diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index 3cafa82664b88a07973703976789b872900a05d0..f3bb656588e81fc3f83daa842aa21eab0336e824 100644 (file)
var $templates = array();
var $got_uid = false;
var $CopyPasteHandler = NULL;
+ var $SnapshotHandler = NULL;
var $CPPasswordChange = ""; // Contains the entry id which should get a new password
var $DivListUsers;
var $acl_module = array("users");
var $dns = array();
+ // Filter/headpage tests
+ var $filter= null;
+ var $headpage= null;
+
+
function userManagement(&$config, $ui)
{
/* Save configuration for internal use */
if ($this->config->boolValueIsTrue("main", "copyPaste")){
$this->CopyPasteHandler= new CopyPasteHandler($this->config);
}
+ if($this->config->get_cfg_value("enableSnapshots") == "true"){
+ $this->SnapshotHandler= new SnapshotHandler($this->config);
+ }
/* Creat dialog object */
$this->DivListUsers = new divListUsers($this->config,$this);
$type = $events['BY_CLASS'][$event];
$this->usertab = new $type['CLASS_NAME']($this->config);
$this->usertab->add_users($uids);
- $this->usertab->set_type(TRIGGERED_EVENT);
+ $this->usertab->set_type(SCHEDULED_EVENT);
}
}
}
$this->sn= "";
$this->givenName= "";
$this->uid= "";
- session::un_set('objectinfo');
+ set_object_info();
}
/* User is allowed to change passwords, save 'dn' and 'acl' for next
dialog. */
- session::set('objectinfo',$this->dn);
+ set_object_info($this->dn);
return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
} else {
/* User is not allowed. Show message and cancel. */
/* Check locking, save current plugin in 'back_plugin', so
the dialog knows where to return. */
+
if (($user= get_lock($this->dn)) != ""){
- return(gen_locked_message ($user, $this->dn));
+ return(gen_locked_message ($user, $this->dn,TRUE));
}
/* Lock the current entry, so everyone will get the
/* Set ACL and move DN to the headline */
$this->usertab->set_acl_base($this->dn);
- session::set('objectinfo',$this->dn);
+ set_object_info($this->dn);
}
if($tmp->multiple_available()){
$this->usertab = $tmp;
$this->usertab->set_active_tab($s_tab);
- session::set('objectinfo',$this->usertab->get_object_info());
+ set_object_info($this->usertab->get_object_info());
}
}
$this->sn= "";
$this->givenName= "";
$this->uid= "";
- session::un_set('objectinfo');
+ set_object_info();
}
foreach ($this->config->departments as $key => $value){
/* Get acls from different ou's */
- $acl = $this->ui->get_permissions("cn=dummy,".get_people_ou().$value,"users/user") ;
+ $acl = $this->ui->get_permissions($value,"users/user") ;
/* If creation of a new user is allowed, append this template */
if (preg_match("/c/",$acl)){
if ($ldap->count() != 0){
while ($attrs= $ldap->fetch()){
$this->templates[$ldap->getDN()]=
- $attrs['uid'][0]." - ".@LDAP::fix($key);
+ $attrs['uid'][0]." - ".LDAP::fix($key);
}
if ($s_action != "templatize_multiple"){
$this->templates['none']= _("none");
$dns_names = array();
foreach($this->dns as $dn){
- $dns_names[] = @LDAP::fix($dn);
+ $dns_names[] = LDAP::fix($dn);
}
add_lock($this->dns, $this->ui->dn);
/* Get entry check current status */
$val = $this->list[$s_entry];
- $pwd = $val['userPassword'][0];
-
-
if (!preg_match("/w/",$this->ui->get_permissions($val['dn'],"users/password"))){
-
- /* Missing permissions, show message */
- msg_dialog::display(_("Password change"),_("You have no permission to change the lock status for this user!"),WARNING_DIALOG);
-
+ msg_dialog::display(_("Account locking"),
+ _("You have no permission to change the lock status for this user!"),WARNING_DIALOG);
}else{
-
- if(!preg_match("/^\{[^\}]/",$pwd)){
- trigger_error("Can not deactivate user which is using clear password encryption.");
- }else{
-
- $locked = false;
- if(preg_match("/^[^\}]*+\}!/",$pwd)){
- $locked = true;
- }
-
- /* Create ldap array to update status */
- $attrs = array("userPassword" => $pwd);
- if($locked){
- $attrs['userPassword'] = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$attrs['userPassword']);
+ $pwd = $val['userPassword'][0];
+ $method = passwordMethod::get_method($pwd,$val['dn']);
+ $success= false;
+ if($method instanceOf passwordMethod){
+ if($method->is_locked($this->config,$val['dn'])){
+ $success= $method->unlock_account($this->config,$val['dn']);
}else{
- $attrs['userPassword'] = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$attrs['userPassword']);
+ $success= $method->lock_account($this->config,$val['dn']);
}
- /* Write new status back to ldap */
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($val['dn']);
- $ldap->modify($attrs);
- if (!$ldap->success()){
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $val['dn'], 0, get_class()));
+ /* Check for success */
+ if (!$success){
+ $hn= $method->get_hash_name();
+ if (is_array($hn)){
+ $hn= $hn[0];
+ }
+ msg_dialog::display(_("Account locking"),
+ sprintf(_("Password method '%s' does not support locking. Account has not been locked!"), $hn),WARNING_DIALOG);
}
+ }else{
+ // Can't lock unknown methods.
}
+
}
}
-
/********************
Delete entry Canceled
********************/
unset ($this->usertab);
$this->usertab= NULL;
- session::un_set('objectinfo');
+ set_object_info();
}else{
/* Reinitialize tab */
/* Create new usertab object */
$this->usertab= new usertabs($this->config,$this->config->data['TABS']['USERTABS'], $this->dn);
$this->usertab->by_object['user']->base= $this->DivListUsers->selectedBase;
- $this->usertab->set_acl_base('dummy,'.$this->DivListUsers->selectedBase);
+ $this->usertab->set_acl_base($this->DivListUsers->selectedBase);
/* Take care about templates */
if ($s_action=="new_tpl"){
/* Finish template preamble */
if (isset($_POST['template_continue']) && $_POST['template'] != 'none' && (isset($_POST['uid']))){
- /* Might not be filled if IDGEN is unset */
- $this->sn = $_POST['sn'];
- $this->givenName = $_POST['givenName'];
-
/* Move user supplied data to sub plugins */
- $this->uid = $_POST['uid'];
- $this->usertab->uid = $this->uid;
- $this->usertab->sn = $this->sn;
- $this->usertab->givenName = $this->givenName;
+ foreach(array("uid","sn","givenName") as $attr){
+ $this->$attr = $_POST[$attr];
+ $this->usertab->$attr = $this->$attr;
+ $this->usertab->by_object['user']->$attr = $this->$attr;
+ }
+
$template_dn = $_POST['template'];
- $this->usertab->adapt_from_template($template_dn);
- $template_base = preg_replace("/^[^,]+,".normalizePreg(get_people_ou())."/", '', $template_dn);
+ $this->usertab->adapt_from_template($template_dn, array("uid","cn","givenName","sn"));
+ $template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/')."/", '', $template_dn);
$this->usertab->by_object['user']->base= $template_base;
}
}
if(!is_object($dia) && $dia != TRUE){
- $display.= "<p style=\"text-align:right\">\n";
- $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
- $display.= " \n";
- if ($this->dn != "new"){
- $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
+ if(($this->usertab instanceOf tabs || $this->usertab instanceOf plugin) && $this->usertab->read_only == TRUE){
+ $display.= "<p style=\"text-align:right\">
+ <input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">
+ </p>";
+ }else{
+ $display.= "<p style=\"text-align:right\">\n";
+ $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
$display.= " \n";
+ if ($this->dn != "new"){
+ $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
+ $display.= " \n";
+ }
+ $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
+ $display.= "</p>";
}
- $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
- $display.= "</p>";
}
return ($display);
}
}
/* Return rendered main page */
- /* Display dialog with system list */
$this->DivListUsers->parent = $this;
$this->DivListUsers->execute();
}
$this->reload();
$this->DivListUsers->setEntries($this->list);
+
+ # FILTER Test #################################################
+ ## Build filter
+ #if (!$this->filter) {
+ # $this->filter = new filter(get_template_path("user-filter.xml", true));
+ # $this->filter->setObjectStorage(get_people_ou());
+ #}
+ #$this->filter->update();
+ #session::set('autocomplete', $this->filter);
+ #if (!$this->filter->isValid()){
+ # msg_dialog::display(_("Filter error"), _("The filter is uncomplete!"), ERROR_DIALOG);
+ #}
+
+ ## Build headpage
+ #if (!$this->headpage){
+ # $this->headpage = new listing(get_template_path("user-list.xml", true));
+ # $this->headpage->registerElementFilter("accountProperties", "userManagement::filterProperties");
+ # $this->headpage->registerElementFilter("lockLabel", "userManagement::filterLockLabel");
+ # $this->headpage->registerElementFilter("lockImage", "userManagement::filterLockImage");
+ # $this->headpage->setFilter($this->filter);
+ #}
+
+ ## Needs to be called before update!
+ #$action= $this->headpage->getAction();
+ #if ($action['action'] != '') {
+ # echo "List detected action:";
+ # print_a($action);
+ #}
+
+ ## Refresh for filter
+ #$this->headpage->update();
+ #
+ #return($this->headpage->render());
+ ################################################### FILTER Test
+
return($this->DivListUsers->Draw());
}
+ static function filterLockImage($userPassword)
+ {
+ $image= "images/empty.png";
+
+ if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
+ if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
+ $image= "images/lists/locked.png";
+ }else{
+ $image= "images/lists/unlocked.png";
+ }
+ }
+
+ return $image;
+ }
+
+
+ static function filterLockLabel($userPassword)
+ {
+ $label= "";
+
+ if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
+ if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
+ $label= _("Unlock account");
+ }else{
+ $label= _("Lock account");
+ }
+ }
+
+ return $label;
+ }
+
+
+ static function filterProperties($dn, $row, $class)
+ {
+ $result= "";
+
+ $map= array( "gosaAccount" => array( "image" => "plugins/users/images/select_user.png",
+ "plugin" => "user",
+ "alt" => _("Generic"),
+ "title" => _("Edit generic properties")),
+ "posixAccount" => array("image" => "images/penguin.png",
+ "plugin" => "posixAccount",
+ "alt" => _("POSIX"),
+ "title" => _("Edit POSIX properties")),
+ "gosaMailAccount" => array("image" => "images/mailto.png",
+ "alt" => _("Mail"),
+ "plugin" => "mailAccount",
+ "title" => _("Edit mail properties")),
+ "sambaSamAccount" => array("image" => "plugins/systems/images/select_winstation.png",
+ "plugin" => "sambaAccount",
+ "alt" => _("Samba"),
+ "title" => _("Edit samba properties")),
+ "apple-user" => array("image" => "plugins/netatalk/images/select_netatalk.png",
+ "plugin" => "sambaAccount",
+ "alt" => _("Netatalk"),
+ "title" => _("Edit netatalk properties")),
+ "gotoEnvironment" => array("image" => "plugins/users/images/small_environment.png",
+ "plugin" => "gotoEnvironment",
+ "alt" => _("Environment"),
+ "title" => _("Edit environment properties")),
+ "goFaxAccount" => array("image" => "plugins/users/images/fax_small.png",
+ "plugin" => "goFaxAccount",
+ "alt" => _("FAX"),
+ "title" => _("Edit FAX properties")),
+ "goFonAccount" => array("image" => "plugins/gofon/images/select_phone.png",
+ "plugin" => "goFonAccount",
+ "alt" => _("Phone"),
+ "title" => _("Edit phone properties")));
+
+ // Walk thru map
+ foreach ($map as $oc => $properties) {
+ if (in_array($oc, $class)) {
+ $result.="<input class='center' type='image' src='".$properties['image']."' ".
+ "alt='".$properties['alt']."' title='".$properties['title'].
+ "' name='listing_edit_".$properties['plugin']."_$row' style='padding:1px'>";
+ } else {
+ $result.="<img src='images/empty.png' alt=' ' class='center' style='padding:1px'>";
+ }
+ }
+
+ return $result;
+ }
+
+
+
/* Return departments, that will be included within snapshot detection */
function get_used_snapshot_bases()
{
/* Setup filter depending on selection */
$filter="";
- if ($this->config->get_cfg_value("sambaversion") == 3){
- $samba= "sambaSamAccount";
- } else {
- $samba= "sambaAccount";
- }
+ $samba= "sambaSamAccount";
if ($ShowFunctionalUsers){
$filter.= "(&(objectClass=gosaAccount)(!(|(objectClass=posixAccount)".
if ($ShowTemplates){
$filter= "(|(objectClass=gosaUserTemplate)(&(objectClass=gosaAccount)(|$filter)))";
} else {
- $filter= "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|$filter))";
+ $filter= "(&(objectClass=gosaAccount)(objectClass=person)".
+ "(objectClass=inetOrgPerson)(objectClass=organizationalPerson)".
+ "(!(objectClass=gosaUserTemplate))(|$filter))";
}
$filter= "(&(|(uid=".normalizeLdap($Regex).")(sn=".normalizeLdap($Regex).")(givenName=".normalizeLdap($Regex)."))$filter)";
}
$SortTemp = array();
$List = array();
+
foreach($ListTemp as $Key => $Entry){
+
+ /* Due to the fact that "inetOrgPerson" is derived from "organizationalPerson" and that openldap
+ doesn't differentiate both classes in search filters, we have to skip entries that do not provide
+ both classes. (Both classes are required for a valid GOsa user Account.)
+ */
+ if(!in_array("inetOrgPerson",$Entry['objectClass'])|| !in_array("organizationalPerson",$Entry['objectClass'])){
+ continue;
+ }
/* Skip entries that are not located under the people ou (normaly 'ou=people,')
* Else winstations will be listed too, if you use the subtree flag.
*/
- if(!preg_match("/".normalizePreg(get_people_ou())."/i",$Entry['dn'])){
+ if(!preg_match("/".preg_quote(get_people_ou(), '/')."/i",$Entry['dn'])){
continue;
}else{
/* Remove user lock if a DN is marked as "currently edited" */
if (isset($this->usertab->dn)){
del_lock ($this->usertab->dn);
- }
- if(isset($this->dn) && !empty($this->dn) && $this->dn != "new"){
+ }elseif(isset($this->dn) && !empty($this->dn) && $this->dn != "new"){
del_lock($this->dn);
}
if(isset($this->dns) && is_array($this->dns) && count($this->dns)){