![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/personal/posix/class_posixAccount.inc b/plugins/personal/posix/class_posixAccount.inc
index 2062f47faa44ad96ef3a267c9589c9322d99e68d..a67d03b95f1afda74da42c4534294c8c1963d733 100644 (file)
var $use_shadowWarning= "0";
var $use_shadowInactive= "0";
var $use_shadowExpire= "0";
- var $must_change_password= "0";
+ var $mustchangepassword= "0";
var $force_ids= 0;
var $printerList= array();
var $group_dialog= FALSE;
var $SubSearch = false;
/* attribute list for save action */
- var $CopyPasteVars = array("grouplist","groupMembership","use_shadowMin","use_shadowMax","use_shadowWarning","use_shadowInactive","use_shadowExpire","must_change_password","force_ids","printerList","grouplist","savedGidNumber","savedUidNumber","savedGroupMembership");
+ var $CopyPasteVars = array("grouplist","groupMembership","use_shadowMin","use_shadowMax",
+ "use_shadowWarning","use_shadowInactive","use_shadowExpire","mustchangepassword",
+ "force_ids","printerList","grouplist","savedGidNumber","savedUidNumber","savedGroupMembership");
+
var $attributes = array("homeDirectory", "loginShell", "uidNumber", "gidNumber", "gecos",
"shadowMin", "shadowMax", "shadowWarning", "shadowInactive", "shadowLastChange",
"shadowExpire", "gosaDefaultPrinter", "gosaDefaultLanguage", "uid","accessTo","trustModel");
+
var $objectclasses= array("posixAccount", "shadowAccount");
$this->was_trust_account= FALSE;
$this->trustModel= "";
}
-
- $this->accessTo = array();
+
+ $this->accessTo = array();
if ($this->is_account && isset($this->attrs['accessTo'])){
for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
$tmp= $this->attrs['accessTo'][$i];
}
/* Generate group list */
+ $this->ui = get_userinfo();
+ $this->secondaryGroups[]= "- "._("automatic")." -";
$ldap->cd($this->config->current['BASE']);
$ldap->search("(objectClass=posixGroup)", array("cn", "gidNumber"));
- $this->secondaryGroups[]= "- "._("automatic")." -";
- while ($attrs= $ldap->fetch()){
+ while($attrs = $ldap->fetch()){
$this->secondaryGroups[$attrs['gidNumber'][0]]= $attrs['cn'][0];
}
asort ($this->secondaryGroups);
/* execute generates the html output for this node */
function execute($isCopyPaste = false)
{
- /* Call parent execute */
- plugin::execute();
- $display= "";
+ echo "Fix get_list for group add";
- /* Department has changed? */
- if(isset($_POST['depselect'])){
- $_SESSION['CurrentMainBase']= validate($_POST['depselect']);
- }
+ /* Call parent execute */
+ plugin::execute();
+ $display= "";
- if(!$isCopyPaste){
- /* Do we need to flip is_account state? */
- if (isset($_POST['modify_state'])){
- $this->is_account= !$this->is_account;
- }
-
- /* Do we represent a valid posixAccount? */
- if (!$this->is_account && $this->parent == NULL ){
- $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
- _("This account has no unix extensions.")."</b>";
- $display.= back_to_main();
- return ($display);
+ /* Department has changed? */
+ if(isset($_POST['depselect'])){
+ $_SESSION['CurrentMainBase']= validate($_POST['depselect']);
}
+ if(!$isCopyPaste){
- /* Show tab dialog headers */
- if ($this->parent != NULL){
- if ($this->is_account){
- if (isset($this->parent->by_object['sambaAccount'])){
- $obj= $this->parent->by_object['sambaAccount'];
+ /* Do we need to flip is_account state? */
+ if(isset($_POST['modify_state'])){
+ if($this->is_account && $this->acl_is_removeable()){
+ $this->is_account= FALSE;
+ }elseif(!$this->is_account && $this->acl_is_createable()){
+ $this->is_account= TRUE;
}
- if (isset($obj) && $obj->is_account == TRUE &&
- ((isset($this->parent->by_object['sambaAccount']))&&($this->parent->by_object['sambaAccount']->is_account))
- ||(isset($this->parent->by_object['environment'] ))&&($this->parent->by_object['environment'] ->is_account)){
-
- /* Samba3 dependency on posix accounts are enabled
- in the moment, because I need to rely on unique
- uidNumbers. There'll be a better solution later
- on. */
- $display= $this->show_header(_("Remove posix account"),
- _("This account has unix features enabled. To disable them, you'll need to remove the samba / environment account first."), TRUE);
+ }
+
+ /* Do we represent a valid posixAccount? */
+ if (!$this->is_account && $this->parent == NULL ){
+ $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
+ _("This account has no unix extensions.")."</b>";
+ $display.= back_to_main();
+ return ($display);
+ }
+
+
+ /* Show tab dialog headers */
+ if ($this->parent != NULL){
+ if ($this->is_account){
+ if (isset($this->parent->by_object['sambaAccount'])){
+ $obj= $this->parent->by_object['sambaAccount'];
+ }
+ if (isset($obj) && $obj->is_account == TRUE &&
+ ((isset($this->parent->by_object['sambaAccount']))&&($this->parent->by_object['sambaAccount']->is_account))
+ ||(isset($this->parent->by_object['environment'] ))&&($this->parent->by_object['environment'] ->is_account)){
+
+ /* Samba3 dependency on posix accounts are enabled
+ in the moment, because I need to rely on unique
+ uidNumbers. There'll be a better solution later
+ on. */
+ $display= $this->show_disable_header(_("Remove posix account"),
+ _("This account has unix features enabled. To disable them, you'll need to remove the samba / environment account first."), TRUE);
+ } else {
+ $display= $this->show_disable_header(_("Remove posix account"),
+ _("This account has posix features enabled. You can disable them by clicking below."));
+ }
} else {
- $display= $this->show_header(_("Remove posix account"),
- _("This account has posix features enabled. You can disable them by clicking below."));
+ $display= $this->show_enable_header(_("Create posix account"),
+ _("This account has posix features disabled. You can enable them by clicking below."));
+ return($display);
}
- } else {
- $display= $this->show_header(_("Create posix account"),
- _("This account has posix features disabled. You can enable them by clicking below."));
- return($display);
}
}
- }
- /* Trigger group edit? */
- if (isset($_POST['edit_groupmembership'])){
- $this->group_dialog= TRUE;
- $this->dialog= TRUE;
- }
+ /* Trigger group edit? */
+ if (isset($_POST['edit_groupmembership'])){
+ $this->group_dialog= TRUE;
+ $this->dialog= TRUE;
+ }
- /* Cancel group edit? */
- if (isset($_POST['add_groups_cancel']) ||
- isset($_POST['add_groups_finish'])){
- $this->group_dialog= FALSE;
- $this->dialog= FALSE;
- }
+ /* Cancel group edit? */
+ if (isset($_POST['add_groups_cancel']) ||
+ isset($_POST['add_groups_finish'])){
+ $this->group_dialog= FALSE;
+ $this->dialog= FALSE;
+ }
- /* Add selected groups */
- if (isset($_POST['add_groups_finish']) && isset($_POST['groups']) &&
- count($_POST['groups'])){
+ /* Add selected groups */
+ if (isset($_POST['add_groups_finish']) && isset($_POST['groups']) &&
+ count($_POST['groups'])){
