X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_plugin.inc;h=31115eced96878a3e78414b3add8fb5d3c49ebd8;hb=62c2547a71af33f8815bf3627822599c95153527;hp=2c804e967ad20073832cd07e700064cb0fd23e45;hpb=26ed90923dc2292f528c4abb08a8a4ef0fc14b36;p=gosa.git

diff --git a/gosa-core/include/class_plugin.inc b/gosa-core/include/class_plugin.inc
index 2c804e967..31115eced 100644
--- a/gosa-core/include/class_plugin.inc
+++ b/gosa-core/include/class_plugin.inc
@@ -150,8 +150,14 @@ class plugin
       return;
     }
 
+    /* Check if this entry was opened in read only mode */
     if(isset($_POST['open_readonly'])){
-      $this->read_only = TRUE;
+      if(session::global_is_set("LOCK_CACHE")){
+        $cache = &session::get("LOCK_CACHE");
+        if(isset($cache['READ_ONLY'][$this->dn])){
+          $this->read_only = TRUE;
+        }
+      }
     }
 
     /* Save current dn as acl_base */
@@ -253,7 +259,7 @@ class plugin
   function execute()
   {
     /* This one is empty currently. Fabian - please fill in the docu code */
-    session::set('current_class_for_help',get_class($this));
+    session::global_set('current_class_for_help',get_class($this));
 
     /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
     session::set('LOCK_VARS_TO_USE',array());
@@ -797,7 +803,8 @@ class plugin
       ldap_set_rebind_proc($ds, array(&$this, "rebind"));
     }
 
-    $r=ldap_bind($ds,$this->config->current['ADMINDN'], $this->config->current['ADMINPASSWORD']);
+    $pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']);
+    $r=ldap_bind($ds,$this->config->current['ADMINDN'], $pwd);
     $sr=ldap_read($ds, LDAP::fix($src_dn), "objectClass=*");
 
     /* Fill data from LDAP */
@@ -919,7 +926,10 @@ class plugin
     $ldap->cd($this->config->current['BASE']);
     $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dst_dn));
     if (!$ldap->rename_dn($src_dn,$dst_dn)){
-      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class()));
+#      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class()));
+      new log("debug","Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.","FROM: $src_dn  -- TO: $dst_dn",array(),$ldap->get_error());
+      @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,"Rename failed FROM: $src_dn  -- TO:  $dst_dn", 
+          "Ldap Protocol v3 implementation error, falling back to maunal method.");
       return(FALSE);
     }
 
@@ -934,44 +944,44 @@ class plugin
       $this->update_acls($old_dn,$new_dn); 
     }
 
-    /* Get all objectGroups defined in this database. 
-        and check if there is an entry matching the source dn,
-        if this is the case, then update this objectgroup to use the new dn.
-     */
-    $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=*))","ogroups",
-        array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("member"),
-        GL_SUBSEARCH | GL_NO_ACL_CHECK) ;
+    // Migrate objectgroups if needed
+    $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","ogroups", array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
 
-    /* Walk through all objectGroups and check if there are 
-        members matching the source dn 
-     */
+    // Walk through all objectGroups
     foreach($ogroups as $ogroup){
-      if(isset($ogroup['member'])){
+      // Migrate old to new dn
+      $o_ogroup= new ogroup($this->config,$ogroup['dn']);
+      unset($o_ogroup->member[$src_dn]);
+      $o_ogroup->member[$dst_dn]= $dst_dn;
+      
+      // Save object group
+      $o_ogroup->save();
+    }
 
-        /* Reset class object, this will be initialized with class_ogroup on demand 
-         */
-        $o_ogroup = NULL; 
-        for($i = 0 ; $i < $ogroup['member']['count'] ; $i ++){
+    // Migrate rfc groups if needed
+    $groups = get_sub_list("(&(objectClass=posixGroups)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
 
-          $c_mem = $ogroup['member'][$i];
-  
-          if(preg_match("/".preg_quote($src_dn, '/')."$/i",$c_mem)){
- 
-            $d_mem = preg_replace("/".preg_quote($src_dn, '/')."$/i",$dst_dn,$ogroup['member'][$i]);
+    // Walk through all POSIX groups
+    foreach($groups as $group){
+      // Migrate old to new dn
+      $o_group= new group($this->config,$group['dn']);
+      unset($o_group->member[$src_dn]);
+      $o_group->member[$dst_dn]= $dst_dn;
+      
+      // Save object group
+      $o_group->save();
+    }
 
-            if($o_ogroup == NULL){
-              $o_ogroup = new ogroup($this->config,$ogroup['dn']);
-            }              
+    /* Update roles to use the new entry dn */
+    $roles = get_sub_list("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","roles", array(get_ou("roleRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK);
 
-            unset($o_ogroup->member[$c_mem]);
-            $o_ogroup->member[$d_mem]= $d_mem;
-          }
-        }
-       
-        /* Save object group if there were changes made on the membership */ 
-        if($o_ogroup != NULL){
-          $o_ogroup->save();
-        }
+    // Walk through all roles
+    foreach($roles as $role){
+      $role = new roleGeneric($this->config,$role['dn']);
+      $key= array_search($src_dn, $role->roleOccupant);      
+      if($key !== FALSE){
+        $role->roleOccupant[$key] = $dst_dn;
+        $role->save();
       }
     }
  
@@ -984,7 +994,7 @@ class plugin
     if(count($leaf_deps)){
       $this->config->get_departments();
       $this->config->make_idepartments();
-      session::set("config",$this->config);
+      session::global_set("config",$this->config);
       $ui =get_userinfo();
       $ui->reset_acl_cache();
     }
@@ -1224,7 +1234,7 @@ class plugin
     }else{
       $server         = $config->get_cfg_value("snapshotURI");
       $user           = $config->get_cfg_value("snapshotAdminDn");
-      $password       = $config->get_cfg_value("snapshotAdminPassword");
+      $password       = $this->config->get_credentials($config->get_cfg_value("snapshotAdminPassword"));
       $snapldapbase   = $config->get_cfg_value("snapshotBase");
 
       $ldap_to        = new ldapMultiplexer(new LDAP($user,$password, $server));
@@ -1297,7 +1307,10 @@ class plugin
     $this->dn = $dn;
     $ldap = $this->config->get_ldap_link();
     $ldap->cd($this->config->current['BASE']);
-    $ldap->rmdir_recursive($dn);
+    $ldap->rmdir_recursive($this->dn);
+    if(!$ldap->success()){
+      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn));
+    }
     $this->dn = $old_dn;
   }
 
@@ -1306,30 +1319,7 @@ class plugin
      There will also be some errors psoted, if the configuration failed */
   function snapshotEnabled()
   {
-    $config = $this->config;
-    if($config->get_cfg_value("enableSnapshots") == "true"){
-	    /* Check if the snapshot_base is defined */
-	    if ($config->get_cfg_value("snapshotBase") == ""){
-		    msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."),"snapshotBase"), ERROR_DIALOG);
-		    return(FALSE);
-	    }
-
-	    /* check if there are special server configurations for snapshots */
-	    if ($config->get_cfg_value("snapshotURI") != ""){
-
-		    /* check if all required vars are available to create a new ldap connection */
-		    $missing = "";
-		    foreach(array("snapshotURI","snapshotAdminDn","snapshotAdminPassword","snapshotBase") as $var){
-			    if($config->get_cfg_value($var) == ""){
-				    $missing .= $var." ";
-				    msg_dialog::display(_("Configuration error"), sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not set."), $missing), ERROR_DIALOG);
-				    return(FALSE);
-			    }
-		    }
-	    }
-	    return(TRUE);
-    }
-    return(FALSE);
+    return $this->config->snapshotEnabled();
   }
 
 
@@ -1351,7 +1341,7 @@ class plugin
     }else{
       $server         = $this->config->get_cfg_value("snapshotURI");
       $user           = $this->config->get_cfg_value("snapshotAdminDn");
-      $password       = $this->config->get_cfg_value("snapshotAdminPassword");
+      $password       = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
       $snapldapbase   = $this->config->get_cfg_value("snapshotBase");
       $ldap_to        = new ldapMultiplexer(new LDAP($user,$password, $server));
       $ldap_to -> cd($snapldapbase);
@@ -1409,7 +1399,7 @@ class plugin
     }else{
       $server         = $this->config->get_cfg_value("snapshotURI");
       $user           = $this->config->get_cfg_value("snapshotAdminDn");
-      $password       = $this->config->get_cfg_value("snapshotAdminPassword");
+      $password       = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
       $snapldapbase   = $this->config->get_cfg_value("snapshotBase");
       $ldap_to        = new ldapMultiplexer(new LDAP($user,$password, $server));
       $ldap_to -> cd($snapldapbase);
@@ -1475,7 +1465,7 @@ class plugin
     }else{
       $server         = $this->config->get_cfg_value("snapshotURI");
       $user           = $this->config->get_cfg_value("snapshotAdminDn");
-      $password       = $this->config->get_cfg_value("snapshotAdminPassword");
+      $password       = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword"));
       $snapldapbase   = $this->config->get_cfg_value("snapshotBase");
       $ldap_to        = new ldapMultiplexer(new LDAP($user,$password, $server));
       $ldap_to -> cd($snapldapbase);
@@ -1507,10 +1497,11 @@ class plugin
     $this->parent = $parent;
 
     foreach($_POST as $name => $value){
-			$entry = base64_decode(preg_replace("/_[xy]$/","",$name));
 
       /* Create a new snapshot, display a dialog */
-      if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
+      if(preg_match("/^CreateSnapShotDialog_[^_]*_[xy]$/",$name) && $once){
+
+			  $entry = base64_decode(preg_replace("/^CreateSnapShotDialog_([^_]*)_[xy]$/","\\1",$name));
         $once = false;
         $entry = preg_replace("/^CreateSnapShotDialog_/","",$entry);
 
@@ -1524,8 +1515,8 @@ class plugin
       /* Restore a snapshot, display a dialog with all snapshots of the current object */
       if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
         $once = false;
-        $entry = preg_replace("/^RestoreSnapShotDialog_/","",$entry);
-        if(!empty($entry) && $ui->allow_snapshot_restore($entry,$this->parent->acl_module)){
+        $entry = base64_decode(preg_replace("/^RestoreSnapShotDialog_([^_]*)_[xy]$/i","\\1",$name));
+        if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
           $this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
           $this->snapDialog->display_restore_dialog = true;
         }else{
@@ -1538,7 +1529,7 @@ class plugin
           || preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){
         $once = false;
 
-        if($ui->allow_snapshot_restore($base,$this->parent->acl_module)){
+        if($ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
           $this->snapDialog = new SnapShotDialog($this->config,"",$this);
           $this->snapDialog->set_snapshot_bases($baseSuffixe);
           $this->snapDialog->display_restore_dialog      = true;
@@ -1551,8 +1542,9 @@ class plugin
       /* Restore selected snapshot */
       if(preg_match("/^RestoreSnapShot_/",$name) && $once){
         $once = false;
-        $entry = preg_replace("/^RestoreSnapShot_/","",$entry);
-        if(!empty($entry) && $ui->allow_snapshot_restore($entry,$this->parent->acl_module)){
+        $entry = base64_decode(preg_replace("/^RestoreSnapShot_([^_]*)_[xy]$/i","\\1",$name));
+
+        if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){
           $this->restore_snapshot($entry);
           $this->snapDialog = NULL;
         }else{
@@ -1716,10 +1708,10 @@ class plugin
     }
 
     /* Update userinfo if necessary */
-    $ui = session::get('ui');
+    $ui = session::global_get('ui');
     if($ui->dn == $old_dn){
       $ui->dn = $new_dn;
-      session::set('ui',$ui);
+      session::global_set('ui',$ui);
       new log("view","acl/".get_class($this),$this->dn,array(),"Updated current object dn from '".$old_dn."' to '".$new_dn."'");
     }
 
@@ -1864,7 +1856,7 @@ class plugin
   function multiple_execute()
   {
     /* This one is empty currently. Fabian - please fill in the docu code */
-    session::set('current_class_for_help',get_class($this));
+    session::global_set('current_class_for_help',get_class($this));
 
     /* Reset Lock message POST/GET check array, to prevent perg_match errors*/
     session::set('LOCK_VARS_TO_USE',array());
@@ -2026,10 +2018,10 @@ class plugin
     /* Check permissions for each category, if there is at least one category which 
         support read or paste permissions for the given base, then display the specific actions.
      */
-    $readable = $pasteable = TRUE;
+    $readable = $pasteable = false;
     foreach($category as $cat){
-      $readable |= $ui->get_category_permissions($base,$cat);
-      $pasteable|= $ui->is_pasteable($base,$cat);
+      $readable= $readable || preg_match('/r/', $ui->get_category_permissions($base, $cat));
+      $pasteable= $pasteable || $ui->is_pasteable($base, $cat) == 1;
     }
   
     if(($cut || $copy) && isset($this->CopyPasteHandler) && is_object($this->CopyPasteHandler)){
@@ -2063,6 +2055,11 @@ class plugin
   {
      return(array());
   }
+
+  function is_modal_dialog()
+  {
+    return(isset($this->dialog) && $this->dialog);
+  }
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: