![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/admin/groups/class_groupGeneric.inc b/plugins/admin/groups/class_groupGeneric.inc
index 4e235a6c8e0a9a6fecdf5e2a93d7171cfd702a7f..8c973636c0cdb3ec00a65c7c7308cdb87f0e391c 100644 (file)
<?php
+
class group extends plugin
{
- /* CLI vars */
- var $cli_summary= "Handling of GOsa's base group object";
- var $cli_description= "Some longer text\nfor help";
- var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
-
/* Group attributes */
var $cn= "";
var $description= "";
var $ridBase= 0;
var $members= array();
var $users= array();
+ var $member= array();
var $allusers= array();
var $department= "";
var $saved_gidNumber= "";
+ var $savedSID= "";
var $oldgroupType= "";
var $orig_dn= "";
+ var $orig_cn= "";
var $has_mailAccount= FALSE;
var $group_dialog= FALSE;
var $nagios_group =FALSE;
var $sambaGroupType;
var $dialog;
+ var $rfc2307bis= FALSE;
var $OnlyShowFirstEntries =200;
+ var $dnMapping= array();
+
+ var $allowGroupsWithSameNameInOtherSubtrees = true;
+
+ var $CopyPasteVars = array("force_gid","fon_group","smbgroup","groupType","sambaSID","sambaDomainName","SID","nagios_group","sambaGroupType");
/* attribute list for save action */
var $attributes= array("cn", "description", "gidNumber","memberUid","sambaGroupType","sambaSID");
var $objectclasses= array("top", "posixGroup");
- function group ($config, $dn= NULL)
+ function group ($config, $dn= NULL, $parent= NULL)
{
- plugin::plugin ($config, $dn);
+ /* Set rfc2307bis flag */
+ if (isset($config->current['RFC2307BIS']) && ($config->current['RFC2307BIS']== "true")){
+ $this->rfc2307bis= TRUE;
+ $this->attributes[]= "member";
+ $this->objectclasses[]= "groupOfNames";
+ }
+
+ plugin::plugin ($config, $dn, $parent);
/* Load attributes depending on the samba version */
$this->samba3= ($config->current['SAMBAVERSION'] == 3);
$this->orig_dn= $dn;
+ $this->orig_cn= $this->cn;
/* Get member list */
if (isset($this->attrs['memberUid'][0])){
/* Get samba Domain in case of samba 3 */
if ($this->samba3 && $this->sambaSID != ""){
$this->SID= preg_replace ("/-[^-]+$/", "", $this->sambaSID);
+ $this->savedSID= $this->SID;
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search ("(&(objectClass=sambaDomain)(sambaSID=$this->SID))",array("sambaAlgorithmicRidBase"));
$gufilter= get_global('gufilter');
$gufilter['SubSearchGroup'] = false;
-
+ $gufilter['dselect'] = $_SESSION['gufilter']['dselect'];
+
register_global('gufilter',$gufilter);
- /* Bases / Departments */
-
- if(isset($_SESSION['groupfilter']['depselect'])){
- $this->base = $_SESSION['groupfilter']['depselect'];
- }else{
- if ($this->dn == "new"){
+ if ($this->dn == "new"){
+ if(isset($_SESSION['CurrentMainBase'])){
+ $this->base= $_SESSION['CurrentMainBase'];
+ }else{
$ui= get_userinfo();
$this->base= dn2base($ui->dn);
- } else {
- $this->base= preg_replace ("/^[^,]+,[^,]+,/", "", $this->dn);
}
+ } else {
+
+ /* Get object base */
+ $this->base =preg_replace ("/^[^,]+,".normalizePreg(get_groups_ou())."/","",$this->dn);
}
-
/* This is always an account */
$this->is_account= TRUE;
}
/* Delete user from group */
- if (isset($_POST['del_users']) && isset($_POST['members'])){
+ if (isset($_POST['del_users']) && isset($_POST['members']) && chkacl($this->acl,"memberUid") ==""){
foreach ($_POST['members'] as $value){
unset ($this->members["$value"]);
$this->removeUser($value);
}
/* Add objects? */
- if (isset($_POST["edit_membership"])){
+ if (isset($_POST["edit_membership"]) && chkacl($this->acl,"memberUid") ==""){
$this->group_dialog= TRUE;
$this->dialog= TRUE;
}
}
$gufilter['regex']= $s;
}
- $regex= preg_replace('/[*]/', ".*", $gufilter['regex']);
register_global("gufilter", $gufilter);
$this->reload();
$smarty->assign("$type", $gufilter[$type]);
}
$smarty->assign("hint", print_sizelimit_warning());
-
- $users= array();
- foreach ($this->allusers as $key => $value){
- if (!array_key_exists($key, $this->members)){
- if (preg_match("/^$regex/i", $key)){
- $users[$key]= $value;
- }
- }
- }
- $smarty->assign("users", $users);
+ $smarty->assign("users", $this->displayUsers);
$smarty->assign("apply", apply_filter());
$display= $smarty->fetch (get_template_path('group_objects.tpl', TRUE, dirname(__FILE__)));
return ($display);
/* Reload data */
function reload()
{
- /* Generate userlists */
- $this->last_sorting= "invalid";
- $this->users= array();
+ /* Fix regex string */
+ $gufilter = get_global("gufilter");
+ $regex = normalizeLdap($gufilter['regex']);
+ $MaxUser = $this->OnlyShowFirstEntries;
+
+ /* Prepare ldap link */
$ldap= $this->config->get_ldap_link();
+ $ldap->cd($gufilter['dselect']);
- $MaxUser = $this->OnlyShowFirstEntries;
- $gufilter= get_global("gufilter");
- $ldap->cd ($this->config->current['BASE']);
+ /* Resolve still unresolved memberuids to fill the list with sn/giveName attributes
+ (Store gathered sn/givenName informations in $this->allusers too,
+ to be prepared when adding/deleting users)
+ */
+ $filter = "";
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $filter .= "(uid=".normalizeLdap($value).")";
+ }
+ }
+ if(!empty($filter)){
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(|".$filter."))",array("dn", "uid","sn","givenName"));
+ while($attrs = $ldap->fetch()){
+ $this->dnMapping[$attrs['uid'][0]] = $attrs['dn'];
+ $this->members[$attrs['uid'][0]] = $this->createResultName($attrs);
+ $this->allusers[$attrs['uid'][0]]= $this->createResultName($attrs);
+ }
+ }
+
+ /* check if all uids are resolved */
+ foreach ($this->memberUid as $value){
+ if(!isset($this->members[$value])){
+ $this->members[$value] = _("! unknown id")." [".$value."]";
+ }
+ }
+
+ /* Create display list of users matching regex & filter
+ */
+ $this->displayUsers = array();
+
+ /* Set tag attribute if we've tagging activated */
+ $tag= "";
+ $ui= get_userinfo();
+ if ($ui->gosaUnitTag != "" && isset($this->config->current['STRICT_UNITS']) &&
+ preg_match('/TRUE/i', $this->config->current['STRICT_UNITS'])){
+ $tag= "(gosaUnitTag=".$ui->gosaUnitTag.")";
+ }
+
+ $filter = "(&(objectClass=gosaAccount)$tag(!(objectClass=gosaUserTemplate))(!(uid=*$))(|(uid=".$regex.")(sn=".$regex.")(givenName=".$regex.")))";
+
+ /* Search in current tree or within subtrees depending on the checkbox from filter section */
if($gufilter['SubSearchGroup']){
- $ldap->cd ($gufilter['dselect']);
- $ldap->search("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))",array("uid", "sn","givenName"));
+ $ldap->search($filter, array("dn", "uid", "sn","givenName"));
}else{
- $ldap->cd (get_people_ou().$gufilter['dselect']);
- $ldap->ls ("(&(objectClass=gosaAccount)(!(objectClass=gosaUserTemplate))(!(uid=*$)))",get_people_ou().$gufilter['dselect'],array("uid", "sn", "givenName"));
+ $ldap->ls ($filter, get_people_ou().$gufilter['dselect'],array("dn", "uid", "sn", "givenName"));
}
- $this->allusers= array();
+ $i = 0;
- $i = 0 ;
- while (($attrs= $ldap->fetch()) && ($i < $MaxUser)){
+ /* Fetch all users and skip already used users */
+ while($attrs = $ldap->fetch()){
+ if(in_array($attrs['uid'][0], $this->memberUid)) {
+ continue;
+ }
$i ++;
- if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
- $this->allusers[$attrs["uid"][0]]= $attrs["sn"][0].", ".
- $attrs["givenName"][0]." [".$attrs["uid"][0]."]";
- } else {
- $this->allusers[$attrs["uid"][0]]= $attrs['uid'][0];
+ if($i > $MaxUser) {
+ break;
}
+ $this->dnMapping[$attrs['uid'][0]]= $attrs["dn"];
+ $this->allusers[$attrs['uid'][0]] = $this->createResultName($attrs);
+ $this->displayUsers[$attrs['uid'][0]] = $this->createResultName($attrs);
}
+ /* If more than max users are found, display a message to warn the user */
if(($i == $MaxUser)){
print_red(sprintf(_("Your search method returned more than '%s' users, only '%s' users are shown.") , $MaxUser,$MaxUser));
}
- natcasesort ($this->allusers);
- reset ($this->allusers);
-
- /* Fill memberlist */
- $this->members= array();
- foreach ($this->memberUid as $value){
- if (isset($this->allusers[$value])){
- $this->members[$value]= $this->allusers[$value];
- } else {
- $ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAccount)(uid=".$value."))",array("uid", "sn","givenName"));
- $attrs = $ldap->fetch();
-
- if(!$attrs){
- $this->members[$value] = _("! unknown id")." [".$value."]";
- }else{
-
- if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
- $this->allusers[$attrs["uid"][0]]= $attrs["sn"][0].", ".
- $attrs["givenName"][0]." [".$attrs["uid"][0]."]";
- } else {
- $this->allusers[$attrs["uid"][0]]= $attrs['uid'][0];
- }
- if (isset($this->allusers[$value])){
- $this->members[$value]= $this->allusers[$value];
- } else {
- $this->members[$value] = "[".$value."]";
- }
- }
- }
- }
- asort($this->members);
+ /* Sort lists */
+ natcasesort($this->members);
reset($this->members);
+ natcasesort ($this->displayUsers);
+ reset ($this->displayUsers);
}
+ /* Create display name, this was used so often that it is excluded into a seperate function */
+ function createResultName($attrs)
+ {
+ if (isset($attrs["givenName"][0]) && isset($attrs["sn"][0])){
+ $ret = $attrs["sn"][0].", ".$attrs["givenName"][0]." [".$attrs["uid"][0]."]";
+ } else {
+ $ret= $attrs['uid'][0];
+ }
+ return($ret);
+ }
+
function remove_from_parent()
{
$ldap= $this->config->get_ldap_link();
$ldap->rmdir($this->dn);
- show_ldap_error($ldap->get_error());
+ show_ldap_error($ldap->get_error(), _("Removing group failed"));
/* Delete references to object groups */
$ldap->cd ($this->config->current['BASE']);
- $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
+ $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
while ($ldap->fetch()){
$og= new ogroup($this->config, $ldap->getDN());
unset($og->member[$this->dn]);
/* Save additional values for possible next step */
if (isset($_POST['groupedit'])){
-
plugin::save_object();
$this->force_gid= 0;
/* Save to LDAP */
function save()
{
+
/* ID handling */
if ($this->force_gid == 0){
if ($this->saved_gidNumber != ""){
}
}
add_lock ("uidnumber", "gosa");
- $this->gidNumber= $this->get_next_id("gidNumber");
+ $this->gidNumber= $this->get_next_id("gidNumber", $this->dn);
}
}
-
+
plugin::save();
/* Remove objectClass for samba/phone support */
/* Check if we need to create a special entry */
if ($this->groupType == 0){
- if ($this->sambaSID == "" || $this->oldgroupType != $this->groupType){
+ if ($this->sambaSID == "" || $this->SID != $this->savedSID || $this->oldgroupType != $this->groupType ){
$gidNumber= $this->gidNumber;
while(TRUE){
$sid= $this->SID."-".($gidNumber*2 + $this->ridBase+1);
/* Add nagios functionality */
if ($this->nagios_group){
- $this->attrs['objectClass'][]= "nagiosContactGroup";
+ $this->attrs['objectClass'][]= "nagiosContactGroup";
}
/* Take members array */
$this->dn= 'cn='.$this->cn.','.get_groups_ou().$this->base;
}
+ /* Add member dn's for RFC2307bis Support */
+ if ($this->rfc2307bis){
+ if (count($this->memberUid)){
+ $this->attrs['member'] = array();
+ foreach($this->attrs['memberUid'] as $uid) {
+ $this->attrs['member'][]= $this->dnMapping[$uid];
+ }
+ } else {
+ $this->attrs['member'][]= $this->dn;
+ }
+ }
+
/* Save data. Using 'modify' implies that the entry is already present, use 'add' for
new entries. So do a check first... */
- $ldap->cat ($this->dn);
+ $ldap->cat ($this->dn, array('dn'));
if ($ldap->fetch()){
/* Modify needs array() to remove values :-( */
if (!count ($this->memberUid)){
$ldap->$mode($this->attrs);
$ret= 0;
- if (show_ldap_error($ldap->get_error())){
+ if (show_ldap_error($ldap->get_error(), _("Saving group failed"))){
$ret= 1;
}
function check()
{
- $message= array();
+ /* Call common method to give check the hook */
+ $message= plugin::check();
/* Permissions for that base? */
if ($this->base != ""){
$new_dn= $this->dn;
}
+ /* Check permissions */
$ui= get_userinfo();
- $acl= get_permissions ($ui->dn, $ui->subtreeACL);
- $acl= get_module_permission($acl, "group", $ui->dn);
- if (chkacl($this->acl, "create") != ""){
+ $acl= get_permissions ($new_dn, $ui->subtreeACL);
+ $acl= get_module_permission($acl, "group", $new_dn);
+ if ($this->dn == "new" && chkacl($acl, "create") != ""){
$message[]= _("You have no permissions to create a group on this 'Base'.");
+ } elseif ($this->dn != $new_dn && $this->dn != "new"){
+ $acl= get_permissions ($new_dn, $ui->subtreeACL);
+ $acl= get_module_permission($acl, "group", $new_dn);
+ if (chkacl($acl, "create") != ""){
+ $message[]= _("You have no permissions to move a group from the original 'Base'.");
+ }
}
/* must: cn */
$message[]= _("The field 'Name' contains invalid characters. Lowercase, numbers and dashes are allowed.");
}
- /* Check for used 'cn' */
- $ldap= $this->config->get_ldap_link();
- $ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
- if ($ldap->count() != 0){
-
- /* New entry? */
- if ($this->dn == 'new'){
- $message[]= _("Value specified as 'Name' is already used.");
- }
-
- /* Moved? */
- elseif ($new_dn != $this->orig_dn){
- $ldap->fetch();
- if ($ldap->getDN() != $this->orig_dn){
+ if($this->allowGroupsWithSameNameInOtherSubtrees == true){
+
+ /* Check for used 'cn' */
+ $ldap= $this->config->get_ldap_link();
+ if(($this->cn != $this->orig_cn) || ($this->orig_dn == "new")){
+ $ldap->cd("ou=groups,".$this->base);
+ $ldap->ls("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",get_groups_ou().$this->base,array("cn"));
+ if ($ldap->count() != 0){
$message[]= _("Value specified as 'Name' is already used.");
}
}
- }
+ }else{
+
+ /* Check for used 'cn' */
+ $ldap= $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(|(objectClass=gosaGroupOfNames)(objectClass=posixGroup))(cn=$this->cn))",array("cn"));
+ if ($ldap->count() != 0){
+
+ /* New entry? */
+ if ($this->dn == 'new'){
+ $message[]= _("Value specified as 'Name' is already used.");
+ }
+
+ /* Moved? */
+ elseif ($new_dn != $this->orig_dn){
+ $ldap->fetch();
+ if ($ldap->getDN() != $this->orig_dn){
+ $message[]= _("Value specified as 'Name' is already used.");
+ }
+ }
+ }
+ }
+
/* Check ID */
if ($this->force_gid == "1"){
if (!is_id($this->gidNumber)){
return ($message);
}
- function get_next_id($attrib)
+ function get_next_id($attrib, $dn)
{
$ids= array();
$ldap= $this->config->get_ldap_link();
}
/* Find out next free id near to UID_BASE */
- for ($id= $this->config->current['UIDBASE']; $id++; $id<65000){
+ if (!isset($this->config->current['BASE_HOOK'])){
+ $base= $this->config->current['UIDBASE'];
+ } else {
+ /* Call base hook */
+ $base= get_base_from_hook($dn, $attrib);
+ }
+ for ($id= $base; $id++; $id < pow(2,32)){
if (!in_array($id, $ids)){
return ($id);
}
}
- /* Should not happen */
- if ($id == 65000){
- print_red(_("Too many users, can't allocate a free ID!"));
+ /* check if id reached maximum of 32 bit*/
+ if ($id >= pow(2,32)){
+ echo _("Too many groups, can't allocate a free ID!");
exit;
}
}
+ function getCopyDialog()
+ {
+ $vars = array("cn");
+
+ if($this ->force_gid){
+ $used = " checked ";
+ $dis = "";
+ }else{
+ $used = "";
+ $dis = " disabled ";
+ }
+
+ $smarty = get_smarty();
+ $smarty->assign("used",$used);
+ $smarty->assign("dis" ,$dis);
+ $smarty->assign("cn" ,$this->cn);
+ $smarty->assign("gidNumber",$this->gidNumber);
+ $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
+ $ret = array();
+ $ret['string'] = $str;
+ $ret['status'] = "";
+ return($ret);
+ }
+
+ function saveCopyDialog()
+ {
+ if(isset($_POST['cn'])){
+ $this->cn = $_POST['cn'];
+ }
+ if(isset($_POST['force_gid'])){
+ $this->force_gid = 1;
+ $this->gidNumber= $_POST['gidNumber'];
+ }else{
+ $this->force_gid = 0;
+ $this->gidNumber = false;
+ }
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: