![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
21 /*! \brief The plugin base class
22 \author Cajus Pollmeier <pollmeier@gonicus.de>
23 \version 2.00
24 \date 24.07.2003
26 This is the base class for all plugins. It can be used standalone or
27 can be included by the tabs class. All management should be done
28 within this class. Extend your plugins from this class.
29 */
31 class plugin
32 {
33 /*!
34 \brief Reference to parent object
36 This variable is used when the plugin is included in tabs
37 and keeps reference to the tab class. Communication to other
38 tabs is possible by 'name'. So the 'fax' plugin can ask the
39 'userinfo' plugin for the fax number.
41 \sa tab
42 */
43 var $parent= NULL;
45 /*!
46 \brief Configuration container
48 Access to global configuration
49 */
50 var $config= NULL;
52 /*!
53 \brief Mark plugin as account
55 Defines whether this plugin is defined as an account or not.
56 This has consequences for the plugin to be saved from tab
57 mode. If it is set to 'FALSE' the tab will call the delete
58 function, else the save function. Should be set to 'TRUE' if
59 the construtor detects a valid LDAP object.
61 \sa plugin::plugin()
62 */
63 var $is_account= FALSE;
64 var $initially_was_account= FALSE;
66 /*!
67 \brief Mark plugin as template
69 Defines whether we are creating a template or a normal object.
70 Has conseqences on the way execute() shows the formular and how
71 save() puts the data to LDAP.
73 \sa plugin::save() plugin::execute()
74 */
75 var $is_template= FALSE;
76 var $ignore_account= FALSE;
77 var $is_modified= FALSE;
79 /*!
80 \brief Represent temporary LDAP data
82 This is only used internally.
83 */
84 var $attrs= array();
86 /* Keep set of conflicting plugins */
87 var $conflicts= array();
89 /* Save unit tags */
90 var $gosaUnitTag= "";
92 /*!
93 \brief Used standard values
95 dn
96 */
97 var $dn= "";
98 var $uid= "";
99 var $sn= "";
100 var $givenName= "";
101 var $acl= "*none*";
102 var $dialog= FALSE;
103 var $snapDialog = NULL;
105 /* attribute list for save action */
106 var $attributes= array();
107 var $objectclasses= array();
108 var $is_new= TRUE;
109 var $saved_attributes= array();
111 var $acl_base= "";
112 var $acl_category= "";
114 /* Plugin identifier */
115 var $plHeadline= "";
116 var $plDescription= "";
118 /* This can be set to render the tabulators in another stylesheet */
119 var $pl_notify= FALSE;
121 /*! \brief plugin constructor
123 If 'dn' is set, the node loads the given 'dn' from LDAP
125 \param dn Distinguished name to initialize plugin from
126 \sa plugin()
127 */
128 function plugin ($config, $dn= NULL, $parent= NULL)
129 {
130 /* Configuration is fine, allways */
131 $this->config= $config;
132 $this->dn= $dn;
134 /* Handle new accounts, don't read information from LDAP */
135 if ($dn == "new"){
136 return;
137 }
139 /* Save current dn as acl_base */
140 $this->acl_base= $dn;
142 /* Get LDAP descriptor */
143 $ldap= $this->config->get_ldap_link();
144 if ($dn != NULL){
146 /* Load data to 'attrs' and save 'dn' */
147 if ($parent != NULL){
148 $this->attrs= $parent->attrs;
149 } else {
150 $ldap->cat ($dn);
151 $this->attrs= $ldap->fetch();
152 }
154 /* Copy needed attributes */
155 foreach ($this->attributes as $val){
156 $found= array_key_ics($val, $this->attrs);
157 if ($found != ""){
158 $this->$val= $this->attrs["$found"][0];
159 }
160 }
162 /* gosaUnitTag loading... */
163 if (isset($this->attrs['gosaUnitTag'][0])){
164 $this->gosaUnitTag= $this->attrs['gosaUnitTag'][0];
165 }
167 /* Set the template flag according to the existence of objectClass
168 gosaUserTemplate */
169 if (isset($this->attrs['objectClass'])){
170 if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
171 $this->is_template= TRUE;
172 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
173 "found", "Template check");
174 }
175 }
177 /* Is Account? */
178 error_reporting(0);
179 $found= TRUE;
180 foreach ($this->objectclasses as $obj){
181 if (preg_match('/top/i', $obj)){
182 continue;
183 }
184 if (!isset($this->attrs['objectClass']) || !in_array_ics ($obj, $this->attrs['objectClass'])){
185 $found= FALSE;
186 break;
187 }
188 }
189 error_reporting(E_ALL | E_STRICT);
190 if ($found){
191 $this->is_account= TRUE;
192 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
193 "found", "Object check");
194 }
196 /* Prepare saved attributes */
197 $this->saved_attributes= $this->attrs;
198 foreach ($this->saved_attributes as $index => $value){
199 if (preg_match('/^[0-9]+$/', $index)){
200 unset($this->saved_attributes[$index]);
201 continue;
202 }
203 if (!in_array($index, $this->attributes) && $index != "objectClass"){
204 unset($this->saved_attributes[$index]);
205 continue;
206 }
207 if ($this->saved_attributes[$index]["count"] == 1){
208 $tmp= $this->saved_attributes[$index][0];
209 unset($this->saved_attributes[$index]);
210 $this->saved_attributes[$index]= $tmp;
211 continue;
212 }
214 unset($this->saved_attributes["$index"]["count"]);
215 }
216 }
218 /* Save initial account state */
219 $this->initially_was_account= $this->is_account;
220 }
222 /*! \brief execute plugin
224 Generates the html output for this node
225 */
226 function execute()
227 {
228 /* This one is empty currently. Fabian - please fill in the docu code */
229 $_SESSION['current_class_for_help'] = get_class($this);
231 /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
232 $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
233 }
235 /*! \brief execute plugin
236 Removes object from parent
237 */
238 function remove_from_parent()
239 {
240 /* include global link_info */
241 $ldap= $this->config->get_ldap_link();
243 /* Get current objectClasses in order to add the required ones */
244 $ldap->cat($this->dn);
245 $tmp= $ldap->fetch ();
246 if (isset($tmp['objectClass'])){
247 $oc= $tmp['objectClass'];
248 } else {
249 $oc= array("count" => 0);
250 }
252 /* Remove objectClasses from entry */
253 $ldap->cd($this->dn);
254 $this->attrs= array();
255 $this->attrs['objectClass']= array();
256 for ($i= 0; $i<$oc["count"]; $i++){
257 if (!in_array_ics($oc[$i], $this->objectclasses)){
258 $this->attrs['objectClass'][]= $oc[$i];
259 }
260 }
262 /* Unset attributes from entry */
263 foreach ($this->attributes as $val){
264 $this->attrs["$val"]= array();
265 }
267 /* Unset account info */
268 $this->is_account= FALSE;
270 /* Do not write in plugin base class, this must be done by
271 children, since there are normally additional attribs,
272 lists, etc. */
273 /*
274 $ldap->modify($this->attrs);
275 */
276 }
279 /* Save data to object */
280 function save_object()
281 {
282 /* Save values to object */
283 foreach ($this->attributes as $val){
284 if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
285 /* Check for modifications */
286 if (get_magic_quotes_gpc()) {
287 $data= stripcslashes($_POST["$val"]);
288 } else {
289 $data= $this->$val = $_POST["$val"];
290 }
291 if ($this->$val != $data){
292 $this->is_modified= TRUE;
293 }
295 /* Okay, how can I explain this fix ...
296 * In firefox, disabled option fields aren't selectable ... but in IE you can select these fileds.
297 * So IE posts these 'unselectable' option, with value = chr(194)
298 * chr(194) seems to be the in between the ...option> </option.. because there is no value=".." specified in these option fields
299 * This was added for W3c compliance, but now causes these ... ldap errors ...
300 * So we set these Fields to ""; a normal empty string, and we can check these values in plugin::check() again ...
301 */
302 if(isset($data[0]) && $data[0] == chr(194)) {
303 $data = "";
304 }
305 $this->$val= $data;
306 //echo "<font color='blue'>".$val."</font><br>";
307 }else{
308 //echo "<font color='red'>".$val."</font><br>";
309 }
310 }
311 }
314 /* Save data to LDAP, depending on is_account we save or delete */
315 function save()
316 {
317 /* include global link_info */
318 $ldap= $this->config->get_ldap_link();
320 /* Start with empty array */
321 $this->attrs= array();
323 /* Get current objectClasses in order to add the required ones */
324 $ldap->cat($this->dn);
326 $tmp= $ldap->fetch ();
328 if (isset($tmp['objectClass'])){
329 $oc= $tmp["objectClass"];
330 $this->is_new= FALSE;
331 } else {
332 $oc= array("count" => 0);
333 $this->is_new= TRUE;
334 }
336 /* Load (minimum) attributes, add missing ones */
337 $this->attrs['objectClass']= $this->objectclasses;
338 for ($i= 0; $i<$oc["count"]; $i++){
339 if (!in_array_ics($oc[$i], $this->objectclasses)){
340 $this->attrs['objectClass'][]= $oc[$i];
341 }
342 }
344 /* Copy standard attributes */
345 foreach ($this->attributes as $val){
346 if ($this->$val != ""){
347 $this->attrs["$val"]= $this->$val;
348 } elseif (!$this->is_new) {
349 $this->attrs["$val"]= array();
350 }
351 }
353 }
356 function cleanup()
357 {
358 foreach ($this->attrs as $index => $value){
360 /* Convert arrays with one element to non arrays, if the saved
361 attributes are no array, too */
362 if (is_array($this->attrs[$index]) &&
363 count ($this->attrs[$index]) == 1 &&
364 isset($this->saved_attributes[$index]) &&
365 !is_array($this->saved_attributes[$index])){
367 $tmp= $this->attrs[$index][0];
368 $this->attrs[$index]= $tmp;
369 }
371 /* Remove emtpy arrays if they do not differ */
372 if (is_array($this->attrs[$index]) &&
373 count($this->attrs[$index]) == 0 &&
374 !isset($this->saved_attributes[$index])){
376 unset ($this->attrs[$index]);
377 continue;
378 }
380 /* Remove single attributes that do not differ */
381 if (!is_array($this->attrs[$index]) &&
382 isset($this->saved_attributes[$index]) &&
383 !is_array($this->saved_attributes[$index]) &&
384 $this->attrs[$index] == $this->saved_attributes[$index]){
386 unset ($this->attrs[$index]);
387 continue;
388 }
390 /* Remove arrays that do not differ */
391 if (is_array($this->attrs[$index]) &&
392 isset($this->saved_attributes[$index]) &&
393 is_array($this->saved_attributes[$index])){
395 if (!array_differs($this->attrs[$index],$this->saved_attributes[$index])){
396 unset ($this->attrs[$index]);
397 continue;
398 }
399 }
400 }
402 /* Update saved attributes and ensure that next cleanups will be successful too */
403 foreach($this->attrs as $name => $value){
404 $this->saved_attributes[$name] = $value;
405 }
406 }
408 /* Check formular input */
409 function check()
410 {
411 $message= array();
413 /* Skip if we've no config object */
414 if (!isset($this->config)){
415 return $message;
416 }
418 /* Find hooks entries for this class */
419 $command= search_config($this->config->data['MENU'], get_class($this), "CHECK");
420 if ($command == "" && isset($this->config->data['TABS'])){
421 $command= search_config($this->config->data['TABS'], get_class($this), "CHECK");
422 }
424 if ($command != ""){
426 if (!check_command($command)){
427 $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
428 get_class($this));
429 } else {
431 /* Generate "ldif" for check hook */
432 $ldif= "dn: $this->dn\n";
434 /* ... objectClasses */
435 foreach ($this->objectclasses as $oc){
436 $ldif.= "objectClass: $oc\n";
437 }
439 /* ... attributes */
440 foreach ($this->attributes as $attr){
441 if ($this->$attr == ""){
442 continue;
443 }
444 if (is_array($this->$attr)){
445 foreach ($this->$attr as $val){
446 $ldif.= "$attr: $val\n";
447 }
448 } else {
449 $ldif.= "$attr: ".$this->$attr."\n";
450 }
451 }
453 /* Append empty line */
454 $ldif.= "\n";
456 /* Feed "ldif" into hook and retrieve result*/
457 $descriptorspec = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
458 $fh= proc_open($command, $descriptorspec, $pipes);
459 if (is_resource($fh)) {
460 fwrite ($pipes[0], $ldif);
461 fclose($pipes[0]);
463 $result= stream_get_contents($pipes[1]);
464 if ($result != ""){
465 $message[]= $result;
466 }
468 fclose($pipes[1]);
469 fclose($pipes[2]);
470 proc_close($fh);
471 }
472 }
474 }
476 return ($message);
477 }
479 /* Adapt from template, using 'dn' */
480 function adapt_from_template($dn)
481 {
482 /* Include global link_info */
483 $ldap= $this->config->get_ldap_link();
485 /* Load requested 'dn' to 'attrs' */
486 $ldap->cat ($dn);
487 $this->attrs= $ldap->fetch();
489 /* Walk through attributes */
490 foreach ($this->attributes as $val){
492 if (isset($this->attrs["$val"][0])){
494 /* If attribute is set, replace dynamic parts:
495 %sn, %givenName and %uid. Fill these in our local variables. */
496 $value= $this->attrs["$val"][0];
498 foreach (array("sn", "givenName", "uid") as $repl){
499 if (preg_match("/%$repl/i", $value)){
500 $value= preg_replace ("/%$repl/i", $this->parent->$repl, $value);
501 }
502 }
503 $this->$val= $value;
504 }
505 }
507 /* Is Account? */
508 $found= TRUE;
509 foreach ($this->objectclasses as $obj){
510 if (preg_match('/top/i', $obj)){
511 continue;
512 }
513 if (!in_array_ics ($obj, $this->attrs['objectClass'])){
514 $found= FALSE;
515 break;
516 }
517 }
518 if ($found){
519 $this->is_account= TRUE;
520 }
521 }
523 /* Indicate whether a password change is needed or not */
524 function password_change_needed()
525 {
526 return FALSE;
527 }
530 /* Show header message for tab dialogs */
531 function show_enable_header($button_text, $text, $disabled= FALSE)
532 {
533 if (($disabled == TRUE) || (!$this->acl_is_createable())){
534 $state= "disabled";
535 } else {
536 $state= "";
537 }
538 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
539 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
540 "><p class=\"seperator\"> </p></td></tr></table>";
542 return($display);
543 }
546 /* Show header message for tab dialogs */
547 function show_disable_header($button_text, $text, $disabled= FALSE)
548 {
549 if (($disabled == TRUE) || !$this->acl_is_removeable()){
550 $state= "disabled";
551 } else {
552 $state= "";
553 }
554 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
555 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
556 "><p class=\"seperator\"> </p></td></tr></table>";
558 return($display);
559 }
562 /* Show header message for tab dialogs */
563 function show_header($button_text, $text, $disabled= FALSE)
564 {
565 echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
566 if ($disabled == TRUE){
567 $state= "disabled";
568 } else {
569 $state= "";
570 }
571 $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
572 $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
573 ($this->acl_is_createable()?'':'disabled')." ".$state.
574 "><p class=\"seperator\"> </p></td></tr></table>";
576 return($display);
577 }
580 function postcreate($add_attrs= array())
581 {
582 /* Find postcreate entries for this class */
583 $command= search_config($this->config->data['MENU'], get_class($this), "POSTCREATE");
584 if ($command == "" && isset($this->config->data['TABS'])){
585 $command= search_config($this->config->data['TABS'], get_class($this), "POSTCREATE");
586 }
588 if ($command != ""){
590 /* Additional attributes */
591 foreach ($add_attrs as $name => $value){
592 $command= preg_replace("/%$name/", $value, $command);
593 }
595 /* Walk through attribute list */
596 foreach ($this->attributes as $attr){
597 if (!is_array($this->$attr)){
598 $command= preg_replace("/%$attr/", $this->$attr, $command);
599 }
600 }
601 $command= preg_replace("/%dn/", $this->dn, $command);
603 if (check_command($command)){
604 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
605 $command, "Execute");
607 exec($command);
608 } else {
609 $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
610 print_red ($message);
611 }
612 }
613 }
615 function postmodify($add_attrs= array())
616 {
617 /* Find postcreate entries for this class */
618 $command= search_config($this->config->data['MENU'], get_class($this), "POSTMODIFY");
619 if ($command == "" && isset($this->config->data['TABS'])){
620 $command= search_config($this->config->data['TABS'], get_class($this), "POSTMODIFY");
621 }
623 if ($command != ""){
625 /* Additional attributes */
626 foreach ($add_attrs as $name => $value){
627 $command= preg_replace("/%$name/", $value, $command);
628 }
630 /* Walk through attribute list */
631 foreach ($this->attributes as $attr){
632 if (!is_array($this->$attr)){
633 $command= preg_replace("/%$attr/", $this->$attr, $command);
634 }
635 }
636 $command= preg_replace("/%dn/", $this->dn, $command);
638 if (check_command($command)){
639 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
640 $command, "Execute");
642 exec($command);
643 } else {
644 $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
645 print_red ($message);
646 }
647 }
648 }
650 function postremove($add_attrs= array())
651 {
652 /* Find postremove entries for this class */
653 $command= search_config($this->config->data['MENU'], get_class($this), "POSTREMOVE");
654 if ($command == "" && isset($this->config->data['TABS'])){
655 $command= search_config($this->config->data['TABS'], get_class($this), "POSTREMOVE");
656 }
658 if ($command != ""){
660 /* Additional attributes */
661 foreach ($add_attrs as $name => $value){
662 $command= preg_replace("/%$name/", $value, $command);
663 }
665 /* Walk through attribute list */
666 foreach ($this->attributes as $attr){
667 if (!is_array($this->$attr)){
668 $command= preg_replace("/%$attr/", $this->$attr, $command);
669 }
670 }
671 $command= preg_replace("/%dn/", $this->dn, $command);
673 /* Additional attributes */
674 foreach ($add_attrs as $name => $value){
675 $command= preg_replace("/%$name/", $value, $command);
676 }
678 if (check_command($command)){
679 @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
680 $command, "Execute");
682 exec($command);
683 } else {
684 $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
685 print_red ($message);
686 }
687 }
688 }
690 /* Create unique DN */
691 function create_unique_dn($attribute, $base)
692 {
693 $ldap= $this->config->get_ldap_link();
694 $base= preg_replace("/^,*/", "", $base);
696 /* Try to use plain entry first */
697 $dn= "$attribute=".$this->$attribute.",$base";
698 $ldap->cat ($dn, array('dn'));
699 if (!$ldap->fetch()){
700 return ($dn);
701 }
703 /* Look for additional attributes */
704 foreach ($this->attributes as $attr){
705 if ($attr == $attribute || $this->$attr == ""){
706 continue;
707 }
709 $dn= "$attribute=".$this->$attribute."+$attr=".$this->$attr.",$base";
710 $ldap->cat ($dn, array('dn'));
711 if (!$ldap->fetch()){
712 return ($dn);
713 }
714 }
716 /* None found */
717 return ("none");
718 }
720 function rebind($ldap, $referral)
721 {
722 $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
723 if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
724 $this->error = "Success";
725 $this->hascon=true;
726 $this->reconnect= true;
727 return (0);
728 } else {
729 $this->error = "Could not bind to " . $credentials['ADMIN'];
730 return NULL;
731 }
732 }
734 /* This is a workaround function. */
735 function copy($src_dn, $dst_dn)
736 {
737 /* Rename dn in possible object groups */
738 $ldap= $this->config->get_ldap_link();
739 $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
740 array('cn'));
741 while ($attrs= $ldap->fetch()){
742 $og= new ogroup($this->config, $ldap->getDN());
743 unset($og->member[$src_dn]);
744 $og->member[$dst_dn]= $dst_dn;
745 $og->save ();
746 }
748 $ldap->cat($dst_dn);
749 $attrs= $ldap->fetch();
750 if (count($attrs)){
751 trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
752 E_USER_WARNING);
753 return (FALSE);
754 }
756 $ldap->cat($src_dn);
757 $attrs= $ldap->fetch();
758 if (!count($attrs)){
759 trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
760 E_USER_WARNING);
761 return (FALSE);
762 }
764 /* Grummble. This really sucks. PHP ldap doesn't support rdn stuff. */
765 $ds= ldap_connect($this->config->current['SERVER']);
766 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
767 if (function_exists("ldap_set_rebind_proc") && isset($this->config->current['REFERRAL'])) {
768 ldap_set_rebind_proc($ds, array(&$this, "rebind"));
769 }
771 $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
772 error_reporting (0);
773 $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
775 /* Fill data from LDAP */
776 $new= array();
777 if ($sr) {
778 $ei=ldap_first_entry($ds, $sr);
779 if ($ei) {
780 foreach($attrs as $attr => $val){
781 if ($info = ldap_get_values_len($ds, $ei, $attr)){
782 for ($i= 0; $i<$info['count']; $i++){
783 if ($info['count'] == 1){
784 $new[$attr]= $info[$i];
785 } else {
786 $new[$attr][]= $info[$i];
787 }
788 }
789 }
790 }
791 }
792 }
794 /* close conncetion */
795 error_reporting (E_ALL | E_STRICT);
796 ldap_unbind($ds);
798 /* Adapt naming attribute */
799 $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
800 $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
801 $new[$dst_name]= @LDAP::fix($dst_val);
803 /* Check if this is a department.
804 * If it is a dep. && there is a , override in his ou
805 * change \2C to , again, else this entry can't be saved ...
806 */
807 if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
808 $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
809 }
811 /* Save copy */
812 $ldap->connect();
813 $ldap->cd($this->config->current['BASE']);
815 $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
817 /* FAIvariable=.../..., cn=..
818 could not be saved, because the attribute FAIvariable was different to
819 the dn FAIvariable=..., cn=... */
820 if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
821 $new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
822 }
823 $ldap->cd($dst_dn);
824 $ldap->add($new);
826 if ($ldap->error != "Success"){
827 trigger_error("Trying to save $dst_dn failed.",
828 E_USER_WARNING);
829 return(FALSE);
830 }
832 return (TRUE);
833 }
836 function move($src_dn, $dst_dn)
837 {
838 /* Copy source to destination */
839 if (!$this->copy($src_dn, $dst_dn)){
840 return (FALSE);
841 }
843 /* Delete source */
844 $ldap= $this->config->get_ldap_link();
845 $ldap->rmdir($src_dn);
846 if ($ldap->error != "Success"){
847 trigger_error("Trying to delete $src_dn failed.",
848 E_USER_WARNING);
849 return (FALSE);
850 }
852 return (TRUE);
853 }
856 /* Move/Rename complete trees */
857 function recursive_move($src_dn, $dst_dn)
858 {
859 /* Check if the destination entry exists */
860 $ldap= $this->config->get_ldap_link();
862 /* Check if destination exists - abort */
863 $ldap->cat($dst_dn, array('dn'));
864 if ($ldap->fetch()){
865 trigger_error("recursive_move $dst_dn already exists.",
866 E_USER_WARNING);
867 return (FALSE);
868 }
870 /* Perform a search for all objects to be moved */
871 $objects= array();
872 $ldap->cd($src_dn);
873 $ldap->search("(objectClass=*)", array("dn"));
874 while($attrs= $ldap->fetch()){
875 $dn= $attrs['dn'];
876 $objects[$dn]= strlen($dn);
877 }
879 /* Sort objects by indent level */
880 asort($objects);
881 reset($objects);
883 /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
884 foreach ($objects as $object => $len){
885 $src= $object;
886 $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
887 if (!$this->copy($src, $dst)){
888 return (FALSE);
889 }
890 }
892 /* Remove src_dn */
893 $ldap->cd($src_dn);
894 $ldap->recursive_remove();
895 return (TRUE);
896 }
899 function handle_post_events($mode, $add_attrs= array())
900 {
901 switch ($mode){
902 case "add":
903 $this->postcreate($add_attrs);
904 break;
906 case "modify":
907 $this->postmodify($add_attrs);
908 break;
910 case "remove":
911 $this->postremove($add_attrs);
912 break;
913 }
914 }
917 function saveCopyDialog(){
918 }
921 function getCopyDialog(){
922 return(array("string"=>"","status"=>""));
923 }
926 function PrepareForCopyPaste($source)
927 {
928 $todo = $this->attributes;
929 if(isset($this->CopyPasteVars)){
930 $todo = array_merge($todo,$this->CopyPasteVars);
931 }
933 if(count($this->objectclasses)){
934 $this->is_account = TRUE;
935 foreach($this->objectclasses as $class){
936 if(!in_array($class,$source['objectClass'])){
937 $this->is_account = FALSE;
938 }
939 }
940 }
942 foreach($todo as $var){
943 if (isset($source[$var])){
944 if(isset($source[$var]['count'])){
945 if($source[$var]['count'] > 1){
946 $this->$var = array();
947 $tmp = array();
948 for($i = 0 ; $i < $source[$var]['count']; $i++){
949 $tmp = $source[$var][$i];
950 }
951 $this->$var = $tmp;
952 # echo $var."=".$tmp."<br>";
953 }else{
954 $this->$var = $source[$var][0];
955 # echo $var."=".$source[$var][0]."<br>";
956 }
957 }else{
958 $this->$var= $source[$var];
959 # echo $var."=".$source[$var]."<br>";
960 }
961 }
962 }
963 }
966 function handle_object_tagging($dn= "", $tag= "", $show= false)
967 {
968 //FIXME: How to optimize this? We have at least two
969 // LDAP accesses per object. It would be a good
970 // idea to have it integrated.
972 /* No dn? Self-operation... */
973 if ($dn == ""){
974 $dn= $this->dn;
976 /* No tag? Find it yourself... */
977 if ($tag == ""){
978 $len= strlen($dn);
980 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "No tag for $dn - looking for one...", "Tagging");
981 $relevant= array();
982 foreach ($this->config->adepartments as $key => $ntag){
984 /* This one is bigger than our dn, its not relevant... */
985 if ($len <= strlen($key)){
986 continue;
987 }
989 /* This one matches with the latter part. Break and don't fix this entry */
990 if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
991 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
992 $relevant[strlen($key)]= $ntag;
993 continue;
994 }
996 }
998 /* If we've some relevant tags to set, just get the longest one */
999 if (count($relevant)){
1000 ksort($relevant);
1001 $tmp= array_keys($relevant);
1002 $idx= end($tmp);
1003 $tag= $relevant[$idx];
1004 $this->gosaUnitTag= $tag;
1005 }
1006 }
1007 }
1010 /* Set tag? */
1011 if ($tag != ""){
1012 /* Set objectclass and attribute */
1013 $ldap= $this->config->get_ldap_link();
1014 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1015 $attrs= $ldap->fetch();
1016 if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
1017 if ($show) {
1018 echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
1019 flush();
1020 }
1021 return;
1022 }
1023 if (count($attrs)){
1024 if ($show){
1025 echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
1026 flush();
1027 }
1028 $nattrs= array("gosaUnitTag" => $tag);
1029 $nattrs['objectClass']= array();
1030 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1031 $oc= $attrs['objectClass'][$i];
1032 if ($oc != "gosaAdministrativeUnitTag"){
1033 $nattrs['objectClass'][]= $oc;
1034 }
1035 }
1036 $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
1037 $ldap->cd($dn);
1038 $ldap->modify($nattrs);
1039 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1040 } else {
1041 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
1042 }
1044 } else {
1045 /* Remove objectclass and attribute */
1046 $ldap= $this->config->get_ldap_link();
1047 $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
1048 $attrs= $ldap->fetch();
1049 if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
1050 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
1051 return;
1052 }
1053 if (count($attrs)){
1054 if ($show){
1055 echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
1056 flush();
1057 }
1058 $nattrs= array("gosaUnitTag" => array());
1059 $nattrs['objectClass']= array();
1060 for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
1061 $oc= $attrs['objectClass'][$i];
1062 if ($oc != "gosaAdministrativeUnitTag"){
1063 $nattrs['objectClass'][]= $oc;
1064 }
1065 }
1066 $ldap->cd($dn);
1067 $ldap->modify($nattrs);
1068 show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
1069 } else {
1070 @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
1071 }
1072 }
1074 }
1077 /* Add possibility to stop remove process */
1078 function allow_remove()
1079 {
1080 $reason= "";
1081 return $reason;
1082 }
1085 /* Create a snapshot of the current object */
1086 function create_snapshot($type= "snapshot", $description= array())
1087 {
1089 /* Check if snapshot functionality is enabled */
1090 if(!$this->snapshotEnabled()){
1091 return;
1092 }
1094 /* Get configuration from gosa.conf */
1095 $tmp = $this->config->current;
1097 /* Create lokal ldap connection */
1098 $ldap= $this->config->get_ldap_link();
1099 $ldap->cd($this->config->current['BASE']);
1101 /* check if there are special server configurations for snapshots */
1102 if(!isset($tmp['SNAPSHOT_SERVER'])){
1104 /* Source and destination server are both the same, just copy source to dest obj */
1105 $ldap_to = $ldap;
1106 $snapldapbase = $this->config->current['BASE'];
1108 }else{
1109 $server = $tmp['SNAPSHOT_SERVER'];
1110 $user = $tmp['SNAPSHOT_USER'];
1111 $password = $tmp['SNAPSHOT_PASSWORD'];
1112 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1114 $ldap_to = new LDAP($user,$password, $server);
1115 $ldap_to -> cd($snapldapbase);
1116 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
1117 }
1119 /* check if the dn exists */
1120 if ($ldap->dn_exists($this->dn)){
1122 /* Extract seconds & mysecs, they are used as entry index */
1123 list($usec, $sec)= explode(" ", microtime());
1125 /* Collect some infos */
1126 $base = $this->config->current['BASE'];
1127 $snap_base = $tmp['SNAPSHOT_BASE'];
1128 $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
1129 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1131 /* Create object */
1132 #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
1133 $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
1134 $newName = preg_replace("/\./", "", $sec."-".$usec);
1135 $target= array();
1136 $target['objectClass'] = array("top", "gosaSnapshotObject");
1137 $target['gosaSnapshotData'] = gzcompress($data, 6);
1138 $target['gosaSnapshotType'] = $type;
1139 $target['gosaSnapshotDN'] = $this->dn;
1140 $target['description'] = $description;
1141 $target['gosaSnapshotTimestamp'] = $newName;
1143 /* Insert the new snapshot
1144 But we have to check first, if the given gosaSnapshotTimestamp
1145 is already used, in this case we should increment this value till there is
1146 an unused value. */
1147 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1148 $ldap_to->cat($new_dn);
1149 while($ldap_to->count()){
1150 $ldap_to->cat($new_dn);
1151 $newName = preg_replace("/\./", "", $sec."-".($usec++));
1152 $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
1153 $target['gosaSnapshotTimestamp'] = $newName;
1154 }
1156 /* Inset this new snapshot */
1157 $ldap_to->cd($snapldapbase);
1158 $ldap_to->create_missing_trees($new_base);
1159 $ldap_to->cd($new_dn);
1160 $ldap_to->add($target);
1162 show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1163 show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
1164 }
1165 }
1167 function remove_snapshot($dn)
1168 {
1169 $ui = get_userinfo();
1170 $old_dn = $this->dn;
1171 $this->dn = $dn;
1172 $ldap = $this->config->get_ldap_link();
1173 $ldap->cd($this->config->current['BASE']);
1174 $ldap->rmdir_recursive($dn);
1175 $this->dn = $old_dn;
1176 }
1179 /* returns true if snapshots are enabled, and false if it is disalbed
1180 There will also be some errors psoted, if the configuration failed */
1181 function snapshotEnabled()
1182 {
1183 $tmp = $this->config->current;
1184 if(isset($tmp['ENABLE_SNAPSHOT'])){
1185 if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
1187 /* Check if the snapshot_base is defined */
1188 if(!isset($tmp['SNAPSHOT_BASE'])){
1189 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),"SNAPSHOT_BASE"));
1190 return(FALSE);
1191 }
1193 /* check if there are special server configurations for snapshots */
1194 if(isset($tmp['SNAPSHOT_SERVER'])){
1196 /* check if all required vars are available to create a new ldap connection */
1197 $missing = "";
1198 foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){
1199 if(!isset($tmp[$var])){
1200 $missing .= $var." ";
1201 print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
1202 return(FALSE);
1203 }
1204 }
1205 }
1206 return(TRUE);
1207 }
1208 }
1209 return(FALSE);
1210 }
1213 /* Return available snapshots for the given base
1214 */
1215 function Available_SnapsShots($dn,$raw = false)
1216 {
1217 if(!$this->snapshotEnabled()) return(array());
1219 /* Create an additional ldap object which
1220 points to our ldap snapshot server */
1221 $ldap= $this->config->get_ldap_link();
1222 $ldap->cd($this->config->current['BASE']);
1223 $tmp = $this->config->current;
1225 /* check if there are special server configurations for snapshots */
1226 if(isset($tmp['SNAPSHOT_SERVER'])){
1227 $server = $tmp['SNAPSHOT_SERVER'];
1228 $user = $tmp['SNAPSHOT_USER'];
1229 $password = $tmp['SNAPSHOT_PASSWORD'];
1230 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1231 $ldap_to = new LDAP($user,$password, $server);
1232 $ldap_to -> cd ($snapldapbase);
1233 show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
1234 }else{
1235 $ldap_to = $ldap;
1236 }
1238 /* Prepare bases and some other infos */
1239 $base = $this->config->current['BASE'];
1240 $snap_base = $tmp['SNAPSHOT_BASE'];
1241 $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
1242 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1243 $tmp = array();
1245 /* Fetch all objects with gosaSnapshotDN=$dn */
1246 $ldap_to->cd($new_base);
1247 $ldap_to->ls("(&(objectClass=gosaSnapshotObject)(gosaSnapshotDN=".$dn."))",$new_base,
1248 array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1250 /* Put results into a list and add description if missing */
1251 while($entry = $ldap_to->fetch()){
1252 if(!isset($entry['description'][0])){
1253 $entry['description'][0] = "";
1254 }
1255 $tmp[] = $entry;
1256 }
1258 /* Return the raw array, or format the result */
1259 if($raw){
1260 return($tmp);
1261 }else{
1262 $tmp2 = array();
1263 foreach($tmp as $entry){
1264 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1265 }
1266 }
1267 return($tmp2);
1268 }
1271 function getAllDeletedSnapshots($base_of_object,$raw = false)
1272 {
1273 if(!$this->snapshotEnabled()) return(array());
1275 /* Create an additional ldap object which
1276 points to our ldap snapshot server */
1277 $ldap= $this->config->get_ldap_link();
1278 $ldap->cd($this->config->current['BASE']);
1279 $tmp = $this->config->current;
1281 /* check if there are special server configurations for snapshots */
1282 if(isset($tmp['SNAPSHOT_SERVER'])){
1283 $server = $tmp['SNAPSHOT_SERVER'];
1284 $user = $tmp['SNAPSHOT_USER'];
1285 $password = $tmp['SNAPSHOT_PASSWORD'];
1286 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1287 $ldap_to = new LDAP($user,$password, $server);
1288 $ldap_to->cd ($snapldapbase);
1289 show_ldap_error($ldap->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
1290 }else{
1291 $ldap_to = $ldap;
1292 }
1294 /* Prepare bases */
1295 $base = $this->config->current['BASE'];
1296 $snap_base = $tmp['SNAPSHOT_BASE'];
1297 $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
1299 /* Fetch all objects and check if they do not exist anymore */
1300 $ui = get_userinfo();
1301 $tmp = array();
1302 $ldap_to->cd($new_base);
1303 $ldap_to->ls("(objectClass=gosaSnapshotObject)",$new_base,array("gosaSnapshotType","gosaSnapshotTimestamp","gosaSnapshotDN","description"));
1304 while($entry = $ldap_to->fetch()){
1306 $chk = str_replace($new_base,"",$entry['dn']);
1307 if(preg_match("/,ou=/",$chk)) continue;
1309 if(!isset($entry['description'][0])){
1310 $entry['description'][0] = "";
1311 }
1312 $tmp[] = $entry;
1313 }
1315 /* Check if entry still exists */
1316 foreach($tmp as $key => $entry){
1317 $ldap->cat($entry['gosaSnapshotDN'][0]);
1318 if($ldap->count()){
1319 unset($tmp[$key]);
1320 }
1321 }
1323 /* Format result as requested */
1324 if($raw) {
1325 return($tmp);
1326 }else{
1327 $tmp2 = array();
1328 foreach($tmp as $key => $entry){
1329 $tmp2[base64_encode($entry['dn'])] = $entry['description'][0];
1330 }
1331 }
1332 return($tmp2);
1333 }
1336 /* Restore selected snapshot */
1337 function restore_snapshot($dn)
1338 {
1339 if(!$this->snapshotEnabled()) return(array());
1341 $ldap= $this->config->get_ldap_link();
1342 $ldap->cd($this->config->current['BASE']);
1343 $tmp = $this->config->current;
1345 /* check if there are special server configurations for snapshots */
1346 if(isset($tmp['SNAPSHOT_SERVER'])){
1347 $server = $tmp['SNAPSHOT_SERVER'];
1348 $user = $tmp['SNAPSHOT_USER'];
1349 $password = $tmp['SNAPSHOT_PASSWORD'];
1350 $snapldapbase = $tmp['SNAPSHOT_BASE'];
1351 $ldap_to = new LDAP($user,$password, $server);
1352 $ldap_to->cd ($snapldapbase);
1353 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
1354 }else{
1355 $ldap_to = $ldap;
1356 }
1358 /* Get the snapshot */
1359 $ldap_to->cat($dn);
1360 $restoreObject = $ldap_to->fetch();
1362 /* Prepare import string */
1363 $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
1365 /* Import the given data */
1366 $ldap->import_complete_ldif($data,$err,false,false);
1367 show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
1368 }
1371 function showSnapshotDialog($base,$baseSuffixe)
1372 {
1373 $once = true;
1374 foreach($_POST as $name => $value){
1376 /* Create a new snapshot, display a dialog */
1377 if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
1378 $once = false;
1379 $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
1380 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1381 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1382 }
1384 /* Restore a snapshot, display a dialog with all snapshots of the current object */
1385 if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
1386 $once = false;
1387 $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
1388 $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
1389 $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
1390 $this->snapDialog->display_restore_dialog = true;
1391 }
1393 /* Restore one of the already deleted objects */
1394 if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
1395 $once = false;
1396 $this->snapDialog = new SnapShotDialog($this->config,"",$this);
1397 $this->snapDialog->set_snapshot_bases($baseSuffixe);
1398 $this->snapDialog->display_restore_dialog = true;
1399 $this->snapDialog->display_all_removed_objects = true;
1400 }
1402 /* Restore selected snapshot */
1403 if(preg_match("/^RestoreSnapShot_/",$name) && $once){
1404 $once = false;
1405 $entry = preg_replace("/^RestoreSnapShot_/","",$name);
1406 $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
1407 if(!empty($entry)){
1408 $this->restore_snapshot($entry);
1409 $this->snapDialog = NULL;
1410 }
1411 }
1412 }
1414 /* Create a new snapshot requested, check
1415 the given attributes and create the snapshot*/
1416 if(isset($_POST['CreateSnapshot'])){
1417 $this->snapDialog->save_object();
1418 $msgs = $this->snapDialog->check();
1419 if(count($msgs)){
1420 foreach($msgs as $msg){
1421 print_red($msg);
1422 }
1423 }else{
1424 $this->dn = $this->snapDialog->dn;
1425 $this->create_snapshot("snapshot",$this->snapDialog->CurrentDescription);
1426 $this->snapDialog = NULL;
1427 }
1428 }
1430 /* Restore is requested, restore the object with the posted dn .*/
1431 if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
1432 }
1434 if(isset($_POST['CancelSnapshot'])){
1435 $this->snapDialog = NULL;
1436 }
1438 if($this->snapDialog){
1439 $this->snapDialog->save_object();
1440 return($this->snapDialog->execute());
1441 }
1442 }
1445 function plInfo()
1446 {
1447 return array();
1448 }
1451 function set_acl_base($base)
1452 {
1453 $this->acl_base= $base;
1454 }
1457 function set_acl_category($category)
1458 {
1459 $this->acl_category= "$category/";
1460 }
1463 function acl_is_writeable($attribute,$skip_write = FALSE)
1464 {
1465 $ui= get_userinfo();
1466 return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
1467 }
1470 function acl_is_readable($attribute)
1471 {
1472 $ui= get_userinfo();
1473 return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
1474 }
1477 function acl_is_createable()
1478 {
1479 $ui= get_userinfo();
1480 return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1481 }
1484 function acl_is_removeable()
1485 {
1486 $ui= get_userinfo();
1487 return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1488 }
1491 function acl_is_moveable()
1492 {
1493 $ui= get_userinfo();
1494 return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
1495 }
1498 function acl_have_any_permissions()
1499 {
1500 }
1503 function getacl($attribute,$skip_write= FALSE)
1504 {
1505 $ui= get_userinfo();
1506 return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
1507 }
1509 /* Get all allowed bases to move an object to or to create a new object.
1510 Idepartments also contains all base departments which lead to the allowed bases */
1511 function get_allowed_bases($category = "")
1512 {
1513 $ui = get_userinfo();
1514 $deps = array();
1516 /* Set category */
1517 if(empty($category)){
1518 $category = $this->acl_category.get_class($this);
1519 }
1521 /* Is this a new object ? Or just an edited existing object */
1522 if(!$this->initially_was_account && $this->is_account){
1523 $new = true;
1524 }else{
1525 $new = false;
1526 }
1528 $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
1529 foreach($this->config->idepartments as $dn => $name){
1531 if(!in_array_ics($dn,$cat_bases)){
1532 continue;
1533 }
1535 $acl = $ui->get_permissions($dn,$category);
1536 if($new && preg_match("/c/",$acl)){
1537 $deps[$dn] = $name;
1538 }elseif(!$new && preg_match("/m/",$acl)){
1539 $deps[$dn] = $name;
1540 }
1541 }
1543 /* Add current base */
1544 if(isset($this->base) && isset($this->config->idepartments[$this->base])){
1545 $deps[$this->base] = $this->config->idepartments[$this->base];
1546 }else{
1547 echo "No default base found. ".$this->base."<br> ";
1548 }
1550 return($deps);
1551 }
1553 /* This function modifies object acls too, if an object is moved.
1554 * $old_dn specifies the actually used dn
1555 * $new_dn specifies the destiantion dn
1556 */
1557 function update_acls($old_dn,$new_dn,$output_changes = FALSE)
1558 {
1559 global $config;
1561 /* Check if old_dn is empty. This should never happen */
1562 if(empty($old_dn) || empty($new_dn)){
1563 trigger_error("Failed to check acl dependencies, wrong dn given.");
1564 return;
1565 }
1567 /* Update userinfo if necessary */
1568 if($_SESSION['ui']->dn == $old_dn){
1569 $_SESSION['ui']->dn = $new_dn;
1570 new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
1571 }
1573 /* Object was moved, ensure that all acls will be moved too */
1574 if($new_dn != $old_dn && $old_dn != "new"){
1576 /* get_ldap configuration */
1577 $update = array();
1578 $ldap = $config->get_ldap_link();
1579 $ldap->cd ($config->current['BASE']);
1580 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
1581 while($attrs = $ldap->fetch()){
1583 $acls = array();
1585 /* Walk through acls */
1586 for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
1588 /* Reset vars */
1589 $found = false;
1591 /* Get Acl parts */
1592 $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
1594 /* Get every single member for this acl */
1595 $members = array();
1596 if(preg_match("/,/",$acl_parts[2])){
1597 $members = split(",",$acl_parts[2]);
1598 }else{
1599 $members = array($acl_parts[2]);
1600 }
1602 /* Check if member match current dn */
1603 foreach($members as $key => $member){
1604 $member = base64_decode($member);
1605 if($member == $old_dn){
1606 $found = true;
1607 $members[$key] = base64_encode($new_dn);
1608 }
1609 }
1611 /* Create new member string */
1612 $new_members = "";
1613 foreach($members as $member){
1614 $new_members .= $member.",";
1615 }
1616 $new_members = preg_replace("/,$/","",$new_members);
1617 $acl_parts[2] = $new_members;
1619 /* Reconstruckt acl entry */
1620 $acl_str ="";
1621 foreach($acl_parts as $t){
1622 $acl_str .= $t.":";
1623 }
1624 $acl_str = preg_replace("/:$/","",$acl_str);
1625 }
1627 /* Acls for this object must be adjusted */
1628 if($found){
1630 if($output_changes){
1631 echo "<font color='green'>".
1632 _("Changing ACL dn")." : <br> -"._("from")." <b> ".
1633 $old_dn.
1634 "</b><br> -"._("to")." <b>".
1635 $new_dn.
1636 "</b></font><br>";
1637 }
1638 $update[$attrs['dn']] =array();
1639 foreach($acls as $acl){
1640 $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
1641 }
1642 }
1643 }
1645 /* Write updated acls */
1646 foreach($update as $dn => $attrs){
1647 $ldap->cd($dn);
1648 $ldap->modify($attrs);
1649 }
1650 }
1651 }
1652 }
1653 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1654 ?>