![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $is_new= TRUE;
109 var $saved_attributes= array();
111 var $acl_base= "";
112 var $acl_category= "";
114 /* Plugin identifier */
115 var $plHeadline= "";
116 var $plDescription= "";
118 /*! \brief plugin constructor
120 If 'dn' is set, the node loads the given 'dn' from LDAP
122 \param dn Distinguished name to initialize plugin from
123 \sa plugin()
124 */
125 function plugin ($config, $dn= NULL, $parent= NULL)
126 {
127 /* Configuration is fine, allways */
128 $this->config= $config;
129 $this->dn= $dn;
131 /* Handle new accounts, don't read information from LDAP */
132 if ($dn == "new"){
133 return;
134 }
136 /* Save current dn as acl_base */
137 $this->acl_base= $dn;
139 /* Get LDAP descriptor */
140 $ldap= $this->config->get_ldap_link();
141 if ($dn != NULL){
143 /* Load data to 'attrs' and save 'dn' */
144 if ($parent != NULL){
145 $this->attrs= $parent->attrs;
146 } else {
147 $ldap->cat ($dn);
148 $this->attrs= $ldap->fetch();
149 }
151 /* Copy needed attributes */
152 foreach ($this->attributes as $val){
153 $found= array_key_ics($val, $this->attrs);
154 if ($found != ""){
155 $this->$val= $this->attrs["$found"][0];
156 }
157 }
159 /* gosaUnitTag loading... */
160 if (isset($this->attrs['gosaUnitTag'][0])){
161 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
162 }
164 /* Set the template flag according to the existence of objectClass
165 gosaUserTemplate */
166 if (isset($this->attrs['objectClass'])){
167 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
168 $this->is_template= TRUE;
169 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
170 "found", "Template check");
171 }
172 }
174 /* Is Account? */
175 error_reporting(0);
176 $found= TRUE;
177 foreach ($this->objectclasses as $obj){
178 if (preg_match('/top/i', $obj)){
179 continue;
180 }
181 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
182 $found= FALSE;
183 break;
184 }
185 }
186 error_reporting(E_ALL);
187 if ($found){
188 $this->is_account= TRUE;
189 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
190 "found", "Object check");
191 }
193 /* Prepare saved attributes */
194 $this->saved_attributes= $this->attrs;
195 foreach ($this->saved_attributes as $index => $value){
196 if (preg_match('/^[0-9]+$/', $index)){
197 unset($this->saved_attributes[$index]);
198 continue;
199 }
200 if (!in_array($index, $this->attributes) && $index != "objectClass"){
201 unset($this->saved_attributes[$index]);
202 continue;
203 }
204 if ($this->saved_attributes[$index]["count"] == 1){
205 $tmp= $this->saved_attributes[$index][0];
206 unset($this->saved_attributes[$index]);
207 $this->saved_attributes[$index]= $tmp;
208 continue;
209 }
211 unset($this->saved_attributes["$index"]["count"]);
212 }
213 }
215 /* Save initial account state */
216 $this->initially_was_account= $this->is_account;
217 }
219 /*! \brief execute plugin
221 Generates the html output for this node
222 */
223 function execute()
224 {
225 gosa_log("ACL ".get_class($this)." - ".$this->acl_category." - ".$this->acl_base);
227 /* This one is empty currently. Fabian - please fill in the docu code */
228 $_SESSION['current_class_for_help'] = get_class($this);
230 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
231 $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
232 }
234 /*! \brief execute plugin
235 Removes object from parent
236 */
237 function remove_from_parent()
238 {
239 /* include global link_info */
240 $ldap= $this->config->get_ldap_link();
242 /* Get current objectClasses in order to add the required ones */
243 $ldap->cat($this->dn);
244 $tmp= $ldap->fetch ();
245 if (isset($tmp['objectClass'])){
246 $oc= $tmp['objectClass'];
247 } else {
248 $oc= array("count" => 0);
249 }
251 /* Remove objectClasses from entry */
252 $ldap->cd($this->dn);
253 $this->attrs= array();
254 $this->attrs['objectClass']= array();
255 for ($i= 0; $i<$oc["count"]; $i++){
256 if (!in_array_ics($oc[$i], $this->objectclasses)){
257 $this->attrs['objectClass'][]= $oc[$i];
258 }
259 }
261 /* Unset attributes from entry */
262 foreach ($this->attributes as $val){
263 $this->attrs["$val"]= array();
264 }
266 /* Unset account info */
267 $this->is_account= FALSE;
269 /* Do not write in plugin base class, this must be done by
270 children, since there are normally additional attribs,
271 lists, etc. */
272 /*
273 $ldap->modify($this->attrs);
274 */
275 }
278 /* Save data to object */
279 function save_object()
280 {
281 /* Save values to object */
282 foreach ($this->attributes as $val){
283 if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
284 /* Check for modifications */
285 if (get_magic_quotes_gpc()) {
286 $data= stripcslashes($_POST["$val"]);
287 } else {
288 $data= $this->$val = $_POST["$val"];
289 }
290 if ($this->$val != $data){
291 $this->is_modified= TRUE;
292 }
294 /* Okay, how can I explain this fix ...
295 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
296 * So IE posts these 'unselectable' option, with value = chr(194)
297 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
298 * This was added for W3c compliance, but now causes these ... ldap errors ...
299 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
300 */
301 if(isset($data[0]) && $data[0] == chr(194)) {
302 $data = "";
303 }
304 $this->$val= $data;
305 //echo "<font color='blue'>".$val."</font><br>";
306 }else{
307 //echo "<font color='red'>".$val."</font><br>";
308 }
309 }
310 }
313 /* Save data to LDAP, depending on is_account we save or delete */
314 function save()
315 {
316 /* include global link_info */
317 $ldap= $this->config->get_ldap_link();
319 /* Start with empty array */
320 $this->attrs= array();
322 /* Get current objectClasses in order to add the required ones */
323 $ldap->cat($this->dn);
325 $tmp= $ldap->fetch ();
327 if (isset($tmp['objectClass'])){
328 $oc= $tmp["objectClass"];
329 $this->is_new= FALSE;
330 } else {
331 $oc= array("count" => 0);
332 $this->is_new= TRUE;
333 }
335 /* Load (minimum) attributes, add missing ones */
336 $this->attrs['objectClass']= $this->objectclasses;
337 for ($i= 0; $i<$oc["count"]; $i++){
338 if (!in_array_ics($oc[$i], $this->objectclasses)){
339 $this->attrs['objectClass'][]= $oc[$i];
340 }
341 }
343 /* Copy standard attributes */
344 foreach ($this->attributes as $val){
345 if ($this->$val != ""){
346 $this->attrs["$val"]= $this->$val;
347 } elseif (!$this->is_new) {
348 $this->attrs["$val"]= array();
349 }
350 }
352 }
355 function cleanup()
356 {
357 foreach ($this->attrs as $index => $value){
359 /* Convert arrays with one element to non arrays, if the saved
360 attributes are no array, too */
361 if (is_array($this->attrs[$index]) &&
362 count ($this->attrs[$index]) == 1 &&
363 isset($this->saved_attributes[$index]) &&
364 !is_array($this->saved_attributes[$index])){
366 $tmp= $this->attrs[$index][0];
367 $this->attrs[$index]= $tmp;
368 }
370 /* Remove emtpy arrays if they do not differ */
371 if (is_array($this->attrs[$index]) &&
372 count($this->attrs[$index]) == 0 &&
373 !isset($this->saved_attributes[$index])){
375 unset ($this->attrs[$index]);
376 continue;
377 }
379 /* Remove single attributes that do not differ */
380 if (!is_array($this->attrs[$index]) &&
381 isset($this->saved_attributes[$index]) &&
382 !is_array($this->saved_attributes[$index]) &&
383 $this->attrs[$index] == $this->saved_attributes[$index]){
385 unset ($this->attrs[$index]);
386 continue;
387 }
389 /* Remove arrays that do not differ */
390 if (is_array($this->attrs[$index]) &&
391 isset($this->saved_attributes[$index]) &&
392 is_array($this->saved_attributes[$index])){
394 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
395 unset ($this->attrs[$index]);
396 continue;
397 }
398 }
399 }
400 }
402 /* Check formular input */
403 function check()
404 {
405 $message= array();
407 /* Skip if we've no config object */
408 if (!isset($this->config)){
409 return $message;
410 }
412 /* Find hooks entries for this class */
413 $command= search_config($this->config->data['MENU'], get_class($this), "CHECK");
414 if ($command == "" && isset($this->config->data['TABS'])){
415 $command= search_config($this->config->data['TABS'], get_class($this), "CHECK");
416 }
418 if ($command != ""){
420 if (!check_command($command)){
421 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
422 get_class($this));
423 } else {
425 /* Generate "ldif" for check hook */
426 $ldif= "dn: $this->dn\n";
428 /* ... objectClasses */
429 foreach ($this->objectclasses as $oc){
430 $ldif.= "objectClass: $oc\n";
431 }
433 /* ... attributes */
434 foreach ($this->attributes as $attr){
435 if ($this->$attr == ""){
436 continue;
437 }
438 if (is_array($this->$attr)){
439 foreach ($this->$attr as $val){
440 $ldif.= "$attr: $val\n";
441 }
442 } else {
443 $ldif.= "$attr: ".$this->$attr."\n";
444 }
445 }
447 /* Append empty line */
448 $ldif.= "\n";
450 /* Feed "ldif" into hook and retrieve result*/
451 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
452 $fh= proc_open($command, $descriptorspec, $pipes);
453 if (is_resource($fh)) {
454 fwrite ($pipes[0], $ldif);
455 fclose($pipes[0]);
457 $result= stream_get_contents($pipes[1]);
458 if ($result != ""){
459 $message[]= $result;
460 }
462 fclose($pipes[1]);
463 fclose($pipes[2]);
464 proc_close($fh);
465 }
466 }
468 }
470 return ($message);
471 }
473 /* Adapt from template, using 'dn' */
474 function adapt_from_template($dn)
475 {
476 /* Include global link_info */
477 $ldap= $this->config->get_ldap_link();
479 /* Load requested 'dn' to 'attrs' */
480 $ldap->cat ($dn);
481 $this->attrs= $ldap->fetch();
483 /* Walk through attributes */
484 foreach ($this->attributes as $val){
486 if (isset($this->attrs["$val"][0])){
488 /* If attribute is set, replace dynamic parts:
489 %sn, %givenName and %uid. Fill these in our local variables. */
490 $value= $this->attrs["$val"][0];
492 foreach (array("sn", "givenName", "uid") as $repl){
493 if (preg_match("/%$repl/i", $value)){
494 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
495 }
496 }
497 $this->$val= $value;
498 }
499 }
501 /* Is Account? */
502 $found= TRUE;
503 foreach ($this->objectclasses as $obj){
504 if (preg_match('/top/i', $obj)){
505 continue;
506 }
507 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
508 $found= FALSE;
509 break;
510 }
511 }
512 if ($found){
513 $this->is_account= TRUE;
514 }
515 }
517 /* Indicate whether a password change is needed or not */
518 function password_change_needed()
519 {
520 return FALSE;
521 }
524 /* Show header message for tab dialogs */
525 function show_enable_header($button_text, $text, $disabled= FALSE)
526 {
527 if (($disabled == TRUE) || (!$this->acl_is_createable())){
528 $state= "disabled";
529 } else {
530 $state= "";
531 }
532 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
533 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
534 "><p class=\"seperator\"> </p></td></tr></table>";
536 return($display);
537 }
540 /* Show header message for tab dialogs */
541 function show_disable_header($button_text, $text, $disabled= FALSE)
542 {
543 if (($disabled == TRUE) || !$this->acl_is_removeable()){
544 $state= "disabled";
545 } else {
546 $state= "";
547 }
548 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
549 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
550 "><p class=\"seperator\"> </p></td></tr></table>";
552 return($display);
553 }
556 /* Show header message for tab dialogs */
557 function show_header($button_text, $text, $disabled= FALSE)
558 {
559 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
560 if ($disabled == TRUE){
561 $state= "disabled";
562 } else {
563 $state= "";
564 }
565 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
566 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
567 ($this->acl_is_createable()?'':'disabled')." ".$state.
568 "><p class=\"seperator\"> </p></td></tr></table>";
570 return($display);
571 }
574 function postcreate($add_attrs= array())
575 {
576 /* Find postcreate entries for this class */
577 $command= search_config($this->config->data['MENU'], get_class($this), "POSTCREATE");
578 if ($command == "" && isset($this->config->data['TABS'])){
579 $command= search_config($this->config->data['TABS'], get_class($this), "POSTCREATE");
580 }
582 if ($command != ""){
583 /* Walk through attribute list */
584 foreach ($this->attributes as $attr){
585 if (!is_array($this->$attr)){
586 $command= preg_replace("/%$attr/", $this->$attr, $command);
587 }
588 }
589 $command= preg_replace("/%dn/", $this->dn, $command);
591 /* Additional attributes */
592 foreach ($add_attrs as $name => $value){
593 $command= preg_replace("/%$name/", $value, $command);
594 }
596 if (check_command($command)){
597 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
598 $command, "Execute");
600 exec($command);
601 } else {
602 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
603 print_red ($message);
604 }
605 }
606 }
608 function postmodify($add_attrs= array())
609 {
610 /* Find postcreate entries for this class */
611 $command= search_config($this->config->data['MENU'], get_class($this), "POSTMODIFY");
612 if ($command == "" && isset($this->config->data['TABS'])){
613 $command= search_config($this->config->data['TABS'], get_class($this), "POSTMODIFY");
614 }
616 if ($command != ""){
617 /* Walk through attribute list */
618 foreach ($this->attributes as $attr){
619 if (!is_array($this->$attr)){
620 $command= preg_replace("/%$attr/", $this->$attr, $command);
621 }
622 }
623 $command= preg_replace("/%dn/", $this->dn, $command);
625 /* Additional attributes */
626 foreach ($add_attrs as $name => $value){
627 $command= preg_replace("/%$name/", $value, $command);
628 }
630 if (check_command($command)){
631 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
632 $command, "Execute");
634 exec($command);
635 } else {
636 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
637 print_red ($message);
638 }
639 }
640 }
642 function postremove($add_attrs= array())
643 {
644 /* Find postremove entries for this class */
645 $command= search_config($this->config->data['MENU'], get_class($this), "POSTREMOVE");
646 if ($command == "" && isset($this->config->data['TABS'])){
647 $command= search_config($this->config->data['TABS'], get_class($this), "POSTREMOVE");
648 }
650 if ($command != ""){
651 /* Walk through attribute list */
652 foreach ($this->attributes as $attr){
653 if (!is_array($this->$attr)){
654 $command= preg_replace("/%$attr/", $this->$attr, $command);
655 }
656 }
657 $command= preg_replace("/%dn/", $this->dn, $command);
659 /* Additional attributes */
660 foreach ($add_attrs as $name => $value){
661 $command= preg_replace("/%$name/", $value, $command);
662 }
664 if (check_command($command)){
665 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
666 $command, "Execute");
668 exec($command);
669 } else {
670 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
671 print_red ($message);
672 }
673 }
674 }
676 /* Create unique DN */
677 function create_unique_dn($attribute, $base)
678 {
679 $ldap= $this->config->get_ldap_link();
680 $base= preg_replace("/^,*/", "", $base);
682 /* Try to use plain entry first */
683 $dn= "$attribute=".$this->$attribute.",$base";
684 $ldap->cat ($dn, array('dn'));
685 if (!$ldap->fetch()){
686 return ($dn);
687 }
689 /* Look for additional attributes */
690 foreach ($this->attributes as $attr){
691 if ($attr == $attribute || $this->$attr == ""){
692 continue;
693 }
695 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
696 $ldap->cat ($dn, array('dn'));
697 if (!$ldap->fetch()){
698 return ($dn);
699 }
700 }
702 /* None found */
703 return ("none");
704 }
706 function rebind($ldap, $referral)
707 {
708 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
709 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
710 $this->error = "Success";
711 $this->hascon=true;
712 $this->reconnect= true;
713 return (0);
714 } else {
715 $this->error = "Could not bind to " . $credentials['ADMIN'];
716 return NULL;
717 }
718 }
720 /* This is a workaround function. */
721 function copy($src_dn, $dst_dn)
722 {
723 /* Rename dn in possible object groups */
724 $ldap= $this->config->get_ldap_link();
725 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
726 array('cn'));
727 while ($attrs= $ldap->fetch()){
728 $og= new ogroup($this->config, $ldap->getDN());
729 unset($og->member[$src_dn]);
730 $og->member[$dst_dn]= $dst_dn;
731 $og->save ();
732 }
734 $ldap->cat($dst_dn);
735 $attrs= $ldap->fetch();
736 if (count($attrs)){
737 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
738 E_USER_WARNING);
739 return (FALSE);
740 }
742 $ldap->cat($src_dn);
743 $attrs= $ldap->fetch();
744 if (!count($attrs)){
745 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
746 E_USER_WARNING);
747 return (FALSE);
748 }
750 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
751 $ds= ldap_connect($this->config->current['SERVER']);
752 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
753 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
754 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
755 }
757 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
758 error_reporting (0);
759 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
761 /* Fill data from LDAP */
762 $new= array();
763 if ($sr) {
764 $ei=ldap_first_entry($ds, $sr);
765 if ($ei) {
766 foreach($attrs as $attr => $val){
767 if ($info = ldap_get_values_len($ds, $ei, $attr)){
768 for ($i= 0; $i<$info['count']; $i++){
769 if ($info['count'] == 1){
770 $new[$attr]= $info[$i];
771 } else {
772 $new[$attr][]= $info[$i];
773 }
774 }
775 }
776 }
777 }
778 }
780 /* close conncetion */
781 error_reporting (E_ALL);
782 ldap_unbind($ds);
784 /* Adapt naming attribute */
785 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
786 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
787 $new[$dst_name]= @LDAP::fix($dst_val);
789 /* Check if this is a department.
790 * If it is a dep. && there is a , override in his ou
791 * change \2C to , again, else this entry can't be saved ...
792 */
793 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
794 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
795 }
797 /* Save copy */
798 $ldap->connect();
799 $ldap->cd($this->config->current['BASE']);
801 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
803 /* FAIvariable=.../..., cn=..
804 could not be saved, because the attribute FAIvariable was different to
805 the dn FAIvariable=..., cn=... */
806 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
807 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
808 }
809 $ldap->cd($dst_dn);
810 $ldap->add($new);
812 if ($ldap->error != "Success"){
813 trigger_error("Trying to save $dst_dn failed.",
814 E_USER_WARNING);
815 return(FALSE);
816 }
818 return (TRUE);
819 }
822 function move($src_dn, $dst_dn)
823 {
824 /* Copy source to destination */
825 if (!$this->copy($src_dn, $dst_dn)){
826 return (FALSE);
827 }
829 /* Delete source */
830 $ldap= $this->config->get_ldap_link();
831 $ldap->rmdir($src_dn);
832 if ($ldap->error != "Success"){
833 trigger_error("Trying to delete $src_dn failed.",
834 E_USER_WARNING);
835 return (FALSE);
836 }
838 return (TRUE);
839 }
842 /* Move/Rename complete trees */
843 function recursive_move($src_dn, $dst_dn)
844 {
845 /* Check if the destination entry exists */
846 $ldap= $this->config->get_ldap_link();
848 /* Check if destination exists - abort */
849 $ldap->cat($dst_dn, array('dn'));
850 if ($ldap->fetch()){
851 trigger_error("recursive_move $dst_dn already exists.",
852 E_USER_WARNING);
853 return (FALSE);
854 }
856 /* Perform a search for all objects to be moved */
857 $objects= array();
858 $ldap->cd($src_dn);
859 $ldap->search("(objectClass=*)", array("dn"));
860 while($attrs= $ldap->fetch()){
861 $dn= $attrs['dn'];
862 $objects[$dn]= strlen($dn);
863 }
865 /* Sort objects by indent level */
866 asort($objects);
867 reset($objects);
869 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
870 foreach ($objects as $object => $len){
871 $src= $object;
872 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
873 if (!$this->copy($src, $dst)){
874 return (FALSE);
875 }
876 }
878 /* Remove src_dn */
879 $ldap->cd($src_dn);
880 $ldap->recursive_remove();
881 return (TRUE);
882 }
885 function handle_post_events($mode, $add_attrs= array())
886 {
887 switch ($mode){
888 case "add":
889 $this->postcreate($add_attrs);
890 break;
892 case "modify":
893 $this->postmodify($add_attrs);
894 break;
896 case "remove":
897 $this->postremove($add_attrs);
898 break;
899 }
900 }
903 function saveCopyDialog(){
904 }
907 function getCopyDialog(){
908 return(array("string"=>"","status"=>""));
909 }
912 function PrepareForCopyPaste($source){
913 $todo = $this->attributes;
914 if(isset($this->CopyPasteVars)){
915 $todo = array_merge($todo,$this->CopyPasteVars);
916 }
917 $todo[] = "is_account";
918 foreach($todo as $var){
919 if (isset($source->$var)){
920 $this->$var= $source->$var;
921 }
922 }
923 }
926 function handle_object_tagging($dn= "", $tag= "", $show= false)
927 {
928 //FIXME: How to optimize this? We have at least two
929 // LDAP accesses per object. It would be a good
930 // idea to have it integrated.
932 /* No dn? Self-operation... */
933 if ($dn == ""){
934 $dn= $this->dn;
936 /* No tag? Find it yourself... */
937 if ($tag == ""){
938 $len= strlen($dn);
940 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
941 $relevant= array();
942 foreach ($this->config->adepartments as $key => $ntag){
944 /* This one is bigger than our dn, its not relevant... */
945 if ($len <= strlen($key)){
946 continue;
947 }
949 /* This one matches with the latter part. Break and don't fix this entry */
950 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
951 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
952 $relevant[strlen($key)]= $ntag;
953 continue;
954 }
956 }
958 /* If we've some relevant tags to set, just get the longest one */
959 if (count($relevant)){
960 ksort($relevant);
961 $tmp= array_keys($relevant);
962 $idx= end($tmp);
963 $tag= $relevant[$idx];
964 $this->gosaUnitTag= $tag;
965 }
966 }
967 }
970 /* Set tag? */
971 if ($tag != ""){
972 /* Set objectclass and attribute */
973 $ldap= $this->config->get_ldap_link();
974 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
975 $attrs= $ldap->fetch();
976 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
977 if ($show) {
978 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
979 flush();
980 }
981 return;
982 }
983 if (count($attrs)){
984 if ($show){
985 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
986 flush();
987 }
988 $nattrs= array("gosaUnitTag" => $tag);
989 $nattrs['objectClass']= array();
990 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
991 $oc= $attrs['objectClass'][$i];
992 if ($oc != "gosaAdministrativeUnitTag"){
993 $nattrs['objectClass'][]= $oc;
994 }
995 }
996 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
997 $ldap->cd($dn);
998 $ldap->modify($nattrs);
999 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1000 } else {
1001 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
1002 }
1004 } else {
1005 /* Remove objectclass and attribute */
1006 $ldap= $this->config->get_ldap_link();
1007 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1008 $attrs= $ldap->fetch();
1009 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
1010 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
1011 return;
1012 }
1013 if (count($attrs)){
1014 if ($show){
1015 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1016 flush();
1017 }
1018 $nattrs= array("gosaUnitTag" => array());
1019 $nattrs['objectClass']= array();
1020 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1021 $oc= $attrs['objectClass'][$i];
1022 if ($oc != "gosaAdministrativeUnitTag"){
1023 $nattrs['objectClass'][]= $oc;
1024 }
1025 }
1026 $ldap->cd($dn);
1027 $ldap->modify($nattrs);
1028 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1029 } else {
1030 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1031 }
1032 }
1034 }
1037 /* Add possibility to stop remove process */
1038 function allow_remove()
1039 {
1040 $reason= "";
1041 return $reason;
1042 }
1045 /* Create a snapshot of the current object */
1046 function create_snapshot($type= "snapshot", $description= array())
1047 {
1049 /* Check if snapshot functionality is enabled */
1050 if(!$this->snapshotEnabled()){
1051 return;
1052 }
1054 /* Get configuration from gosa.conf */
1055 $tmp = $this->config->current;
1057 /* Create lokal ldap connection */
1058 $ldap= $this->config->get_ldap_link();
1059 $ldap->cd($this->config->current['BASE']);
1061 /* check if there are special server configurations for snapshots */
1062 if(!isset($tmp['SNAPSHOT_SERVER'])){
1064 /* Source and destination server are both the same, just copy source to dest obj */
1065 $ldap_to = $ldap;
1066 $snapldapbase = $this->config->current['BASE'];
1068 }else{
1069 $server = $tmp['SNAPSHOT_SERVER'];
1070 $user = $tmp['SNAPSHOT_USER'];
1071 $password = $tmp['SNAPSHOT_PASSWORD'];
1072 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1074 $ldap_to = new LDAP($user,$password, $server);
1075 $ldap_to -> cd($snapldapbase);
1076 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1077 }
1079 /* check if the dn exists */
1080 if ($ldap->dn_exists($this->dn)){
1082 /* Extract seconds & mysecs, they are used as entry index */
1083 list($usec, $sec)= explode(" ", microtime());
1085 /* Collect some infos */
1086 $base = $this->config->current['BASE'];
1087 $snap_base = $tmp['SNAPSHOT_BASE'];
1088 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1089 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1091 /* Create object */
1092 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1093 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1094 $newName = preg_replace("/\./", "", $sec."-".$usec);
1095 $target= array();
1096 $target['objectClass'] = array("top", "gosaSnapshotObject");
1097 $target['gosaSnapshotData'] = gzcompress($data, 6);
1098 $target['gosaSnapshotType'] = $type;
1099 $target['gosaSnapshotDN'] = $this->dn;
1100 $target['description'] = $description;
1101 $target['gosaSnapshotTimestamp'] = $newName;
1103 /* Insert the new snapshot
1104 But we have to check first, if the given gosaSnapshotTimestamp
1105 is already used, in this case we should increment this value till there is
1106 an unused value. */
1107 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1108 $ldap_to->cat($new_dn);
1109 while($ldap_to->count()){
1110 $ldap_to->cat($new_dn);
1111 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1112 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1113 $target['gosaSnapshotTimestamp'] = $newName;
1114 }
1116 /* Inset this new snapshot */
1117 $ldap_to->cd($snapldapbase);
1118 $ldap_to->create_missing_trees($new_base);
1119 $ldap_to->cd($new_dn);
1120 $ldap_to->add($target);
1122 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1123 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1124 }
1125 }
1127 function remove_snapshot($dn)
1128 {
1129 $ui = get_userinfo();
1130 $old_dn = $this->dn;
1131 $this->dn = $dn;
1132 $ldap = $this->config->get_ldap_link();
1133 $ldap->cd($this->config->current['BASE']);
1134 $ldap->rmdir_recursive($dn);
1135 $this->dn = $old_dn;
1136 }
1139 /* returns true if snapshots are enabled, and false if it is disalbed
1140 There will also be some errors psoted, if the configuration failed */
1141 function snapshotEnabled()
1142 {
1143 $tmp = $this->config->current;
1144 if(isset($tmp['ENABLE_SNAPSHOT'])){
1145 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1147 /* Check if the snapshot_base is defined */
1148 if(!isset($tmp['SNAPSHOT_BASE'])){
1149 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),$missing));
1150 return(FALSE);
1151 }
1153 /* check if there are special server configurations for snapshots */
1154 if(isset($tmp['SNAPSHOT_SERVER'])){
1156 /* check if all required vars are available to create a new ldap connection */
1157 $missing = "";
1158 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_LDAP_BASE") as $var){
1159 if(!isset($tmp[$var])){
1160 $missing .= $var." ";
1161 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1162 return(FALSE);
1163 }
1164 }
1165 }
1166 return(TRUE);
1167 }
1168 }
1169 return(FALSE);
1170 }
1173 /* Return available snapshots for the given base
1174 */
1175 function Available_SnapsShots($dn,$raw = false)
1176 {
1177 if(!$this->snapshotEnabled()) return(array());
1179 /* Create an additional ldap object which
1180 points to our ldap snapshot server */
1181 $ldap= $this->config->get_ldap_link();
1182 $ldap->cd($this->config->current['BASE']);
1183 $tmp = $this->config->current;
1185 /* check if there are special server configurations for snapshots */
1186 if(isset($tmp['SNAPSHOT_SERVER'])){
1187 $server = $tmp['SNAPSHOT_SERVER'];
1188 $user = $tmp['SNAPSHOT_USER'];
1189 $password = $tmp['SNAPSHOT_PASSWORD'];
1190 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1191 $ldap_to = new LDAP($user,$password, $server);
1192 $ldap_to -> cd ($snapldapbase);
1193 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1194 }else{
1195 $ldap_to = $ldap;
1196 }
1198 /* Prepare bases and some other infos */
1199 $base = $this->config->current['BASE'];
1200 $snap_base = $tmp['SNAPSHOT_BASE'];
1201 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1202 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1203 $tmp = array();
1205 /* Fetch all objects with gosaSnapshotDN=$dn */
1206 $ldap_to->cd($new_base);
1207 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1208 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1210 /* Put results into a list and add description if missing */
1211 while($entry = $ldap_to->fetch()){
1212 if(!isset($entry['description'][0])){
1213 $entry['description'][0] = "";
1214 }
1215 $tmp[] = $entry;
1216 }
1218 /* Return the raw array, or format the result */
1219 if($raw){
1220 return($tmp);
1221 }else{
1222 $tmp2 = array();
1223 foreach($tmp as $entry){
1224 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1225 }
1226 }
1227 return($tmp2);
1228 }
1231 function getAllDeletedSnapshots($base_of_object,$raw = false)
1232 {
1233 if(!$this->snapshotEnabled()) return(array());
1235 /* Create an additional ldap object which
1236 points to our ldap snapshot server */
1237 $ldap= $this->config->get_ldap_link();
1238 $ldap->cd($this->config->current['BASE']);
1239 $tmp = $this->config->current;
1241 /* check if there are special server configurations for snapshots */
1242 if(isset($tmp['SNAPSHOT_SERVER'])){
1243 $server = $tmp['SNAPSHOT_SERVER'];
1244 $user = $tmp['SNAPSHOT_USER'];
1245 $password = $tmp['SNAPSHOT_PASSWORD'];
1246 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1247 $ldap_to = new LDAP($user,$password, $server);
1248 $ldap_to->cd ($snapldapbase);
1249 show_ldap_error($ldap->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1250 }else{
1251 $ldap_to = $ldap;
1252 }
1254 /* Prepare bases */
1255 $base = $this->config->current['BASE'];
1256 $snap_base = $tmp['SNAPSHOT_BASE'];
1257 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1259 /* Fetch all objects and check if they do not exist anymore */
1260 $ui = get_userinfo();
1261 $tmp = array();
1262 $ldap_to->cd($new_base);
1263 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1264 while($entry = $ldap_to->fetch()){
1266 $chk = str_replace($new_base,"",$entry['dn']);
1267 if(preg_match("/,ou=/",$chk)) continue;
1269 if(!isset($entry['description'][0])){
1270 $entry['description'][0] = "";
1271 }
1272 $tmp[] = $entry;
1273 }
1275 /* Check if entry still exists */
1276 foreach($tmp as $key => $entry){
1277 $ldap->cat($entry['gosaSnapshotDN'][0]);
1278 if($ldap->count()){
1279 unset($tmp[$key]);
1280 }
1281 }
1283 /* Format result as requested */
1284 if($raw) {
1285 return($tmp);
1286 }else{
1287 $tmp2 = array();
1288 foreach($tmp as $key => $entry){
1289 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1290 }
1291 }
1292 return($tmp2);
1293 }
1296 /* Restore selected snapshot */
1297 function restore_snapshot($dn)
1298 {
1299 if(!$this->snapshotEnabled()) return(array());
1301 $ldap= $this->config->get_ldap_link();
1302 $ldap->cd($this->config->current['BASE']);
1303 $tmp = $this->config->current;
1305 /* check if there are special server configurations for snapshots */
1306 if(isset($tmp['SNAPSHOT_SERVER'])){
1307 $server = $tmp['SNAPSHOT_SERVER'];
1308 $user = $tmp['SNAPSHOT_USER'];
1309 $password = $tmp['SNAPSHOT_PASSWORD'];
1310 $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
1311 $ldap_to = new LDAP($user,$password, $server);
1312 $ldap_to->cd ($snapldapbase);
1313 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1314 }else{
1315 $ldap_to = $ldap;
1316 }
1318 /* Get the snapshot */
1319 $ldap_to->cat($dn);
1320 $restoreObject = $ldap_to->fetch();
1322 /* Prepare import string */
1323 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1325 /* Import the given data */
1326 $ldap->import_complete_ldif($data,$err,false,false);
1327 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1328 }
1331 function showSnapshotDialog($base,$baseSuffixe)
1332 {
1333 $once = true;
1334 foreach($_POST as $name => $value){
1336 /* Create a new snapshot, display a dialog */
1337 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1338 $once = false;
1339 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1340 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1341 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1342 }
1344 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1345 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1346 $once = false;
1347 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1348 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1349 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1350 $this->snapDialog->display_restore_dialog = true;
1351 }
1353 /* Restore one of the already deleted objects */
1354 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1355 $once = false;
1356 $this->snapDialog = new SnapShotDialog($this->config,"",$this);
1357 $this->snapDialog->set_snapshot_bases($baseSuffixe);
1358 $this->snapDialog->display_restore_dialog = true;
1359 $this->snapDialog->display_all_removed_objects = true;
1360 }
1362 /* Restore selected snapshot */
1363 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1364 $once = false;
1365 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1366 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1367 if(!empty($entry)){
1368 $this->restore_snapshot($entry);
1369 $this->snapDialog = NULL;
1370 }
1371 }
1372 }
1374 /* Create a new snapshot requested, check
1375 the given attributes and create the snapshot*/
1376 if(isset($_POST['CreateSnapshot'])){
1377 $this->snapDialog->save_object();
1378 $msgs = $this->snapDialog->check();
1379 if(count($msgs)){
1380 foreach($msgs as $msg){
1381 print_red($msg);
1382 }
1383 }else{
1384 $this->dn = $this->snapDialog->dn;
1385 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1386 $this->snapDialog = NULL;
1387 }
1388 }
1390 /* Restore is requested, restore the object with the posted dn .*/
1391 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1392 }
1394 if(isset($_POST['CancelSnapshot'])){
1395 $this->snapDialog = NULL;
1396 }
1398 if($this->snapDialog){
1399 $this->snapDialog->save_object();
1400 return($this->snapDialog->execute());
1401 }
1402 }
1405 function plInfo()
1406 {
1407 return array();
1408 }
1411 function set_acl_base($base)
1412 {
1413 $this->acl_base= $base;
1414 }
1417 function set_acl_category($category)
1418 {
1419 $this->acl_category= "$category/";
1420 }
1423 function acl_is_writeable($attribute,$skip_write = FALSE)
1424 {
1425 $ui= get_userinfo();
1426 return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
1427 }
1430 function acl_is_readable($attribute)
1431 {
1432 $ui= get_userinfo();
1433 return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
1434 }
1437 function acl_is_createable()
1438 {
1439 $ui= get_userinfo();
1440 return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1441 }
1444 function acl_is_removeable()
1445 {
1446 $ui= get_userinfo();
1447 return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1448 }
1451 function acl_is_moveable()
1452 {
1453 $ui= get_userinfo();
1454 return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1455 }
1458 function acl_have_any_permissions()
1459 {
1460 }
1463 function getacl($attribute,$skip_write= FALSE)
1464 {
1465 $ui= get_userinfo();
1466 return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
1467 }
1469 /* Get all allowed bases to move an object to or to create a new object.
1470 Idepartments also contains all base departments which lead to the allowed bases */
1471 function get_allowed_bases($category = "")
1472 {
1473 $ui = get_userinfo();
1474 $deps = array();
1476 /* Set category */
1477 if(empty($category)){
1478 $category = $this->acl_category.get_class($this);
1479 }
1481 /* Is this a new object ? Or just an edited existing object */
1482 if(!$this->initially_was_account && $this->is_account){
1483 $new = true;
1484 }else{
1485 $new = false;
1486 }
1488 $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
1489 foreach($this->config->idepartments as $dn => $name){
1491 if(!in_array_ics($dn,$cat_bases)){
1492 continue;
1493 }
1495 $acl = $ui->get_permissions($dn,$category);
1496 if($new && preg_match("/c/",$acl)){
1497 $deps[$dn] = $name;
1498 }elseif(!$new && preg_match("/m/",$acl)){
1499 $deps[$dn] = $name;
1500 }
1501 }
1503 /* Add current base */
1504 if(isset($this->base) && isset($this->config->idepartments[$this->base])){
1505 $deps[$this->base] = $this->config->idepartments[$this->base];
1506 }else{
1507 echo "No default base found. ".$this->base."<br> ";
1508 }
1510 return($deps);
1511 }
1513 /* This function modifies object acls too, if an object is moved.
1514 * $old_dn specifies the actually used dn
1515 * $new_dn specifies the destiantion dn
1516 */
1517 function update_acls($old_dn,$new_dn,$output_changes = FALSE)
1518 {
1519 global $config;
1521 /* Check if old_dn is empty. This should never happen */
1522 if(empty($old_dn) || empty($new_dn)){
1523 trigger_error("Failed to check acl dependencies, wrong dn given.");
1524 return;
1525 }
1527 /* Update userinfo if necessary */
1528 if($_SESSION['ui']->dn == $old_dn){
1529 $_SESSION['ui']->dn = $new_dn;
1530 gosa_log(_("Updated current user dn from '".$old_dn."' to '".$new_dn."'"));
1531 }
1533 /* Object was moved, ensure that all acls will be moved too */
1534 if($new_dn != $old_dn && $old_dn != "new"){
1536 /* get_ldap configuration */
1537 $update = array();
1538 $ldap = $config->get_ldap_link();
1539 $ldap->cd ($config->current['BASE']);
1540 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
1541 while($attrs = $ldap->fetch()){
1543 $acls = array();
1545 /* Walk through acls */
1546 for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
1548 /* Reset vars */
1549 $found = false;
1551 /* Get Acl parts */
1552 $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
1554 /* Get every single member for this acl */
1555 $members = array();
1556 if(preg_match("/,/",$acl_parts[2])){
1557 $members = split(",",$acl_parts[2]);
1558 }else{
1559 $members = array($acl_parts[2]);
1560 }
1562 /* Check if member match current dn */
1563 foreach($members as $key => $member){
1564 $member = base64_decode($member);
1565 if($member == $old_dn){
1566 $found = true;
1567 $members[$key] = base64_encode($new_dn);
1568 }
1569 }
1571 /* Create new member string */
1572 $new_members = "";
1573 foreach($members as $member){
1574 $new_members .= $member.",";
1575 }
1576 $new_members = preg_replace("/,$/","",$new_members);
1577 $acl_parts[2] = $new_members;
1579 /* Reconstruckt acl entry */
1580 $acl_str ="";
1581 foreach($acl_parts as $t){
1582 $acl_str .= $t.":";
1583 }
1584 $acl_str = preg_replace("/:$/","",$acl_str);
1585 }
1587 /* Acls for this object must be adjusted */
1588 if($found){
1590 if($output_changes){
1591 echo "<font color='green'>".
1592 _("Changing ACL dn")." : <br> -"._("from")." <b> ".
1593 $old_dn.
1594 "</b><br> -"._("to")." <b>".
1595 $new_dn.
1596 "</b></font><br>";
1597 }
1598 $update[$attrs['dn']] =array();
1599 foreach($acls as $acl){
1600 $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
1601 }
1602 }
1603 }
1605 /* Write updated acls */
1606 foreach($update as $dn => $attrs){
1607 $ldap->cd($dn);
1608 $ldap->modify($attrs);
1609 }
1610 }
1611 }
1612 }
1613 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1614 ?>