diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index a031e89d9f783a2cbb19272ea867938b1bde2c65..f3bb656588e81fc3f83daa842aa21eab0336e824 100644 (file)
<?php
/*
- This code is part of GOsa (https://gosa.gonicus.de)
- Copyright (C) 2003-2006 - Cajus Pollmeier <pollmeier@gonicus.de>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id$$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
class userManagement extends plugin
{
/* Plugin definitions */
- var $plHeadline= "Users";
- var $plDescription= "This does something";
+ var $plHeadline = "Users";
+ var $plDescription = "Manage users";
+ var $plIcon = "plugins/users/images/user.png";
/* Dialog attributes */
var $usertab = NULL;
var $templates = array();
var $got_uid = false;
var $CopyPasteHandler = NULL;
+ var $SnapshotHandler = NULL;
var $CPPasswordChange = ""; // Contains the entry id which should get a new password
var $DivListUsers;
var $pwd_change_queue = array();
var $start_pasting_copied_objects = FALSE;
- var $current_action ="";
var $msg_dialog= NULL;
-
+ var $acl_module = array("users");
+ var $dns = array();
+
+ // Filter/headpage tests
+ var $filter= null;
+ var $headpage= null;
+
+
function userManagement(&$config, $ui)
{
/* Save configuration for internal use */
$this->ui= &$ui;
/* Copy & Paste handler */
- if ($this->config->boolValueIsTrue("main", "enableCopyPaste")){
+ if ($this->config->boolValueIsTrue("main", "copyPaste")){
$this->CopyPasteHandler= new CopyPasteHandler($this->config);
}
+ if($this->config->get_cfg_value("enableSnapshots") == "true"){
+ $this->SnapshotHandler= new SnapshotHandler($this->config);
+ }
/* Creat dialog object */
$this->DivListUsers = new divListUsers($this->config,$this);
plugin::execute();
/* LOCK MESSAGE Vars */
- $_SESSION['LOCK_VARS_TO_USE'] = array("/^act$/","/^id$/","/^user_edit_/","/^user_del_/","/^item_selected/","/^remove_multiple_users/","/^multiple_edit/","/menu_action/");
+ session::set('LOCK_VARS_TO_USE',array("/^act$/","/^id$/","/^user_edit_/","/^user_del_/","/^item_selected/","/^remove_multiple_users/","/^multiple_edit/","/menu_action/"));
$smarty = get_smarty(); // Smarty instance
$s_action = ""; // Contains the action to be taken
$s_tab = "user";
}
-
- /* handle C&P from layers menu */
- if(isset($_POST['menu_action']) && preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){
- $s_action = "copy_multiple";
- }
- if(isset($_POST['menu_action']) && preg_match("/^multiple_cut_systems/",$_POST['menu_action'])){
- $s_action = "cut_multiple";
- }
- if(isset($_POST['menu_action']) && preg_match("/^editPaste/",$_POST['menu_action'])){
- $s_action = "editPaste";
+ if (isset($_POST['menu_action'])){
+
+ /* handle C&P from layers menu */
+ if(preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){
+ $s_action = "copy_multiple";
+ }
+ if(preg_match("/^multiple_cut_systems/",$_POST['menu_action'])){
+ $s_action = "cut_multiple";
+ }
+ if(preg_match("/^editPaste/",$_POST['menu_action'])){
+ $s_action = "editPaste";
+ }
+
+ /* Create options */
+ if($_POST['menu_action'] == "user_new"){
+ $s_action = "new";
+ }
+ if($_POST['menu_action'] == "user_tplnew"){
+ $s_action = "new_tpl";
+ }
+ if($_POST['menu_action'] == "multiple_edit"){
+ $s_action = "multiple_edit";
+ }
+
+ /* handle remove from layers menu */
+ if(preg_match("/^multiple_password_change/",$_POST['menu_action'])){
+ $s_action = "multiple_password_change";
+ }
+
+ /* handle remove from layers menu */
+ if(preg_match("/^remove_multiple/",$_POST['menu_action'])){
+ $s_action = "del_multiple";
+ }
+ if(preg_match("/^templatize_multiple/",$_POST['menu_action'])){
+ $s_action = "templatize_multiple";
+ }
+
+ if(preg_match("/^event/",$_POST['menu_action'])){
+ $s_action = $_POST['menu_action'];
+ }
}
- /* Create options */
- if(isset($_POST['menu_action']) && $_POST['menu_action'] == "user_new"){
- $s_action = "new";
+ /* Use template */
+ if(isset($_POST['templatize_continue'])){
+ $s_action = "templatize_continue";
}
- if(isset($_POST['menu_action']) && $_POST['menu_action'] == "user_tplnew"){
- $s_action = "new_tpl";
+
+
+ /********************
+ Create notification event
+ ********************/
+
+ if(preg_match("/^event_/",$s_action) && class_available("DaemonEvent")){
+ $ids = $this->list_get_selected_items();
+ $uids = array();
+ foreach($ids as $id){
+ $uids[] = $this->list[$id]['uid'][0];
+ }
+ if(count($uids)){
+ $events = DaemonEvent::get_event_types(USER_EVENT);
+ $event = preg_replace("/^event_/","",$s_action);
+ if(isset($events['BY_CLASS'][$event])){
+ $type = $events['BY_CLASS'][$event];
+ $this->usertab = new $type['CLASS_NAME']($this->config);
+ $this->usertab->add_users($uids);
+ $this->usertab->set_type(SCHEDULED_EVENT);
+ }
+ }
}
- if(isset($_POST['menu_action']) && $_POST['menu_action'] == "multiple_edit"){
- $s_action = "multiple_edit";
+
+ /* Abort event dialog */
+ if(isset($_POST['abort_event_dialog'])){
+ $this->usertab = FALSE;
}
- /* handle remove from layers menu */
- if(isset($_POST['menu_action']) && preg_match("/^multiple_password_change/",$_POST['menu_action'])){
- $s_action = "multiple_password_change";
+ /* Save event */
+ if(isset($_POST['save_event_dialog'])){
+ $this->usertab->save_object();
+ $msgs = $this->usertab->check();
+ if(count($msgs)){
+ msg_dialog::displayChecks($msgs);
+ }else{
+
+ $o_queue = new gosaSupportDaemon();
+ $o_queue->append($this->usertab);
+ if($o_queue->is_error()){
+ msg_dialog::display(_("Infrastructure error"), msgPool::siError($o_queue->get_error()),ERROR_DIALOG);
+ }else{
+ $this->usertab = FALSE;
+ }
+ }
}
- /* handle remove from layers menu */
- if(isset($_POST['menu_action']) && preg_match("/^remove_multiple/",$_POST['menu_action'])){
- $s_action = "del_multiple";
+ /* Display event */
+ if($this->usertab instanceof DaemonEvent){
+ $this->usertab->save_object();
+ return($this->usertab->execute());
}
$acl = $this->ui->get_permissions($dn, "users/password");
$cacl= $this->ui->get_permissions($dn, "users/user");
+ /* Are we allowed to create a new user or to set the password attribute? */
if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){
/* Check input and feed errors into 'message' */
/* Empty password is not permitted by default. */
if ($_POST['new_password'] == ""){
- $message[]= _("The password you've entered as 'New password' is empty.");
+ msgPool::required(_("New password"));
}
}
if (count($message) != 0){
/* Show error message and continue editing */
- show_errors ($message);
+ msg_dialog::displayChecks($message);
return($smarty->fetch(get_template_path('password.tpl', TRUE)));
}
if ($this->usertab){
if ($this->usertab->password_change_needed()){
$obj= $this->usertab->by_object['user'];
- change_password ($this->usertab->dn, $_POST['new_password'],0, $obj->pw_storage);
- if (isset($config->data['MAIN']['EXTERNALPWDHOOK'])){
- exec($config->data['MAIN']['EXTERNALPWDHOOK']." ".$username." ".$_POST['new_password'], $resarr);
+ if(!change_password ($this->usertab->dn, $_POST['new_password'],0, $obj->pw_storage)){
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+ if ($config->get_cfg_value("passwordHook") != ""){
+ exec($config->get_cfg_value("passwordHook")." ".$username." ".$_POST['new_password'], $resarr);
}
new log("modify","users/".get_class($this),$this->usertab->dn,array(),"Password has been changed");
unset($this->usertab);
$this->usertab= NULL;
}
} else {
- change_password ($this->dn, $_POST['new_password']);
- if (isset($config->data['MAIN']['EXTERNALPWDHOOK'])){
- exec($config->data['MAIN']['EXTERNALPWDHOOK']." ".$username." ".$_POST['new_password'], $resarr);
+ if(!change_password ($this->dn, $_POST['new_password'])){
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+ if ($config->get_cfg_value("passwordHook") != ""){
+ exec($config->get_cfg_value("passwordHook")." ".$username." ".$_POST['new_password'], $resarr);
}
new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed");
}
} else {
/* Missing permissions, show message */
- msg_dialog::display(_("Password change failed."),_("You are not allowed to set this users password!"),WARNING_DIALOG);
+ msg_dialog::display(_("Password change"),_("You have no permission to change this users password!"),WARNING_DIALOG);
}
/* Clean session, delete lock */
- del_lock ($this->dn);
+ $this->remove_lock();
unset ($this->usertab);
$this->usertab= NULL;
$this->lognames= array();;
$this->sn= "";
$this->givenName= "";
$this->uid= "";
- unset ($_SESSION['objectinfo']);
+ set_object_info();
}
if($s_action == "multiple_password_change"){
$this->pwd_change_queue = $this->list_get_selected_items();
+ $disallowed = array();
+ foreach($this->pwd_change_queue as $key => $id){
+ if(!preg_match("/w/",$this->ui->get_permissions($this->list[trim($id)]['dn'],"users/password"))){
+ unset($this->pwd_change_queue[$key]);
+ $disallowed[] = $this->list[trim($id)]['dn'];
+ }
+ }
+ if(count($disallowed)){
+ msg_dialog::display(_("Permission"),msgPool::permModify($disallowed),INFO_DIALOG);
+ }
}
/* User is allowed to change passwords, save 'dn' and 'acl' for next
dialog. */
- $_SESSION['objectinfo']= $this->dn;
+ set_object_info($this->dn);
return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
-
-
} else {
/* User is not allowed. Show message and cancel. */
- msg_dialog::display(_("Password change"),_("You are not allowed to set this users password!"),WARNING_DIALOG);
+ msg_dialog::display(_("Password change"),_("You have no permission to change this users password!"),WARNING_DIALOG);
}
}
Edit existing entry
********************/
+
/* User wants to edit data? */
if (($s_action=="edit") && (!isset($this->usertab->config))){
/* Check locking, save current plugin in 'back_plugin', so
the dialog knows where to return. */
+
if (($user= get_lock($this->dn)) != ""){
- return(gen_locked_message ($user, $this->dn));
+ return(gen_locked_message ($user, $this->dn,TRUE));
}
/* Lock the current entry, so everyone will get the
/* Set ACL and move DN to the headline */
$this->usertab->set_acl_base($this->dn);
- $_SESSION['objectinfo']= $this->dn;
+ set_object_info($this->dn);
}
if($tmp->multiple_available()){
$this->usertab = $tmp;
$this->usertab->set_active_tab($s_tab);
- $_SESSION['objectinfo']= $this->usertab->get_object_info();
+ set_object_info($this->usertab->get_object_info());
}
}
/* Reset all relevant data, if we get a _cancel request */
if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])){
if (isset($this->usertab)){
- del_lock ($this->usertab->dn);
- unset ($this->usertab);
+ $this->remove_lock();
}
$this->usertab= NULL;
$this->lognames= array();;
$this->sn= "";
$this->givenName= "";
$this->uid= "";
- unset ($_SESSION['objectinfo']);
+ set_object_info();
}
/********************
- Delete MULTIPLE entries requested, display confirm dialog
+ We want to create a new user, so fetch all available user templates
********************/
- if ($s_action=="del_multiple"){
+ /* Generate template list */
+ if ($s_action == "new" || $s_action == "create_user_from_tpl" || $s_action == "templatize_multiple"){
+
+ $this->templates= array();
+ $ldap= $this->config->get_ldap_link();
+
+ /* Create list of templates */
+ foreach ($this->config->departments as $key => $value){
+
+ /* Get acls from different ou's */
+ $acl = $this->ui->get_permissions($value,"users/user") ;
+
+ /* If creation of a new user is allowed, append this template */
+ if (preg_match("/c/",$acl)){
+
+ /* Search all templates from the current dn */
+ $ldap->cd (get_people_ou().$value);
+ $ldap->search ("(objectClass=gosaUserTemplate)", array("uid"));
+
+ /* Append */
+ if ($ldap->count() != 0){
+ while ($attrs= $ldap->fetch()){
+ $this->templates[$ldap->getDN()]=
+ $attrs['uid'][0]." - ".LDAP::fix($key);
+ }
+ if ($s_action != "templatize_multiple"){
+ $this->templates['none']= _("none");
+ }
+ }
+ }
+ }
+
+ /* Sort templates */
+ natcasesort ($this->templates);
+ reset ($this->templates);
+ }
+
+
+ /********************
+ Apply template to multiple entries requested, display confirm dialog
+ ********************/
+
+ if ($s_action=="templatize_multiple"){
$ids = $this->list_get_selected_items();
$this->dns = array();
if(count($ids)){
}
$this->dns[$id] = $dn;
}
+ }
- $dns_names = "<br><pre>";
- foreach($this->dns as $dn){
- $dns_names .= $dn."\n";
- }
- $dns_names .="</pre>";
+ $smarty->assign("templates", $this->templates);
- /* Lock the current entry, so nobody will edit it during deletion */
- if (count($this->dns) == 1){
- $info = sprintf(_("You're about to delete the following entry: %s"), @LDAP::fix($dns_names));
- } else {
- $info = sprintf(_("You're about to delete the following entries: %s"), @LDAP::fix($dns_names));
- }
- $this->msg_dialog = new msg_dialog(_("Delete users"),$info,CONFIRM_DIALOG);
- $this->current_action = $s_action;
- }
+ return($smarty->fetch(get_template_path('templatize.tpl', TRUE)));
}
+ /* Perform templatizing after the button has been pressed */
+ if ($s_action == "templatize_continue"){
- /********************
- Delete MULTIPLE entries confirmed
- ********************/
+ $acl = $this->ui->get_permissions($_POST['template'], "users/user");
- /* Confirmation for deletion has been passed. Users should be deleted. */
- if ($this->current_action == "del_multiple" && is_object($this->msg_dialog) && $this->msg_dialog->is_confirmed()){
-
- $this->current_action = "";
-
- /* Remove user by user and check acls before removeing them */
- foreach($this->dns as $key => $dn){
+ /* Template readable? */
+ if (preg_match('/r/', $acl)){
+ $template_dn= $_POST['template'];
- $acl = $this->ui->get_permissions($dn, "users/user");
- if (preg_match('/d/', $acl)){
-
- /* Delete request is permitted, perform LDAP action */
- $this->usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'],$dn);
- $this->usertab->set_acl_base();
- $this->usertab->delete ();
- unset ($this->usertab);
- $this->usertab= NULL;
+ foreach ($this->dns as $dn){
+ $acl = $this->ui->get_permissions($_POST['template'], "users/user");
+ if (preg_match('/w/', $acl)){
+ $usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $dn);
+ $usertab->adapt_from_template($template_dn, array("sn", "givenName", "uid"));
+ $usertab->save();
+ unset ($usertab);
+ $usertab= NULL;
} else {
- msg_dialog::display(_("User delete"),sprintf(_("You are not allowed to delete the user '%s'!"),$dn),WARNING_DIALOG);
- if(isset($this->ui->uid)){
- new log("security","users/".get_class($this),$dn,array(),"Tried to trick deletion.");
- }
+ msg_dialog::display(_("Permission error"), sprintf(_("You have no permission to modify object '%s'!"), $dn), ERROR_DIALOG);
}
- /* Remove lock file after successfull deletion */
- del_lock ($dn);
- unset($this->dns[$key]);
+ }
+ } else {
+ msg_dialog::display(_("Permission error"), _("You have no permission to use this template!"), ERROR_DIALOG);
}
+
}
/********************
- Delete MULTIPLE entries Canceled
+ Delete MULTIPLE entries requested, display confirm dialog
********************/
- /* Remove lock */
- if(isset($_POST['delete_multiple_user_cancel'])){
- foreach($this->dns as $key => $dn){
- del_lock ($dn);
- unset($this->dns[$key]);
- }
- }
-
-
- /********************
- Toggle lock status for user
- ********************/
-
- if($s_action == "toggle_lock_status" && isset($this->list[$s_entry])){
+ if ($s_action=="del_multiple" || $s_action == "del"){
- /* Get entry check current status */
- $val = $this->list[$s_entry];
- $pwd = $val['userPassword'][0];
+ if($s_action == "del"){
- if(!preg_match("/^\{[^\}]/",$pwd)){
- trigger_error("Can not deactivate user which is using clear password encryption.");
+ /* Get 'dn' from posted 'uid' */
+ $ids = array($s_entry);
}else{
+ $ids = $this->list_get_selected_items();
+ }
- $locked = false;
- if(preg_match("/^[^\}]*+\}!/",$pwd)){
- $locked = true;
+ $this->dns = array();
+ if(count($ids)){
+ $disallowed = array();
+ foreach($ids as $id){
+ $dn = $this->list[$id]['dn'];
+ $acl = $this->ui->get_permissions($dn, "users/user");
+ if(preg_match("/d/",$acl)){
+ $this->dns[$id] = $dn;
+ }else{
+ $disallowed[] = $dn;
+ }
}
-
- /* Create ldap array to update status */
- $attrs = array("userPassword" => $pwd);
- if($locked){
- $attrs['userPassword'] = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$attrs['userPassword']);
- }else{
- $attrs['userPassword'] = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$attrs['userPassword']);
+
+ if(count($disallowed)){
+ msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
}
- /* Write new status back to ldap */
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($val['dn']);
- $ldap->modify($attrs);
- if($locked){
- show_ldap_error($ldap->get_error(),_("Could not set user status from locked to unlocked."));
- }else{
- show_ldap_error($ldap->get_error(),_("Could not set user status from unlocked to locked."));
+ if(count($this->dns)){
+
+ /* Check locks */
+ if ($user= get_multiple_locks($this->dns)){
+ return(gen_locked_message($user,$this->dns));
+ }
+
+ $dns_names = array();
+ foreach($this->dns as $dn){
+ $dns_names[] = LDAP::fix($dn);
+ }
+
+ add_lock($this->dns, $this->ui->dn);
+
+ /* Lock the current entry, so nobody will edit it during deletion */
+ $info = sprintf(msgPool::deleteInfo($dns_names,_("user")));
+
+ /* Lock the current entry, so nobody will edit it during deletion */
+ $smarty->assign("info", msgPool::deleteInfo($dns_names));
+ return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
}
}
}
/********************
- Delete entry requested, display confirm dialog
+ Delete MULTIPLE entries confirmed
********************/
- /* Remove user was requested */
- if ($s_action=="del"){
+ if(isset($_POST['delete_user_confirm'])){
- /* Get 'dn' from posted 'uid' */
- $this->dn= $this->list[trim($s_entry)]['dn'];
+ /* Remove user by user and check acls before removeing them */
+ foreach($this->dns as $key => $dn){
- /* Load permissions for selected 'dn' and check if
- we're allowed to remove this 'dn' */
+ $acl = $this->ui->get_permissions($dn, "users/user");
+ if (preg_match('/d/', $acl)){
- /* Check locking, save current plugin in 'back_plugin', so
- the dialog knows where to return. */
- if (($user= get_lock($this->dn)) != ""){
- return(gen_locked_message ($user, $this->dn));
+ /* Delete request is permitted, perform LDAP action */
+ $this->usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'],$dn);
+ $this->usertab->set_acl_base();
+ $this->usertab->delete ();
+ unset ($this->usertab);
+ $this->usertab= NULL;
+ } else {
+ msg_dialog::display(_("Warning"),msgPool::permDelete($dn),WARNING_DIALOG);
+ if(isset($this->ui->uid)){
+ new log("security","users/".get_class($this),$dn,array(),"Tried to trick deletion.");
+ }
+ }
}
-
-
- /* Lock the current entry, so nobody will edit it during deletion */
-# add_lock ($this->dn, $this->ui->dn);
-# $smarty->assign("info", sprintf(_("You're about to delete the user %s."), @LDAP::fix($this->dn)));
-# $smarty->assign("multiple", false);
-# return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
- $this->msg_dialog = new msg_dialog( _("Delete user"),sprintf(_("You're about to delete the user %s."), @LDAP::fix($this->dn)),CONFIRM_DIALOG);
- $this->current_action = $s_action;
+ /* Remove lock file after successfull deletion */
+ $this->remove_lock();
+ $this->dns = array();
}
-
+
/********************
- Delete entry confirmed
+ Toggle lock status for user
********************/
+
+ if($s_action == "toggle_lock_status" && isset($this->list[$s_entry])){
- /* Confirmation for deletion has been passed. User should be deleted. */
- if ($this->current_action == "del" && is_object($this->msg_dialog) && $this->msg_dialog->is_confirmed()){
-
- $this->current_action = "";
-
- /* Some nice guy may send this as POST, so we've to check
- for the permissions again. */
-
- $acl = $this->ui->get_permissions($this->dn, "users/user");
-
- if (preg_match('/d/', $acl)){
-
- /* Delete request is permitted, perform LDAP action */
- $this->usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'],$this->dn);
- $this->usertab->set_acl_base();
- $this->usertab->delete ();
- unset ($this->usertab);
- $this->usertab= NULL;
- msg_dialog::display(_("User delted"),_("User successfully removed."),INFO_DIALOG);
- } else {
-
- /* Normally this shouldn't be reached, send some extra
- logs to notify the administrator */
- msg_dialog::display(_("User delete"),_("You are not allowed to delete this user!"),WARNING_DIALOG);
+ /* Get entry check current status */
+ $val = $this->list[$s_entry];
+ if (!preg_match("/w/",$this->ui->get_permissions($val['dn'],"users/password"))){
+ msg_dialog::display(_("Account locking"),
+ _("You have no permission to change the lock status for this user!"),WARNING_DIALOG);
+ }else{
+ $pwd = $val['userPassword'][0];
+ $method = passwordMethod::get_method($pwd,$val['dn']);
+ $success= false;
+ if($method instanceOf passwordMethod){
+ if($method->is_locked($this->config,$val['dn'])){
+ $success= $method->unlock_account($this->config,$val['dn']);
+ }else{
+ $success= $method->lock_account($this->config,$val['dn']);
+ }
- if(isset($this->ui->uid)){
- new log("security","users/".get_class($this),$this->dn,array(),"Tried to trick deletion.");
+ /* Check for success */
+ if (!$success){
+ $hn= $method->get_hash_name();
+ if (is_array($hn)){
+ $hn= $hn[0];
+ }
+ msg_dialog::display(_("Account locking"),
+ sprintf(_("Password method '%s' does not support locking. Account has not been locked!"), $hn),WARNING_DIALOG);
+ }
+ }else{
+ // Can't lock unknown methods.
}
- }
- /* Remove lock file after successfull deletion */
- del_lock ($this->dn);
+ }
}
-
/********************
Delete entry Canceled
********************/
/* Delete user canceled? */
if (isset($_POST['delete_cancel'])){
- del_lock ($this->dn);
+
+ /* Remove lock file after successfull deletion */
+ $this->remove_lock();
+ $this->dns = array();
}
if (!isset($_POST['edit_apply'])){
/* User has been saved successfully, remove lock from LDAP. */
if ($this->dn != "new"){
- del_lock ($this->dn);
+ $this->remove_lock();
}
/* In case of new users, ask for a password, skip this for templates */
unset ($this->usertab);
$this->usertab= NULL;
- unset ($_SESSION['objectinfo']);
+ set_object_info();
+ }else{
+
+ /* Reinitialize tab */
+ if($this->usertab instanceof tabs){
+ $this->usertab->re_init();
+ }
}
} else {
/* Ok. There seem to be errors regarding to the tab data,
show message and continue as usual. */
- show_errors($message);
+ msg_dialog::displayChecks($message);
}
}
- /********************
- We want to create a new user, so fetch all available user templates
- ********************/
-
- /* Generate template list */
- if (($s_action=="new")||($s_action=="create_user_from_tpl")){
-
- $this->templates= array();
- $ldap= $this->config->get_ldap_link();
-
- /* Create list of templates */
- foreach ($this->config->departments as $key => $value){
-
- /* Get acls from different ou's */
- $acl = $this->ui->get_permissions("cn=dummy,".get_people_ou().$value,"users/user") ;
-
- /* If creation of a new user is allowed, append this template */
- if (preg_match("/c/",$acl)){
-
- /* Search all templates from the current dn */
- $ldap->cd (get_people_ou().$value);
- $ldap->search ("(objectClass=gosaUserTemplate)", array("uid"));
-
- /* Append */
- if ($ldap->count() != 0){
- while ($attrs= $ldap->fetch()){
- $this->templates[$ldap->getDN()]=
- $attrs['uid'][0]." - ".@LDAP::fix($key);
- }
- $this->templates['none']= _("none");
- }
- }
- }
-
- /* Sort templates */
- natcasesort ($this->templates);
- reset ($this->templates);
- }
-
/********************
Create a new user,template, user from template
if (isset($_POST['template_continue'])){
$message = array();
if(!isset($_POST['template']) || (empty($_POST['template']))){
- $message[] = _("Please select a valid template.");
+ $message[]= msgPool::invalid(_("Template"));
}
if(!isset($_POST['sn']) || (empty($_POST['sn']))){
- $message[]= _("The required field 'Name' is not set.");
+ $message[]= msgPool::required(_("Name"));
}
if(!isset($_POST['givenName']) || (empty($_POST['givenName']))){
- $message[]= _("The required field 'Given name' is not set.");
+ $message[]= msgPool::required(_("Given name"));
}
/* Show error message / continue editing */
if (count($message) > 0){
- show_errors ($message);
+ msg_dialog::displayChecks($message);
foreach(array("sn", "givenName", "uid", "template") as $attr){
if(isset($_POST[$attr])){
react on this. */
$this->dn= "new";
- if (isset($this->config->current['IDGEN'])){
- $this->got_uid= false;
- } else {
- $this->got_uid= true;
- }
+ $this->got_uid= ($this->config->get_cfg_value("idGenerator") == "");
/* Create new usertab object */
$this->usertab= new usertabs($this->config,$this->config->data['TABS']['USERTABS'], $this->dn);
$this->usertab->by_object['user']->base= $this->DivListUsers->selectedBase;
- $this->usertab->set_acl_base('dummy,'.$this->DivListUsers->selectedBase);
+ $this->usertab->set_acl_base($this->DivListUsers->selectedBase);
/* Take care about templates */
if ($s_action=="new_tpl"){
/* Check for requred values */
$message= array();
if ($this->sn == "") {
- $message[]= _("The required field 'Name' is not set.");
+ $message[]= msgPool::required(_("Name"));
}
if ($this->givenName == "") {
- $message[]= _("The required field 'Given name' is not set.");
+ $message[]= msgPool::required(_("Given name"));
}
/* Check if dn is used */
$ldap->cd ($dn);
$ldap->search ("(&(sn=".normalizeLdap($this->sn).")(givenName=".normalizeLdap($this->givenName)."))", array("givenName"));
if ($ldap->count () != 0){
- $message[]= _("A person with the choosen name is already used in this tree.");
+ msgPool::duplicated(_("Name"));
}
/* Show error message / continue editing */
if (count($message) > 0){
- show_errors ($message);
+ msg_dialog::displayChecks($message);
} else {
$attributes= array('sn' => $this->sn, 'givenName' => $this->givenName);
- if (isset($this->config->current['IDGEN']) &&
- $this->config->current['IDGEN'] != ""){
- $uids= gen_uids ($this->config->current['IDGEN'], $attributes);
+ if ($this->config->get_cfg_value("idGenerator") != ""){
+ $uids= gen_uids ($this->config->get_cfg_value("idGenerator"), $attributes);
if (count($uids)){
$smarty->assign("edit_uid", "false");
$smarty->assign("uids", $uids);
/* Finish template preamble */
if (isset($_POST['template_continue']) && $_POST['template'] != 'none' && (isset($_POST['uid']))){
- /* Might not be filled if IDGEN is unset */
- $this->sn = $_POST['sn'];
- $this->givenName = $_POST['givenName'];
-
/* Move user supplied data to sub plugins */
- $this->uid = $_POST['uid'];
- $this->usertab->uid = $this->uid;
- $this->usertab->sn = $this->sn;
- $this->usertab->givenName = $this->givenName;
+ foreach(array("uid","sn","givenName") as $attr){
+ $this->$attr = $_POST[$attr];
+ $this->usertab->$attr = $this->$attr;
+ $this->usertab->by_object['user']->$attr = $this->$attr;
+ }
+
$template_dn = $_POST['template'];
- $this->usertab->adapt_from_template($template_dn);
- $template_base = preg_replace("/^[^,]+,".normalizePreg(get_people_ou())."/", '', $template_dn);
+ $this->usertab->adapt_from_template($template_dn, array("uid","cn","givenName","sn"));
+ $template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/')."/", '', $template_dn);
$this->usertab->by_object['user']->base= $template_base;
}
/* Show tab dialog if object is present */
if(isset($this->usertab->config)){
+
$display= $this->usertab->execute();
/* Don't show buttons if tab dialog requests this */
}
if(!is_object($dia) && $dia != TRUE){
- $display.= "<p style=\"text-align:right\">\n";
- $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\""._("Ok")."\">\n";
- $display.= " \n";
- if ($this->dn != "new"){
- $display.= "<input type=submit name=\"edit_apply\" value=\""._("Apply")."\">\n";
+ if(($this->usertab instanceOf tabs || $this->usertab instanceOf plugin) && $this->usertab->read_only == TRUE){
+ $display.= "<p style=\"text-align:right\">
+ <input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">
+ </p>";
+ }else{
+ $display.= "<p style=\"text-align:right\">\n";
+ $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
$display.= " \n";
+ if ($this->dn != "new"){
+ $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
+ $display.= " \n";
+ }
+ $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
+ $display.= "</p>";
}
- $display.= "<input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
- $display.= "</p>";
}
return ($display);
}
/* Check if there is a snapshot dialog open */
$base = $this->DivListUsers->selectedBase;
- if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases())){
+ if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases(),$this)){
return($str);
}
/* Return rendered main page */
- /* Display dialog with system list */
$this->DivListUsers->parent = $this;
$this->DivListUsers->execute();
}
$this->reload();
$this->DivListUsers->setEntries($this->list);
+
+ # FILTER Test #################################################
+ ## Build filter
+ #if (!$this->filter) {
+ # $this->filter = new filter(get_template_path("user-filter.xml", true));
+ # $this->filter->setObjectStorage(get_people_ou());
+ #}
+ #$this->filter->update();
+ #session::set('autocomplete', $this->filter);
+ #if (!$this->filter->isValid()){
+ # msg_dialog::display(_("Filter error"), _("The filter is uncomplete!"), ERROR_DIALOG);
+ #}
+
+ ## Build headpage
+ #if (!$this->headpage){
+ # $this->headpage = new listing(get_template_path("user-list.xml", true));
+ # $this->headpage->registerElementFilter("accountProperties", "userManagement::filterProperties");
+ # $this->headpage->registerElementFilter("lockLabel", "userManagement::filterLockLabel");
+ # $this->headpage->registerElementFilter("lockImage", "userManagement::filterLockImage");
+ # $this->headpage->setFilter($this->filter);
+ #}
+
+ ## Needs to be called before update!
+ #$action= $this->headpage->getAction();
+ #if ($action['action'] != '') {
+ # echo "List detected action:";
+ # print_a($action);
+ #}
+
+ ## Refresh for filter
+ #$this->headpage->update();
+ #
+ #return($this->headpage->render());
+ ################################################### FILTER Test
+
return($this->DivListUsers->Draw());
}
+ static function filterLockImage($userPassword)
+ {
+ $image= "images/empty.png";
+
+ if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
+ if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
+ $image= "images/lists/locked.png";
+ }else{
+ $image= "images/lists/unlocked.png";
+ }
+ }
+
+ return $image;
+ }
+
+
+ static function filterLockLabel($userPassword)
+ {
+ $label= "";
+
+ if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
+ if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
+ $label= _("Unlock account");
+ }else{
+ $label= _("Lock account");
+ }
+ }
+
+ return $label;
+ }
+
+
+ static function filterProperties($dn, $row, $class)
+ {
+ $result= "";
+
+ $map= array( "gosaAccount" => array( "image" => "plugins/users/images/select_user.png",
+ "plugin" => "user",
+ "alt" => _("Generic"),
+ "title" => _("Edit generic properties")),
+ "posixAccount" => array("image" => "images/penguin.png",
+ "plugin" => "posixAccount",
+ "alt" => _("POSIX"),
+ "title" => _("Edit POSIX properties")),
+ "gosaMailAccount" => array("image" => "images/mailto.png",
+ "alt" => _("Mail"),
+ "plugin" => "mailAccount",
+ "title" => _("Edit mail properties")),
+ "sambaSamAccount" => array("image" => "plugins/systems/images/select_winstation.png",
+ "plugin" => "sambaAccount",
+ "alt" => _("Samba"),
+ "title" => _("Edit samba properties")),
+ "apple-user" => array("image" => "plugins/netatalk/images/select_netatalk.png",
+ "plugin" => "sambaAccount",
+ "alt" => _("Netatalk"),
+ "title" => _("Edit netatalk properties")),
+ "gotoEnvironment" => array("image" => "plugins/users/images/small_environment.png",
+ "plugin" => "gotoEnvironment",
+ "alt" => _("Environment"),
+ "title" => _("Edit environment properties")),
+ "goFaxAccount" => array("image" => "plugins/users/images/fax_small.png",
+ "plugin" => "goFaxAccount",
+ "alt" => _("FAX"),
+ "title" => _("Edit FAX properties")),
+ "goFonAccount" => array("image" => "plugins/gofon/images/select_phone.png",
+ "plugin" => "goFonAccount",
+ "alt" => _("Phone"),
+ "title" => _("Edit phone properties")));
+
+ // Walk thru map
+ foreach ($map as $oc => $properties) {
+ if (in_array($oc, $class)) {
+ $result.="<input class='center' type='image' src='".$properties['image']."' ".
+ "alt='".$properties['alt']."' title='".$properties['title'].
+ "' name='listing_edit_".$properties['plugin']."_$row' style='padding:1px'>";
+ } else {
+ $result.="<img src='images/empty.png' alt=' ' class='center' style='padding:1px'>";
+ }
+ }
+
+ return $result;
+ }
+
+
+
/* Return departments, that will be included within snapshot detection */
function get_used_snapshot_bases()
{
/* Setup filter depending on selection */
$filter="";
- if ($this->config->current['SAMBAVERSION'] == 3){
- $samba= "sambaSamAccount";
- } else {
- $samba= "sambaAccount";
- }
+ $samba= "sambaSamAccount";
if ($ShowFunctionalUsers){
$filter.= "(&(objectClass=gosaAccount)(!(|(objectClass=posixAccount)".
if ($ShowTemplates){
$filter= "(|(objectClass=gosaUserTemplate)(&(objectClass=gosaAccount)(|$filter)))";
} else {
- $filter= "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|$filter))";
+ $filter= "(&(objectClass=gosaAccount)(objectClass=person)".
+ "(objectClass=inetOrgPerson)(objectClass=organizationalPerson)".
+ "(!(objectClass=gosaUserTemplate))(|$filter))";
}
$filter= "(&(|(uid=".normalizeLdap($Regex).")(sn=".normalizeLdap($Regex).")(givenName=".normalizeLdap($Regex)."))$filter)";
$ldap= $this->config->get_ldap_link(TRUE);
if ($SubSearch){
- $ListTemp = get_list($filter, "users", $base,
+ $ListTemp = get_sub_list($filter, "users", get_people_ou(),$base,
array("uid", "givenName", "sn", "objectClass","userPassword"), GL_SUBSEARCH | GL_SIZELIMIT);
} else {
$base= get_people_ou().$base;
- $ListTemp = get_list($filter, "users", $base,
+ $ListTemp = get_sub_list($filter, "users", get_people_ou(),$base,
array("uid", "givenName", "sn", "objectClass","userPassword"), GL_SIZELIMIT);
}
$SortTemp = array();
$List = array();
+
foreach($ListTemp as $Key => $Entry){
+
+ /* Due to the fact that "inetOrgPerson" is derived from "organizationalPerson" and that openldap
+ doesn't differentiate both classes in search filters, we have to skip entries that do not provide
+ both classes. (Both classes are required for a valid GOsa user Account.)
+ */
+ if(!in_array("inetOrgPerson",$Entry['objectClass'])|| !in_array("organizationalPerson",$Entry['objectClass'])){
+ continue;
+ }
/* Skip entries that are not located under the people ou (normaly 'ou=people,')
* Else winstations will be listed too, if you use the subtree flag.
*/
- if(!preg_match("/".normalizePreg(get_people_ou())."/i",$Entry['dn'])){
+ if(!preg_match("/".preg_quote(get_people_ou(), '/')."/i",$Entry['dn'])){
continue;
}else{
$SortTemp[$display] = $display;
}
}
- sort($SortTemp);
+ natcasesort($SortTemp);
reset($SortTemp);
$this->list = array();
}
}
+
function remove_lock()
{
/* Remove user lock if a DN is marked as "currently edited" */
if (isset($this->usertab->dn)){
del_lock ($this->usertab->dn);
+ }elseif(isset($this->dn) && !empty($this->dn) && $this->dn != "new"){
+ del_lock($this->dn);
+ }
+ if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
+ del_lock($this->dns);
}
}
if(!is_object($this->CopyPasteHandler)){
return("");
}
-
+
+ $ui = get_userinfo();
+
/* Add a single entry to queue */
if($s_action == "cut" || $s_action == "copy"){
+
/* Cleanup object queue */
$this->CopyPasteHandler->cleanup_queue();
$dn = $this->list[$s_entry]['dn'];
- $this->CopyPasteHandler->add_to_queue($dn,$s_action,"usertabs","USERTABS","users");
+ if($s_action == "copy" && $ui->is_copyable($dn,"users","user")){
+ $this->CopyPasteHandler->add_to_queue($dn,$s_action,"usertabs","USERTABS","users");
+ }
+ if($s_action == "cut" && $ui->is_cutable($dn,"users","user")){
+ $this->CopyPasteHandler->add_to_queue($dn,$s_action,"usertabs","USERTABS","users");
+ }
}
/* Add entries to queue */
foreach($this->list_get_selected_items() as $id){
$dn = $this->list[$id]['dn'];
- if($s_action == "copy_multiple"){
+ if($s_action == "copy_multiple" && $ui->is_copyable($dn,"users","user")){
$this->CopyPasteHandler->add_to_queue($dn,"copy","usertabs","USERTABS","users");
}
- if($s_action == "cut_multiple"){
+ if($s_action == "cut_multiple" && $ui->is_cutable($dn,"users","user")){
$this->CopyPasteHandler->add_to_queue($dn,"cut","usertabs","USERTABS","users");
}
}
/* Return C&P dialog */
if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){
- /* Load entry from queue and set base */
- $this->CopyPasteHandler->load_entry_from_queue();
- $this->CopyPasteHandler->SetVar("base",$this->DivListUsers->selectedBase);
-
/* Get dialog */
+ $this->CopyPasteHandler->SetVar("base",$this->DivListUsers->selectedBase);
$data = $this->CopyPasteHandler->execute();
/* Set CPPasswordChange to s_entry which indicates that this entry requires a new password. */
if(!is_object($this->usertab)){
$this->DivListUsers->save_object();
}
+ if(is_object($this->CopyPasteHandler)){
+ $this->CopyPasteHandler->save_object();
+ }
}
function remove_from_parent() { }
function check() { }
function save() { }
- function adapt_from_template($dn) { }
+ function adapt_from_template($dn, $skip= array()) { }
function password_change_needed() { }
} /* ... class userManagement */