ccb7e5406d772e97cd0eb290aec7ba1a32215e1e
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $is_new= TRUE;
109 var $saved_attributes= array();
111 var $acl_base= "";
112 var $acl_category= "";
114 /* Plugin identifier */
115 var $plHeadline= "";
116 var $plDescription= "";
118 /* This can be set to render the tabulators in another stylesheet */
119 var $pl_notify= FALSE;
122 /* This variable indicates that this class can handle multiple dns at once. */
123 var $multiple_support = FALSE;
125 /*! \brief plugin constructor
127 If 'dn' is set, the node loads the given 'dn' from LDAP
129 \param dn Distinguished name to initialize plugin from
130 \sa plugin()
131 */
132 function plugin (&$config, $dn= NULL, $parent= NULL)
133 {
134 /* Configuration is fine, allways */
135 $this->config= &$config;
136 $this->dn= $dn;
138 /* Handle new accounts, don't read information from LDAP */
139 if ($dn == "new"){
140 return;
141 }
143 /* Save current dn as acl_base */
144 $this->acl_base= $dn;
146 /* Get LDAP descriptor */
147 $ldap= $this->config->get_ldap_link();
148 if ($dn !== NULL){
150 /* Load data to 'attrs' and save 'dn' */
151 if ($parent !== NULL){
152 $this->attrs= $parent->attrs;
153 } else {
154 $ldap->cat ($dn);
155 $this->attrs= $ldap->fetch();
156 }
158 /* Copy needed attributes */
159 foreach ($this->attributes as $val){
160 $found= array_key_ics($val, $this->attrs);
161 if ($found != ""){
162 $this->$val= $this->attrs["$found"][0];
163 }
164 }
166 /* gosaUnitTag loading... */
167 if (isset($this->attrs['gosaUnitTag'][0])){
168 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
169 }
171 /* Set the template flag according to the existence of objectClass
172 gosaUserTemplate */
173 if (isset($this->attrs['objectClass'])){
174 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
175 $this->is_template= TRUE;
176 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
177 "found", "Template check");
178 }
179 }
181 /* Is Account? */
182 $found= TRUE;
183 foreach ($this->objectclasses as $obj){
184 if (preg_match('/top/i', $obj)){
185 continue;
186 }
187 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
188 $found= FALSE;
189 break;
190 }
191 }
192 if ($found){
193 $this->is_account= TRUE;
194 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
195 "found", "Object check");
196 }
198 /* Prepare saved attributes */
199 $this->saved_attributes= $this->attrs;
200 foreach ($this->saved_attributes as $index => $value){
201 if (preg_match('/^[0-9]+$/', $index)){
202 unset($this->saved_attributes[$index]);
203 continue;
204 }
205 if (!in_array($index, $this->attributes) && $index != "objectClass"){
206 unset($this->saved_attributes[$index]);
207 continue;
208 }
209 if ($this->saved_attributes[$index]["count"] == 1){
210 $tmp= $this->saved_attributes[$index][0];
211 unset($this->saved_attributes[$index]);
212 $this->saved_attributes[$index]= $tmp;
213 continue;
214 }
216 unset($this->saved_attributes["$index"]["count"]);
217 }
218 }
220 /* Save initial account state */
221 $this->initially_was_account= $this->is_account;
222 }
224 /*! \brief execute plugin
226 Generates the html output for this node
227 */
228 function execute()
229 {
230 /* This one is empty currently. Fabian - please fill in the docu code */
231 $_SESSION['current_class_for_help'] = get_class($this);
233 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
234 $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
235 }
237 /*! \brief execute plugin
238 Removes object from parent
239 */
240 function remove_from_parent()
241 {
242 /* include global link_info */
243 $ldap= $this->config->get_ldap_link();
245 /* Get current objectClasses in order to add the required ones */
246 $ldap->cat($this->dn);
247 $tmp= $ldap->fetch ();
248 $oc= array();
249 if (isset($tmp['objectClass'])){
250 $oc= $tmp['objectClass'];
251 unset($oc['count']);
252 }
254 /* Remove objectClasses from entry */
255 $ldap->cd($this->dn);
256 $this->attrs= array();
257 $this->attrs['objectClass']= array_remove_entries($this->objectclasses,$oc);
259 /* Unset attributes from entry */
260 foreach ($this->attributes as $val){
261 $this->attrs["$val"]= array();
262 }
264 /* Unset account info */
265 $this->is_account= FALSE;
267 /* Do not write in plugin base class, this must be done by
268 children, since there are normally additional attribs,
269 lists, etc. */
270 /*
271 $ldap->modify($this->attrs);
272 */
273 }
276 /* Save data to object */
277 function save_object()
278 {
279 /* Save values to object */
280 foreach ($this->attributes as $val){
281 if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
282 /* Check for modifications */
283 if (get_magic_quotes_gpc()) {
284 $data= stripcslashes($_POST["$val"]);
285 } else {
286 $data= $this->$val = $_POST["$val"];
287 }
288 if ($this->$val != $data){
289 $this->is_modified= TRUE;
290 }
292 /* Okay, how can I explain this fix ...
293 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
294 * So IE posts these 'unselectable' option, with value = chr(194)
295 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
296 * This was added for W3c compliance, but now causes these ... ldap errors ...
297 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
298 */
299 if(isset($data[0]) && $data[0] == chr(194)) {
300 $data = "";
301 }
302 $this->$val= $data;
303 //echo "<font color='blue'>".$val."</font><br>";
304 }else{
305 //echo "<font color='red'>".$val."</font><br>";
306 }
307 }
308 }
311 /* Save data to LDAP, depending on is_account we save or delete */
312 function save()
313 {
314 /* include global link_info */
315 $ldap= $this->config->get_ldap_link();
317 /* Start with empty array */
318 $this->attrs= array();
320 /* Get current objectClasses in order to add the required ones */
321 $ldap->cat($this->dn);
323 $tmp= $ldap->fetch ();
325 $oc= array();
326 if (isset($tmp['objectClass'])){
327 $oc= $tmp["objectClass"];
328 $this->is_new= FALSE;
329 unset($oc['count']);
330 } else {
331 $this->is_new= TRUE;
332 }
334 /* Load (minimum) attributes, add missing ones */
335 $this->attrs['objectClass']= gosa_array_merge($oc,$this->objectclasses);
337 /* Copy standard attributes */
338 foreach ($this->attributes as $val){
339 if ($this->$val != ""){
340 $this->attrs["$val"]= $this->$val;
341 } elseif (!$this->is_new) {
342 $this->attrs["$val"]= array();
343 }
344 }
346 }
349 function cleanup()
350 {
351 foreach ($this->attrs as $index => $value){
353 /* Convert arrays with one element to non arrays, if the saved
354 attributes are no array, too */
355 if (is_array($this->attrs[$index]) &&
356 count ($this->attrs[$index]) == 1 &&
357 isset($this->saved_attributes[$index]) &&
358 !is_array($this->saved_attributes[$index])){
360 $tmp= $this->attrs[$index][0];
361 $this->attrs[$index]= $tmp;
362 }
364 /* Remove emtpy arrays if they do not differ */
365 if (is_array($this->attrs[$index]) &&
366 count($this->attrs[$index]) == 0 &&
367 !isset($this->saved_attributes[$index])){
369 unset ($this->attrs[$index]);
370 continue;
371 }
373 /* Remove single attributes that do not differ */
374 if (!is_array($this->attrs[$index]) &&
375 isset($this->saved_attributes[$index]) &&
376 !is_array($this->saved_attributes[$index]) &&
377 $this->attrs[$index] == $this->saved_attributes[$index]){
379 unset ($this->attrs[$index]);
380 continue;
381 }
383 /* Remove arrays that do not differ */
384 if (is_array($this->attrs[$index]) &&
385 isset($this->saved_attributes[$index]) &&
386 is_array($this->saved_attributes[$index])){
388 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
389 unset ($this->attrs[$index]);
390 continue;
391 }
392 }
393 }
395 /* Update saved attributes and ensure that next cleanups will be successful too */
396 foreach($this->attrs as $name => $value){
397 $this->saved_attributes[$name] = $value;
398 }
399 }
401 /* Check formular input */
402 function check()
403 {
404 $message= array();
406 /* Skip if we've no config object */
407 if (!isset($this->config) || !is_object($this->config)){
408 return $message;
409 }
411 /* Find hooks entries for this class */
412 $command= $this->config->search(get_class($this), "CHECK", array('menu', 'tabs'));
414 if ($command != ""){
416 if (!check_command($command)){
417 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
418 get_class($this));
419 } else {
421 /* Generate "ldif" for check hook */
422 $ldif= "dn: $this->dn\n";
424 /* ... objectClasses */
425 foreach ($this->objectclasses as $oc){
426 $ldif.= "objectClass: $oc\n";
427 }
429 /* ... attributes */
430 foreach ($this->attributes as $attr){
431 if ($this->$attr == ""){
432 continue;
433 }
434 if (is_array($this->$attr)){
435 foreach ($this->$attr as $val){
436 $ldif.= "$attr: $val\n";
437 }
438 } else {
439 $ldif.= "$attr: ".$this->$attr."\n";
440 }
441 }
443 /* Append empty line */
444 $ldif.= "\n";
446 /* Feed "ldif" into hook and retrieve result*/
447 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
448 $fh= proc_open($command, $descriptorspec, $pipes);
449 if (is_resource($fh)) {
450 fwrite ($pipes[0], $ldif);
451 fclose($pipes[0]);
453 $result= stream_get_contents($pipes[1]);
454 if ($result != ""){
455 $message[]= $result;
456 }
458 fclose($pipes[1]);
459 fclose($pipes[2]);
460 proc_close($fh);
461 }
462 }
464 }
466 return ($message);
467 }
469 /* Adapt from template, using 'dn' */
470 function adapt_from_template($dn)
471 {
472 /* Include global link_info */
473 $ldap= $this->config->get_ldap_link();
475 /* Load requested 'dn' to 'attrs' */
476 $ldap->cat ($dn);
477 $this->attrs= $ldap->fetch();
479 /* Walk through attributes */
480 foreach ($this->attributes as $val){
482 if (isset($this->attrs["$val"][0])){
484 /* If attribute is set, replace dynamic parts:
485 %sn, %givenName and %uid. Fill these in our local variables. */
486 $value= $this->attrs["$val"][0];
488 foreach (array("sn", "givenName", "uid") as $repl){
489 if (preg_match("/%$repl/i", $value)){
490 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
491 }
492 }
493 $this->$val= $value;
494 }
495 }
497 /* Is Account? */
498 $found= TRUE;
499 foreach ($this->objectclasses as $obj){
500 if (preg_match('/top/i', $obj)){
501 continue;
502 }
503 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
504 $found= FALSE;
505 break;
506 }
507 }
508 if ($found){
509 $this->is_account= TRUE;
510 }
511 }
513 /* Indicate whether a password change is needed or not */
514 function password_change_needed()
515 {
516 return FALSE;
517 }
520 /* Show header message for tab dialogs */
521 function show_enable_header($button_text, $text, $disabled= FALSE)
522 {
523 if (($disabled == TRUE) || (!$this->acl_is_createable())){
524 $state= "disabled";
525 } else {
526 $state= "";
527 }
528 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
529 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
530 "><p class=\"seperator\"> </p></td></tr></table>";
532 return($display);
533 }
536 /* Show header message for tab dialogs */
537 function show_disable_header($button_text, $text, $disabled= FALSE)
538 {
539 if (($disabled == TRUE) || !$this->acl_is_removeable()){
540 $state= "disabled";
541 } else {
542 $state= "";
543 }
544 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
545 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
546 "><p class=\"seperator\"> </p></td></tr></table>";
548 return($display);
549 }
552 /* Show header message for tab dialogs */
553 function show_header($button_text, $text, $disabled= FALSE)
554 {
555 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
556 if ($disabled == TRUE){
557 $state= "disabled";
558 } else {
559 $state= "";
560 }
561 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
562 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
563 ($this->acl_is_createable()?'':'disabled')." ".$state.
564 "><p class=\"seperator\"> </p></td></tr></table>";
566 return($display);
567 }
570 function postcreate($add_attrs= array())
571 {
572 /* Find postcreate entries for this class */
573 $command= $this->config->search(get_class($this), "POSTCREATE",array('menu', 'tabs'));
575 if ($command != ""){
577 /* Additional attributes */
578 foreach ($add_attrs as $name => $value){
579 $command= preg_replace("/%$name/", $value, $command);
580 }
582 /* Walk through attribute list */
583 foreach ($this->attributes as $attr){
584 if (!is_array($this->$attr)){
585 $command= preg_replace("/%$attr/", $this->$attr, $command);
586 }
587 }
588 $command= preg_replace("/%dn/", $this->dn, $command);
590 if (check_command($command)){
591 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
592 $command, "Execute");
594 exec($command);
595 } else {
596 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
597 print_red ($message);
598 }
599 }
600 }
602 function postmodify($add_attrs= array())
603 {
604 /* Find postcreate entries for this class */
605 $command= $this->config->search(get_class($this), "POSTMODIFY",array('menu','tabs'));
607 if ($command != ""){
609 /* Additional attributes */
610 foreach ($add_attrs as $name => $value){
611 $command= preg_replace("/%$name/", $value, $command);
612 }
614 /* Walk through attribute list */
615 foreach ($this->attributes as $attr){
616 if (!is_array($this->$attr)){
617 $command= preg_replace("/%$attr/", $this->$attr, $command);
618 }
619 }
620 $command= preg_replace("/%dn/", $this->dn, $command);
622 if (check_command($command)){
623 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
624 $command, "Execute");
626 exec($command);
627 } else {
628 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
629 print_red ($message);
630 }
631 }
632 }
634 function postremove($add_attrs= array())
635 {
636 /* Find postremove entries for this class */
637 $command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs'));
638 if ($command != ""){
640 /* Additional attributes */
641 foreach ($add_attrs as $name => $value){
642 $command= preg_replace("/%$name/", $value, $command);
643 }
645 /* Walk through attribute list */
646 foreach ($this->attributes as $attr){
647 if (!is_array($this->$attr)){
648 $command= preg_replace("/%$attr/", $this->$attr, $command);
649 }
650 }
651 $command= preg_replace("/%dn/", $this->dn, $command);
653 /* Additional attributes */
654 foreach ($add_attrs as $name => $value){
655 $command= preg_replace("/%$name/", $value, $command);
656 }
658 if (check_command($command)){
659 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
660 $command, "Execute");
662 exec($command);
663 } else {
664 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
665 print_red ($message);
666 }
667 }
668 }
670 /* Create unique DN */
671 function create_unique_dn($attribute, $base)
672 {
673 $ldap= $this->config->get_ldap_link();
674 $base= preg_replace("/^,*/", "", $base);
676 /* Try to use plain entry first */
677 $dn= "$attribute=".$this->$attribute.",$base";
678 $ldap->cat ($dn, array('dn'));
679 if (!$ldap->fetch()){
680 return ($dn);
681 }
683 /* Look for additional attributes */
684 foreach ($this->attributes as $attr){
685 if ($attr == $attribute || $this->$attr == ""){
686 continue;
687 }
689 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
690 $ldap->cat ($dn, array('dn'));
691 if (!$ldap->fetch()){
692 return ($dn);
693 }
694 }
696 /* None found */
697 return ("none");
698 }
700 function rebind($ldap, $referral)
701 {
702 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
703 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
704 $this->error = "Success";
705 $this->hascon=true;
706 $this->reconnect= true;
707 return (0);
708 } else {
709 $this->error = "Could not bind to " . $credentials['ADMIN'];
710 return NULL;
711 }
712 }
714 /* This is a workaround function. */
715 function copy($src_dn, $dst_dn)
716 {
717 /* Rename dn in possible object groups */
718 $ldap= $this->config->get_ldap_link();
719 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
720 array('cn'));
721 while ($attrs= $ldap->fetch()){
722 $og= new ogroup($this->config, $ldap->getDN());
723 unset($og->member[$src_dn]);
724 $og->member[$dst_dn]= $dst_dn;
725 $og->save ();
726 }
728 $ldap->cat($dst_dn);
729 $attrs= $ldap->fetch();
730 if (count($attrs)){
731 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
732 E_USER_WARNING);
733 return (FALSE);
734 }
736 $ldap->cat($src_dn);
737 $attrs= $ldap->fetch();
738 if (!count($attrs)){
739 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
740 E_USER_WARNING);
741 return (FALSE);
742 }
744 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
745 $ds= ldap_connect($this->config->current['SERVER']);
746 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
747 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
748 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
749 }
751 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
752 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
754 /* Fill data from LDAP */
755 $new= array();
756 if ($sr) {
757 $ei=ldap_first_entry($ds, $sr);
758 if ($ei) {
759 foreach($attrs as $attr => $val){
760 if ($info = @ldap_get_values_len($ds, $ei, $attr)){
761 for ($i= 0; $i<$info['count']; $i++){
762 if ($info['count'] == 1){
763 $new[$attr]= $info[$i];
764 } else {
765 $new[$attr][]= $info[$i];
766 }
767 }
768 }
769 }
770 }
771 }
773 /* close conncetion */
774 ldap_unbind($ds);
776 /* Adapt naming attribute */
777 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
778 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
779 $new[$dst_name]= @LDAP::fix($dst_val);
781 /* Check if this is a department.
782 * If it is a dep. && there is a , override in his ou
783 * change \2C to , again, else this entry can't be saved ...
784 */
785 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
786 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
787 }
789 /* Save copy */
790 $ldap->connect();
791 $ldap->cd($this->config->current['BASE']);
793 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
795 /* FAIvariable=.../..., cn=..
796 could not be saved, because the attribute FAIvariable was different to
797 the dn FAIvariable=..., cn=... */
798 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
799 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
800 }
801 $ldap->cd($dst_dn);
802 $ldap->add($new);
804 if ($ldap->error != "Success"){
805 trigger_error("Trying to save $dst_dn failed.",
806 E_USER_WARNING);
807 return(FALSE);
808 }
810 return (TRUE);
811 }
814 function move($src_dn, $dst_dn)
815 {
816 /* Copy source to destination */
817 if (!$this->copy($src_dn, $dst_dn)){
818 return (FALSE);
819 }
821 /* Delete source */
822 $ldap= $this->config->get_ldap_link();
823 $ldap->rmdir($src_dn);
824 if ($ldap->error != "Success"){
825 trigger_error("Trying to delete $src_dn failed.",
826 E_USER_WARNING);
827 return (FALSE);
828 }
830 return (TRUE);
831 }
834 /* Move/Rename complete trees */
835 function recursive_move($src_dn, $dst_dn)
836 {
837 /* Check if the destination entry exists */
838 $ldap= $this->config->get_ldap_link();
840 /* Check if destination exists - abort */
841 $ldap->cat($dst_dn, array('dn'));
842 if ($ldap->fetch()){
843 trigger_error("recursive_move $dst_dn already exists.",
844 E_USER_WARNING);
845 return (FALSE);
846 }
848 /* Perform a search for all objects to be moved */
849 $objects= array();
850 $ldap->cd($src_dn);
851 $ldap->search("(objectClass=*)", array("dn"));
852 while($attrs= $ldap->fetch()){
853 $dn= $attrs['dn'];
854 $objects[$dn]= strlen($dn);
855 }
857 /* Sort objects by indent level */
858 asort($objects);
859 reset($objects);
861 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
862 foreach ($objects as $object => $len){
863 $src= $object;
864 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
865 if (!$this->copy($src, $dst)){
866 return (FALSE);
867 }
868 }
870 /* Remove src_dn */
871 $ldap->cd($src_dn);
872 $ldap->recursive_remove();
873 return (TRUE);
874 }
877 function handle_post_events($mode, $add_attrs= array())
878 {
879 switch ($mode){
880 case "add":
881 $this->postcreate($add_attrs);
882 break;
884 case "modify":
885 $this->postmodify($add_attrs);
886 break;
888 case "remove":
889 $this->postremove($add_attrs);
890 break;
891 }
892 }
895 function saveCopyDialog(){
896 }
899 function getCopyDialog(){
900 return(array("string"=>"","status"=>""));
901 }
904 function PrepareForCopyPaste($source)
905 {
906 $todo = $this->attributes;
907 if(isset($this->CopyPasteVars)){
908 $todo = array_merge($todo,$this->CopyPasteVars);
909 }
911 if(count($this->objectclasses)){
912 $this->is_account = TRUE;
913 foreach($this->objectclasses as $class){
914 if(!in_array($class,$source['objectClass'])){
915 $this->is_account = FALSE;
916 }
917 }
918 }
920 foreach($todo as $var){
921 if (isset($source[$var])){
922 if(isset($source[$var]['count'])){
923 if($source[$var]['count'] > 1){
924 $this->$var = array();
925 $tmp = array();
926 for($i = 0 ; $i < $source[$var]['count']; $i++){
927 $tmp = $source[$var][$i];
928 }
929 $this->$var = $tmp;
930 # echo $var."=".$tmp."<br>";
931 }else{
932 $this->$var = $source[$var][0];
933 # echo $var."=".$source[$var][0]."<br>";
934 }
935 }else{
936 $this->$var= $source[$var];
937 # echo $var."=".$source[$var]."<br>";
938 }
939 }
940 }
941 }
944 function handle_object_tagging($dn= "", $tag= "", $show= false)
945 {
946 //FIXME: How to optimize this? We have at least two
947 // LDAP accesses per object. It would be a good
948 // idea to have it integrated.
950 /* No dn? Self-operation... */
951 if ($dn == ""){
952 $dn= $this->dn;
954 /* No tag? Find it yourself... */
955 if ($tag == ""){
956 $len= strlen($dn);
958 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
959 $relevant= array();
960 foreach ($this->config->adepartments as $key => $ntag){
962 /* This one is bigger than our dn, its not relevant... */
963 if ($len <= strlen($key)){
964 continue;
965 }
967 /* This one matches with the latter part. Break and don't fix this entry */
968 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
969 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
970 $relevant[strlen($key)]= $ntag;
971 continue;
972 }
974 }
976 /* If we've some relevant tags to set, just get the longest one */
977 if (count($relevant)){
978 ksort($relevant);
979 $tmp= array_keys($relevant);
980 $idx= end($tmp);
981 $tag= $relevant[$idx];
982 $this->gosaUnitTag= $tag;
983 }
984 }
985 }
988 /* Set tag? */
989 if ($tag != ""){
990 /* Set objectclass and attribute */
991 $ldap= $this->config->get_ldap_link();
992 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
993 $attrs= $ldap->fetch();
994 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
995 if ($show) {
996 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
997 flush();
998 }
999 return;
1000 }
1001 if (count($attrs)){
1002 if ($show){
1003 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
1004 flush();
1005 }
1006 $nattrs= array("gosaUnitTag" => $tag);
1007 $nattrs['objectClass']= array();
1008 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1009 $oc= $attrs['objectClass'][$i];
1010 if ($oc != "gosaAdministrativeUnitTag"){
1011 $nattrs['objectClass'][]= $oc;
1012 }
1013 }
1014 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
1015 $ldap->cd($dn);
1016 $ldap->modify($nattrs);
1017 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1018 } else {
1019 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
1020 }
1022 } else {
1023 /* Remove objectclass and attribute */
1024 $ldap= $this->config->get_ldap_link();
1025 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1026 $attrs= $ldap->fetch();
1027 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
1028 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
1029 return;
1030 }
1031 if (count($attrs)){
1032 if ($show){
1033 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1034 flush();
1035 }
1036 $nattrs= array("gosaUnitTag" => array());
1037 $nattrs['objectClass']= array();
1038 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1039 $oc= $attrs['objectClass'][$i];
1040 if ($oc != "gosaAdministrativeUnitTag"){
1041 $nattrs['objectClass'][]= $oc;
1042 }
1043 }
1044 $ldap->cd($dn);
1045 $ldap->modify($nattrs);
1046 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1047 } else {
1048 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1049 }
1050 }
1052 }
1055 /* Add possibility to stop remove process */
1056 function allow_remove()
1057 {
1058 $reason= "";
1059 return $reason;
1060 }
1063 /* Create a snapshot of the current object */
1064 function create_snapshot($type= "snapshot", $description= array())
1065 {
1067 /* Check if snapshot functionality is enabled */
1068 if(!$this->snapshotEnabled()){
1069 return;
1070 }
1072 /* Get configuration from gosa.conf */
1073 $tmp = $this->config->current;
1075 /* Create lokal ldap connection */
1076 $ldap= $this->config->get_ldap_link();
1077 $ldap->cd($this->config->current['BASE']);
1079 /* check if there are special server configurations for snapshots */
1080 if(!isset($tmp['SNAPSHOT_SERVER'])){
1082 /* Source and destination server are both the same, just copy source to dest obj */
1083 $ldap_to = $ldap;
1084 $snapldapbase = $this->config->current['BASE'];
1086 }else{
1087 $server = $tmp['SNAPSHOT_SERVER'];
1088 $user = $tmp['SNAPSHOT_USER'];
1089 $password = $tmp['SNAPSHOT_PASSWORD'];
1090 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1092 $ldap_to = new LDAP($user,$password, $server);
1093 $ldap_to -> cd($snapldapbase);
1094 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1095 }
1097 /* check if the dn exists */
1098 if ($ldap->dn_exists($this->dn)){
1100 /* Extract seconds & mysecs, they are used as entry index */
1101 list($usec, $sec)= explode(" ", microtime());
1103 /* Collect some infos */
1104 $base = $this->config->current['BASE'];
1105 $snap_base = $tmp['SNAPSHOT_BASE'];
1106 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1107 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1109 /* Create object */
1110 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1111 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1112 $newName = preg_replace("/\./", "", $sec."-".$usec);
1113 $target= array();
1114 $target['objectClass'] = array("top", "gosaSnapshotObject");
1115 $target['gosaSnapshotData'] = gzcompress($data, 6);
1116 $target['gosaSnapshotType'] = $type;
1117 $target['gosaSnapshotDN'] = $this->dn;
1118 $target['description'] = $description;
1119 $target['gosaSnapshotTimestamp'] = $newName;
1121 /* Insert the new snapshot
1122 But we have to check first, if the given gosaSnapshotTimestamp
1123 is already used, in this case we should increment this value till there is
1124 an unused value. */
1125 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1126 $ldap_to->cat($new_dn);
1127 while($ldap_to->count()){
1128 $ldap_to->cat($new_dn);
1129 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1130 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1131 $target['gosaSnapshotTimestamp'] = $newName;
1132 }
1134 /* Inset this new snapshot */
1135 $ldap_to->cd($snapldapbase);
1136 $ldap_to->create_missing_trees($new_base);
1137 $ldap_to->cd($new_dn);
1138 $ldap_to->add($target);
1140 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1141 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1142 }
1143 }
1145 function remove_snapshot($dn)
1146 {
1147 $ui = get_userinfo();
1148 $old_dn = $this->dn;
1149 $this->dn = $dn;
1150 $ldap = $this->config->get_ldap_link();
1151 $ldap->cd($this->config->current['BASE']);
1152 $ldap->rmdir_recursive($dn);
1153 $this->dn = $old_dn;
1154 }
1157 /* returns true if snapshots are enabled, and false if it is disalbed
1158 There will also be some errors psoted, if the configuration failed */
1159 function snapshotEnabled()
1160 {
1161 $tmp = $this->config->current;
1162 if(isset($tmp['ENABLE_SNAPSHOT'])){
1163 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1165 /* Check if the snapshot_base is defined */
1166 if(!isset($tmp['SNAPSHOT_BASE'])){
1167 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),"SNAPSHOT_BASE"));
1168 return(FALSE);
1169 }
1171 /* check if there are special server configurations for snapshots */
1172 if(isset($tmp['SNAPSHOT_SERVER'])){
1174 /* check if all required vars are available to create a new ldap connection */
1175 $missing = "";
1176 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){
1177 if(!isset($tmp[$var])){
1178 $missing .= $var." ";
1179 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1180 return(FALSE);
1181 }
1182 }
1183 }
1184 return(TRUE);
1185 }
1186 }
1187 return(FALSE);
1188 }
1191 /* Return available snapshots for the given base
1192 */
1193 function Available_SnapsShots($dn,$raw = false)
1194 {
1195 if(!$this->snapshotEnabled()) return(array());
1197 /* Create an additional ldap object which
1198 points to our ldap snapshot server */
1199 $ldap= $this->config->get_ldap_link();
1200 $ldap->cd($this->config->current['BASE']);
1201 $cfg= &$this->config->current;
1203 /* check if there are special server configurations for snapshots */
1204 if(isset($cfg['SNAPSHOT_SERVER'])){
1205 $server = $cfg['SNAPSHOT_SERVER'];
1206 $user = $cfg['SNAPSHOT_USER'];
1207 $password = $cfg['SNAPSHOT_PASSWORD'];
1208 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1209 $ldap_to = new LDAP($user,$password, $server);
1210 $ldap_to -> cd ($snapldapbase);
1211 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1212 }else{
1213 $ldap_to = $ldap;
1214 }
1216 /* Prepare bases and some other infos */
1217 $base = $this->config->current['BASE'];
1218 $snap_base = $cfg['SNAPSHOT_BASE'];
1219 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1220 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1221 $tmp = array();
1223 /* Fetch all objects with gosaSnapshotDN=$dn */
1224 $ldap_to->cd($new_base);
1225 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1226 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1228 /* Put results into a list and add description if missing */
1229 while($entry = $ldap_to->fetch()){
1230 if(!isset($entry['description'][0])){
1231 $entry['description'][0] = "";
1232 }
1233 $tmp[] = $entry;
1234 }
1236 /* Return the raw array, or format the result */
1237 if($raw){
1238 return($tmp);
1239 }else{
1240 $tmp2 = array();
1241 foreach($tmp as $entry){
1242 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1243 }
1244 }
1245 return($tmp2);
1246 }
1249 function getAllDeletedSnapshots($base_of_object,$raw = false)
1250 {
1251 if(!$this->snapshotEnabled()) return(array());
1253 /* Create an additional ldap object which
1254 points to our ldap snapshot server */
1255 $ldap= $this->config->get_ldap_link();
1256 $ldap->cd($this->config->current['BASE']);
1257 $cfg= &$this->config->current;
1259 /* check if there are special server configurations for snapshots */
1260 if(isset($cfg['SNAPSHOT_SERVER'])){
1261 $server = $cfg['SNAPSHOT_SERVER'];
1262 $user = $cfg['SNAPSHOT_USER'];
1263 $password = $cfg['SNAPSHOT_PASSWORD'];
1264 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1265 $ldap_to = new LDAP($user,$password, $server);
1266 $ldap_to->cd ($snapldapbase);
1267 show_ldap_error($ldap_to->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1268 }else{
1269 $ldap_to = $ldap;
1270 }
1272 /* Prepare bases */
1273 $base = $this->config->current['BASE'];
1274 $snap_base = $cfg['SNAPSHOT_BASE'];
1275 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1277 /* Fetch all objects and check if they do not exist anymore */
1278 $ui = get_userinfo();
1279 $tmp = array();
1280 $ldap_to->cd($new_base);
1281 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1282 while($entry = $ldap_to->fetch()){
1284 $chk = str_replace($new_base,"",$entry['dn']);
1285 if(preg_match("/,ou=/",$chk)) continue;
1287 if(!isset($entry['description'][0])){
1288 $entry['description'][0] = "";
1289 }
1290 $tmp[] = $entry;
1291 }
1293 /* Check if entry still exists */
1294 foreach($tmp as $key => $entry){
1295 $ldap->cat($entry['gosaSnapshotDN'][0]);
1296 if($ldap->count()){
1297 unset($tmp[$key]);
1298 }
1299 }
1301 /* Format result as requested */
1302 if($raw) {
1303 return($tmp);
1304 }else{
1305 $tmp2 = array();
1306 foreach($tmp as $key => $entry){
1307 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1308 }
1309 }
1310 return($tmp2);
1311 }
1314 /* Restore selected snapshot */
1315 function restore_snapshot($dn)
1316 {
1317 if(!$this->snapshotEnabled()) return(array());
1319 $ldap= $this->config->get_ldap_link();
1320 $ldap->cd($this->config->current['BASE']);
1321 $cfg= &$this->config->current;
1323 /* check if there are special server configurations for snapshots */
1324 if(isset($cfg['SNAPSHOT_SERVER'])){
1325 $server = $cfg['SNAPSHOT_SERVER'];
1326 $user = $cfg['SNAPSHOT_USER'];
1327 $password = $cfg['SNAPSHOT_PASSWORD'];
1328 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1329 $ldap_to = new LDAP($user,$password, $server);
1330 $ldap_to->cd ($snapldapbase);
1331 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1332 }else{
1333 $ldap_to = $ldap;
1334 }
1336 /* Get the snapshot */
1337 $ldap_to->cat($dn);
1338 $restoreObject = $ldap_to->fetch();
1340 /* Prepare import string */
1341 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1343 /* Import the given data */
1344 $ldap->import_complete_ldif($data,$err,false,false);
1345 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1346 }
1349 function showSnapshotDialog($base,$baseSuffixe)
1350 {
1351 $once = true;
1352 foreach($_POST as $name => $value){
1354 /* Create a new snapshot, display a dialog */
1355 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1356 $once = false;
1357 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1358 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1359 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1360 }
1362 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1363 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1364 $once = false;
1365 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1366 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1367 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1368 $this->snapDialog->display_restore_dialog = true;
1369 }
1371 /* Restore one of the already deleted objects */
1372 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1373 $once = false;
1374 $this->snapDialog = new SnapShotDialog($this->config,"",$this);
1375 $this->snapDialog->set_snapshot_bases($baseSuffixe);
1376 $this->snapDialog->display_restore_dialog = true;
1377 $this->snapDialog->display_all_removed_objects = true;
1378 }
1380 /* Restore selected snapshot */
1381 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1382 $once = false;
1383 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1384 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1385 if(!empty($entry)){
1386 $this->restore_snapshot($entry);
1387 $this->snapDialog = NULL;
1388 }
1389 }
1390 }
1392 /* Create a new snapshot requested, check
1393 the given attributes and create the snapshot*/
1394 if(isset($_POST['CreateSnapshot'])){
1395 $this->snapDialog->save_object();
1396 $msgs = $this->snapDialog->check();
1397 if(count($msgs)){
1398 foreach($msgs as $msg){
1399 print_red($msg);
1400 }
1401 }else{
1402 $this->dn = $this->snapDialog->dn;
1403 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1404 $this->snapDialog = NULL;
1405 }
1406 }
1408 /* Restore is requested, restore the object with the posted dn .*/
1409 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1410 }
1412 if(isset($_POST['CancelSnapshot'])){
1413 $this->snapDialog = NULL;
1414 }
1416 if(is_object($this->snapDialog )){
1417 $this->snapDialog->save_object();
1418 return($this->snapDialog->execute());
1419 }
1420 }
1423 function plInfo()
1424 {
1425 return array();
1426 }
1429 function set_acl_base($base)
1430 {
1431 $this->acl_base= $base;
1432 }
1435 function set_acl_category($category)
1436 {
1437 $this->acl_category= "$category/";
1438 }
1441 function acl_is_writeable($attribute,$skip_write = FALSE)
1442 {
1443 $ui= get_userinfo();
1444 return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
1445 }
1448 function acl_is_readable($attribute)
1449 {
1450 $ui= get_userinfo();
1451 return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
1452 }
1455 function acl_is_createable()
1456 {
1457 $ui= get_userinfo();
1458 return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1459 }
1462 function acl_is_removeable()
1463 {
1464 $ui= get_userinfo();
1465 return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1466 }
1469 function acl_is_moveable()
1470 {
1471 $ui= get_userinfo();
1472 return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1473 }
1476 function acl_have_any_permissions()
1477 {
1478 }
1481 function getacl($attribute,$skip_write= FALSE)
1482 {
1483 $ui= get_userinfo();
1484 return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
1485 }
1487 /* Get all allowed bases to move an object to or to create a new object.
1488 Idepartments also contains all base departments which lead to the allowed bases */
1489 function get_allowed_bases($category = "")
1490 {
1491 $ui = get_userinfo();
1492 $deps = array();
1494 /* Set category */
1495 if(empty($category)){
1496 $category = $this->acl_category.get_class($this);
1497 }
1499 /* Is this a new object ? Or just an edited existing object */
1500 if(!$this->initially_was_account && $this->is_account){
1501 $new = true;
1502 }else{
1503 $new = false;
1504 }
1506 $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
1507 foreach($this->config->idepartments as $dn => $name){
1509 if(!in_array_ics($dn,$cat_bases)){
1510 continue;
1511 }
1513 $acl = $ui->get_permissions($dn,$category);
1514 if($new && preg_match("/c/",$acl)){
1515 $deps[$dn] = $name;
1516 }elseif(!$new && preg_match("/m/",$acl)){
1517 $deps[$dn] = $name;
1518 }
1519 }
1521 /* Add current base */
1522 if(isset($this->base) && isset($this->config->idepartments[$this->base])){
1523 $deps[$this->base] = $this->config->idepartments[$this->base];
1524 }else{
1525 echo "No default base found. ".$this->base."<br> ";
1526 }
1528 return($deps);
1529 }
1531 /* This function modifies object acls too, if an object is moved.
1532 * $old_dn specifies the actually used dn
1533 * $new_dn specifies the destiantion dn
1534 */
1535 function update_acls($old_dn,$new_dn,$output_changes = FALSE)
1536 {
1537 /* Check if old_dn is empty. This should never happen */
1538 if(empty($old_dn) || empty($new_dn)){
1539 trigger_error("Failed to check acl dependencies, wrong dn given.");
1540 return;
1541 }
1543 /* Update userinfo if necessary */
1544 if($_SESSION['ui']->dn == $old_dn){
1545 $_SESSION['ui']->dn = $new_dn;
1546 new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
1547 }
1549 /* Object was moved, ensure that all acls will be moved too */
1550 if($new_dn != $old_dn && $old_dn != "new"){
1552 /* get_ldap configuration */
1553 $update = array();
1554 $ldap = $this->config->get_ldap_link();
1555 $ldap->cd ($this->config->current['BASE']);
1556 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
1557 while($attrs = $ldap->fetch()){
1559 $acls = array();
1561 /* Walk through acls */
1562 for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
1564 /* Reset vars */
1565 $found = false;
1567 /* Get Acl parts */
1568 $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
1570 /* Get every single member for this acl */
1571 $members = array();
1572 if(preg_match("/,/",$acl_parts[2])){
1573 $members = split(",",$acl_parts[2]);
1574 }else{
1575 $members = array($acl_parts[2]);
1576 }
1578 /* Check if member match current dn */
1579 foreach($members as $key => $member){
1580 $member = base64_decode($member);
1581 if($member == $old_dn){
1582 $found = true;
1583 $members[$key] = base64_encode($new_dn);
1584 }
1585 }
1587 /* Create new member string */
1588 $new_members = "";
1589 foreach($members as $member){
1590 $new_members .= $member.",";
1591 }
1592 $new_members = preg_replace("/,$/","",$new_members);
1593 $acl_parts[2] = $new_members;
1595 /* Reconstruckt acl entry */
1596 $acl_str ="";
1597 foreach($acl_parts as $t){
1598 $acl_str .= $t.":";
1599 }
1600 $acl_str = preg_replace("/:$/","",$acl_str);
1601 }
1603 /* Acls for this object must be adjusted */
1604 if($found){
1606 if($output_changes){
1607 echo "<font color='green'>".
1608 _("Changing ACL dn")." : <br> -"._("from")." <b> ".
1609 $old_dn.
1610 "</b><br> -"._("to")." <b>".
1611 $new_dn.
1612 "</b></font><br>";
1613 }
1614 $update[$attrs['dn']] =array();
1615 foreach($acls as $acl){
1616 $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
1617 }
1618 }
1619 }
1621 /* Write updated acls */
1622 foreach($update as $dn => $attrs){
1623 $ldap->cd($dn);
1624 $ldap->modify($attrs);
1625 }
1626 }
1627 }
1628 }
1629 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1630 ?>