index ceb49f2bf1b56ab94df65b0e4b74b94b21d2739d..ddd00c55ad105ea00426d63af68816b305e349f9 100644 (file)
<?php
/*
<?php
/*
- This code is part of GOsa (https://gosa.gonicus.de)
- Copyright (C) 2003 Cajus Pollmeier
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id$$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/*! \brief The plugin base class
*/
/*! \brief The plugin base class
/* Save unit tags */
var $gosaUnitTag= "";
/* Save unit tags */
var $gosaUnitTag= "";
+ var $skipTagging= FALSE;
/*!
\brief Used standard values
/*!
\brief Used standard values
var $acl_base= "";
var $acl_category= "";
var $acl_base= "";
var $acl_category= "";
-
- /* Plugin identifier */
- var $plHeadline= "";
- var $plDescription= "";
+ var $read_only = FALSE; // Used when the entry is opened as "readonly" due to locks.
/* This can be set to render the tabulators in another stylesheet */
var $pl_notify= FALSE;
/* This can be set to render the tabulators in another stylesheet */
var $pl_notify= FALSE;
return;
}
return;
}
+ /* Check if this entry was opened in read only mode */
+ if(isset($_POST['open_readonly'])){
+ if(session::global_is_set("LOCK_CACHE")){
+ $cache = &session::get("LOCK_CACHE");
+ if(isset($cache['READ_ONLY'][$this->dn])){
+ $this->read_only = TRUE;
+ }
+ }
+ }
+
/* Save current dn as acl_base */
$this->acl_base= $dn;
/* Get LDAP descriptor */
/* Save current dn as acl_base */
$this->acl_base= $dn;
/* Get LDAP descriptor */
- $ldap= $this->config->get_ldap_link();
if ($dn !== NULL){
/* Load data to 'attrs' and save 'dn' */
if ($parent !== NULL){
$this->attrs= $parent->attrs;
} else {
if ($dn !== NULL){
/* Load data to 'attrs' and save 'dn' */
if ($parent !== NULL){
$this->attrs= $parent->attrs;
} else {
+ $ldap= $this->config->get_ldap_link();
$ldap->cat ($dn);
$this->attrs= $ldap->fetch();
}
$ldap->cat ($dn);
$this->attrs= $ldap->fetch();
}
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->attrs);
if ($found != ""){
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->attrs);
if ($found != ""){
- $this->$val= $this->attrs["$found"][0];
+ $this->$val= $found[0];
}
}
}
}
/* Set the template flag according to the existence of objectClass
gosaUserTemplate */
if (isset($this->attrs['objectClass'])){
/* Set the template flag according to the existence of objectClass
gosaUserTemplate */
if (isset($this->attrs['objectClass'])){
- if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){
+ if (in_array_ics ("gosaUserTemplate", $this->attrs['objectClass'])){
$this->is_template= TRUE;
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
"found", "Template check");
$this->is_template= TRUE;
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__,
"found", "Template check");
/* Prepare saved attributes */
$this->saved_attributes= $this->attrs;
foreach ($this->saved_attributes as $index => $value){
/* Prepare saved attributes */
$this->saved_attributes= $this->attrs;
foreach ($this->saved_attributes as $index => $value){
- if (preg_match('/^[0-9]+$/', $index)){
- unset($this->saved_attributes[$index]);
- continue;
- }
- if (!in_array($index, $this->attributes) && $index != "objectClass"){
+ if (is_numeric($index)){
unset($this->saved_attributes[$index]);
continue;
}
unset($this->saved_attributes[$index]);
continue;
}
- if ($this->saved_attributes[$index]["count"] == 1){
- $tmp= $this->saved_attributes[$index][0];
+
+ if (!in_array_ics($index, $this->attributes) && strcasecmp('objectClass', $index)){
unset($this->saved_attributes[$index]);
unset($this->saved_attributes[$index]);
- $this->saved_attributes[$index]= $tmp;
continue;
}
continue;
}
+ if (isset($this->saved_attributes[$index][0])){
+ if(!isset($this->saved_attributes[$index]["count"])){
+ $this->saved_attributes[$index]["count"] = count($this->saved_attributes[$index]);
+ }
+ if($this->saved_attributes[$index]["count"] == 1){
+ $tmp= $this->saved_attributes[$index][0];
+ unset($this->saved_attributes[$index]);
+ $this->saved_attributes[$index]= $tmp;
+ continue;
+ }
+ }
unset($this->saved_attributes["$index"]["count"]);
}
unset($this->saved_attributes["$index"]["count"]);
}
+
+ if(isset($this->attrs['gosaUnitTag'])){
+ $this->saved_attributes['gosaUnitTag'] = $this->attrs['gosaUnitTag'][0];
+ }
}
/* Save initial account state */
}
/* Save initial account state */
function execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
function execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
- $_SESSION['current_class_for_help'] = get_class($this);
+ session::global_set('current_class_for_help',get_class($this));
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
- $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
+ session::set('LOCK_VARS_TO_USE',array());
+ session::set('LOCK_VARS_USED_GET',array());
+ session::set('LOCK_VARS_USED_POST',array());
+ session::set('LOCK_VARS_USED_REQUEST',array());
}
/*! \brief execute plugin
}
/*! \brief execute plugin
/* Remove objectClasses from entry */
$ldap->cd($this->dn);
$this->attrs= array();
/* Remove objectClasses from entry */
$ldap->cd($this->dn);
$this->attrs= array();
- $this->attrs['objectClass']= array_remove_entries($this->objectclasses,$oc);
+ $this->attrs['objectClass']= array_remove_entries_ics($this->objectclasses,$oc);
/* Unset attributes from entry */
foreach ($this->attributes as $val){
/* Unset attributes from entry */
foreach ($this->attributes as $val){
$data = "";
}
$this->$val= $data;
$data = "";
}
$this->$val= $data;
- //echo "<font color='blue'>".$val."</font><br>";
- }else{
- //echo "<font color='red'>".$val."</font><br>";
}
}
}
}
}
}
}
}
}
}
+ /* Handle tagging */
+ $this->tag_attrs($this->attrs);
}
function cleanup()
{
foreach ($this->attrs as $index => $value){
}
function cleanup()
{
foreach ($this->attrs as $index => $value){
-
+
/* Convert arrays with one element to non arrays, if the saved
attributes are no array, too */
if (is_array($this->attrs[$index]) &&
/* Convert arrays with one element to non arrays, if the saved
attributes are no array, too */
if (is_array($this->attrs[$index]) &&
if ($command != ""){
if (!check_command($command)){
if ($command != ""){
if (!check_command($command)){
- $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command,
- get_class($this));
+ $message[]= msgPool::cmdnotfound("CHECK", get_class($this));
} else {
/* Generate "ldif" for check hook */
} else {
/* Generate "ldif" for check hook */
$current_csn = getEntryCSN($this->dn);
if($current_csn != $this->entryCSN && !empty($this->entryCSN) && !empty($current_csn)){
$this->entryCSN = $current_csn;
$current_csn = getEntryCSN($this->dn);
