![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index 868626da6470b895a0c0d0f9ea67efaa2730fa6d..d0c7b8096bfd31744201bd048e780cee134e1764 100644 (file)
*/
class plugin
*/
class plugin
-{
+{
+ /*! \brief The title shown in path menu while this plugin is visible.
+ */
+ var $pathTitle = "";
+
/*!
\brief Reference to parent object
/*!
\brief Reference to parent object
var $acl_base= "";
var $acl_category= "";
var $acl_base= "";
var $acl_category= "";
+ var $read_only = FALSE; // Used when the entry is opened as "readonly" due to locks.
/* This can be set to render the tabulators in another stylesheet */
var $pl_notify= FALSE;
/* This can be set to render the tabulators in another stylesheet */
var $pl_notify= FALSE;
\param dn Distinguished name to initialize plugin from
\sa plugin()
*/
\param dn Distinguished name to initialize plugin from
\sa plugin()
*/
- function plugin (&$config, $dn= NULL, $parent= NULL)
+ function plugin (&$config, $dn= NULL, $object= NULL)
{
/* Configuration is fine, allways */
$this->config= &$config;
$this->dn= $dn;
{
/* Configuration is fine, allways */
$this->config= &$config;
$this->dn= $dn;
+ // Ensure that we've a valid acl_category set.
+ if(empty($this->acl_category)){
+ $tmp = $this->plInfo();
+ if (isset($tmp['plCategory'])) {
+ $c = key($tmp['plCategory']);
+ if(is_numeric($c)){
+ $c = $tmp['plCategory'][0];
+ }
+ $this->acl_category = $c."/";
+ }
+ }
+
/* Handle new accounts, don't read information from LDAP */
if ($dn == "new"){
return;
}
/* Handle new accounts, don't read information from LDAP */
if ($dn == "new"){
return;
}
+ /* Check if this entry was opened in read only mode */
+ if(isset($_POST['open_readonly'])){
+ if(session::global_is_set("LOCK_CACHE")){
+ $cache = &session::get("LOCK_CACHE");
+ if(isset($cache['READ_ONLY'][$this->dn])){
+ $this->read_only = TRUE;
+ }
+ }
+ }
+
/* Save current dn as acl_base */
$this->acl_base= $dn;
/* Save current dn as acl_base */
$this->acl_base= $dn;
if ($dn !== NULL){
/* Load data to 'attrs' and save 'dn' */
if ($dn !== NULL){
/* Load data to 'attrs' and save 'dn' */
- if ($parent !== NULL){
- $this->attrs= $parent->attrs;
+ if ($object !== NULL){
+ $this->attrs= $object->attrs;
} else {
$ldap= $this->config->get_ldap_link();
$ldap->cat ($dn);
} else {
$ldap= $this->config->get_ldap_link();
$ldap->cat ($dn);
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->attrs);
if ($found != ""){
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->attrs);
if ($found != ""){
- $this->$val= $this->attrs["$found"][0];
+ $this->$val= $found[0];
}
}
}
}
/* Set the template flag according to the existence of objectClass
gosaUserTemplate */
if (isset($this->attrs['objectClass'])){
/* Set the template flag according to the existence of objectClass
gosaUserTemplate */
if (isset($this->attrs['objectClass'])){
- if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
+ if (in_array_ics ("gosaUserTemplate", $this->attrs['objectClass'])){
$this->is_template= TRUE;
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
"found", "Template check");
$this->is_template= TRUE;
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
"found", "Template check");
/* Prepare saved attributes */
$this->saved_attributes= $this->attrs;
foreach ($this->saved_attributes as $index => $value){
/* Prepare saved attributes */
$this->saved_attributes= $this->attrs;
foreach ($this->saved_attributes as $index => $value){
- if (preg_match('/^[0-9]+$/', $index)){
- unset($this->saved_attributes[$index]);
- continue;
- }
- if (!in_array($index, $this->attributes) && $index != "objectClass"){
+ if (is_numeric($index)){
unset($this->saved_attributes[$index]);
continue;
}
unset($this->saved_attributes[$index]);
continue;
}
- if (isset($this->saved_attributes[$index][0]) && $this->saved_attributes[$index]["count"] == 1){
- $tmp= $this->saved_attributes[$index][0];
+
+ if (!in_array_ics($index, $this->attributes) && strcasecmp('objectClass', $index)){
unset($this->saved_attributes[$index]);
unset($this->saved_attributes[$index]);
- $this->saved_attributes[$index]= $tmp;
continue;
}
continue;
}
+ if (isset($this->saved_attributes[$index][0])){
+ if(!isset($this->saved_attributes[$index]["count"])){
+ $this->saved_attributes[$index]["count"] = count($this->saved_attributes[$index]);
+ }
+ if($this->saved_attributes[$index]["count"] == 1){
+ $tmp= $this->saved_attributes[$index][0];
+ unset($this->saved_attributes[$index]);
+ $this->saved_attributes[$index]= $tmp;
+ continue;
+ }
+ }
unset($this->saved_attributes["$index"]["count"]);
}
unset($this->saved_attributes["$index"]["count"]);
}
+
if(isset($this->attrs['gosaUnitTag'])){
$this->saved_attributes['gosaUnitTag'] = $this->attrs['gosaUnitTag'][0];
}
if(isset($this->attrs['gosaUnitTag'])){
$this->saved_attributes['gosaUnitTag'] = $this->attrs['gosaUnitTag'][0];
}
}
}
- /*! \brief execute plugin
-
- Generates the html output for this node
+ /*! \brief Generates the html output for this node
*/
function execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
*/
function execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
- session::set('current_class_for_help',get_class($this));
+ session::global_set('current_class_for_help',get_class($this));
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
- session::set('LOCK_VARS_USED',array());
+ session::set('LOCK_VARS_USED_GET',array());
+ session::set('LOCK_VARS_USED_POST',array());
+ session::set('LOCK_VARS_USED_REQUEST',array());
+
+ pathNavigator::registerPlugin($this);
}
}
- /*! \brief execute plugin
- Removes object from parent
+ /*! \brief Removes object from parent
*/
function remove_from_parent()
{
*/
function remove_from_parent()
{
/* Remove objectClasses from entry */
$ldap->cd($this->dn);
$this->attrs= array();
/* Remove objectClasses from entry */
$ldap->cd($this->dn);
$this->attrs= array();
- $this->attrs['objectClass']= array_remove_entries($this->objectclasses,$oc);
+ $this->attrs['objectClass']= array_remove_entries_ics($this->objectclasses,$oc);
/* Unset attributes from entry */
foreach ($this->attributes as $val){
/* Unset attributes from entry */
foreach ($this->attributes as $val){
}
}
- /*! \brief Save HTML posted data to object
+ /*! \brief Save HTML posted data to object
*/
function save_object()
{
*/
function save_object()
{
}
}
- /* Save data to LDAP, depending on is_account we save or delete */
+ /*! \brief Save data to LDAP, depending on is_account we save or delete */
function save()
{
/* include global link_info */
function save()
{
/* include global link_info */
}
}
}
}
- /* Check formular input */
+ /*! \brief Check formular input */
function check()
{
$message= array();
function check()
{
$message= array();
}
}
}
}
- /* Indicate whether a password change is needed or not */
+ /* \brief Indicate whether a password change is needed or not */
function password_change_needed()
{
return FALSE;
}
function password_change_needed()
{
return FALSE;
}
- /* Show header message for tab dialogs */
+ /*! \brief Show header message for tab dialogs */
function show_enable_header($button_text, $text, $disabled= FALSE)
{
if (($disabled == TRUE) || (!$this->acl_is_createable())){
function show_enable_header($button_text, $text, $disabled= FALSE)
{
if (($disabled == TRUE) || (!$this->acl_is_createable())){
} else {
$state= "";
}
} else {
$state= "";
}
- $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
- $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
- "><p class=\"seperator\"> </p></td></tr></table>";
+ $display = "<div class='plugin-enable-header'>\n";
+ $display.= "<p>$text</p>\n";
+ $display.= "<button type='submit' name=\"modify_state\" ".$state.">$button_text</button>\n";
+ $display.= "</div>\n";
return($display);
}
return($display);
}
- /* Show header message for tab dialogs */
+ /*! \brief Show header message for tab dialogs */
function show_disable_header($button_text, $text, $disabled= FALSE)
{
if (($disabled == TRUE) || !$this->acl_is_removeable()){
function show_disable_header($button_text, $text, $disabled= FALSE)
{
if (($disabled == TRUE) || !$this->acl_is_removeable()){
} else {
$state= "";
}
} else {
$state= "";
}
- $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
- $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
- "><p class=\"seperator\"> </p></td></tr></table>";
-
+ $display = "<div class='plugin-disable-header'>\n";
+ $display.= "<p>$text</p>\n";
+ $display.= "<button type='submit' name=\"modify_state\" ".$state.">$button_text</button>\n";
+ $display.= "</div>\n";
return($display);
}
return($display);
}
- /* Show header message for tab dialogs */
- function show_header($button_text, $text, $disabled= FALSE)
- {
- echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
- if ($disabled == TRUE){
- $state= "disabled";
- } else {
- $state= "";
- }
- $display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
- $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
- ($this->acl_is_createable()?'':'disabled')." ".$state.
- "><p class=\"seperator\"> </p></td></tr></table>";
- return($display);
- }
-
-
- function postcreate($add_attrs= array())
+ /* Create unique DN */
+ function create_unique_dn2($data, $base)
{
{
- /* Find postcreate entries for this class */
- $command= $this->config->search(get_class($this), "POSTCREATE",array('menu', 'tabs'));
-
- if ($command != ""){
-
- /* Walk through attribute list */
- foreach ($this->attributes as $attr){
- if (!is_array($this->$attr)){
- $add_attrs[$attr] = $this->$attr;
- }
- }
- $add_attrs['dn']=$this->dn;
-
- $tmp = array();
- foreach($add_attrs as $name => $value){
- $tmp[$name] = strlen($name);
- }
- arsort($tmp);
-
- /* Additional attributes */
- foreach ($tmp as $name => $len){
- $value = $add_attrs[$name];
- $command= preg_replace("/%$name/", "$value ", $command);
- }
-
- if (check_command($command)){
- @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
- $command, "Execute");
+ $ldap= $this->config->get_ldap_link();
+ $base= preg_replace("/^,*/", "", $base);
- exec($command);
- } else {
- $message= msgPool::cmdnotfound("POSTCREATE", get_class($this));
- msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
- }
+ /* Try to use plain entry first */
+ $dn= "$data,$base";
+ $attribute= preg_replace('/=.*$/', '', $data);
+ $ldap->cat ($dn, array('dn'));
+ if (!$ldap->fetch()){
+ return ($dn);
}
}
- }
-
- function postmodify($add_attrs= array())
- {
- /* Find postcreate entries for this class */
- $command= $this->config->search(get_class($this), "POSTMODIFY",array('menu','tabs'));
-
- if ($command != ""){
- /* Walk through attribute list */
- foreach ($this->attributes as $attr){
- if (!is_array($this->$attr)){
- $add_attrs[$attr] = $this->$attr;
- }
- }
- $add_attrs['dn']=$this->dn;
-
- $tmp = array();
- foreach($add_attrs as $name => $value){
- $tmp[$name] = strlen($name);
- }
- arsort($tmp);
-
- /* Additional attributes */
- foreach ($tmp as $name => $len){
- $value = $add_attrs[$name];
- $command= preg_replace("/%$name/", "$value ", $command);
+ /* Look for additional attributes */
+ foreach ($this->attributes as $attr){
+ if ($attr == $attribute || $this->$attr == ""){
+ continue;
}
}
- if (check_command($command)){
- @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,$command, "Execute");
- exec($command);
- } else {
- $message= msgPool::cmdnotfound("POSTMODIFY", get_class($this));
- msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
+ $dn= "$data+$attr=".$this->$attr.",$base";
+ $ldap->cat ($dn, array('dn'));
+ if (!$ldap->fetch()){
+ return ($dn);
}
}
}
}
- }
-
- function postremove($add_attrs= array())
- {
- /* Find postremove entries for this class */
- $command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs'));
- if ($command != ""){
-
- /* Walk through attribute list */
- foreach ($this->attributes as $attr){
- if (!is_array($this->$attr)){
- $add_attrs[$attr] = $this->$attr;
- }
- }
- $add_attrs['dn']=$this->dn;
- $tmp = array();
- foreach($add_attrs as $name => $value){
- $tmp[$name] = strlen($name);
- }
- arsort($tmp);
-
- /* Additional attributes */
- foreach ($tmp as $name => $len){
- $value = $add_attrs[$name];
- $command= preg_replace("/%$name/", "$value ", $command);
- }
-
- if (check_command($command)){
- @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
- $command, "Execute");
-
- exec($command);
- } else {
- $message= msgPool::cmdnotfound("POSTREMOVE", get_class($this));
- msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
- }
- }
+ /* None found */
+ return ("none");
}
}
- /* Create unique DN */
+
+ /*! \brief Create unique DN */
function create_unique_dn($attribute, $base)
{
$ldap= $this->config->get_ldap_link();
function create_unique_dn($attribute, $base)
{
$ldap= $this->config->get_ldap_link();
return ("none");
}
return ("none");
}
+
function rebind($ldap, $referral)
{
$credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
function rebind($ldap, $referral)
{
$credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
- if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
+ if (ldap_bind($ldap, $credentials['ADMIN'], $this->config->get_credentials($credentials['PASSWORD']))) {
$this->error = "Success";
$this->hascon=true;
$this->reconnect= true;
$this->error = "Success";
$this->hascon=true;
$this->reconnect= true;
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
- $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
- $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
+ $pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']);
+ $r=ldap_bind($ds,$this->config->current['ADMINDN'], $pwd);
+ $sr=ldap_read($ds, LDAP::fix($src_dn), "objectClass=*");
/* Fill data from LDAP */
$new= array();
/* Fill data from LDAP */
$new= array();
/* Adapt naming attribute */
$dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
$dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
/* Adapt naming attribute */
$dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
$dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
- $new[$dst_name]= @LDAP::fix($dst_val);
+ $new[$dst_name]= LDAP::fix($dst_val);
/* Check if this is a department.
* If it is a dep. && there is a , override in his ou
* change \2C to , again, else this entry can't be saved ...
*/
if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
/* Check if this is a department.
* If it is a dep. && there is a , override in his ou
* change \2C to , again, else this entry can't be saved ...
*/
if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
- $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
+ $new['ou'] = str_replace("\\\\,",",",$new['ou']);
}
/* Save copy */
}
/* Save copy */
/* FAIvariable=.../..., cn=..
could not be saved, because the attribute FAIvariable was different to
the dn FAIvariable=..., cn=... */
/* FAIvariable=.../..., cn=..
could not be saved, because the attribute FAIvariable was different to
the dn FAIvariable=..., cn=... */
+
+ if(!is_array($new['objectClass'])) $new['objectClass'] = array($new['objectClass']);
+
if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
$new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
}
if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
$new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
}
$ldap->cat($dst_dn);
$attrs= $ldap->fetch();
if (count($attrs)){
$ldap->cat($dst_dn);
$attrs= $ldap->fetch();
if (count($attrs)){
- trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
+ trigger_error("Trying to overwrite ".LDAP::fix($dst_dn).", which already exists.",
E_USER_WARNING);
return (FALSE);
}
E_USER_WARNING);
return (FALSE);
}
$ldap->cat($src_dn);
$attrs= $ldap->fetch();
if (!count($attrs)){
$ldap->cat($src_dn);
$attrs= $ldap->fetch();
if (!count($attrs)){
- trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
+ trigger_error("Trying to move ".LDAP::fix($src_dn).", which does not seem to exist.",
E_USER_WARNING);
return (FALSE);
}
E_USER_WARNING);
return (FALSE);
}
$ldap->search("objectClass=*",array("dn"));
while($attrs = $ldap->fetch()){
$src = $attrs['dn'];
$ldap->search("objectClass=*",array("dn"));
while($attrs = $ldap->fetch()){
$src = $attrs['dn'];
- $dst = preg_replace("/".normalizePreg($src_dn)."$/",$dst_dn,$attrs['dn']);
+ $dst = preg_replace("/".preg_quote($src_dn, '/')."$/",$dst_dn,$attrs['dn']);
$this->_copy($src,$dst);
}
return (TRUE);
}
$this->_copy($src,$dst);
}
return (TRUE);
}
+
+ /*! \brief Rename/Move a given src_dn to the given dest_dn
+ *
+ * Move a given ldap object indentified by $src_dn to the
+ * given destination $dst_dn
+ *
+ * - Ensure that all references are updated (ogroups)
+ * - Update ACLs
+ * - Update accessTo
+ *
+ * \param string 'src_dn' the source DN.
+ * \param string 'dst_dn' the destination DN.
+ * \return boolean TRUE on success else FALSE.
+ */
+ function rename($src_dn, $dst_dn)
+ {
+ $start = microtime(1);
+
+ /* Try to move the source entry to the destination position */
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dst_dn));
+ if (!$ldap->rename_dn($src_dn,$dst_dn)){
+# msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class()));
+ new log("debug","Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.","FROM: $src_dn -- TO: $dst_dn",array(),$ldap->get_error());
+ @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,"Rename failed FROM: $src_dn -- TO: $dst_dn",
+ "Ldap Protocol v3 implementation error, falling back to maunal method.");
+ return(FALSE);
+ }
+
+ /* Get list of users,groups and roles within this tree,
+ maybe we have to update ACL references.
+ */
+ $leaf_objs = get_list("(|(objectClass=posixGroup)(objectClass=gosaAccount)(objectClass=gosaRole))",array("all"),$dst_dn,
+ array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+ foreach($leaf_objs as $obj){
+ $new_dn = $obj['dn'];
+ $old_dn = preg_replace("/".preg_quote(LDAP::convert($dst_dn), '/')."$/i",$src_dn,LDAP::convert($new_dn));
+ $this->update_acls($old_dn,$new_dn);
+ }
+
+ // Migrate objectgroups if needed
+ $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))",
+ "ogroups", array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ // Walk through all objectGroups
+ foreach($ogroups as $ogroup){
+ // Migrate old to new dn
+ $o_ogroup= new ogroup($this->config,$ogroup['dn']);
+ if (isset($o_ogroup->member[$src_dn])) {
+ unset($o_ogroup->member[$src_dn]);
+ }
+ $o_ogroup->member[$dst_dn]= $dst_dn;
+
+ // Save object group
+ $o_ogroup->save();
+ }
+
+ // Migrate rfc groups if needed
+ $groups = get_sub_list("(&(objectClass=posixGroup)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ // Walk through all POSIX groups
+ foreach($groups as $group){
+
+ // Migrate old to new dn
+ $o_group= new group($this->config,$group['dn']);
+ $o_group->save();
+ }
+
+ /* Update roles to use the new entry dn */
+ $roles = get_sub_list("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","roles", array(get_ou("roleRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ // Walk through all roles
+ foreach($roles as $role){
+ $role = new roleGeneric($this->config,$role['dn']);
+ $key= array_search($src_dn, $role->roleOccupant);
+ if($key !== FALSE){
+ $role->roleOccupant[$key] = $dst_dn;
+ $role->save();
+ }
+ }
+
+ // Update 'manager' attributes from gosaDepartment and inetOrgPerson
+ $filter = "(&(objectClass=inetOrgPerson)(manager=".LDAP::prepare4filter(LDAP::fix($src_dn))."))";
+ $ocs = $ldap->get_objectclasses();
+ if(isset($ocs['gosaDepartment']['MAY']) && in_array('manager', $ocs['gosaDepartment']['MAY'])){
+ $filter = "(|".$filter."(&(objectClass=gosaDepartment)(manager=".LDAP::prepare4filter(LDAP::fix($src_dn)).")))";
+ }
+ $leaf_deps= get_list($filter,array("all"),$this->config->current['BASE'],
+ array("manager","dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+ foreach($leaf_deps as $entry){
+ $update = array('manager' => $dst_dn);
+ $ldap->cd($entry['dn']);
+ $ldap->modify($update);
+ if(!$ldap->success()){
+ trigger_error(sprintf("Failed to update manager for '%s', error was '%s'", $entry['dn'], $ldap->get_error()));
+ }
+ }
+
+ /* Check if there are gosa departments moved.
+ If there were deps moved, the force reload of config->deps.
+ */
+ $leaf_deps= get_list("(objectClass=gosaDepartment)",array("all"),$dst_dn,
+ array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ if(count($leaf_deps)){
+ $this->config->get_departments();
+ $this->config->make_idepartments();
+ session::global_set("config",$this->config);
+ $ui =get_userinfo();
+ $ui->reset_acl_cache();
+ }
+
+ return(TRUE);
+ }
+
+
+
function move($src_dn, $dst_dn)
{
/* Do not copy if only upper- lowercase has changed */
function move($src_dn, $dst_dn)
{
/* Do not copy if only upper- lowercase has changed */
return(TRUE);
}
return(TRUE);
}
+
+ /* Try to move the entry instead of copy & delete
+ */
+ if(TRUE){
+
+ /* Try to move with ldap routines, if this was not successfull
+ fall back to the old style copy & remove method
+ */
+ if($this->rename($src_dn, $dst_dn)){
+ return(TRUE);
+ }else{
+ // See code below.
+ }
+ }
+
/* Copy source to destination */
if (!$this->copy($src_dn, $dst_dn)){
return (FALSE);
/* Copy source to destination */
if (!$this->copy($src_dn, $dst_dn)){
return (FALSE);
}
}
- /* Move/Rename complete trees */
+ /* \brief Move/Rename complete trees */
function recursive_move($src_dn, $dst_dn)
{
/* Check if the destination entry exists */
function recursive_move($src_dn, $dst_dn)
{
/* Check if the destination entry exists */
}
}
- function handle_post_events($mode, $add_attrs= array())
- {
- switch ($mode){
- case "add":
- $this->postcreate($add_attrs);
- break;
-
- case "modify":
- $this->postmodify($add_attrs);
- break;
-
- case "remove":
- $this->postremove($add_attrs);
- break;
- }
- }
-
-
function saveCopyDialog(){
}
function saveCopyDialog(){
}
}
}
+ /*! \brief Prepare for Copy & Paste */
function PrepareForCopyPaste($source)
{
$todo = $this->attributes;
function PrepareForCopyPaste($source)
{
$todo = $this->attributes;
if (isset($source[$var])){
if(isset($source[$var]['count'])){
if($source[$var]['count'] > 1){
if (isset($source[$var])){
if(isset($source[$var]['count'])){
if($source[$var]['count'] > 1){
- $this->$var = array();
- $tmp = array();
- for($i = 0 ; $i < $source[$var]['count']; $i++){
- $tmp = $source[$var][$i];
- }
+ $tmp= $source[$var];
+ unset($tmp['count']);
$this->$var = $tmp;
}else{
$this->$var = $source[$var][0];
$this->$var = $tmp;
}else{
$this->$var = $source[$var][0];
}
}
}
}
- function tag_attrs(&$at, $dn= "", $tag= "", $show= false)
- {
- /* Skip tagging?
+ /*! \brief Get gosaUnitTag for the given DN
If this is called from departmentGeneric, we have to skip this
tagging procedure.
If this is called from departmentGeneric, we have to skip this
tagging procedure.
- */
+ */
+ function tag_attrs(&$at, $dn= "", $tag= "", $show= false)
+ {
+ /* Skip tagging? */
if($this->skipTagging){
return;
}
if($this->skipTagging){
return;
}
foreach ($this->config->adepartments as $key => $ntag){
/* This one is bigger than our dn, its not relevant... */
foreach ($this->config->adepartments as $key => $ntag){
/* This one is bigger than our dn, its not relevant... */
- if ($len <= strlen($key)){
+ if ($len < strlen($key)){
continue;
}
/* This one matches with the latter part. Break and don't fix this entry */
continue;
}
/* This one matches with the latter part. Break and don't fix this entry */
- if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
+ if (preg_match('/(^|,)'.preg_quote($key, '/').'$/', $dn)){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
$relevant[strlen($key)]= $ntag;
continue;
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
$relevant[strlen($key)]= $ntag;
continue;
}
}
}
}
}
}
-
+
+ /*! \brief Add unit tag */
/* Remove tags that may already be here... */
remove_objectClass("gosaAdministrativeUnitTag", $at);
if (isset($at['gosaUnitTag'])){
/* Remove tags that may already be here... */
remove_objectClass("gosaAdministrativeUnitTag", $at);
if (isset($at['gosaUnitTag'])){
}
}
- /* Add possibility to stop remove process */
+ /*! \brief Test for removability of the object
+ *
+ * Allows testing of conditions for removal of object. If removal should be aborted
+ * the function needs to remove an error message.
+ * */
function allow_remove()
{
$reason= "";
function allow_remove()
{
$reason= "";
}
}
- /* Create a snapshot of the current object */
+ /*! \brief Create a snapshot of the current object */
function create_snapshot($type= "snapshot", $description= array())
{
function create_snapshot($type= "snapshot", $description= array())
{
}
/* Get configuration from gosa.conf */
}
/* Get configuration from gosa.conf */
- $tmp = $this->config->current;
+ $config = $this->config;
/* Create lokal ldap connection */
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
/* check if there are special server configurations for snapshots */
/* Create lokal ldap connection */
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
/* check if there are special server configurations for snapshots */
- if(!isset($tmp['SNAPSHOT_SERVER'])){
+ if($config->get_cfg_value("snapshotURI") == ""){
/* Source and destination server are both the same, just copy source to dest obj */
$ldap_to = $ldap;
$snapldapbase = $this->config->current['BASE'];
}else{
/* Source and destination server are both the same, just copy source to dest obj */
$ldap_to = $ldap;
$snapldapbase = $this->config->current['BASE'];
}else{
- $server = $tmp['SNAPSHOT_SERVER'];
- $user = $tmp['SNAPSHOT_USER'];
- $password = $tmp['SNAPSHOT_PASSWORD'];
- $snapldapbase = $tmp['SNAPSHOT_BASE'];
+ $server = $config->get_cfg_value("snapshotURI");
+ $user = $config->get_cfg_value("snapshotAdminDn");
+ $password = $this->config->get_credentials($config->get_cfg_value("snapshotAdminPassword"));
+ $snapldapbase = $config->get_cfg_value("snapshotBase");
$ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to -> cd($snapldapbase);
$ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to -> cd($snapldapbase);
/* Collect some infos */
$base = $this->config->current['BASE'];
/* Collect some infos */
$base = $this->config->current['BASE'];
- $snap_base = $tmp['SNAPSHOT_BASE'];
+ $snap_base = $config->get_cfg_value("snapshotBase");
$base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
$base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
- $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
+ $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base;
/* Create object */
#$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
$data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
/* Create object */
#$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
$data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
- $newName = preg_replace("/\./", "", $sec."-".$usec);
+ $newName = str_replace(".", "", $sec."-".$usec);
$target= array();
$target['objectClass'] = array("top", "gosaSnapshotObject");
$target['gosaSnapshotData'] = gzcompress($data, 6);
$target= array();
$target['objectClass'] = array("top", "gosaSnapshotObject");
$target['gosaSnapshotData'] = gzcompress($data, 6);
$ldap_to->cat($new_dn);
while($ldap_to->count()){
$ldap_to->cat($new_dn);
$ldap_to->cat($new_dn);
while($ldap_to->count()){
$ldap_to->cat($new_dn);
- $newName = preg_replace("/\./", "", $sec."-".($usec++));
+ $newName = str_replace(".", "", $sec."-".($usec++));
$new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
$target['gosaSnapshotTimestamp'] = $newName;
}
$new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
$target['gosaSnapshotTimestamp'] = $newName;
}
}
}
}
}
+ /*! \brief Remove a snapshot */
function remove_snapshot($dn)
{
$ui = get_userinfo();
function remove_snapshot($dn)
{
$ui = get_userinfo();
$this->dn = $dn;
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$this->dn = $dn;
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
- $ldap->rmdir_recursive($dn);
+ $ldap->rmdir_recursive($this->dn);
+ if(!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn));
+ }
$this->dn = $old_dn;
}
$this->dn = $old_dn;
}
- /* returns true if snapshots are enabled, and false if it is disalbed
- There will also be some errors psoted, if the configuration failed */
+ /*! \brief Test if snapshotting is enabled
+ *
+ * Test weither snapshotting is enabled or not. There will also be some errors posted,
+ * if the configuration failed
+ * \return TRUE if snapshots are enabled, and FALSE if it is disabled
+ */
function snapshotEnabled()
{
function snapshotEnabled()
{
- $tmp = $this->config->current;
- if(isset($tmp['ENABLE_SNAPSHOT'])){
- if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
-
- /* Check if the snapshot_base is defined */
- if(!isset($tmp['SNAPSHOT_BASE'])){
- msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."),"SNAPSHOT_BASE"), ERROR_DIALOG);
- return(FALSE);
- }
-
- /* check if there are special server configurations for snapshots */
- if(isset($tmp['SNAPSHOT_SERVER'])){
-
- /* check if all required vars are available to create a new ldap connection */
- $missing = "";
- foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){
- if(!isset($tmp[$var])){
- $missing .= $var." ";
- msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."), $missing), ERROR_DIALOG);
- return(FALSE);
- }
- }
- }
- return(TRUE);
- }
- }
- return(FALSE);
+ return $this->config->snapshotEnabled();
}
}
- /* Return available snapshots for the given base
- */
+ /* \brief Return available snapshots for the given base */
function Available_SnapsShots($dn,$raw = false)
{
if(!$this->snapshotEnabled()) return(array());
function Available_SnapsShots($dn,$raw = false)
{
if(!$this->snapshotEnabled()) return(array());
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
-
- if(isset($cfg['SERVER']) && isset($cfg['SNAPSHOT_SERVER']) && $cfg['SERVER'] == $cfg['SNAPSHOT_SERVER']){
- $ldap_to = $ldap;
- }elseif(isset($cfg['SNAPSHOT_SERVER'])){
- $server = $cfg['SNAPSHOT_SERVER'];
- $user = $cfg['SNAPSHOT_USER'];
- $password = $cfg['SNAPSHOT_PASSWORD'];
- $snapldapbase = $cfg['SNAPSHOT_BASE'];
-
- $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
- $ldap_to -> cd ($snapldapbase);
+ if($this->config->get_cfg_value("snapshotURI") == ""){
+ $ldap_to = $ldap;
+ }else{
+ $server = $this->config->get_cfg_value("snapshotURI");
+ $user = $this->config->get_cfg_value("snapshotAdminDn");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
+ $snapldapbase = $this->config->get_cfg_value("snapshotBase");
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
+ $ldap_to -> cd($snapldapbase);
if (!$ldap_to->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
}
if (!$ldap_to->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
}
- }else{
- $ldap_to = $ldap;
}
/* Prepare bases and some other infos */
$base = $this->config->current['BASE'];
}
/* Prepare bases and some other infos */
$base = $this->config->current['BASE'];
- $snap_base = $cfg['SNAPSHOT_BASE'];
+ $snap_base = $this->config->get_cfg_value("snapshotBase");
$base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
$base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
- $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
+ $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base;
$tmp = array();
/* Fetch all objects with gosaSnapshotDN=$dn */
$tmp = array();
/* Fetch all objects with gosaSnapshotDN=$dn */
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
- if(isset($cfg['SNAPSHOT_SERVER'])){
- $server = $cfg['SNAPSHOT_SERVER'];
- $user = $cfg['SNAPSHOT_USER'];
- $password = $cfg['SNAPSHOT_PASSWORD'];
- $snapldapbase = $cfg['SNAPSHOT_BASE'];
- $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
- $ldap_to->cd ($snapldapbase);
+ if($this->config->get_cfg_value("snapshotURI") == ""){
+ $ldap_to = $ldap;
+ }else{
+ $server = $this->config->get_cfg_value("snapshotURI");
+ $user = $this->config->get_cfg_value("snapshotAdminDn");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
+ $snapldapbase = $this->config->get_cfg_value("snapshotBase");
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
+ $ldap_to -> cd($snapldapbase);
if (!$ldap_to->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
}
if (!$ldap_to->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
}
- }else{
- $ldap_to = $ldap;
}
/* Prepare bases */
$base = $this->config->current['BASE'];
}
/* Prepare bases */
$base = $this->config->current['BASE'];
- $snap_base = $cfg['SNAPSHOT_BASE'];
- $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
+ $snap_base = $this->config->get_cfg_value("snapshotBase");
+ $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base;
/* Fetch all objects and check if they do not exist anymore */
$ui = get_userinfo();
/* Fetch all objects and check if they do not exist anymore */
$ui = get_userinfo();
}
}
- /* Restore selected snapshot */
+ /* \brief Restore selected snapshot */
function restore_snapshot($dn)
{
if(!$this->snapshotEnabled()) return(array());
function restore_snapshot($dn)
{
if(!$this->snapshotEnabled()) return(array());
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
- if(isset($cfg['SNAPSHOT_SERVER'])){
- $server = $cfg['SNAPSHOT_SERVER'];
- $user = $cfg['SNAPSHOT_USER'];
- $password = $cfg['SNAPSHOT_PASSWORD'];
- $snapldapbase = $cfg['SNAPSHOT_BASE'];
- $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
- $ldap_to->cd ($snapldapbase);
+ if($this->config->get_cfg_value("snapshotURI") == ""){
+ $ldap_to = $ldap;
+ }else{
+ $server = $this->config->get_cfg_value("snapshotURI");
+ $user = $this->config->get_cfg_value("snapshotAdminDn");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
+ $snapldapbase = $this->config->get_cfg_value("snapshotBase");
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
+ $ldap_to -> cd($snapldapbase);
if (!$ldap_to->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
}
if (!$ldap_to->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
}
- }else{
- $ldap_to = $ldap;
}
/* Get the snapshot */
}
/* Get the snapshot */
}
}
- function showSnapshotDialog($base,$baseSuffixe)
+ function showSnapshotDialog($base,$baseSuffixe,&$parent)
{
$once = true;
{
$once = true;
+ $ui = get_userinfo();
+ $this->parent = $parent;
+
foreach($_POST as $name => $value){
/* Create a new snapshot, display a dialog */
foreach($_POST as $name => $value){
/* Create a new snapshot, display a dialog */
- if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
+ if(preg_match("/^CreateSnapShotDialog_[^_]*_[xy]$/",$name) && $once){
+
+ $entry = base64_decode(preg_replace("/^CreateSnapShotDialog_([^_]*)_[xy]$/","\\1",$name));
$once = false;
$once = false;
- $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
- $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
- $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
- }
+ $entry = preg_replace("/^CreateSnapShotDialog_/","",$entry);
+ if(!empty($entry) && $ui->allow_snapshot_create($entry,$this->parent->acl_module)){
+ $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
+ }else{
+ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to create a snapshot for %s."),$entry),ERROR_DIALOG);
+ }
+ }
+
/* Restore a snapshot, display a dialog with all snapshots of the current object */
if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
$once = false;
/* Restore a snapshot, display a dialog with all snapshots of the current object */
if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
$once = false;
- $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
- $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
- $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
- $this->snapDialog->display_restore_dialog = true;
+ $entry = base64_decode(preg_replace("/^RestoreSnapShotDialog_([^_]*)_[xy]$/i","\\1",$name));
+ if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
+ $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
+ $this->snapDialog->display_restore_dialog = true;
+ }else{
+ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$entry),ERROR_DIALOG);
+ }
}
/* Restore one of the already deleted objects */
if(((isset($_POST['menu_action']) && $_POST['menu_action'] == "RestoreDeletedSnapShot")
|| preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){
$once = false;
}
/* Restore one of the already deleted objects */
if(((isset($_POST['menu_action']) && $_POST['menu_action'] == "RestoreDeletedSnapShot")
|| preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){
$once = false;
- $this->snapDialog = new SnapShotDialog($this->config,"",$this);
- $this->snapDialog->set_snapshot_bases($baseSuffixe);
- $this->snapDialog->display_restore_dialog = true;
- $this->snapDialog->display_all_removed_objects = true;
+
+ if($ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
+ $this->snapDialog = new SnapShotDialog($this->config,"",$this);
+ $this->snapDialog->set_snapshot_bases($baseSuffixe);
+ $this->snapDialog->display_restore_dialog = true;
+ $this->snapDialog->display_all_removed_objects = true;
+ }else{
+ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$base),ERROR_DIALOG);
+ }
}
/* Restore selected snapshot */
if(preg_match("/^RestoreSnapShot_/",$name) && $once){
$once = false;
}
/* Restore selected snapshot */
if(preg_match("/^RestoreSnapShot_/",$name) && $once){
$once = false;
- $entry = preg_replace("/^RestoreSnapShot_/","",$name);
- $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
- if(!empty($entry)){
+ $entry = base64_decode(preg_replace("/^RestoreSnapShot_([^_]*)_[xy]$/i","\\1",$name));
+
+ if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
$this->restore_snapshot($entry);
$this->snapDialog = NULL;
$this->restore_snapshot($entry);
$this->snapDialog = NULL;
+ }else{
+ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$entry),ERROR_DIALOG);
}
}
}
}
}
}
}
}
+ /*! \brief Return plugin informations for acl handling */
static function plInfo()
{
return array();
static function plInfo()
{
return array();
function acl_is_writeable($attribute,$skip_write = FALSE)
{
function acl_is_writeable($attribute,$skip_write = FALSE)
{
+ if($this->read_only) return(FALSE);
$ui= get_userinfo();
return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
}
$ui= get_userinfo();
return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
}
}
}
- function acl_is_createable()
+ function acl_is_createable($base ="")
{
{
+ if($this->read_only) return(FALSE);
$ui= get_userinfo();
$ui= get_userinfo();
- return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ if($base == "") $base = $this->acl_base;
+ return preg_match('/c/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
}
- function acl_is_removeable()
+ function acl_is_removeable($base ="")
{
{
+ if($this->read_only) return(FALSE);
$ui= get_userinfo();
$ui= get_userinfo();
- return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ if($base == "") $base = $this->acl_base;
+ return preg_match('/d/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
}
- function acl_is_moveable()
+ function acl_is_moveable($base = "")
{
{
+ if($this->read_only) return(FALSE);
$ui= get_userinfo();
$ui= get_userinfo();
- return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ if($base == "") $base = $this->acl_base;
+ return preg_match('/m/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
}
function getacl($attribute,$skip_write= FALSE)
{
$ui= get_userinfo();
function getacl($attribute,$skip_write= FALSE)
{
$ui= get_userinfo();
+ $skip_write |= $this->read_only;
return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
}
return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
}
- /* Get all allowed bases to move an object to or to create a new object.
- Idepartments also contains all base departments which lead to the allowed bases */
- function get_allowed_bases($category = "")
+
+ /*! \brief Returns a list of all available departments for this object.
+ *
+ * If this object is new, all departments we are allowed to create a new user in
+ * are returned. If this is an existing object, return all deps.
+ * We are allowed to move tis object too.
+ * \return array [dn] => "..name" // All deps. we are allowed to act on.
+ */
+ function get_allowed_bases()
{
$ui = get_userinfo();
$deps = array();
{
$ui = get_userinfo();
$deps = array();
- /* Set category */
- if(empty($category)){
- $category = $this->acl_category.get_class($this);
- }
-
/* Is this a new object ? Or just an edited existing object */
if(!$this->initially_was_account && $this->is_account){
$new = true;
/* Is this a new object ? Or just an edited existing object */
if(!$this->initially_was_account && $this->is_account){
$new = true;
$new = false;
}
$new = false;
}
- $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
foreach($this->config->idepartments as $dn => $name){
foreach($this->config->idepartments as $dn => $name){
-
- if(!in_array_ics($dn,$cat_bases)){
- continue;
- }
-
- $acl = $ui->get_permissions($dn,$category);
- if($new && preg_match("/c/",$acl)){
+ if($new && $this->acl_is_createable($dn)){
$deps[$dn] = $name;
$deps[$dn] = $name;
- }elseif(!$new && preg_match("/m/",$acl)){
+ }elseif(!$new && $this->acl_is_moveable($dn)){
$deps[$dn] = $name;
}
}
$deps[$dn] = $name;
}
}
/* Add current base */
if(isset($this->base) && isset($this->config->idepartments[$this->base])){
$deps[$this->base] = $this->config->idepartments[$this->base];
/* Add current base */
if(isset($this->base) && isset($this->config->idepartments[$this->base])){
$deps[$this->base] = $this->config->idepartments[$this->base];
+ }elseif(strtolower($this->dn) == strtolower($this->config->current['BASE'])){
+
}else{
}else{
- trigger_error("No default base found in class ".get_class($this).". ".$this->base);
+ trigger_error("Cannot return list of departments, no default base found in class ".get_class($this).". ".$this->base);
}
return($deps);
}
}
return($deps);
}
- /* This function modifies object acls too, if an object is moved.
- * $old_dn specifies the actually used dn
- * $new_dn specifies the destiantion dn
+ /* This function updates ACL settings if $old_dn was used.
+ * \param string 'old_dn' specifies the actually used dn
+ * \param string 'new_dn' specifies the destiantion dn
*/
function update_acls($old_dn,$new_dn,$output_changes = FALSE)
{
*/
function update_acls($old_dn,$new_dn,$output_changes = FALSE)
{
}
/* Update userinfo if necessary */
}
/* Update userinfo if necessary */
- $ui = session::get('ui');
+ $ui = session::global_get('ui');
if($ui->dn == $old_dn){
$ui->dn = $new_dn;
if($ui->dn == $old_dn){
$ui->dn = $new_dn;
- session::set('ui',$ui);
- new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
+ session::global_set('ui',$ui);
+ new log("view","acl/".get_class($this),$this->dn,array(),"Updated current object dn from '".$old_dn."' to '".$new_dn."'");
}
/* Object was moved, ensure that all acls will be moved too */
}
/* Object was moved, ensure that all acls will be moved too */
$update = array();
$ldap = $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
$update = array();
$ldap = $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($old_dn)."*))",array("cn","gosaAclEntry"));
while($attrs = $ldap->fetch()){
while($attrs = $ldap->fetch()){
-
$acls = array();
$acls = array();
-
- /* Walk through acls */
+ $found = false;
for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
+ $acl_parts = explode(":",$attrs['gosaAclEntry'][$i]);
- /* Reset vars */
- $found = false;
+ /* Roles uses antoher data storage order, members are stored int the third part,
+ while the members in direct ACL assignments are stored in the second part.
+ */
+ $id = ($acl_parts[1] == "role") ? 3 : 2;
- /* Get Acl parts */
- $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
-
- /* Get every single member for this acl */
- $members = array();
- if(preg_match("/,/",$acl_parts[2])){
- $members = split(",",$acl_parts[2]);
- }else{
- $members = array($acl_parts[2]);
- }
-
- /* Check if member match current dn */
+ /* Update member entries to use $new_dn instead of old_dn
+ */
+ $members = explode(",",$acl_parts[$id]);
foreach($members as $key => $member){
$member = base64_decode($member);
if($member == $old_dn){
foreach($members as $key => $member){
$member = base64_decode($member);
if($member == $old_dn){
- $found = true;
$members[$key] = base64_encode($new_dn);
$members[$key] = base64_encode($new_dn);
+ $found = TRUE;
}
}
}
}
-
- /* Create new member string */
- $new_members = "";
- foreach($members as $member){
- $new_members .= $member.",";
- }
- $new_members = preg_replace("/,$/","",$new_members);
- $acl_parts[2] = $new_members;
-
- /* Reconstruckt acl entry */
- $acl_str ="";
- foreach($acl_parts as $t){
- $acl_str .= $t.":";
+
+ /* Check if the selected role has to updated
+ */
+ if($acl_parts[1] == "role" && $acl_parts[2] == base64_encode($old_dn)){
+ $acl_parts[2] = base64_encode($new_dn);
+ $found = TRUE;
}
}
- $acl_str = preg_replace("/:$/","",$acl_str);
- }
- /* Acls for this object must be adjusted */
- if($found){
+ /* Build new acl string */
+ $acl_parts[$id] = implode($members,",");
+ $acls[] = implode($acl_parts,":");
+ }
+
+ /* Acls for this object must be adjusted */
+ if($found){
$debug_info= _("Changing ACL dn")." : <br> -"._("from")." <b> ".
$debug_info= _("Changing ACL dn")." : <br> -"._("from")." <b> ".
- $old_dn."</b><br> -"._("to")." <b>".$new_dn."</b><br>";
+ $old_dn."</b><br> -"._("to")." <b>".$new_dn."</b><br>";
@DEBUG (DEBUG_ACL, __LINE__, __FUNCTION__, __FILE__,$debug_info,"ACL");
$update[$attrs['dn']] =array();
@DEBUG (DEBUG_ACL, __LINE__, __FUNCTION__, __FILE__,$debug_info,"ACL");
$update[$attrs['dn']] =array();
- /* This function enables the entry Serial ID check.
- * If an entry was edited while we have edited the entry too,
- * an error message will be shown.
+ /*! \brief Enable the Serial ID check
+ *
+ * This function enables the entry Serial ID check. If an entry was edited while
+ * we have edited the entry too, an error message will be shown.
* To configure this check correctly read the FAQ.
*/
function enable_CSN_check()
* To configure this check correctly read the FAQ.
*/
function enable_CSN_check()
/*! \brief Prepares the plugin to be used for multiple edit
* Update plugin attributes with given array of attribtues.
/*! \brief Prepares the plugin to be used for multiple edit
* Update plugin attributes with given array of attribtues.
- * @param array Array with attributes that must be updated.
+ * \param array Array with attributes that must be updated.
*/
function init_multiple_support($attrs,$all)
{
*/
function init_multiple_support($attrs,$all)
{
/* Copy needed attributes */
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->multi_attrs);
/* Copy needed attributes */
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->multi_attrs);
+
if ($found != ""){
if ($found != ""){
- if(isset($this->multi_attrs["$found"][0])){
- $this->$val= $this->multi_attrs["$found"][0];
+ if(isset($this->multi_attrs["$val"][0])){
+ $this->$val= $this->multi_attrs["$val"][0];
}
}
}
}
}
}
/*! \brief Returns all values that have been modfied in multiple edit mode.
/*! \brief Returns all values that have been modfied in multiple edit mode.
- @return array Cotaining all mdofied values.
+ \return array Cotaining all modified values.
*/
function get_multi_edit_values()
{
*/
function get_multi_edit_values()
{
}
}
- /*! \brief execute plugin
-
- Generates the html output for this node
- */
+ /*! \brief Generates the html output for this node for multi edit*/
function multiple_execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
function multiple_execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
- session::set('current_class_for_help',get_class($this));
+ session::global_set('current_class_for_help',get_class($this));
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
- session::set('LOCK_VARS_USED',array());
+ session::set('LOCK_VARS_USED_GET',array());
+ session::set('LOCK_VARS_USED_POST',array());
+ session::set('LOCK_VARS_USED_REQUEST',array());
return("Multiple edit is currently not implemented for this plugin.");
}
return("Multiple edit is currently not implemented for this plugin.");
}
- /*! \brief Save HTML posted data to object for multiple edit
+ /*! \brief Save HTML posted data to object for multiple edit
*/
function multiple_save_object()
{
*/
function multiple_save_object()
{
}
}
- /*! \brief Returns all attributes of this plugin,
+ /*! \brief Returns all attributes of this plugin,
to be able to detect multiple used attributes
in multi_plugg::detect_multiple_used_attributes().
@return array Attributes required for intialization of multi_plug
to be able to detect multiple used attributes
in multi_plugg::detect_multiple_used_attributes().
@return array Attributes required for intialization of multi_plug
/*! \brief Check given values in multiple edit
/*! \brief Check given values in multiple edit
- @return array Error messages
+ \return array Error messages
*/
function multiple_check()
{
$message = plugin::check();
return($message);
}
*/
function multiple_check()
{
$message = plugin::check();
return($message);
}
+
+
+ /*! \brief Returns the snapshot header part for "Actions" menu in management dialogs
+ \param $layer_menu
+ */
+ function get_snapshot_header($base,$category)
+ {
+ $str = "";
+ $ui = get_userinfo();
+ if($this->snapshotEnabled() && $ui->allow_snapshot_restore($base,$category)){
+
+ $ok = false;
+ foreach($this->get_used_snapshot_bases() as $base){
+ $ok |= count($this->getAllDeletedSnapshots($base)) >= 1 ;
+ }
+
+ if($ok){
+ $str = "..|<img class='center' src='images/lists/restore.png' ".
+ "alt='"._("Restore")."'> "._("Restore"). "|RestoreDeletedSnapShot|\n";
+ }else{
+ $str = "..|<img class='center' src='images/lists/restore_grey.png' alt=''> "._("Restore")."||\n";
+ }
+ }
+ return($str);
+ }
+
+
+ function get_snapshot_action($base,$category)
+ {
+ $str= "";
+ $ui = get_userinfo();
+ if($this->snapshotEnabled()){
+ if ($ui->allow_snapshot_restore($base,$category)){
+
+ if(count($this->Available_SnapsShots($base))){
+ $str.= "<input class='center' type='image' src='images/lists/restore.png'
+ alt='"._("Restore snapshot")."' name='RestoreSnapShotDialog_".base64_encode($base)."' title='"._("Restore snapshot")."'> ";
+ } else {
+ $str = "<img class='center' src='images/lists/restore_grey.png' alt=''> ";
+ }
+ }
+ if($ui->allow_snapshot_create($base,$category)){
+ $str.= "<input class='center' type='image' src='images/snapshot.png'
+ alt='"._("Create snapshot")."' name='CreateSnapShotDialog_".base64_encode($base)."'
+ title='"._("Create a new snapshot from this object")."'> ";
+ }else{
+ $str = "<img class='center' src='images/empty.png' alt=' '> ";
+ }
+ }
+
+ return($str);
+ }
+
+
+ function get_copypaste_action($base,$category,$class,$copy = TRUE, $cut = TRUE)
+ {
+ $ui = get_userinfo();
+ $action = "";
+ if($this->CopyPasteHandler){
+ if($cut){
+ if($ui->is_cutable($base,$category,$class)){
+ $action .= "<input class='center' type='image'
+ src='images/lists/cut.png' alt='"._("cut")."' name='cut_%KEY%' title='"._("Cut this entry")."'> ";
+ }else{
+ $action.="<img src='images/empty.png' alt=' ' class='center'> ";
+ }
+ }
+ if($copy){
+ if($ui->is_copyable($base,$category,$class)){
+ $action.= "<input class='center' type='image'
+ src='images/lists/copy.png' alt='"._("copy")."' name='copy_%KEY%' title='"._("Copy this entry")."'> ";
+ }else{
+ $action.="<img src='images/empty.png' alt=' ' class='center'> ";
+ }
+ }
+ }
+
+ return($action);
+ }
+
+
+ function get_copypaste_header($base,$category,$copy = TRUE, $cut = TRUE)
+ {
+ $s = "";
+ $ui =get_userinfo();
+
+ if(!is_array($category)){
+ $category = array($category);
+ }
+
+ /* Check permissions for each category, if there is at least one category which
+ support read or paste permissions for the given base, then display the specific actions.
+ */
+ $readable = $pasteable = false;
+ foreach($category as $cat){
+ $readable= $readable || preg_match('/r/', $ui->get_category_permissions($base, $cat));
+ $pasteable= $pasteable || $ui->is_pasteable($base, $cat) == 1;
+ }
+
+ if(($cut || $copy) && isset($this->CopyPasteHandler) && is_object($this->CopyPasteHandler)){
+ if($readable){
+ $s.= "..|---|\n";
+ if($copy){
+ $s.= "..|<img src='images/lists/copy.png' alt='' border='0' class='center'>".
+ " "._("Copy")."|"."multiple_copy_systems|\n";
+ }
+ if($cut){
+ $s.= "..|<img src='images/lists/cut.png' alt='' border='0' class='center'>".
+ " "._("Cut")."|"."multiple_cut_systems|\n";
+ }
+ }
+
+ if($pasteable){
+ if($this->CopyPasteHandler->entries_queued()){
+ $img = "<img border='0' class='center' src='images/lists/paste.png' alt=''>";
+ $s.="..|".$img." "._("Paste")."|editPaste|\n";
+ }else{
+ $img = "<img border='0' class='center' src='images/lists/paste-grey.png' alt=''>";
+ $s.="..|".$img." "._("Paste")."\n";
+ }
+ }
+ }
+ return($s);
+ }
+
+
+ function get_used_snapshot_bases()
+ {
+ return(array());
+ }
+
+ function is_modal_dialog()
+ {
+ return(isset($this->dialog) && $this->dialog);
+ }
+
+
+ /*! \brief Forward command execution requests
+ * to the hook execution method.
+ */
+ function handle_post_events($mode, $addAttrs= array())
+ {
+ if(!in_array($mode, array('add','remove','modify'))){
+ trigger_error(sprintf("Invalid post event type given '%s'! Valid types are [add,modify,remove].", $mode));
+ return;
+ }
+ switch ($mode){
+ case "add":
+ plugin::callHook($this,"POSTCREATE", $addAttrs);
+ break;
+
+ case "modify":
+ plugin::callHook($this,"POSTMODIFY", $addAttrs);
+ break;
+
+ case "remove":
+ plugin::callHook($this,"POSTREMOVE", $addAttrs);
+ break;
+ }
+ }
+
+
+ /*! \brief Calls external hooks which are defined for this plugin (gosa.conf)
+ * Replaces placeholder by class values of this plugin instance.
+ * @param Allows to a add special replacements.
+ */
+ static function callHook($plugin, $cmd, $addAttrs= array())
+ {
+ global $config;
+ $command= $config->search(get_class($plugin), $cmd,array('menu','tabs'));
+ if ($command != ""){
+
+ // Walk trough attributes list and add the plugins attributes.
+ foreach ($plugin->attributes as $attr){
+ if (!is_array($plugin->$attr)){
+ $addAttrs[$attr] = $plugin->$attr;
+ }
+ }
+ $ui = get_userinfo();
+ $addAttrs['callerDN']=$ui->dn;
+ $addAttrs['dn']=$plugin->dn;
+
+ // Sort attributes by length, ensures correct replacement
+ $tmp = array();
+ foreach($addAttrs as $name => $value){
+ $tmp[$name] = strlen($name);
+ }
+ arsort($tmp);
+
+ // Now replace the placeholder
+ foreach ($tmp as $name => $len){
+ $value = $addAttrs[$name];
+ $command= str_replace("%$name", "$value", $command);
+ }
+
+ // If there are still some %.. in our command, try to fill these with some other class vars
+ if(preg_match("/%/",$command)){
+ $attrs = get_object_vars($plugin);
+ foreach($attrs as $name => $value){
+ if(is_array($value)){
+ $s = "";
+ foreach($value as $val){
+ if(is_string($val) || is_int($val) || is_float($val) || is_bool($val)){
+ $s .= '"'.$val.'",';
+ }
+ }
+ $value = '['.trim($s,',').']';
+ }
+ if(!is_string($value) && !is_int($value) && !is_float($value) && !is_bool($value)){
+ continue;
+ }
+ $command= preg_replace("/%$name/", $value, $command);
+ }
+ }
+
+ if (check_command($command)){
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,$command,"Execute");
+ exec($command,$arr);
+ if(is_array($arr)){
+ $str = implode("\n",$arr);
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Result: ".$str);
+ }
+ } else {
+ $message= msgPool::cmdnotfound("POSTCREATE", get_class($plugin));
+ msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
+ }
+ }
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: