4440ab7626ead2106a0fb992fa7ef64960921db9
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $is_new= TRUE;
109 var $saved_attributes= array();
111 var $acl_base= "";
112 var $acl_category= "";
114 /* Plugin identifier */
115 var $plHeadline= "";
116 var $plDescription= "";
118 /* This can be set to render the tabulators in another stylesheet */
119 var $pl_notify= FALSE;
122 /* This variable indicates that this class can handle multiple dns at once. */
123 var $multiple_support = FALSE;
125 /* This aviable indicates, that we are currently in multiple edit handle */
126 var $multiple_support_active = FALSE;
127 var $selected_edit_values = array();
129 /*! \brief plugin constructor
131 If 'dn' is set, the node loads the given 'dn' from LDAP
133 \param dn Distinguished name to initialize plugin from
134 \sa plugin()
135 */
136 function plugin (&$config, $dn= NULL, $parent= NULL)
137 {
138 /* Configuration is fine, allways */
139 $this->config= &$config;
140 $this->dn= $dn;
142 /* Handle new accounts, don't read information from LDAP */
143 if ($dn == "new"){
144 return;
145 }
147 /* Save current dn as acl_base */
148 $this->acl_base= $dn;
150 /* Get LDAP descriptor */
151 $ldap= $this->config->get_ldap_link();
152 if ($dn !== NULL){
154 /* Load data to 'attrs' and save 'dn' */
155 if ($parent !== NULL){
156 $this->attrs= $parent->attrs;
157 } else {
158 $ldap->cat ($dn);
159 $this->attrs= $ldap->fetch();
160 }
162 /* Copy needed attributes */
163 foreach ($this->attributes as $val){
164 $found= array_key_ics($val, $this->attrs);
165 if ($found != ""){
166 $this->$val= $this->attrs["$found"][0];
167 }
168 }
170 /* gosaUnitTag loading... */
171 if (isset($this->attrs['gosaUnitTag'][0])){
172 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
173 }
175 /* Set the template flag according to the existence of objectClass
176 gosaUserTemplate */
177 if (isset($this->attrs['objectClass'])){
178 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
179 $this->is_template= TRUE;
180 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
181 "found", "Template check");
182 }
183 }
185 /* Is Account? */
186 $found= TRUE;
187 foreach ($this->objectclasses as $obj){
188 if (preg_match('/top/i', $obj)){
189 continue;
190 }
191 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
192 $found= FALSE;
193 break;
194 }
195 }
196 if ($found){
197 $this->is_account= TRUE;
198 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
199 "found", "Object check");
200 }
202 /* Prepare saved attributes */
203 $this->saved_attributes= $this->attrs;
204 foreach ($this->saved_attributes as $index => $value){
205 if (preg_match('/^[0-9]+$/', $index)){
206 unset($this->saved_attributes[$index]);
207 continue;
208 }
209 if (!in_array($index, $this->attributes) && $index != "objectClass"){
210 unset($this->saved_attributes[$index]);
211 continue;
212 }
213 if ($this->saved_attributes[$index]["count"] == 1){
214 $tmp= $this->saved_attributes[$index][0];
215 unset($this->saved_attributes[$index]);
216 $this->saved_attributes[$index]= $tmp;
217 continue;
218 }
220 unset($this->saved_attributes["$index"]["count"]);
221 }
222 }
224 /* Save initial account state */
225 $this->initially_was_account= $this->is_account;
226 }
228 /*! \brief execute plugin
230 Generates the html output for this node
231 */
232 function execute()
233 {
234 /* This one is empty currently. Fabian - please fill in the docu code */
235 $_SESSION['current_class_for_help'] = get_class($this);
237 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
238 $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
239 }
241 /*! \brief execute plugin
242 Removes object from parent
243 */
244 function remove_from_parent()
245 {
246 /* include global link_info */
247 $ldap= $this->config->get_ldap_link();
249 /* Get current objectClasses in order to add the required ones */
250 $ldap->cat($this->dn);
251 $tmp= $ldap->fetch ();
252 $oc= array();
253 if (isset($tmp['objectClass'])){
254 $oc= $tmp['objectClass'];
255 unset($oc['count']);
256 }
258 /* Remove objectClasses from entry */
259 $ldap->cd($this->dn);
260 $this->attrs= array();
261 $this->attrs['objectClass']= array_remove_entries($this->objectclasses,$oc);
263 /* Unset attributes from entry */
264 foreach ($this->attributes as $val){
265 $this->attrs["$val"]= array();
266 }
268 /* Unset account info */
269 $this->is_account= FALSE;
271 /* Do not write in plugin base class, this must be done by
272 children, since there are normally additional attribs,
273 lists, etc. */
274 /*
275 $ldap->modify($this->attrs);
276 */
277 }
280 /* Save data to object */
281 function save_object()
282 {
283 if($this->multiple_support_active){
284 foreach($this->attributes as $attr){
285 if(isset($_POST["use_".$attr])){
286 $this->selected_edit_values[$attr] = TRUE;
287 }else{
288 $this->selected_edit_values[$attr] = FALSE;
289 }
290 }
291 }
293 /* Save values to object */
294 foreach ($this->attributes as $val){
295 if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
296 /* Check for modifications */
297 if (get_magic_quotes_gpc()) {
298 $data= stripcslashes($_POST["$val"]);
299 } else {
300 $data= $this->$val = $_POST["$val"];
301 }
302 if ($this->$val != $data){
303 $this->is_modified= TRUE;
304 }
306 /* Okay, how can I explain this fix ...
307 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
308 * So IE posts these 'unselectable' option, with value = chr(194)
309 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
310 * This was added for W3c compliance, but now causes these ... ldap errors ...
311 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
312 */
313 if(isset($data[0]) && $data[0] == chr(194)) {
314 $data = "";
315 }
316 $this->$val= $data;
317 //echo "<font color='blue'>".$val."</font><br>";
318 }else{
319 //echo "<font color='red'>".$val."</font><br>";
320 }
321 }
322 }
325 /* Save data to LDAP, depending on is_account we save or delete */
326 function save()
327 {
328 /* include global link_info */
329 $ldap= $this->config->get_ldap_link();
331 /* Start with empty array */
332 $this->attrs= array();
334 /* Get current objectClasses in order to add the required ones */
335 $ldap->cat($this->dn);
337 $tmp= $ldap->fetch ();
339 $oc= array();
340 if (isset($tmp['objectClass'])){
341 $oc= $tmp["objectClass"];
342 $this->is_new= FALSE;
343 unset($oc['count']);
344 } else {
345 $this->is_new= TRUE;
346 }
348 /* Load (minimum) attributes, add missing ones */
349 $this->attrs['objectClass']= gosa_array_merge($oc,$this->objectclasses);
351 /* Copy standard attributes */
352 foreach ($this->attributes as $val){
353 if ($this->$val != ""){
354 $this->attrs["$val"]= $this->$val;
355 } elseif (!$this->is_new) {
356 $this->attrs["$val"]= array();
357 }
358 }
360 }
363 function cleanup()
364 {
365 foreach ($this->attrs as $index => $value){
367 /* Convert arrays with one element to non arrays, if the saved
368 attributes are no array, too */
369 if (is_array($this->attrs[$index]) &&
370 count ($this->attrs[$index]) == 1 &&
371 isset($this->saved_attributes[$index]) &&
372 !is_array($this->saved_attributes[$index])){
374 $tmp= $this->attrs[$index][0];
375 $this->attrs[$index]= $tmp;
376 }
378 /* Remove emtpy arrays if they do not differ */
379 if (is_array($this->attrs[$index]) &&
380 count($this->attrs[$index]) == 0 &&
381 !isset($this->saved_attributes[$index])){
383 unset ($this->attrs[$index]);
384 continue;
385 }
387 /* Remove single attributes that do not differ */
388 if (!is_array($this->attrs[$index]) &&
389 isset($this->saved_attributes[$index]) &&
390 !is_array($this->saved_attributes[$index]) &&
391 $this->attrs[$index] == $this->saved_attributes[$index]){
393 unset ($this->attrs[$index]);
394 continue;
395 }
397 /* Remove arrays that do not differ */
398 if (is_array($this->attrs[$index]) &&
399 isset($this->saved_attributes[$index]) &&
400 is_array($this->saved_attributes[$index])){
402 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
403 unset ($this->attrs[$index]);
404 continue;
405 }
406 }
407 }
409 /* Update saved attributes and ensure that next cleanups will be successful too */
410 foreach($this->attrs as $name => $value){
411 $this->saved_attributes[$name] = $value;
412 }
413 }
415 /* Check formular input */
416 function check()
417 {
418 $message= array();
420 /* Skip if we've no config object */
421 if (!isset($this->config) || !is_object($this->config)){
422 return $message;
423 }
425 /* Find hooks entries for this class */
426 $command= $this->config->search(get_class($this), "CHECK", array('menu', 'tabs'));
428 if ($command != ""){
430 if (!check_command($command)){
431 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
432 get_class($this));
433 } else {
435 /* Generate "ldif" for check hook */
436 $ldif= "dn: $this->dn\n";
438 /* ... objectClasses */
439 foreach ($this->objectclasses as $oc){
440 $ldif.= "objectClass: $oc\n";
441 }
443 /* ... attributes */
444 foreach ($this->attributes as $attr){
445 if ($this->$attr == ""){
446 continue;
447 }
448 if (is_array($this->$attr)){
449 foreach ($this->$attr as $val){
450 $ldif.= "$attr: $val\n";
451 }
452 } else {
453 $ldif.= "$attr: ".$this->$attr."\n";
454 }
455 }
457 /* Append empty line */
458 $ldif.= "\n";
460 /* Feed "ldif" into hook and retrieve result*/
461 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
462 $fh= proc_open($command, $descriptorspec, $pipes);
463 if (is_resource($fh)) {
464 fwrite ($pipes[0], $ldif);
465 fclose($pipes[0]);
467 $result= stream_get_contents($pipes[1]);
468 if ($result != ""){
469 $message[]= $result;
470 }
472 fclose($pipes[1]);
473 fclose($pipes[2]);
474 proc_close($fh);
475 }
476 }
478 }
480 return ($message);
481 }
483 /* Adapt from template, using 'dn' */
484 function adapt_from_template($dn)
485 {
486 /* Include global link_info */
487 $ldap= $this->config->get_ldap_link();
489 /* Load requested 'dn' to 'attrs' */
490 $ldap->cat ($dn);
491 $this->attrs= $ldap->fetch();
493 /* Walk through attributes */
494 foreach ($this->attributes as $val){
496 if (isset($this->attrs["$val"][0])){
498 /* If attribute is set, replace dynamic parts:
499 %sn, %givenName and %uid. Fill these in our local variables. */
500 $value= $this->attrs["$val"][0];
502 foreach (array("sn", "givenName", "uid") as $repl){
503 if (preg_match("/%$repl/i", $value)){
504 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
505 }
506 }
507 $this->$val= $value;
508 }
509 }
511 /* Is Account? */
512 $found= TRUE;
513 foreach ($this->objectclasses as $obj){
514 if (preg_match('/top/i', $obj)){
515 continue;
516 }
517 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
518 $found= FALSE;
519 break;
520 }
521 }
522 if ($found){
523 $this->is_account= TRUE;
524 }
525 }
527 /* Indicate whether a password change is needed or not */
528 function password_change_needed()
529 {
530 return FALSE;
531 }
534 /* Show header message for tab dialogs */
535 function show_enable_header($button_text, $text, $disabled= FALSE)
536 {
537 if (($disabled == TRUE) || (!$this->acl_is_createable())){
538 $state= "disabled";
539 } else {
540 $state= "";
541 }
542 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
543 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
544 "><p class=\"seperator\"> </p></td></tr></table>";
546 return($display);
547 }
550 /* Show header message for tab dialogs */
551 function show_disable_header($button_text, $text, $disabled= FALSE)
552 {
553 if (($disabled == TRUE) || !$this->acl_is_removeable()){
554 $state= "disabled";
555 } else {
556 $state= "";
557 }
558 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
559 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
560 "><p class=\"seperator\"> </p></td></tr></table>";
562 return($display);
563 }
566 /* Show header message for tab dialogs */
567 function show_header($button_text, $text, $disabled= FALSE)
568 {
569 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
570 if ($disabled == TRUE){
571 $state= "disabled";
572 } else {
573 $state= "";
574 }
575 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
576 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
577 ($this->acl_is_createable()?'':'disabled')." ".$state.
578 "><p class=\"seperator\"> </p></td></tr></table>";
580 return($display);
581 }
584 function postcreate($add_attrs= array())
585 {
586 /* Find postcreate entries for this class */
587 $command= $this->config->search(get_class($this), "POSTCREATE",array('menu', 'tabs'));
589 if ($command != ""){
591 /* Additional attributes */
592 foreach ($add_attrs as $name => $value){
593 $command= preg_replace("/%$name/", $value, $command);
594 }
596 /* Walk through attribute list */
597 foreach ($this->attributes as $attr){
598 if (!is_array($this->$attr)){
599 $command= preg_replace("/%$attr/", $this->$attr, $command);
600 }
601 }
602 $command= preg_replace("/%dn/", $this->dn, $command);
604 if (check_command($command)){
605 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
606 $command, "Execute");
608 exec($command);
609 } else {
610 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
611 print_red ($message);
612 }
613 }
614 }
616 function postmodify($add_attrs= array())
617 {
618 /* Find postcreate entries for this class */
619 $command= $this->config->search(get_class($this), "POSTMODIFY",array('menu','tabs'));
621 if ($command != ""){
623 /* Additional attributes */
624 foreach ($add_attrs as $name => $value){
625 $command= preg_replace("/%$name/", $value, $command);
626 }
628 /* Walk through attribute list */
629 foreach ($this->attributes as $attr){
630 if (!is_array($this->$attr)){
631 $command= preg_replace("/%$attr/", $this->$attr, $command);
632 }
633 }
634 $command= preg_replace("/%dn/", $this->dn, $command);
636 if (check_command($command)){
637 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
638 $command, "Execute");
640 exec($command);
641 } else {
642 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
643 print_red ($message);
644 }
645 }
646 }
648 function postremove($add_attrs= array())
649 {
650 /* Find postremove entries for this class */
651 $command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs'));
652 if ($command != ""){
654 /* Additional attributes */
655 foreach ($add_attrs as $name => $value){
656 $command= preg_replace("/%$name/", $value, $command);
657 }
659 /* Walk through attribute list */
660 foreach ($this->attributes as $attr){
661 if (!is_array($this->$attr)){
662 $command= preg_replace("/%$attr/", $this->$attr, $command);
663 }
664 }
665 $command= preg_replace("/%dn/", $this->dn, $command);
667 /* Additional attributes */
668 foreach ($add_attrs as $name => $value){
669 $command= preg_replace("/%$name/", $value, $command);
670 }
672 if (check_command($command)){
673 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
674 $command, "Execute");
676 exec($command);
677 } else {
678 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
679 print_red ($message);
680 }
681 }
682 }
684 /* Create unique DN */
685 function create_unique_dn($attribute, $base)
686 {
687 $ldap= $this->config->get_ldap_link();
688 $base= preg_replace("/^,*/", "", $base);
690 /* Try to use plain entry first */
691 $dn= "$attribute=".$this->$attribute.",$base";
692 $ldap->cat ($dn, array('dn'));
693 if (!$ldap->fetch()){
694 return ($dn);
695 }
697 /* Look for additional attributes */
698 foreach ($this->attributes as $attr){
699 if ($attr == $attribute || $this->$attr == ""){
700 continue;
701 }
703 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
704 $ldap->cat ($dn, array('dn'));
705 if (!$ldap->fetch()){
706 return ($dn);
707 }
708 }
710 /* None found */
711 return ("none");
712 }
714 function rebind($ldap, $referral)
715 {
716 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
717 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
718 $this->error = "Success";
719 $this->hascon=true;
720 $this->reconnect= true;
721 return (0);
722 } else {
723 $this->error = "Could not bind to " . $credentials['ADMIN'];
724 return NULL;
725 }
726 }
728 /* This is a workaround function. */
729 function copy($src_dn, $dst_dn)
730 {
731 /* Rename dn in possible object groups */
732 $ldap= $this->config->get_ldap_link();
733 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
734 array('cn'));
735 while ($attrs= $ldap->fetch()){