if($current_csn != $this->entryCSN && !empty($this->entryCSN) && !empty($current_csn)){
$this->entryCSN = $current_csn;
- $message[] = _("The object has changed since opened in GOsa. Please ensure that nobody has done serious changes that may get lost if you save this entry.");
+ $message[] = _("The object has changed since opened in GOsa. All changes that may be done by others get lost if you save this entry!");
}
}
return ($message);
}
/* Adapt from template, using 'dn' */
}
}
return ($message);
}
/* Adapt from template, using 'dn' */
- function adapt_from_template($dn)
+ function adapt_from_template($dn, $skip= array())
{
/* Include global link_info */
$ldap= $this->config->get_ldap_link();
{
/* Include global link_info */
$ldap= $this->config->get_ldap_link();
/* Walk through attributes */
foreach ($this->attributes as $val){
/* Walk through attributes */
foreach ($this->attributes as $val){
+ /* Skip the ones in skip list */
+ if (in_array($val, $skip)){
+ continue;
+ }
+
if (isset($this->attrs["$val"][0])){
/* If attribute is set, replace dynamic parts:
if (isset($this->attrs["$val"][0])){
/* If attribute is set, replace dynamic parts:
if ($command != ""){
if ($command != ""){
- /* Additional attributes */
- foreach ($add_attrs as $name => $value){
- $command= preg_replace("/%$name/", $value, $command);
- }
-
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
- $command= preg_replace("/%$attr/", $this->$attr, $command);
+ $add_attrs[$attr] = $this->$attr;
}
}
}
}
- $command= preg_replace("/%dn/", $this->dn, $command);
+ $add_attrs['dn']=$this->dn;
+
+ $tmp = array();
+ foreach($add_attrs as $name => $value){
+ $tmp[$name] = strlen($name);
+ }
+ arsort($tmp);
+
+ /* Additional attributes */
+ foreach ($tmp as $name => $len){
+ $value = $add_attrs[$name];
+ $command= str_replace("%$name", "$value", $command);
+ }
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
$command, "Execute");
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
$command, "Execute");
-
- exec($command);
+ exec($command,$arr);
+ foreach($arr as $str){
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
+ $command, "Result: ".$str);
+ }
} else {
} else {
- $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
- print_red ($message);
+ $message= msgPool::cmdnotfound("POSTCREATE", get_class($this));
+ msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
}
}
}
}
}
}
if ($command != ""){
if ($command != ""){
- /* Additional attributes */
- foreach ($add_attrs as $name => $value){
- $command= preg_replace("/%$name/", $value, $command);
- }
-
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
- $command= preg_replace("/%$attr/", $this->$attr, $command);
+ $add_attrs[$attr] = $this->$attr;
}
}
}
}
- $command= preg_replace("/%dn/", $this->dn, $command);
+ $add_attrs['dn']=$this->dn;
- if (check_command($command)){
- @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
- $command, "Execute");
+ $tmp = array();
+ foreach($add_attrs as $name => $value){
+ $tmp[$name] = strlen($name);
+ }
+ arsort($tmp);
+
+ /* Additional attributes */
+ foreach ($tmp as $name => $len){
+ $value = $add_attrs[$name];
+ $command= str_replace("%$name", "$value", $command);
+ }
- exec($command);
+ if (check_command($command)){
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,$command, "Execute");
+ exec($command,$arr);
+ foreach($arr as $str){
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
+ $command, "Result: ".$str);
+ }
} else {
} else {
- $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this));
- print_red ($message);
+ $message= msgPool::cmdnotfound("POSTMODIFY", get_class($this));
+ msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
}
}
}
}
}
}
$command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs'));
if ($command != ""){
$command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs'));
if ($command != ""){
- /* Additional attributes */
- foreach ($add_attrs as $name => $value){
- $command= preg_replace("/%$name/", $value, $command);
- }
-
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
/* Walk through attribute list */
foreach ($this->attributes as $attr){
if (!is_array($this->$attr)){
- $command= preg_replace("/%$attr/", $this->$attr, $command);
+ $add_attrs[$attr] = $this->$attr;
}
}
}
}
- $command= preg_replace("/%dn/", $this->dn, $command);
+ $add_attrs['dn']=$this->dn;
+ $tmp = array();
+ foreach($add_attrs as $name => $value){
+ $tmp[$name] = strlen($name);
+ }
+ arsort($tmp);
+
/* Additional attributes */
/* Additional attributes */
- foreach ($add_attrs as $name => $value){
- $command= preg_replace("/%$name/", $value, $command);
+ foreach ($tmp as $name => $len){
+ $value = $add_attrs[$name];
+ $command= str_replace("%$name", "$value", $command);
}
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
$command, "Execute");
}
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
$command, "Execute");
- exec($command);
+ exec($command,$arr);
+ foreach($arr as $str){
+ @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,
+ $command, "Result: ".$str);
+ }
} else {
} else {
- $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this));
- print_red ($message);
+ $message= msgPool::cmdnotfound("POSTREMOVE", get_class($this));
+ msg_dialog::display(_("Error"), $message, ERROR_DIALOG);
}
}
}
}
}
}
function rebind($ldap, $referral)
{
$credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
function rebind($ldap, $referral)
{
$credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
- if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
+ if (ldap_bind($ldap, $credentials['ADMIN'], $this->config->get_credentials($credentials['PASSWORD']))) {
$this->error = "Success";
$this->hascon=true;
$this->reconnect= true;
$this->error = "Success";
$this->hascon=true;
$this->reconnect= true;
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
- $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']);
- $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*");
+ $pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']);
+ $r=ldap_bind($ds,$this->config->current['ADMINDN'], $pwd);
+ $sr=ldap_read($ds, LDAP::fix($src_dn), "objectClass=*");
/* Fill data from LDAP */
$new= array();
/* Fill data from LDAP */
$new= array();
/* Adapt naming attribute */
$dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
$dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
/* Adapt naming attribute */
$dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn);
$dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn);
- $new[$dst_name]= @LDAP::fix($dst_val);
+ $new[$dst_name]= LDAP::fix($dst_val);
/* Check if this is a department.
* If it is a dep. && there is a , override in his ou
* change \2C to , again, else this entry can't be saved ...
*/
if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
/* Check if this is a department.
* If it is a dep. && there is a , override in his ou
* change \2C to , again, else this entry can't be saved ...
*/
if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){
- $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']);
+ $new['ou'] = str_replace("\\\\,",",",$new['ou']);
}
/* Save copy */
}
/* Save copy */
$ldap->cd($dst_dn);
$ldap->add($new);
$ldap->cd($dst_dn);
$ldap->add($new);
- if ($ldap->error != "Success"){
+ if (!$ldap->success()){
trigger_error("Trying to save $dst_dn failed.",
E_USER_WARNING);
return(FALSE);
trigger_error("Trying to save $dst_dn failed.",
E_USER_WARNING);
return(FALSE);
{
/* Rename dn in possible object groups */
$ldap= $this->config->get_ldap_link();
{
/* Rename dn in possible object groups */
$ldap= $this->config->get_ldap_link();
- $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))',
+ $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($src_dn).'))',
array('cn'));
while ($attrs= $ldap->fetch()){
$og= new ogroup($this->config, $ldap->getDN());
array('cn'));
while ($attrs= $ldap->fetch()){
$og= new ogroup($this->config, $ldap->getDN());
$ldap->cat($dst_dn);
$attrs= $ldap->fetch();
if (count($attrs)){
$ldap->cat($dst_dn);
$attrs= $ldap->fetch();
if (count($attrs)){
- trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.",
+ trigger_error("Trying to overwrite ".LDAP::fix($dst_dn).", which already exists.",
E_USER_WARNING);
return (FALSE);
}
E_USER_WARNING);
return (FALSE);
}
$ldap->cat($src_dn);
$attrs= $ldap->fetch();
if (!count($attrs)){
$ldap->cat($src_dn);
$attrs= $ldap->fetch();
if (!count($attrs)){
- trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.",
+ trigger_error("Trying to move ".LDAP::fix($src_dn).", which does not seem to exist.",
E_USER_WARNING);
return (FALSE);
}
E_USER_WARNING);
return (FALSE);
}
$ldap->search("objectClass=*",array("dn"));
while($attrs = $ldap->fetch()){
$src = $attrs['dn'];
$ldap->search("objectClass=*",array("dn"));
while($attrs = $ldap->fetch()){
$src = $attrs['dn'];
- $dst = preg_replace("/".normalizePreg($src_dn)."$/",$dst_dn,$attrs['dn']);
+ $dst = preg_replace("/".preg_quote($src_dn, '/')."$/",$dst_dn,$attrs['dn']);
$this->_copy($src,$dst);
}
return (TRUE);
}
$this->_copy($src,$dst);
}
return (TRUE);
}
+
+ /*! \brief Move a given ldap object indentified by $src_dn \
+ to the given destination $dst_dn \
+ * Ensure that all references are updated (ogroups) \
+ * Update ACLs \
+ * Update accessTo \
+ @param String The source dn.
+ @param String The destination dn.
+ @return Boolean TRUE on success else FALSE.
+ */
+ function rename($src_dn, $dst_dn)
+ {
+ $start = microtime(1);
+
+ /* Try to move the source entry to the destination position */
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dst_dn));
+ if (!$ldap->rename_dn($src_dn,$dst_dn)){
+# msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class()));
+ new log("debug","Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.","FROM: $src_dn -- TO: $dst_dn",array(),$ldap->get_error());
+ @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,"Rename failed FROM: $src_dn -- TO: $dst_dn",
+ "Ldap Protocol v3 implementation error, falling back to maunal method.");
+ return(FALSE);
+ }
+
+ /* Get list of users,groups and roles within this tree,
+ maybe we have to update ACL references.
+ */
+ $leaf_objs = get_list("(|(objectClass=posixGroup)(objectClass=gosaAccount)(objectClass=gosaRole))",array("all"),$dst_dn,
+ array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+ foreach($leaf_objs as $obj){
+ $new_dn = $obj['dn'];
+ $old_dn = preg_replace("/".preg_quote($dst_dn, '/')."$/i",$src_dn,$new_dn);
+ $this->update_acls($old_dn,$new_dn);
+ }
+
+ // Migrate objectgroups if needed
+ $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","ogroups", array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ // Walk through all objectGroups
+ foreach($ogroups as $ogroup){
+ // Migrate old to new dn
+ $o_ogroup= new ogroup($this->config,$ogroup['dn']);
+ unset($o_ogroup->member[$src_dn]);
+ $o_ogroup->member[$dst_dn]= $dst_dn;
+
+ // Save object group
+ $o_ogroup->save();
+ }
+
+ // Migrate rfc groups if needed
+ $groups = get_sub_list("(&(objectClass=posixGroups)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ // Walk through all POSIX groups
+ foreach($groups as $group){
+ // Migrate old to new dn
+ $o_group= new group($this->config,$group['dn']);
+ unset($o_group->member[$src_dn]);
+ $o_group->member[$dst_dn]= $dst_dn;
+
+ // Save object group
+ $o_group->save();
+ }
+
+ /* Update roles to use the new entry dn */
+ $roles = get_sub_list("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","roles", array(get_ou("roleRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ // Walk through all roles
+ foreach($roles as $role){
+ $role = new roleGeneric($this->config,$role['dn']);
+ $key= array_search($src_dn, $role->roleOccupant);
+ if($key !== FALSE){
+ $role->roleOccupant[$key] = $dst_dn;
+ $role->save();
+ }
+ }
+
+ /* Check if there are gosa departments moved.
+ If there were deps moved, the force reload of config->deps.
+ */
+ $leaf_deps= get_list("(objectClass=gosaDepartment)",array("all"),$dst_dn,
+ array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+
+ if(count($leaf_deps)){
+ $this->config->get_departments();
+ $this->config->make_idepartments();
+ session::global_set("config",$this->config);
+ $ui =get_userinfo();
+ $ui->reset_acl_cache();
+ }
+
+ return(TRUE);
+ }
+
+
+
function move($src_dn, $dst_dn)
{
function move($src_dn, $dst_dn)
{
+ /* Do not copy if only upper- lowercase has changed */
+ if(strtolower($src_dn) == strtolower($dst_dn)){
+ return(TRUE);
+ }
+
+
+ /* Try to move the entry instead of copy & delete
+ */
+ if(TRUE){
+
+ /* Try to move with ldap routines, if this was not successfull
+ fall back to the old style copy & remove method
+ */
+ if($this->rename($src_dn, $dst_dn)){
+ return(TRUE);
+ }else{
+ // See code below.
+ }
+ }
+
/* Copy source to destination */
if (!$this->copy($src_dn, $dst_dn)){
return (FALSE);
/* Copy source to destination */
if (!$this->copy($src_dn, $dst_dn)){
return (FALSE);
/* Delete source */
$ldap= $this->config->get_ldap_link();
$ldap->rmdir_recursive($src_dn);
/* Delete source */
$ldap= $this->config->get_ldap_link();
$ldap->rmdir_recursive($src_dn);
- if ($ldap->error != "Success"){
+ if (!$ldap->success()){
trigger_error("Trying to delete $src_dn failed.",
E_USER_WARNING);
return (FALSE);
trigger_error("Trying to delete $src_dn failed.",
E_USER_WARNING);
return (FALSE);
return (FALSE);
}
return (FALSE);
}
- /* Perform a search for all objects to be moved */
- $objects= array();
- $ldap->cd($src_dn);
- $ldap->search("(objectClass=*)", array("dn"));
- while($attrs= $ldap->fetch()){
- $dn= $attrs['dn'];
- $objects[$dn]= strlen($dn);
- }
-
- /* Sort objects by indent level */
- asort($objects);
- reset($objects);
-
- /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */
- foreach ($objects as $object => $len){
- $src= $object;
- $dst= preg_replace("/$src_dn$/", "$dst_dn", $object);
- if (!$this->copy($src, $dst)){
- return (FALSE);
- }
- }
+ $this->copy($src_dn, $dst_dn);
/* Remove src_dn */
$ldap->cd($src_dn);
/* Remove src_dn */
$ldap->cd($src_dn);
- $ldap->recursive_remove();
+ $ldap->recursive_remove($src_dn);
return (TRUE);
}
return (TRUE);
}
$tmp = $source[$var][$i];
}
$this->$var = $tmp;
$tmp = $source[$var][$i];
}
$this->$var = $tmp;
-# echo $var."=".$tmp."<br>";
}else{
$this->$var = $source[$var][0];
}else{
$this->$var = $source[$var][0];
-# echo $var."=".$source[$var][0]."<br>";
}
}else{
$this->$var= $source[$var];
}
}else{
$this->$var= $source[$var];
-# echo $var."=".$source[$var]."<br>";
}
}
}
}
}
}
}
}
-
- function handle_object_tagging($dn= "", $tag= "", $show= false)
+ function tag_attrs(&$at, $dn= "", $tag= "", $show= false)
{
{
- //FIXME: How to optimize this? We have at least two
- // LDAP accesses per object. It would be a good
- // idea to have it integrated.
+ /* Skip tagging?
+ If this is called from departmentGeneric, we have to skip this
+ tagging procedure.
+ */
+ if($this->skipTagging){
+ return;
+ }
/* No dn? Self-operation... */
if ($dn == ""){
/* No dn? Self-operation... */
if ($dn == ""){
foreach ($this->config->adepartments as $key => $ntag){
/* This one is bigger than our dn, its not relevant... */
foreach ($this->config->adepartments as $key => $ntag){
/* This one is bigger than our dn, its not relevant... */
- if ($len <= strlen($key)){
+ if ($len < strlen($key)){
continue;
}
/* This one matches with the latter part. Break and don't fix this entry */
continue;
}
/* This one matches with the latter part. Break and don't fix this entry */
- if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){
+ if (preg_match('/(^|,)'.preg_quote($key, '/').'$/', $dn)){
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
$relevant[strlen($key)]= $ntag;
continue;
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging");
$relevant[strlen($key)]= $ntag;
continue;
}
}
}
}
}
}
-
+
+ /* Remove tags that may already be here... */
+ remove_objectClass("gosaAdministrativeUnitTag", $at);
+ if (isset($at['gosaUnitTag'])){
+ unset($at['gosaUnitTag']);
+ }
/* Set tag? */
if ($tag != ""){
/* Set tag? */
if ($tag != ""){
- /* Set objectclass and attribute */
- $ldap= $this->config->get_ldap_link();
- $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
- $attrs= $ldap->fetch();
- if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){
- if ($show) {
- echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."<br>";
- flush();
- }
- return;
- }
- if (count($attrs)){
- if ($show){
- echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."<br>";
- flush();
- }
- $nattrs= array("gosaUnitTag" => $tag);
- $nattrs['objectClass']= array();
- for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
- $oc= $attrs['objectClass'][$i];
- if ($oc != "gosaAdministrativeUnitTag"){
- $nattrs['objectClass'][]= $oc;
- }
- }
- $nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
- $ldap->cd($dn);
- $ldap->modify($nattrs);
- show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
- } else {
- @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
- }
-
- } else {
- /* Remove objectclass and attribute */
- $ldap= $this->config->get_ldap_link();
- $ldap->cat($dn, array('gosaUnitTag', 'objectClass'));
- $attrs= $ldap->fetch();
- if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){
- @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging");
- return;
- }
- if (count($attrs)){
- if ($show){
- echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."<br>";
- flush();
- }
- $nattrs= array("gosaUnitTag" => array());
- $nattrs['objectClass']= array();
- for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
- $oc= $attrs['objectClass'][$i];
- if ($oc != "gosaAdministrativeUnitTag"){
- $nattrs['objectClass'][]= $oc;
- }
- }
- $ldap->cd($dn);
- $ldap->modify($nattrs);
- show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
- } else {
- @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
- }
+ add_objectClass("gosaAdministrativeUnitTag", $at);
+ $at['gosaUnitTag']= $tag;
}
}
+ /* Initially this object was tagged.
+ - But now, it is no longer inside a tagged department.
+ So force the remove of the tag.
+ (objectClass was already removed obove)
+ */
+ if($tag == "" && $this->gosaUnitTag){
+ $at['gosaUnitTag'] = array();
+ }
}
}
}
/* Get configuration from gosa.conf */
}
/* Get configuration from gosa.conf */
- $tmp = $this->config->current;
+ $config = $this->config;
/* Create lokal ldap connection */
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
/* check if there are special server configurations for snapshots */
/* Create lokal ldap connection */
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
/* check if there are special server configurations for snapshots */
- if(!isset($tmp['SNAPSHOT_SERVER'])){
+ if($config->get_cfg_value("snapshotURI") == ""){
/* Source and destination server are both the same, just copy source to dest obj */
$ldap_to = $ldap;
$snapldapbase = $this->config->current['BASE'];
}else{
/* Source and destination server are both the same, just copy source to dest obj */
$ldap_to = $ldap;
$snapldapbase = $this->config->current['BASE'];
}else{
- $server = $tmp['SNAPSHOT_SERVER'];
- $user = $tmp['SNAPSHOT_USER'];
- $password = $tmp['SNAPSHOT_PASSWORD'];
- $snapldapbase = $tmp['SNAPSHOT_BASE'];
+ $server = $config->get_cfg_value("snapshotURI");
+ $user = $config->get_cfg_value("snapshotAdminDn");
+ $password = $this->config->get_credentials($config->get_cfg_value("snapshotAdminPassword"));
+ $snapldapbase = $config->get_cfg_value("snapshotBase");
- $ldap_to = new LDAP($user,$password, $server);
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
$ldap_to -> cd($snapldapbase);
$ldap_to -> cd($snapldapbase);
- show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
+
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
+ }
+
}
/* check if the dn exists */
}
/* check if the dn exists */
/* Collect some infos */
$base = $this->config->current['BASE'];
/* Collect some infos */
$base = $this->config->current['BASE'];
- $snap_base = $tmp['SNAPSHOT_BASE'];
+ $snap_base = $config->get_cfg_value("snapshotBase");
$base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
$base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn);
- $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
+ $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base;
/* Create object */
#$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
$data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
/* Create object */
#$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))"));
$data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))");
- $newName = preg_replace("/\./", "", $sec."-".$usec);
+ $newName = str_replace(".", "", $sec."-".$usec);
$target= array();
$target['objectClass'] = array("top", "gosaSnapshotObject");
$target['gosaSnapshotData'] = gzcompress($data, 6);
$target= array();
$target['objectClass'] = array("top", "gosaSnapshotObject");
$target['gosaSnapshotData'] = gzcompress($data, 6);
$ldap_to->cat($new_dn);
while($ldap_to->count()){
$ldap_to->cat($new_dn);
$ldap_to->cat($new_dn);
while($ldap_to->count()){
$ldap_to->cat($new_dn);
- $newName = preg_replace("/\./", "", $sec."-".($usec++));
+ $newName = str_replace(".", "", $sec."-".($usec++));
$new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
$target['gosaSnapshotTimestamp'] = $newName;
}
$new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base;
$target['gosaSnapshotTimestamp'] = $newName;
}
$ldap_to->create_missing_trees($new_base);
$ldap_to->cd($new_dn);
$ldap_to->add($target);
$ldap_to->create_missing_trees($new_base);
$ldap_to->cd($new_dn);
$ldap_to->add($target);
-
- show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
- show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $new_dn, LDAP_ADD, get_class()));
+ }
+
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $new_base, "", get_class()));
+ }
+
}
}
}
}
$this->dn = $dn;
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$this->dn = $dn;
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
- $ldap->rmdir_recursive($dn);
+ $ldap->rmdir_recursive($this->dn);
+ if(!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn));
+ }
$this->dn = $old_dn;
}
$this->dn = $old_dn;
}
There will also be some errors psoted, if the configuration failed */
function snapshotEnabled()
{
There will also be some errors psoted, if the configuration failed */
function snapshotEnabled()
{
- $tmp = $this->config->current;
- if(isset($tmp['ENABLE_SNAPSHOT'])){
- if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){
-
- /* Check if the snapshot_base is defined */
- if(!isset($tmp['SNAPSHOT_BASE'])){
- print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),"SNAPSHOT_BASE"));
- return(FALSE);
- }
-
- /* check if there are special server configurations for snapshots */
- if(isset($tmp['SNAPSHOT_SERVER'])){
-
- /* check if all required vars are available to create a new ldap connection */
- $missing = "";
- foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){
- if(!isset($tmp[$var])){
- $missing .= $var." ";
- print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing));
- return(FALSE);
- }
- }
- }
- return(TRUE);
- }
- }
- return(FALSE);
+ return $this->config->snapshotEnabled();
}
}
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
-
- if(isset($cfg['SERVER']) && isset($cfg['SNAPSHOT_SERVER']) && $cfg['SERVER'] == $cfg['SNAPSHOT_SERVER']){
- $ldap_to = $ldap;
- }elseif(isset($cfg['SNAPSHOT_SERVER'])){
- $server = $cfg['SNAPSHOT_SERVER'];
- $user = $cfg['SNAPSHOT_USER'];
- $password = $cfg['SNAPSHOT_PASSWORD'];
- $snapldapbase = $cfg['SNAPSHOT_BASE'];
-
- $ldap_to = new LDAP($user,$password, $server);
- $ldap_to -> cd ($snapldapbase);
- show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
+ if($this->config->get_cfg_value("snapshotURI") == ""){
+ $ldap_to = $ldap;
}else{
}else{
- $ldap_to = $ldap;
+ $server = $this->config->get_cfg_value("snapshotURI");
+ $user = $this->config->get_cfg_value("snapshotAdminDn");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
+ $snapldapbase = $this->config->get_cfg_value("snapshotBase");
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
+ $ldap_to -> cd($snapldapbase);
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
+ }
}
/* Prepare bases and some other infos */
$base = $this->config->current['BASE'];
}
/* Prepare bases and some other infos */
$base = $this->config->current['BASE'];
- $snap_base = $cfg['SNAPSHOT_BASE'];
+ $snap_base = $this->config->get_cfg_value("snapshotBase");
$base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
$base_of_object = preg_replace ('/^[^,]+,/i', '', $dn);
- $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
+ $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base;
$tmp = array();
/* Fetch all objects with gosaSnapshotDN=$dn */
$tmp = array();
/* Fetch all objects with gosaSnapshotDN=$dn */
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
- if(isset($cfg['SNAPSHOT_SERVER'])){
- $server = $cfg['SNAPSHOT_SERVER'];
- $user = $cfg['SNAPSHOT_USER'];
- $password = $cfg['SNAPSHOT_PASSWORD'];
- $snapldapbase = $cfg['SNAPSHOT_BASE'];
- $ldap_to = new LDAP($user,$password, $server);
- $ldap_to->cd ($snapldapbase);
- show_ldap_error($ldap_to->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
+ if($this->config->get_cfg_value("snapshotURI") == ""){
+ $ldap_to = $ldap;
}else{
}else{
- $ldap_to = $ldap;
+ $server = $this->config->get_cfg_value("snapshotURI");
+ $user = $this->config->get_cfg_value("snapshotAdminDn");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
+ $snapldapbase = $this->config->get_cfg_value("snapshotBase");
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
+ $ldap_to -> cd($snapldapbase);
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
+ }
}
/* Prepare bases */
$base = $this->config->current['BASE'];
}
/* Prepare bases */
$base = $this->config->current['BASE'];
- $snap_base = $cfg['SNAPSHOT_BASE'];
- $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base;
+ $snap_base = $this->config->get_cfg_value("snapshotBase");
+ $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base;
/* Fetch all objects and check if they do not exist anymore */
$ui = get_userinfo();
/* Fetch all objects and check if they do not exist anymore */
$ui = get_userinfo();
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
$cfg= &$this->config->current;
/* check if there are special server configurations for snapshots */
- if(isset($cfg['SNAPSHOT_SERVER'])){
- $server = $cfg['SNAPSHOT_SERVER'];
- $user = $cfg['SNAPSHOT_USER'];
- $password = $cfg['SNAPSHOT_PASSWORD'];
- $snapldapbase = $cfg['SNAPSHOT_BASE'];
- $ldap_to = new LDAP($user,$password, $server);
- $ldap_to->cd ($snapldapbase);
- show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
+ if($this->config->get_cfg_value("snapshotURI") == ""){
+ $ldap_to = $ldap;
}else{
}else{
- $ldap_to = $ldap;
+ $server = $this->config->get_cfg_value("snapshotURI");
+ $user = $this->config->get_cfg_value("snapshotAdminDn");
+ $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
+ $snapldapbase = $this->config->get_cfg_value("snapshotBase");
+ $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server));
+ $ldap_to -> cd($snapldapbase);
+ if (!$ldap_to->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class()));
+ }
}
/* Get the snapshot */
}
/* Get the snapshot */
$data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
/* Import the given data */
$data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData'));
/* Import the given data */
+ $err = "";
$ldap->import_complete_ldif($data,$err,false,false);
$ldap->import_complete_ldif($data,$err,false,false);
- show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, "", get_class()));
+ }
}
}
- function showSnapshotDialog($base,$baseSuffixe)
+ function showSnapshotDialog($base,$baseSuffixe,&$parent)
{
$once = true;
{
$once = true;
+ $ui = get_userinfo();
+ $this->parent = $parent;
+
foreach($_POST as $name => $value){
/* Create a new snapshot, display a dialog */
foreach($_POST as $name => $value){
/* Create a new snapshot, display a dialog */
- if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
+ if(preg_match("/^CreateSnapShotDialog_[^_]*_[xy]$/",$name) && $once){
+
+ $entry = base64_decode(preg_replace("/^CreateSnapShotDialog_([^_]*)_[xy]$/","\\1",$name));
$once = false;
$once = false;
- $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
- $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
- $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
- }
+ $entry = preg_replace("/^CreateSnapShotDialog_/","",$entry);
+ if(!empty($entry) && $ui->allow_snapshot_create($entry,$this->parent->acl_module)){
+ $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
+ }else{
+ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to create a snapshot for %s."),$entry),ERROR_DIALOG);
+ }
+ }
+
/* Restore a snapshot, display a dialog with all snapshots of the current object */
if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
$once = false;
/* Restore a snapshot, display a dialog with all snapshots of the current object */
if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
$once = false;
- $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
- $entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
- $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
- $this->snapDialog->display_restore_dialog = true;
+ $entry = base64_decode(preg_replace("/^RestoreSnapShotDialog_([^_]*)_[xy]$/i","\\1",$name));
+ if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
+ $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
+ $this->snapDialog->display_restore_dialog = true;
+ }else{
+ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$entry),ERROR_DIALOG);
+ }
}
/* Restore one of the already deleted objects */
if(((isset($_POST['menu_action']) && $_POST['menu_action'] == "RestoreDeletedSnapShot")
|| preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){
$once = false;
}
/* Restore one of the already deleted objects */
if(((isset($_POST['menu_action']) && $_POST['menu_action'] == "RestoreDeletedSnapShot")
|| preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){
$once = false;
- $this->snapDialog = new SnapShotDialog($this->config,"",$this);
- $this->snapDialog->set_snapshot_bases($baseSuffixe);
- $this->snapDialog->display_restore_dialog = true;
- $this->snapDialog->display_all_removed_objects = true;
+
+ if($ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
+ $this->snapDialog = new SnapShotDialog($this->config,"",$this);
+ $this->snapDialog->set_snapshot_bases($baseSuffixe);
+ $this->snapDialog->display_restore_dialog = true;
+ $this->snapDialog->display_all_removed_objects = true;
+ }else{
+ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$base),ERROR_DIALOG);
+ }
}
/* Restore selected snapshot */
if(preg_match("/^RestoreSnapShot_/",$name) && $once){
$once = false;
}
/* Restore selected snapshot */
if(preg_match("/^RestoreSnapShot_/",$name) && $once){
$once = false;
- $entry = preg_replace("/^RestoreSnapShot_/","",$name);
- $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
- if(!empty($entry)){
+ $entry = base64_decode(preg_replace("/^RestoreSnapShot_([^_]*)_[xy]$/i","\\1",$name));
+
+ if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
$this->restore_snapshot($entry);
$this->snapDialog = NULL;
$this->restore_snapshot($entry);
$this->snapDialog = NULL;
+ }else{
+ msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$entry),ERROR_DIALOG);
}
}
}
}
}
}
$msgs = $this->snapDialog->check();
if(count($msgs)){
foreach($msgs as $msg){
$msgs = $this->snapDialog->check();
if(count($msgs)){
foreach($msgs as $msg){
- print_red($msg);
+ msg_dialog::display(_("Error"), $msg, ERROR_DIALOG);
}
}else{
$this->dn = $this->snapDialog->dn;
}
}else{
$this->dn = $this->snapDialog->dn;
function acl_is_writeable($attribute,$skip_write = FALSE)
{
function acl_is_writeable($attribute,$skip_write = FALSE)
{
+ if($this->read_only) return(FALSE);
$ui= get_userinfo();
return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
}
$ui= get_userinfo();
return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
}
}
}
- function acl_is_createable()
+ function acl_is_createable($base ="")
{
{
+ if($this->read_only) return(FALSE);
$ui= get_userinfo();
$ui= get_userinfo();
- return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ if($base == "") $base = $this->acl_base;
+ return preg_match('/c/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
}
- function acl_is_removeable()
+ function acl_is_removeable($base ="")
{
{
+ if($this->read_only) return(FALSE);
$ui= get_userinfo();
$ui= get_userinfo();
- return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ if($base == "") $base = $this->acl_base;
+ return preg_match('/d/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
}
- function acl_is_moveable()
+ function acl_is_moveable($base = "")
{
{
+ if($this->read_only) return(FALSE);
$ui= get_userinfo();
$ui= get_userinfo();
- return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ if($base == "") $base = $this->acl_base;
+ return preg_match('/m/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0'));
}
}
function getacl($attribute,$skip_write= FALSE)
{
$ui= get_userinfo();
function getacl($attribute,$skip_write= FALSE)
{
$ui= get_userinfo();
+ $skip_write |= $this->read_only;
return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
}
return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
}
- /* Get all allowed bases to move an object to or to create a new object.
- Idepartments also contains all base departments which lead to the allowed bases */
- function get_allowed_bases($category = "")
+
+ /*! \brief Returns a list of all available departments for this object.
+ If this object is new, all departments we are allowed to create a new user in are returned.
+ If this is an existing object, return all deps. we are allowed to move tis object too.
+
+ @return Array [dn] => "..name" // All deps. we are allowed to act on.
+ */
+ function get_allowed_bases()
{
$ui = get_userinfo();
$deps = array();
{
$ui = get_userinfo();
$deps = array();
- /* Set category */
- if(empty($category)){
- $category = $this->acl_category.get_class($this);
- }
-
/* Is this a new object ? Or just an edited existing object */
if(!$this->initially_was_account && $this->is_account){
$new = true;
/* Is this a new object ? Or just an edited existing object */
if(!$this->initially_was_account && $this->is_account){
$new = true;
$new = false;
}
$new = false;
}
- $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
foreach($this->config->idepartments as $dn => $name){
foreach($this->config->idepartments as $dn => $name){
-
- if(!in_array_ics($dn,$cat_bases)){
- continue;
- }
-
- $acl = $ui->get_permissions($dn,$category);
- if($new && preg_match("/c/",$acl)){
+ if($new && $this->acl_is_createable($dn)){
$deps[$dn] = $name;
$deps[$dn] = $name;
- }elseif(!$new && preg_match("/m/",$acl)){
+ }elseif(!$new && $this->acl_is_moveable($dn)){
$deps[$dn] = $name;
}
}
$deps[$dn] = $name;
}
}
/* Add current base */
if(isset($this->base) && isset($this->config->idepartments[$this->base])){
$deps[$this->base] = $this->config->idepartments[$this->base];
/* Add current base */
if(isset($this->base) && isset($this->config->idepartments[$this->base])){
$deps[$this->base] = $this->config->idepartments[$this->base];
+ }elseif(strtolower($this->dn) == strtolower($this->config->current['BASE'])){
+
}else{
}else{
- echo "No default base found. ".$this->base."<br> ";
+ trigger_error("Cannot return list of departments, no default base found in class ".get_class($this).". ".$this->base);
}
}
-
return($deps);
}
return($deps);
}
- /* This function modifies object acls too, if an object is moved.
+
+ /* This function updates ACL settings if $old_dn was used.
* $old_dn specifies the actually used dn
* $new_dn specifies the destiantion dn
*/
* $old_dn specifies the actually used dn
* $new_dn specifies the destiantion dn
*/
}
/* Update userinfo if necessary */
}
/* Update userinfo if necessary */
- if($_SESSION['ui']->dn == $old_dn){
- $_SESSION['ui']->dn = $new_dn;
- new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'");
+ $ui = session::global_get('ui');
+ if($ui->dn == $old_dn){
+ $ui->dn = $new_dn;
+ session::global_set('ui',$ui);
+ new log("view","acl/".get_class($this),$this->dn,array(),"Updated current object dn from '".$old_dn."' to '".$new_dn."'");
}
/* Object was moved, ensure that all acls will be moved too */
}
/* Object was moved, ensure that all acls will be moved too */
$update = array();
$ldap = $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
$update = array();
$ldap = $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($old_dn)."*))",array("cn","gosaAclEntry"));
while($attrs = $ldap->fetch()){
while($attrs = $ldap->fetch()){
-
$acls = array();
$acls = array();
-
- /* Walk through acls */
+ $found = false;
for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
-
- /* Reset vars */
- $found = false;
-
- /* Get Acl parts */
$acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
$acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
- /* Get every single member for this acl */
- $members = array();
- if(preg_match("/,/",$acl_parts[2])){
- $members = split(",",$acl_parts[2]);
- }else{
- $members = array($acl_parts[2]);
- }
-
- /* Check if member match current dn */
+ /* Roles uses antoher data storage order, members are stored int the third part,
+ while the members in direct ACL assignments are stored in the second part.
+ */
+ $id = ($acl_parts[1] == "role") ? 3 : 2;
+
+ /* Update member entries to use $new_dn instead of old_dn
+ */
+ $members = explode(",",$acl_parts[$id]);
foreach($members as $key => $member){
$member = base64_decode($member);
if($member == $old_dn){
foreach($members as $key => $member){
$member = base64_decode($member);
if($member == $old_dn){
- $found = true;
$members[$key] = base64_encode($new_dn);
$members[$key] = base64_encode($new_dn);
+ $found = TRUE;
}
}
}
}
-
- /* Create new member string */
- $new_members = "";
- foreach($members as $member){
- $new_members .= $member.",";
- }
- $new_members = preg_replace("/,$/","",$new_members);
- $acl_parts[2] = $new_members;
-
- /* Reconstruckt acl entry */
- $acl_str ="";
- foreach($acl_parts as $t){
- $acl_str .= $t.":";
- }
- $acl_str = preg_replace("/:$/","",$acl_str);
- }
-
- /* Acls for this object must be adjusted */
- if($found){
-
- if($output_changes){
- echo "<font color='green'>".
- _("Changing ACL dn")." : <br> -"._("from")." <b> ".
- $old_dn.
- "</b><br> -"._("to")." <b>".
- $new_dn.
- "</b></font><br>";
+
+ /* Check if the selected role has to updated
+ */
+ if($acl_parts[1] == "role" && $acl_parts[2] == base64_encode($old_dn)){
+ $acl_parts[2] = base64_encode($new_dn);
+ $found = TRUE;
}
}
+
+ /* Build new acl string */
+ $acl_parts[$id] = implode($members,",");
+ $acls[] = implode($acl_parts,":");
+ }
+
+ /* Acls for this object must be adjusted */
+ if($found){
+
+ $debug_info= _("Changing ACL dn")." : <br> -"._("from")." <b> ".
+ $old_dn."</b><br> -"._("to")." <b>".$new_dn."</b><br>";
+ @DEBUG (DEBUG_ACL, __LINE__, __FUNCTION__, __FILE__,$debug_info,"ACL");
+
$update[$attrs['dn']] =array();
foreach($acls as $acl){
$update[$attrs['dn']]['gosaAclEntry'][] = $acl;
$update[$attrs['dn']] =array();
foreach($acls as $acl){
$update[$attrs['dn']]['gosaAclEntry'][] = $acl;
/* Copy needed attributes */
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->multi_attrs);
/* Copy needed attributes */
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->multi_attrs);
+
if ($found != ""){
if ($found != ""){
- if(isset($this->multi_attrs["$found"][0])){
- $this->$val= $this->multi_attrs["$found"][0];
+ if(isset($this->multi_attrs["$val"][0])){
+ $this->$val= $this->multi_attrs["$val"][0];
}
}
}
}
}
}
function multiple_execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
function multiple_execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
- $_SESSION['current_class_for_help'] = get_class($this);
+ session::global_set('current_class_for_help',get_class($this));
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
- $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
+ session::set('LOCK_VARS_TO_USE',array());
+ session::set('LOCK_VARS_USED_GET',array());
+ session::set('LOCK_VARS_USED_POST',array());
+ session::set('LOCK_VARS_USED_REQUEST',array());
return("Multiple edit is currently not implemented for this plugin.");
}
return("Multiple edit is currently not implemented for this plugin.");
}
/* Save values to object */
$this->multi_boxes = array();
foreach ($this->attributes as $val){
/* Save values to object */
$this->multi_boxes = array();
foreach ($this->attributes as $val){
- if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
+
+ /* Get selected checkboxes from multiple edit */
+ if(isset($_POST["use_".$val])){
+ $this->multi_boxes[] = $val;
+ }
- if(isset($_POST["use_".$val])){
- $this->multi_boxes[] = $val;
- }
+ if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
/* Check for modifications */
if (get_magic_quotes_gpc()) {
/* Check for modifications */
if (get_magic_quotes_gpc()) {
$message = plugin::check();
return($message);
}
$message = plugin::check();
return($message);
}
+
+
+ /*! \brief Returns the snapshot header part for "Actions" menu in management dialogs
+ @param $layer_menu
+ */
+ function get_snapshot_header($base,$category)
+ {
+ $str = "";
+ $ui = get_userinfo();
+ if($this->snapshotEnabled() && $ui->allow_snapshot_restore($base,$category)){
+
+ $ok = false;
+ foreach($this->get_used_snapshot_bases() as $base){
+ $ok |= count($this->getAllDeletedSnapshots($base)) >= 1 ;
+ }
+
+ if($ok){
+ $str = "..|<img class='center' src='images/lists/restore.png' ".
+ "alt='"._("Restore")."'> "._("Restore"). "|RestoreDeletedSnapShot|\n";
+ }else{
+ $str = "..|<img class='center' src='images/lists/restore_grey.png' alt=''> "._("Restore")."||\n";
+ }
+ }
+ return($str);
+ }
+
+
+ function get_snapshot_action($base,$category)
+ {
+ $str= "";
+ $ui = get_userinfo();
+ if($this->snapshotEnabled()){
+ if ($ui->allow_snapshot_restore($base,$category)){
+
+ if(count($this->Available_SnapsShots($base))){
+ $str.= "<input class='center' type='image' src='images/lists/restore.png'
+ alt='"._("Restore snapshot")."' name='RestoreSnapShotDialog_".base64_encode($base)."' title='"._("Restore snapshot")."'> ";
+ } else {
+ $str = "<img class='center' src='images/lists/restore_grey.png' alt=''> ";
+ }
+ }
+ if($ui->allow_snapshot_create($base,$category)){
+ $str.= "<input class='center' type='image' src='images/snapshot.png'
+ alt='"._("Create snapshot")."' name='CreateSnapShotDialog_".base64_encode($base)."'
+ title='"._("Create a new snapshot from this object")."'> ";
+ }else{
+ $str = "<img class='center' src='images/empty.png' alt=' '> ";
+ }
+ }
+
+ return($str);
+ }
+
+
+ function get_copypaste_action($base,$category,$class,$copy = TRUE, $cut = TRUE)
+ {
+ $ui = get_userinfo();
+ $action = "";
+ if($this->CopyPasteHandler){
+ if($cut){
+ if($ui->is_cutable($base,$category,$class)){
+ $action .= "<input class='center' type='image'
+ src='images/lists/cut.png' alt='"._("cut")."' name='cut_%KEY%' title='"._("Cut this entry")."'> ";
+ }else{
+ $action.="<img src='images/empty.png' alt=' ' class='center'> ";
+ }
+ }
+ if($copy){
+ if($ui->is_copyable($base,$category,$class)){
+ $action.= "<input class='center' type='image'
+ src='images/lists/copy.png' alt='"._("copy")."' name='copy_%KEY%' title='"._("Copy this entry")."'> ";
+ }else{
+ $action.="<img src='images/empty.png' alt=' ' class='center'> ";
+ }
+ }
+ }
+
+ return($action);
+ }
+
+
+ function get_copypaste_header($base,$category,$copy = TRUE, $cut = TRUE)
+ {
+ $s = "";
+ $ui =get_userinfo();
+
+ if(!is_array($category)){
+ $category = array($category);
+ }
+
+ /* Check permissions for each category, if there is at least one category which
+ support read or paste permissions for the given base, then display the specific actions.
+ */
+ $readable = $pasteable = false;
+ foreach($category as $cat){
+ $readable= $readable || preg_match('/r/', $ui->get_category_permissions($base, $cat));
+ $pasteable= $pasteable || $ui->is_pasteable($base, $cat) == 1;
+ }
+
+ if(($cut || $copy) && isset($this->CopyPasteHandler) && is_object($this->CopyPasteHandler)){
+ if($readable){
+ $s.= "..|---|\n";
+ if($copy){
+ $s.= "..|<img src='images/lists/copy.png' alt='' border='0' class='center'>".
+ " "._("Copy")."|"."multiple_copy_systems|\n";
+ }
+ if($cut){
+ $s.= "..|<img src='images/lists/cut.png' alt='' border='0' class='center'>".
+ " "._("Cut")."|"."multiple_cut_systems|\n";
+ }
+ }
+
+ if($pasteable){
+ if($this->CopyPasteHandler->entries_queued()){
+ $img = "<img border='0' class='center' src='images/lists/paste.png' alt=''>";
+ $s.="..|".$img." "._("Paste")."|editPaste|\n";
+ }else{
+ $img = "<img border='0' class='center' src='images/lists/paste-grey.png' alt=''>";
+ $s.="..|".$img." "._("Paste")."\n";
+ }
+ }
+ }
+ return($s);
+ }
+
+
+ function get_used_snapshot_bases()
+ {
+ return(array());
+ }
+
+ function is_modal_dialog()
+ {
+ return(isset($this->dialog) && $this->dialog);
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: