1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id: class_roleManagement.inc 13520 2009-03-09 14:54:13Z hickert $$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class roleManagement extends plugin
24 {
25 /* Definitions */
26 var $plHeadline= "Roles";
27 var $plDescription= "Manage roles";
29 // Copy and paste handler
30 var $CopyPasteHandler = NULL;
32 // The headpage list handler.
33 var $DivListRoles = NULL;
35 // A list of currently visible roles
36 var $roles = array();
38 // A list of currently edited/removed/aso roles.
39 var $dns = array();
41 // Permission modules to use.
42 var $acl_module = array("roles");
44 // Internal: Is truw while objects are pasted.
45 var $start_pasting_copied_objects = FALSE;
48 // Construct and initialize the plugin
49 function __construct (&$config, $dn= NULL)
50 {
51 // Include config object
52 $this->config= &$config;
53 $this->ui= get_userinfo();
55 // Copy & Paste enabled ?
56 if ($this->config->get_cfg_value("copyPaste") == "true"){
57 $this->CopyPasteHandler = new CopyPasteHandler($this->config);
58 }
60 // Initialize the corresponding list class.
61 $this->DivListRoles = new divListRole($this->config,$this);
62 }
65 function execute()
66 {
67 // Call parent execute
68 plugin::execute();
70 // Variables to restore after 'entry locked' warning was displayed
71 session::set('LOCK_VARS_TO_USE',array('/^copy/','/^cut/','/^role_/','/^act/',
72 '/^id/','/^menu_action/','/^item/'));
74 $smarty = get_smarty();
76 /***************
77 * Handle _POST/_GET variables
78 ***************/
80 // Get entry related posts
81 $s_action = "";
82 $s_entry = "";
83 foreach($_POST as $name => $value){
84 if(preg_match("/^cut_/",$name)){
85 $s_action = "cut";
86 $s_entry = preg_replace("/^cut_([0-9]*)_.*$/","\\1",$name);
87 break;
88 }
89 if(preg_match("/^copy_/",$name)){
90 $s_action = "copy";
91 $s_entry = preg_replace("/^copy_([0-9]*)_.*$/","\\1",$name);
92 break;
93 }
94 if(preg_match("/^role_edit_/",$name)){
95 $s_action = "edit";
96 $s_entry = preg_replace("/^role_edit_([0-9]*)_.*$/","\\1",$name);
97 break;
98 }
99 if(preg_match("/^role_del_/",$name)){
100 $s_action = "remove";
101 $s_entry = preg_replace("/^role_del_([0-9]*)_.*$/","\\1",$name);
102 break;
103 }
104 }
106 if(isset($_GET['act']) && $_GET['act'] == "edit_entry" && isset($_GET['id'])){
107 $id = $_GET['id'];
108 if(isset($this->roles[$id])){
109 $s_action = "edit";
110 $s_entry = $id;
111 }
112 }
114 // Get menu related posts
115 if(isset($_POST['menu_action'])) {
116 if($_POST['menu_action'] == "editPaste"){
117 $s_action = "editPaste";
118 }elseif($_POST['menu_action'] == "role_new"){
119 $s_action = "new";
120 }elseif($_POST['menu_action'] == "remove_multiple_roles"){
121 $s_action = "remove_multiple";
122 }
123 }
125 /***************
126 * Copy & Paste handling
127 ***************/
129 /* Display the copy & paste dialog, if it is currently open */
130 $ret = $this->copyPasteHandling_from_queue($s_action,$s_entry);
131 if($ret){
132 return($ret);
133 }
136 /***************
137 * Remove handling
138 ***************/
140 if($s_action == "remove_multiple" || $s_action == "remove"){
142 if($s_action == "remove_multiple"){
143 $ids = $this->list_get_selected_items();
144 }else{
145 $ids = array($s_entry);
146 }
148 if(count($ids)){
149 $this->dns = array();
150 $disallowed = array();
151 foreach($ids as $id){
152 $dn = $this->roles[$id]['dn'];
153 $acl = $this->ui->get_permissions($dn, "roles/roleGeneric");
154 if(preg_match("/d/",$acl)){
155 $this->dns[$id] = $dn;
156 }else{
157 $disallowed[] = $dn;
158 }
159 }
161 if(count($disallowed)){
162 msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
163 }
166 if(count($this->dns)){
167 if ($user= get_multiple_locks($this->dns)){
168 return(gen_locked_message($user,$this->dns));
169 }
170 $dns_names = array();
171 foreach($this->dns as $dn){
172 $dns_names[] = LDAP::fix($dn);
173 }
175 /* Lock the current entry, so nobody will edit it during deletion */
176 add_lock ($this->dns, $this->ui->dn);
178 $smarty->assign("info", msgPool::deleteInfo($dns_names,_("Role")));
179 $smarty->assign("multiple", true);
180 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
181 }
182 }
183 }
186 /* Remove lock */
187 if(isset($_POST['delete_multiple_roles_cancel'])){
189 /* Remove lock file after successfull deletion */
190 $this->remove_lock();
191 $this->dns = array();
192 }
195 /* Confirmation for deletion has been passed. Users should be deleted. */
196 if (isset($_POST['delete_multiple_roles_confirm'])){
198 /* Remove user by user and check acls before removeing them */
199 foreach($this->dns as $key => $dn){
201 $acl = $this->ui->get_permissions($dn, "roles/roleGeneric");
202 if (preg_match('/d/', $acl)){
204 /* Delete request is permitted, perform LDAP action */
205 $this->dialog= new roletabs($this->config,$this->config->data['TABS']['ROLETABS'], $dn);
206 $this->dialog->delete();
207 $this->dialog= NULL;
208 } else {
210 /* Normally this shouldn't be reached, send some extra
211 logs to notify the administrator */
212 msg_dialog::display(_("Permission error"), msgPool::permDelete(), INFO_DIALOG);
213 new log("security","roles/".get_class($this),$dn,array(),"Tried to trick deletion.");
214 }
215 }
217 /* Remove lock file after successfull deletion */
218 $this->remove_lock();
219 $this->dns = array();
220 }
223 /***************
224 * New handling
225 ***************/
227 if($s_action == "new" && !$this->dialog instanceOf tabs){
228 $this->dialog = new roletabs($this->config, $this->config->data['TABS']['ROLETABS'], "new");
229 $this->dialog->set_acl_base($this->DivListRoles->selectedBase);
230 }
232 /***************
233 * Edit handling
234 ***************/
236 if($s_action == "edit" && !$this->dialog instanceOf tabs){
237 if(!isset($this->roles[$s_entry])){
238 trigger_error("Unknown entry!");
239 }else{
241 $entry = $this->roles[$s_entry];
242 $this->dn = $entry['dn'];
244 /* Check locking, save current plugin in 'back_plugin', so
245 the dialog knows where to return. */
246 if (($user= get_lock($this->dn)) != ""){
247 return(gen_locked_message ($user, $this->dn,TRUE));
248 }
250 /* Lock the current entry, so everyone will get the above dialog */
251 add_lock ($this->dn, $this->ui->dn);
253 /* Open the dialog */
254 $this->dialog = new roletabs($this->config, $this->config->data['TABS']['ROLETABS'],
255 $entry['dn'], "roles");
256 $this->dialog->set_acl_base($this->dn);
257 set_object_info($this->dn);
258 }
259 }
262 /***************
263 * Dialog handling
264 ***************/
266 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && $this->dialog instanceOf tabs){
267 $this->dialog->save_object();
268 $msgs = $this->dialog->check();
269 if(count($msgs)){
270 msg_dialog::displayChecks($msgs);
271 }else{
272 $this->dialog->save();
273 if (!isset($_POST['edit_apply'])){
274 $this->remove_lock();
275 $this->dialog= NULL;
276 set_object_info();
277 }else{
278 $this->dialog->re_init();
279 }
280 }
281 }
283 if (isset($_POST['edit_cancel']) && $this->dialog instanceOf tabs){
284 $this->remove_lock();
285 $this->dialog= NULL;
286 set_object_info();
287 }
289 if($this->dialog instanceOf tabs){
290 $display= $this->dialog->execute();
292 $dialog_opened = ($this->dialog->by_object[$this->dialog->current]->dialog instanceOf plugin);
294 if(!$dialog_opened){
295 if($this->dialog->read_only == TRUE){
296 $display.= "<p style=\"text-align:right\">
297 <input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">
298 </p>";
299 }else{
301 $display.= "<p style=\"text-align:right\">\n";
302 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\"
303 value=\"".msgPool::okButton(). "\">\n";
304 $display.= " \n";
305 if ($this->dn != "new"){
306 $display.= "<input type=submit name=\"edit_apply\"
307 value=\"".msgPool::applyButton()."\">\n";
308 $display.= " \n";
309 }
310 $display.= "<input type=submit name=\"edit_cancel\"
311 value=\"".msgPool::cancelButton()."\">\n";
312 $display.= "</p>";
313 }
314 }
315 return ($display);
316 }
319 /***************
320 * List handling
321 ***************/
323 // Check if there is a snapshot dialog open
324 $base = $this->DivListRoles->selectedBase;
325 if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases(),$this)){
326 return($str);
327 }
329 // Display dialog with group list
330 $this->DivListRoles->parent = $this;
331 $this->DivListRoles->execute();
333 // Add departments if subsearch is disabled
334 if(!$this->DivListRoles->SubSearch){
335 $this->DivListRoles->AddDepartments($this->DivListRoles->selectedBase,3,1);
336 }
337 $this->reload ();
338 $this->DivListRoles->setEntries($this->roles);
339 return($this->DivListRoles->Draw());
340 }
343 // Refreshes the list of known role objects.
344 function reload()
345 {
347 // Get current ldap base and filter settings.
348 $base = $this->DivListRoles->selectedBase;
349 $Regex = $this->DivListRoles->Regex;
351 // Search and fetch all matching role objects.
352 $this->roles = array();
353 $ldap = $this->config->get_ldap_link();
354 $filter= "(&(objectClass=organizationalRole)(cn=$Regex))";
355 $attrs = array("cn","description","objectClass");
357 if($this->DivListRoles->SubSearch){
358 $res= get_sub_list($filter, "roles",array(), $base, $attrs, GL_SIZELIMIT | GL_SUBSEARCH);
359 }else{
360 $res= get_sub_list($filter, "roles",get_ou('roleRDN'), get_ou('roleRDN').$base, $attrs, GL_SIZELIMIT );
361 }
363 $tmp = array();
364 foreach($res as $attrs){
365 $tmp[$attrs['cn'][0].$attrs['dn']] = $attrs;
366 }
368 uksort($tmp, 'strnatcasecmp');
369 $this->roles = array_values($tmp);
370 }
373 /* \brief Returns a list of selected entry ids.
374 * E.g. remove multiple entries.
375 * @return Array A list of entry IDs
376 */
377 function list_get_selected_items()
378 {
379 $ids = array();
380 foreach($_POST as $name => $value){
381 if(preg_match("/^item_selected_[0-9]*$/",$name)){
382 $id = preg_replace("/^item_selected_/","",$name);
383 $ids[$id] = $id;
384 }
385 }
386 return($ids);
387 }
390 function remove_lock()
391 {
392 if (isset($this->dialog->dn)){
393 del_lock ($this->dialog->dn);
394 }elseif(isset($this->dn) && !empty($this->dn) && $this->dn != "new"){
395 del_lock($this->dn);
396 }
397 if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
398 del_lock($this->dns);
399 }
400 }
403 /* Return departments, that will be included within snapshot detection
404 */
405 function get_used_snapshot_bases()
406 {
407 return(array(get_ou('roleRDN').$this->DivListRoles->selectedBase));
408 }
411 function copyPasteHandling_from_queue($s_action,$s_entry)
412 {
413 /* Check if Copy & Paste is disabled */
414 if(!is_object($this->CopyPasteHandler)){
415 return("");
416 }
418 $ui = get_userinfo();
420 /* Add a single entry to queue */
421 if($s_action == "cut" || $s_action == "copy"){
423 /* Cleanup object queue */
424 $this->CopyPasteHandler->cleanup_queue();
425 $dn = $this->roles[$s_entry]['dn'];
426 if($s_action == "copy" && $ui->is_copyable($dn,"roles","roleGeneric")){
427 $this->CopyPasteHandler->add_to_queue($dn,$s_action,"roletabs","ROLETABS","roles");
428 }
429 if($s_action == "cut" && $ui->is_cutable($dn,"roles","roleGeneric")){
430 $this->CopyPasteHandler->add_to_queue($dn,$s_action,"roletabs","ROLETABS","roles");
431 }
432 }
434 /* Add entries to queue */
435 if($s_action == "copy_multiple" || $s_action == "cut_multiple"){
437 /* Cleanup object queue */
438 $this->CopyPasteHandler->cleanup_queue();
440 /* Add new entries to CP queue */
441 foreach($this->list_get_selected_items() as $id){
442 $dn = $this->roles[$id]['dn'];
444 if($s_action == "copy_multiple" && $ui->is_copyable($dn,"roles","roleGeneric")){
445 $this->CopyPasteHandler->add_to_queue($dn,"copy","roletabs","ROLETABS","roles");
446 }
447 if($s_action == "cut_multiple" && $ui->is_cutable($dn,"roles","roleGeneric")){
448 $this->CopyPasteHandler->add_to_queue($dn,"cut","roletabs","ROLETABS","roles");
449 }
450 }
451 }
453 /* Start pasting entries */
454 if($s_action == "editPaste"){
455 $this->start_pasting_copied_objects = TRUE;
456 }
458 /* Return C&P dialog */
459 if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){
461 /* Get dialog */
462 $this->CopyPasteHandler->SetVar("base",$this->DivListRoles->selectedBase);
463 $data = $this->CopyPasteHandler->execute();
465 /* Return dialog data */
466 if(!empty($data)){
467 return($data);
468 }
469 }
470 /* Automatically disable status for pasting */
471 if(!$this->CopyPasteHandler->entries_queued()){
472 $this->start_pasting_copied_objects = FALSE;
473 }
474 return("");
475 }
478 function save_object()
479 {
480 $this->DivListRoles->save_object();
481 if(is_object($this->CopyPasteHandler)){
482 $this->CopyPasteHandler->save_object();
483 }
484 }
485 }
487 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
488 ?>