![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class userManagement extends plugin
24 {
25 /* Plugin definitions */
26 var $plHeadline = "Users";
27 var $plDescription = "Manage users";
28 var $plIcon = "plugins/users/images/user.png";
30 /* Dialog attributes */
31 var $usertab = NULL;
32 var $ui = NULL;
33 var $templates = array();
34 var $got_uid = false;
35 var $CopyPasteHandler = NULL;
36 var $CPPasswordChange = ""; // Contains the entry id which should get a new password
37 var $DivListUsers;
39 var $pwd_change_queue = array();
41 var $start_pasting_copied_objects = FALSE;
42 var $msg_dialog= NULL;
43 var $acl_module = array("users");
44 var $dns = array();
46 function userManagement(&$config, $ui)
47 {
48 /* Save configuration for internal use */
49 $this->config= &$config;
50 $this->ui= &$ui;
52 /* Copy & Paste handler */
53 if ($this->config->boolValueIsTrue("main", "copyPaste")){
54 $this->CopyPasteHandler= new CopyPasteHandler($this->config);
55 }
57 /* Creat dialog object */
58 $this->DivListUsers = new divListUsers($this->config,$this);
60 }
63 function execute()
64 {
65 /* Call parent execute */
66 plugin::execute();
68 /* LOCK MESSAGE Vars */
69 session::set('LOCK_VARS_TO_USE',array("/^act$/","/^id$/","/^user_edit_/","/^user_del_/","/^item_selected/","/^remove_multiple_users/","/^multiple_edit/","/menu_action/"));
71 $smarty = get_smarty(); // Smarty instance
72 $s_action = ""; // Contains the action to be taken
73 $s_entry = ""; // The value for s_action
75 /* Edit entry button pressed? */
76 if( isset($_GET['act']) && $_GET['act'] == "edit_entry" ){
77 $s_action= "edit";
78 $s_entry= validate($_GET['id']);
79 }
81 /* Test relevant POST values */
82 foreach($_POST as $key => $val){
84 /* Get every possible POST combination and set s_action/s_entry accordingly */
85 foreach(array("del" => "user_del",
86 "edit" => "user_edit",
87 "new" => "user_new",
88 "new_tpl" => "user_tplnew",
89 "del_multiple" => "^remove_multiple_users",
90 "create_user_from_tpl" => "userfrom_tpl",
91 "change_pw" => "user_chgpw",
92 "editPaste" => "editPaste",
93 "copy_multiple" => "multiple_copy_users",
94 "multiple_edit" => "multiple_edit",
95 "cut_multiple" => "multiple_cut_users",
96 "multiple_password_change" => "multiple_password_change",
97 "copy" => "^copy",
98 "toggle_lock_status" => "toggle_lock_status",
99 "cut" => "^cut") as $act => $name){
101 if (preg_match("/".$name.".*/", $key)){
102 $s_action= $act;
103 $s_entry= preg_replace("/".$name."_/i", "", $key);
104 break;
105 }
106 }
108 } /* ...Test POST */
110 /* Remove coordinate prefix from POST, required by some browsers */
111 $s_entry= preg_replace("/_.$/", "", $s_entry);
113 /* Seperate possibly encoded tab and entry, default to tab "user" */
114 if(preg_match("/.*-.*/", $s_entry)){
115 $s_tab= preg_replace("/^[^-]*-/i", "" ,$s_entry);
116 $s_entry= preg_replace("/-[^-]*$/i", "", $s_entry);
117 }else{
118 $s_tab= "user";
119 }
121 if(!$this->config->search($s_tab, 'class',array('tabs'))){
122 $s_tab = "user";
123 }
125 if (isset($_POST['menu_action'])){
127 /* handle C&P from layers menu */
128 if(preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){
129 $s_action = "copy_multiple";
130 }
131 if(preg_match("/^multiple_cut_systems/",$_POST['menu_action'])){
132 $s_action = "cut_multiple";
133 }
134 if(preg_match("/^editPaste/",$_POST['menu_action'])){
135 $s_action = "editPaste";
136 }
138 /* Create options */
139 if($_POST['menu_action'] == "user_new"){
140 $s_action = "new";
141 }
142 if($_POST['menu_action'] == "user_tplnew"){
143 $s_action = "new_tpl";
144 }
145 if($_POST['menu_action'] == "multiple_edit"){
146 $s_action = "multiple_edit";
147 }
149 /* handle remove from layers menu */
150 if(preg_match("/^multiple_password_change/",$_POST['menu_action'])){
151 $s_action = "multiple_password_change";
152 }
154 /* handle remove from layers menu */
155 if(preg_match("/^remove_multiple/",$_POST['menu_action'])){
156 $s_action = "del_multiple";
157 }
158 if(preg_match("/^templatize_multiple/",$_POST['menu_action'])){
159 $s_action = "templatize_multiple";
160 }
162 if(preg_match("/^event/",$_POST['menu_action'])){
163 $s_action = $_POST['menu_action'];
164 }
165 }
167 /* Use template */
168 if(isset($_POST['templatize_continue'])){
169 $s_action = "templatize_continue";
170 }
173 /********************
174 Create notification event
175 ********************/
177 if(preg_match("/^event_/",$s_action) && class_available("DaemonEvent")){
178 $ids = $this->list_get_selected_items();
179 $uids = array();
180 foreach($ids as $id){
181 $uids[] = $this->list[$id]['uid'][0];
182 }
183 if(count($uids)){
184 $events = DaemonEvent::get_event_types(USER_EVENT);
185 $event = preg_replace("/^event_/","",$s_action);
186 if(isset($events['BY_CLASS'][$event])){
187 $type = $events['BY_CLASS'][$event];
188 $this->usertab = new $type['CLASS_NAME']($this->config);
189 $this->usertab->add_users($uids);
190 $this->usertab->set_type(TRIGGERED_EVENT);
191 }
192 }
193 }
195 /* Abort event dialog */
196 if(isset($_POST['abort_event_dialog'])){
197 $this->usertab = FALSE;
198 }
200 /* Save event */
201 if(isset($_POST['save_event_dialog'])){
202 $this->usertab->save_object();
203 $msgs = $this->usertab->check();
204 if(count($msgs)){
205 msg_dialog::displayChecks($msgs);
206 }else{
208 $o_queue = new gosaSupportDaemon();
209 $o_queue->append($this->usertab);
210 if($o_queue->is_error()){
211 msg_dialog::display(_("Infrastructure error"), msgPool::siError($o_queue->get_error()),ERROR_DIALOG);
212 }else{
213 $this->usertab = FALSE;
214 }
215 }
216 }
218 /* Display event */
219 if($this->usertab instanceof DaemonEvent){
220 $this->usertab->save_object();
221 return($this->usertab->execute());
222 }
225 /********************
226 Copy & Paste
227 ********************/
229 /* Display the copy & paste dialog, if it is currently open */
230 if($this->CPPasswordChange == ""){
231 $ret = $this->copyPasteHandling_from_queue($s_action,$s_entry);
232 if($ret){
233 return($ret);
234 }
235 }
238 /********************
239 Change password confirmed
240 ********************/
242 /* Perform password change */
243 if (isset($_POST['password_finish'])){
245 /* For security reasons, check if user is allowed to set password again */
246 $dn = $this->dn;
247 $acl = $this->ui->get_permissions($dn, "users/password");
248 $cacl= $this->ui->get_permissions($dn, "users/user");
250 /* Are we allowed to create a new user or to set the password attribute? */
251 if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){
253 /* Check input and feed errors into 'message' */
254 $message= array();
256 /* Sanity checks... */
257 if ($_POST['new_password'] != $_POST['repeated_password']){
259 /* Matching passwords in new and repeated? */
260 $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
261 } else {
263 /* Empty password is not permitted by default. */
264 if ($_POST['new_password'] == ""){
265 msgPool::required(_("New password"));
266 }
267 }
269 /* Errors, or password change? */
270 if (count($message) != 0){
272 /* Show error message and continue editing */
273 msg_dialog::displayChecks($message);
274 return($smarty->fetch(get_template_path('password.tpl', TRUE)));
275 }
277 $config= $this->config;
278 $ldap_ui= $this->config->get_ldap_link();
279 if(isset($this->usertab->dn)){
280 $ldap_ui->cat($this->usertab->dn,array("uid"));
281 $user = $ldap_ui->fetch();
282 }else{
283 $ldap_ui->cat($this->dn,array("uid"));
284 $user = $ldap_ui->fetch();
285 }
286 if((is_array($user))&&(isset($user['uid']))){
287 $username= $user['uid'][0];
288 }
290 /* Set password, perform required steps */
291 if ($this->usertab){
292 if ($this->usertab->password_change_needed()){
293 $obj= $this->usertab->by_object['user'];
294 if(!change_password ($this->usertab->dn, $_POST['new_password'],0, $obj->pw_storage)){
295 return($smarty->fetch(get_template_path('password.tpl', TRUE)));
296 }
297 if ($config->get_cfg_value("passwordHook") != ""){
298 exec($config->get_cfg_value("passwordHook")." ".$username." ".$_POST['new_password'], $resarr);
299 }
300 new log("modify","users/".get_class($this),$this->usertab->dn,array(),"Password has been changed");
301 unset($this->usertab);
302 $this->usertab= NULL;
303 }
304 } else {
305 if(!change_password ($this->dn, $_POST['new_password'])){
306 return($smarty->fetch(get_template_path('password.tpl', TRUE)));
307 }
308 if ($config->get_cfg_value("passwordHook") != ""){
309 exec($config->get_cfg_value("passwordHook")." ".$username." ".$_POST['new_password'], $resarr);
310 }
311 new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed");
312 }
313 } else {
315 /* Missing permissions, show message */
316 msg_dialog::display(_("Password change"),_("You have no permission to change this users password!"),WARNING_DIALOG);
317 }
318 /* Clean session, delete lock */
319 $this->remove_lock();
320 unset ($this->usertab);
321 $this->usertab= NULL;
322 $this->lognames= array();;
323 $this->sn= "";
324 $this->givenName= "";
325 $this->uid= "";
326 set_object_info();
327 }
330 /********************
331 Change multiple passwords requested
332 ********************/
334 if($s_action == "multiple_password_change"){
335 $this->pwd_change_queue = $this->list_get_selected_items();
336 $disallowed = array();
337 foreach($this->pwd_change_queue as $key => $id){
338 if(!preg_match("/w/",$this->ui->get_permissions($this->list[trim($id)]['dn'],"users/password"))){
339 unset($this->pwd_change_queue[$key]);
340 $disallowed[] = $this->list[trim($id)]['dn'];
341 }
342 }
343 if(count($disallowed)){
344 msg_dialog::display(_("Permission"),msgPool::permModify($disallowed),INFO_DIALOG);
345 }
346 }
349 /********************
350 Change password requested
351 ********************/
353 /* Password change requested */
354 if (($s_action == "change_pw") || (!empty($this->CPPasswordChange)) || count($this->pwd_change_queue)){
356 /* Get users whose passwords should be changed. */
357 if(count($this->pwd_change_queue)){
358 $s_entry= array_pop($this->pwd_change_queue);
359 }
361 if(!empty($this->CPPasswordChange)){
362 $s_entry = $this->CPPasswordChange;
363 $this->CPPasswordChange = "";
364 }
366 /* Get 'dn' from posted 'uid' */
367 $this->dn= $this->list[trim($s_entry)]['dn'];
369 /* Load permissions for selected 'dn' and check if
370 we're allowed to remove this 'dn' */
371 if (preg_match("/w/",$this->ui->get_permissions($this->dn,"users/password"))){
373 /* User is allowed to change passwords, save 'dn' and 'acl' for next
374 dialog. */
375 set_object_info($this->dn);
376 return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
377 } else {
378 /* User is not allowed. Show message and cancel. */
379 msg_dialog::display(_("Password change"),_("You have no permission to change this users password!"),WARNING_DIALOG);
380 }
381 }
385 /********************
386 Edit existing entry
387 ********************/
390 /* User wants to edit data? */
391 if (($s_action=="edit") && (!isset($this->usertab->config))){
393 /* Get 'dn' from posted 'uid', must be unique */
394 $this->dn= $this->list[trim($s_entry)]['dn'];
396 /* Check locking, save current plugin in 'back_plugin', so
397 the dialog knows where to return. */
399 if (($user= get_lock($this->dn)) != ""){
400 return(gen_locked_message ($user, $this->dn,TRUE));
401 }
403 /* Lock the current entry, so everyone will get the
404 above dialog */
405 add_lock ($this->dn, $this->ui->dn);
407 /* Register usertab to trigger edit dialog */
408 $this->usertab= new usertabs($this->config,
409 $this->config->data['TABS']['USERTABS'], $this->dn);
411 /* Switch tab, if it was requested by the user */
412 $this->usertab->current = $s_tab;
414 /* Set ACL and move DN to the headline */
415 $this->usertab->set_acl_base($this->dn);
416 set_object_info($this->dn);
417 }
420 /********************
421 Edit multiple entries
422 ********************/
424 /* User wants to edit data? */
425 if ($s_action == "multiple_edit" && !isset($this->usertab->config)){
427 $this->dn = array();
428 foreach($this->list_get_selected_items() as $id){
429 $this->dn[] = $this->list[$id]['dn'];;
430 }
431 $tmp = new multi_plug($this->config,"usertabs",$this->config->data['TABS']['USERTABS'],
432 $this->dn,$this->DivListUsers->selectedBase,"user");
433 if ($tmp->entries_locked()){
434 return($tmp->display_lock_message());
435 }
436 $tmp->lock_entries($this->ui->dn);
437 if($tmp->multiple_available()){
438 $this->usertab = $tmp;
439 $this->usertab->set_active_tab($s_tab);
440 set_object_info($this->usertab->get_object_info());
441 }
442 }
445 /********************
446 Edit canceled
447 ********************/
449 /* Reset all relevant data, if we get a _cancel request */
450 if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])){
451 if (isset($this->usertab)){
452 $this->remove_lock();
453 }
454 $this->usertab= NULL;
455 $this->lognames= array();;
456 $this->sn= "";
457 $this->givenName= "";
458 $this->uid= "";
459 set_object_info();
460 }
463 /********************
464 We want to create a new user, so fetch all available user templates
465 ********************/
467 /* Generate template list */
468 if ($s_action == "new" || $s_action == "create_user_from_tpl" || $s_action == "templatize_multiple"){
470 $this->templates= array();
471 $ldap= $this->config->get_ldap_link();
473 /* Create list of templates */
474 foreach ($this->config->departments as $key => $value){
476 /* Get acls from different ou's */
477 $acl = $this->ui->get_permissions($value,"users/user") ;
479 /* If creation of a new user is allowed, append this template */
480 if (preg_match("/c/",$acl)){
482 /* Search all templates from the current dn */
483 $ldap->cd (get_people_ou().$value);
484 $ldap->search ("(objectClass=gosaUserTemplate)", array("uid"));
486 /* Append */
487 if ($ldap->count() != 0){
488 while ($attrs= $ldap->fetch()){
489 $this->templates[$ldap->getDN()]=
490 $attrs['uid'][0]." - ".LDAP::fix($key);
491 }
492 if ($s_action != "templatize_multiple"){
493 $this->templates['none']= _("none");
494 }
495 }
496 }
497 }
499 /* Sort templates */
500 natcasesort ($this->templates);
501 reset ($this->templates);
502 }
505 /********************
506 Apply template to multiple entries requested, display confirm dialog
507 ********************/
509 if ($s_action=="templatize_multiple"){
510 $ids = $this->list_get_selected_items();
511 $this->dns = array();
512 if(count($ids)){
514 foreach($ids as $id){
515 $dn = $this->list[$id]['dn'];
516 if (($user= get_lock($dn)) != ""){
517 return(gen_locked_message ($user, $dn));
518 }
519 $this->dns[$id] = $dn;
520 }
521 }
523 $smarty->assign("templates", $this->templates);
525 return($smarty->fetch(get_template_path('templatize.tpl', TRUE)));
526 }
528 /* Perform templatizing after the button has been pressed */
529 if ($s_action == "templatize_continue"){
531 $acl = $this->ui->get_permissions($_POST['template'], "users/user");
533 /* Template readable? */
534 if (preg_match('/r/', $acl)){
535 $template_dn= $_POST['template'];
537 foreach ($this->dns as $dn){
538 $acl = $this->ui->get_permissions($_POST['template'], "users/user");
539 if (preg_match('/w/', $acl)){
540 $usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $dn);
541 $usertab->adapt_from_template($template_dn, array("sn", "givenName", "uid"));
542 $usertab->save();
543 unset ($usertab);
544 $usertab= NULL;
545 } else {
546 msg_dialog::display(_("Permission error"), sprintf(_("You have no permission to modify object '%s'!"), $dn), ERROR_DIALOG);
547 }
548 }
549 } else {
550 msg_dialog::display(_("Permission error"), _("You have no permission to use this template!"), ERROR_DIALOG);
551 }
553 }
556 /********************
557 Delete MULTIPLE entries requested, display confirm dialog
558 ********************/
560 if ($s_action=="del_multiple" || $s_action == "del"){
562 if($s_action == "del"){
564 /* Get 'dn' from posted 'uid' */
565 $ids = array($s_entry);
566 }else{
567 $ids = $this->list_get_selected_items();
568 }
570 $this->dns = array();
571 if(count($ids)){
572 $disallowed = array();
573 foreach($ids as $id){
574 $dn = $this->list[$id]['dn'];
575 $acl = $this->ui->get_permissions($dn, "users/user");
576 if(preg_match("/d/",$acl)){
577 $this->dns[$id] = $dn;
578 }else{
579 $disallowed[] = $dn;
580 }
581 }
583 if(count($disallowed)){
584 msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
585 }
587 if(count($this->dns)){
589 /* Check locks */
590 if ($user= get_multiple_locks($this->dns)){
591 return(gen_locked_message($user,$this->dns));
592 }
594 $dns_names = array();
595 foreach($this->dns as $dn){
596 $dns_names[] = LDAP::fix($dn);
597 }
599 add_lock($this->dns, $this->ui->dn);
601 /* Lock the current entry, so nobody will edit it during deletion */
602 $info = sprintf(msgPool::deleteInfo($dns_names,_("user")));
604 /* Lock the current entry, so nobody will edit it during deletion */
605 $smarty->assign("info", msgPool::deleteInfo($dns_names));
606 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
607 }
608 }
609 }
612 /********************
613 Delete MULTIPLE entries confirmed
614 ********************/
616 if(isset($_POST['delete_user_confirm'])){
618 /* Remove user by user and check acls before removeing them */
619 foreach($this->dns as $key => $dn){
621 $acl = $this->ui->get_permissions($dn, "users/user");
622 if (preg_match('/d/', $acl)){
624 /* Delete request is permitted, perform LDAP action */
625 $this->usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'],$dn);
626 $this->usertab->set_acl_base();
627 $this->usertab->delete ();
628 unset ($this->usertab);
629 $this->usertab= NULL;
630 } else {
631 msg_dialog::display(_("Warning"),msgPool::permDelete($dn),WARNING_DIALOG);
632 if(isset($this->ui->uid)){
633 new log("security","users/".get_class($this),$dn,array(),"Tried to trick deletion.");
634 }
635 }
636 }
637 /* Remove lock file after successfull deletion */
638 $this->remove_lock();
639 $this->dns = array();
640 }
643 /********************
644 Toggle lock status for user
645 ********************/
647 if($s_action == "toggle_lock_status" && isset($this->list[$s_entry])){
649 /* Get entry check current status */
650 $val = $this->list[$s_entry];
651 if (!preg_match("/w/",$this->ui->get_permissions($val['dn'],"users/password"))){
652 msg_dialog::display(_("Account locking"),
653 _("You have no permission to change the lock status for this user!"),WARNING_DIALOG);
654 }else{
655 $pwd = $val['userPassword'][0];
656 $method = passwordMethod::get_method($pwd,$val['dn']);
657 $success= false;
658 if($method instanceOf passwordMethod){
659 if($method->is_locked($this->config,$val['dn'])){
660 $success= $method->unlock_account($this->config,$val['dn']);
661 }else{
662 $success= $method->lock_account($this->config,$val['dn']);
663 }
665 /* Check for success */
666 if (!$success){
667 $hn= $method->get_hash_name();
668 if (is_array($hn)){
669 $hn= $hn[0];
670 }
671 msg_dialog::display(_("Account locking"),
672 sprintf(_("Password method '%s' does not support locking. Account has not been locked!"), $hn),WARNING_DIALOG);
673 }
674 }else{
675 // Can't lock unknown methods.
676 }
678 }
679 }
681 /********************
682 Delete entry Canceled
683 ********************/
685 /* Delete user canceled? */
686 if (isset($_POST['delete_cancel'])){
688 /* Remove lock file after successfull deletion */
689 $this->remove_lock();
690 $this->dns = array();
691 }
694 /********************
695 Edit entry finished (Save)
696 ********************/
698 /* Finish user edit is triggered by the tabulator dialog, so
699 the user wants to save edited data. Check and save at this
700 point. */
701 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->usertab->config))){
703 /* Check tabs, will feed message array */
704 $this->usertab->last= $this->usertab->current;
705 $this->usertab->save_object();
706 $message= $this->usertab->check();
708 /* Save, or display error message? */
709 if (count($message) == 0){
711 /* No errors. Go ahead and prepare to ask for a password
712 in case we're creating a new user. 'dn' will be 'new'
713 in this case. It is set to the correct value later. */
714 if ($this->dn == "new"){
715 $set_pass= 1;
716 } else {
717 $set_pass= 0;
718 }
720 /* Save user data to ldap */
721 if($this->usertab->save() == 1){
722 return;
723 }
725 if (!isset($_POST['edit_apply'])){
726 /* User has been saved successfully, remove lock from LDAP. */
727 if ($this->dn != "new"){
728 $this->remove_lock();
729 }
731 /* In case of new users, ask for a password, skip this for templates */
732 if (($set_pass || $this->usertab->password_change_needed()) && !$this->is_template){
733 $this->dn = $this->usertab->dn;
734 return($smarty->fetch(get_template_path('password.tpl', TRUE)));
735 }
737 unset ($this->usertab);
738 $this->usertab= NULL;
739 set_object_info();
740 }else{
742 /* Reinitialize tab */
743 if($this->usertab instanceof tabs){
744 $this->usertab->re_init();
745 }
746 }
747 } else {
748 /* Ok. There seem to be errors regarding to the tab data,
749 show message and continue as usual. */
750 msg_dialog::displayChecks($message);
751 }
752 }
756 /********************
757 Create a new user,template, user from template
758 ********************/
760 /* Check selected options for template */
761 if (isset($_POST['template_continue'])){
762 $message = array();
763 if(!isset($_POST['template']) || (empty($_POST['template']))){
764 $message[]= msgPool::invalid(_("Template"));
765 }
766 if(!isset($_POST['sn']) || (empty($_POST['sn']))){
767 $message[]= msgPool::required(_("Name"));
768 }
769 if(!isset($_POST['givenName']) || (empty($_POST['givenName']))){
770 $message[]= msgPool::required(_("Given name"));
771 }
773 /* Show error message / continue editing */
774 if (count($message) > 0){
775 msg_dialog::displayChecks($message);
777 foreach(array("sn", "givenName", "uid", "template") as $attr){
778 if(isset($_POST[$attr])){
779 $smarty->assign("$attr", $_POST[$attr]);
780 }else{
781 $smarty->assign("$attr", "");
782 }
783 }
784 $smarty->assign("templates",$this->templates);
785 $smarty->assign("got_uid",$this->got_uid);
786 $smarty->assign("edit_uid",false);
787 return($smarty->fetch(get_template_path('template.tpl', TRUE)));
789 }
790 }
792 /* New user/template request */
793 if (($s_action=="create_user_from_tpl")||($s_action=="new") || ($s_action=="new_tpl")){
794 /* By default we set 'dn' to 'new', all relevant plugins will
795 react on this. */
796 $this->dn= "new";
798 $this->got_uid= ($this->config->get_cfg_value("idGenerator") == "");
800 /* Create new usertab object */
801 $this->usertab= new usertabs($this->config,$this->config->data['TABS']['USERTABS'], $this->dn);
802 $this->usertab->by_object['user']->base= $this->DivListUsers->selectedBase;
803 $this->usertab->set_acl_base($this->DivListUsers->selectedBase);
805 /* Take care about templates */
806 if ($s_action=="new_tpl"){
807 $this->is_template= TRUE;
808 $this->usertab->set_template_mode ();
809 } else {
810 $this->is_template= FALSE;
811 }
813 /* Use template if there are any of them */
814 if ((count($this->templates) && ($s_action!='new_tpl'))||($s_action=="create_user_from_tpl")){
815 foreach(array("sn", "givenName", "uid", "got_uid", "templates") as $attr){
816 $smarty->assign("$attr", $this->$attr);
817 }
818 if ($s_action=="create_user_from_tpl"){
819 $smarty->assign("template", $this->dn= $this->list[trim($s_entry)]['dn']);
820 } else {
821 $smarty->assign("template", "none");
822 }
823 $smarty->assign("edit_uid", "");
824 return($smarty->fetch(get_template_path('template.tpl', TRUE)));
825 }
826 }
828 /********************
829 Template selected continue edit
830 ********************/
832 /* Continue template editing */
833 if ((isset($_POST['template_continue'])) && ($_POST['template'] != 'none') && (!isset($_POST['uid']))){
835 $this->sn = $_POST['sn'];
836 $this->givenName = $_POST['givenName'];
838 /* Check for requred values */
839 $message= array();
840 if ($this->sn == "") {
841 $message[]= msgPool::required(_("Name"));
842 }
843 if ($this->givenName == "") {
844 $message[]= msgPool::required(_("Given name"));
845 }
847 /* Check if dn is used */
848 $dn= preg_replace("/^[^,]+,/i", "", $_POST['template']);
849 $ldap= $this->config->get_ldap_link();
850 $ldap->cd ($dn);
851 $ldap->search ("(&(sn=".normalizeLdap($this->sn).")(givenName=".normalizeLdap($this->givenName)."))", array("givenName"));
852 if ($ldap->count () != 0){
853 msgPool::duplicated(_("Name"));
854 }
856 /* Show error message / continue editing */
857 if (count($message) > 0){
858 msg_dialog::displayChecks($message);
859 } else {
860 $attributes= array('sn' => $this->sn, 'givenName' => $this->givenName);
861 if ($this->config->get_cfg_value("idGenerator") != ""){
862 $uids= gen_uids ($this->config->get_cfg_value("idGenerator"), $attributes);
863 if (count($uids)){
864 $smarty->assign("edit_uid", "false");
865 $smarty->assign("uids", $uids);
866 $this->uid= current($uids);
867 }
868 } else {
869 $smarty->assign("edit_uid", "");
870 $this->uid= "";
871 }
872 $this->got_uid= true;
873 }
875 foreach(array("sn", "givenName", "uid", "got_uid", "templates") as $attr){
876 $smarty->assign("$attr", $this->$attr);
877 }
878 if (isset($_POST['template'])){
879 $smarty->assign("template", $_POST['template']);
880 }
881 return($smarty->fetch(get_template_path('template.tpl', TRUE)));
882 }
884 /********************
885 No template selected continue edit
886 ********************/
888 /* No template. Ok. Lets fill data into the normal user dialog */
889 if (isset($_POST['template_continue']) && $_POST['template'] == 'none'){
890 foreach(array("sn", "givenName", "uid") as $attr){
891 if (isset($_POST[$attr])){
892 $this->usertab->by_object['user']->$attr= $_POST[$attr];
893 }
894 }
895 }
898 /********************
899 Template selected continue edit
900 ********************/
902 /* Finish template preamble */
903 if (isset($_POST['template_continue']) && $_POST['template'] != 'none' && (isset($_POST['uid']))){
905 /* Move user supplied data to sub plugins */
906 foreach(array("uid","sn","givenName") as $attr){
907 $this->$attr = $_POST[$attr];
908 $this->usertab->$attr = $this->$attr;
909 $this->usertab->by_object['user']->$attr = $this->$attr;
910 }
912 $template_dn = $_POST['template'];
913 $this->usertab->adapt_from_template($template_dn, array("uid","cn","givenName","sn"));
914 $template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/')."/", '', $template_dn);
915 $this->usertab->by_object['user']->base= $template_base;
916 }
919 /********************
920 If no template was selected set base
921 ********************/
923 if (isset($_POST['template_continue']) && ($_POST['template'] == 'none')){
924 $this->usertab->by_object['user']->base= $this->DivListUsers->selectedBase;
925 }
928 /********************
929 Display subdialog
930 ********************/
932 /* Show tab dialog if object is present */
933 if(isset($this->usertab->config)){
935 $display= $this->usertab->execute();
937 /* Don't show buttons if tab dialog requests this */
939 $dia = FALSE;
940 if(isset($this->usertab->by_object[$this->usertab->current]->dialog)){
941 $dia = $this->usertab->by_object[$this->usertab->current]->dialog;
942 }
944 if(!is_object($dia) && $dia != TRUE){
945 if(($this->usertab instanceOf tabs || $this->usertab instanceOf plugin) && $this->usertab->read_only == TRUE){
946 $display.= "<p style=\"text-align:right\">
947 <input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">
948 </p>";
949 }else{
950 $display.= "<p style=\"text-align:right\">\n";
951 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
952 $display.= " \n";
953 if ($this->dn != "new"){
954 $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
955 $display.= " \n";
956 }
957 $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
958 $display.= "</p>";
959 }
960 }
961 return ($display);
962 }
964 /* Check if there is a snapshot dialog open */
965 $base = $this->DivListUsers->selectedBase;
966 if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases(),$this)){
967 return($str);
968 }
970 /* Return rendered main page */
971 /* Display dialog with system list */
972 $this->DivListUsers->parent = $this;
973 $this->DivListUsers->execute();
975 /* Add departments if subsearch is disabled */
976 if(!$this->DivListUsers->SubSearch){
977 $this->DivListUsers->AddDepartments($this->DivListUsers->selectedBase,4,1);
978 }
979 $this->reload();
980 $this->DivListUsers->setEntries($this->list);
981 return($this->DivListUsers->Draw());
982 }
985 /* Return departments, that will be included within snapshot detection */
986 function get_used_snapshot_bases()
987 {
988 return(array(get_people_ou().$this->DivListUsers->selectedBase));
989 }
992 function reload()
993 {
994 /* Set base for all searches */
995 $base= $this->DivListUsers->selectedBase;
996 $this->list =array();
998 /* Get filter configuration */
999 $Regex = $this->DivListUsers->Regex;
1000 $SubSearch = $this->DivListUsers->SubSearch;
1001 $ShowTemplates = $this->DivListUsers->ShowTemplates;
1002 $ShowFunctionalUsers = $this->DivListUsers->ShowFunctionalUsers;
1003 $ShowUnixUsers = $this->DivListUsers->ShowUnixUsers;
1004 $ShowMailUsers = $this->DivListUsers->ShowMailUsers;
1005 $ShowSambaUsers = $this->DivListUsers->ShowSambaUsers;
1006 $ShowProxyUsers = $this->DivListUsers->ShowProxyUsers;
1008 /* Setup filter depending on selection */
1009 $filter="";
1010 if ($this->config->get_cfg_value("sambaversion") == 3){
1011 $samba= "sambaSamAccount";
1012 } else {
1013 $samba= "sambaAccount";
1014 }
1016 if ($ShowFunctionalUsers){
1017 $filter.= "(&(objectClass=gosaAccount)(!(|(objectClass=posixAccount)".
1018 "(objectClass=gosaMailAccount)(objectClass=$samba)".
1019 "(objectClass=gosaProxyAccount))))";
1020 }
1021 if ($ShowUnixUsers){
1022 $filter.= "(objectClass=posixAccount)";
1023 }
1024 if ($ShowMailUsers){
1025 $filter.= "(objectClass=gosaMailAccount)";
1026 }
1027 if ($ShowSambaUsers){
1028 $filter.= "(objectClass=$samba)";
1029 }
1030 if ($ShowProxyUsers){
1031 $filter.= "(objectClass=gosaProxyAccount)";
1032 }
1033 if ($ShowTemplates){
1034 $filter= "(|(objectClass=gosaUserTemplate)(&(objectClass=gosaAccount)(|$filter)))";
1035 } else {
1036 $filter= "(&(objectClass=gosaAccount)(objectClass=person)".
1037 "(objectClass=inetOrgPerson)(objectClass=organizationalPerson)".
1038 "(!(objectClass=gosaUserTemplate))(|$filter))";
1039 }
1040 $filter= "(&(|(uid=".normalizeLdap($Regex).")(sn=".normalizeLdap($Regex).")(givenName=".normalizeLdap($Regex)."))$filter)";
1042 /* Generate userlist */
1043 $ldap= $this->config->get_ldap_link(TRUE);
1045 if ($SubSearch){
1046 $ListTemp = get_sub_list($filter, "users", get_people_ou(),$base,
1047 array("uid", "givenName", "sn", "objectClass","userPassword"), GL_SUBSEARCH | GL_SIZELIMIT);
1048 } else {
1049 $base= get_people_ou().$base;
1050 $ListTemp = get_sub_list($filter, "users", get_people_ou(),$base,
1051 array("uid", "givenName", "sn", "objectClass","userPassword"), GL_SIZELIMIT);
1052 }
1053 $SortTemp = array();
1054 $List = array();
1056 foreach($ListTemp as $Key => $Entry){
1058 /* Due to the fact that "inetOrgPerson" is derived from "organizationalPerson" and that openldap
1059 doesn't differentiate both classes in search filters, we have to skip entries that do not provide
1060 both classes. (Both classes are required for a valid GOsa user Account.)
1061 */
1062 if(!in_array("inetOrgPerson",$Entry['objectClass'])|| !in_array("organizationalPerson",$Entry['objectClass'])){
1063 continue;
1064 }
1066 /* Skip entries that are not located under the people ou (normaly 'ou=people,')
1067 * Else winstations will be listed too, if you use the subtree flag.
1068 */
1069 if(!preg_match("/".preg_quote(get_people_ou(), '/')."/i",$Entry['dn'])){
1070 continue;
1071 }else{
1073 // Generate caption for rows
1074 if (isset($Entry["sn"]) && isset($Entry["givenName"])){
1075 $display= $Entry["sn"][0].", ".$Entry["givenName"][0]." [".$Entry["uid"][0]."]";
1076 } else {
1077 $display= "[".$Entry["uid"][0]."]";
1078 }
1080 $display = strtolower($display);
1081 $List[$display] = $Entry;
1082 $SortTemp[$display] = $display;
1083 }
1084 }
1085 natcasesort($SortTemp);
1086 reset($SortTemp);
1088 $this->list = array();
1089 foreach($SortTemp as $Key){
1090 $this->list[] = $List[$Key];
1091 }
1092 }
1095 function remove_lock()
1096 {
1097 /* Remove user lock if a DN is marked as "currently edited" */
1098 if (isset($this->usertab->dn)){
1099 del_lock ($this->usertab->dn);
1100 }elseif(isset($this->dn) && !empty($this->dn) && $this->dn != "new"){
1101 del_lock($this->dn);
1102 }
1103 if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
1104 del_lock($this->dns);
1105 }
1106 }
1109 function copyPasteHandling_from_queue($s_action,$s_entry)
1110 {
1111 /* Check if Copy & Paste is disabled */
1112 if(!is_object($this->CopyPasteHandler)){
1113 return("");
1114 }
1116 $ui = get_userinfo();
1118 /* Add a single entry to queue */
1119 if($s_action == "cut" || $s_action == "copy"){
1121 /* Cleanup object queue */
1122 $this->CopyPasteHandler->cleanup_queue();
1123 $dn = $this->list[$s_entry]['dn'];
1124 if($s_action == "copy" && $ui->is_copyable($dn,"users","user")){
1125 $this->CopyPasteHandler->add_to_queue($dn,$s_action,"usertabs","USERTABS","users");
1126 }
1127 if($s_action == "cut" && $ui->is_cutable($dn,"users","user")){
1128 $this->CopyPasteHandler->add_to_queue($dn,$s_action,"usertabs","USERTABS","users");
1129 }
1130 }
1132 /* Add entries to queue */
1133 if($s_action == "copy_multiple" || $s_action == "cut_multiple"){
1135 /* Cleanup object queue */
1136 $this->CopyPasteHandler->cleanup_queue();
1138 /* Add new entries to CP queue */
1139 foreach($this->list_get_selected_items() as $id){
1140 $dn = $this->list[$id]['dn'];
1142 if($s_action == "copy_multiple" && $ui->is_copyable($dn,"users","user")){
1143 $this->CopyPasteHandler->add_to_queue($dn,"copy","usertabs","USERTABS","users");
1144 }
1145 if($s_action == "cut_multiple" && $ui->is_cutable($dn,"users","user")){
1146 $this->CopyPasteHandler->add_to_queue($dn,"cut","usertabs","USERTABS","users");
1147 }
1148 }
1149 }
1151 /* Start pasting entries */
1152 if($s_action == "editPaste"){
1153 $this->start_pasting_copied_objects = TRUE;
1154 }
1156 /* Return C&P dialog */
1157 if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){
1159 /* Get dialog */
1160 $this->CopyPasteHandler->SetVar("base",$this->DivListUsers->selectedBase);
1161 $data = $this->CopyPasteHandler->execute();
1163 /* Set CPPasswordChange to s_entry which indicates that this entry requires a new password. */
1164 if(isset($_POST['passwordTodo']) && ($_POST['passwordTodo'] == "new")){
1165 $s_entry = $this->CopyPasteHandler->last_entry();
1166 $this->reload();
1167 foreach($this->list as $key => $entry){
1168 if($entry['dn'] == $s_entry){
1169 $this->CPPasswordChange = $key;
1170 }
1171 }
1172 }
1174 /* Return dialog data */
1175 if(!empty($data) && $this->CPPasswordChange == ""){
1176 return($data);
1177 }
1178 }
1180 /* Automatically disable status for pasting */
1181 if(!$this->CopyPasteHandler->entries_queued()){
1182 $this->start_pasting_copied_objects = FALSE;
1183 }
1184 return("");
1185 }
1188 function save_object()
1189 {
1190 /* Handle divlist filter && department selection*/
1191 if(!is_object($this->usertab)){
1192 $this->DivListUsers->save_object();
1193 }
1194 if(is_object($this->CopyPasteHandler)){
1195 $this->CopyPasteHandler->save_object();
1196 }
1197 }
1200 function list_get_selected_items()
1201 {
1202 $ids = array();
1203 foreach($_POST as $name => $value){
1204 if(preg_match("/^item_selected_[0-9]*$/",$name)){
1205 $id = preg_replace("/^item_selected_/","",$name);
1206 $ids[$id] = $id;
1207 }
1208 }
1209 return($ids);
1210 }
1213 /* A set of disabled and therefore overloaded functions. They are
1214 not needed in this class. */
1215 function remove_from_parent() { }
1216 function check() { }
1217 function save() { }
1218 function adapt_from_template($dn, $skip= array()) { }
1219 function password_change_needed() { }
1221 } /* ... class userManagement */
1222 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1223 ?>