![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/admin/groups/class_groupGeneric.inc b/plugins/admin/groups/class_groupGeneric.inc
index 5d32a551b7f14ccb78b1fe012eb926907bac5774..8858285e8947b7618882d8f19a783f514c52f905 100644 (file)
<?php
+
class group extends plugin
{
/* CLI vars */
var $members= array();
var $users= array();
var $allusers= array();
- var $department= "";
var $saved_gidNumber= "";
var $oldgroupType= "";
var $orig_dn= "";
var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
var $objectclasses= array("top", "posixGroup");
+ var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
+
function group ($config, $dn= NULL)
{
plugin::plugin ($config, $dn);
$this->base= dn2base($ui->dn);
}
} else {
- $this->base= preg_replace ("/^[^,]+,[^,]+,/", "", $this->dn);
+
+ /* Get object base */
+ $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
}
/* This is always an account */
/* Call parent execute */
plugin::execute();
- $ui= get_userinfo();
- $acla= get_permissions ($ui->dn, $ui->subtreeACL);
- $this->acl= get_module_permission($acla, "group", $ui->dn);
/* Do we represent a valid group? */
if (!$this->is_account && $this->parent == NULL){
$display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
/* Base select dialog */
$once = true;
foreach($_POST as $name => $value){
- if(preg_match("/^chooseBase/",$name) && $once){
+ if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
+
$once = false;
- $this->dialog = new baseSelectDialog($this->config);
+ $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
$this->dialog->setCurrentBase($this->base);
}
}
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* Check if selected base is valid */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
$this->dialog= false;
}else{
return($this->dialog->execute());
$smarty->assign("search_image", get_template_path('images/search.png'));
$smarty->assign("launchimage", get_template_path('images/small_filter.png'));
$smarty->assign("tree_image", get_template_path('images/tree.png'));
- $smarty->assign("deplist", $this->config->idepartments);
+
+ $smarty->assign("deplist", $this->get_allowed_bases("users/user"));
$smarty->assign("alphabet", generate_alphabet());
foreach( array("dselect", "regex","SubSearchGroup") as $type){
$smarty->assign("$type", $gufilter[$type]);
return ($display);
}
- /* Bases / Departments */
- if (isset($_POST['base'])){
- $this->base= $_POST['base'];
- }
-
- $smarty->assign("bases", $this->config->idepartments);
+ $smarty->assign("bases", $this->get_allowed_bases());
$smarty->assign("base_select", $this->base);
- $smarty->assign("department", $this->department);
if ($this->samba3){
$domains= array();
}else{
$smarty->assign("forceMode", "");
}
- $smarty->assign("force_gidACL", chkacl($this->acl, "gidNumber"));
- $smarty->assign("sambaDomainNameACL", chkacl($this->acl, "sambaDomainName"));
if ($this->fon_group){
$smarty->assign("fon_group", "checked");
} else {
$smarty->assign("fon_group", "");
}
- $smarty->assign("fon_groupACL", chkacl($this->acl, "fon_group"));
if ($this->nagios_group){
$smarty->assign("nagios_group", "checked");
} else {
$smarty->assign("nagios_group", "");
}
- $smarty->assign("nagios_groupACL", chkacl($this->acl, "nagios_group"));
/* Fields */
foreach (array("cn", "description", "gidNumber") as $val){
$smarty->assign("$val", $this->$val);
- $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
}
- /* Missing ACL's */
- foreach (array("base", "smbgroup", "members") as $val){
- $smarty->assign("$val"."ACL", chkacl($this->acl, "$val"));
+ $tmp = $this->plInfo();
+ foreach($tmp['plProvidedAcls'] as $name => $translation){
+ $smarty->assign($name."ACL",$this->getacl($name));
+ }
+
+ if($this->acl_is_writeable("base")){
+ $smarty->assign("baseSelect",true);
+ }else{
+ $smarty->assign("baseSelect",false);
}
/* Show main page */
}
}
if(!empty($filter)){
+ $ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("uid","sn","givenName"));
while($attrs = $ldap->fetch()){
$this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
/* Search in current tree or within subtrees depending on the checkbox from filter section */
if($gufilter['SubSearchGroup']){
- $ldap->search($filter, array("uid", "sn","givenName"));
+ $flag = GL_SIZELIMIT | GL_SUBSEARCH;
+ $base = $gufilter['dselect'];
}else{
- $ldap->ls ($filter, get_people_ou().$gufilter['dselect'],array("uid", "sn", "givenName"));
+ $flag = GL_SIZELIMIT ;
+ $base = get_people_ou().$gufilter['dselect'];
}
$i = 0;
-
+
+
+ $res = get_list($filter,"users",$base,array("uid", "sn", "givenName"),$flag);
+
/* Fetch all users and skip already used users */
- while($attrs = $ldap->fetch()){
+ foreach($res as $attrs){
if(in_array($attrs['uid'][0], $this->memberUid)) {
continue;
}
$ldap= $this->config->get_ldap_link();
$ldap->rmdir($this->dn);
- show_ldap_error($ldap->get_error());
+ show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn));
/* Delete references to object groups */
$ldap->cd ($this->config->current['BASE']);
/* Save additional values for possible next step */
if (isset($_POST['groupedit'])){
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
+ $this->base = $base_tmp;
$this->force_gid= 0;
- $this->smbgroup= 0;
- foreach (array("force_gid", "department", "base", "smbgroup") as $val) {
- if (chkacl ($this->acl, "$val") == "" && isset($_POST["$val"])){
+
+ /* Only reset sambagroup flag if we are able to write this flag */
+ if($this->acl_is_writeable("sambaGroupType")){
+ $this->smbgroup = 0;
+ }
+
+ /* Get base selection */
+ if(isset($_POST['base'])){
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$_POST['base']])){
+ $this->base = $_POST['base'];
+ }
+ }
+
+ foreach (array(
+ "force_gid" => "gidNumber",
+ "smbgroup" => "sambaGroupType") as $val => $aclname) {
+ if ($this->acl_is_writeable($aclname) && isset($_POST["$val"])){
$this->$val= $_POST["$val"];
}
}
/* Save sambaDomain attribute */
- if (chkacl ($this->acl, "sambaDomainName") == "" && $this->samba3 &&
- isset ($_POST['sambaDomainName'])){
-
+ if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){
$this->sambaDomainName= $_POST['sambaDomainName'];
$this->groupType= $_POST['groupType'];
}
/* Save fon attribute */
- if (chkacl ($this->acl, "fon_group") == ""){
+ if ($this->acl_is_writeable("fon_group")){
if (isset ($_POST['fon_group'])){
$this->fon_group= TRUE;
} else {
$this->fon_group= FALSE;
}
}
- if (chkacl ($this->acl, "nagios_group") == ""){
+ if ($this->acl_is_writeable("nagios_group")){
if (isset ($_POST['nagios_group'])){
$this->nagios_group= TRUE;
} else {
$ldap->$mode($this->attrs);
$ret= 0;
- if (show_ldap_error($ldap->get_error())){
+ if ( show_ldap_error($ldap->get_error(), sprintf(_("Removing of groups/generic with dn '%s' failed."),$this->dn))){
$ret= 1;
}
$new_dn= $this->dn;
}
- $ui= get_userinfo();
- $acl= get_permissions ($ui->dn, $ui->subtreeACL);
- $acl= get_module_permission($acl, "group", $ui->dn);
- if (chkacl($this->acl, "create") != ""){
- $message[]= _("You have no permissions to create a group on this 'Base'.");
- }
-
/* must: cn */
- if ($this->cn == "" && chkacl ($this->acl, "cn") == ""){
+ if ($this->cn == "" && $this->acl_is_writeable("cn")){
$message[]= "The required field 'Name' is not set.";
}
$message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
}
-
if($this->allowGroupsWithSameNameInOtherSubtrees == true){
/* Check for used 'cn' */
}
/* Find out next free id near to UID_BASE */
- for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
+ for ($id= $this->config->current['UIDBASE']; $id++; $id < pow(2,32)){
if (!in_array($id, $ids)){
return ($id);
}
}
- /* Should not happen */
- if ($id == 65000){
+ /* Check if id reached maximum */
+ if ($id >= pow(2,32)){
print_red(_("Too many users, can't allocate a free ID!"));
exit;
}
$this->gidNumber = false;
}
}
+
+
+ /* Return plugin informations for acl handling */
+ function plInfo()
+ {
+ return (array(
+ "plShortName" => _("Generic"),
+ "plDescription" => _("Generic group settings"),
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("admin"),
+ "plCategory" => array("groups" => array("objectClass" => "posixGroup", "description" => _("Groups"))),
+
+ "plProvidedAcls" => array(
+ "cn" => _("Name"),
+ "base" => _("Base"),
+ "description" => _("Description"),
+
+ "fonGroup" => _("Phone pickup group"),
+ "nagiosGroup" => _("Nagios group"),
+
+ "gidNumber" => _("GID"),
+ "memberUid" => _("Group member"),
+ "sambaGroupType" => _("Samba group type"),
+ "sambaDomainName" => _("Samba domain name"),
+ "sambaSID" => _("Samba SID"))
+ ));
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: