $val['userPassword'][0];
762 $method = passwordMethod::get_method($pwd,$val['dn']);
763 $success= true;
764 if($method instanceOf passwordMethod){
765 if($type == "toggle"){
766 if($method->is_locked($this->config,$val['dn'])){
767 $success= $method->unlock_account($this->config,$val['dn']);
768 }else{
769 $success= $method->lock_account($this->config,$val['dn']);
770 }
771 }elseif($type == "lock" && !$method->is_locked($this->config,$val['dn'])){
772 $success= $method->lock_account($this->config,$val['dn']);
773 }elseif($type == "unlock" && $method->is_locked($this->config,$val['dn'])){
774 $success= $method->unlock_account($this->config,$val['dn']);
775 }
777 // Check if everything went fine.
778 if (!$success){
779 $hn= $method->get_hash_name();
780 if (is_array($hn)){
781 $hn= $hn[0];
782 }
783 msg_dialog::display(_("Account locking"),
784 sprintf(_("Password method '%s' does not support locking. Account (%s) has not been locked!"),
785 $hn,$dn),WARNING_DIALOG);
786 }
787 }else{
788 // Can't lock unknown methods.
789 }
790 }
791 }
792 }
795 /* !\brief This method returns a list of all available templates.
796 */
797 function get_templates()
798 {
799 $templates= array();
800 $ldap= $this->config->get_ldap_link();
801 foreach ($this->config->departments as $key => $value){
802 $acl = $this->ui->get_permissions($value,$this->aclCategory."/".$this->aclPlugin);
803 if (preg_match("/c/",$acl)){
805 // Search all templates from the current dn.
806 $ldap->cd (get_people_ou().$value);
807 $ldap->search ("(objectClass=gosaUserTemplate)", array("uid"));
808 if ($ldap->count() != 0){
809 while ($attrs= $ldap->fetch()){
810 $templates[$ldap->getDN()]= $attrs['uid'][0]." - ".LDAP::fix($key);
811 }
812 }
813 }
814 }
815 natcasesort ($templates);
816 reset ($templates);
817 return($templates);
818 }
821 function copyPasteHandler($action="",$target=array(),$all=array(),
822 $altTabClass ="", $altTabType = "", $altAclCategory="",$altAclPlugin="")
823 {
824 if ($this->config->boolValueIsTrue("core", "copyPaste")){
825 $this->cpHandler->lastdn = "";
826 $str = management::copyPasteHandler($action,$target,$all);
827 if($this->cpHandler->lastdn != "" && isset($_POST['passwordTodo']) && $_POST['passwordTodo'] == "new"){
828 $this->pwd_change_queue[] = $this->cpHandler->lastdn;
829 return($this->handlePasswordQueue());
830 }
831 return($str);
832 }
834 return "";
835 }
838 static function filterLockImage($userPassword)
839 {
840 $image= "images/empty.png";
841 if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
842 if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
843 $image= "images/lists/locked.png";
844 }else{
845 $image= "images/lists/unlocked.png";
846 }
847 }
848 return $image;
849 }
852 static function filterLockLabel($userPassword)
853 {
854 $label= "";
855 if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
856 if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
857 $label= _("Unlock account")."<rowClass:entry-locked/><rowLabel:locked/>";
858 }else{
859 $label= _("Lock account");
860 }
861 }
862 return $label;
863 }
866 static function filterProperties($row, $classes)
867 {
868 $result= "";
869 $map= array( "gosaAccount" => array( "image" => "plugins/users/images/select_user.png",
870 "plugin" => "user",
871 "alt" => _("Generic"),
872 "title" => _("Edit generic properties")),
873 "posixAccount" => array("image" => "images/penguin.png",
874 "plugin" => "posixAccount",
875 "alt" => _("POSIX"),
876 "title" => _("Edit POSIX properties")),
877 "gosaMailAccount" => array("image" => "images/mailto.png",
878 "alt" => _("Mail"),
879 "plugin" => "mailAccount",
880 "title" => _("Edit mail properties")),
881 "sambaSamAccount" => array("image" => "plugins/systems/images/select_winstation.png",
882 "plugin" => "sambaAccount",
883 "alt" => _("Samba"),
884 "title" => _("Edit samba properties")),
885 "apple-user" => array("image" => "plugins/netatalk/images/select_netatalk.png",
886 "plugin" => "netatalk",
887 "alt" => _("Netatalk"),
888 "title" => _("Edit netatalk properties")),
889 "gotoEnvironment" => array("image" => "plugins/users/images/small_environment.png",
890 "plugin" => "environment",
891 "alt" => _("Environment"),
892 "title" => _("Edit environment properties")),
893 "goFaxAccount" => array("image" => "plugins/users/images/fax_small.png",
894 "plugin" => "gofaxAccount",
895 "alt" => _("FAX"),
896 "title" => _("Edit FAX properties")),
897 "goFonAccount" => array("image" => "plugins/gofon/images/select_phone.png",
898 "plugin" => "phoneAccount",
899 "alt" => _("Phone"),
900 "title" => _("Edit phone properties")));
902 // Walk thru map
903 foreach ($map as $oc => $properties) {
904 if (in_array_ics($oc, $classes)) {
905 $result.= image($properties['image'], "listing_edit_".$properties['plugin']."_$row", $properties['title']);
906 } else {
907 $result.= image('images/empty.png');
908 }
909 }
910 return $result;
911 }
913 }
914 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
915 ?>