631a2d153c2b79ca823ea8f5a73aae18f9537a49
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $is_new= TRUE;
109 var $saved_attributes= array();
111 var $acl_base= "";
112 var $acl_category= "";
114 /* Plugin identifier */
115 var $plHeadline= "";
116 var $plDescription= "";
118 /*! \brief plugin constructor
120 If 'dn' is set, the node loads the given 'dn' from LDAP
122 \param dn Distinguished name to initialize plugin from
123 \sa plugin()
124 */
125 function plugin ($config, $dn= NULL, $parent= NULL)
126 {
127 /* Configuration is fine, allways */
128 $this->config= $config;
129 $this->dn= $dn;
131 /* Handle new accounts, don't read information from LDAP */
132 if ($dn == "new"){
133 return;
134 }
136 /* Save current dn as acl_base */
137 $this->acl_base= $dn;
139 /* Get LDAP descriptor */
140 $ldap= $this->config->get_ldap_link();
141 if ($dn != NULL){
143 /* Load data to 'attrs' and save 'dn' */
144 if ($parent != NULL){
145 $this->attrs= $parent->attrs;
146 } else {
147 $ldap->cat ($dn);
148 $this->attrs= $ldap->fetch();
149 }
151 /* Copy needed attributes */
152 foreach ($this->attributes as $val){
153 $found= array_key_ics($val, $this->attrs);
154 if ($found != ""){
155 $this->$val= $this->attrs["$found"][0];
156 }
157 }
159 /* gosaUnitTag loading... */
160 if (isset($this->attrs['gosaUnitTag'][0])){
161 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
162 }
164 /* Set the template flag according to the existence of objectClass
165 gosaUserTemplate */
166 if (isset($this->attrs['objectClass'])){
167 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
168 $this->is_template= TRUE;
169 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
170 "found", "Template check");
171 }
172 }
174 /* Is Account? */
175 error_reporting(0);
176 $found= TRUE;
177 foreach ($this->objectclasses as $obj){
178 if (preg_match('/top/i', $obj)){
179 continue;
180 }
181 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
182 $found= FALSE;
183 break;
184 }
185 }
186 error_reporting(E_ALL);
187 if ($found){
188 $this->is_account= TRUE;
189 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
190 "found", "Object check");
191 }
193 /* Prepare saved attributes */
194 $this->saved_attributes= $this->attrs;
195 foreach ($this->saved_attributes as $index => $value){
196 if (preg_match('/^[0-9]+$/', $index)){
197 unset($this->saved_attributes[$index]);
198 continue;
199 }
200 if (!in_array($index, $this->attributes) && $index != "objectClass"){
201 unset($this->saved_attributes[$index]);
202 continue;
203 }
204 if ($this->saved_attributes[$index]["count"] == 1){
205 $tmp= $this->saved_attributes[$index][0];
206 unset($this->saved_attributes[$index]);
207 $this->saved_attributes[$index]= $tmp;
208 continue;
209 }
211 unset($this->saved_attributes["$index"]["count"]);
212 }
213 }
215 /* Save initial account state */
216 $this->initially_was_account= $this->is_account;
217 }
219 /*! \brief execute plugin
221 Generates the html output for this node
222 */
223 function execute()
224 {
225 /* This one is empty currently. Fabian - please fill in the docu code */
226 $_SESSION['current_class_for_help'] = get_class($this);
228 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
229 $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
230 }
232 /*! \brief execute plugin
233 Removes object from parent
234 */
235 function remove_from_parent()
236 {
237 /* include global link_info */
238 $ldap= $this->config->get_ldap_link();
240 /* Get current objectClasses in order to add the required ones */
241 $ldap->cat($this->dn);
242 $tmp= $ldap->fetch ();
243 if (isset($tmp['objectClass'])){
244 $oc= $tmp['objectClass'];
245 } else {
246 $oc= array("count" => 0);
247 }
249 /* Remove objectClasses from entry */
250 $ldap->cd($this->dn);
251 $this->attrs= array();
252 $this->attrs['objectClass']= array();
253 for ($i= 0; $i<$oc["count"]; $i++){
254 if (!in_array_ics($oc[$i], $this->objectclasses)){
255 $this->attrs['objectClass'][]= $oc[$i];
256 }
257 }
259 /* Unset attributes from entry */
260 foreach ($this->attributes as $val){
261 $this->attrs["$val"]= array();
262 }
264 /* Unset account info */
265 $this->is_account= FALSE;
267 /* Do not write in plugin base class, this must be done by
268 children, since there are normally additional attribs,
269 lists, etc. */
270 /*
271 $ldap->modify($this->attrs);
272 */
273 }
276 /* Save data to object */
277 function save_object()
278 {
279 /* Save values to object */
280 foreach ($this->attributes as $val){
281 if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
282 /* Check for modifications */
283 if (get_magic_quotes_gpc()) {
284 $data= stripcslashes($_POST["$val"]);
285 } else {
286 $data= $this->$val = $_POST["$val"];
287 }
288 if ($this->$val != $data){
289 $this->is_modified= TRUE;
290 }
292 /* Okay, how can I explain this fix ...
293 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
294 * So IE posts these 'unselectable' option, with value = chr(194)
295 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
296 * This was added for W3c compliance, but now causes these ... ldap errors ...
297 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
298 */
299 if(isset($data[0]) && $data[0] == chr(194)) {
300 $data = "";
301 }
302 $this->$val= $data;
303 //echo "<font color='blue'>".$val."</font><br>";
304 }else{
305 //echo "<font color='red'>".$val."</font><br>";
306 }
307 }
308 }
311 /* Save data to LDAP, depending on is_account we save or delete */
312 function save()
313 {
314 /* include global link_info */
315 $ldap= $this->config->get_ldap_link();
317 /* Start with empty array */
318 $this->attrs= array();
320 /* Get current objectClasses in order to add the required ones */
321 $ldap->cat($this->dn);
323 $tmp= $ldap->fetch ();
325 if (isset($tmp['objectClass'])){
326 $oc= $tmp["objectClass"];
327 $this->is_new= FALSE;
328 } else {
329 $oc= array("count" => 0);
330 $this->is_new= TRUE;
331 }
333 /* Load (minimum) attributes, add missing ones */
334 $this->attrs['objectClass']= $this->objectclasses;
335 for ($i= 0; $i<$oc["count"]; $i++){
336 if (!in_array_ics($oc[$i], $this->objectclasses)){
337 $this->attrs['objectClass'][]= $oc[$i];
338 }
339 }
341 /* Copy standard attributes */
342 foreach ($this->attributes as $val){
343 if ($this->$val != ""){
344 $this->attrs["$val"]= $this->$val;
345 } elseif (!$this->is_new) {
346 $this->attrs["$val"]= array();
347 }
348 }
350 }
353 function cleanup()
354 {
355 foreach ($this->attrs as $index => $value){
357 /* Convert arrays with one element to non arrays, if the saved
358 attributes are no array, too */
359 if (is_array($this->attrs[$index]) &&
360 count ($this->attrs[$index]) == 1 &&
361 isset($this->saved_attributes[$index]) &&
362 !is_array($this->saved_attributes[$index])){
364 $tmp= $this->attrs[$index][0];
365 $this->attrs[$index]= $tmp;
366 }
368 /* Remove emtpy arrays if they do not differ */
369 if (is_array($this->attrs[$index]) &&
370 count($this->attrs[$index]) == 0 &&
371 !isset($this->saved_attributes[$index])){
373 unset ($this->attrs[$index]);
374 continue;
375 }
377 /* Remove single attributes that do not differ */
378 if (!is_array($this->attrs[$index]) &&
379 isset($this->saved_attributes[$index]) &&
380 !is_array($this->saved_attributes[$index]) &&
381 $this->attrs[$index] == $this->saved_attributes[$index]){
383 unset ($this->attrs[$index]);
384 continue;
385 }
387 /* Remove arrays that do not differ */
388 if (is_array($this->attrs[$index]) &&
389 isset($this->saved_attributes[$index]) &&
390 is_array($this->saved_attributes[$index])){
392 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
393 unset ($this->attrs[$index]);
394 continue;
395 }
396 }
397 }
398 }
400 /* Check formular input */
401 function check()
402 {
403 $message= array();
405 /* Skip if we've no config object */
406 if (!isset($this->config)){
407 return $message;
408 }
410 /* Find hooks entries for this class */
411 $command= search_config($this->config->data['MENU'], get_class($this), "CHECK");
412 if ($command == "" && isset($this->config->data['TABS'])){
413 $command= search_config($this->config->data['TABS'], get_class($this), "CHECK");
414 }
416 if ($command != ""){
418 if (!check_command($command)){
419 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
420 get_class($this));
421 } else {
423 /* Generate "ldif" for check hook */
424 $ldif= "dn: $this->dn\n";
426 /* ... objectClasses */
427 foreach ($this->objectclasses as $oc){
428 $ldif.= "objectClass: $oc\n";
429 }
431 /* ... attributes */
432 foreach ($this->attributes as $attr){
433 if ($this->$attr == ""){
434 continue;
435 }
436 if (is_array($this->$attr)){
437 foreach ($this->$attr as $val){
438 $ldif.= "$attr: $val\n";
439 }
440 } else {
441 $ldif.= "$attr: ".$this->$attr."\n";
442 }
443 }
445 /* Append empty line */
446 $ldif.= "\n";
448 /* Feed "ldif" into hook and retrieve result*/
449 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
450 $fh= proc_open($command, $descriptorspec, $pipes);
451 if (is_resource($fh)) {
452 fwrite ($pipes[0], $ldif);
453 fclose($pipes[0]);
455 $result= stream_get_contents($pipes[1]);
456 if ($result != ""){
457 $message[]= $result;
458 }
460 fclose($pipes[1]);
461 fclose($pipes[2]);
462 proc_close($fh);
463 }
464 }
466 }
468 return ($message);
469 }
471 /* Adapt from template, using 'dn' */
472 function adapt_from_template($dn)
473 {
474 /* Include global link_info */
475 $ldap= $this->config->get_ldap_link();
477 /* Load requested 'dn' to 'attrs' */
478 $ldap->cat ($dn);
479 $this->attrs= $ldap->fetch();
481 /* Walk through attributes */
482 foreach ($this->attributes as $val){
484 if (isset($this->attrs["$val"][0])){
486 /* If attribute is set, replace dynamic parts:
487 %sn, %givenName and %uid. Fill these in our local variables. */
488 $value= $this->attrs["$val"][0];
490 foreach (array("sn", "givenName", "uid") as $repl){
491 if (preg_match("/%$repl/i", $value)){
492 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
493 }
494 }
495 $this->$val= $value;
496 }
497 }
499 /* Is Account? */
500 $found= TRUE;
501 foreach ($this->objectclasses as $obj){
502 if (preg_match('/top/i', $obj)){
503 continue;
504 }
505 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
506 $found= FALSE;
507 break;
508 }
509 }
510 if ($found){
511 $this->is_account= TRUE;
512 }
513 }
515 /* Indicate whether a password change is needed or not */
516 function password_change_needed()
517 {
518 return FALSE;
519 }
522 /* Show header message for tab dialogs */
523 function show_enable_header($button_text, $text, $disabled= FALSE)
524 {
525 if (($disabled == TRUE) || (!$this->acl_is_createable())){
526 $state= "disabled";
527 } else {
528 $state= "";
529 }
530 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
531 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
532 "><p class=\"seperator\"> </p></td></tr></table>";
534 return($display);
535 }
538 /* Show header message for tab dialogs */
539 function show_disable_header($button_text, $text, $disabled= FALSE)
540 {
541 if (($disabled == TRUE) || !$this->acl_is_removeable()){
542 $state= "disabled";
543 } else {
544 $state= "";
545 }
546 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
547 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
548 "><p class=\"seperator\"> </p></td></tr></table>";
550 return($display);
551 }
554 /* Show header message for tab dialogs */
555 function show_header($button_text, $text, $disabled= FALSE)
556 {
557 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
558 if ($disabled == TRUE){
559 $state= "disabled";
560 } else {
561 $state= "";
562 }
563 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
564 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
565 ($this->acl_is_createable()?'':'disabled')." ".$state.
566 "><p class=\"seperator\"> </p></td></tr></table>";
568 return($display);
569 }
572 function postcreate($add_attrs= array())
573 {
574 /* Find postcreate entries for this class */
575 $command= search_config($this->config->data['MENU'], get_class($this), "POSTCREATE");
576 if ($command == "" && isset($this->config->data['TABS'])){
577 $command= search_config($this->config->data['TABS'], get_class($this), "POSTCREATE");
578 }
580 if ($command != ""){
581 /* Walk through attribute list */
582 foreach ($this->attributes as $attr){
583 if (!is_array($this->$attr)){
584 $command= preg_replace("/%$attr/", $this->$attr, $command);
585 }
586 }
587 $command= preg_replace("/%dn/", $this->dn, $command);
589 /* Additional attributes */
590 foreach ($add_attrs as $name => $value){
591 $command= preg_replace("/%$name/", $value, $command);
592 }
594 if (check_command($command)){
595 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
596 $command, "Execute");
598 exec($command);
599 } else {
600 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
601 print_red ($message);
602 }
603 }
604 }
606 function postmodify($add_attrs= array())
607 {
608 /* Find postcreate entries for this class */
609 $command= search_config($this->config->data['MENU'], get_class($this), "POSTMODIFY");
610 if ($command == "" && isset($this->config->data['TABS'])){
611 $command= search_config($this->config->data['TABS'], get_class($this), "POSTMODIFY");
612 }
614 if ($command != ""){
615 /* Walk through attribute list */
616 foreach ($this->attributes as $attr){
617 if (!is_array($this->$attr)){
618 $command= preg_replace("/%$attr/", $this->$attr, $command);
619 }
620 }
621 $command= preg_replace("/%dn/", $this->dn, $command);
623 /* Additional attributes */
624 foreach ($add_attrs as $name => $value){
625 $command= preg_replace("/%$name/", $value, $command);
626 }
628 if (check_command($command)){
629 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
630 $command, "Execute");
632 exec($command);
633 } else {
634 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
635 print_red ($message);
636 }
637 }
638 }
640 function postremove($add_attrs= array())
641 {
642 /* Find postremove entries for this class */
643 $command= search_config($this->config->data['MENU'], get_class($this), "POSTREMOVE");
644 if ($command == "" && isset($this->config->data['TABS'])){
645 $command= search_config($this->config->data['TABS'], get_class($this), "POSTREMOVE");
646 }
648 if ($command != ""){
649 /* Walk through attribute list */
650 foreach ($this->attributes as $attr){
651 if (!is_array($this->$attr)){
652 $command= preg_replace("/%$attr/", $this->$attr, $command);
653 }
654 }
655 $command= preg_replace("/%dn/", $this->dn, $command);
657 /* Additional attributes */
658 foreach ($add_attrs as $name => $value){
659 $command= preg_replace("/%$name/", $value, $command);
660 }
662 if (check_command($command)){
663 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
664 $command, "Execute");
666 exec($command);
667 } else {
668 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
669 print_red ($message);
670 }
671 }
672 }
674 /* Create unique DN */
675 function create_unique_dn($attribute, $base)
676 {
677 $ldap= $this->config->get_ldap_link();
678 $base= preg_replace("/^,*/", "", $base);
680 /* Try to use plain entry first */
681 $dn= "$attribute=".$this->$attribute.",$base";
682 $ldap->cat ($dn, array('dn'));
683 if (!$ldap->fetch()){
684 return ($dn);
685 }
687 /* Look for additional attributes */
688 foreach ($this->attributes as $attr){
689 if ($attr == $attribute || $this->$attr == ""){
690 continue;
691 }
693 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
694 $ldap->cat ($dn, array('dn'));
695 if (!$ldap->fetch()){
696 return ($dn);
697 }
698 }
700 /* None found */
701 return ("none");
702 }
704 function rebind($ldap, $referral)
705 {
706 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
707 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
708 $this->error = "Success";
709 $this->hascon=true;
710 $this->reconnect= true;
711 return (0);
712 } else {
713 $this->error = "Could not bind to " . $credentials['ADMIN'];
714 return NULL;
715 }
716 }
718 /* This is a workaround function. */
719 function copy($src_dn, $dst_dn)
720 {
721 /* Rename dn in possible object groups */
722 $ldap= $this->config->get_ldap_link();
723 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
724 array('cn'));
725 while ($attrs= $ldap->fetch()){
726 $og= new ogroup($this->config, $ldap->getDN());
727 unset($og->member[$src_dn]);
728 $og->member[$dst_dn]= $dst_dn;
729 $og->save ();
730 }
732 $ldap->cat($dst_dn);
733 $attrs= $ldap->fetch();
734 if (count($attrs)){
735 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
736 E_USER_WARNING);
737 return (FALSE);
738 }
740 $ldap->cat($src_dn);
741 $attrs= $ldap->fetch();
742 if (!count($attrs)){
743 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
744 E_USER_WARNING);
745 return (FALSE);
746 }
748 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
749 $ds= ldap_connect($this->config->current['SERVER']);
750 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
751 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
752 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
753 }
755 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
756 error_reporting (0);
757 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
759 /* Fill data from LDAP */
760 $new= array();
761 if ($sr) {
762 $ei=ldap_first_entry($ds, $sr);
763 if ($ei) {
764 foreach($attrs as $attr => $val){
765 if ($info = ldap_get_values_len($ds, $ei, $attr)){
766 for ($i= 0; $i<$info['count']; $i++){
767 if ($info['count'] == 1){
768 $new[$attr]= $info[$i];
769 } else {
770 $new[$attr][]= $info[$i];
771 }
772 }
773 }
774 }
775 }
776 }
778 /* close conncetion */
779 error_reporting (E_ALL);
780 ldap_unbind($ds);
782 /* Adapt naming attribute */
783 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
784 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
785 $new[$dst_name]= @LDAP::fix($dst_val);
787 /* Check if this is a department.
788 * If it is a dep. && there is a , override in his ou
789 * change \2C to , again, else this entry can't be saved ...
790 */
791 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
792 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
793 }
795 /* Save copy */
796 $ldap->connect();
797 $ldap->cd($this->config->current['BASE']);
799 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
801 /* FAIvariable=.../..., cn=..
802 could not be saved, because the attribute FAIvariable was different to
803 the dn FAIvariable=..., cn=... */
804 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
805 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
806 }
807 $ldap->cd($dst_dn);
808 $ldap->add($new);
810 if ($ldap->error != "Success"){
811 trigger_error("Trying to save $dst_dn failed.",
812 E_USER_WARNING);
813 return(FALSE);
814 }
816 return (TRUE);
817 }
820 function move($src_dn, $dst_dn)
821 {
822 /* Copy source to destination */
823 if (!$this->copy($src_dn, $dst_dn)){
824 return (FALSE);
825 }
827 /* Delete source */
828 $ldap= $this->config->get_ldap_link();
829 $ldap->rmdir($src_dn);
830 if ($ldap->error != "Success"){
831 trigger_error("Trying to delete $src_dn failed.",
832 E_USER_WARNING);
833 return (FALSE);
834 }
836 return (TRUE);
837 }
840 /* Move/Rename complete trees */
841 function recursive_move($src_dn, $dst_dn)
842 {
843 /* Check if the destination entry exists */
844 $ldap= $this->config->get_ldap_link();
846 /* Check if destination exists - abort */
847 $ldap->cat($dst_dn, array('dn'));
848 if ($ldap->fetch()){
849 trigger_error("recursive_move $dst_dn already exists.",
850 E_USER_WARNING);
851 return (FALSE);
852 }
854 /* Perform a search for all objects to be moved */
855 $objects= array();
856 $ldap->cd($src_dn);
857 $ldap->search("(objectClass=*)", array("dn"));
858 while($attrs= $ldap->fetch()){
859 $dn= $attrs['dn'];
860 $objects[$dn]= strlen($dn);
861 }
863 /* Sort objects by indent level */
864 asort($objects);
865 reset($objects);
867 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
868 foreach ($objects as $object => $len){
869 $src= $object;
870 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
871 if (!$this->copy($src, $dst)){
872 return (FALSE);
873 }
874 }
876 /* Remove src_dn */
877 $ldap->cd($src_dn);
878 $ldap->recursive_remove();
879 return (TRUE);
880 }
883 function handle_post_events($mode, $add_attrs= array())
884 {
885 switch ($mode){
886 case "add":
887 $this->postcreate($add_attrs);
888 break;
890 case "modify":
891 $this->postmodify($add_attrs);
892 break;
894 case "remove":
895 $this->postremove($add_attrs);
896 break;
897 }
898 }
901 function saveCopyDialog(){
902 }
905 function getCopyDialog(){
906 return(array("string"=>"","status"=>""));
907 }
910 function PrepareForCopyPaste($source)
911 {
912 $todo = $this->attributes;
913 if(isset($this->CopyPasteVars)){
914 $todo = array_merge($todo,$this->CopyPasteVars);
915 }
917 if(count($this->objectclasses)){
918 $this->is_account = TRUE;
919 foreach($this->objectclasses as $class){
920 if(!in_array($class,$source['objectClass'])){
921 $this->is_account = FALSE;
922 }
923 }
924 }
926 foreach($todo as $var){
927 if (isset($source[$var])){
928 if(isset($source[$var]['count'])){
929 if($source[$var]['count'] > 1){
930 $this->$var = array();
931 $tmp = array();
932 for($i = 0 ; $i < $source[$var]['count']; $i++){
933 $tmp = $source[$var][$i];
934 }
935 $this->$var = $tmp;
936 # echo $var."=".$tmp."<br>";
937 }else{
938 $this->$var = $source[$var][0];
939 # echo $var."=".$source[$var][0]."<br>";
940 }
941 }else{
942 $this->$var= $source[$var];
943 # echo $var."=".$source[$var]."<br>";
944 }
945 }
946 }
947 }
950 function handle_object_tagging($dn= "", $tag= "", $show= false)
951 {
952 //FIXME: How to optimize this? We have at least two
953 // LDAP accesses per object. It would be a good
954 // idea to have it integrated.
956 /* No dn? Self-operation... */
957 if ($dn == ""){
958 $dn= $this->dn;
960 /* No tag? Find it yourself... */
961 if ($tag == ""){
962 $len= strlen($dn);
964 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
965 $relevant= array();
966 foreach ($this->config->adepartments as $key => $ntag){
968 /* This one is bigger than our dn, its not relevant... */
969 if ($len <= strlen($key)){
970 continue;
971 }
973 /* This one matches with the latter part. Break and don't fix this entry */
974 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
975 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
976 $relevant[strlen($key)]= $ntag;
977 continue;
978 }
980 }
982 /* If we've some relevant tags to set, just get the longest one */
983 if (count($relevant)){
984 ksort($relevant);
985 $tmp= array_keys($relevant);
986 $idx= end($tmp);
987 $tag= $relevant[$idx];
988 $this->gosaUnitTag= $tag;
989 }
990 }
991 }
994 /* Set tag? */
995 if ($tag != ""){
996 /* Set objectclass and attribute */
997 $ldap= $this->config->get_ldap_link();
998 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
999 $attrs= $ldap->fetch();
1000 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
1001 if ($show) {
1002 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
1003 flush();
1004 }
1005 return;
1006 }
1007 if (count($attrs)){
1008 if ($show){
1009 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
1010 flush();
1011 }
1012 $nattrs= array("gosaUnitTag" => $tag);
1013 $nattrs['objectClass']= array();
1014 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1015 $oc= $attrs['objectClass'][$i];
1016 if ($oc != "gosaAdministrativeUnitTag"){
1017 $nattrs['objectClass'][]= $oc;
1018 }
1019 }
1020 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
1021 $ldap->cd($dn);
1022 $ldap->modify($nattrs);
1023 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1024 } else {
1025 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
1026 }
1028 } else {
1029 /* Remove objectclass and attribute */
1030 $ldap= $this->config->get_ldap_link();
1031 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1032 $attrs= $ldap->fetch();
1033 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
1034 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
1035 return;
1036 }
1037 if (count($attrs)){
1038 if ($show){
1039 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1040 flush();
1041 }
1042 $nattrs= array("gosaUnitTag" => array());
1043 $nattrs['objectClass']= array();
1044 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1045 $oc= $attrs['objectClass'][$i];
1046 if ($oc != "gosaAdministrativeUnitTag"){
1047 $nattrs['objectClass'][]= $oc;
1048 }
1049 }
1050 $ldap->cd($dn);
1051 $ldap->modify($nattrs);
1052 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1053 } else {
1054 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1055 }
1056 }
1058 }
1061 /* Add possibility to stop remove process */
1062 function allow_remove()
1063 {
1064 $reason= "";
1065 return $reason;
1066 }
1069 /* Create a snapshot of the current object */
1070 function create_snapshot($type= "snapshot", $description= array())
1071 {
1073 /* Check if snapshot functionality is enabled */
1074 if(!$this->snapshotEnabled()){
1075 return;
1076 }
1078 /* Get configuration from gosa.conf */
1079 $tmp = $this->config->current;
1081 /* Create lokal ldap connection */
1082 $ldap= $this->config->get_ldap_link();
1083 $ldap->cd($this->config->current['BASE']);
1085 /* check if there are special server configurations for snapshots */
1086 if(!isset($tmp['SNAPSHOT_SERVER'])){
1088 /* Source and destination server are both the same, just copy source to dest obj */
1089 $ldap_to = $ldap;
1090 $snapldapbase = $this->config->current['BASE'];
1092 }else{
1093 $server = $tmp['SNAPSHOT_SERVER'];
1094 $user = $tmp['SNAPSHOT_USER'];
1095 $password = $tmp['SNAPSHOT_PASSWORD'];
1096 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1098 $ldap_to = new LDAP($user,$password, $server);
1099 $ldap_to -> cd($snapldapbase);
1100 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1101 }
1103 /* check if the dn exists */
1104 if ($ldap->dn_exists($this->dn)){
1106 /* Extract seconds & mysecs, they are used as entry index */
1107 list($usec, $sec)= explode(" ", microtime());
1109 /* Collect some infos */
1110 $base = $this->config->current['BASE'];
1111 $snap_base = $tmp['SNAPSHOT_BASE'];
1112 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1113 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1115 /* Create object */
1116 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1117 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1118 $newName = preg_replace("/\./", "", $sec."-".$usec);
1119 $target= array();
1120 $target['objectClass'] = array("top", "gosaSnapshotObject");
1121 $target['gosaSnapshotData'] = gzcompress($data, 6);
1122 $target['gosaSnapshotType'] = $type;
1123 $target['gosaSnapshotDN'] = $this->dn;
1124 $target['description'] = $description;
1125 $target['gosaSnapshotTimestamp'] = $newName;
1127 /* Insert the new snapshot
1128 But we have to check first, if the given gosaSnapshotTimestamp
1129 is already used, in this case we should increment this value till there is
1130 an unused value. */
1131 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1132 $ldap_to->cat($new_dn);
1133 while($ldap_to->count()){
1134 $ldap_to->cat($new_dn);
1135 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1136 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1137 $target['gosaSnapshotTimestamp'] = $newName;
1138 }
1140 /* Inset this new snapshot */
1141 $ldap_to->cd($snapldapbase);
1142 $ldap_to->create_missing_trees($new_base);
1143 $ldap_to->cd($new_dn);
1144 $ldap_to->add($target);
1146 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1147 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1148 }
1149 }
1151 function remove_snapshot($dn)
1152 {
1153 $ui = get_userinfo();
1154 $old_dn = $this->dn;
1155 $this->dn = $dn;
1156 $ldap = $this->config->get_ldap_link();
1157 $ldap->cd($this->config->current['BASE']);
1158 $ldap->rmdir_recursive($dn);
1159 $this->dn = $old_dn;
1160 }
1163 /* returns true if snapshots are enabled, and false if it is disalbed
1164 There will also be some errors psoted, if the configuration failed */
1165 function snapshotEnabled()
1166 {
1167 $tmp = $this->config->current;
1168 if(isset($tmp['ENABLE_SNAPSHOT'])){
1169 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1171 /* Check if the snapshot_base is defined */
1172 if(!isset($tmp['SNAPSHOT_BASE'])){
1173 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),$missing));
1174 return(FALSE);
1175 }
1177 /* check if there are special server configurations for snapshots */
1178 if(isset($tmp['SNAPSHOT_SERVER'])){
1180 /* check if all required vars are available to create a new ldap connection */
1181 $missing = "";
1182 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_LDAP_BASE") as $var){
1183 if(!isset($tmp[$var])){
1184 $missing .= $var." ";
1185 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1186 return(FALSE);
1187 }
1188 }
1189 }
1190 return(TRUE);
1191 }
1192 }
1193 return(FALSE);
1194 }
1197 /* Return available snapshots for the given base
1198 */
1199 function Available_SnapsShots($dn,$raw = false)
1200 {
1201 if(!$this->snapshotEnabled()) return(array());
1203 /* Create an additional ldap object which
1204 points to our ldap snapshot server */
1205 $ldap= $this->config->get_ldap_link();
1206 $ldap->cd($this->config->current['BASE']);
1207 $tmp = $this->config->current;
1209 /* check if there are special server configurations for snapshots */
1210 if(isset($tmp['SNAPSHOT_SERVER'])){
1211 $server = $tmp['SNAPSHOT_SERVER'];
1212 $user = $tmp['SNAPSHOT_USER'];
1213 $password = $tmp['SNAPSHOT_PASSWORD'];
1214 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1215 $ldap_to = new LDAP($user,$password, $server);
1216 $ldap_to -> cd ($snapldapbase);
1217 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1218 }else{
1219 $ldap_to = $ldap;
1220 }
1222 /* Prepare bases and some other infos */
1223 $base = $this->config->current['BASE'];
1224 $snap_base = $tmp['SNAPSHOT_BASE'];
1225 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1226 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1227 $tmp = array();
1229 /* Fetch all objects with gosaSnapshotDN=$dn */
1230 $ldap_to->cd($new_base);
1231 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1232 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1234 /* Put results into a list and add description if missing */
1235 while($entry = $ldap_to->fetch()){
1236 if(!isset($entry['description'][0])){
1237 $entry['description'][0] = "";
1238 }
1239 $tmp[] = $entry;
1240 }
1242 /* Return the raw array, or format the result */
1243 if($raw){
1244 return($tmp);
1245 }else{
1246 $tmp2 = array();
1247 foreach($tmp as $entry){
1248 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1249 }
1250 }
1251 return($tmp2);
1252 }
1255 function getAllDeletedSnapshots($base_of_object,$raw = false)
1256 {
1257 if(!$this->snapshotEnabled()) return(array());
1259 /* Create an additional ldap object which
1260 points to our ldap snapshot server */
1261 $ldap= $this->config->get_ldap_link();
1262 $ldap->cd($this->config->current['BASE']);
1263 $tmp = $this->config->current;
1265 /* check if there are special server configurations for snapshots */
1266 if(isset($tmp['SNAPSHOT_SERVER'])){
1267 $server = $tmp['SNAPSHOT_SERVER'];
1268 $user = $tmp['SNAPSHOT_USER'];
1269 $password = $tmp['SNAPSHOT_PASSWORD'];
1270 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1271 $ldap_to = new LDAP($user,$password, $server);
1272 $ldap_to->cd ($snapldapbase);
1273 show_ldap_error($ldap->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1274 }else{
1275 $ldap_to = $ldap;
1276 }
1278 /* Prepare bases */
1279 $base = $this->config->current['BASE'];
1280 $snap_base = $tmp['SNAPSHOT_BASE'];
1281 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1283 /* Fetch all objects and check if they do not exist anymore */
1284 $ui = get_userinfo();
1285 $tmp = array();
1286 $ldap_to->cd($new_base);
1287 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1288 while($entry = $ldap_to->fetch()){
1290 $chk = str_replace($new_base,"",$entry['dn']);
1291 if(preg_match("/,ou=/",$chk)) continue;
1293 if(!isset($entry['description'][0])){
1294 $entry['description'][0] = "";
1295 }
1296 $tmp[] = $entry;
1297 }
1299 /* Check if entry still exists */
1300 foreach($tmp as $key => $entry){
1301 $ldap->cat($entry['gosaSnapshotDN'][0]);
1302 if($ldap->count()){
1303 unset($tmp[$key]);
1304 }
1305 }
1307 /* Format result as requested */
1308 if($raw) {
1309 return($tmp);
1310 }else{
1311 $tmp2 = array();
1312 foreach($tmp as $key => $entry){
1313 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1314 }
1315 }
1316 return($tmp2);
1317 }
1320 /* Restore selected snapshot */
1321 function restore_snapshot($dn)
1322 {
1323 if(!$this->snapshotEnabled()) return(array());
1325 $ldap= $this->config->get_ldap_link();
1326 $ldap->cd($this->config->current['BASE']);
1327 $tmp = $this->config->current;
1329 /* check if there are special server configurations for snapshots */
1330 if(isset($tmp['SNAPSHOT_SERVER'])){
1331 $server = $tmp['SNAPSHOT_SERVER'];
1332 $user = $tmp['SNAPSHOT_USER'];
1333 $password = $tmp['SNAPSHOT_PASSWORD'];
1334 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1335 $ldap_to = new LDAP($user,$password, $server);
1336 $ldap_to->cd ($snapldapbase);
1337 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1338 }else{
1339 $ldap_to = $ldap;
1340 }
1342 /* Get the snapshot */
1343 $ldap_to->cat($dn);
1344 $restoreObject = $ldap_to->fetch();
1346 /* Prepare import string */
1347 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1349 /* Import the given data */
1350 $ldap->import_complete_ldif($data,$err,false,false);
1351 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1352 }
1355 function showSnapshotDialog($base,$baseSuffixe)
1356 {
1357 $once = true;
1358 foreach($_POST as $name => $value){
1360 /* Create a new snapshot, display a dialog */
1361 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1362 $once = false;
1363 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1364 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1365 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1366 }
1368 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1369 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1370 $once = false;
1371 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1372 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1373 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1374 $this->snapDialog->display_restore_dialog = true;
1375 }
1377 /* Restore one of the already deleted objects */
1378 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1379 $once = false;
1380 $this->snapDialog = new SnapShotDialog($this->config,"",$this);
1381 $this->snapDialog->set_snapshot_bases($baseSuffixe);
1382 $this->snapDialog->display_restore_dialog = true;
1383 $this->snapDialog->display_all_removed_objects = true;
1384 }
1386 /* Restore selected snapshot */
1387 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1388 $once = false;
1389 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1390 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1391 if(!empty($entry)){
1392 $this->restore_snapshot($entry);
1393 $this->snapDialog = NULL;
1394 }
1395 }
1396 }
1398 /* Create a new snapshot requested, check
1399 the given attributes and create the snapshot*/
1400 if(isset($_POST['CreateSnapshot'])){
1401 $this->snapDialog->save_object();
1402 $msgs = $this->snapDialog->check();
1403 if(count($msgs)){
1404 foreach($msgs as $msg){
1405 print_red($msg);
1406 }
1407 }else{
1408 $this->dn = $this->snapDialog->dn;
1409 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1410 $this->snapDialog = NULL;
1411 }
1412 }
1414 /* Restore is requested, restore the object with the posted dn .*/
1415 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1416 }
1418 if(isset($_POST['CancelSnapshot'])){
1419 $this->snapDialog = NULL;
1420 }
1422 if($this->snapDialog){
1423 $this->snapDialog->save_object();
1424 return($this->snapDialog->execute());
1425 }
1426 }
1429 function plInfo()
1430 {
1431 return array();
1432 }
1435 function set_acl_base($base)
1436 {
1437 $this->acl_base= $base;
1438 }
1441 function set_acl_category($category)
1442 {
1443 $this->acl_category= "$category/";
1444 }
1447 function acl_is_writeable($attribute,$skip_write = FALSE)
1448 {
1449 $ui= get_userinfo();
1450 return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
1451 }
1454 function acl_is_readable($attribute)
1455 {
1456 $ui= get_userinfo();
1457 return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
1458 }
1461 function acl_is_createable()
1462 {
1463 $ui= get_userinfo();
1464 return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1465 }
1468 function acl_is_removeable()
1469 {
1470 $ui= get_userinfo();
1471 return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1472 }
1475 function acl_is_moveable()
1476 {
1477 $ui= get_userinfo();
1478 return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1479 }
1482 function acl_have_any_permissions()
1483 {
1484 }
1487 function getacl($attribute,$skip_write= FALSE)
1488 {
1489 $ui= get_userinfo();
1490 return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
1491 }
1493 /* Get all allowed bases to move an object to or to create a new object.
1494 Idepartments also contains all base departments which lead to the allowed bases */
1495 function get_allowed_bases($category = "")
1496 {
1497 $ui = get_userinfo();
1498 $deps = array();
1500 /* Set category */
1501 if(empty($category)){
1502 $category = $this->acl_category.get_class($this);
1503 }
1505 /* Is this a new object ? Or just an edited existing object */
1506 if(!$this->initially_was_account && $this->is_account){
1507 $new = true;
1508 }else{
1509 $new = false;
1510 }
1512 $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
1513 foreach($this->config->idepartments as $dn => $name){
1515 if(!in_array_ics($dn,$cat_bases)){
1516 continue;
1517 }
1519 $acl = $ui->get_permissions($dn,$category);
1520 if($new && preg_match("/c/",$acl)){
1521 $deps[$dn] = $name;
1522 }elseif(!$new && preg_match("/m/",$acl)){
1523 $deps[$dn] = $name;
1524 }
1525 }
1527 /* Add current base */
1528 if(isset($this->base) && isset($this->config->idepartments[$this->base])){
1529 $deps[$this->base] = $this->config->idepartments[$this->base];
1530 }else{
1531 echo "No default base found. ".$this->base."<br> ";
1532 }
1534 return($deps);
1535 }
1537 /* This function modifies object acls too, if an object is moved.
1538 * $old_dn specifies the actually used dn
1539 * $new_dn specifies the destiantion dn
1540 */
1541 function update_acls($old_dn,$new_dn,$output_changes = FALSE)
1542 {
1543 global $config;
1545 /* Check if old_dn is empty. This should never happen */
1546 if(empty($old_dn) || empty($new_dn)){
1547 trigger_error("Failed to check acl dependencies, wrong dn given.");
1548 return;
1549 }
1551 /* Update userinfo if necessary */
1552 if($_SESSION['ui']->dn == $old_dn){
1553 $_SESSION['ui']->dn = $new_dn;
1554 new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
1555 }
1557 /* Object was moved, ensure that all acls will be moved too */
1558 if($new_dn != $old_dn && $old_dn != "new"){
1560 /* get_ldap configuration */
1561 $update = array();
1562 $ldap = $config->get_ldap_link();
1563 $ldap->cd ($config->current['BASE']);
1564 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
1565 while($attrs = $ldap->fetch()){
1567 $acls = array();
1569 /* Walk through acls */
1570 for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
1572 /* Reset vars */
1573 $found = false;
1575 /* Get Acl parts */
1576 $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
1578 /* Get every single member for this acl */
1579 $members = array();
1580 if(preg_match("/,/",$acl_parts[2])){
1581 $members = split(",",$acl_parts[2]);
1582 }else{
1583 $members = array($acl_parts[2]);
1584 }
1586 /* Check if member match current dn */
1587 foreach($members as $key => $member){
1588 $member = base64_decode($member);
1589 if($member == $old_dn){
1590 $found = true;
1591 $members[$key] = base64_encode($new_dn);
1592 }
1593 }
1595 /* Create new member string */
1596 $new_members = "";
1597 foreach($members as $member){
1598 $new_members .= $member.",";
1599 }
1600 $new_members = preg_replace("/,$/","",$new_members);
1601 $acl_parts[2] = $new_members;
1603 /* Reconstruckt acl entry */
1604 $acl_str ="";
1605 foreach($acl_parts as $t){
1606 $acl_str .= $t.":";
1607 }
1608 $acl_str = preg_replace("/:$/","",$acl_str);
1609 }
1611 /* Acls for this object must be adjusted */
1612 if($found){
1614 if($output_changes){
1615 echo "<font color='green'>".
1616 _("Changing ACL dn")." : <br> -"._("from")." <b> ".
1617 $old_dn.
1618 "</b><br> -"._("to")." <b>".
1619 $new_dn.
1620 "</b></font><br>";
1621 }
1622 $update[$attrs['dn']] =array();
1623 foreach($acls as $acl){
1624 $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
1625 }
1626 }
1627 }
1629 /* Write updated acls */
1630 foreach($update as $dn => $attrs){
1631 $ldap->cd($dn);
1632 $ldap->modify($attrs);
1633 }
1634 }
1635 }
1636 }
1637 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1638 ?>