1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $is_new= TRUE;
109 var $saved_attributes= array();
111 var $acl_base= "";
112 var $acl_category= "";
114 /* Plugin identifier */
115 var $plHeadline= "";
116 var $plDescription= "";
118 /* This can be set to render the tabulators in another stylesheet */
119 var $pl_notify= FALSE;
121 /*! \brief plugin constructor
123 If 'dn' is set, the node loads the given 'dn' from LDAP
125 \param dn Distinguished name to initialize plugin from
126 \sa plugin()
127 */
128 function plugin (&$config, $dn= NULL, $parent= NULL)
129 {
130 /* Configuration is fine, allways */
131 $this->config= &$config;
132 $this->dn= $dn;
134 /* Handle new accounts, don't read information from LDAP */
135 if ($dn == "new"){
136 return;
137 }
139 /* Save current dn as acl_base */
140 $this->acl_base= $dn;
142 /* Get LDAP descriptor */
143 $ldap= $this->config->get_ldap_link();
144 if ($dn !== NULL){
146 /* Load data to 'attrs' and save 'dn' */
147 if ($parent !== NULL){
148 $this->attrs= $parent->attrs;
149 } else {
150 $ldap->cat ($dn);
151 $this->attrs= $ldap->fetch();
152 }
154 /* Copy needed attributes */
155 foreach ($this->attributes as $val){
156 $found= array_key_ics($val, $this->attrs);
157 if ($found != ""){
158 $this->$val= $this->attrs["$found"][0];
159 }
160 }
162 /* gosaUnitTag loading... */
163 if (isset($this->attrs['gosaUnitTag'][0])){
164 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
165 }
167 /* Set the template flag according to the existence of objectClass
168 gosaUserTemplate */
169 if (isset($this->attrs['objectClass'])){
170 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
171 $this->is_template= TRUE;
172 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
173 "found", "Template check");
174 }
175 }
177 /* Is Account? */
178 $found= TRUE;
179 foreach ($this->objectclasses as $obj){
180 if (preg_match('/top/i', $obj)){
181 continue;
182 }
183 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
184 $found= FALSE;
185 break;
186 }
187 }
188 if ($found){
189 $this->is_account= TRUE;
190 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
191 "found", "Object check");
192 }
194 /* Prepare saved attributes */
195 $this->saved_attributes= $this->attrs;
196 foreach ($this->saved_attributes as $index => $value){
197 if (preg_match('/^[0-9]+$/', $index)){
198 unset($this->saved_attributes[$index]);
199 continue;
200 }
201 if (!in_array($index, $this->attributes) && $index != "objectClass"){
202 unset($this->saved_attributes[$index]);
203 continue;
204 }
205 if ($this->saved_attributes[$index]["count"] == 1){
206 $tmp= $this->saved_attributes[$index][0];
207 unset($this->saved_attributes[$index]);
208 $this->saved_attributes[$index]= $tmp;
209 continue;
210 }
212 unset($this->saved_attributes["$index"]["count"]);
213 }
214 }
216 /* Save initial account state */
217 $this->initially_was_account= $this->is_account;
218 }
220 /*! \brief execute plugin
222 Generates the html output for this node
223 */
224 function execute()
225 {
226 /* This one is empty currently. Fabian - please fill in the docu code */
227 $_SESSION['current_class_for_help'] = get_class($this);
229 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
230 $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
231 }
233 /*! \brief execute plugin
234 Removes object from parent
235 */
236 function remove_from_parent()
237 {
238 /* include global link_info */
239 $ldap= $this->config->get_ldap_link();
241 /* Get current objectClasses in order to add the required ones */
242 $ldap->cat($this->dn);
243 $tmp= $ldap->fetch ();
244 $oc= array();
245 if (isset($tmp['objectClass'])){
246 $oc= $tmp['objectClass'];
247 unset($oc['count']);
248 }
250 /* Remove objectClasses from entry */
251 $ldap->cd($this->dn);
252 $this->attrs= array();
253 $this->attrs['objectClass']= array_remove_entries($this->objectclasses,$oc);
255 /* Unset attributes from entry */
256 foreach ($this->attributes as $val){
257 $this->attrs["$val"]= array();
258 }
260 /* Unset account info */
261 $this->is_account= FALSE;
263 /* Do not write in plugin base class, this must be done by
264 children, since there are normally additional attribs,
265 lists, etc. */
266 /*
267 $ldap->modify($this->attrs);
268 */
269 }
272 /* Save data to object */
273 function save_object()
274 {
275 /* Save values to object */
276 foreach ($this->attributes as $val){
277 if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
278 /* Check for modifications */
279 if (get_magic_quotes_gpc()) {
280 $data= stripcslashes($_POST["$val"]);
281 } else {
282 $data= $this->$val = $_POST["$val"];
283 }
284 if ($this->$val != $data){
285 $this->is_modified= TRUE;
286 }
288 /* Okay, how can I explain this fix ...
289 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
290 * So IE posts these 'unselectable' option, with value = chr(194)
291 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
292 * This was added for W3c compliance, but now causes these ... ldap errors ...
293 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
294 */
295 if(isset($data[0]) && $data[0] == chr(194)) {
296 $data = "";
297 }
298 $this->$val= $data;
299 //echo "<font color='blue'>".$val."</font><br>";
300 }else{
301 //echo "<font color='red'>".$val."</font><br>";
302 }
303 }
304 }
307 /* Save data to LDAP, depending on is_account we save or delete */
308 function save()
309 {
310 /* include global link_info */
311 $ldap= $this->config->get_ldap_link();
313 /* Start with empty array */
314 $this->attrs= array();
316 /* Get current objectClasses in order to add the required ones */
317 $ldap->cat($this->dn);
319 $tmp= $ldap->fetch ();
321 $oc= array();
322 if (isset($tmp['objectClass'])){
323 $oc= $tmp["objectClass"];
324 $this->is_new= FALSE;
325 unset($oc['count']);
326 } else {
327 $this->is_new= TRUE;
328 }
330 /* Load (minimum) attributes, add missing ones */
331 $this->attrs['objectClass']= gosa_array_merge($oc,$this->objectclasses);
333 /* Copy standard attributes */
334 foreach ($this->attributes as $val){
335 if ($this->$val != ""){
336 $this->attrs["$val"]= $this->$val;
337 } elseif (!$this->is_new) {
338 $this->attrs["$val"]= array();
339 }
340 }
342 }
345 function cleanup()
346 {
347 foreach ($this->attrs as $index => $value){
349 /* Convert arrays with one element to non arrays, if the saved
350 attributes are no array, too */
351 if (is_array($this->attrs[$index]) &&
352 count ($this->attrs[$index]) == 1 &&
353 isset($this->saved_attributes[$index]) &&
354 !is_array($this->saved_attributes[$index])){
356 $tmp= $this->attrs[$index][0];
357 $this->attrs[$index]= $tmp;
358 }
360 /* Remove emtpy arrays if they do not differ */
361 if (is_array($this->attrs[$index]) &&
362 count($this->attrs[$index]) == 0 &&
363 !isset($this->saved_attributes[$index])){
365 unset ($this->attrs[$index]);
366 continue;
367 }
369 /* Remove single attributes that do not differ */
370 if (!is_array($this->attrs[$index]) &&
371 isset($this->saved_attributes[$index]) &&
372 !is_array($this->saved_attributes[$index]) &&
373 $this->attrs[$index] == $this->saved_attributes[$index]){
375 unset ($this->attrs[$index]);
376 continue;
377 }
379 /* Remove arrays that do not differ */
380 if (is_array($this->attrs[$index]) &&
381 isset($this->saved_attributes[$index]) &&
382 is_array($this->saved_attributes[$index])){
384 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
385 unset ($this->attrs[$index]);
386 continue;
387 }
388 }
389 }
391 /* Update saved attributes and ensure that next cleanups will be successful too */
392 foreach($this->attrs as $name => $value){
393 $this->saved_attributes[$name] = $value;
394 }
395 }
397 /* Check formular input */
398 function check()
399 {
400 $message= array();
402 /* Skip if we've no config object */
403 if (!isset($this->config) || !is_object($this->config)){
404 return $message;
405 }
407 /* Find hooks entries for this class */
408 $command= $this->config->search(get_class($this), "CHECK", array('menu', 'tabs'));
410 if ($command != ""){
412 if (!check_command($command)){
413 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
414 get_class($this));
415 } else {
417 /* Generate "ldif" for check hook */
418 $ldif= "dn: $this->dn\n";
420 /* ... objectClasses */
421 foreach ($this->objectclasses as $oc){
422 $ldif.= "objectClass: $oc\n";
423 }
425 /* ... attributes */
426 foreach ($this->attributes as $attr){
427 if ($this->$attr == ""){
428 continue;
429 }
430 if (is_array($this->$attr)){
431 foreach ($this->$attr as $val){
432 $ldif.= "$attr: $val\n";
433 }
434 } else {
435 $ldif.= "$attr: ".$this->$attr."\n";
436 }
437 }
439 /* Append empty line */
440 $ldif.= "\n";
442 /* Feed "ldif" into hook and retrieve result*/
443 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
444 $fh= proc_open($command, $descriptorspec, $pipes);
445 if (is_resource($fh)) {
446 fwrite ($pipes[0], $ldif);
447 fclose($pipes[0]);
449 $result= stream_get_contents($pipes[1]);
450 if ($result != ""){
451 $message[]= $result;
452 }
454 fclose($pipes[1]);
455 fclose($pipes[2]);
456 proc_close($fh);
457 }
458 }
460 }
462 return ($message);
463 }
465 /* Adapt from template, using 'dn' */
466 function adapt_from_template($dn)
467 {
468 /* Include global link_info */
469 $ldap= $this->config->get_ldap_link();
471 /* Load requested 'dn' to 'attrs' */
472 $ldap->cat ($dn);
473 $this->attrs= $ldap->fetch();
475 /* Walk through attributes */
476 foreach ($this->attributes as $val){
478 if (isset($this->attrs["$val"][0])){
480 /* If attribute is set, replace dynamic parts:
481 %sn, %givenName and %uid. Fill these in our local variables. */
482 $value= $this->attrs["$val"][0];
484 foreach (array("sn", "givenName", "uid") as $repl){
485 if (preg_match("/%$repl/i", $value)){
486 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
487 }
488 }
489 $this->$val= $value;
490 }
491 }
493 /* Is Account? */
494 $found= TRUE;
495 foreach ($this->objectclasses as $obj){
496 if (preg_match('/top/i', $obj)){
497 continue;
498 }
499 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
500 $found= FALSE;
501 break;
502 }
503 }
504 if ($found){
505 $this->is_account= TRUE;
506 }
507 }
509 /* Indicate whether a password change is needed or not */
510 function password_change_needed()
511 {
512 return FALSE;
513 }
516 /* Show header message for tab dialogs */
517 function show_enable_header($button_text, $text, $disabled= FALSE)
518 {
519 if (($disabled == TRUE) || (!$this->acl_is_createable())){
520 $state= "disabled";
521 } else {
522 $state= "";
523 }
524 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
525 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
526 "><p class=\"seperator\"> </p></td></tr></table>";
528 return($display);
529 }
532 /* Show header message for tab dialogs */
533 function show_disable_header($button_text, $text, $disabled= FALSE)
534 {
535 if (($disabled == TRUE) || !$this->acl_is_removeable()){
536 $state= "disabled";
537 } else {
538 $state= "";
539 }
540 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
541 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
542 "><p class=\"seperator\"> </p></td></tr></table>";
544 return($display);
545 }
548 /* Show header message for tab dialogs */
549 function show_header($button_text, $text, $disabled= FALSE)
550 {
551 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
552 if ($disabled == TRUE){
553 $state= "disabled";
554 } else {
555 $state= "";
556 }
557 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
558 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
559 ($this->acl_is_createable()?'':'disabled')." ".$state.
560 "><p class=\"seperator\"> </p></td></tr></table>";
562 return($display);
563 }
566 function postcreate($add_attrs= array())
567 {
568 /* Find postcreate entries for this class */
569 $command= $this->config->search(get_class($this), "POSTCREATE",array('menu', 'tabs'));
571 if ($command != ""){
573 /* Additional attributes */
574 foreach ($add_attrs as $name => $value){
575 $command= preg_replace("/%$name/", $value, $command);
576 }
578 /* Walk through attribute list */
579 foreach ($this->attributes as $attr){
580 if (!is_array($this->$attr)){
581 $command= preg_replace("/%$attr/", $this->$attr, $command);
582 }
583 }
584 $command= preg_replace("/%dn/", $this->dn, $command);
586 if (check_command($command)){
587 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
588 $command, "Execute");
590 exec($command);
591 } else {
592 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
593 print_red ($message);
594 }
595 }
596 }
598 function postmodify($add_attrs= array())
599 {
600 /* Find postcreate entries for this class */
601 $command= $this->config->search(get_class($this), "POSTMODIFY",array('menu','tabs'));
603 if ($command != ""){
605 /* Additional attributes */
606 foreach ($add_attrs as $name => $value){
607 $command= preg_replace("/%$name/", $value, $command);
608 }
610 /* Walk through attribute list */
611 foreach ($this->attributes as $attr){
612 if (!is_array($this->$attr)){
613 $command= preg_replace("/%$attr/", $this->$attr, $command);
614 }
615 }
616 $command= preg_replace("/%dn/", $this->dn, $command);
618 if (check_command($command)){
619 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
620 $command, "Execute");
622 exec($command);
623 } else {
624 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
625 print_red ($message);
626 }
627 }
628 }
630 function postremove($add_attrs= array())
631 {
632 /* Find postremove entries for this class */
633 $command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs'));
634 if ($command != ""){
636 /* Additional attributes */
637 foreach ($add_attrs as $name => $value){
638 $command= preg_replace("/%$name/", $value, $command);
639 }
641 /* Walk through attribute list */
642 foreach ($this->attributes as $attr){
643 if (!is_array($this->$attr)){
644 $command= preg_replace("/%$attr/", $this->$attr, $command);
645 }
646 }
647 $command= preg_replace("/%dn/", $this->dn, $command);
649 /* Additional attributes */
650 foreach ($add_attrs as $name => $value){
651 $command= preg_replace("/%$name/", $value, $command);
652 }
654 if (check_command($command)){
655 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
656 $command, "Execute");
658 exec($command);
659 } else {
660 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
661 print_red ($message);
662 }
663 }
664 }
666 /* Create unique DN */
667 function create_unique_dn($attribute, $base)
668 {
669 $ldap= $this->config->get_ldap_link();
670 $base= preg_replace("/^,*/", "", $base);
672 /* Try to use plain entry first */
673 $dn= "$attribute=".$this->$attribute.",$base";
674 $ldap->cat ($dn, array('dn'));
675 if (!$ldap->fetch()){
676 return ($dn);
677 }
679 /* Look for additional attributes */
680 foreach ($this->attributes as $attr){
681 if ($attr == $attribute || $this->$attr == ""){
682 continue;
683 }
685 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
686 $ldap->cat ($dn, array('dn'));
687 if (!$ldap->fetch()){
688 return ($dn);
689 }
690 }
692 /* None found */
693 return ("none");
694 }
696 function rebind($ldap, $referral)
697 {
698 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
699 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
700 $this->error = "Success";
701 $this->hascon=true;
702 $this->reconnect= true;
703 return (0);
704 } else {
705 $this->error = "Could not bind to " . $credentials['ADMIN'];
706 return NULL;
707 }
708 }
710 /* This is a workaround function. */
711 function copy($src_dn, $dst_dn)
712 {
713 /* Rename dn in possible object groups */
714 $ldap= $this->config->get_ldap_link();
715 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
716 array('cn'));
717 while ($attrs= $ldap->fetch()){
718 $og= new ogroup($this->config, $ldap->getDN());
719 unset($og->member[$src_dn]);
720 $og->member[$dst_dn]= $dst_dn;
721 $og->save ();
722 }
724 $ldap->cat($dst_dn);
725 $attrs= $ldap->fetch();
726 if (count($attrs)){
727 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
728 E_USER_WARNING);
729 return (FALSE);
730 }
732 $ldap->cat($src_dn);
733 $attrs= $ldap->fetch();
734 if (!count($attrs)){
735 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
736 E_USER_WARNING);
737 return (FALSE);
738 }
740 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
741 $ds= ldap_connect($this->config->current['SERVER']);
742 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
743 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
744 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
745 }
747 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
748 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
750 /* Fill data from LDAP */
751 $new= array();
752 if ($sr) {
753 $ei=ldap_first_entry($ds, $sr);
754 if ($ei) {
755 foreach($attrs as $attr => $val){
756 if ($info = @ldap_get_values_len($ds, $ei, $attr)){
757 for ($i= 0; $i<$info['count']; $i++){
758 if ($info['count'] == 1){
759 $new[$attr]= $info[$i];
760 } else {
761 $new[$attr][]= $info[$i];
762 }
763 }
764 }
765 }
766 }
767 }
769 /* close conncetion */
770 ldap_unbind($ds);
772 /* Adapt naming attribute */
773 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
774 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
775 $new[$dst_name]= @LDAP::fix($dst_val);
777 /* Check if this is a department.
778 * If it is a dep. && there is a , override in his ou
779 * change \2C to , again, else this entry can't be saved ...
780 */
781 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
782 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
783 }
785 /* Save copy */
786 $ldap->connect();
787 $ldap->cd($this->config->current['BASE']);
789 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
791 /* FAIvariable=.../..., cn=..
792 could not be saved, because the attribute FAIvariable was different to
793 the dn FAIvariable=..., cn=... */
794 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
795 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
796 }
797 $ldap->cd($dst_dn);
798 $ldap->add($new);
800 if ($ldap->error != "Success"){
801 trigger_error("Trying to save $dst_dn failed.",
802 E_USER_WARNING);
803 return(FALSE);
804 }
806 return (TRUE);
807 }
810 function move($src_dn, $dst_dn)
811 {
812 /* Copy source to destination */
813 if (!$this->copy($src_dn, $dst_dn)){
814 return (FALSE);
815 }
817 /* Delete source */
818 $ldap= $this->config->get_ldap_link();
819 $ldap->rmdir($src_dn);
820 if ($ldap->error != "Success"){
821 trigger_error("Trying to delete $src_dn failed.",
822 E_USER_WARNING);
823 return (FALSE);
824 }
826 return (TRUE);
827 }
830 /* Move/Rename complete trees */
831 function recursive_move($src_dn, $dst_dn)
832 {
833 /* Check if the destination entry exists */
834 $ldap= $this->config->get_ldap_link();
836 /* Check if destination exists - abort */
837 $ldap->cat($dst_dn, array('dn'));
838 if ($ldap->fetch()){
839 trigger_error("recursive_move $dst_dn already exists.",
840 E_USER_WARNING);
841 return (FALSE);
842 }
844 /* Perform a search for all objects to be moved */
845 $objects= array();
846 $ldap->cd($src_dn);
847 $ldap->search("(objectClass=*)", array("dn"));
848 while($attrs= $ldap->fetch()){
849 $dn= $attrs['dn'];
850 $objects[$dn]= strlen($dn);
851 }
853 /* Sort objects by indent level */
854 asort($objects);
855 reset($objects);
857 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
858 foreach ($objects as $object => $len){
859 $src= $object;
860 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
861 if (!$this->copy($src, $dst)){
862 return (FALSE);
863 }
864 }
866 /* Remove src_dn */
867 $ldap->cd($src_dn);
868 $ldap->recursive_remove();
869 return (TRUE);
870 }
873 function handle_post_events($mode, $add_attrs= array())
874 {
875 switch ($mode){
876 case "add":
877 $this->postcreate($add_attrs);
878 break;
880 case "modify":
881 $this->postmodify($add_attrs);
882 break;
884 case "remove":
885 $this->postremove($add_attrs);
886 break;
887 }
888 }
891 function saveCopyDialog(){
892 }
895 function getCopyDialog(){
896 return(array("string"=>"","status"=>""));
897 }
900 function PrepareForCopyPaste($source)
901 {
902 $todo = $this->attributes;
903 if(isset($this->CopyPasteVars)){
904 $todo = array_merge($todo,$this->CopyPasteVars);
905 }
907 if(count($this->objectclasses)){
908 $this->is_account = TRUE;
909 foreach($this->objectclasses as $class){
910 if(!in_array($class,$source['objectClass'])){
911 $this->is_account = FALSE;
912 }
913 }
914 }
916 foreach($todo as $var){
917 if (isset($source[$var])){
918 if(isset($source[$var]['count'])){
919 if($source[$var]['count'] > 1){
920 $this->$var = array();
921 $tmp = array();
922 for($i = 0 ; $i < $source[$var]['count']; $i++){
923 $tmp = $source[$var][$i];
924 }
925 $this->$var = $tmp;
926 # echo $var."=".$tmp."<br>";
927 }else{
928 $this->$var = $source[$var][0];
929 # echo $var."=".$source[$var][0]."<br>";
930 }
931 }else{
932 $this->$var= $source[$var];
933 # echo $var."=".$source[$var]."<br>";
934 }
935 }
936 }
937 }
940 function handle_object_tagging($dn= "", $tag= "", $show= false)
941 {
942 //FIXME: How to optimize this? We have at least two
943 // LDAP accesses per object. It would be a good
944 // idea to have it integrated.
946 /* No dn? Self-operation... */
947 if ($dn == ""){
948 $dn= $this->dn;
950 /* No tag? Find it yourself... */
951 if ($tag == ""){
952 $len= strlen($dn);
954 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
955 $relevant= array();
956 foreach ($this->config->adepartments as $key => $ntag){
958 /* This one is bigger than our dn, its not relevant... */
959 if ($len <= strlen($key)){
960 continue;
961 }
963 /* This one matches with the latter part. Break and don't fix this entry */
964 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
965 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
966 $relevant[strlen($key)]= $ntag;
967 continue;
968 }
970 }
972 /* If we've some relevant tags to set, just get the longest one */
973 if (count($relevant)){
974 ksort($relevant);
975 $tmp= array_keys($relevant);
976 $idx= end($tmp);
977 $tag= $relevant[$idx];
978 $this->gosaUnitTag= $tag;
979 }
980 }
981 }
984 /* Set tag? */
985 if ($tag != ""){
986 /* Set objectclass and attribute */
987 $ldap= $this->config->get_ldap_link();
988 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
989 $attrs= $ldap->fetch();
990 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
991 if ($show) {
992 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
993 flush();
994 }
995 return;
996 }
997 if (count($attrs)){
998 if ($show){
999 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
1000 flush();
1001 }
1002 $nattrs= array("gosaUnitTag" => $tag);
1003 $nattrs['objectClass']= array();
1004 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1005 $oc= $attrs['objectClass'][$i];
1006 if ($oc != "gosaAdministrativeUnitTag"){
1007 $nattrs['objectClass'][]= $oc;
1008 }
1009 }
1010 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
1011 $ldap->cd($dn);
1012 $ldap->modify($nattrs);
1013 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1014 } else {
1015 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
1016 }
1018 } else {
1019 /* Remove objectclass and attribute */
1020 $ldap= $this->config->get_ldap_link();
1021 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1022 $attrs= $ldap->fetch();
1023 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
1024 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
1025 return;
1026 }
1027 if (count($attrs)){
1028 if ($show){
1029 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1030 flush();
1031 }
1032 $nattrs= array("gosaUnitTag" => array());
1033 $nattrs['objectClass']= array();
1034 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1035 $oc= $attrs['objectClass'][$i];
1036 if ($oc != "gosaAdministrativeUnitTag"){
1037 $nattrs['objectClass'][]= $oc;
1038 }
1039 }
1040 $ldap->cd($dn);
1041 $ldap->modify($nattrs);
1042 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1043 } else {
1044 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1045 }
1046 }
1048 }
1051 /* Add possibility to stop remove process */
1052 function allow_remove()
1053 {
1054 $reason= "";
1055 return $reason;
1056 }
1059 /* Create a snapshot of the current object */
1060 function create_snapshot($type= "snapshot", $description= array())
1061 {
1063 /* Check if snapshot functionality is enabled */
1064 if(!$this->snapshotEnabled()){
1065 return;
1066 }
1068 /* Get configuration from gosa.conf */
1069 $tmp = $this->config->current;
1071 /* Create lokal ldap connection */
1072 $ldap= $this->config->get_ldap_link();
1073 $ldap->cd($this->config->current['BASE']);
1075 /* check if there are special server configurations for snapshots */
1076 if(!isset($tmp['SNAPSHOT_SERVER'])){
1078 /* Source and destination server are both the same, just copy source to dest obj */
1079 $ldap_to = $ldap;
1080 $snapldapbase = $this->config->current['BASE'];
1082 }else{
1083 $server = $tmp['SNAPSHOT_SERVER'];
1084 $user = $tmp['SNAPSHOT_USER'];
1085 $password = $tmp['SNAPSHOT_PASSWORD'];
1086 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1088 $ldap_to = new LDAP($user,$password, $server);
1089 $ldap_to -> cd($snapldapbase);
1090 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1091 }
1093 /* check if the dn exists */
1094 if ($ldap->dn_exists($this->dn)){
1096 /* Extract seconds & mysecs, they are used as entry index */
1097 list($usec, $sec)= explode(" ", microtime());
1099 /* Collect some infos */
1100 $base = $this->config->current['BASE'];
1101 $snap_base = $tmp['SNAPSHOT_BASE'];
1102 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1103 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1105 /* Create object */
1106 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1107 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1108 $newName = preg_replace("/\./", "", $sec."-".$usec);
1109 $target= array();
1110 $target['objectClass'] = array("top", "gosaSnapshotObject");
1111 $target['gosaSnapshotData'] = gzcompress($data, 6);
1112 $target['gosaSnapshotType'] = $type;
1113 $target['gosaSnapshotDN'] = $this->dn;
1114 $target['description'] = $description;
1115 $target['gosaSnapshotTimestamp'] = $newName;
1117 /* Insert the new snapshot
1118 But we have to check first, if the given gosaSnapshotTimestamp
1119 is already used, in this case we should increment this value till there is
1120 an unused value. */
1121 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1122 $ldap_to->cat($new_dn);
1123 while($ldap_to->count()){
1124 $ldap_to->cat($new_dn);
1125 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1126 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1127 $target['gosaSnapshotTimestamp'] = $newName;
1128 }
1130 /* Inset this new snapshot */
1131 $ldap_to->cd($snapldapbase);
1132 $ldap_to->create_missing_trees($new_base);
1133 $ldap_to->cd($new_dn);
1134 $ldap_to->add($target);
1136 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1137 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1138 }
1139 }
1141 function remove_snapshot($dn)
1142 {
1143 $ui = get_userinfo();
1144 $old_dn = $this->dn;
1145 $this->dn = $dn;
1146 $ldap = $this->config->get_ldap_link();
1147 $ldap->cd($this->config->current['BASE']);
1148 $ldap->rmdir_recursive($dn);
1149 $this->dn = $old_dn;
1150 }
1153 /* returns true if snapshots are enabled, and false if it is disalbed
1154 There will also be some errors psoted, if the configuration failed */
1155 function snapshotEnabled()
1156 {
1157 $tmp = $this->config->current;
1158 if(isset($tmp['ENABLE_SNAPSHOT'])){
1159 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1161 /* Check if the snapshot_base is defined */
1162 if(!isset($tmp['SNAPSHOT_BASE'])){
1163 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),"SNAPSHOT_BASE"));
1164 return(FALSE);
1165 }
1167 /* check if there are special server configurations for snapshots */
1168 if(isset($tmp['SNAPSHOT_SERVER'])){
1170 /* check if all required vars are available to create a new ldap connection */
1171 $missing = "";
1172 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){
1173 if(!isset($tmp[$var])){
1174 $missing .= $var." ";
1175 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1176 return(FALSE);
1177 }
1178 }
1179 }
1180 return(TRUE);
1181 }
1182 }
1183 return(FALSE);
1184 }
1187 /* Return available snapshots for the given base
1188 */
1189 function Available_SnapsShots($dn,$raw = false)
1190 {
1191 if(!$this->snapshotEnabled()) return(array());
1193 /* Create an additional ldap object which
1194 points to our ldap snapshot server */
1195 $ldap= $this->config->get_ldap_link();
1196 $ldap->cd($this->config->current['BASE']);
1197 $cfg= &$this->config->current;
1199 /* check if there are special server configurations for snapshots */
1200 if(isset($cfg['SNAPSHOT_SERVER'])){
1201 $server = $cfg['SNAPSHOT_SERVER'];
1202 $user = $cfg['SNAPSHOT_USER'];
1203 $password = $cfg['SNAPSHOT_PASSWORD'];
1204 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1205 $ldap_to = new LDAP($user,$password, $server);
1206 $ldap_to -> cd ($snapldapbase);
1207 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1208 }else{
1209 $ldap_to = $ldap;
1210 }
1212 /* Prepare bases and some other infos */
1213 $base = $this->config->current['BASE'];
1214 $snap_base = $cfg['SNAPSHOT_BASE'];
1215 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1216 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1217 $tmp = array();
1219 /* Fetch all objects with gosaSnapshotDN=$dn */
1220 $ldap_to->cd($new_base);
1221 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1222 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1224 /* Put results into a list and add description if missing */
1225 while($entry = $ldap_to->fetch()){
1226 if(!isset($entry['description'][0])){
1227 $entry['description'][0] = "";
1228 }
1229 $tmp[] = $entry;
1230 }
1232 /* Return the raw array, or format the result */
1233 if($raw){
1234 return($tmp);
1235 }else{
1236 $tmp2 = array();
1237 foreach($tmp as $entry){
1238 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1239 }
1240 }
1241 return($tmp2);
1242 }
1245 function getAllDeletedSnapshots($base_of_object,$raw = false)
1246 {
1247 if(!$this->snapshotEnabled()) return(array());
1249 /* Create an additional ldap object which
1250 points to our ldap snapshot server */
1251 $ldap= $this->config->get_ldap_link();
1252 $ldap->cd($this->config->current['BASE']);
1253 $cfg= &$this->config->current;
1255 /* check if there are special server configurations for snapshots */
1256 if(isset($cfg['SNAPSHOT_SERVER'])){
1257 $server = $cfg['SNAPSHOT_SERVER'];
1258 $user = $cfg['SNAPSHOT_USER'];
1259 $password = $cfg['SNAPSHOT_PASSWORD'];
1260 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1261 $ldap_to = new LDAP($user,$password, $server);
1262 $ldap_to->cd ($snapldapbase);
1263 show_ldap_error($ldap_to->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1264 }else{
1265 $ldap_to = $ldap;
1266 }
1268 /* Prepare bases */
1269 $base = $this->config->current['BASE'];
1270 $snap_base = $cfg['SNAPSHOT_BASE'];
1271 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1273 /* Fetch all objects and check if they do not exist anymore */
1274 $ui = get_userinfo();
1275 $tmp = array();
1276 $ldap_to->cd($new_base);
1277 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1278 while($entry = $ldap_to->fetch()){
1280 $chk = str_replace($new_base,"",$entry['dn']);
1281 if(preg_match("/,ou=/",$chk)) continue;
1283 if(!isset($entry['description'][0])){
1284 $entry['description'][0] = "";
1285 }
1286 $tmp[] = $entry;
1287 }
1289 /* Check if entry still exists */
1290 foreach($tmp as $key => $entry){
1291 $ldap->cat($entry['gosaSnapshotDN'][0]);
1292 if($ldap->count()){
1293 unset($tmp[$key]);
1294 }
1295 }
1297 /* Format result as requested */
1298 if($raw) {
1299 return($tmp);
1300 }else{
1301 $tmp2 = array();
1302 foreach($tmp as $key => $entry){
1303 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1304 }
1305 }
1306 return($tmp2);
1307 }
1310 /* Restore selected snapshot */
1311 function restore_snapshot($dn)
1312 {
1313 if(!$this->snapshotEnabled()) return(array());
1315 $ldap= $this->config->get_ldap_link();
1316 $ldap->cd($this->config->current['BASE']);
1317 $cfg= &$this->config->current;
1319 /* check if there are special server configurations for snapshots */
1320 if(isset($cfg['SNAPSHOT_SERVER'])){
1321 $server = $cfg['SNAPSHOT_SERVER'];
1322 $user = $cfg['SNAPSHOT_USER'];
1323 $password = $cfg['SNAPSHOT_PASSWORD'];
1324 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1325 $ldap_to = new LDAP($user,$password, $server);
1326 $ldap_to->cd ($snapldapbase);
1327 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1328 }else{
1329 $ldap_to = $ldap;
1330 }
1332 /* Get the snapshot */
1333 $ldap_to->cat($dn);
1334 $restoreObject = $ldap_to->fetch();
1336 /* Prepare import string */
1337 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1339 /* Import the given data */
1340 $ldap->import_complete_ldif($data,$err,false,false);
1341 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1342 }
1345 function showSnapshotDialog($base,$baseSuffixe)
1346 {
1347 $once = true;
1348 foreach($_POST as $name => $value){
1350 /* Create a new snapshot, display a dialog */
1351 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1352 $once = false;
1353 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1354 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1355 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1356 }
1358 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1359 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1360 $once = false;
1361 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1362 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1363 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1364 $this->snapDialog->display_restore_dialog = true;
1365 }
1367 /* Restore one of the already deleted objects */
1368 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1369 $once = false;
1370 $this->snapDialog = new SnapShotDialog($this->config,"",$this);
1371 $this->snapDialog->set_snapshot_bases($baseSuffixe);
1372 $this->snapDialog->display_restore_dialog = true;
1373 $this->snapDialog->display_all_removed_objects = true;
1374 }
1376 /* Restore selected snapshot */
1377 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1378 $once = false;
1379 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1380 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1381 if(!empty($entry)){
1382 $this->restore_snapshot($entry);
1383 $this->snapDialog = NULL;
1384 }
1385 }
1386 }
1388 /* Create a new snapshot requested, check
1389 the given attributes and create the snapshot*/
1390 if(isset($_POST['CreateSnapshot'])){
1391 $this->snapDialog->save_object();
1392 $msgs = $this->snapDialog->check();
1393 if(count($msgs)){
1394 foreach($msgs as $msg){
1395 print_red($msg);
1396 }
1397 }else{
1398 $this->dn = $this->snapDialog->dn;
1399 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1400 $this->snapDialog = NULL;
1401 }
1402 }
1404 /* Restore is requested, restore the object with the posted dn .*/
1405 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1406 }
1408 if(isset($_POST['CancelSnapshot'])){
1409 $this->snapDialog = NULL;
1410 }
1412 if(is_object($this->snapDialog )){
1413 $this->snapDialog->save_object();
1414 return($this->snapDialog->execute());
1415 }
1416 }
1419 function plInfo()
1420 {
1421 return array();
1422 }
1425 function set_acl_base($base)
1426 {
1427 $this->acl_base= $base;
1428 }
1431 function set_acl_category($category)
1432 {
1433 $this->acl_category= "$category/";
1434 }
1437 function acl_is_writeable($attribute,$skip_write = FALSE)
1438 {
1439 $ui= get_userinfo();
1440 return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
1441 }
1444 function acl_is_readable($attribute)
1445 {
1446 $ui= get_userinfo();
1447 return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
1448 }
1451 function acl_is_createable()
1452 {
1453 $ui= get_userinfo();
1454 return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1455 }
1458 function acl_is_removeable()
1459 {
1460 $ui= get_userinfo();
1461 return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1462 }
1465 function acl_is_moveable()
1466 {
1467 $ui= get_userinfo();
1468 return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1469 }
1472 function acl_have_any_permissions()
1473 {
1474 }
1477 function getacl($attribute,$skip_write= FALSE)
1478 {
1479 $ui= get_userinfo();
1480 return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
1481 }
1483 /* Get all allowed bases to move an object to or to create a new object.
1484 Idepartments also contains all base departments which lead to the allowed bases */
1485 function get_allowed_bases($category = "")
1486 {
1487 $ui = get_userinfo();
1488 $deps = array();
1490 /* Set category */
1491 if(empty($category)){
1492 $category = $this->acl_category.get_class($this);
1493 }
1495 /* Is this a new object ? Or just an edited existing object */
1496 if(!$this->initially_was_account && $this->is_account){
1497 $new = true;
1498 }else{
1499 $new = false;
1500 }
1502 $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
1503 foreach($this->config->idepartments as $dn => $name){
1505 if(!in_array_ics($dn,$cat_bases)){
1506 continue;
1507 }
1509 $acl = $ui->get_permissions($dn,$category);
1510 if($new && preg_match("/c/",$acl)){
1511 $deps[$dn] = $name;
1512 }elseif(!$new && preg_match("/m/",$acl)){
1513 $deps[$dn] = $name;
1514 }
1515 }
1517 /* Add current base */
1518 if(isset($this->base) && isset($this->config->idepartments[$this->base])){
1519 $deps[$this->base] = $this->config->idepartments[$this->base];
1520 }else{
1521 echo "No default base found. ".$this->base."<br> ";
1522 }
1524 return($deps);
1525 }
1527 /* This function modifies object acls too, if an object is moved.
1528 * $old_dn specifies the actually used dn
1529 * $new_dn specifies the destiantion dn
1530 */
1531 function update_acls($old_dn,$new_dn,$output_changes = FALSE)
1532 {
1533 /* Check if old_dn is empty. This should never happen */
1534 if(empty($old_dn) || empty($new_dn)){
1535 trigger_error("Failed to check acl dependencies, wrong dn given.");
1536 return;
1537 }
1539 /* Update userinfo if necessary */
1540 if($_SESSION['ui']->dn == $old_dn){
1541 $_SESSION['ui']->dn = $new_dn;
1542 new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
1543 }
1545 /* Object was moved, ensure that all acls will be moved too */
1546 if($new_dn != $old_dn && $old_dn != "new"){
1548 /* get_ldap configuration */
1549 $update = array();
1550 $ldap = $this->config->get_ldap_link();
1551 $ldap->cd ($this->config->current['BASE']);
1552 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
1553 while($attrs = $ldap->fetch()){
1555 $acls = array();
1557 /* Walk through acls */
1558 for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
1560 /* Reset vars */
1561 $found = false;
1563 /* Get Acl parts */
1564 $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
1566 /* Get every single member for this acl */
1567 $members = array();
1568 if(preg_match("/,/",$acl_parts[2])){
1569 $members = split(",",$acl_parts[2]);
1570 }else{
1571 $members = array($acl_parts[2]);
1572 }
1574 /* Check if member match current dn */
1575 foreach($members as $key => $member){
1576 $member = base64_decode($member);
1577 if($member == $old_dn){
1578 $found = true;
1579 $members[$key] = base64_encode($new_dn);
1580 }
1581 }
1583 /* Create new member string */
1584 $new_members = "";
1585 foreach($members as $member){
1586 $new_members .= $member.",";
1587 }
1588 $new_members = preg_replace("/,$/","",$new_members);
1589 $acl_parts[2] = $new_members;
1591 /* Reconstruckt acl entry */
1592 $acl_str ="";
1593 foreach($acl_parts as $t){
1594 $acl_str .= $t.":";
1595 }
1596 $acl_str = preg_replace("/:$/","",$acl_str);
1597 }
1599 /* Acls for this object must be adjusted */
1600 if($found){
1602 if($output_changes){
1603 echo "<font color='green'>".
1604 _("Changing ACL dn")." : <br> -"._("from")." <b> ".
1605 $old_dn.
1606 "</b><br> -"._("to")." <b>".
1607 $new_dn.
1608 "</b></font><br>";
1609 }
1610 $update[$attrs['dn']] =array();
1611 foreach($acls as $acl){
1612 $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
1613 }
1614 }
1615 }
1617 /* Write updated acls */
1618 foreach($update as $dn => $attrs){
1619 $ldap->cd($dn);
1620 $ldap->modify($attrs);
1621 }
1622 }
1623 }
1624 }
1625 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1626 ?>