- if (chkacl ($this->acl, "memberUid") == ""){
- $this->addGroup ($_POST['groups']);
- $this->is_modified= TRUE;
- }
+ echo "FIXME, 302, put the acl check into addGroup function ";
+ #if (chk acl ($this->acl, "memberUid") == ""){
+ # $this->addGroup ($_POST['groups']);
+ # $this->is_modified= TRUE;
+ #}
}
/* Delete selected groups */
if (isset($_POST['delete_groupmembership']) &&
isset($_POST['group_list']) && count($_POST['group_list'])){
- if (chkacl ($this->acl, "memberUid") == ""){
- $this->delGroup ($_POST['group_list']);
- $this->is_modified= TRUE;
- }
+ echo "FIXME, 302, put the acl check into addGroup function ";
+ #if (chk acl ($this->acl, "memberUid") == ""){
+ # $this->delGroup ($_POST['group_list']);
+ # $this->is_modified= TRUE;
+ #}
}
/* Add user workstation? */
/* remove already assigned groups */
$glist= array();
foreach ($this->grouplist as $key => $value){
- if (!isset($this->groupMembership[$key])){
+ if (!isset($this->groupMembership[$key]) && obj_is_writable($key,"group","memberUid",$SkipWrite)){
$glist[$key]= $value;
}
}
/* Show main page */
$smarty= get_smarty();
+ /* In 'MyAccount' mode, we must remove write acls if we are not in editing mode. */
+ $SkipWrite = (!isset($this->parent) || !$this->parent) && !isset($_SESSION['edit']);
+
/* Depending on pwmode, currently hardcoded because there are no other methods */
if ( 1 == 1 ){
$smarty->assign("pwmode", dirname(__FILE__)."/posix_shadow");
- $shadowMinACL= chkacl($this->acl, "shadowMin");
- $smarty->assign("shadowmins", sprintf(_("Password can't be changed up to %s days after last change"), "<input name=\"shadowMin\" size=3 maxlength=4 $shadowMinACL value=\"".$this->shadowMin."\">"));
- $shadowMaxACL= chkacl($this->acl, "shadowMax");
- $smarty->assign("shadowmaxs", sprintf(_("Password must be changed after %s days"), "<input name=\"shadowMax\" size=3 maxlength=4 $shadowMaxACL value=\"".$this->shadowMax."\">"));
- $shadowInactiveACL= chkacl($this->acl, "shadowInactive");
- $smarty->assign("shadowinactives", sprintf(_("Disable account after %s days of inactivity after password expiery"), "<input name=\"shadowInactive\" size=3 maxlength=4 $shadowInactiveACL value=\"".$this->shadowInactive."\">"));
- $shadowWarningACL= chkacl($this->acl, "shadowWarning");
- $smarty->assign("shadowwarnings", sprintf(_("Warn user %s days before password expiery"), "<input name=\"shadowWarning\" size=3 maxlength=4 $shadowWarningACL value=\"".$this->shadowWarning."\">"));
- foreach( array("must_change_password", "use_shadowMin", "use_shadowMax",
- "use_shadowExpire", "use_shadowInactive",
- "use_shadowWarning") as $val){
+
+ $shadowMinACL = $this->getacl("shadowMin",$SkipWrite);
+ $smarty->assign("shadowmins", sprintf(_("Password can't be changed up to %s days after last change"),
+ "<input name=\"shadowMin\" size=3 maxlength=4 $shadowMinACL value=\"".$this->shadowMin."\">"));
+
+ $shadowMaxACL = $this->getacl("shadowMax",$SkipWrite);
+ $smarty->assign("shadowmaxs", sprintf(_("Password must be changed after %s days"),
+ "<input name=\"shadowMax\" size=3 maxlength=4 $shadowMaxACL value=\"".$this->shadowMax."\">"));
+
+ $shadowInactiveACL= $this->getacl("shadowInactive",$SkipWrite);
+ $smarty->assign("shadowinactives", sprintf(_("Disable account after %s days of inactivity after password expiery"),
+ "<input name=\"shadowInactive\" size=3 maxlength=4 $shadowInactiveACL value=\"".$this->shadowInactive."\">"));
+
+ $shadowWarningACL = $this->getacl("shadowWarning",$SkipWrite);
+ $smarty->assign("shadowwarnings", sprintf(_("Warn user %s days before password expiery"),
+ "<input name=\"shadowWarning\" size=3 maxlength=4 $shadowWarningACL value=\"".$this->shadowWarning."\">"));
+
+ foreach( array("use_shadowMin", "use_shadowMax",
+ "use_shadowExpire", "use_shadowInactive","use_shadowWarning") as $val){
if ($this->$val == 1){
$smarty->assign("$val", "checked");
} else {
$smarty->assign("$val", "");
}
- $smarty->assign("$val"."ACL", chkacl($this->acl, $val));
+ $smarty->assign("$val"."ACL", $this->getacl($val,$SkipWrite));
}
+
+ if($this->mustchangepassword){
+ $smarty->assign("mustchangepassword", "checked");
+ } else {
+ $smarty->assign("mustchangepassword", "");
+ }
+ $smarty->assign("mustchangepasswordACL", $this->getacl("mustchangepassword",$SkipWrite));
}
/* Fill calendar */
$smarty->assign("shells", $this->loginShellList);
$smarty->assign("secondaryGroups", $this->secondaryGroups);
$smarty->assign("primaryGroup", $this->primaryGroup);
- if (!count($this->groupMembership)){
+ if (!count($this->groupMembership)){
$smarty->assign("groupMembership", array(" "));
} else {
$smarty->assign("groupMembership", $this->groupMembership);
$smarty->assign("printerList", $this->printerList);
$smarty->assign("languages", $this->config->data['MAIN']['LANGUAGES']);
- /* Avoid "Undefined index: forceMode" */
+ /* Avoid "Undefined index: forceMode" */
$smarty->assign("forceMode", "");
/* Checkboxes */
}
} else {
if ($_SESSION['js']){
- if($this->acl != "#none#")
- $smarty->assign("forceMode", "disabled");
+ if($this->acl != "#none#")
+ $smarty->assign("forceMode", "disabled");
}
$smarty->assign("force_ids", "");
}
- $smarty->assign("force_idsACL", chkacl($this->acl, "force_ids"));
+
+
+
+ $smarty->assign("force_idsACL", $this->getacl("uidNumber",$SkipWrite).$this->getacl("gidNumber",$SkipWrite));
/* Load attributes and acl's */
foreach($this->attributes as $val){
- if((chkacl($this->acl,$val)=="")&&(($_SESSION["js"])&&(($val=="uidNumber")||($val=="gidNumber"))))
- {
- $smarty->assign("$val"."ACL","");
- $smarty->assign("$val", $this->$val);
- continue;
- }
+ if(($_SESSION["js"])&&(($val=="uidNumber")||($val=="gidNumber")))
+ {
+ $smarty->assign("$val"."ACL",$this->getacl($val,$SkipWrite));
+ $smarty->assign("$val", $this->$val);
+ continue;
+ }
$smarty->assign("$val", $this->$val);
- $smarty->assign("$val"."ACL", chkacl($this->acl,$val));
+ $smarty->assign("$val"."ACL", $this->getacl($val,$SkipWrite));
+ }
+ if($SkipWrite){
+ $smarty->assign("groupMembershipACL","r");
+ }else{
+ $smarty->assign("groupMembershipACL","rw");
}
- $smarty->assign("groupMembershipACL", chkacl($this->acl, "groupMembership"));
$smarty->assign("status", $this->status);
/* Work on trust modes */
- $smarty->assign("trustmodeACL", chkacl($this->acl, "trustmode"));
+ $smarty->assign("trustmodeACL", $this->getacl("trustModel",$SkipWrite));
if ($this->trustModel == "fullaccess"){
$trustmode= 1;
// pervent double disable tag in html code, this will disturb our clean w3c html
-
- if(chkacl($this->acl, "trustmode")==""){
- $smarty->assign("trusthide", "disabled");
- }else{
- $smarty->assign("trusthide", "");
- }
+ $smarty->assign("trustmode", $this->getacl("trustModel",$SkipWrite));
} elseif ($this->trustModel == "byhost"){
$trustmode= 2;
$smarty->assign("trusthide", "");
} else {
// pervent double disable tag in html code, this will disturb our clean w3c html
- if(chkacl($this->acl, "trustmode")==""){
- $smarty->assign("trusthide", "disabled");
- }else{
- $smarty->assign("trusthide", "");
- }
+ $smarty->assign("trustmode", $this->getacl("trustModel",$SkipWrite));
$trustmode= 0;
}
$smarty->assign("trustmode", $trustmode);
$smarty->assign("emptyArrAccess",true);
else
$smarty->assign("emptyArrAccess",false);
-
+
$smarty->assign("workstations", $this->accessTo);
function remove_from_parent()
{
/* Cancel if there's nothing to do here */
- if (!$this->initially_was_account){
+ if ((!$this->initially_was_account) || (!$this->acl_is_removeable())){
return;
}
/* include global link_info */
$ldap= $this->config->get_ldap_link();
-
- /* Remove and write to LDAP */
+
+ /* Remove and write to LDAP */
plugin::remove_from_parent();
/* Zero out array */
function save_object()
{
- if (isset($_POST['posixTab'])){
+ if ((isset($_POST['posixTab'])) && (isset($_SESSION['edit']))){
/* Save values to object */
plugin::save_object();
- /* Save force GID attribute */
- if (chkacl ($this->acl, "force_ids") == ""){
+
+ /* Save force GID checkbox */
+ if($this->acl_is_writeable("gidNumber") || $this->acl_is_writeable("uidNumber")){
if (isset ($_POST['force_ids'])){
$data= 1;
} else {
$this->is_modified= TRUE;
}
$this->force_ids= $data;
+ }
+ /*Save primary group settings */
+ if($this->acl_is_writeable("primaryGroup") && isset($_POST['primaryGroup'])){
$data= $_POST['primaryGroup'];
if ($this->primaryGroup != $data){
$this->is_modified= TRUE;
$this->primaryGroup= $_POST['primaryGroup'];
}
- /* Save pwmode dependent attributes, curently hardcoded because there're
- no alternatives */
- if (1 == 1){
- foreach( array("must_change_password", "use_shadowMin", "use_shadowMax",
- "use_shadowExpire", "use_shadowInactive",
- "use_shadowWarning") as $val){
- if (chkacl($this->acl, "$val") == ""){
- if (isset ($_POST[$val])){
- $data= 1;
- } else {
- $data= 0;
- }
- if ($data != $this->$val){
- $this->is_modified= TRUE;
- }
- $this->$val= $data;
+ foreach(array("shadowMin","shadowMax","shadowExpire","shadowInactive","shadowWarning","mustchangepassword") as $var) {
+ if($this->acl_is_writeable($var)){
+ $use_var = "use_".$var;
+ if(isset($_POST['use_'.$var])){
+ $this->$use_var = true;
+ $this->$var = $_POST[$var];
+ }else{
+ $this->$use_var = false;
+ $this->$var = 0;
}
}
}
/* Trust mode - special handling */
- if (isset($_POST['trustmode'])){
- $saved= $this->trustModel;
- if ($_POST['trustmode'] == "1"){
- $this->trustModel= "fullaccess";
- } elseif ($_POST['trustmode'] == "2"){
- $this->trustModel= "byhost";
- } else {
- $this->trustModel= "";
- }
- if ($this->trustModel != $saved){
- $this->is_modified= TRUE;
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
}
}
}
-
+
/* Get regex from alphabet */
if(isset($_GET['search'])){
$this->GroupRegex = $_GET['search']."*";
/* Save data to LDAP, depending on is_account we save or delete */
function save()
{
-
+
/* include global link_info */
$ldap= $this->config->get_ldap_link();
if (!$this->use_shadowMax){
$this->shadowMax= "0";
}
- if ($this->must_change_password){
+ if ($this->mustchangepassword){
$this->shadowLastChange= (int)(date("U") / 86400) - $this->shadowMax - 1;
} else {
$this->shadowLastChange= (int)(date("U") / 86400);
$this->shadowMin = "";
}
- if (($this->use_shadowMax != "1") && ($this->must_change_password != "1")) {
+ if (($this->use_shadowMax != "1") && ($this->mustchangepassword != "1")) {
$this->shadowMax = "";
}
}
}
- foreach(array("shadowMin","shadowMax","shadowWarning","shadowInactive","shadowExpire") as $attr){
- $this->$attr = (int) $this->$attr;
- }
+ foreach(array("shadowMin","shadowMax","shadowWarning","shadowInactive","shadowExpire") as $attr){
+ $this->$attr = (int) $this->$attr;
+ }
/* Call parents save to prepare $this->attrs */
plugin::save();
$g->save ();
}
}
-
+
/* Take care about groupMembership values: add to groups */
foreach ($this->groupMembership as $key => $value){
$g= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $key);
$g->by_object['group']->addUser($this->uid);
$g->save();
}
-
+
/* Remove from groups not listed in groupMembership */
foreach ($this->savedGroupMembership as $key => $value){
if (!isset($this->groupMembership[$key])){
}
}
- // if(empty($this->gosaDefaultPrinter)){
- // $message[]= _("You need to specify a valid default printer.");
- // }
+ // if(empty($this->gosaDefaultPrinter)){
+ // $message[]= _("You need to specify a valid default printer.");
+ // }
return ($message);
}
$this->primaryGroup= $this->gidNumber;
}
- $ldap->cd($this->config->current['BASE']);
+ $ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=gosaUserTemplate)(uid=".$template."))", array("cn","accessTo"));
- while($attr = $ldap->fetch()){
- $tmp = $attr['accessTo'];
- unset ($tmp['count']);
- $this->accessTo = $tmp;
- }
-
+ while($attr = $ldap->fetch()){
+ $tmp = $attr['accessTo'];
+ unset ($tmp['count']);
+ $this->accessTo = $tmp;
+ }
+
/* Adjust shadow checkboxes */
foreach (array("shadowMin", "shadowMax", "shadowWarning", "shadowInactive",
"shadowExpire") as $val){
/* Create a list of users */
$this->grouplist = array();
foreach ($res as $value){
- $this->grouplist[$value['gidNumber'][0]]= $value;
+ $this->grouplist[$value['gidNumber'][0]]= $value;
}
$tmp=array();
}
$force_ids = "";
}
-
+
$sta = "";
-
+
/* Open group add dialog */
if(isset($_POST['edit_groupmembership'])){
$this->group_dialog = TRUE;
}
/* If the group-add dialog is closed, call execute
- to ensure that the membership is updatd */
+ to ensure that the membership is updatd */
if(isset($_POST['add_groups_finish']) || isset($_POST['add_groups_cancel'])){
$this->execute();
$this->group_dialog =FALSE;
function plInfo()
{
- return (array("plDescription" => _("POSIX account"),
- "plSelfModify" => TRUE,
- "plDepends" => array("objectClass" => "gosaAccount"),
- "homeDirectory" => _("Home directory"), "uidNumber" => _("User ID"),
- "gidNumber" => _("Group ID")));
+ return (array(
+ "plDescription" => _("POSIX account"),
+ "plSelfModify" => TRUE,
+ "plDepends" => array("user"),
+ "plPriority" => 1,
+ "plSection" => "personal",
+ "plCategory" => array("users"),
+ "plOptions" => array(),
+
+ "plProvidedAcls" => array(
+
+ "homeDirectory" => _("Home directory"),
+ "loginShell" => _("Shell"),
+ "uidNumber" => _("User ID"),
+ "gidNumber" => _("Group ID"),
+
+ "mustchangepassword"=> _("Force password change on login"),
+ "shadowMin" => _("Shadow min"),
+ "shadowMax" => _("Shadow max"),
+ "shadowWarning" => _("Shadow warning"),
+ "shadowInactive" => _("Shadow inactive"),
+ "shadowExpire" => _("Shadow expire"),
+ "trustModel" => _("System trust model")))
+ );
}
-
-
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: