1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003 Cajus Pollmeier
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20 require "tabs_group.inc";
22 class groupManagement extends plugin
23 {
24 /* Definitions */
25 var $plHeadline= "Groups";
26 var $plDescription= "This does something";
28 /* Dialog attributes */
29 var $grouptab= NULL;
30 var $grouplist= array();
31 var $ui= NULL;
32 var $acl= "";
34 function groupManagement ($config, $ui)
35 {
36 /* Save configuration for internal use */
37 $this->config= $config;
38 $this->ui= $ui;
40 /* Get global filter config */
41 if (!is_global("groupfilter")){
42 $base= get_base_from_people($ui->dn);
43 $groupfilter= array("primarygroups" => "checked",
44 "mailgroups" => "checked",
45 "sambagroups" => "checked",
46 "appgroups" => "checked",
47 "functionalgroups" => "checked",
48 "guser" => "*",
49 "subsearch" => "",
50 "depselect" => $base,
51 "regex" => "*");
52 register_global("groupfilter", $groupfilter);
53 }
54 }
56 function execute()
57 {
58 /* Save data */
59 $groupfilter= get_global("groupfilter");
60 if (!isset($this->grouptab)){
61 foreach( array("depselect", "guser", "regex") as $type){
62 if (isset($_POST[$type])){
63 $groupfilter[$type]= $_POST[$type];
64 }
65 }
66 if (isset($_POST['depselect'])){
67 foreach( array("primarygroups", "sambagroups", "mailgroups", "appgroups",
68 "functionalgroups", "subsearch") as $type){
70 if (isset($_POST[$type])) {
71 $groupfilter[$type]= "checked";
72 } else {
73 $groupfilter[$type]= "";
74 }
75 }
76 }
77 if (isset($_GET['search'])){
78 $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
79 if ($s == "**"){
80 $s= "*";
81 }
82 $groupfilter['regex']= $s;
83 }
84 register_global("groupfilter", $groupfilter);
85 }
87 $smarty= get_smarty();
89 /* Prepare formular */
90 if (!isset($this->grouptab) &&
91 !isset($_POST['new_group']) &&
92 !isset($_POST['delete_group']) &&
93 !isset($_POST['select_group'])){
94 $this->reload();
95 }
97 /* Check for exeeded sizelimit */
98 if (($message= check_sizelimit()) != ""){
99 return($message);
100 }
102 /* New group? */
103 if (isset($_POST['new_group'])){
105 /* By default we set 'dn' to 'new', all relevant plugins will
106 react on this. */
107 $this->dn= "new";
109 /* Create new usertab object */
110 $this->grouptab= new grouptabs($this->config,
111 $this->config->data['TABS']['GROUPTABS'], $this->dn);
112 $this->grouptab->set_acl(array(':all'));
113 }
115 /* Cancel dialogs */
116 if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])){
117 del_lock ($this->grouptab->dn);
118 unset ($this->grouptab);
119 $this->grouptab= NULL;
120 unset($_SESSION['objectinfo']);
121 }
123 /* Finish group edit is triggered by the tabulator dialog, so
124 the user wants to save edited data. Check and save at this
125 point. */
126 if (isset($_POST['edit_finish'])){
128 /* Check tabs, will feed message array */
129 $message= $this->grouptab->check();
131 /* Save, or display error message? */
132 if (count($message) == 0){
134 /* Save user data to ldap */
135 $this->grouptab->save();
136 gosa_log ("Group object'".$this->dn."' has been saved");
138 /* Group has been saved successfully, remove lock from
139 LDAP. */
140 if ($this->dn != "new"){
141 del_lock ($this->dn);
142 }
144 /* There's no page reload so we have to read new users at
145 this point. */
146 $this->reload ();
147 unset ($this->grouptab);
148 $this->grouptab= NULL;
149 unset ($_SESSION['objectinfo']);
151 } else {
152 /* Ok. There seem to be errors regarding to the tab data,
153 show message and continue as usual. */
154 show_errors($message);
155 }
156 }
158 /* User wants to edit data? */
159 if ((isset($_POST['select_group']) || (isset($_POST['edit_helper']) && $_POST['edit_helper'] == "1")) && isset($_POST['grouplist']) && $_POST['grouplist'] != ""){
161 /* Get 'dn' from posted 'uid', must be unique */
162 $this->dn= trim($_POST['grouplist']);
164 /* Check locking, save current plugin in 'back_plugin', so
165 the dialog knows where to return. */
166 if (($user= get_lock($this->dn)) != ""){
167 return(gen_locked_message ($user, $this->dn));
168 }
170 /* Lock the current entry, so everyone will get the
171 above dialog */
172 add_lock ($this->dn, $this->ui->dn);
174 /* Set up the users ACL's for this 'dn' */
175 $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
177 /* Register grouptab to trigger edit dialog */
178 $this->grouptab= new grouptabs($this->config,
179 $this->config->data['TABS']['GROUPTABS'], $this->dn);
180 $this->grouptab->set_acl($acl);
181 $_SESSION['objectinfo']= $this->dn;
182 }
184 /* Remove user was requested */
185 if (isset($_POST['delete_group']) && isset($_POST['grouplist'])){
187 /* Get 'dn' from posted 'uid' */
188 $this->dn= trim($_POST['grouplist']);
190 /* Load permissions for selected 'dn' and check if
191 we're allowed to remove this 'dn' */
192 $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
193 $this->acl= get_module_permission($acl, "group", $this->dn);
194 if (chkacl($this->acl, "delete") == ""){
196 /* Check locking, save current plugin in 'back_plugin', so
197 the dialog knows where to return. */
198 if (($user= get_lock($this->dn)) != ""){
199 return(gen_locked_message ($user, $this->dn));
200 }
202 /* Lock the current entry, so nobody will edit it during deletion */
203 add_lock ($this->dn, $this->ui->dn);
204 $smarty->assign("info", sprintf(_("You're about to delete the group '%s'."), $this->dn));
205 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
206 } else {
208 /* Obviously the user isn't allowed to delete. Show message and
209 clean session. */
210 print_red (_("You are not allowed to delete this group!"));
211 }
212 }
214 /* Confirmation for deletion has been passed. Group should be deleted. */
215 if (isset($_POST['delete_group_confirm'])){
217 /* Some nice guy may send this as POST, so we've to check
218 for the permissions again. */
219 if (chkacl($this->acl, "delete") == ""){
221 /* Delete request is permitted, perform LDAP action */
222 $this->grouptab= new grouptabs($this->config,
223 $this->config->data['TABS']['GROUPTABS'], $this->dn);
224 $this->grouptab->set_acl(array($this->acl));
225 $this->grouptab->delete ();
226 gosa_log ("Group object'".$this->dn."' has been removed");
227 unset ($this->grouptab);
228 $this->grouptab= NULL;
230 /* Group list has changed, reload it. */
231 $this->reload ();
232 } else {
234 /* Normally this shouldn't be reached, send some extra
235 logs to notify the administrator */
236 print_red (_("You are not allowed to delete this group!"));
237 gosa_log ("Warning: '".$this->ui->uid."' tried to trick group deletion.");
238 }
240 /* Remove lock file after successfull deletion */
241 del_lock ($this->dn);
242 unset($_SESSION['objectinfo']);
243 }
246 /* Delete group canceled? */
247 if (isset($_POST['delete_cancel'])){
248 del_lock ($this->dn);
249 unset($_SESSION['objectinfo']);
250 }
252 /* Show tab dialog if object is present */
253 if ($this->grouptab){
254 $display= $this->grouptab->execute();
256 /* Don't show buttons if tab dialog requests this */
257 if (!$this->grouptab->by_object[$this->grouptab->current]->dialog){
258 $display.= "<p style=\"text-align:right\">\n";
259 $display.= "<input type=submit name=\"edit_finish\" value=\""._("Finish")."\">\n";
260 $display.= " \n";
261 $display.= "<input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
262 $display.= "</p>";
263 }
264 return ($display);
265 }
267 /* Show main page */
268 $smarty->assign("grouplist", $this->grouplist);
269 $smarty->assign("search_image", get_template_path('images/search.png'));
270 $smarty->assign("tree_image", get_template_path('images/tree.png'));
271 $smarty->assign("infoimage", get_template_path('images/info.png'));
272 $smarty->assign("launchimage", get_template_path('images/launch.png'));
273 $smarty->assign("deplist", $this->config->idepartments);
274 foreach( array("depselect", "guser", "regex", "primarygroups", "mailgroups",
275 "appgroups", "sambagroups", "functionalgroups", "subsearch") as $type){
277 $smarty->assign("$type", $groupfilter[$type]);
278 }
280 /* Extend if we are not using javascript */
281 $smarty->assign("apply", apply_filter());
282 $smarty->assign("alphabet", generate_alphabet());
283 $smarty->assign("hint", print_sizelimit_warning());
285 return($smarty->fetch(get_template_path('headpage.tpl', TRUE)));
286 }
289 function reload()
290 {
291 /* Get config */
292 $groupfilter= get_global('groupfilter');
294 /* Set base for all searches */
295 $base= $groupfilter['depselect'];
297 /* Regex filter? */
298 if ($groupfilter['regex'] != ""){
299 $regex= $groupfilter['regex'];
300 } else {
301 $regex= "*";
302 }
304 /* User filter? */
305 $filter= "";
306 $error= "";
307 $error2= "";
308 $this->grouplist= array();
310 /* What are primary groups? */
311 $primaries= array();
312 $ldap= $this->config->get_ldap_link(TRUE);
313 $ldap->cd($base);
314 $ldap->search("(&(uid=$regex)(!(uid=*$))(objectClass=posixAccount)(gidNumber=*))", array("gidNumber", "cn"));
315 $error= $ldap->error;
316 while ($attrs= $ldap->fetch()){
317 $primaries[$attrs['gidNumber'][0]]= $attrs['cn'][0];
318 }
320 if ($groupfilter['primarygroups'] == "checked"){
321 $filter.= "(&(objectClass=posixGroup)(|";
322 foreach ($primaries as $gidNumber => $cn){
323 $filter.= "(gidNumber=$gidNumber)";
324 }
325 $filter.= "))";
326 } else {
327 $filter.= "(&(objectClass=posixGroup)(!(|";
328 foreach ($primaries as $gidNumber => $cn){
329 $filter.= "(gidNumber=$gidNumber)";
330 }
331 $filter.= ")))";
332 }
335 /* Set filter depending on selection */
336 $sfilter= "";
337 if ($groupfilter['appgroups'] == "checked"){
338 $filter.= "(objectClass=gosaApplicationGroup)";
339 }
340 if ($this->config->current['SAMBAVERSION'] == 3){
341 if ($groupfilter['primarygroups'] != "checked"){
342 $sfilter= "(objectClass=sambaGroupMapping)";
343 } elseif ($groupfilter['sambagroups'] == "checked"){
344 $filter.= "(objectClass=sambaGroupMapping)";
345 }
346 }
348 if ($groupfilter['mailgroups'] == "checked"){
349 $filter.= "(objectClass=gosaMailAccount)";
350 }
351 if ($groupfilter['functionalgroups'] == "checked"){
352 $ldap->cd($base);
353 $ldap->set_size_limit($_SESSION['size_limit']);
354 $ldap->search("(&(cn=$regex)(objectClass=posixGroup)(!(|(objectClass=gosaMailAccount)(objectClass=gosaApplicationGroup)$sfilter)))", array("cn", "gidNumber", "description"));
355 $error2= $ldap->error;
356 while ($attrs= $ldap->fetch()){
357 if (!isset($primaries[$attrs['gidNumber'][0]])){
358 if (isset($attrs["description"][0])){
359 $this->grouplist[$attrs["dn"]]= $attrs["cn"][0]." [".
360 $attrs["description"][0]."]";
361 } else {
362 $this->grouplist[$attrs["dn"]]= $attrs["cn"][0];
363 }
364 }
365 }
366 }
368 /* Generate grouplist */
369 if ($filter != ""){
370 $filter= "(&(cn=$regex)(objectClass=posixGroup)(|$filter))";
371 if ($groupfilter['guser'] != ""){
372 $filter= "(&(|(memberUID=" . $groupfilter['guser'] . ")(cn=" . $groupfilter['guser'] . "))$filter)";
373 }
374 }
375 if ($groupfilter['subsearch'] == "checked"){
376 $res= get_list($this->ui->subtreeACL, "$filter", TRUE, $base, array("cn", "description", "gidNumber"), TRUE);
377 } else {
378 $base= get_groups_ou().$base;
379 $res= get_list($this->ui->subtreeACL, "$filter", FALSE, $base, array("cn", "description", "gidNumber"), TRUE);
380 }
381 if (preg_match("/size limit/i", $error) || preg_match("/size limit/i", $error2)){
382 $_SESSION['limit_exceeded']= TRUE;
383 }
385 foreach ($res as $value){
386 if (isset($value["description"][0])){
387 $this->grouplist[$value["dn"]]= $value["cn"][0]." [".
388 $value["description"][0]."]";
389 } else {
390 $this->grouplist[$value["dn"]]= $value["cn"][0];
391 }
392 }
394 natcasesort ($this->grouplist);
395 reset ($this->grouplist);
396 }
398 function remove_from_parent()
399 {
400 /* Optionally execute a command after we're done */
401 $this->postremove();
402 }
405 /* Save data to object */
406 function save_object()
407 {
408 }
411 /* Check values */
412 function check()
413 {
414 }
417 /* Save to LDAP */
418 function save()
419 {
420 /* Optionally execute a command after we're done */
421 $this->postcreate();
422 }
424 function adapt_from_template($dn)
425 {
426 }
428 function password_change_needed()
429 {
430 }
432 function show_header($button_text, $text, $disabled= FALSE)
433 {
434 }
436 function remove_lock()
437 {
438 if (isset($this->grouptab->dn)){
439 del_lock ($this->grouptab->dn);
440 }
441 }
443 }
445 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
446 ?>