736 $og= new ogroup($this->config, $ldap->getDN());
737 unset($og->member[$src_dn]);
738 $og->member[$dst_dn]= $dst_dn;
739 $og->save ();
740 }
742 $ldap->cat($dst_dn);
743 $attrs= $ldap->fetch();
744 if (count($attrs)){
745 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
746 E_USER_WARNING);
747 return (FALSE);
748 }
750 $ldap->cat($src_dn);
751 $attrs= $ldap->fetch();
752 if (!count($attrs)){
753 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
754 E_USER_WARNING);
755 return (FALSE);
756 }
758 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
759 $ds= ldap_connect($this->config->current['SERVER']);
760 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
761 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
762 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
763 }
765 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
766 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
768 /* Fill data from LDAP */
769 $new= array();
770 if ($sr) {
771 $ei=ldap_first_entry($ds, $sr);
772 if ($ei) {
773 foreach($attrs as $attr => $val){
774 if ($info = @ldap_get_values_len($ds, $ei, $attr)){
775 for ($i= 0; $i<$info['count']; $i++){
776 if ($info['count'] == 1){
777 $new[$attr]= $info[$i];
778 } else {
779 $new[$attr][]= $info[$i];
780 }
781 }
782 }
783 }
784 }
785 }
787 /* close conncetion */
788 ldap_unbind($ds);
790 /* Adapt naming attribute */
791 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
792 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
793 $new[$dst_name]= @LDAP::fix($dst_val);
795 /* Check if this is a department.
796 * If it is a dep. && there is a , override in his ou
797 * change \2C to , again, else this entry can't be saved ...
798 */
799 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
800 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
801 }
803 /* Save copy */
804 $ldap->connect();
805 $ldap->cd($this->config->current['BASE']);
807 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
809 /* FAIvariable=.../..., cn=..
810 could not be saved, because the attribute FAIvariable was different to
811 the dn FAIvariable=..., cn=... */
812 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
813 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
814 }
815 $ldap->cd($dst_dn);
816 $ldap->add($new);
818 if ($ldap->error != "Success"){
819 trigger_error("Trying to save $dst_dn failed.",
820 E_USER_WARNING);
821 return(FALSE);
822 }
824 return (TRUE);
825 }
828 function move($src_dn, $dst_dn)
829 {
830 /* Copy source to destination */
831 if (!$this->copy($src_dn, $dst_dn)){
832 return (FALSE);
833 }
835 /* Delete source */
836 $ldap= $this->config->get_ldap_link();
837 $ldap->rmdir($src_dn);
838 if ($ldap->error != "Success"){
839 trigger_error("Trying to delete $src_dn failed.",
840 E_USER_WARNING);
841 return (FALSE);
842 }
844 return (TRUE);
845 }
848 /* Move/Rename complete trees */
849 function recursive_move($src_dn, $dst_dn)
850 {
851 /* Check if the destination entry exists */
852 $ldap= $this->config->get_ldap_link();
854 /* Check if destination exists - abort */
855 $ldap->cat($dst_dn, array('dn'));
856 if ($ldap->fetch()){
857 trigger_error("recursive_move $dst_dn already exists.",
858 E_USER_WARNING);
859 return (FALSE);
860 }
862 /* Perform a search for all objects to be moved */
863 $objects= array();
864 $ldap->cd($src_dn);
865 $ldap->search("(objectClass=*)", array("dn"));
866 while($attrs= $ldap->fetch()){
867 $dn= $attrs['dn'];
868 $objects[$dn]= strlen($dn);
869 }
871 /* Sort objects by indent level */
872 asort($objects);
873 reset($objects);
875 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
876 foreach ($objects as $object => $len){
877 $src= $object;
878 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
879 if (!$this->copy($src, $dst)){
880 return (FALSE);
881 }
882 }
884 /* Remove src_dn */
885 $ldap->cd($src_dn);
886 $ldap->recursive_remove();
887 return (TRUE);
888 }
891 function handle_post_events($mode, $add_attrs= array())
892 {
893 switch ($mode){
894 case "add":
895 $this->postcreate($add_attrs);
896 break;
898 case "modify":
899 $this->postmodify($add_attrs);
900 break;
902 case "remove":
903 $this->postremove($add_attrs);
904 break;
905 }
906 }
909 function saveCopyDialog(){
910 }
913 function getCopyDialog(){
914 return(array("string"=>"","status"=>""));
915 }
918 function PrepareForCopyPaste($source)
919 {
920 $todo = $this->attributes;
921 if(isset($this->CopyPasteVars)){
922 $todo = array_merge($todo,$this->CopyPasteVars);
923 }
925 if(count($this->objectclasses)){
926 $this->is_account = TRUE;
927 foreach($this->objectclasses as $class){
928 if(!in_array($class,$source['objectClass'])){
929 $this->is_account = FALSE;
930 }
931 }
932 }
934 foreach($todo as $var){
935 if (isset($source[$var])){
936 if(isset($source[$var]['count'])){
937 if($source[$var]['count'] > 1){
938 $this->$var = array();
939 $tmp = array();
940 for($i = 0 ; $i < $source[$var]['count']; $i++){
941 $tmp = $source[$var][$i];
942 }
943 $this->$var = $tmp;
944 # echo $var."=".$tmp."<br>";
945 }else{
946 $this->$var = $source[$var][0];
947 # echo $var."=".$source[$var][0]."<br>";
948 }
949 }else{
950 $this->$var= $source[$var];
951 # echo $var."=".$source[$var]."<br>";
952 }
953 }
954 }
955 }
958 function handle_object_tagging($dn= "", $tag= "", $show= false)
959 {
960 //FIXME: How to optimize this? We have at least two
961 // LDAP accesses per object. It would be a good
962 // idea to have it integrated.
964 /* No dn? Self-operation... */
965 if ($dn == ""){
966 $dn= $this->dn;
968 /* No tag? Find it yourself... */
969 if ($tag == ""){
970 $len= strlen($dn);
972 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
973 $relevant= array();
974 foreach ($this->config->adepartments as $key => $ntag){
976 /* This one is bigger than our dn, its not relevant... */
977 if ($len <= strlen($key)){
978 continue;
979 }
981 /* This one matches with the latter part. Break and don't fix this entry */
982 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
983 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
984 $relevant[strlen($key)]= $ntag;
985 continue;
986 }
988 }
990 /* If we've some relevant tags to set, just get the longest one */
991 if (count($relevant)){
992 ksort($relevant);
993 $tmp= array_keys($relevant);
994 $idx= end($tmp);
995 $tag= $relevant[$idx];
996 $this->gosaUnitTag= $tag;
997 }
998 }
999 }
1002 /* Set tag? */
1003 if ($tag != ""){
1004 /* Set objectclass and attribute */
1005 $ldap= $this->config->get_ldap_link();
1006 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1007 $attrs= $ldap->fetch();
1008 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
1009 if ($show) {
1010 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
1011 flush();
1012 }
1013 return;
1014 }
1015 if (count($attrs)){
1016 if ($show){
1017 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
1018 flush();
1019 }
1020 $nattrs= array("gosaUnitTag" => $tag);
1021 $nattrs['objectClass']= array();
1022 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1023 $oc= $attrs['objectClass'][$i];
1024 if ($oc != "gosaAdministrativeUnitTag"){
1025 $nattrs['objectClass'][]= $oc;
1026 }
1027 }
1028 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
1029 $ldap->cd($dn);
1030 $ldap->modify($nattrs);
1031 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1032 } else {
1033 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
1034 }
1036 } else {
1037 /* Remove objectclass and attribute */
1038 $ldap= $this->config->get_ldap_link();
1039 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1040 $attrs= $ldap->fetch();
1041 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
1042 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
1043 return;
1044 }
1045 if (count($attrs)){
1046 if ($show){
1047 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1048 flush();
1049 }
1050 $nattrs= array("gosaUnitTag" => array());
1051 $nattrs['objectClass']= array();
1052 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1053 $oc= $attrs['objectClass'][$i];
1054 if ($oc != "gosaAdministrativeUnitTag"){
1055 $nattrs['objectClass'][]= $oc;
1056 }
1057 }
1058 $ldap->cd($dn);
1059 $ldap->modify($nattrs);
1060 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1061 } else {
1062 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1063 }
1064 }
1066 }
1069 /* Add possibility to stop remove process */
1070 function allow_remove()
1071 {
1072 $reason= "";
1073 return $reason;
1074 }
1077 /* Create a snapshot of the current object */
1078 function create_snapshot($type= "snapshot", $description= array())
1079 {
1081 /* Check if snapshot functionality is enabled */
1082 if(!$this->snapshotEnabled()){
1083 return;
1084 }
1086 /* Get configuration from gosa.conf */
1087 $tmp = $this->config->current;
1089 /* Create lokal ldap connection */
1090 $ldap= $this->config->get_ldap_link();
1091 $ldap->cd($this->config->current['BASE']);
1093 /* check if there are special server configurations for snapshots */
1094 if(!isset($tmp['SNAPSHOT_SERVER'])){
1096 /* Source and destination server are both the same, just copy source to dest obj */
1097 $ldap_to = $ldap;
1098 $snapldapbase = $this->config->current['BASE'];
1100 }else{
1101 $server = $tmp['SNAPSHOT_SERVER'];
1102 $user = $tmp['SNAPSHOT_USER'];
1103 $password = $tmp['SNAPSHOT_PASSWORD'];
1104 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1106 $ldap_to = new LDAP($user,$password, $server);
1107 $ldap_to -> cd($snapldapbase);
1108 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1109 }
1111 /* check if the dn exists */
1112 if ($ldap->dn_exists($this->dn)){
1114 /* Extract seconds & mysecs, they are used as entry index */
1115 list($usec, $sec)= explode(" ", microtime());
1117 /* Collect some infos */
1118 $base = $this->config->current['BASE'];
1119 $snap_base = $tmp['SNAPSHOT_BASE'];
1120 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1121 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1123 /* Create object */
1124 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1125 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1126 $newName = preg_replace("/\./", "", $sec."-".$usec);
1127 $target= array();
1128 $target['objectClass'] = array("top", "gosaSnapshotObject");
1129 $target['gosaSnapshotData'] = gzcompress($data, 6);
1130 $target['gosaSnapshotType'] = $type;
1131 $target['gosaSnapshotDN'] = $this->dn;
1132 $target['description'] = $description;
1133 $target['gosaSnapshotTimestamp'] = $newName;
1135 /* Insert the new snapshot
1136 But we have to check first, if the given gosaSnapshotTimestamp
1137 is already used, in this case we should increment this value till there is
1138 an unused value. */
1139 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1140 $ldap_to->cat($new_dn);
1141 while($ldap_to->count()){
1142 $ldap_to->cat($new_dn);
1143 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1144 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1145 $target['gosaSnapshotTimestamp'] = $newName;
1146 }
1148 /* Inset this new snapshot */
1149 $ldap_to->cd($snapldapbase);
1150 $ldap_to->create_missing_trees($new_base);
1151 $ldap_to->cd($new_dn);
1152 $ldap_to->add($target);
1154 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1155 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1156 }
1157 }
1159 function remove_snapshot($dn)
1160 {
1161 $ui = get_userinfo();
1162 $old_dn = $this->dn;
1163 $this->dn = $dn;
1164 $ldap = $this->config->get_ldap_link();
1165 $ldap->cd($this->config->current['BASE']);
1166 $ldap->rmdir_recursive($dn);
1167 $this->dn = $old_dn;
1168 }
1171 /* returns true if snapshots are enabled, and false if it is disalbed
1172 There will also be some errors psoted, if the configuration failed */
1173 function snapshotEnabled()
1174 {
1175 $tmp = $this->config->current;
1176 if(isset($tmp['ENABLE_SNAPSHOT'])){
1177 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1179 /* Check if the snapshot_base is defined */
1180 if(!isset($tmp['SNAPSHOT_BASE'])){
1181 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),"SNAPSHOT_BASE"));
1182 return(FALSE);
1183 }
1185 /* check if there are special server configurations for snapshots */
1186 if(isset($tmp['SNAPSHOT_SERVER'])){
1188 /* check if all required vars are available to create a new ldap connection */
1189 $missing = "";
1190 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){
1191 if(!isset($tmp[$var])){
1192 $missing .= $var." ";
1193 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1194 return(FALSE);
1195 }
1196 }
1197 }
1198 return(TRUE);
1199 }
1200 }
1201 return(FALSE);
1202 }
1205 /* Return available snapshots for the given base
1206 */
1207 function Available_SnapsShots($dn,$raw = false)
1208 {
1209 if(!$this->snapshotEnabled()) return(array());
1211 /* Create an additional ldap object which
1212 points to our ldap snapshot server */
1213 $ldap= $this->config->get_ldap_link();
1214 $ldap->cd($this->config->current['BASE']);
1215 $cfg= &$this->config->current;
1217 /* check if there are special server configurations for snapshots */
1218 if(isset($cfg['SNAPSHOT_SERVER'])){
1219 $server = $cfg['SNAPSHOT_SERVER'];
1220 $user = $cfg['SNAPSHOT_USER'];
1221 $password = $cfg['SNAPSHOT_PASSWORD'];
1222 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1223 $ldap_to = new LDAP($user,$password, $server);
1224 $ldap_to -> cd ($snapldapbase);
1225 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1226 }else{
1227 $ldap_to = $ldap;
1228 }
1230 /* Prepare bases and some other infos */
1231 $base = $this->config->current['BASE'];
1232 $snap_base = $cfg['SNAPSHOT_BASE'];
1233 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1234 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1235 $tmp = array();
1237 /* Fetch all objects with gosaSnapshotDN=$dn */
1238 $ldap_to->cd($new_base);
1239 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1240 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1242 /* Put results into a list and add description if missing */
1243 while($entry = $ldap_to->fetch()){
1244 if(!isset($entry['description'][0])){
1245 $entry['description'][0] = "";
1246 }
1247 $tmp[] = $entry;
1248 }
1250 /* Return the raw array, or format the result */
1251 if($raw){
1252 return($tmp);
1253 }else{
1254 $tmp2 = array();
1255 foreach($tmp as $entry){
1256 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1257 }
1258 }
1259 return($tmp2);
1260 }
1263 function getAllDeletedSnapshots($base_of_object,$raw = false)
1264 {
1265 if(!$this->snapshotEnabled()) return(array());
1267 /* Create an additional ldap object which
1268 points to our ldap snapshot server */
1269 $ldap= $this->config->get_ldap_link();
1270 $ldap->cd($this->config->current['BASE']);
1271 $cfg= &$this->config->current;
1273 /* check if there are special server configurations for snapshots */
1274 if(isset($cfg['SNAPSHOT_SERVER'])){
1275 $server = $cfg['SNAPSHOT_SERVER'];
1276 $user = $cfg['SNAPSHOT_USER'];
1277 $password = $cfg['SNAPSHOT_PASSWORD'];
1278 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1279 $ldap_to = new LDAP($user,$password, $server);
1280 $ldap_to->cd ($snapldapbase);
1281 show_ldap_error($ldap_to->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1282 }else{
1283 $ldap_to = $ldap;
1284 }
1286 /* Prepare bases */
1287 $base = $this->config->current['BASE'];
1288 $snap_base = $cfg['SNAPSHOT_BASE'];
1289 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1291 /* Fetch all objects and check if they do not exist anymore */
1292 $ui = get_userinfo();
1293 $tmp = array();
1294 $ldap_to->cd($new_base);
1295 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1296 while($entry = $ldap_to->fetch()){
1298 $chk = str_replace($new_base,"",$entry['dn']);
1299 if(preg_match("/,ou=/",$chk)) continue;
1301 if(!isset($entry['description'][0])){
1302 $entry['description'][0] = "";
1303 }
1304 $tmp[] = $entry;
1305 }
1307 /* Check if entry still exists */
1308 foreach($tmp as $key => $entry){
1309 $ldap->cat($entry['gosaSnapshotDN'][0]);
1310 if($ldap->count()){
1311 unset($tmp[$key]);
1312 }
1313 }
1315 /* Format result as requested */
1316 if($raw) {
1317 return($tmp);
1318 }else{
1319 $tmp2 = array();
1320 foreach($tmp as $key => $entry){
1321 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1322 }
1323 }
1324 return($tmp2);
1325 }
1328 /* Restore selected snapshot */
1329 function restore_snapshot($dn)
1330 {
1331 if(!$this->snapshotEnabled()) return(array());
1333 $ldap= $this->config->get_ldap_link();
1334 $ldap->cd($this->config->current['BASE']);
1335 $cfg= &$this->config->current;
1337 /* check if there are special server configurations for snapshots */
1338 if(isset($cfg['SNAPSHOT_SERVER'])){
1339 $server = $cfg['SNAPSHOT_SERVER'];
1340 $user = $cfg['SNAPSHOT_USER'];
1341 $password = $cfg['SNAPSHOT_PASSWORD'];
1342 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1343 $ldap_to = new LDAP($user,$password, $server);
1344 $ldap_to->cd ($snapldapbase);
1345 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1346 }else{
1347 $ldap_to = $ldap;
1348 }
1350 /* Get the snapshot */
1351 $ldap_to->cat($dn);
1352 $restoreObject = $ldap_to->fetch();
1354 /* Prepare import string */
1355 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1357 /* Import the given data */
1358 $ldap->import_complete_ldif($data,$err,false,false);
1359 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1360 }
1363 function showSnapshotDialog($base,$baseSuffixe)
1364 {
1365 $once = true;
1366 foreach($_POST as $name => $value){
1368 /* Create a new snapshot, display a dialog */
1369 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1370 $once = false;
1371 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1372 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1373 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1374 }
1376 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1377 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1378 $once = false;
1379 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1380 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1381 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1382 $this->snapDialog->display_restore_dialog = true;
1383 }
1385 /* Restore one of the already deleted objects */
1386 if(((isset($_POST['menu_action']) && $_POST['menu_action'] == "RestoreDeletedSnapShot")
1387 || preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){
1388 $once = false;
1389 $this->snapDialog = new SnapShotDialog($this->config,"",$this);
1390 $this->snapDialog->set_snapshot_bases($baseSuffixe);
1391 $this->snapDialog->display_restore_dialog = true;
1392 $this->snapDialog->display_all_removed_objects = true;
1393 }
1395 /* Restore selected snapshot */
1396 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1397 $once = false;
1398 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1399 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1400 if(!empty($entry)){
1401 $this->restore_snapshot($entry);
1402 $this->snapDialog = NULL;
1403 }
1404 }
1405 }
1407 /* Create a new snapshot requested, check
1408 the given attributes and create the snapshot*/
1409 if(isset($_POST['CreateSnapshot']) && is_object($this->snapDialog)){
1410 $this->snapDialog->save_object();
1411 $msgs = $this->snapDialog->check();
1412 if(count($msgs)){
1413 foreach($msgs as $msg){
1414 print_red($msg);
1415 }
1416 }else{
1417 $this->dn = $this->snapDialog->dn;
1418 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1419 $this->snapDialog = NULL;
1420 }
1421 }
1423 /* Restore is requested, restore the object with the posted dn .*/
1424 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1425 }
1427 if(isset($_POST['CancelSnapshot'])){
1428 $this->snapDialog = NULL;
1429 }
1431 if(is_object($this->snapDialog )){
1432 $this->snapDialog->save_object();
1433 return($this->snapDialog->execute());
1434 }
1435 }
1438 static function plInfo()
1439 {
1440 return array();
1441 }
1444 function set_acl_base($base)
1445 {
1446 $this->acl_base= $base;
1447 }
1450 function set_acl_category($category)
1451 {
1452 $this->acl_category= "$category/";
1453 }
1456 function acl_is_writeable($attribute,$skip_write = FALSE)
1457 {
1458 $ui= get_userinfo();
1459 return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
1460 }
1463 function acl_is_readable($attribute)
1464 {
1465 $ui= get_userinfo();
1466 return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
1467 }
1470 function acl_is_createable()
1471 {
1472 $ui= get_userinfo();
1473 return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1474 }
1477 function acl_is_removeable()
1478 {
1479 $ui= get_userinfo();
1480 return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1481 }
1484 function acl_is_moveable()
1485 {
1486 $ui= get_userinfo();
1487 return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1488 }
1491 function acl_have_any_permissions()
1492 {
1493 }
1496 function getacl($attribute,$skip_write= FALSE)
1497 {
1498 $ui= get_userinfo();
1499 return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
1500 }
1502 /* Get all allowed bases to move an object to or to create a new object.
1503 Idepartments also contains all base departments which lead to the allowed bases */
1504 function get_allowed_bases($category = "")
1505 {
1506 $ui = get_userinfo();
1507 $deps = array();
1509 /* Set category */
1510 if(empty($category)){
1511 $category = $this->acl_category.get_class($this);
1512 }
1514 /* Is this a new object ? Or just an edited existing object */
1515 if(!$this->initially_was_account && $this->is_account){
1516 $new = true;
1517 }else{
1518 $new = false;
1519 }
1521 $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
1522 foreach($this->config->idepartments as $dn => $name){
1524 if(!in_array_ics($dn,$cat_bases)){
1525 continue;
1526 }
1528 $acl = $ui->get_permissions($dn,$category);
1529 if($new && preg_match("/c/",$acl)){
1530 $deps[$dn] = $name;
1531 }elseif(!$new && preg_match("/m/",$acl)){
1532 $deps[$dn] = $name;
1533 }
1534 }
1536 /* Add current base */
1537 if(isset($this->base) && isset($this->config->idepartments[$this->base])){
1538 $deps[$this->base] = $this->config->idepartments[$this->base];
1539 }else{
1540 echo "No default base found. ".$this->base."<br> ";
1541 }
1543 return($deps);
1544 }
1546 /* This function modifies object acls too, if an object is moved.
1547 * $old_dn specifies the actually used dn
1548 * $new_dn specifies the destiantion dn
1549 */
1550 function update_acls($old_dn,$new_dn,$output_changes = FALSE)
1551 {
1552 /* Check if old_dn is empty. This should never happen */
1553 if(empty($old_dn) || empty($new_dn)){
1554 trigger_error("Failed to check acl dependencies, wrong dn given.");
1555 return;
1556 }
1558 /* Update userinfo if necessary */
1559 if($_SESSION['ui']->dn == $old_dn){
1560 $_SESSION['ui']->dn = $new_dn;
1561 new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
1562 }
1564 /* Object was moved, ensure that all acls will be moved too */
1565 if($new_dn != $old_dn && $old_dn != "new"){
1567 /* get_ldap configuration */
1568 $update = array();
1569 $ldap = $this->config->get_ldap_link();
1570 $ldap->cd ($this->config->current['BASE']);
1571 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
1572 while($attrs = $ldap->fetch()){
1574 $acls = array();
1576 /* Walk through acls */
1577 for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
1579 /* Reset vars */
1580 $found = false;
1582 /* Get Acl parts */
1583 $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
1585 /* Get every single member for this acl */
1586 $members = array();
1587 if(preg_match("/,/",$acl_parts[2])){
1588 $members = split(",",$acl_parts[2]);
1589 }else{
1590 $members = array($acl_parts[2]);
1591 }
1593 /* Check if member match current dn */
1594 foreach($members as $key => $member){
1595 $member = base64_decode($member);
1596 if($member == $old_dn){
1597 $found = true;
1598 $members[$key] = base64_encode($new_dn);
1599 }
1600 }
1602 /* Create new member string */
1603 $new_members = "";
1604 foreach($members as $member){
1605 $new_members .= $member.",";
1606 }
1607 $new_members = preg_replace("/,$/","",$new_members);
1608 $acl_parts[2] = $new_members;
1610 /* Reconstruckt acl entry */
1611 $acl_str ="";
1612 foreach($acl_parts as $t){
1613 $acl_str .= $t.":";
1614 }
1615 $acl_str = preg_replace("/:$/","",$acl_str);
1616 }
1618 /* Acls for this object must be adjusted */
1619 if($found){
1621 if($output_changes){
1622 echo "<font color='green'>".
1623 _("Changing ACL dn")." : <br> -"._("from")." <b> ".
1624 $old_dn.
1625 "</b><br> -"._("to")." <b>".
1626 $new_dn.
1627 "</b></font><br>";
1628 }
1629 $update[$attrs['dn']] =array();
1630 foreach($acls as $acl){
1631 $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
1632 }
1633 }
1634 }
1636 /* Write updated acls */
1637 foreach($update as $dn => $attrs){
1638 $ldap->cd($dn);
1639 $ldap->modify($attrs);
1640 }
1641 }
1642 }
1645 function get_multi_edit_values()
1646 {
1647 $ret = array();
1648 foreach($this->selected_edit_values as $attr => $active){
1649 if($active){
1650 $ret[$attr] = $this->$attr;
1651 }
1652 }
1653 return($ret);
1654 }
1656 function set_multi_edit_value()
1657 {
1659 }
1661 }
1663 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1664 ?>