![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index 02c5ebc9658fd60762139e90b7515223f7497e48..f554cf3720ce6ff546493b934fb182110eb4bd5a 100644 (file)
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
-class userManagement extends plugin
+class userManagement extends management
{
- /* Plugin definitions */
- var $plHeadline = "Users";
- var $plDescription = "Manage users";
- var $plIcon = "plugins/users/images/user.png";
-
- /* Dialog attributes */
- var $usertab = NULL;
- var $ui = NULL;
- var $templates = array();
- var $got_uid = false;
- var $CopyPasteHandler = NULL;
- var $CPPasswordChange = ""; // Contains the entry id which should get a new password
- var $DivListUsers;
-
- var $pwd_change_queue = array();
-
- var $start_pasting_copied_objects = FALSE;
- var $msg_dialog= NULL;
- var $acl_module = array("users");
- var $dns = array();
-
- function userManagement(&$config, $ui)
- {
- /* Save configuration for internal use */
- $this->config= &$config;
- $this->ui= &$ui;
-
- /* Copy & Paste handler */
- if ($this->config->boolValueIsTrue("main", "enableCopyPaste")){
- $this->CopyPasteHandler= new CopyPasteHandler($this->config);
- }
-
- /* Creat dialog object */
- $this->DivListUsers = new divListUsers($this->config,$this);
-
- }
-
+ var $plHeadline = "Users";
+ var $plDescription = "Manage aspects of user accounts like generic, POSIX, samba and mail settings";
+ var $plIcon = "plugins/users/images/user.png";
+
+ var $sn = "";
+ var $givenName = "";
+ var $uid = "";
+ var $got_uid = "";
+ var $edit_uid = "";
+
+ var $pwd_change_queue = array();
+ var $force_hash_type = array();
+
+ // Tab definition
+ protected $tabClass = "usertabs";
+ protected $tabType = "USERTABS";
+ protected $aclCategory = "users";
+ protected $aclPlugin = "user";
+ protected $objectName = "user";
+
+ protected $proposal = "";
+ protected $proposalEnabled = FALSE;
+ protected $proposalSelected = FALSE;
+
+ protected $passwordChangeForceable = FALSE;
+ protected $enforcePasswordChange = FALSE;
+
+ function __construct($config,$ui)
+ {
+ $this->config = $config;
+ $this->ui = $ui;
+
+ $this->storagePoints = array(get_ou("core", "userRDN"));
+
+ // Build filter
+ if (session::global_is_set(get_class($this)."_filter")){
+ $filter= session::global_get(get_class($this)."_filter");
+ } else {
+ $filter = new filter(get_template_path("user-filter.xml", true));
+ $filter->setObjectStorage($this->storagePoints);
+ }
+ $this->setFilter($filter);
+
+ // Build headpage
+ $headpage = new listing(get_template_path("user-list.xml", true));
+ $headpage->registerElementFilter("lockLabel", "userManagement::filterLockLabel");
+ $headpage->registerElementFilter("lockImage", "userManagement::filterLockImage");
+ $headpage->registerElementFilter("filterProperties", "userManagement::filterProperties");
+ $headpage->setFilter($filter);
+
+ // Add copy&paste and snapshot handler.
+ if ($this->config->boolValueIsTrue("core", "copyPaste")){
+ $this->cpHandler = new CopyPasteHandler($this->config);
+ }
+ if($this->config->get_cfg_value("core","enableSnapshots") == "true"){
+ $this->snapHandler = new SnapshotHandler($this->config);
+ }
- function execute()
- {
- /* Call parent execute */
- plugin::execute();
+ parent::__construct($config, $ui, "users", $headpage);
+
+ // Register special user actions
+ $this->registerAction("lock", "lockEntry");
+ $this->registerAction("lockUsers", "lockUsers");
+ $this->registerAction("unlockUsers", "lockUsers");
+ $this->registerAction("new_template", "newTemplate");
+ $this->registerAction("newfromtpl", "newUserFromTemplate");
+ $this->registerAction("templateContinue", "templateContinue");
+ $this->registerAction("templatize", "templatizeUsers");
+ $this->registerAction("templatizeContinue", "templatizeContinue");
+
+ $this->registerAction("password", "changePassword");
+ $this->registerAction("passwordQueue", "handlePasswordQueue");
+ $this->registerAction("passwordCancel", "closeDialogs");
+
+ $this->registerAction("sendMessage", "sendMessage");
+ $this->registerAction("saveEventDialog", "saveEventDialog");
+ $this->registerAction("abortEventDialog", "closeDialogs");
+
+ // Register shortcut icon actions
+ $this->registerAction("edit_user","editEntry");
+ $this->registerAction("edit_posixAccount","editEntry");
+ $this->registerAction("edit_mailAccount","editEntry");
+ $this->registerAction("edit_sambaAccount","editEntry");
+ $this->registerAction("edit_netatalk","editEntry");
+ $this->registerAction("edit_environment","editEntry");
+ $this->registerAction("edit_gofaxAccount","editEntry");
+ $this->registerAction("edit_phoneAccount","editEntry");
+ }
+
+
+ // Inject user actions
+ function detectPostActions()
+ {
+ $action = management::detectPostActions();
+ if(isset($_POST['template_continue'])) $action['action'] = "templateContinue";
+ if(isset($_POST['templatize_continue'])) $action['action'] = "templatizeContinue";
+ if(isset($_POST['save_event_dialog'])) $action['action'] = "saveEventDialog";
+ if(isset($_POST['abort_event_dialog'])) $action['action'] = "abortEventDialog";
+ if(isset($_POST['password_cancel'])){
+ $action['action'] = "passwordCancel";
+ }elseif((count($this->pwd_change_queue) || isset($_POST['password_finish']) || isset($_POST['refreshProposal']))){
+ $action['action'] = "passwordQueue";
+ }
+ return($action);
+ }
- /* LOCK MESSAGE Vars */
- session::set('LOCK_VARS_TO_USE',array("/^act$/","/^id$/","/^user_edit_/","/^user_del_/","/^item_selected/","/^remove_multiple_users/","/^multiple_edit/","/menu_action/"));
- $smarty = get_smarty(); // Smarty instance
- $s_action = ""; // Contains the action to be taken
- $s_entry = ""; // The value for s_action
+ function editEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="")
+ {
+ $str = management::editEntry($action,$target);
+ if($str) return($str);
- /* Edit entry button pressed? */
- if( isset($_GET['act']) && $_GET['act'] == "edit_entry" ){
- $s_action= "edit";
- $s_entry= validate($_GET['id']);
- }
-
- /* Test relevant POST values */
- foreach($_POST as $key => $val){
-
- /* Get every possible POST combination and set s_action/s_entry accordingly */
- foreach(array("del" => "user_del",
- "edit" => "user_edit",
- "new" => "user_new",
- "new_tpl" => "user_tplnew",
- "del_multiple" => "^remove_multiple_users",
- "create_user_from_tpl" => "userfrom_tpl",
- "change_pw" => "user_chgpw",
- "editPaste" => "editPaste",
- "copy_multiple" => "multiple_copy_users",
- "multiple_edit" => "multiple_edit",
- "cut_multiple" => "multiple_cut_users",
- "multiple_password_change" => "multiple_password_change",
- "copy" => "^copy",
- "toggle_lock_status" => "toggle_lock_status",
- "cut" => "^cut") as $act => $name){
-
- if (preg_match("/".$name.".*/", $key)){
- $s_action= $act;
- $s_entry= preg_replace("/".$name."_/i", "", $key);
- break;
+ if(preg_match("/^edit_/",$action)){
+ $tab = preg_replace("/^edit_/","",$action);
+ if(isset($this->tabObject->by_object[$tab])){
+ $this->tabObject->current = $tab;
+ }else{
+ trigger_error("Unknown tab: ".$tab);
+ }
}
- }
-
- } /* ...Test POST */
-
- /* Remove coordinate prefix from POST, required by some browsers */
- $s_entry= preg_replace("/_.$/", "", $s_entry);
-
- /* Seperate possibly encoded tab and entry, default to tab "user" */
- if(preg_match("/.*-.*/", $s_entry)){
- $s_tab= preg_replace("/^[^-]*-/i", "" ,$s_entry);
- $s_entry= preg_replace("/-[^-]*$/i", "", $s_entry);
- }else{
- $s_tab= "user";
}
- if(!$this->config->search($s_tab, 'class',array('tabs'))){
- $s_tab = "user";
- }
-
- if (isset($_POST['menu_action'])){
-
- /* handle C&P from layers menu */
- if(preg_match("/^multiple_copy_systems/",$_POST['menu_action'])){
- $s_action = "copy_multiple";
- }
- if(preg_match("/^multiple_cut_systems/",$_POST['menu_action'])){
- $s_action = "cut_multiple";
- }
- if(preg_match("/^editPaste/",$_POST['menu_action'])){
- $s_action = "editPaste";
- }
-
- /* Create options */
- if($_POST['menu_action'] == "user_new"){
- $s_action = "new";
- }
- if($_POST['menu_action'] == "user_tplnew"){
- $s_action = "new_tpl";
- }
- if($_POST['menu_action'] == "multiple_edit"){
- $s_action = "multiple_edit";
- }
-
- /* handle remove from layers menu */
- if(preg_match("/^multiple_password_change/",$_POST['menu_action'])){
- $s_action = "multiple_password_change";
- }
-
- /* handle remove from layers menu */
- if(preg_match("/^remove_multiple/",$_POST['menu_action'])){
- $s_action = "del_multiple";
- }
- if(preg_match("/^templatize_multiple/",$_POST['menu_action'])){
- $s_action = "templatize_multiple";
- }
-
- if(preg_match("/^event/",$_POST['menu_action'])){
- $s_action = $_POST['menu_action'];
- }
- }
- /* Use template */
- if(isset($_POST['templatize_continue'])){
- $s_action = "templatize_continue";
+ function closeDialogs()
+ {
+ management::closeDialogs();
+ $this->pwd_change_queue = array();
}
- /********************
- Create notification event
- ********************/
-
- if(preg_match("/^event_/",$s_action) && class_available("DaemonEvent")){
- $ids = $this->list_get_selected_items();
- $uids = array();
- foreach($ids as $id){
- $uids[] = $this->list[$id]['uid'][0];
- }
- if(count($uids)){
- $events = DaemonEvent::get_event_types(USER_EVENT);
- $event = preg_replace("/^event_/","",$s_action);
- if(isset($events['BY_CLASS'][$event])){
- $type = $events['BY_CLASS'][$event];
- $this->usertab = new $type['CLASS_NAME']($this->config);
- $this->usertab->add_users($uids);
- $this->usertab->set_type(TRIGGERED_EVENT);
+ /*! \brief Sends a message to a set of users using gosa-si events.
+ */
+ function sendMessage($action="",$target=array(),$all=array())
+ {
+ if(class_available("DaemonEvent")){
+ $uids = array();
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ foreach($target as $dn){
+ $ldap->cat($dn,array('uid'));
+ $attrs = $ldap->fetch();
+ if(isset($attrs['uid'][0])){
+ $uids[] = $attrs['uid'][0];
+ }
+ }
+ if(count($uids)){
+ $events = DaemonEvent::get_event_types(USER_EVENT);
+ $event = "DaemonEvent_notify";
+ if(isset($events['BY_CLASS'][$event])){
+ $type = $events['BY_CLASS'][$event];
+ $this->dialogObject = new $type['CLASS_NAME']($this->config);
+ $this->dialogObject->add_users($uids);
+ $this->dialogObject->set_type(SCHEDULED_EVENT);
+ }
+ }
}
- }
}
- /* Abort event dialog */
- if(isset($_POST['abort_event_dialog'])){
- $this->usertab = FALSE;
- }
- /* Save event */
- if(isset($_POST['save_event_dialog'])){
- $this->usertab->save_object();
- $msgs = $this->usertab->check();
- if(count($msgs)){
- msg_dialog::displayChecks($msgs);
- }else{
-
- $o_queue = new gosaSupportDaemon();
- $o_queue->append($this->usertab);
- if($o_queue->is_error()){
- msg_dialog::display(_("Infrastructure error"), msgPool::siError($o_queue->get_error()),ERROR_DIALOG);
+ /*! \brief Sends a message to a set of users using gosa-si events.
+ */
+ function saveEventDialog()
+ {
+ $this->dialogObject->save_object();
+ $msgs = $this->dialogObject->check();
+ if(count($msgs)){
+ msg_dialog::displayChecks($msgs);
}else{
- $this->usertab = FALSE;
+ $o_queue = new gosaSupportDaemon();
+ $o_queue->append($this->dialogObject);
+ if($o_queue->is_error()){
+ msg_dialog::display(_("Infrastructure error"), msgPool::siError($o_queue->get_error()),ERROR_DIALOG);
+ }
+ $this->closeDialogs();
}
- }
}
- /* Display event */
- if($this->usertab instanceof DaemonEvent){
- $this->usertab->save_object();
- return($this->usertab->execute());
- }
-
- /********************
- Copy & Paste
- ********************/
-
- /* Display the copy & paste dialog, if it is currently open */
- if($this->CPPasswordChange == ""){
- $ret = $this->copyPasteHandling_from_queue($s_action,$s_entry);
- if($ret){
- return($ret);
- }
+ /*! \brief Intiates template creation.
+ */
+ function newTemplate($action,$entry)
+ {
+ $this->newEntry();
+ $this->tabObject->set_template_mode ();
}
- /********************
- Change password confirmed
- ********************/
-
- /* Perform password change */
- if (isset($_POST['password_finish'])){
-
- /* For security reasons, check if user is allowed to set password again */
- $dn = $this->dn;
- $acl = $this->ui->get_permissions($dn, "users/password");
- $cacl= $this->ui->get_permissions($dn, "users/user");
-
- /* Are we allowed to create a new user or to set the password attribute? */
- if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){
-
- /* Check input and feed errors into 'message' */
- $message= array();
-
- /* Sanity checks... */
- if ($_POST['new_password'] != $_POST['repeated_password']){
-
- /* Matching passwords in new and repeated? */
- $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
- } else {
-
- /* Empty password is not permitted by default. */
- if ($_POST['new_password'] == ""){
- msgPool::required(_("New password"));
- }
- }
-
- /* Errors, or password change? */
- if (count($message) != 0){
-
- /* Show error message and continue editing */
- msg_dialog::displayChecks($message);
- return($smarty->fetch(get_template_path('password.tpl', TRUE)));
- }
-
- $config= $this->config;
- $ldap_ui= $this->config->get_ldap_link();
- if(isset($this->usertab->dn)){
- $ldap_ui->cat($this->usertab->dn,array("uid"));
- $user = $ldap_ui->fetch();
- }else{
- $ldap_ui->cat($this->dn,array("uid"));
- $user = $ldap_ui->fetch();
- }
- if((is_array($user))&&(isset($user['uid']))){
- $username= $user['uid'][0];
- }
+ /*! \brief Queues a set of users for password changes
+ */
+ function changePassword($action="",$target=array(),$all=array())
+ {
+ $this->dn ="";
+ $this->pwd_change_queue = $target;
- /* Set password, perform required steps */
- if ($this->usertab){
- if ($this->usertab->password_change_needed()){
- $obj= $this->usertab->by_object['user'];
- if(!change_password ($this->usertab->dn, $_POST['new_password'],0, $obj->pw_storage)){
- return($smarty->fetch(get_template_path('password.tpl', TRUE)));
- }
- if ($config->get_cfg_value("externalpwdhook") != ""){
- exec($config->get_cfg_value("externalpwdhook")." ".$username." ".$_POST['new_password'], $resarr);
+ // Check permisions
+ $disallowed = array();
+ foreach($this->pwd_change_queue as $key => $dn){
+ if(!preg_match("/w/",$this->ui->get_permissions($dn,$this->aclCategory."/password"))){
+ unset($this->pwd_change_queue[$key]);
+ $disallowed[] = $dn;
}
- new log("modify","users/".get_class($this),$this->usertab->dn,array(),"Password has been changed");
- unset($this->usertab);
- $this->usertab= NULL;
- }
- } else {
- if(!change_password ($this->dn, $_POST['new_password'])){
- return($smarty->fetch(get_template_path('password.tpl', TRUE)));
- }
- if ($config->get-cfg_value("externalpwdhook") != ""){
- exec($config->get-cfg_value("externalpwdhook")." ".$username." ".$_POST['new_password'], $resarr);
- }
- new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed");
}
- } else {
-
- /* Missing permissions, show message */
- msg_dialog::display(_("Password change"),_("You have no permission to change this users password!"),WARNING_DIALOG);
- }
- /* Clean session, delete lock */
- $this->remove_lock();
- unset ($this->usertab);
- $this->usertab= NULL;
- $this->lognames= array();;
- $this->sn= "";
- $this->givenName= "";
- $this->uid= "";
- session::un_set('objectinfo');
- }
-
-
- /********************
- Change multiple passwords requested
- ********************/
-
- if($s_action == "multiple_password_change"){
- $this->pwd_change_queue = $this->list_get_selected_items();
- $disallowed = array();
- foreach($this->pwd_change_queue as $key => $id){
- if(!preg_match("/w/",$this->ui->get_permissions($this->list[trim($id)]['dn'],"users/password"))){
- unset($this->pwd_change_queue[$key]);
- $disallowed[] = $this->list[trim($id)]['dn'];
+ if(count($disallowed)){
+ msg_dialog::display(_("Permission"),msgPool::permModify($disallowed),INFO_DIALOG);
}
- }
- if(count($disallowed)){
- msg_dialog::display(_("Permission"),msgPool::permModify($disallowed),INFO_DIALOG);
- }
- }
-
-
- /********************
- Change password requested
- ********************/
-
- /* Password change requested */
- if (($s_action == "change_pw") || (!empty($this->CPPasswordChange)) || count($this->pwd_change_queue)){
-
- /* Get users whose passwords should be changed. */
- if(count($this->pwd_change_queue)){
- $s_entry= array_pop($this->pwd_change_queue);
- }
-
- if(!empty($this->CPPasswordChange)){
- $s_entry = $this->CPPasswordChange;
- $this->CPPasswordChange = "";
- }
-
- /* Get 'dn' from posted 'uid' */
- $this->dn= $this->list[trim($s_entry)]['dn'];
-
- /* Load permissions for selected 'dn' and check if
- we're allowed to remove this 'dn' */
- if (preg_match("/w/",$this->ui->get_permissions($this->dn,"users/password"))){
-
- /* User is allowed to change passwords, save 'dn' and 'acl' for next
- dialog. */
- session::set('objectinfo',$this->dn);
- return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
- } else {
- /* User is not allowed. Show message and cancel. */
- msg_dialog::display(_("Password change"),_("You have no permission to change this users password!"),WARNING_DIALOG);
- }
+
+ // Now display change dialog.
+ return($this->handlePasswordQueue());
}
- /********************
- Edit existing entry
- ********************/
+ function refreshProposal()
+ {
+ $this->proposal = passwordMethod::getPasswordProposal($this->config);
+ $this->proposalEnabled = (!empty($this->proposal));
+ }
- /* User wants to edit data? */
- if (($s_action=="edit") && (!isset($this->usertab->config))){
+ function handlePasswordQueue()
+ {
+ // skip if nothing is to do
+ if(empty($this->dn) && !count($this->pwd_change_queue)) return;
- /* Get 'dn' from posted 'uid', must be unique */
- $this->dn= $this->list[trim($s_entry)]['dn'];
+ // Refresh proposal if requested
+ if(isset($_POST['refreshProposal'])) $this->refreshProposal();
+ if(isset($_POST['proposalSelected'])) $this->proposalSelected = get_post('proposalSelected') == 1;
- /* Check locking, save current plugin in 'back_plugin', so
- the dialog knows where to return. */
- if (($user= get_lock($this->dn)) != ""){
- return(gen_locked_message ($user, $this->dn));
- }
+ $this->enforcePasswordChange = isset($_POST['new_password']) && isset($_POST['enforcePasswordChange']);
- /* Lock the current entry, so everyone will get the
- above dialog */
- add_lock ($this->dn, $this->ui->dn);
+ $smarty = get_smarty();
+ $smarty->assign("proposal" , set_post($this->proposal));
+ $smarty->assign("proposalEnabled" , $this->proposalEnabled);
+ $smarty->assign("proposalSelected" , $this->proposalSelected);
- /* Register usertab to trigger edit dialog */
- $this->usertab= new usertabs($this->config,
- $this->config->data['TABS']['USERTABS'], $this->dn);
+ $smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable);
+ $smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange);
- /* Switch tab, if it was requested by the user */
- $this->usertab->current = $s_tab;
+ // Get next entry from queue.
+ if(empty($this->dn) && count($this->pwd_change_queue)){
- /* Set ACL and move DN to the headline */
- $this->usertab->set_acl_base($this->dn);
- session::set('objectinfo',$this->dn);
- }
+ // Generate new proposal
+ $this->refreshProposal();
+ $this->proposalSelected = ($this->proposal != "");
+ $this->dn = array_pop($this->pwd_change_queue);
+ // Check if we are able to enforce a password change
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->cat($this->dn);
+ $attrs = $ldap->fetch();
+ $this->passwordChangeForceable =
+ in_array('sambaAccount', $attrs['objectClass']) ||
+ (in_array('posixAccount', $attrs['objectClass']) && isset($attrs['shadowMax']));
+ $smarty->assign("passwordChangeForceable" , $this->passwordChangeForceable);
+ $smarty->assign("enforcePasswordChange" , $this->enforcePasswordChange);
- /********************
- Edit multiple entries
- ********************/
-
- /* User wants to edit data? */
- if ($s_action == "multiple_edit" && !isset($this->usertab->config)){
-
- $this->dn = array();
- foreach($this->list_get_selected_items() as $id){
- $this->dn[] = $this->list[$id]['dn'];;
- }
- $tmp = new multi_plug($this->config,"usertabs",$this->config->data['TABS']['USERTABS'],
- $this->dn,$this->DivListUsers->selectedBase,"user");
- if ($tmp->entries_locked()){
- return($tmp->display_lock_message());
- }
- $tmp->lock_entries($this->ui->dn);
- if($tmp->multiple_available()){
- $this->usertab = $tmp;
- $this->usertab->set_active_tab($s_tab);
- session::set('objectinfo',$this->usertab->get_object_info());
- }
- }
-
+ // Assign proposal variables
+ $smarty->assign("proposal" , set_post($this->proposal));
+ $smarty->assign("proposalEnabled" , $this->proposalEnabled);
+ $smarty->assign("proposalSelected" , $this->proposalSelected);
- /********************
- Edit canceled
- ********************/
-
- /* Reset all relevant data, if we get a _cancel request */
- if (isset($_POST['edit_cancel']) || isset($_POST['password_cancel'])){
- if (isset($this->usertab)){
- $this->remove_lock();
- }
- $this->usertab= NULL;
- $this->lognames= array();;
- $this->sn= "";
- $this->givenName= "";
- $this->uid= "";
- session::un_set('objectinfo');
- }
+ set_object_info($this->dn);
+ return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+ // If we've just refreshed the proposal then do not check the password for validity.
+ if(isset($_POST['refreshProposal'])){
+ return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
- /********************
- We want to create a new user, so fetch all available user templates
- ********************/
-
- /* Generate template list */
- if ($s_action == "new" || $s_action == "create_user_from_tpl" || $s_action == "templatize_multiple"){
-
- $this->templates= array();
- $ldap= $this->config->get_ldap_link();
-
- /* Create list of templates */
- foreach ($this->config->departments as $key => $value){
-
- /* Get acls from different ou's */
- $acl = $this->ui->get_permissions("cn=dummy,".get_people_ou().$value,"users/user") ;
-
- /* If creation of a new user is allowed, append this template */
- if (preg_match("/c/",$acl)){
-
- /* Search all templates from the current dn */
- $ldap->cd (get_people_ou().$value);
- $ldap->search ("(objectClass=gosaUserTemplate)", array("uid"));
-
- /* Append */
- if ($ldap->count() != 0){
- while ($attrs= $ldap->fetch()){
- $this->templates[$ldap->getDN()]=
- $attrs['uid'][0]." - ".@LDAP::fix($key);
- }
- if ($s_action != "templatize_multiple"){
- $this->templates['none']= _("none");
+ // Check permissions
+ if(isset($_POST['password_finish'])){
+
+ $dn = $this->dn;
+ $acl = $this->ui->get_permissions($dn, "users/password");
+ $cacl= $this->ui->get_permissions($dn, "users/user");
+ if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){
+
+ // Get posted passwords
+ if($this->proposalSelected){
+ $new_password = $this->proposal;
+ $repeated_password = $this->proposal;
+ }else{
+ $new_password = get_post('new_password');
+ $repeated_password = get_post('repeated_password');
+ }
+
+ // Check posted passwords now.
+ $message= array();
+ if ($new_password != $repeated_password){
+ $message[]= _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
+ } else {
+ if ($new_password == ""){
+ $message[] = msgPool::required(_("New password"));
+ }
+ }
+
+ // Call external check hook to validate the password change
+ if(!count($message)){
+ $attrs = array();
+ $attrs['current_password'] = '';
+ $attrs['new_password'] = $new_password;
+ $checkRes = password::callCheckHook($this->config,$this->dn,$attrs);
+ if(count($checkRes)){
+ $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"),
+ implode($checkRes));
+ }
+ }
+
+ // Display errors
+ if (count($message) != 0){
+ msg_dialog::displayChecks($message);
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+
+
+
+ // Change password
+ if(isset($this->force_hash_type[$this->dn])){
+ if(!change_password ($this->dn, $new_password,0,$this->force_hash_type[$this->dn],'', $message)){
+ msg_dialog::displayChecks(array($message));
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+ }else{
+ if(!change_password ($this->dn, $new_password,0,'','',$message)){
+ msg_dialog::displayChecks(array($message));
+ return($smarty->fetch(get_template_path('password.tpl', TRUE)));
+ }
+ }
+
+ // The user has to change his password on next login
+ // - We are going to update samba and posix attributes here, to enforce
+ // such a password change.
+ if($this->passwordChangeForceable && $this->enforcePasswordChange){
+
+ // Check if we are able to enforce a password change
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->cat($this->dn);
+ $attrs = $ldap->fetch();
+ $samba = in_array('sambaSamAccount', $attrs['objectClass']);
+ $posix = in_array('posixAccount', $attrs['objectClass']);
+
+ // Update the posix shadow flag...
+ if($posix){
+
+ $current= floor(date("U") /60 /60 /24);
+ $enforceDate = $current - $attrs['shadowMax'][0];
+ $new_attrs = array();
+ $new_attrs['shadowLastChange'] = $enforceDate;
+ $ldap->cd($this->dn);
+ $ldap->modify($new_attrs);
+
+# $posixAccount = new posixAccount($this->config, $this->dn);
+# $posixAccount->is_modified=TRUE;
+# $posixAccount->activate_shadowExpire=1;
+# $posixAccount->shadowExpire = date('d.m.Y', time() - (1 * 24 * 60 *60));
+# $posixAccount->save();
+ }
+
+ // Update the samba kickoff flag...
+ if($samba){
+ $sambaAccount = new sambaAccount($this->config, $this->dn);
+ $sambaAccount->is_modified=TRUE;
+ $sambaAccount->flag_enforcePasswordChange = TRUE;
+ $sambaAccount->flag_cannotChangePassword = FALSE;
+ $sambaAccount->save();
+ }
+ }
+
+ new log("modify","users/".get_class($this),$this->dn,array(),"Password has been changed");
+ $this->dn ="";
+
+ } else {
+ msg_dialog::display(_("Password change"),
+ _("You have no permission to change this users password!"),
+ WARNING_DIALOG);
}
- }
}
- }
- /* Sort templates */
- natcasesort ($this->templates);
- reset ($this->templates);
+ // Cleanup
+ if(!count($this->pwd_change_queue) && $this->dn=""){
+ $this->remove_lock();
+ $this->closeDialogs();
+ }else{
+ return($this->handlePasswordQueue());
+ }
}
- /********************
- Apply template to multiple entries requested, display confirm dialog
- ********************/
+ /*! \brief Save user modifications.
+ * Whenever we save a 'new' user, request a password change for him.
+ */
+ function saveChanges()
+ {
+ $str = management::saveChanges();
- if ($s_action=="templatize_multiple"){
- $ids = $this->list_get_selected_items();
- $this->dns = array();
- if(count($ids)){
+ if(!empty($str)) return($str);
- foreach($ids as $id){
- $dn = $this->list[$id]['dn'];
- if (($user= get_lock($dn)) != ""){
- return(gen_locked_message ($user, $dn));
- }
- $this->dns[$id] = $dn;
+ if($this->last_tabObject instanceOf multi_plug){
+ foreach($this->last_tabObject->a_handles as $user){
+ if($user->password_change_needed()){
+ $this->force_hash_type[$user->dn] = $user->by_object['user']->pw_storage;
+ $this->pwd_change_queue[] = $user->dn;
+ }
+ }
+ return($this->handlePasswordQueue());
}
- }
-
- $smarty->assign("templates", $this->templates);
- return($smarty->fetch(get_template_path('templatize.tpl', TRUE)));
- }
-
- /* Perform templatizing after the button has been pressed */
- if ($s_action == "templatize_continue"){
-
- $acl = $this->ui->get_permissions($_POST['template'], "users/user");
-
- /* Template readable? */
- if (preg_match('/r/', $acl)){
- $template_dn= $_POST['template'];
-
- foreach ($this->dns as $dn){
- $acl = $this->ui->get_permissions($_POST['template'], "users/user");
- if (preg_match('/w/', $acl)){
- $usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $dn);
- $usertab->adapt_from_template($template_dn, array("sn", "givenName", "uid"));
- $usertab->save();
- unset ($usertab);
- $usertab= NULL;
- } else {
- msg_dialog::display(_("Permission error"), sprintf(_("You have no permission to modify object '%s'!"), $dn), ERROR_DIALOG);
- }
+ if(isset($this->last_tabObject->by_object['user']) && $this->last_tabObject->by_object['user']->password_change_needed()){
+ $this->force_hash_type[$this->last_tabObject->dn] = $this->last_tabObject->by_object['user']->pw_storage;
+ $this->pwd_change_queue[] = $this->last_tabObject->dn;
+ return($this->handlePasswordQueue());
}
- } else {
- msg_dialog::display(_("Permission error"), _("You have no permission to use this template!"), ERROR_DIALOG);
- }
-
}
+ function cancelEdit()
+ {
+ $str = management::cancelEdit();
+ if(!empty($str)) return($str);
- /********************
- Delete MULTIPLE entries requested, display confirm dialog
- ********************/
-
- if ($s_action=="del_multiple" || $s_action == "del"){
-
- if($s_action == "del"){
-
- /* Get 'dn' from posted 'uid' */
- $ids = array($s_entry);
- }else{
- $ids = $this->list_get_selected_items();
- }
-
- $this->dns = array();
- if(count($ids)){
- $disallowed = array();
- foreach($ids as $id){
- $dn = $this->list[$id]['dn'];
- $acl = $this->ui->get_permissions($dn, "users/user");
- if(preg_match("/d/",$acl)){
- $this->dns[$id] = $dn;
- }else{
- $disallowed[] = $dn;
- }
- }
-
- if(count($disallowed)){
- msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
- }
-
- if(count($this->dns)){
-
- /* Check locks */
- if ($user= get_multiple_locks($this->dns)){
- return(gen_locked_message($user,$this->dns));
- }
-
- $dns_names = array();
- foreach($this->dns as $dn){
- $dns_names[] = @LDAP::fix($dn);
- }
-
- add_lock($this->dns, $this->ui->dn);
-
- /* Lock the current entry, so nobody will edit it during deletion */
- $info = sprintf(msgPool::deleteInfo($dns_names,_("user")));
-
- /* Lock the current entry, so nobody will edit it during deletion */
- $smarty->assign("info", msgPool::deleteInfo($dns_names));
- return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
+ if(isset($this->last_tabObject->by_object['user']) &&
+ $this->last_tabObject->by_object['user']->dn != "new" &&
+ $this->last_tabObject->by_object['user']->password_change_needed()){
+ $this->force_hash_type[$this->last_tabObject->dn] = $this->last_tabObject->by_object['user']->pw_storage;
+ $this->pwd_change_queue[] = $this->last_tabObject->dn;
+ return($this->handlePasswordQueue());
}
- }
}
- /********************
- Delete MULTIPLE entries confirmed
- ********************/
+ /*! \brief Intiates user creation.
+ * If we've user templates, then the user will be asked to use to use one.
+ * -> See 'templateContinue' for further handling.
+ */
+ function newUserFromTemplate($action="",$target=array(),$all=array())
+ {
+ // Call parent method, it knows whats to do, locking and so on ...
+ $str = management::newEntry($action,$target,$all);
+ if(!empty($str)) return($str);
- if(isset($_POST['delete_user_confirm'])){
+ // Reset uid selection.
+ $this->got_uid= "";
- /* Remove user by user and check acls before removeing them */
- foreach($this->dns as $key => $dn){
+ // Use template if there are any of them
+ $templates = array();
+ $templates['none']= _("none");
+ $templates = array_merge($templates,$this->get_templates());
- $acl = $this->ui->get_permissions($dn, "users/user");
- if (preg_match('/d/', $acl)){
+ // We've templates, so preset the current template and display the input dialog.
+ if (count($templates)){
+ $smarty = get_smarty();
+ foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
+ $smarty->assign("$attr", "");
+ }
+ $smarty->assign("template", array_pop($target));
+ $smarty->assign("templates", $templates);
+ $smarty->assign("edit_uid", "");
+ return($smarty->fetch(get_template_path('template.tpl', TRUE)));
- /* Delete request is permitted, perform LDAP action */
- $this->usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'],$dn);
- $this->usertab->set_acl_base();
- $this->usertab->delete ();
- unset ($this->usertab);
- $this->usertab= NULL;
- } else {
- msg_dialog::display(_("Warning"),msgPool::permDelete($dn),WARNING_DIALOG);
- if(isset($this->ui->uid)){
- new log("security","users/".get_class($this),$dn,array(),"Tried to trick deletion.");
- }
+ // -> See 'templateContinue' for further handling!
}
- }
- /* Remove lock file after successfull deletion */
- $this->remove_lock();
- $this->dns = array();
}
-
- /********************
- Toggle lock status for user
- ********************/
-
- if($s_action == "toggle_lock_status" && isset($this->list[$s_entry])){
- /* Get entry check current status */
- $val = $this->list[$s_entry];
- $pwd = $val['userPassword'][0];
+ /*! \brief Intiates user creation.
+ * If we've user templates, then the user will be asked
+ * if he wants to use one.
+ * -> See 'templateContinue' for further handling.
+ */
+ function newEntry($action="",$target=array(),$all=array(), $altTabClass ="", $altTabType = "", $altAclCategory="")
+ {
- if (!preg_match("/w/",$this->ui->get_permissions($val['dn'],"users/password"))){
+ // Call parent method, it manages everything, locking, object creation...
+ $str = management::newEntry($action,$target,$all);
+ if(!empty($str)) return($str);
- /* Missing permissions, show message */
- msg_dialog::display(_("Password change"),_("You have no permission to change the lock status for this user!"),WARNING_DIALOG);
+ // If we've at least one template, then ask the user if he wants to use one?
+ $templates = array();
+ $templates['none']= _("none");
+ $templates = array_merge($templates,$this->get_templates());
- }else{
+ // Display template selection
+ if (count($templates) > 1){
+ $smarty = get_smarty();
- if(!preg_match("/^\{[^\}]/",$pwd)){
- trigger_error("Can not deactivate user which is using clear password encryption.");
- }else{
+ // Set default variables, normally empty.
+ foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
+ $smarty->assign($attr, "");
+ }
+ $smarty->assign("template", "none");
+ $smarty->assign("templates", $templates);
+ $smarty->assign("edit_uid", "");
+ return($smarty->fetch(get_template_path('template.tpl', TRUE)));
- $locked = false;
- if(preg_match("/^[^\}]*+\}!/",$pwd)){
- $locked = true;
- }
-
- /* Create ldap array to update status */
- $attrs = array("userPassword" => $pwd);
- if($locked){
- $attrs['userPassword'] = preg_replace("/(^[^\}]+\})!(.*$)/","\\1\\2",$attrs['userPassword']);
- }else{
- $attrs['userPassword'] = preg_replace("/(^[^\}]+\})(.*$)/","\\1!\\2",$attrs['userPassword']);
- }
-
- /* Write new status back to ldap */
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($val['dn']);
- $ldap->modify($attrs);
- if (!$ldap->success()){
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $val['dn'], 0, get_class()));
- }
+ // -> See 'templateContinue' for further handling!
}
- }
}
- /********************
- Delete entry Canceled
- ********************/
-
- /* Delete user canceled? */
- if (isset($_POST['delete_cancel'])){
+ /* !\brief This method is called whenever a template selection was displayed.
+ * Here we act on the use selection.
+ * - Does the user want to create a user from template?
+ * - Create user without template?
+ * - Input correct, every value given and valid?
+ */
+ function templateContinue()
+ {
+ // Get the list of available templates.
+ $templates = array();
+ $templates['none']= _("none");
+ $templates = array_merge($templates,$this->get_templates());
+
+ // Input validation, if someone wants to create a user from a template
+ // then validate the given values.
+ $message = array();
+ if(!isset($_POST['template']) || (empty($_POST['template']))){
+ $message[]= msgPool::invalid(_("Template"));
+ }
+ if(!isset($_POST['sn']) || (empty($_POST['sn']))){
+ $message[]= msgPool::required(_("Name"));
+ }
+ if(!isset($_POST['givenName']) || (empty($_POST['givenName']))){
+ $message[]= msgPool::required(_("Given name"));
+ }
- /* Remove lock file after successfull deletion */
- $this->remove_lock();
- $this->dns = array();
- }
+ /********************
+ * 1 We've had input errors - Display errors and show input dialog again.
+ ********************/
+
+ if (count($message) > 0){
+ msg_dialog::displayChecks($message);
+
+ // Preset input fields with user input.
+ $smarty = get_smarty();
+ foreach(array("sn", "givenName", "uid", "template") as $attr){
+ if(isset($_POST[$attr])){
+ $smarty->assign("$attr", set_post(get_post($attr)));
+ }else{
+ $smarty->assign("$attr", "");
+ }
+ }
+ $smarty->assign("templates",$templates);
+ $smarty->assign("got_uid", $this->got_uid);
+ $smarty->assign("edit_uid",false);
+ return($smarty->fetch(get_template_path('template.tpl', TRUE)));
+ }
- /********************
- Edit entry finished (Save)
- ********************/
+ /********************
+ * 2 There was a template selected, now ask for the uid.
+ ********************/
+
+ if ($_POST['template'] != 'none' && !isset($_POST['uid'])){
+
+ // Remember user input.
+ $smarty = get_smarty();
+ $this->sn = get_post('sn');
+ $this->givenName = get_post('givenName');
+
+ // Avoid duplicate entries, check if such a user already exists.
+ $dn= preg_replace("/^[^,]+,/i", "", get_post('template'));
+ $ldap= $this->config->get_ldap_link();
+ $ldap->cd ($dn);
+ $ldap->search ("(&(sn=".normalizeLdap($this->sn).")(givenName=".normalizeLdap($this->givenName)."))", array("givenName"));
+
+ if ($ldap->count () != 0){
+ msg_dialog::displayChecks(array(msgPool::duplicated(_("Name"))));
+ $smarty->assign("edit_uid", "");
+ }else{
+
+ // Preset uid field by using the idGenerator
+ $attributes= array('sn' => $this->sn, 'givenName' => $this->givenName);
+ if ($this->config->get_cfg_value("core","idGenerator") != ""){
+ $genStr = $this->config->get_cfg_value("core","idGenerator");
+ $smarty->assign("edit_uid", "");
+ if(!empty($genStr)){
+ $uids= gen_uids($genStr, $attributes);
+ if (count($uids)){
+ $smarty->assign("edit_uid", "false");
+ $smarty->assign("uids", $uids);
+ $this->uid= current($uids);
+ }else{
+ msg_dialog::displayChecks(array(_("Cannot generate a unique id, please specify it manually!")));
+ }
+ }
+ } else {
+ $smarty->assign("edit_uid", "");
+ $this->uid= "";
+ }
+ $this->got_uid= true;
+ }
- /* Finish user edit is triggered by the tabulator dialog, so
- the user wants to save edited data. Check and save at this
- point. */
- if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->usertab->config))){
+ // Assign user input
+ foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
+ $smarty->assign("$attr", set_post($this->$attr));
+ }
+ if (isset($_POST['template'])){
+ $smarty->assign("template", get_post('template'));
+ }
+ $smarty->assign("templates",$templates);
+ return($smarty->fetch(get_template_path('template.tpl', TRUE)));
+ }
- /* Check tabs, will feed message array */
- $this->usertab->last= $this->usertab->current;
- $this->usertab->save_object();
- $message= $this->usertab->check();
- /* Save, or display error message? */
- if (count($message) == 0){
+ /********************
+ * 3 No template - Ok. Lets fill the data into the user object and skip templating here.
+ ********************/
+ if (get_post('template') == 'none'){
+ foreach(array("sn", "givenName", "uid") as $attr){
+ if (isset($_POST[$attr])){
+ $this->tabObject->by_object['user']->$attr= get_post($attr);
+ }
+ }
- /* No errors. Go ahead and prepare to ask for a password
- in case we're creating a new user. 'dn' will be 'new'
- in this case. It is set to the correct value later. */
- if ($this->dn == "new"){
- $set_pass= 1;
- } else {
- $set_pass= 0;
+ // The user Tab object is already instantiated, so just go back and let the
+ // management class do the rest.
+ return("");
}
- /* Save user data to ldap */
- if($this->usertab->save() == 1){
- return;
- }
- if (!isset($_POST['edit_apply'])){
- /* User has been saved successfully, remove lock from LDAP. */
- if ($this->dn != "new"){
- $this->remove_lock();
- }
+ /********************
+ * 4 Template selected and uid given - Ok, then lets adapt tempalte values.
+ ********************/
+ if(isset($_POST['uid'])){
- /* In case of new users, ask for a password, skip this for templates */
- if (($set_pass || $this->usertab->password_change_needed()) && !$this->is_template){
- $this->dn = $this->usertab->dn;
- return($smarty->fetch(get_template_path('password.tpl', TRUE)));
- }
+ // Move user supplied data to sub plugins
+ foreach(array("uid","sn","givenName") as $attr){
+ $this->$attr = get_post($attr);
+ $this->tabObject->$attr = $this->$attr;
+ $this->tabObject->by_object['user']->$attr = $this->$attr;
+ }
- unset ($this->usertab);
- $this->usertab= NULL;
- session::un_set('objectinfo');
- }else{
-
- /* Reinitialize tab */
- if($this->usertab instanceof tabs){
- $this->usertab->re_init();
- }
+ // Adapt template values.
+ $template_dn = get_post('template');
+ $this->tabObject->adapt_from_template($template_dn, array("uid","cn","givenName","sn"));
+ $template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/i')."/", '', $template_dn);
+ $this->tabObject->by_object['user']->base= $template_base;
+
+ // The user Tab object is already instantiated, so just go back and let the
+ // management class do the rest.
+ return("");
}
- } else {
- /* Ok. There seem to be errors regarding to the tab data,
- show message and continue as usual. */
- msg_dialog::displayChecks($message);
- }
}
+ /* !\brief This method applies a template to a set of users.
+ */
+ function templatizeUsers($action="",$target=array(),$all=array())
+ {
+ $this->dns = array();
+ if(count($target)){
- /********************
- Create a new user,template, user from template
- ********************/
-
- /* Check selected options for template */
- if (isset($_POST['template_continue'])){
- $message = array();
- if(!isset($_POST['template']) || (empty($_POST['template']))){
- $message[]= msgPool::invalid(_("Template"));
- }
- if(!isset($_POST['sn']) || (empty($_POST['sn']))){
- $message[]= msgPool::required(_("Name"));
- }
- if(!isset($_POST['givenName']) || (empty($_POST['givenName']))){
- $message[]= msgPool::required(_("Given name"));
- }
-
- /* Show error message / continue editing */
- if (count($message) > 0){
- msg_dialog::displayChecks($message);
-
- foreach(array("sn", "givenName", "uid", "template") as $attr){
- if(isset($_POST[$attr])){
- $smarty->assign("$attr", $_POST[$attr]);
- }else{
- $smarty->assign("$attr", "");
- }
- }
- $smarty->assign("templates",$this->templates);
- $smarty->assign("got_uid",$this->got_uid);
- $smarty->assign("edit_uid",false);
- return($smarty->fetch(get_template_path('template.tpl', TRUE)));
+ // Get the list of available templates.
+ $templates = $this->get_templates();
- }
- }
+ // Check entry locking
+ foreach($target as $dn){
+ if (($user= get_lock($dn)) != ""){
+ $this->dn = $dn;
+ return(gen_locked_message ($user, $dn));
+ }
+ $this->dns[] = $dn;
+ }
- /* New user/template request */
- if (($s_action=="create_user_from_tpl")||($s_action=="new") || ($s_action=="new_tpl")){
- /* By default we set 'dn' to 'new', all relevant plugins will
- react on this. */
- $this->dn= "new";
-
- $this->got_uid= ($this->config->get_cfg_value("idgen") == "");
-
- /* Create new usertab object */
- $this->usertab= new usertabs($this->config,$this->config->data['TABS']['USERTABS'], $this->dn);
- $this->usertab->by_object['user']->base= $this->DivListUsers->selectedBase;
- $this->usertab->set_acl_base('dummy,'.$this->DivListUsers->selectedBase);
-
- /* Take care about templates */
- if ($s_action=="new_tpl"){
- $this->is_template= TRUE;
- $this->usertab->set_template_mode ();
- } else {
- $this->is_template= FALSE;
- }
-
- /* Use template if there are any of them */
- if ((count($this->templates) && ($s_action!='new_tpl'))||($s_action=="create_user_from_tpl")){
- foreach(array("sn", "givenName", "uid", "got_uid", "templates") as $attr){
- $smarty->assign("$attr", $this->$attr);
- }
- if ($s_action=="create_user_from_tpl"){
- $smarty->assign("template", $this->dn= $this->list[trim($s_entry)]['dn']);
- } else {
- $smarty->assign("template", "none");
+ // Display template
+ $smarty = get_smarty();
+ $smarty->assign("templates", $templates);
+ return($smarty->fetch(get_template_path('templatize.tpl', TRUE)));
}
- $smarty->assign("edit_uid", "");
- return($smarty->fetch(get_template_path('template.tpl', TRUE)));
- }
}
- /********************
- Template selected continue edit
- ********************/
-
- /* Continue template editing */
- if ((isset($_POST['template_continue'])) && ($_POST['template'] != 'none') && (!isset($_POST['uid']))){
-
- $this->sn = $_POST['sn'];
- $this->givenName = $_POST['givenName'];
-
- /* Check for requred values */
- $message= array();
- if ($this->sn == "") {
- $message[]= msgPool::required(_("Name"));
- }
- if ($this->givenName == "") {
- $message[]= msgPool::required(_("Given name"));
- }
-
- /* Check if dn is used */
- $dn= preg_replace("/^[^,]+,/i", "", $_POST['template']);
- $ldap= $this->config->get_ldap_link();
- $ldap->cd ($dn);
- $ldap->search ("(&(sn=".normalizeLdap($this->sn).")(givenName=".normalizeLdap($this->givenName)."))", array("givenName"));
- if ($ldap->count () != 0){
- msgPool::duplicated(_("Name"));
- }
-
- /* Show error message / continue editing */
- if (count($message) > 0){
- msg_dialog::displayChecks($message);
- } else {
- $attributes= array('sn' => $this->sn, 'givenName' => $this->givenName);
- if ($this->config->get_cfg_value("idgen") != ""){
- $uids= gen_uids ($this->config->get_cfg_value("idgen"), $attributes);
- if (count($uids)){
- $smarty->assign("edit_uid", "false");
- $smarty->assign("uids", $uids);
- $this->uid= current($uids);
- }
+
+ /* !\brief This method is called whenever the templatize dialog was used.
+ */
+ function templatizeContinue()
+ {
+ // Template readable?
+ $template= get_post('template');
+ $acl = $this->ui->get_permissions($template, $this->aclCategory."/".$this->aclPlugin);
+ if (preg_match('/r/', $acl)){
+ $tab = $this->tabClass;
+ foreach ($this->dns as $dn){
+
+ // User writeable
+ $acl = $this->ui->get_permissions($dn, $this->aclCategory."/".$this->aclPlugin);
+ if (preg_match('/w/', $acl)){
+ $this->tabObject= new $tab($this->config, $this->config->data['TABS'][$this->tabType], $dn, $this->aclCategory);
+ $this->tabObject->adapt_from_template($template, array("sn", "givenName", "uid"));
+ $this->tabObject->save();
+ } else {
+ msg_dialog::display(_("Permission error"), msgPool::permModify($dn), ERROR_DIALOG);
+ }
+ }
} else {
- $smarty->assign("edit_uid", "");
- $this->uid= "";
+ msg_dialog::display(_("Permission error"), msgPool::permView($template), ERROR_DIALOG);
}
- $this->got_uid= true;
- }
-
- foreach(array("sn", "givenName", "uid", "got_uid", "templates") as $attr){
- $smarty->assign("$attr", $this->$attr);
- }
- if (isset($_POST['template'])){
- $smarty->assign("template", $_POST['template']);
- }
- return($smarty->fetch(get_template_path('template.tpl', TRUE)));
- }
- /********************
- No template selected continue edit
- ********************/
-
- /* No template. Ok. Lets fill data into the normal user dialog */
- if (isset($_POST['template_continue']) && $_POST['template'] == 'none'){
- foreach(array("sn", "givenName", "uid") as $attr){
- if (isset($_POST[$attr])){
- $this->usertab->by_object['user']->$attr= $_POST[$attr];
- }
- }
+ // Cleanup!
+ $this->remove_lock();
+ $this->closeDialogs();
}
- /********************
- Template selected continue edit
- ********************/
-
- /* Finish template preamble */
- if (isset($_POST['template_continue']) && $_POST['template'] != 'none' && (isset($_POST['uid']))){
-
- /* Might not be filled if IDGEN is unset */
- $this->sn = $_POST['sn'];
- $this->givenName = $_POST['givenName'];
-
- /* Move user supplied data to sub plugins */
- $this->uid = $_POST['uid'];
- $this->usertab->uid = $this->uid;
- $this->usertab->sn = $this->sn;
- $this->usertab->givenName = $this->givenName;
- $template_dn = $_POST['template'];
- $this->usertab->adapt_from_template($template_dn);
- $template_base = preg_replace("/^[^,]+,".normalizePreg(get_people_ou())."/", '', $template_dn);
- $this->usertab->by_object['user']->base= $template_base;
- }
-
-
- /********************
- If no template was selected set base
- ********************/
-
- if (isset($_POST['template_continue']) && ($_POST['template'] == 'none')){
- $this->usertab->by_object['user']->base= $this->DivListUsers->selectedBase;
+ /* !\brief Lock/unlock multiple users.
+ */
+ function lockUsers($action,$target,$all)
+ {
+ if(!count($target)) return;
+ if($action == "lockUsers"){
+ $this->lockEntry($action,$target, $all, "lock");
+ }else{
+ $this->lockEntry($action,$target, $all, "unlock");
+ }
}
- /********************
- Display subdialog
- ********************/
-
- /* Show tab dialog if object is present */
- if(isset($this->usertab->config)){
-
- $display= $this->usertab->execute();
+ /* !\brief Locks/unlocks the given user(s).
+ */
+ function lockEntry($action,$entry, $all, $type = "toggle")
+ {
- /* Don't show buttons if tab dialog requests this */
-
- $dia = FALSE;
- if(isset($this->usertab->by_object[$this->usertab->current]->dialog)){
- $dia = $this->usertab->by_object[$this->usertab->current]->dialog;
+ // Filter out entries we are not allowed to modify
+ $disallowed = array();
+ $dns = array();
+ foreach($entry as $dn){
+ if (!preg_match("/w/",$this->ui->get_permissions($dn,"users/password"))){
+ $disallowed[] = $dn;
+ }else{
+ $allowed[] = $dn;
+ }
+ }
+ if(count($disallowed)){
+ msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
}
- if(!is_object($dia) && $dia != TRUE){
- $display.= "<p style=\"text-align:right\">\n";
- $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\"".msgPool::okButton()."\">\n";
- $display.= " \n";
- if ($this->dn != "new"){
- $display.= "<input type=submit name=\"edit_apply\" value=\"".msgPool::applyButton()."\">\n";
- $display.= " \n";
- }
- $display.= "<input type=submit name=\"edit_cancel\" value=\"".msgPool::cancelButton()."\">\n";
- $display.= "</p>";
+ // Try to lock/unlock the rest of the entries.
+ $ldap = $this->config->get_ldap_link();
+ foreach($allowed as $dn){
+ $ldap->cat($dn, array('userPassword'));
+ if($ldap->count() == 1){
+
+ // We can't lock empty passwords.
+ $val = $ldap->fetch();
+ if(!isset($val['userPassword'])){
+ continue;
+ }
+
+ // Detect the password method and try to lock/unlock.
+ $pwd = $val['userPassword'][0];
+ $method = passwordMethod::get_method($pwd,$val['dn']);
+ $success= true;
+ if($method instanceOf passwordMethod){
+ if($type == "toggle"){
+ if($method->is_locked($this->config,$val['dn'])){
+ $success= $method->unlock_account($this->config,$val['dn']);
+ }else{
+ $success= $method->lock_account($this->config,$val['dn']);
+ }
+ }elseif($type == "lock" && !$method->is_locked($this->config,$val['dn'])){
+ $success= $method->lock_account($this->config,$val['dn']);
+ }elseif($type == "unlock" && $method->is_locked($this->config,$val['dn'])){
+ $success= $method->unlock_account($this->config,$val['dn']);
+ }
+
+ // Check if everything went fine.
+ if (!$success){
+ $hn= $method->get_hash_name();
+ if (is_array($hn)){
+ $hn= $hn[0];
+ }
+ msg_dialog::display(_("Account locking"),
+ sprintf(_("Password method '%s' does not support locking. Account (%s) has not been locked!"),
+ $hn,$dn),WARNING_DIALOG);
+ }
+ }else{
+ // Can't lock unknown methods.
+ }
+ }
}
- return ($display);
- }
-
- /* Check if there is a snapshot dialog open */
- $base = $this->DivListUsers->selectedBase;
- if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases(),$this)){
- return($str);
- }
-
- /* Return rendered main page */
- /* Display dialog with system list */
- $this->DivListUsers->parent = $this;
- $this->DivListUsers->execute();
-
- /* Add departments if subsearch is disabled */
- if(!$this->DivListUsers->SubSearch){
- $this->DivListUsers->AddDepartments($this->DivListUsers->selectedBase,4,1);
- }
- $this->reload();
- $this->DivListUsers->setEntries($this->list);
- return($this->DivListUsers->Draw());
- }
-
-
- /* Return departments, that will be included within snapshot detection */
- function get_used_snapshot_bases()
- {
- return(array(get_people_ou().$this->DivListUsers->selectedBase));
- }
-
-
- function reload()
- {
- /* Set base for all searches */
- $base= $this->DivListUsers->selectedBase;
- $this->list =array();
-
- /* Get filter configuration */
- $Regex = $this->DivListUsers->Regex;
- $SubSearch = $this->DivListUsers->SubSearch;
- $ShowTemplates = $this->DivListUsers->ShowTemplates;
- $ShowFunctionalUsers = $this->DivListUsers->ShowFunctionalUsers;
- $ShowUnixUsers = $this->DivListUsers->ShowUnixUsers;
- $ShowMailUsers = $this->DivListUsers->ShowMailUsers;
- $ShowSambaUsers = $this->DivListUsers->ShowSambaUsers;
- $ShowProxyUsers = $this->DivListUsers->ShowProxyUsers;
-
- /* Setup filter depending on selection */
- $filter="";
- if ($this->config->get_cfg_value("sambaversion") == 3){
- $samba= "sambaSamAccount";
- } else {
- $samba= "sambaAccount";
}
- if ($ShowFunctionalUsers){
- $filter.= "(&(objectClass=gosaAccount)(!(|(objectClass=posixAccount)".
- "(objectClass=gosaMailAccount)(objectClass=$samba)".
- "(objectClass=gosaProxyAccount))))";
- }
- if ($ShowUnixUsers){
- $filter.= "(objectClass=posixAccount)";
- }
- if ($ShowMailUsers){
- $filter.= "(objectClass=gosaMailAccount)";
- }
- if ($ShowSambaUsers){
- $filter.= "(objectClass=$samba)";
- }
- if ($ShowProxyUsers){
- $filter.= "(objectClass=gosaProxyAccount)";
- }
- if ($ShowTemplates){
- $filter= "(|(objectClass=gosaUserTemplate)(&(objectClass=gosaAccount)(|$filter)))";
- } else {
- $filter= "(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|$filter))";
- }
- $filter= "(&(|(uid=".normalizeLdap($Regex).")(sn=".normalizeLdap($Regex).")(givenName=".normalizeLdap($Regex)."))$filter)";
-
- /* Generate userlist */
- $ldap= $this->config->get_ldap_link(TRUE);
-
- if ($SubSearch){
- $ListTemp = get_sub_list($filter, "users", get_people_ou(),$base,
- array("uid", "givenName", "sn", "objectClass","userPassword"), GL_SUBSEARCH | GL_SIZELIMIT);
- } else {
- $base= get_people_ou().$base;
- $ListTemp = get_sub_list($filter, "users", get_people_ou(),$base,
- array("uid", "givenName", "sn", "objectClass","userPassword"), GL_SIZELIMIT);
- }
- $SortTemp = array();
- $List = array();
- foreach($ListTemp as $Key => $Entry){
-
- /* Skip entries that are not located under the people ou (normaly 'ou=people,')
- * Else winstations will be listed too, if you use the subtree flag.
- */
- if(!preg_match("/".normalizePreg(get_people_ou())."/i",$Entry['dn'])){
- continue;
- }else{
-
- // Generate caption for rows
- if (isset($Entry["sn"]) && isset($Entry["givenName"])){
- $display= $Entry["sn"][0].", ".$Entry["givenName"][0]." [".$Entry["uid"][0]."]";
- } else {
- $display= "[".$Entry["uid"][0]."]";
- }
- $display = strtolower($display);
- $List[$display] = $Entry;
- $SortTemp[$display] = $display;
- }
+ /* !\brief This method returns a list of all available templates.
+ */
+ function get_templates()
+ {
+ $templates= array();
+ $ldap= $this->config->get_ldap_link();
+ foreach ($this->config->departments as $key => $value){
+ $acl = $this->ui->get_permissions($value,$this->aclCategory."/".$this->aclPlugin);
+ if (preg_match("/c/",$acl)){
+
+ // Search all templates from the current dn.
+ $ldap->cd (get_people_ou().$value);
+ $ldap->search ("(objectClass=gosaUserTemplate)", array("uid"));
+ if ($ldap->count() != 0){
+ while ($attrs= $ldap->fetch()){
+ $templates[$ldap->getDN()]= $attrs['uid'][0]." - ".LDAP::fix($key);
+ }
+ }
+ }
+ }
+ natcasesort ($templates);
+ reset ($templates);
+ return($templates);
}
- natcasesort($SortTemp);
- reset($SortTemp);
- $this->list = array();
- foreach($SortTemp as $Key){
- $this->list[] = $List[$Key];
- }
- }
+ function copyPasteHandler($action="",$target=array(),$all=array(),
+ $altTabClass ="", $altTabType = "", $altAclCategory="",$altAclPlugin="")
+ {
+ if ($this->config->boolValueIsTrue("core", "copyPaste")){
+ $this->cpHandler->lastdn = "";
+ $str = management::copyPasteHandler($action,$target,$all);
+ if($this->cpHandler->lastdn != "" && isset($_POST['passwordTodo']) && $_POST['passwordTodo'] == "new"){
+ $this->pwd_change_queue[] = $this->cpHandler->lastdn;
+ return($this->handlePasswordQueue());
+ }
+ return($str);
+ }
- function remove_lock()
- {
- /* Remove user lock if a DN is marked as "currently edited" */
- if (isset($this->usertab->dn)){
- del_lock ($this->usertab->dn);
+ return "";
}
- if(isset($this->dn) && !empty($this->dn) && $this->dn != "new"){
- del_lock($this->dn);
- }
- if(isset($this->dns) && is_array($this->dns) && count($this->dns)){
- del_lock($this->dns);
- }
- }
- function copyPasteHandling_from_queue($s_action,$s_entry)
- {
- /* Check if Copy & Paste is disabled */
- if(!is_object($this->CopyPasteHandler)){
- return("");
- }
-
- $ui = get_userinfo();
-
- /* Add a single entry to queue */
- if($s_action == "cut" || $s_action == "copy"){
-
- /* Cleanup object queue */
- $this->CopyPasteHandler->cleanup_queue();
- $dn = $this->list[$s_entry]['dn'];
- if($s_action == "copy" && $ui->is_copyable($dn,"users","user")){
- $this->CopyPasteHandler->add_to_queue($dn,$s_action,"usertabs","USERTABS","users");
- }
- if($s_action == "cut" && $ui->is_cutable($dn,"users","user")){
- $this->CopyPasteHandler->add_to_queue($dn,$s_action,"usertabs","USERTABS","users");
- }
+ static function filterLockImage($userPassword)
+ {
+ $image= "images/empty.png";
+ if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
+ if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
+ $image= "images/lists/locked.png";
+ }else{
+ $image= "images/lists/unlocked.png";
+ }
+ }
+ return $image;
}
- /* Add entries to queue */
- if($s_action == "copy_multiple" || $s_action == "cut_multiple"){
- /* Cleanup object queue */
- $this->CopyPasteHandler->cleanup_queue();
-
- /* Add new entries to CP queue */
- foreach($this->list_get_selected_items() as $id){
- $dn = $this->list[$id]['dn'];
-
- if($s_action == "copy_multiple" && $ui->is_copyable($dn,"users","user")){
- $this->CopyPasteHandler->add_to_queue($dn,"copy","usertabs","USERTABS","users");
- }
- if($s_action == "cut_multiple" && $ui->is_cutable($dn,"users","user")){
- $this->CopyPasteHandler->add_to_queue($dn,"cut","usertabs","USERTABS","users");
+ static function filterLockLabel($userPassword)
+ {
+ $label= "";
+ if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
+ if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
+ $label= _("Unlock account")."<rowClass:entry-locked/><rowLabel:locked/>";
+ }else{
+ $label= _("Lock account");
+ }
}
- }
- }
-
- /* Start pasting entries */
- if($s_action == "editPaste"){
- $this->start_pasting_copied_objects = TRUE;
- }
-
- /* Return C&P dialog */
- if($this->start_pasting_copied_objects && $this->CopyPasteHandler->entries_queued()){
-
- /* Get dialog */
- $this->CopyPasteHandler->SetVar("base",$this->DivListUsers->selectedBase);
- $data = $this->CopyPasteHandler->execute();
-
- /* Set CPPasswordChange to s_entry which indicates that this entry requires a new password. */
- if(isset($_POST['passwordTodo']) && ($_POST['passwordTodo'] == "new")){
- $s_entry = $this->CopyPasteHandler->last_entry();
- $this->reload();
- foreach($this->list as $key => $entry){
- if($entry['dn'] == $s_entry){
- $this->CPPasswordChange = $key;
- }
+ return $label;
+ }
+
+
+ static function filterProperties($row, $classes)
+ {
+ $result= "";
+ $map= array( "gosaAccount" => array( "image" => "plugins/users/images/select_user.png",
+ "plugin" => "user",
+ "alt" => _("Generic"),
+ "title" => _("Edit generic properties")),
+ "posixAccount" => array("image" => "images/penguin.png",
+ "plugin" => "posixAccount",
+ "alt" => _("POSIX"),
+ "title" => _("Edit POSIX properties")),
+ "gosaMailAccount" => array("image" => "images/mailto.png",
+ "alt" => _("Mail"),
+ "plugin" => "mailAccount",
+ "title" => _("Edit mail properties")),
+ "sambaSamAccount" => array("image" => "plugins/systems/images/select_winstation.png",
+ "plugin" => "sambaAccount",
+ "alt" => _("Samba"),
+ "title" => _("Edit samba properties")),
+ "apple-user" => array("image" => "plugins/netatalk/images/select_netatalk.png",
+ "plugin" => "netatalk",
+ "alt" => _("Netatalk"),
+ "title" => _("Edit Netatalk properties")),
+ "gotoEnvironment" => array("image" => "plugins/users/images/small_environment.png",
+ "plugin" => "environment",
+ "alt" => _("Environment"),
+ "title" => _("Edit environment properties")),
+ "goFaxAccount" => array("image" => "plugins/users/images/fax_small.png",
+ "plugin" => "gofaxAccount",
+ "alt" => _("FAX"),
+ "title" => _("Edit FAX properties")),
+ "goFonAccount" => array("image" => "plugins/gofon/images/select_phone.png",
+ "plugin" => "phoneAccount",
+ "alt" => _("Phone"),
+ "title" => _("Edit phone properties")));
+
+ // Walk thru map
+ foreach ($map as $oc => $properties) {
+ if (in_array_ics($oc, $classes)) {
+ $result.= image($properties['image'], "listing_edit_".$properties['plugin']."_$row", $properties['title']);
+ } else {
+ $result.= image('images/empty.png');
+ }
}
- }
-
- /* Return dialog data */
- if(!empty($data) && $this->CPPasswordChange == ""){
- return($data);
- }
- }
-
- /* Automatically disable status for pasting */
- if(!$this->CopyPasteHandler->entries_queued()){
- $this->start_pasting_copied_objects = FALSE;
+ return $result;
}
- return("");
- }
-
- function save_object()
- {
- /* Handle divlist filter && department selection*/
- if(!is_object($this->usertab)){
- $this->DivListUsers->save_object();
- }
- if(is_object($this->CopyPasteHandler)){
- $this->CopyPasteHandler->save_object();
- }
- }
-
-
- function list_get_selected_items()
- {
- $ids = array();
- foreach($_POST as $name => $value){
- if(preg_match("/^item_selected_[0-9]*$/",$name)){
- $id = preg_replace("/^item_selected_/","",$name);
- $ids[$id] = $id;
- }
- }
- return($ids);
- }
-
-
- /* A set of disabled and therefore overloaded functions. They are
- not needed in this class. */
- function remove_from_parent() { }
- function check() { }
- function save() { }
- function adapt_from_template($dn, $skip= array()) { }
- function password_change_needed() { }
-
-} /* ... class userManagement */
+}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>