b819f8195ac66047e3e5be97c29c2b1776148d5d
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_roleManagement.inc 13520 2009-03-09 14:54:13Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class roleManagement extends plugin
24 {
25 /* Definitions */
26 var $plHeadline= "Roles";
27 var $plDescription= "Manage roles";
29 // Copy and paste handler
30 var $CopyPasteHandler = NULL;
32 // The headpage list handler.
33 var $DivListRoles = NULL;
35 // A list of currently visible roles
36 var $roles = array();
38 // A list of currently edited/removed/aso roles.
39 var $dns = array();
41 // Permission modules to use.
42 var $acl_module = array("roles");
44 // Internal: Is truw while objects are pasted.
45 var $start_pasting_copied_objects = FALSE;
48 // Construct and initialize the plugin
49 function __construct (&$config, $dn= NULL)
50 {
51 // Include config object
52 $this->config= &$config;
53 $this->ui= get_userinfo();
55 // Copy & Paste enabled ?
56 if ($this->config->get_cfg_value("copyPaste") == "true"){
57 $this->CopyPasteHandler = new CopyPasteHandler($this->config);
58 }
60 // Initialize the corresponding list class.
61 $this->DivListRoles = new divListRole($this->config,$this);
62 }
65 function execute()
66 {
67 // Call parent execute
68 plugin::execute();
70 // Variables to restore after 'entry locked' warning was displayed
71 session::set('LOCK_VARS_TO_USE',array('/^role_/','/^act/','/^id/','/^menu_action/','/^item/'));
73 $smarty = get_smarty();
75 /***************
76 * Handle _POST/_GET variables
77 ***************/
79 // Get entry related posts
80 $s_action = "";
81 $s_entry = "";
82 foreach($_POST as $name => $value){
83 if(preg_match("/^role_edit_/",$name)){
84 $s_action = "edit";
85 $s_entry = preg_replace("/^role_edit_([0-9]*)_.*$/","\\1",$name);
86 break;
87 }
88 if(preg_match("/^role_del_/",$name)){
89 $s_action = "remove";
90 $s_entry = preg_replace("/^role_del_([0-9]*)_.*$/","\\1",$name);
91 break;
92 }
93 }
94 if(isset($_GET['act']) && $_GET['act'] == "edit_entry" && isset($_GET['id'])){
95 $id = $_GET['id'];
96 if(isset($this->roles[$id])){
97 $s_action = "edit";
98 $s_entry = $id;
99 }
100 }
102 // Get menu related posts
103 if(isset($_POST['menu_action'])) {
104 if($_POST['menu_action'] == "role_new"){
105 $s_action = "new";
106 }elseif($_POST['menu_action'] == "remove_multiple_roles"){
107 $s_action = "remove_multiple";
108 }
109 }
111 /***************
112 * Remove handling
113 ***************/
115 if($s_action == "remove_multiple" || $s_action == "remove"){
117 if($s_action == "remove_multiple"){
118 $ids = $this->list_get_selected_items();
119 }else{
120 $ids = array($s_entry);
121 }
123 if(count($ids)){
124 $this->dns = array();
125 $disallowed = array();
126 foreach($ids as $id){
127 $dn = $this->roles[$id]['dn'];
128 $acl = $this->ui->get_permissions($dn, "roles/roleGeneric");
129 if(preg_match("/d/",$acl)){
130 $this->dns[$id] = $dn;
131 }else{
132 $disallowed[] = $dn;
133 }
134 }
136 if(count($disallowed)){
137 msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
138 }
141 if(count($this->dns)){
142 if ($user= get_multiple_locks($this->dns)){
143 return(gen_locked_message($user,$this->dns));
144 }
145 $dns_names = array();
146 foreach($this->dns as $dn){
147 $dns_names[] = LDAP::fix($dn);
148 }
150 /* Lock the current entry, so nobody will edit it during deletion */
151 add_lock ($this->dns, $this->ui->dn);
153 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("role")));
154 $smarty->assign("multiple", true);
155 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
156 }
157 }
158 }
161 /* Remove lock */
162 if(isset($_POST['delete_multiple_roles_cancel'])){
164 /* Remove lock file after successfull deletion */
165 $this->remove_lock();
166 $this->dns = array();
167 }
170 /* Confirmation for deletion has been passed. Users should be deleted. */
171 if (isset($_POST['delete_multiple_roles_confirm'])){
173 /* Remove user by user and check acls before removeing them */
174 foreach($this->dns as $key => $dn){
176 $acl = $this->ui->get_permissions($dn, "roles/roleGeneric");
177 if (preg_match('/d/', $acl)){
179 /* Delete request is permitted, perform LDAP action */
180 $this->dialog= new roletabs($this->config,$this->config->data['TABS']['ROLETABS'], $dn);
181 $this->dialog->delete();
182 $this->dialog= NULL;
183 } else {
185 /* Normally this shouldn't be reached, send some extra
186 logs to notify the administrator */
187 msg_dialog::display(_("Permission error"), msgPool::permDelete(), INFO_DIALOG);
188 new log("security","roles/".get_class($this),$dn,array(),"Tried to trick deletion.");
189 }
190 }
192 /* Remove lock file after successfull deletion */
193 $this->remove_lock();
194 $this->dns = array();
195 }
198 /***************
199 * New handling
200 ***************/
202 if($s_action == "new" && !$this->dialog instanceOf tabs){
203 $this->dialog = new roletabs($this->config, $this->config->data['TABS']['ROLETABS'], "new");
204 $this->dialog->set_acl_base($this->DivListRoles->selectedBase);
205 }
207 /***************
208 * Edit handling
209 ***************/
211 if($s_action == "edit" && !$this->dialog instanceOf tabs){
212 if(!isset($this->roles[$s_entry])){
213 trigger_error("Unknown entry!");
214 }else{
216 $entry = $this->roles[$s_entry];
217 $this->dn = $entry['dn'];
219 /* Check locking, save current plugin in 'back_plugin', so
220 the dialog knows where to return. */
221 if (($user= get_lock($this->dn)) != ""){
222 return(gen_locked_message ($user, $this->dn,TRUE));
223 }
225 /* Lock the current entry, so everyone will get the above dialog */
226 add_lock ($this->dn, $this->ui->dn);
228 /* Open the dialog */
229 $this->dialog = new roletabs($this->config, $this->config->data['TABS']['ROLETABS'],
230 $entry['dn'], "roles");
231 $this->dialog->set_acl_base($this->dn);
232 set_object_info($this->dn);
233 }
234 }
237 /***************
238 * Dialog handling
239 ***************/
241 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && $this->dialog instanceOf tabs){
242 $this->dialog->save_object();
243 $msgs = $this->dialog->check();
244 if(count($msgs)){
245 msg_dialog::displayChecks($msgs);
246 }else{
247 $this->dialog->save();
248 if (!isset($_POST['edit_apply'])){
249 $this->remove_lock();
250 $this->dialog= NULL;
251 set_object_info();
252 }else{
253 $this->dialog->re_init();
254 }
255 }
256 }
258 if (isset($_POST['edit_cancel']) && $this->dialog instanceOf tabs){
259 $this->remove_lock();
260 $this->dialog= NULL;
261 set_object_info();
262 }
264 if($this->dialog instanceOf tabs){
265 $display= $this->dialog->execute();
267 $dialog_opened = ($this->dialog->by_object[$this->dialog->current]->dialog instanceOf plugin);
269 if(!$dialog_opened){
270 if($this->dialog->read_only == TRUE){
271 $display.= "<p style=\"text-align:right\">
272 <input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">
273 </p>";
274 }else{
276 $display.= "<p style=\"text-align:right\">\n";
277 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\"
278 value=\"".msgPool::okButton(). "\">\n";
279 $display.= " \n";
280 if ($this->dn != "new"){
281 $display.= "<input type=submit name=\"edit_apply\"
282 value=\"".msgPool::applyButton()."\">\n";
283 $display.= " \n";
284 }
285 $display.= "<input type=submit name=\"edit_cancel\"
286 value=\"".msgPool::cancelButton()."\">\n";
287 $display.= "</p>";
288 }
289 }
290 return ($display);
291 }
294 /***************
295 * List handling
296 ***************/
298 // Check if there is a snapshot dialog open
299 $base = $this->DivListRoles->selectedBase;
300 if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases(),$this)){
301 return($str);
302 }
304 // Display dialog with group list
305 $this->DivListRoles->parent = $this;
306 $this->DivListRoles->execute();
308 // Add departments if subsearch is disabled
309 if(!$this->DivListRoles->SubSearch){
310 $this->DivListRoles->AddDepartments($this->DivListRoles->selectedBase,3,1);
311 }
312 $this->reload ();
313 $this->DivListRoles->setEntries($this->roles);
314 return($this->DivListRoles->Draw());
315 }
318 // Refreshes the list of known role objects.
319 function reload()
320 {
322 // Get current ldap base and filter settings.
323 $base = $this->DivListRoles->selectedBase;
324 $Regex = $this->DivListRoles->Regex;
326 // Search and fetch all matching role objects.
327 $this->roles = array();
328 $ldap = $this->config->get_ldap_link();
329 $filter= "(&(objectClass=organizationalRole)(cn=$Regex))";
330 $attrs = array("cn","description","objectClass");
332 if($this->DivListRoles->SubSearch){
333 $res= get_sub_list($filter, "roles",array(), $base, $attrs, GL_SIZELIMIT | GL_SUBSEARCH);
334 }else{
335 $res= get_sub_list($filter, "roles",get_ou('roleRDN'), get_ou('roleRDN').$base, $attrs, GL_SIZELIMIT );
336 }
338 $tmp = array();
339 foreach($res as $attrs){
340 $tmp[$attrs['cn'][0].$attrs['dn']] = $attrs;
341 }
343 uksort($tmp, 'strnatcasecmp');
344 $this->roles = array_values($tmp);
345 }
348 /* \brief Returns a list of selected entry ids.
349 * E.g. remove multiple entries.
350 * @return Array A list of entry IDs
351 */
352 function list_get_selected_items()
353 {
354 $ids = array();
355 foreach($_POST as $name => $value){
356 if(preg_match("/^item_selected_[0-9]*$/",$name)){
357 $id = preg_replace("/^item_selected_/","",$name);
358 $ids[$id] = $id;
359 }
360 }
361 return($ids);
362 }
365 function remove_lock()
366 {
367 if (isset($this->dialog->dn)){
368 del_lock ($this->dialog->dn);
369 }elseif(isset($this->dn) && !empty($this->dn) && $this->dn != "new"){
370 del_lock($this->dn);
371 }
372 if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
373 del_lock($this->dns);
374 }
375 }
378 /* Return departments, that will be included within snapshot detection
379 */
380 function get_used_snapshot_bases()
381 {
382 return(array(get_ou('roleRDN').$this->DivListRoles->selectedBase));
383 }
386 function save_object()
387 {
388 $this->DivListRoles->save_object();
389 if(is_object($this->CopyPasteHandler)){
390 $this->CopyPasteHandler->save_object();
391 }
392 }
393 }
395 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
396 ?>