![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $is_new= TRUE;
109 var $saved_attributes= array();
111 var $acl_base= "";
112 var $acl_category= "";
114 /* Plugin identifier */
115 var $plHeadline= "";
116 var $plDescription= "";
118 /* This can be set to render the tabulators in another stylesheet */
119 var $pl_notify= FALSE;
122 /* This variable indicates that this class can handle multiple dns at once. */
123 var $multiple_support = FALSE;
125 /* This aviable indicates, that we are currently in multiple edit handle */
126 var $multiple_support_active = FALSE;
128 /*! \brief plugin constructor
130 If 'dn' is set, the node loads the given 'dn' from LDAP
132 \param dn Distinguished name to initialize plugin from
133 \sa plugin()
134 */
135 function plugin (&$config, $dn= NULL, $parent= NULL)
136 {
137 /* Configuration is fine, allways */
138 $this->config= &$config;
139 $this->dn= $dn;
141 /* Handle new accounts, don't read information from LDAP */
142 if ($dn == "new"){
143 return;
144 }
146 /* Save current dn as acl_base */
147 $this->acl_base= $dn;
149 /* Get LDAP descriptor */
150 $ldap= $this->config->get_ldap_link();
151 if ($dn !== NULL){
153 /* Load data to 'attrs' and save 'dn' */
154 if ($parent !== NULL){
155 $this->attrs= $parent->attrs;
156 } else {
157 $ldap->cat ($dn);
158 $this->attrs= $ldap->fetch();
159 }
161 /* Copy needed attributes */
162 foreach ($this->attributes as $val){
163 $found= array_key_ics($val, $this->attrs);
164 if ($found != ""){
165 $this->$val= $this->attrs["$found"][0];
166 }
167 }
169 /* gosaUnitTag loading... */
170 if (isset($this->attrs['gosaUnitTag'][0])){
171 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
172 }
174 /* Set the template flag according to the existence of objectClass
175 gosaUserTemplate */
176 if (isset($this->attrs['objectClass'])){
177 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
178 $this->is_template= TRUE;
179 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
180 "found", "Template check");
181 }
182 }
184 /* Is Account? */
185 $found= TRUE;
186 foreach ($this->objectclasses as $obj){
187 if (preg_match('/top/i', $obj)){
188 continue;
189 }
190 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
191 $found= FALSE;
192 break;
193 }
194 }
195 if ($found){
196 $this->is_account= TRUE;
197 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
198 "found", "Object check");
199 }
201 /* Prepare saved attributes */
202 $this->saved_attributes= $this->attrs;
203 foreach ($this->saved_attributes as $index => $value){
204 if (preg_match('/^[0-9]+$/', $index)){
205 unset($this->saved_attributes[$index]);
206 continue;
207 }
208 if (!in_array($index, $this->attributes) && $index != "objectClass"){
209 unset($this->saved_attributes[$index]);
210 continue;
211 }
212 if ($this->saved_attributes[$index]["count"] == 1){
213 $tmp= $this->saved_attributes[$index][0];
214 unset($this->saved_attributes[$index]);
215 $this->saved_attributes[$index]= $tmp;
216 continue;
217 }
219 unset($this->saved_attributes["$index"]["count"]);
220 }
221 }
223 /* Save initial account state */
224 $this->initially_was_account= $this->is_account;
225 }
227 /*! \brief execute plugin
229 Generates the html output for this node
230 */
231 function execute()
232 {
233 /* This one is empty currently. Fabian - please fill in the docu code */
234 $_SESSION['current_class_for_help'] = get_class($this);
236 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
237 $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
238 }
240 /*! \brief execute plugin
241 Removes object from parent
242 */
243 function remove_from_parent()
244 {
245 /* include global link_info */
246 $ldap= $this->config->get_ldap_link();
248 /* Get current objectClasses in order to add the required ones */
249 $ldap->cat($this->dn);
250 $tmp= $ldap->fetch ();
251 $oc= array();
252 if (isset($tmp['objectClass'])){
253 $oc= $tmp['objectClass'];
254 unset($oc['count']);
255 }
257 /* Remove objectClasses from entry */
258 $ldap->cd($this->dn);
259 $this->attrs= array();
260 $this->attrs['objectClass']= array_remove_entries($this->objectclasses,$oc);
262 /* Unset attributes from entry */
263 foreach ($this->attributes as $val){
264 $this->attrs["$val"]= array();
265 }
267 /* Unset account info */
268 $this->is_account= FALSE;
270 /* Do not write in plugin base class, this must be done by
271 children, since there are normally additional attribs,
272 lists, etc. */
273 /*
274 $ldap->modify($this->attrs);
275 */
276 }
279 /* Save data to object */
280 function save_object()
281 {
282 /* Save values to object */
283 foreach ($this->attributes as $val){
284 if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
285 /* Check for modifications */
286 if (get_magic_quotes_gpc()) {
287 $data= stripcslashes($_POST["$val"]);
288 } else {
289 $data= $this->$val = $_POST["$val"];
290 }
291 if ($this->$val != $data){
292 $this->is_modified= TRUE;
293 }
295 /* Okay, how can I explain this fix ...
296 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
297 * So IE posts these 'unselectable' option, with value = chr(194)
298 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
299 * This was added for W3c compliance, but now causes these ... ldap errors ...
300 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
301 */
302 if(isset($data[0]) && $data[0] == chr(194)) {
303 $data = "";
304 }
305 $this->$val= $data;
306 //echo "<font color='blue'>".$val."</font><br>";
307 }else{
308 //echo "<font color='red'>".$val."</font><br>";
309 }
310 }
311 }
314 /* Save data to LDAP, depending on is_account we save or delete */
315 function save()
316 {
317 /* include global link_info */
318 $ldap= $this->config->get_ldap_link();
320 /* Start with empty array */
321 $this->attrs= array();
323 /* Get current objectClasses in order to add the required ones */
324 $ldap->cat($this->dn);
326 $tmp= $ldap->fetch ();
328 $oc= array();
329 if (isset($tmp['objectClass'])){
330 $oc= $tmp["objectClass"];
331 $this->is_new= FALSE;
332 unset($oc['count']);
333 } else {
334 $this->is_new= TRUE;
335 }
337 /* Load (minimum) attributes, add missing ones */
338 $this->attrs['objectClass']= gosa_array_merge($oc,$this->objectclasses);
340 /* Copy standard attributes */
341 foreach ($this->attributes as $val){
342 if ($this->$val != ""){
343 $this->attrs["$val"]= $this->$val;
344 } elseif (!$this->is_new) {
345 $this->attrs["$val"]= array();
346 }
347 }
349 }
352 function cleanup()
353 {
354 foreach ($this->attrs as $index => $value){
356 /* Convert arrays with one element to non arrays, if the saved
357 attributes are no array, too */
358 if (is_array($this->attrs[$index]) &&
359 count ($this->attrs[$index]) == 1 &&
360 isset($this->saved_attributes[$index]) &&
361 !is_array($this->saved_attributes[$index])){
363 $tmp= $this->attrs[$index][0];
364 $this->attrs[$index]= $tmp;
365 }
367 /* Remove emtpy arrays if they do not differ */
368 if (is_array($this->attrs[$index]) &&
369 count($this->attrs[$index]) == 0 &&
370 !isset($this->saved_attributes[$index])){
372 unset ($this->attrs[$index]);
373 continue;
374 }
376 /* Remove single attributes that do not differ */
377 if (!is_array($this->attrs[$index]) &&
378 isset($this->saved_attributes[$index]) &&
379 !is_array($this->saved_attributes[$index]) &&
380 $this->attrs[$index] == $this->saved_attributes[$index]){
382 unset ($this->attrs[$index]);
383 continue;
384 }
386 /* Remove arrays that do not differ */
387 if (is_array($this->attrs[$index]) &&
388 isset($this->saved_attributes[$index]) &&
389 is_array($this->saved_attributes[$index])){
391 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
392 unset ($this->attrs[$index]);
393 continue;
394 }
395 }
396 }
398 /* Update saved attributes and ensure that next cleanups will be successful too */
399 foreach($this->attrs as $name => $value){
400 $this->saved_attributes[$name] = $value;
401 }
402 }
404 /* Check formular input */
405 function check()
406 {
407 $message= array();
409 /* Skip if we've no config object */
410 if (!isset($this->config) || !is_object($this->config)){
411 return $message;
412 }
414 /* Find hooks entries for this class */
415 $command= $this->config->search(get_class($this), "CHECK", array('menu', 'tabs'));
417 if ($command != ""){
419 if (!check_command($command)){
420 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
421 get_class($this));
422 } else {
424 /* Generate "ldif" for check hook */
425 $ldif= "dn: $this->dn\n";
427 /* ... objectClasses */
428 foreach ($this->objectclasses as $oc){
429 $ldif.= "objectClass: $oc\n";
430 }
432 /* ... attributes */
433 foreach ($this->attributes as $attr){
434 if ($this->$attr == ""){
435 continue;
436 }
437 if (is_array($this->$attr)){
438 foreach ($this->$attr as $val){
439 $ldif.= "$attr: $val\n";
440 }
441 } else {
442 $ldif.= "$attr: ".$this->$attr."\n";
443 }
444 }
446 /* Append empty line */
447 $ldif.= "\n";
449 /* Feed "ldif" into hook and retrieve result*/
450 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
451 $fh= proc_open($command, $descriptorspec, $pipes);
452 if (is_resource($fh)) {
453 fwrite ($pipes[0], $ldif);
454 fclose($pipes[0]);
456 $result= stream_get_contents($pipes[1]);
457 if ($result != ""){
458 $message[]= $result;
459 }
461 fclose($pipes[1]);
462 fclose($pipes[2]);
463 proc_close($fh);
464 }
465 }
467 }
469 return ($message);
470 }
472 /* Adapt from template, using 'dn' */
473 function adapt_from_template($dn)
474 {
475 /* Include global link_info */
476 $ldap= $this->config->get_ldap_link();
478 /* Load requested 'dn' to 'attrs' */
479 $ldap->cat ($dn);
480 $this->attrs= $ldap->fetch();
482 /* Walk through attributes */
483 foreach ($this->attributes as $val){
485 if (isset($this->attrs["$val"][0])){
487 /* If attribute is set, replace dynamic parts:
488 %sn, %givenName and %uid. Fill these in our local variables. */
489 $value= $this->attrs["$val"][0];
491 foreach (array("sn", "givenName", "uid") as $repl){
492 if (preg_match("/%$repl/i", $value)){
493 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
494 }
495 }
496 $this->$val= $value;
497 }
498 }
500 /* Is Account? */
501 $found= TRUE;
502 foreach ($this->objectclasses as $obj){
503 if (preg_match('/top/i', $obj)){
504 continue;
505 }
506 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
507 $found= FALSE;
508 break;
509 }
510 }
511 if ($found){
512 $this->is_account= TRUE;
513 }
514 }
516 /* Indicate whether a password change is needed or not */
517 function password_change_needed()
518 {
519 return FALSE;
520 }
523 /* Show header message for tab dialogs */
524 function show_enable_header($button_text, $text, $disabled= FALSE)
525 {
526 if (($disabled == TRUE) || (!$this->acl_is_createable())){
527 $state= "disabled";
528 } else {
529 $state= "";
530 }
531 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
532 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
533 "><p class=\"seperator\"> </p></td></tr></table>";
535 return($display);
536 }
539 /* Show header message for tab dialogs */
540 function show_disable_header($button_text, $text, $disabled= FALSE)
541 {
542 if (($disabled == TRUE) || !$this->acl_is_removeable()){
543 $state= "disabled";
544 } else {
545 $state= "";
546 }
547 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
548 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
549 "><p class=\"seperator\"> </p></td></tr></table>";
551 return($display);
552 }
555 /* Show header message for tab dialogs */
556 function show_header($button_text, $text, $disabled= FALSE)
557 {
558 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
559 if ($disabled == TRUE){
560 $state= "disabled";
561 } else {
562 $state= "";
563 }
564 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
565 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
566 ($this->acl_is_createable()?'':'disabled')." ".$state.
567 "><p class=\"seperator\"> </p></td></tr></table>";
569 return($display);
570 }
573 function postcreate($add_attrs= array())
574 {
575 /* Find postcreate entries for this class */
576 $command= $this->config->search(get_class($this), "POSTCREATE",array('menu', 'tabs'));
578 if ($command != ""){
580 /* Additional attributes */
581 foreach ($add_attrs as $name => $value){
582 $command= preg_replace("/%$name/", $value, $command);
583 }
585 /* Walk through attribute list */
586 foreach ($this->attributes as $attr){
587 if (!is_array($this->$attr)){
588 $command= preg_replace("/%$attr/", $this->$attr, $command);
589 }
590 }
591 $command= preg_replace("/%dn/", $this->dn, $command);
593 if (check_command($command)){
594 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
595 $command, "Execute");
597 exec($command);
598 } else {
599 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
600 print_red ($message);
601 }
602 }
603 }
605 function postmodify($add_attrs= array())
606 {
607 /* Find postcreate entries for this class */
608 $command= $this->config->search(get_class($this), "POSTMODIFY",array('menu','tabs'));
610 if ($command != ""){
612 /* Additional attributes */
613 foreach ($add_attrs as $name => $value){
614 $command= preg_replace("/%$name/", $value, $command);
615 }
617 /* Walk through attribute list */
618 foreach ($this->attributes as $attr){
619 if (!is_array($this->$attr)){
620 $command= preg_replace("/%$attr/", $this->$attr, $command);
621 }
622 }
623 $command= preg_replace("/%dn/", $this->dn, $command);
625 if (check_command($command)){
626 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
627 $command, "Execute");
629 exec($command);
630 } else {
631 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
632 print_red ($message);
633 }
634 }
635 }
637 function postremove($add_attrs= array())
638 {
639 /* Find postremove entries for this class */
640 $command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs'));
641 if ($command != ""){
643 /* Additional attributes */
644 foreach ($add_attrs as $name => $value){
645 $command= preg_replace("/%$name/", $value, $command);
646 }
648 /* Walk through attribute list */
649 foreach ($this->attributes as $attr){
650 if (!is_array($this->$attr)){
651 $command= preg_replace("/%$attr/", $this->$attr, $command);
652 }
653 }
654 $command= preg_replace("/%dn/", $this->dn, $command);
656 /* Additional attributes */
657 foreach ($add_attrs as $name => $value){
658 $command= preg_replace("/%$name/", $value, $command);
659 }
661 if (check_command($command)){
662 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
663 $command, "Execute");
665 exec($command);
666 } else {
667 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
668 print_red ($message);
669 }
670 }
671 }
673 /* Create unique DN */
674 function create_unique_dn($attribute, $base)
675 {
676 $ldap= $this->config->get_ldap_link();
677 $base= preg_replace("/^,*/", "", $base);
679 /* Try to use plain entry first */
680 $dn= "$attribute=".$this->$attribute.",$base";
681 $ldap->cat ($dn, array('dn'));
682 if (!$ldap->fetch()){
683 return ($dn);
684 }
686 /* Look for additional attributes */
687 foreach ($this->attributes as $attr){
688 if ($attr == $attribute || $this->$attr == ""){
689 continue;
690 }
692 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
693 $ldap->cat ($dn, array('dn'));
694 if (!$ldap->fetch()){
695 return ($dn);
696 }
697 }
699 /* None found */
700 return ("none");
701 }
703 function rebind($ldap, $referral)
704 {
705 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
706 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
707 $this->error = "Success";
708 $this->hascon=true;
709 $this->reconnect= true;
710 return (0);
711 } else {
712 $this->error = "Could not bind to " . $credentials['ADMIN'];
713 return NULL;
714 }
715 }
717 /* This is a workaround function. */
718 function copy($src_dn, $dst_dn)
719 {
720 /* Rename dn in possible object groups */
721 $ldap= $this->config->get_ldap_link();
722 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
723 array('cn'));
724 while ($attrs= $ldap->fetch()){
725 $og= new ogroup($this->config, $ldap->getDN());
726 unset($og->member[$src_dn]);
727 $og->member[$dst_dn]= $dst_dn;
728 $og->save ();
729 }
731 $ldap->cat($dst_dn);
732 $attrs= $ldap->fetch();
733 if (count($attrs)){
734 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
735 E_USER_WARNING);
736 return (FALSE);
737 }
739 $ldap->cat($src_dn);
740 $attrs= $ldap->fetch();
741 if (!count($attrs)){
742 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
743 E_USER_WARNING);
744 return (FALSE);
745 }
747 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
748 $ds= ldap_connect($this->config->current['SERVER']);
749 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
750 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
751 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
752 }
754 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
755 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
757 /* Fill data from LDAP */
758 $new= array();
759 if ($sr) {
760 $ei=ldap_first_entry($ds, $sr);
761 if ($ei) {
762 foreach($attrs as $attr => $val){
763 if ($info = @ldap_get_values_len($ds, $ei, $attr)){
764 for ($i= 0; $i<$info['count']; $i++){
765 if ($info['count'] == 1){
766 $new[$attr]= $info[$i];
767 } else {
768 $new[$attr][]= $info[$i];
769 }
770 }
771 }
772 }
773 }
774 }
776 /* close conncetion */
777 ldap_unbind($ds);
779 /* Adapt naming attribute */
780 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
781 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
782 $new[$dst_name]= @LDAP::fix($dst_val);
784 /* Check if this is a department.
785 * If it is a dep. && there is a , override in his ou
786 * change \2C to , again, else this entry can't be saved ...
787 */
788 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
789 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
790 }
792 /* Save copy */
793 $ldap->connect();
794 $ldap->cd($this->config->current['BASE']);
796 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
798 /* FAIvariable=.../..., cn=..
799 could not be saved, because the attribute FAIvariable was different to
800 the dn FAIvariable=..., cn=... */
801 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
802 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
803 }
804 $ldap->cd($dst_dn);
805 $ldap->add($new);
807 if ($ldap->error != "Success"){
808 trigger_error("Trying to save $dst_dn failed.",
809 E_USER_WARNING);
810 return(FALSE);
811 }
813 return (TRUE);
814 }
817 function move($src_dn, $dst_dn)
818 {
819 /* Copy source to destination */
820 if (!$this->copy($src_dn, $dst_dn)){
821 return (FALSE);
822 }
824 /* Delete source */
825 $ldap= $this->config->get_ldap_link();
826 $ldap->rmdir($src_dn);
827 if ($ldap->error != "Success"){
828 trigger_error("Trying to delete $src_dn failed.",
829 E_USER_WARNING);
830 return (FALSE);
831 }
833 return (TRUE);
834 }
837 /* Move/Rename complete trees */
838 function recursive_move($src_dn, $dst_dn)
839 {
840 /* Check if the destination entry exists */
841 $ldap= $this->config->get_ldap_link();
843 /* Check if destination exists - abort */
844 $ldap->cat($dst_dn, array('dn'));
845 if ($ldap->fetch()){
846 trigger_error("recursive_move $dst_dn already exists.",
847 E_USER_WARNING);
848 return (FALSE);
849 }
851 /* Perform a search for all objects to be moved */
852 $objects= array();
853 $ldap->cd($src_dn);
854 $ldap->search("(objectClass=*)", array("dn"));
855 while($attrs= $ldap->fetch()){
856 $dn= $attrs['dn'];
857 $objects[$dn]= strlen($dn);
858 }
860 /* Sort objects by indent level */
861 asort($objects);
862 reset($objects);
864 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
865 foreach ($objects as $object => $len){
866 $src= $object;
867 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
868 if (!$this->copy($src, $dst)){
869 return (FALSE);
870 }
871 }
873 /* Remove src_dn */
874 $ldap->cd($src_dn);
875 $ldap->recursive_remove();
876 return (TRUE);
877 }
880 function handle_post_events($mode, $add_attrs= array())
881 {
882 switch ($mode){
883 case "add":
884 $this->postcreate($add_attrs);
885 break;
887 case "modify":
888 $this->postmodify($add_attrs);
889 break;
891 case "remove":
892 $this->postremove($add_attrs);
893 break;
894 }
895 }
898 function saveCopyDialog(){
899 }
902 function getCopyDialog(){
903 return(array("string"=>"","status"=>""));
904 }
907 function PrepareForCopyPaste($source)
908 {
909 $todo = $this->attributes;
910 if(isset($this->CopyPasteVars)){
911 $todo = array_merge($todo,$this->CopyPasteVars);
912 }
914 if(count($this->objectclasses)){
915 $this->is_account = TRUE;
916 foreach($this->objectclasses as $class){
917 if(!in_array($class,$source['objectClass'])){
918 $this->is_account = FALSE;
919 }
920 }
921 }
923 foreach($todo as $var){
924 if (isset($source[$var])){
925 if(isset($source[$var]['count'])){
926 if($source[$var]['count'] > 1){
927 $this->$var = array();
928 $tmp = array();
929 for($i = 0 ; $i < $source[$var]['count']; $i++){
930 $tmp = $source[$var][$i];
931 }
932 $this->$var = $tmp;
933 # echo $var."=".$tmp."<br>";
934 }else{
935 $this->$var = $source[$var][0];
936 # echo $var."=".$source[$var][0]."<br>";
937 }
938 }else{
939 $this->$var= $source[$var];
940 # echo $var."=".$source[$var]."<br>";
941 }
942 }
943 }
944 }
947 function handle_object_tagging($dn= "", $tag= "", $show= false)
948 {
949 //FIXME: How to optimize this? We have at least two
950 // LDAP accesses per object. It would be a good
951 // idea to have it integrated.
953 /* No dn? Self-operation... */
954 if ($dn == ""){
955 $dn= $this->dn;
957 /* No tag? Find it yourself... */
958 if ($tag == ""){
959 $len= strlen($dn);
961 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
962 $relevant= array();
963 foreach ($this->config->adepartments as $key => $ntag){
965 /* This one is bigger than our dn, its not relevant... */
966 if ($len <= strlen($key)){
967 continue;
968 }
970 /* This one matches with the latter part. Break and don't fix this entry */
971 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
972 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
973 $relevant[strlen($key)]= $ntag;
974 continue;
975 }
977 }
979 /* If we've some relevant tags to set, just get the longest one */
980 if (count($relevant)){
981 ksort($relevant);
982 $tmp= array_keys($relevant);
983 $idx= end($tmp);
984 $tag= $relevant[$idx];
985 $this->gosaUnitTag= $tag;
986 }
987 }
988 }
991 /* Set tag? */
992 if ($tag != ""){
993 /* Set objectclass and attribute */
994 $ldap= $this->config->get_ldap_link();
995 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
996 $attrs= $ldap->fetch();
997 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
998 if ($show) {
999 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
1000 flush();
1001 }
1002 return;
1003 }
1004 if (count($attrs)){
1005 if ($show){
1006 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
1007 flush();
1008 }
1009 $nattrs= array("gosaUnitTag" => $tag);
1010 $nattrs['objectClass']= array();
1011 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1012 $oc= $attrs['objectClass'][$i];
1013 if ($oc != "gosaAdministrativeUnitTag"){
1014 $nattrs['objectClass'][]= $oc;
1015 }
1016 }
1017 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
1018 $ldap->cd($dn);
1019 $ldap->modify($nattrs);
1020 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1021 } else {
1022 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
1023 }
1025 } else {
1026 /* Remove objectclass and attribute */
1027 $ldap= $this->config->get_ldap_link();
1028 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1029 $attrs= $ldap->fetch();
1030 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
1031 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
1032 return;
1033 }
1034 if (count($attrs)){
1035 if ($show){
1036 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1037 flush();
1038 }
1039 $nattrs= array("gosaUnitTag" => array());
1040 $nattrs['objectClass']= array();
1041 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1042 $oc= $attrs['objectClass'][$i];
1043 if ($oc != "gosaAdministrativeUnitTag"){
1044 $nattrs['objectClass'][]= $oc;
1045 }
1046 }
1047 $ldap->cd($dn);
1048 $ldap->modify($nattrs);
1049 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1050 } else {
1051 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1052 }
1053 }
1055 }
1058 /* Add possibility to stop remove process */
1059 function allow_remove()
1060 {
1061 $reason= "";
1062 return $reason;
1063 }
1066 /* Create a snapshot of the current object */
1067 function create_snapshot($type= "snapshot", $description= array())
1068 {
1070 /* Check if snapshot functionality is enabled */
1071 if(!$this->snapshotEnabled()){
1072 return;
1073 }
1075 /* Get configuration from gosa.conf */
1076 $tmp = $this->config->current;
1078 /* Create lokal ldap connection */
1079 $ldap= $this->config->get_ldap_link();
1080 $ldap->cd($this->config->current['BASE']);
1082 /* check if there are special server configurations for snapshots */
1083 if(!isset($tmp['SNAPSHOT_SERVER'])){
1085 /* Source and destination server are both the same, just copy source to dest obj */
1086 $ldap_to = $ldap;
1087 $snapldapbase = $this->config->current['BASE'];
1089 }else{
1090 $server = $tmp['SNAPSHOT_SERVER'];
1091 $user = $tmp['SNAPSHOT_USER'];
1092 $password = $tmp['SNAPSHOT_PASSWORD'];
1093 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1095 $ldap_to = new LDAP($user,$password, $server);
1096 $ldap_to -> cd($snapldapbase);
1097 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1098 }
1100 /* check if the dn exists */
1101 if ($ldap->dn_exists($this->dn)){
1103 /* Extract seconds & mysecs, they are used as entry index */
1104 list($usec, $sec)= explode(" ", microtime());
1106 /* Collect some infos */
1107 $base = $this->config->current['BASE'];
1108 $snap_base = $tmp['SNAPSHOT_BASE'];
1109 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1110 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1112 /* Create object */
1113 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1114 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1115 $newName = preg_replace("/\./", "", $sec."-".$usec);
1116 $target= array();
1117 $target['objectClass'] = array("top", "gosaSnapshotObject");
1118 $target['gosaSnapshotData'] = gzcompress($data, 6);
1119 $target['gosaSnapshotType'] = $type;
1120 $target['gosaSnapshotDN'] = $this->dn;
1121 $target['description'] = $description;
1122 $target['gosaSnapshotTimestamp'] = $newName;
1124 /* Insert the new snapshot
1125 But we have to check first, if the given gosaSnapshotTimestamp
1126 is already used, in this case we should increment this value till there is
1127 an unused value. */
1128 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1129 $ldap_to->cat($new_dn);
1130 while($ldap_to->count()){
1131 $ldap_to->cat($new_dn);
1132 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1133 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1134 $target['gosaSnapshotTimestamp'] = $newName;
1135 }
1137 /* Inset this new snapshot */
1138 $ldap_to->cd($snapldapbase);
1139 $ldap_to->create_missing_trees($new_base);
1140 $ldap_to->cd($new_dn);
1141 $ldap_to->add($target);
1143 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1144 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1145 }
1146 }
1148 function remove_snapshot($dn)
1149 {
1150 $ui = get_userinfo();
1151 $old_dn = $this->dn;
1152 $this->dn = $dn;
1153 $ldap = $this->config->get_ldap_link();
1154 $ldap->cd($this->config->current['BASE']);
1155 $ldap->rmdir_recursive($dn);
1156 $this->dn = $old_dn;
1157 }
1160 /* returns true if snapshots are enabled, and false if it is disalbed
1161 There will also be some errors psoted, if the configuration failed */
1162 function snapshotEnabled()
1163 {
1164 $tmp = $this->config->current;
1165 if(isset($tmp['ENABLE_SNAPSHOT'])){
1166 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1168 /* Check if the snapshot_base is defined */
1169 if(!isset($tmp['SNAPSHOT_BASE'])){
1170 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),"SNAPSHOT_BASE"));
1171 return(FALSE);
1172 }
1174 /* check if there are special server configurations for snapshots */
1175 if(isset($tmp['SNAPSHOT_SERVER'])){
1177 /* check if all required vars are available to create a new ldap connection */
1178 $missing = "";
1179 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){
1180 if(!isset($tmp[$var])){
1181 $missing .= $var." ";
1182 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1183 return(FALSE);
1184 }
1185 }
1186 }
1187 return(TRUE);
1188 }
1189 }
1190 return(FALSE);
1191 }
1194 /* Return available snapshots for the given base
1195 */
1196 function Available_SnapsShots($dn,$raw = false)
1197 {
1198 if(!$this->snapshotEnabled()) return(array());
1200 /* Create an additional ldap object which
1201 points to our ldap snapshot server */
1202 $ldap= $this->config->get_ldap_link();
1203 $ldap->cd($this->config->current['BASE']);
1204 $cfg= &$this->config->current;
1206 /* check if there are special server configurations for snapshots */
1207 if(isset($cfg['SNAPSHOT_SERVER'])){
1208 $server = $cfg['SNAPSHOT_SERVER'];
1209 $user = $cfg['SNAPSHOT_USER'];
1210 $password = $cfg['SNAPSHOT_PASSWORD'];
1211 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1212 $ldap_to = new LDAP($user,$password, $server);
1213 $ldap_to -> cd ($snapldapbase);
1214 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1215 }else{
1216 $ldap_to = $ldap;
1217 }
1219 /* Prepare bases and some other infos */
1220 $base = $this->config->current['BASE'];
1221 $snap_base = $cfg['SNAPSHOT_BASE'];
1222 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1223 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1224 $tmp = array();
1226 /* Fetch all objects with gosaSnapshotDN=$dn */
1227 $ldap_to->cd($new_base);
1228 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1229 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1231 /* Put results into a list and add description if missing */
1232 while($entry = $ldap_to->fetch()){
1233 if(!isset($entry['description'][0])){
1234 $entry['description'][0] = "";
1235 }
1236 $tmp[] = $entry;
1237 }
1239 /* Return the raw array, or format the result */
1240 if($raw){
1241 return($tmp);
1242 }else{
1243 $tmp2 = array();
1244 foreach($tmp as $entry){
1245 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1246 }
1247 }
1248 return($tmp2);
1249 }
1252 function getAllDeletedSnapshots($base_of_object,$raw = false)
1253 {
1254 if(!$this->snapshotEnabled()) return(array());
1256 /* Create an additional ldap object which
1257 points to our ldap snapshot server */
1258 $ldap= $this->config->get_ldap_link();
1259 $ldap->cd($this->config->current['BASE']);
1260 $cfg= &$this->config->current;
1262 /* check if there are special server configurations for snapshots */
1263 if(isset($cfg['SNAPSHOT_SERVER'])){
1264 $server = $cfg['SNAPSHOT_SERVER'];
1265 $user = $cfg['SNAPSHOT_USER'];
1266 $password = $cfg['SNAPSHOT_PASSWORD'];
1267 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1268 $ldap_to = new LDAP($user,$password, $server);
1269 $ldap_to->cd ($snapldapbase);
1270 show_ldap_error($ldap_to->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1271 }else{
1272 $ldap_to = $ldap;
1273 }
1275 /* Prepare bases */
1276 $base = $this->config->current['BASE'];
1277 $snap_base = $cfg['SNAPSHOT_BASE'];
1278 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1280 /* Fetch all objects and check if they do not exist anymore */
1281 $ui = get_userinfo();
1282 $tmp = array();
1283 $ldap_to->cd($new_base);
1284 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1285 while($entry = $ldap_to->fetch()){
1287 $chk = str_replace($new_base,"",$entry['dn']);
1288 if(preg_match("/,ou=/",$chk)) continue;
1290 if(!isset($entry['description'][0])){
1291 $entry['description'][0] = "";
1292 }
1293 $tmp[] = $entry;
1294 }
1296 /* Check if entry still exists */
1297 foreach($tmp as $key => $entry){
1298 $ldap->cat($entry['gosaSnapshotDN'][0]);
1299 if($ldap->count()){
1300 unset($tmp[$key]);
1301 }
1302 }
1304 /* Format result as requested */
1305 if($raw) {
1306 return($tmp);
1307 }else{
1308 $tmp2 = array();
1309 foreach($tmp as $key => $entry){
1310 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1311 }
1312 }
1313 return($tmp2);
1314 }
1317 /* Restore selected snapshot */
1318 function restore_snapshot($dn)
1319 {
1320 if(!$this->snapshotEnabled()) return(array());
1322 $ldap= $this->config->get_ldap_link();
1323 $ldap->cd($this->config->current['BASE']);
1324 $cfg= &$this->config->current;
1326 /* check if there are special server configurations for snapshots */
1327 if(isset($cfg['SNAPSHOT_SERVER'])){
1328 $server = $cfg['SNAPSHOT_SERVER'];
1329 $user = $cfg['SNAPSHOT_USER'];
1330 $password = $cfg['SNAPSHOT_PASSWORD'];
1331 $snapldapbase = $cfg['SNAPSHOT_BASE'];
1332 $ldap_to = new LDAP($user,$password, $server);
1333 $ldap_to->cd ($snapldapbase);
1334 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1335 }else{
1336 $ldap_to = $ldap;
1337 }
1339 /* Get the snapshot */
1340 $ldap_to->cat($dn);
1341 $restoreObject = $ldap_to->fetch();
1343 /* Prepare import string */
1344 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1346 /* Import the given data */
1347 $ldap->import_complete_ldif($data,$err,false,false);
1348 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1349 }
1352 function showSnapshotDialog($base,$baseSuffixe)
1353 {
1354 $once = true;
1355 foreach($_POST as $name => $value){
1357 /* Create a new snapshot, display a dialog */
1358 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1359 $once = false;
1360 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1361 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1362 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1363 }
1365 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1366 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1367 $once = false;
1368 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1369 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1370 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1371 $this->snapDialog->display_restore_dialog = true;
1372 }
1374 /* Restore one of the already deleted objects */
1375 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1376 $once = false;
1377 $this->snapDialog = new SnapShotDialog($this->config,"",$this);
1378 $this->snapDialog->set_snapshot_bases($baseSuffixe);
1379 $this->snapDialog->display_restore_dialog = true;
1380 $this->snapDialog->display_all_removed_objects = true;
1381 }
1383 /* Restore selected snapshot */
1384 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1385 $once = false;
1386 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1387 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1388 if(!empty($entry)){
1389 $this->restore_snapshot($entry);
1390 $this->snapDialog = NULL;
1391 }
1392 }
1393 }
1395 /* Create a new snapshot requested, check
1396 the given attributes and create the snapshot*/
1397 if(isset($_POST['CreateSnapshot'])){
1398 $this->snapDialog->save_object();
1399 $msgs = $this->snapDialog->check();
1400 if(count($msgs)){
1401 foreach($msgs as $msg){
1402 print_red($msg);
1403 }
1404 }else{
1405 $this->dn = $this->snapDialog->dn;
1406 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1407 $this->snapDialog = NULL;
1408 }
1409 }
1411 /* Restore is requested, restore the object with the posted dn .*/
1412 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1413 }
1415 if(isset($_POST['CancelSnapshot'])){
1416 $this->snapDialog = NULL;
1417 }
1419 if(is_object($this->snapDialog )){
1420 $this->snapDialog->save_object();
1421 return($this->snapDialog->execute());
1422 }
1423 }
1426 function plInfo()
1427 {
1428 return array();
1429 }
1432 function set_acl_base($base)
1433 {
1434 $this->acl_base= $base;
1435 }
1438 function set_acl_category($category)
1439 {
1440 $this->acl_category= "$category/";
1441 }
1444 function acl_is_writeable($attribute,$skip_write = FALSE)
1445 {
1446 $ui= get_userinfo();
1447 return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
1448 }
1451 function acl_is_readable($attribute)
1452 {
1453 $ui= get_userinfo();
1454 return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
1455 }
1458 function acl_is_createable()
1459 {
1460 $ui= get_userinfo();
1461 return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1462 }
1465 function acl_is_removeable()
1466 {
1467 $ui= get_userinfo();
1468 return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1469 }
1472 function acl_is_moveable()
1473 {
1474 $ui= get_userinfo();
1475 return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1476 }
1479 function acl_have_any_permissions()
1480 {
1481 }
1484 function getacl($attribute,$skip_write= FALSE)
1485 {
1486 $ui= get_userinfo();
1487 return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
1488 }
1490 /* Get all allowed bases to move an object to or to create a new object.
1491 Idepartments also contains all base departments which lead to the allowed bases */
1492 function get_allowed_bases($category = "")
1493 {
1494 $ui = get_userinfo();
1495 $deps = array();
1497 /* Set category */
1498 if(empty($category)){
1499 $category = $this->acl_category.get_class($this);
1500 }
1502 /* Is this a new object ? Or just an edited existing object */
1503 if(!$this->initially_was_account && $this->is_account){
1504 $new = true;
1505 }else{
1506 $new = false;
1507 }
1509 $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
1510 foreach($this->config->idepartments as $dn => $name){
1512 if(!in_array_ics($dn,$cat_bases)){
1513 continue;
1514 }
1516 $acl = $ui->get_permissions($dn,$category);
1517 if($new && preg_match("/c/",$acl)){
1518 $deps[$dn] = $name;
1519 }elseif(!$new && preg_match("/m/",$acl)){
1520 $deps[$dn] = $name;
1521 }
1522 }
1524 /* Add current base */
1525 if(isset($this->base) && isset($this->config->idepartments[$this->base])){
1526 $deps[$this->base] = $this->config->idepartments[$this->base];
1527 }else{
1528 echo "No default base found. ".$this->base."<br> ";
1529 }
1531 return($deps);
1532 }
1534 /* This function modifies object acls too, if an object is moved.
1535 * $old_dn specifies the actually used dn
1536 * $new_dn specifies the destiantion dn
1537 */
1538 function update_acls($old_dn,$new_dn,$output_changes = FALSE)
1539 {
1540 /* Check if old_dn is empty. This should never happen */
1541 if(empty($old_dn) || empty($new_dn)){
1542 trigger_error("Failed to check acl dependencies, wrong dn given.");
1543 return;
1544 }
1546 /* Update userinfo if necessary */
1547 if($_SESSION['ui']->dn == $old_dn){
1548 $_SESSION['ui']->dn = $new_dn;
1549 new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
1550 }
1552 /* Object was moved, ensure that all acls will be moved too */
1553 if($new_dn != $old_dn && $old_dn != "new"){
1555 /* get_ldap configuration */
1556 $update = array();
1557 $ldap = $this->config->get_ldap_link();
1558 $ldap->cd ($this->config->current['BASE']);
1559 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
1560 while($attrs = $ldap->fetch()){
1562 $acls = array();
1564 /* Walk through acls */
1565 for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
1567 /* Reset vars */
1568 $found = false;
1570 /* Get Acl parts */
1571 $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
1573 /* Get every single member for this acl */
1574 $members = array();
1575 if(preg_match("/,/",$acl_parts[2])){
1576 $members = split(",",$acl_parts[2]);
1577 }else{
1578 $members = array($acl_parts[2]);
1579 }
1581 /* Check if member match current dn */
1582 foreach($members as $key => $member){
1583 $member = base64_decode($member);
1584 if($member == $old_dn){
1585 $found = true;
1586 $members[$key] = base64_encode($new_dn);
1587 }
1588 }
1590 /* Create new member string */
1591 $new_members = "";
1592 foreach($members as $member){
1593 $new_members .= $member.",";
1594 }
1595 $new_members = preg_replace("/,$/","",$new_members);
1596 $acl_parts[2] = $new_members;
1598 /* Reconstruckt acl entry */
1599 $acl_str ="";
1600 foreach($acl_parts as $t){
1601 $acl_str .= $t.":";
1602 }
1603 $acl_str = preg_replace("/:$/","",$acl_str);
1604 }
1606 /* Acls for this object must be adjusted */
1607 if($found){
1609 if($output_changes){
1610 echo "<font color='green'>".
1611 _("Changing ACL dn")." : <br> -"._("from")." <b> ".
1612 $old_dn.
1613 "</b><br> -"._("to")." <b>".
1614 $new_dn.
1615 "</b></font><br>";
1616 }
1617 $update[$attrs['dn']] =array();
1618 foreach($acls as $acl){
1619 $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
1620 }
1621 }
1622 }
1624 /* Write updated acls */
1625 foreach($update as $dn => $attrs){
1626 $ldap->cd($dn);
1627 $ldap->modify($attrs);
1628 }
1629 }
1630 }
1631 }
1632 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1633 ?>