index 4d8f82a595bb269d9a356749c97b005c5ed1e741..e854884a4e81f9c3c10b265f647f660e6617f75c 100644 (file)
\param dn Distinguished name to initialize plugin from
\sa plugin()
*/
- function plugin (&$config, $dn= NULL, $parent= NULL)
+ function plugin (&$config, $dn= NULL, $object= NULL)
{
/* Configuration is fine, allways */
$this->config= &$config;
$this->dn= $dn;
+ // Ensure that we've a valid acl_category set.
+ if(empty($this->acl_category)){
+ $tmp = $this->plInfo();
+ if (isset($tmp['plCategory'])) {
+ $c = key($tmp['plCategory']);
+ if(is_numeric($c)){
+ $c = $tmp['plCategory'][0];
+ }
+ $this->acl_category = $c."/";
+ }
+ }
+
/* Handle new accounts, don't read information from LDAP */
if ($dn == "new"){
return;
if ($dn !== NULL){
/* Load data to 'attrs' and save 'dn' */
- if ($parent !== NULL){
- $this->attrs= $parent->attrs;
+ if ($object !== NULL){
+ $this->attrs= $object->attrs;
} else {
$ldap= $this->config->get_ldap_link();
$ldap->cat ($dn);
}
- /*! \brief execute plugin
-
- Generates the html output for this node
+ /*! \brief Generates the html output for this node
*/
function execute()
{
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
- session::set('LOCK_VARS_USED',array());
+ session::set('LOCK_VARS_USED_GET',array());
+ session::set('LOCK_VARS_USED_POST',array());
+ session::set('LOCK_VARS_USED_REQUEST',array());
}
- /*! \brief execute plugin
- Removes object from parent
+ /*! \brief Removes object from parent
*/
function remove_from_parent()
{
}
- /*! \brief Save HTML posted data to object
+ /*! \brief Save HTML posted data to object
*/
function save_object()
{
}
- /* Save data to LDAP, depending on is_account we save or delete */
+ /*! \brief Save data to LDAP, depending on is_account we save or delete */
function save()
{
/* include global link_info */
}
}
- /* Check formular input */
+ /*! \brief Check formular input */
function check()
{
$message= array();
}
}
- /* Indicate whether a password change is needed or not */
+ /* \brief Indicate whether a password change is needed or not */
function password_change_needed()
{
return FALSE;
}
- /* Show header message for tab dialogs */
+ /*! \brief Show header message for tab dialogs */
function show_enable_header($button_text, $text, $disabled= FALSE)
{
if (($disabled == TRUE) || (!$this->acl_is_createable())){
}
- /* Show header message for tab dialogs */
+ /*! \brief Show header message for tab dialogs */
function show_disable_header($button_text, $text, $disabled= FALSE)
{
if (($disabled == TRUE) || !$this->acl_is_removeable()){
}
- /* Show header message for tab dialogs */
+ /*! \brief Show header message for tab dialogs */
function show_header($button_text, $text, $disabled= FALSE)
{
echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header<br>";
return($display);
}
-
+ /*! \brief Executes commands after an object has been created */
function postcreate($add_attrs= array())
{
/* Find postcreate entries for this class */
}
}
+ /*! \brief Execute commands after an object has been modified */
function postmodify($add_attrs= array())
{
/* Find postcreate entries for this class */
}
}
+ /*! \brief Executes a command after an object has been removed */
function postremove($add_attrs= array())
{
/* Find postremove entries for this class */
}
}
+
/* Create unique DN */
+ function create_unique_dn2($data, $base)
+ {
+ $ldap= $this->config->get_ldap_link();
+ $base= preg_replace("/^,*/", "", $base);
+
+ /* Try to use plain entry first */
+ $dn= "$data,$base";
+ $attribute= preg_replace('/=.*$/', '', $data);
+ $ldap->cat ($dn, array('dn'));
+ if (!$ldap->fetch()){
+ return ($dn);
+ }
+
+ /* Look for additional attributes */
+ foreach ($this->attributes as $attr){
+ if ($attr == $attribute || $this->$attr == ""){
+ continue;
+ }
+
+ $dn= "$data+$attr=".$this->$attr.",$base";
+ $ldap->cat ($dn, array('dn'));
+ if (!$ldap->fetch()){
+ return ($dn);
+ }
+ }
+
+ /* None found */
+ return ("none");
+ }
+
+
+ /*! \brief Create unique DN */
function create_unique_dn($attribute, $base)
{
$ldap= $this->config->get_ldap_link();
return ("none");
}
+
function rebind($ldap, $referral)
{
$credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']);
/* FAIvariable=.../..., cn=..
could not be saved, because the attribute FAIvariable was different to
the dn FAIvariable=..., cn=... */
+
+ if(!is_array($new['objectClass'])) $new['objectClass'] = array($new['objectClass']);
+
if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){
$new['FAIvariable'] = $ldap->fix($new['FAIvariable']);
}
- /*! \brief Move a given ldap object indentified by $src_dn \
- to the given destination $dst_dn \
- * Ensure that all references are updated (ogroups) \
- * Update ACLs \
- * Update accessTo \
- @param String The source dn.
- @param String The destination dn.
- @return Boolean TRUE on success else FALSE.
+ /*! \brief Rename/Move a given src_dn to the given dest_dn
+ *
+ * Move a given ldap object indentified by $src_dn to the
+ * given destination $dst_dn
+ *
+ * - Ensure that all references are updated (ogroups)
+ * - Update ACLs
+ * - Update accessTo
+ *
+ * \param string 'src_dn' the source DN.
+ * \param string 'dst_dn' the destination DN.
+ * \return boolean TRUE on success else FALSE.
*/
function rename($src_dn, $dst_dn)
{
array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
foreach($leaf_objs as $obj){
$new_dn = $obj['dn'];
- $old_dn = preg_replace("/".preg_quote($dst_dn, '/')."$/i",$src_dn,$new_dn);
+ $old_dn = preg_replace("/".preg_quote(LDAP::convert($dst_dn), '/')."$/i",$src_dn,LDAP::convert($new_dn));
$this->update_acls($old_dn,$new_dn);
}
foreach($ogroups as $ogroup){
// Migrate old to new dn
$o_ogroup= new ogroup($this->config,$ogroup['dn']);
- unset($o_ogroup->member[$src_dn]);
+ if (isset($o_group->member[$src_dn])) {
+ unset($o_ogroup->member[$src_dn]);
+ }
$o_ogroup->member[$dst_dn]= $dst_dn;
// Save object group
}
// Migrate rfc groups if needed
- $groups = get_sub_list("(&(objectClass=posixGroups)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
+ $groups = get_sub_list("(&(objectClass=posixGroup)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
// Walk through all POSIX groups
foreach($groups as $group){
+
// Migrate old to new dn
$o_group= new group($this->config,$group['dn']);
- unset($o_group->member[$src_dn]);
- $o_group->member[$dst_dn]= $dst_dn;
-
- // Save object group
$o_group->save();
}
$role->save();
}
}
+
+ // Update 'manager' attributes from gosaDepartment and inetOrgPerson
+ $filter = "(&(objectClass=inetOrgPerson)(manager=".LDAP::prepare4filter(LDAP::fix($src_dn))."))";
+ $ocs = $ldap->get_objectclasses();
+ if(isset($ocs['gosaDepartment']['MAY']) && in_array('manager', $ocs['inetOrgPerson']['MAY'])){
+ $filter = "(|".$filter."(&(objectClass=gosaDepartment)(manager=".LDAP::prepare4filter(LDAP::fix($src_dn)).")))";
+ }
+ $leaf_deps= get_list($filter,array("all"),$this->config->current['BASE'],
+ array("manager","dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+ foreach($leaf_deps as $entry){
+ $update = array('manager' => $dst_dn);
+ $ldap->cd($entry['dn']);
+ $ldap->modify($update);
+ if(!$ldap->success()){
+ trigger_error(sprintf("Failed to update manager for '%s', error was '%s'", $entry['dn'], $ldap->get_error()));
+ }
+ }
/* Check if there are gosa departments moved.
If there were deps moved, the force reload of config->deps.
}
-
+
function move($src_dn, $dst_dn)
{
/* Do not copy if only upper- lowercase has changed */
}
- /* Move/Rename complete trees */
+ /* \brief Move/Rename complete trees */
function recursive_move($src_dn, $dst_dn)
{
/* Check if the destination entry exists */
}
+ /*! \brief Prepare for Copy & Paste */
function PrepareForCopyPaste($source)
{
$todo = $this->attributes;
if (isset($source[$var])){
if(isset($source[$var]['count'])){
if($source[$var]['count'] > 1){
- $this->$var = array();
- $tmp = array();
- for($i = 0 ; $i < $source[$var]['count']; $i++){
- $tmp = $source[$var][$i];
- }
+ $tmp= $source[$var];
+ unset($tmp['count']);
$this->$var = $tmp;
}else{
$this->$var = $source[$var][0];
}
}
- function tag_attrs(&$at, $dn= "", $tag= "", $show= false)
- {
- /* Skip tagging?
+ /*! \brief Get gosaUnitTag for the given DN
If this is called from departmentGeneric, we have to skip this
tagging procedure.
- */
+ */
+ function tag_attrs(&$at, $dn= "", $tag= "", $show= false)
+ {
+ /* Skip tagging? */
if($this->skipTagging){
return;
}
}
}
}
-
+
+ /*! \brief Add unit tag */
/* Remove tags that may already be here... */
remove_objectClass("gosaAdministrativeUnitTag", $at);
if (isset($at['gosaUnitTag'])){
}
- /* Add possibility to stop remove process */
+ /*! \brief Test for removability of the object
+ *
+ * Allows testing of conditions for removal of object. If removal should be aborted
+ * the function needs to remove an error message.
+ * */
function allow_remove()
{
$reason= "";
}
- /* Create a snapshot of the current object */
+ /*! \brief Create a snapshot of the current object */
function create_snapshot($type= "snapshot", $description= array())
{
}
}
+ /*! \brief Remove a snapshot */
function remove_snapshot($dn)
{
$ui = get_userinfo();
}
- /* returns true if snapshots are enabled, and false if it is disalbed
- There will also be some errors psoted, if the configuration failed */
+ /*! \brief Test if snapshotting is enabled
+ *
+ * Test weither snapshotting is enabled or not. There will also be some errors posted,
+ * if the configuration failed
+ * \return TRUE if snapshots are enabled, and FALSE if it is disabled
+ */
function snapshotEnabled()
{
- $config = $this->config;
- if($config->get_cfg_value("enableSnapshots") == "true"){
-
- /* Check if the snapshot_base is defined */
- if ($config->get_cfg_value("snapshotBase") == ""){
-
- /* Send message if not done already */
- if(!session::is_set("snapshotFailMessageSend")){
- session::set("snapshotFailMessageSend",TRUE);
- msg_dialog::display(_("Configuration error"),
- sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."),
- "snapshotBase"), ERROR_DIALOG);
- }
- return(FALSE);
- }
-
- /* Check if the snapshot_base is defined */
- if (!is_callable("gzcompress")){
-
- /* Send message if not done already */
- if(!session::is_set("snapshotFailMessageSend")){
- session::set("snapshotFailMessageSend",TRUE);
- msg_dialog::display(_("Configuration error"),
- sprintf(_("The snapshot functionality is enabled, but the required compression module is missing. Please install '%s'."),"php5-zip / php5-gzip"), ERROR_DIALOG);
- }
- return(FALSE);
- }
-
- /* check if there are special server configurations for snapshots */
- if ($config->get_cfg_value("snapshotURI") != ""){
-
- /* check if all required vars are available to create a new ldap connection */
- $missing = "";
- foreach(array("snapshotURI","snapshotAdminDn","snapshotAdminPassword","snapshotBase") as $var){
- if($config->get_cfg_value($var) == ""){
- $missing .= $var." ";
-
- /* Send message if not done already */
- if(!session::is_set("snapshotFailMessageSend")){
- session::set("snapshotFailMessageSend",TRUE);
- msg_dialog::display(_("Configuration error"),
- sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."),
- $missing), ERROR_DIALOG);
- }
- return(FALSE);
- }
- }
- }
- return(TRUE);
- }
- return(FALSE);
+ return $this->config->snapshotEnabled();
}
- /* Return available snapshots for the given base
- */
+ /* \brief Return available snapshots for the given base */
function Available_SnapsShots($dn,$raw = false)
{
if(!$this->snapshotEnabled()) return(array());
}
- /* Restore selected snapshot */
+ /* \brief Restore selected snapshot */
function restore_snapshot($dn)
{
if(!$this->snapshotEnabled()) return(array());
}
+ /*! \brief Return plugin informations for acl handling */
static function plInfo()
{
return array();
}
- /*! \brief Returns a list of all available departments for this object.
- If this object is new, all departments we are allowed to create a new user in are returned.
- If this is an existing object, return all deps. we are allowed to move tis object too.
-
- @return Array [dn] => "..name" // All deps. we are allowed to act on.
+ /*! \brief Returns a list of all available departments for this object.
+ *
+ * If this object is new, all departments we are allowed to create a new user in
+ * are returned. If this is an existing object, return all deps.
+ * We are allowed to move tis object too.
+ * \return array [dn] => "..name" // All deps. we are allowed to act on.
*/
function get_allowed_bases()
{
/* This function updates ACL settings if $old_dn was used.
- * $old_dn specifies the actually used dn
- * $new_dn specifies the destiantion dn
+ * \param string 'old_dn' specifies the actually used dn
+ * \param string 'new_dn' specifies the destiantion dn
*/
function update_acls($old_dn,$new_dn,$output_changes = FALSE)
{
$acls = array();
$found = false;
for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
- $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
+ $acl_parts = explode(":",$attrs['gosaAclEntry'][$i]);
/* Roles uses antoher data storage order, members are stored int the third part,
while the members in direct ACL assignments are stored in the second part.
- /* This function enables the entry Serial ID check.
- * If an entry was edited while we have edited the entry too,
- * an error message will be shown.
+ /*! \brief Enable the Serial ID check
+ *
+ * This function enables the entry Serial ID check. If an entry was edited while
+ * we have edited the entry too, an error message will be shown.
* To configure this check correctly read the FAQ.
*/
function enable_CSN_check()
/*! \brief Prepares the plugin to be used for multiple edit
* Update plugin attributes with given array of attribtues.
- * @param array Array with attributes that must be updated.
+ * \param array Array with attributes that must be updated.
*/
function init_multiple_support($attrs,$all)
{
/* Copy needed attributes */
foreach ($this->attributes as $val){
$found= array_key_ics($val, $this->multi_attrs);
+
if ($found != ""){
- if(isset($this->multi_attrs["$found"][0])){
- $this->$val= $this->multi_attrs["$found"][0];
+ if(isset($this->multi_attrs["$val"][0])){
+ $this->$val= $this->multi_attrs["$val"][0];
}
}
}
/*! \brief Returns all values that have been modfied in multiple edit mode.
- @return array Cotaining all mdofied values.
+ \return array Cotaining all modified values.
*/
function get_multi_edit_values()
{
}
- /*! \brief execute plugin
-
- Generates the html output for this node
- */
+ /*! \brief Generates the html output for this node for multi edit*/
function multiple_execute()
{
/* This one is empty currently. Fabian - please fill in the docu code */
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
session::set('LOCK_VARS_TO_USE',array());
- session::set('LOCK_VARS_USED',array());
+ session::set('LOCK_VARS_USED_GET',array());
+ session::set('LOCK_VARS_USED_POST',array());
+ session::set('LOCK_VARS_USED_REQUEST',array());
return("Multiple edit is currently not implemented for this plugin.");
}
- /*! \brief Save HTML posted data to object for multiple edit
+ /*! \brief Save HTML posted data to object for multiple edit
*/
function multiple_save_object()
{
}
- /*! \brief Returns all attributes of this plugin,
+ /*! \brief Returns all attributes of this plugin,
to be able to detect multiple used attributes
in multi_plugg::detect_multiple_used_attributes().
@return array Attributes required for intialization of multi_plug
/*! \brief Check given values in multiple edit
- @return array Error messages
+ \return array Error messages
*/
function multiple_check()
{
/*! \brief Returns the snapshot header part for "Actions" menu in management dialogs
- @param $layer_menu
+ \param $layer_menu
*/
function get_snapshot_header($base,$category)
{