1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $is_new= TRUE;
109 var $saved_attributes= array();
111 var $acl_base= "";
112 var $acl_category= "";
114 /* Plugin identifier */
115 var $plHeadline= "";
116 var $plDescription= "";
118 /* This can be set to render the tabulators in another stylesheet */
119 var $pl_notify= FALSE;
121 /*! \brief plugin constructor
123 If 'dn' is set, the node loads the given 'dn' from LDAP
125 \param dn Distinguished name to initialize plugin from
126 \sa plugin()
127 */
128 function plugin (&$config, $dn= NULL, $parent= NULL)
129 {
130 /* Configuration is fine, allways */
131 $this->config= &$config;
132 $this->dn= $dn;
134 /* Handle new accounts, don't read information from LDAP */
135 if ($dn == "new"){
136 return;
137 }
139 /* Save current dn as acl_base */
140 $this->acl_base= $dn;
142 /* Get LDAP descriptor */
143 $ldap= $this->config->get_ldap_link();
144 if ($dn != NULL){
146 /* Load data to 'attrs' and save 'dn' */
147 if ($parent != NULL){
148 $this->attrs= $parent->attrs;
149 } else {
150 $ldap->cat ($dn);
151 $this->attrs= $ldap->fetch();
152 }
154 /* Copy needed attributes */
155 foreach ($this->attributes as $val){
156 $found= array_key_ics($val, $this->attrs);
157 if ($found != ""){
158 $this->$val= $this->attrs["$found"][0];
159 }
160 }
162 /* gosaUnitTag loading... */
163 if (isset($this->attrs['gosaUnitTag'][0])){
164 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
165 }
167 /* Set the template flag according to the existence of objectClass
168 gosaUserTemplate */
169 if (isset($this->attrs['objectClass'])){
170 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
171 $this->is_template= TRUE;
172 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
173 "found", "Template check");
174 }
175 }
177 /* Is Account? */
178 error_reporting(0);
179 $found= TRUE;
180 foreach ($this->objectclasses as $obj){
181 if (preg_match('/top/i', $obj)){
182 continue;
183 }
184 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
185 $found= FALSE;
186 break;
187 }
188 }
189 error_reporting(E_ALL | E_STRICT);
190 if ($found){
191 $this->is_account= TRUE;
192 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
193 "found", "Object check");
194 }
196 /* Prepare saved attributes */
197 $this->saved_attributes= $this->attrs;
198 foreach ($this->saved_attributes as $index => $value){
199 if (preg_match('/^[0-9]+$/', $index)){
200 unset($this->saved_attributes[$index]);
201 continue;
202 }
203 if (!in_array($index, $this->attributes) && $index != "objectClass"){
204 unset($this->saved_attributes[$index]);
205 continue;
206 }
207 if ($this->saved_attributes[$index]["count"] == 1){
208 $tmp= $this->saved_attributes[$index][0];
209 unset($this->saved_attributes[$index]);
210 $this->saved_attributes[$index]= $tmp;
211 continue;
212 }
214 unset($this->saved_attributes["$index"]["count"]);
215 }
216 }
218 /* Save initial account state */
219 $this->initially_was_account= $this->is_account;
220 }
222 /*! \brief execute plugin
224 Generates the html output for this node
225 */
226 function execute()
227 {
228 /* This one is empty currently. Fabian - please fill in the docu code */
229 $_SESSION['current_class_for_help'] = get_class($this);
231 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
232 $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
233 }
235 /*! \brief execute plugin
236 Removes object from parent
237 */
238 function remove_from_parent()
239 {
240 /* include global link_info */
241 $ldap= $this->config->get_ldap_link();
243 /* Get current objectClasses in order to add the required ones */
244 $ldap->cat($this->dn);
245 $tmp= $ldap->fetch ();
246 $oc= array();
247 if (isset($tmp['objectClass'])){
248 $oc= $tmp['objectClass'];
249 unset($oc['count']);
250 }
252 /* Remove objectClasses from entry */
253 $ldap->cd($this->dn);
254 $this->attrs= array();
255 $this->attrs['objectClass']= array_remove_entries($this->objectclasses,$oc);
257 /* Unset attributes from entry */
258 foreach ($this->attributes as $val){
259 $this->attrs["$val"]= array();
260 }
262 /* Unset account info */
263 $this->is_account= FALSE;
265 /* Do not write in plugin base class, this must be done by
266 children, since there are normally additional attribs,
267 lists, etc. */
268 /*
269 $ldap->modify($this->attrs);
270 */
271 }
274 /* Save data to object */
275 function save_object()
276 {
277 /* Save values to object */
278 foreach ($this->attributes as $val){
279 if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
280 /* Check for modifications */
281 if (get_magic_quotes_gpc()) {
282 $data= stripcslashes($_POST["$val"]);
283 } else {
284 $data= $this->$val = $_POST["$val"];
285 }
286 if ($this->$val != $data){
287 $this->is_modified= TRUE;
288 }
290 /* Okay, how can I explain this fix ...
291 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
292 * So IE posts these 'unselectable' option, with value = chr(194)
293 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
294 * This was added for W3c compliance, but now causes these ... ldap errors ...
295 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
296 */
297 if(isset($data[0]) && $data[0] == chr(194)) {
298 $data = "";
299 }
300 $this->$val= $data;
301 //echo "<font color='blue'>".$val."</font><br>";
302 }else{
303 //echo "<font color='red'>".$val."</font><br>";
304 }
305 }
306 }
309 /* Save data to LDAP, depending on is_account we save or delete */
310 function save()
311 {
312 /* include global link_info */
313 $ldap= $this->config->get_ldap_link();
315 /* Start with empty array */
316 $this->attrs= array();
318 /* Get current objectClasses in order to add the required ones */
319 $ldap->cat($this->dn);
321 $tmp= $ldap->fetch ();
323 if (isset($tmp['objectClass'])){
324 $oc= $tmp["objectClass"];
325 $this->is_new= FALSE;
326 } else {
327 $oc= array("count" => 0);
328 $this->is_new= TRUE;
329 }
331 /* Load (minimum) attributes, add missing ones */
332 $this->attrs['objectClass']= $this->objectclasses;
333 for ($i= 0; $i<$oc["count"]; $i++){
334 if (!in_array_ics($oc[$i], $this->objectclasses)){
335 $this->attrs['objectClass'][]= $oc[$i];
336 }
337 }
339 /* Copy standard attributes */
340 foreach ($this->attributes as $val){
341 if ($this->$val != ""){
342 $this->attrs["$val"]= $this->$val;
343 } elseif (!$this->is_new) {
344 $this->attrs["$val"]= array();
345 }
346 }
348 }
351 function cleanup()
352 {
353 foreach ($this->attrs as $index => $value){
355 /* Convert arrays with one element to non arrays, if the saved
356 attributes are no array, too */
357 if (is_array($this->attrs[$index]) &&
358 count ($this->attrs[$index]) == 1 &&
359 isset($this->saved_attributes[$index]) &&
360 !is_array($this->saved_attributes[$index])){
362 $tmp= $this->attrs[$index][0];
363 $this->attrs[$index]= $tmp;
364 }
366 /* Remove emtpy arrays if they do not differ */
367 if (is_array($this->attrs[$index]) &&
368 count($this->attrs[$index]) == 0 &&
369 !isset($this->saved_attributes[$index])){
371 unset ($this->attrs[$index]);
372 continue;
373 }
375 /* Remove single attributes that do not differ */
376 if (!is_array($this->attrs[$index]) &&
377 isset($this->saved_attributes[$index]) &&
378 !is_array($this->saved_attributes[$index]) &&
379 $this->attrs[$index] == $this->saved_attributes[$index]){
381 unset ($this->attrs[$index]);
382 continue;
383 }
385 /* Remove arrays that do not differ */
386 if (is_array($this->attrs[$index]) &&
387 isset($this->saved_attributes[$index]) &&
388 is_array($this->saved_attributes[$index])){
390 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
391 unset ($this->attrs[$index]);
392 continue;
393 }
394 }
395 }
397 /* Update saved attributes and ensure that next cleanups will be successful too */
398 foreach($this->attrs as $name => $value){
399 $this->saved_attributes[$name] = $value;
400 }
401 }
403 /* Check formular input */
404 function check()
405 {
406 $message= array();
408 /* Skip if we've no config object */
409 if (!isset($this->config)){
410 return $message;
411 }
413 /* Find hooks entries for this class */
414 $command= search_config($this->config->data['MENU'], get_class($this), "CHECK");
415 if ($command == "" && isset($this->config->data['TABS'])){
416 $command= search_config($this->config->data['TABS'], get_class($this), "CHECK");
417 }
419 if ($command != ""){
421 if (!check_command($command)){
422 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
423 get_class($this));
424 } else {
426 /* Generate "ldif" for check hook */
427 $ldif= "dn: $this->dn\n";
429 /* ... objectClasses */
430 foreach ($this->objectclasses as $oc){
431 $ldif.= "objectClass: $oc\n";
432 }
434 /* ... attributes */
435 foreach ($this->attributes as $attr){
436 if ($this->$attr == ""){
437 continue;
438 }
439 if (is_array($this->$attr)){
440 foreach ($this->$attr as $val){
441 $ldif.= "$attr: $val\n";
442 }
443 } else {
444 $ldif.= "$attr: ".$this->$attr."\n";
445 }
446 }
448 /* Append empty line */
449 $ldif.= "\n";
451 /* Feed "ldif" into hook and retrieve result*/
452 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
453 $fh= proc_open($command, $descriptorspec, $pipes);
454 if (is_resource($fh)) {
455 fwrite ($pipes[0], $ldif);
456 fclose($pipes[0]);
458 $result= stream_get_contents($pipes[1]);
459 if ($result != ""){
460 $message[]= $result;
461 }
463 fclose($pipes[1]);
464 fclose($pipes[2]);
465 proc_close($fh);
466 }
467 }
469 }
471 return ($message);
472 }
474 /* Adapt from template, using 'dn' */
475 function adapt_from_template($dn)
476 {
477 /* Include global link_info */
478 $ldap= $this->config->get_ldap_link();
480 /* Load requested 'dn' to 'attrs' */
481 $ldap->cat ($dn);
482 $this->attrs= $ldap->fetch();
484 /* Walk through attributes */
485 foreach ($this->attributes as $val){
487 if (isset($this->attrs["$val"][0])){
489 /* If attribute is set, replace dynamic parts:
490 %sn, %givenName and %uid. Fill these in our local variables. */
491 $value= $this->attrs["$val"][0];
493 foreach (array("sn", "givenName", "uid") as $repl){
494 if (preg_match("/%$repl/i", $value)){
495 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
496 }
497 }
498 $this->$val= $value;
499 }
500 }
502 /* Is Account? */
503 $found= TRUE;
504 foreach ($this->objectclasses as $obj){
505 if (preg_match('/top/i', $obj)){
506 continue;
507 }
508 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
509 $found= FALSE;
510 break;
511 }
512 }
513 if ($found){
514 $this->is_account= TRUE;
515 }
516 }
518 /* Indicate whether a password change is needed or not */
519 function password_change_needed()
520 {
521 return FALSE;
522 }
525 /* Show header message for tab dialogs */
526 function show_enable_header($button_text, $text, $disabled= FALSE)
527 {
528 if (($disabled == TRUE) || (!$this->acl_is_createable())){
529 $state= "disabled";
530 } else {
531 $state= "";
532 }
533 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
534 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
535 "><p class=\"seperator\"> </p></td></tr></table>";
537 return($display);
538 }
541 /* Show header message for tab dialogs */
542 function show_disable_header($button_text, $text, $disabled= FALSE)
543 {
544 if (($disabled == TRUE) || !$this->acl_is_removeable()){
545 $state= "disabled";
546 } else {
547 $state= "";
548 }
549 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
550 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
551 "><p class=\"seperator\"> </p></td></tr></table>";
553 return($display);
554 }
557 /* Show header message for tab dialogs */
558 function show_header($button_text, $text, $disabled= FALSE)
559 {
560 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
561 if ($disabled == TRUE){
562 $state= "disabled";
563 } else {
564 $state= "";
565 }
566 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
567 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
568 ($this->acl_is_createable()?'':'disabled')." ".$state.
569 "><p class=\"seperator\"> </p></td></tr></table>";
571 return($display);
572 }
575 function postcreate($add_attrs= array())
576 {
577 /* Find postcreate entries for this class */
578 $command= search_config($this->config->data['MENU'], get_class($this), "POSTCREATE");
579 if ($command == "" && isset($this->config->data['TABS'])){
580 $command= search_config($this->config->data['TABS'], get_class($this), "POSTCREATE");
581 }
583 if ($command != ""){
585 /* Additional attributes */
586 foreach ($add_attrs as $name => $value){
587 $command= preg_replace("/%$name/", $value, $command);
588 }
590 /* Walk through attribute list */
591 foreach ($this->attributes as $attr){
592 if (!is_array($this->$attr)){
593 $command= preg_replace("/%$attr/", $this->$attr, $command);
594 }
595 }
596 $command= preg_replace("/%dn/", $this->dn, $command);
598 if (check_command($command)){
599 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
600 $command, "Execute");
602 exec($command);
603 } else {
604 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
605 print_red ($message);
606 }
607 }
608 }
610 function postmodify($add_attrs= array())
611 {
612 /* Find postcreate entries for this class */
613 $command= search_config($this->config->data['MENU'], get_class($this), "POSTMODIFY");
614 if ($command == "" && isset($this->config->data['TABS'])){
615 $command= search_config($this->config->data['TABS'], get_class($this), "POSTMODIFY");
616 }
618 if ($command != ""){
620 /* Additional attributes */
621 foreach ($add_attrs as $name => $value){
622 $command= preg_replace("/%$name/", $value, $command);
623 }
625 /* Walk through attribute list */
626 foreach ($this->attributes as $attr){
627 if (!is_array($this->$attr)){
628 $command= preg_replace("/%$attr/", $this->$attr, $command);
629 }
630 }
631 $command= preg_replace("/%dn/", $this->dn, $command);
633 if (check_command($command)){
634 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
635 $command, "Execute");
637 exec($command);
638 } else {
639 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
640 print_red ($message);
641 }
642 }
643 }
645 function postremove($add_attrs= array())
646 {
647 /* Find postremove entries for this class */
648 $command= search_config($this->config->data['MENU'], get_class($this), "POSTREMOVE");
649 if ($command == "" && isset($this->config->data['TABS'])){
650 $command= search_config($this->config->data['TABS'], get_class($this), "POSTREMOVE");
651 }
653 if ($command != ""){
655 /* Additional attributes */
656 foreach ($add_attrs as $name => $value){
657 $command= preg_replace("/%$name/", $value, $command);
658 }
660 /* Walk through attribute list */
661 foreach ($this->attributes as $attr){
662 if (!is_array($this->$attr)){
663 $command= preg_replace("/%$attr/", $this->$attr, $command);
664 }
665 }
666 $command= preg_replace("/%dn/", $this->dn, $command);
668 /* Additional attributes */
669 foreach ($add_attrs as $name => $value){
670 $command= preg_replace("/%$name/", $value, $command);
671 }
673 if (check_command($command)){
674 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
675 $command, "Execute");
677 exec($command);
678 } else {
679 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
680 print_red ($message);
681 }
682 }
683 }
685 /* Create unique DN */
686 function create_unique_dn($attribute, $base)
687 {
688 $ldap= $this->config->get_ldap_link();
689 $base= preg_replace("/^,*/", "", $base);
691 /* Try to use plain entry first */
692 $dn= "$attribute=".$this->$attribute.",$base";
693 $ldap->cat ($dn, array('dn'));
694 if (!$ldap->fetch()){
695 return ($dn);
696 }
698 /* Look for additional attributes */
699 foreach ($this->attributes as $attr){
700 if ($attr == $attribute || $this->$attr == ""){
701 continue;
702 }
704 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
705 $ldap->cat ($dn, array('dn'));
706 if (!$ldap->fetch()){
707 return ($dn);
708 }
709 }
711 /* None found */
712 return ("none");
713 }
715 function rebind($ldap, $referral)
716 {
717 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
718 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
719 $this->error = "Success";
720 $this->hascon=true;
721 $this->reconnect= true;
722 return (0);
723 } else {
724 $this->error = "Could not bind to " . $credentials['ADMIN'];
725 return NULL;
726 }
727 }
729 /* This is a workaround function. */
730 function copy($src_dn, $dst_dn)
731 {
732 /* Rename dn in possible object groups */
733 $ldap= $this->config->get_ldap_link();
734 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
735 array('cn'));
736 while ($attrs= $ldap->fetch()){
737 $og= new ogroup($this->config, $ldap->getDN());
738 unset($og->member[$src_dn]);
739 $og->member[$dst_dn]= $dst_dn;
740 $og->save ();
741 }
743 $ldap->cat($dst_dn);
744 $attrs= $ldap->fetch();
745 if (count($attrs)){
746 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
747 E_USER_WARNING);
748 return (FALSE);
749 }
751 $ldap->cat($src_dn);
752 $attrs= $ldap->fetch();
753 if (!count($attrs)){
754 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
755 E_USER_WARNING);
756 return (FALSE);
757 }
759 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
760 $ds= ldap_connect($this->config->current['SERVER']);
761 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
762 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
763 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
764 }
766 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
767 error_reporting (0);
768 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
770 /* Fill data from LDAP */
771 $new= array();
772 if ($sr) {
773 $ei=ldap_first_entry($ds, $sr);
774 if ($ei) {
775 foreach($attrs as $attr => $val){
776 if ($info = ldap_get_values_len($ds, $ei, $attr)){
777 for ($i= 0; $i<$info['count']; $i++){
778 if ($info['count'] == 1){
779 $new[$attr]= $info[$i];
780 } else {
781 $new[$attr][]= $info[$i];
782 }
783 }
784 }
785 }
786 }
787 }
789 /* close conncetion */
790 error_reporting (E_ALL | E_STRICT);
791 ldap_unbind($ds);
793 /* Adapt naming attribute */
794 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
795 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
796 $new[$dst_name]= @LDAP::fix($dst_val);
798 /* Check if this is a department.
799 * If it is a dep. && there is a , override in his ou
800 * change \2C to , again, else this entry can't be saved ...
801 */
802 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
803 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
804 }
806 /* Save copy */
807 $ldap->connect();
808 $ldap->cd($this->config->current['BASE']);
810 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
812 /* FAIvariable=.../..., cn=..
813 could not be saved, because the attribute FAIvariable was different to
814 the dn FAIvariable=..., cn=... */
815 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
816 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
817 }
818 $ldap->cd($dst_dn);
819 $ldap->add($new);
821 if ($ldap->error != "Success"){
822 trigger_error("Trying to save $dst_dn failed.",
823 E_USER_WARNING);
824 return(FALSE);
825 }
827 return (TRUE);
828 }
831 function move($src_dn, $dst_dn)
832 {
833 /* Copy source to destination */
834 if (!$this->copy($src_dn, $dst_dn)){
835 return (FALSE);
836 }
838 /* Delete source */
839 $ldap= $this->config->get_ldap_link();
840 $ldap->rmdir($src_dn);
841 if ($ldap->error != "Success"){
842 trigger_error("Trying to delete $src_dn failed.",
843 E_USER_WARNING);
844 return (FALSE);
845 }
847 return (TRUE);
848 }
851 /* Move/Rename complete trees */
852 function recursive_move($src_dn, $dst_dn)
853 {
854 /* Check if the destination entry exists */
855 $ldap= $this->config->get_ldap_link();
857 /* Check if destination exists - abort */
858 $ldap->cat($dst_dn, array('dn'));
859 if ($ldap->fetch()){
860 trigger_error("recursive_move $dst_dn already exists.",
861 E_USER_WARNING);
862 return (FALSE);
863 }
865 /* Perform a search for all objects to be moved */
866 $objects= array();
867 $ldap->cd($src_dn);
868 $ldap->search("(objectClass=*)", array("dn"));
869 while($attrs= $ldap->fetch()){
870 $dn= $attrs['dn'];
871 $objects[$dn]= strlen($dn);
872 }
874 /* Sort objects by indent level */
875 asort($objects);
876 reset($objects);
878 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
879 foreach ($objects as $object => $len){
880 $src= $object;
881 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
882 if (!$this->copy($src, $dst)){
883 return (FALSE);
884 }
885 }
887 /* Remove src_dn */
888 $ldap->cd($src_dn);
889 $ldap->recursive_remove();
890 return (TRUE);
891 }
894 function handle_post_events($mode, $add_attrs= array())
895 {
896 switch ($mode){
897 case "add":
898 $this->postcreate($add_attrs);
899 break;
901 case "modify":
902 $this->postmodify($add_attrs);
903 break;
905 case "remove":
906 $this->postremove($add_attrs);
907 break;
908 }
909 }
912 function saveCopyDialog(){
913 }
916 function getCopyDialog(){
917 return(array("string"=>"","status"=>""));
918 }
921 function PrepareForCopyPaste($source)
922 {
923 $todo = $this->attributes;
924 if(isset($this->CopyPasteVars)){
925 $todo = array_merge($todo,$this->CopyPasteVars);
926 }
928 if(count($this->objectclasses)){
929 $this->is_account = TRUE;
930 foreach($this->objectclasses as $class){
931 if(!in_array($class,$source['objectClass'])){
932 $this->is_account = FALSE;
933 }
934 }
935 }
937 foreach($todo as $var){
938 if (isset($source[$var])){
939 if(isset($source[$var]['count'])){
940 if($source[$var]['count'] > 1){
941 $this->$var = array();
942 $tmp = array();
943 for($i = 0 ; $i < $source[$var]['count']; $i++){
944 $tmp = $source[$var][$i];
945 }
946 $this->$var = $tmp;
947 # echo $var."=".$tmp."<br>";
948 }else{
949 $this->$var = $source[$var][0];
950 # echo $var."=".$source[$var][0]."<br>";
951 }
952 }else{
953 $this->$var= $source[$var];
954 # echo $var."=".$source[$var]."<br>";
955 }
956 }
957 }
958 }
961 function handle_object_tagging($dn= "", $tag= "", $show= false)
962 {
963 //FIXME: How to optimize this? We have at least two
964 // LDAP accesses per object. It would be a good
965 // idea to have it integrated.
967 /* No dn? Self-operation... */
968 if ($dn == ""){
969 $dn= $this->dn;
971 /* No tag? Find it yourself... */
972 if ($tag == ""){
973 $len= strlen($dn);
975 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
976 $relevant= array();
977 foreach ($this->config->adepartments as $key => $ntag){
979 /* This one is bigger than our dn, its not relevant... */
980 if ($len <= strlen($key)){
981 continue;
982 }
984 /* This one matches with the latter part. Break and don't fix this entry */
985 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
986 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
987 $relevant[strlen($key)]= $ntag;
988 continue;
989 }
991 }
993 /* If we've some relevant tags to set, just get the longest one */
994 if (count($relevant)){
995 ksort($relevant);
996 $tmp= array_keys($relevant);
997 $idx= end($tmp);
998 $tag= $relevant[$idx];
999 $this->gosaUnitTag= $tag;
1000 }
1001 }
1002 }
1005 /* Set tag? */
1006 if ($tag != ""){
1007 /* Set objectclass and attribute */
1008 $ldap= $this->config->get_ldap_link();
1009 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1010 $attrs= $ldap->fetch();
1011 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
1012 if ($show) {
1013 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
1014 flush();
1015 }
1016 return;
1017 }
1018 if (count($attrs)){
1019 if ($show){
1020 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
1021 flush();
1022 }
1023 $nattrs= array("gosaUnitTag" => $tag);
1024 $nattrs['objectClass']= array();
1025 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1026 $oc= $attrs['objectClass'][$i];
1027 if ($oc != "gosaAdministrativeUnitTag"){
1028 $nattrs['objectClass'][]= $oc;
1029 }
1030 }
1031 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
1032 $ldap->cd($dn);
1033 $ldap->modify($nattrs);
1034 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1035 } else {
1036 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
1037 }
1039 } else {
1040 /* Remove objectclass and attribute */
1041 $ldap= $this->config->get_ldap_link();
1042 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1043 $attrs= $ldap->fetch();
1044 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
1045 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
1046 return;
1047 }
1048 if (count($attrs)){
1049 if ($show){
1050 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1051 flush();
1052 }
1053 $nattrs= array("gosaUnitTag" => array());
1054 $nattrs['objectClass']= array();
1055 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1056 $oc= $attrs['objectClass'][$i];
1057 if ($oc != "gosaAdministrativeUnitTag"){
1058 $nattrs['objectClass'][]= $oc;
1059 }
1060 }
1061 $ldap->cd($dn);
1062 $ldap->modify($nattrs);
1063 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1064 } else {
1065 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1066 }
1067 }
1069 }
1072 /* Add possibility to stop remove process */
1073 function allow_remove()
1074 {
1075 $reason= "";
1076 return $reason;
1077 }
1080 /* Create a snapshot of the current object */
1081 function create_snapshot($type= "snapshot", $description= array())
1082 {
1084 /* Check if snapshot functionality is enabled */
1085 if(!$this->snapshotEnabled()){
1086 return;
1087 }
1089 /* Get configuration from gosa.conf */
1090 $tmp = $this->config->current;
1092 /* Create lokal ldap connection */
1093 $ldap= $this->config->get_ldap_link();
1094 $ldap->cd($this->config->current['BASE']);
1096 /* check if there are special server configurations for snapshots */
1097 if(!isset($tmp['SNAPSHOT_SERVER'])){
1099 /* Source and destination server are both the same, just copy source to dest obj */
1100 $ldap_to = $ldap;
1101 $snapldapbase = $this->config->current['BASE'];
1103 }else{
1104 $server = $tmp['SNAPSHOT_SERVER'];
1105 $user = $tmp['SNAPSHOT_USER'];
1106 $password = $tmp['SNAPSHOT_PASSWORD'];
1107 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1109 $ldap_to = new LDAP($user,$password, $server);
1110 $ldap_to -> cd($snapldapbase);
1111 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1112 }
1114 /* check if the dn exists */
1115 if ($ldap->dn_exists($this->dn)){
1117 /* Extract seconds & mysecs, they are used as entry index */
1118 list($usec, $sec)= explode(" ", microtime());
1120 /* Collect some infos */
1121 $base = $this->config->current['BASE'];
1122 $snap_base = $tmp['SNAPSHOT_BASE'];
1123 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1124 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1126 /* Create object */
1127 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1128 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1129 $newName = preg_replace("/\./", "", $sec."-".$usec);
1130 $target= array();
1131 $target['objectClass'] = array("top", "gosaSnapshotObject");
1132 $target['gosaSnapshotData'] = gzcompress($data, 6);
1133 $target['gosaSnapshotType'] = $type;
1134 $target['gosaSnapshotDN'] = $this->dn;
1135 $target['description'] = $description;
1136 $target['gosaSnapshotTimestamp'] = $newName;
1138 /* Insert the new snapshot
1139 But we have to check first, if the given gosaSnapshotTimestamp
1140 is already used, in this case we should increment this value till there is
1141 an unused value. */
1142 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1143 $ldap_to->cat($new_dn);
1144 while($ldap_to->count()){
1145 $ldap_to->cat($new_dn);
1146 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1147 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1148 $target['gosaSnapshotTimestamp'] = $newName;
1149 }
1151 /* Inset this new snapshot */
1152 $ldap_to->cd($snapldapbase);
1153 $ldap_to->create_missing_trees($new_base);
1154 $ldap_to->cd($new_dn);
1155 $ldap_to->add($target);
1157 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1158 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1159 }
1160 }
1162 function remove_snapshot($dn)
1163 {
1164 $ui = get_userinfo();
1165 $old_dn = $this->dn;
1166 $this->dn = $dn;
1167 $ldap = $this->config->get_ldap_link();
1168 $ldap->cd($this->config->current['BASE']);
1169 $ldap->rmdir_recursive($dn);
1170 $this->dn = $old_dn;
1171 }
1174 /* returns true if snapshots are enabled, and false if it is disalbed
1175 There will also be some errors psoted, if the configuration failed */
1176 function snapshotEnabled()
1177 {
1178 $tmp = $this->config->current;
1179 if(isset($tmp['ENABLE_SNAPSHOT'])){
1180 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1182 /* Check if the snapshot_base is defined */
1183 if(!isset($tmp['SNAPSHOT_BASE'])){
1184 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),"SNAPSHOT_BASE"));
1185 return(FALSE);
1186 }
1188 /* check if there are special server configurations for snapshots */
1189 if(isset($tmp['SNAPSHOT_SERVER'])){
1191 /* check if all required vars are available to create a new ldap connection */
1192 $missing = "";
1193 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){
1194 if(!isset($tmp[$var])){
1195 $missing .= $var." ";
1196 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1197 return(FALSE);
1198 }
1199 }
1200 }
1201 return(TRUE);
1202 }
1203 }
1204 return(FALSE);
1205 }
1208 /* Return available snapshots for the given base
1209 */
1210 function Available_SnapsShots($dn,$raw = false)
1211 {
1212 if(!$this->snapshotEnabled()) return(array());
1214 /* Create an additional ldap object which
1215 points to our ldap snapshot server */
1216 $ldap= $this->config->get_ldap_link();
1217 $ldap->cd($this->config->current['BASE']);
1218 $cfg= &$this->config->current;
1220 /* check if there are special server configurations for snapshots */
1221 if(isset($cfg['SNAPSHOT_SERVER'])){
1222 $server = $cfg['SNAPSHOT_SERVER'];
1223 $user = $cfg['SNAPSHOT_USER'];
1224 $password = $cfg['SNAPSHOT_PASSWORD'];
1225 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1226 $ldap_to = new LDAP($user,$password, $server);
1227 $ldap_to -> cd ($snapldapbase);
1228 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1229 }else{
1230 $ldap_to = $ldap;
1231 }
1233 /* Prepare bases and some other infos */
1234 $base = $this->config->current['BASE'];
1235 $snap_base = $cfg['SNAPSHOT_BASE'];
1236 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1237 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1238 $tmp = array();
1240 /* Fetch all objects with gosaSnapshotDN=$dn */
1241 $ldap_to->cd($new_base);
1242 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1243 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1245 /* Put results into a list and add description if missing */
1246 while($entry = $ldap_to->fetch()){
1247 if(!isset($entry['description'][0])){
1248 $entry['description'][0] = "";
1249 }
1250 $tmp[] = $entry;
1251 }
1253 /* Return the raw array, or format the result */
1254 if($raw){
1255 return($tmp);
1256 }else{
1257 $tmp2 = array();
1258 foreach($tmp as $entry){
1259 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1260 }
1261 }
1262 return($tmp2);
1263 }
1266 function getAllDeletedSnapshots($base_of_object,$raw = false)
1267 {
1268 if(!$this->snapshotEnabled()) return(array());
1270 /* Create an additional ldap object which
1271 points to our ldap snapshot server */
1272 $ldap= $this->config->get_ldap_link();
1273 $ldap->cd($this->config->current['BASE']);
1274 $cfg= &$this->config->current;
1276 /* check if there are special server configurations for snapshots */
1277 if(isset($cfg['SNAPSHOT_SERVER'])){
1278 $server = $cfg['SNAPSHOT_SERVER'];
1279 $user = $cfg['SNAPSHOT_USER'];
1280 $password = $cfg['SNAPSHOT_PASSWORD'];
1281 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1282 $ldap_to = new LDAP($user,$password, $server);
1283 $ldap_to->cd ($snapldapbase);
1284 show_ldap_error($ldap->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1285 }else{
1286 $ldap_to = $ldap;
1287 }
1289 /* Prepare bases */
1290 $base = $this->config->current['BASE'];
1291 $snap_base = $cfg['SNAPSHOT_BASE'];
1292 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1294 /* Fetch all objects and check if they do not exist anymore */
1295 $ui = get_userinfo();
1296 $tmp = array();
1297 $ldap_to->cd($new_base);
1298 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1299 while($entry = $ldap_to->fetch()){
1301 $chk = str_replace($new_base,"",$entry['dn']);
1302 if(preg_match("/,ou=/",$chk)) continue;
1304 if(!isset($entry['description'][0])){
1305 $entry['description'][0] = "";
1306 }
1307 $tmp[] = $entry;
1308 }
1310 /* Check if entry still exists */
1311 foreach($tmp as $key => $entry){
1312 $ldap->cat($entry['gosaSnapshotDN'][0]);
1313 if($ldap->count()){
1314 unset($tmp[$key]);
1315 }
1316 }
1318 /* Format result as requested */
1319 if($raw) {
1320 return($tmp);
1321 }else{
1322 $tmp2 = array();
1323 foreach($tmp as $key => $entry){
1324 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1325 }
1326 }
1327 return($tmp2);
1328 }
1331 /* Restore selected snapshot */
1332 function restore_snapshot($dn)
1333 {
1334 if(!$this->snapshotEnabled()) return(array());
1336 $ldap= $this->config->get_ldap_link();
1337 $ldap->cd($this->config->current['BASE']);
1338 $cfg= &$this->config->current;
1340 /* check if there are special server configurations for snapshots */
1341 if(isset($cfg['SNAPSHOT_SERVER'])){
1342 $server = $cfg['SNAPSHOT_SERVER'];
1343 $user = $cfg['SNAPSHOT_USER'];
1344 $password = $cfg['SNAPSHOT_PASSWORD'];
1345 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1346 $ldap_to = new LDAP($user,$password, $server);
1347 $ldap_to->cd ($snapldapbase);
1348 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1349 }else{
1350 $ldap_to = $ldap;
1351 }
1353 /* Get the snapshot */
1354 $ldap_to->cat($dn);
1355 $restoreObject = $ldap_to->fetch();
1357 /* Prepare import string */
1358 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1360 /* Import the given data */
1361 $ldap->import_complete_ldif($data,$err,false,false);
1362 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1363 }
1366 function showSnapshotDialog($base,$baseSuffixe)
1367 {
1368 $once = true;
1369 foreach($_POST as $name => $value){
1371 /* Create a new snapshot, display a dialog */
1372 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1373 $once = false;
1374 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1375 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1376 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1377 }
1379 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1380 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1381 $once = false;
1382 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1383 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1384 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1385 $this->snapDialog->display_restore_dialog = true;
1386 }
1388 /* Restore one of the already deleted objects */
1389 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1390 $once = false;
1391 $this->snapDialog = new SnapShotDialog($this->config,"",$this);
1392 $this->snapDialog->set_snapshot_bases($baseSuffixe);
1393 $this->snapDialog->display_restore_dialog = true;
1394 $this->snapDialog->display_all_removed_objects = true;
1395 }
1397 /* Restore selected snapshot */
1398 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1399 $once = false;
1400 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1401 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1402 if(!empty($entry)){
1403 $this->restore_snapshot($entry);
1404 $this->snapDialog = NULL;
1405 }
1406 }
1407 }
1409 /* Create a new snapshot requested, check
1410 the given attributes and create the snapshot*/
1411 if(isset($_POST['CreateSnapshot'])){
1412 $this->snapDialog->save_object();
1413 $msgs = $this->snapDialog->check();
1414 if(count($msgs)){
1415 foreach($msgs as $msg){
1416 print_red($msg);
1417 }
1418 }else{
1419 $this->dn = $this->snapDialog->dn;
1420 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1421 $this->snapDialog = NULL;
1422 }
1423 }
1425 /* Restore is requested, restore the object with the posted dn .*/
1426 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1427 }
1429 if(isset($_POST['CancelSnapshot'])){
1430 $this->snapDialog = NULL;
1431 }
1433 if($this->snapDialog){
1434 $this->snapDialog->save_object();
1435 return($this->snapDialog->execute());
1436 }
1437 }
1440 function plInfo()
1441 {
1442 return array();
1443 }
1446 function set_acl_base($base)
1447 {
1448 $this->acl_base= $base;
1449 }
1452 function set_acl_category($category)
1453 {
1454 $this->acl_category= "$category/";
1455 }
1458 function acl_is_writeable($attribute,$skip_write = FALSE)
1459 {
1460 $ui= get_userinfo();
1461 return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
1462 }
1465 function acl_is_readable($attribute)
1466 {
1467 $ui= get_userinfo();
1468 return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
1469 }
1472 function acl_is_createable()
1473 {
1474 $ui= get_userinfo();
1475 return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1476 }
1479 function acl_is_removeable()
1480 {
1481 $ui= get_userinfo();
1482 return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1483 }
1486 function acl_is_moveable()
1487 {
1488 $ui= get_userinfo();
1489 return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1490 }
1493 function acl_have_any_permissions()
1494 {
1495 }
1498 function getacl($attribute,$skip_write= FALSE)
1499 {
1500 $ui= get_userinfo();
1501 return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
1502 }
1504 /* Get all allowed bases to move an object to or to create a new object.
1505 Idepartments also contains all base departments which lead to the allowed bases */
1506 function get_allowed_bases($category = "")
1507 {
1508 $ui = get_userinfo();
1509 $deps = array();
1511 /* Set category */
1512 if(empty($category)){
1513 $category = $this->acl_category.get_class($this);
1514 }
1516 /* Is this a new object ? Or just an edited existing object */
1517 if(!$this->initially_was_account && $this->is_account){
1518 $new = true;
1519 }else{
1520 $new = false;
1521 }
1523 $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
1524 foreach($this->config->idepartments as $dn => $name){
1526 if(!in_array_ics($dn,$cat_bases)){
1527 continue;
1528 }
1530 $acl = $ui->get_permissions($dn,$category);
1531 if($new && preg_match("/c/",$acl)){
1532 $deps[$dn] = $name;
1533 }elseif(!$new && preg_match("/m/",$acl)){
1534 $deps[$dn] = $name;
1535 }
1536 }
1538 /* Add current base */
1539 if(isset($this->base) && isset($this->config->idepartments[$this->base])){
1540 $deps[$this->base] = $this->config->idepartments[$this->base];
1541 }else{
1542 echo "No default base found. ".$this->base."<br> ";
1543 }
1545 return($deps);
1546 }
1548 /* This function modifies object acls too, if an object is moved.
1549 * $old_dn specifies the actually used dn
1550 * $new_dn specifies the destiantion dn
1551 */
1552 function update_acls($old_dn,$new_dn,$output_changes = FALSE)
1553 {
1554 /* Check if old_dn is empty. This should never happen */
1555 if(empty($old_dn) || empty($new_dn)){
1556 trigger_error("Failed to check acl dependencies, wrong dn given.");
1557 return;
1558 }
1560 /* Update userinfo if necessary */
1561 if($_SESSION['ui']->dn == $old_dn){
1562 $_SESSION['ui']->dn = $new_dn;
1563 new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
1564 }
1566 /* Object was moved, ensure that all acls will be moved too */
1567 if($new_dn != $old_dn && $old_dn != "new"){
1569 /* get_ldap configuration */
1570 $update = array();
1571 $ldap = $this->config->get_ldap_link();
1572 $ldap->cd ($this->config->current['BASE']);
1573 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
1574 while($attrs = $ldap->fetch()){
1576 $acls = array();
1578 /* Walk through acls */
1579 for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
1581 /* Reset vars */
1582 $found = false;
1584 /* Get Acl parts */
1585 $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
1587 /* Get every single member for this acl */
1588 $members = array();
1589 if(preg_match("/,/",$acl_parts[2])){
1590 $members = split(",",$acl_parts[2]);
1591 }else{
1592 $members = array($acl_parts[2]);
1593 }
1595 /* Check if member match current dn */
1596 foreach($members as $key => $member){
1597 $member = base64_decode($member);
1598 if($member == $old_dn){
1599 $found = true;
1600 $members[$key] = base64_encode($new_dn);
1601 }
1602 }
1604 /* Create new member string */
1605 $new_members = "";
1606 foreach($members as $member){
1607 $new_members .= $member.",";
1608 }
1609 $new_members = preg_replace("/,$/","",$new_members);
1610 $acl_parts[2] = $new_members;
1612 /* Reconstruckt acl entry */
1613 $acl_str ="";
1614 foreach($acl_parts as $t){
1615 $acl_str .= $t.":";
1616 }
1617 $acl_str = preg_replace("/:$/","",$acl_str);
1618 }
1620 /* Acls for this object must be adjusted */
1621 if($found){
1623 if($output_changes){
1624 echo "<font color='green'>".
1625 _("Changing ACL dn")." : <br> -"._("from")." <b> ".
1626 $old_dn.
1627 "</b><br> -"._("to")." <b>".
1628 $new_dn.
1629 "</b></font><br>";
1630 }
1631 $update[$attrs['dn']] =array();
1632 foreach($acls as $acl){
1633 $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
1634 }
1635 }
1636 }
1638 /* Write updated acls */
1639 foreach($update as $dn => $attrs){
1640 $ldap->cd($dn);
1641 $ldap->modify($attrs);
1642 }
1643 }
1644 }
1645 }
1646 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1647 ?>