X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_plugin.inc;h=d0c7b8096bfd31744201bd048e780cee134e1764;hb=0263ebf7c8361121ba2e35e4e80c976a02ed1d26;hp=458aa41e35c6111693d44e8bd7e14953008cc570;hpb=849827d387fb21cb85d0fcdda99c22d9b45ab535;p=gosa.git diff --git a/gosa-core/include/class_plugin.inc b/gosa-core/include/class_plugin.inc index 458aa41e3..d0c7b8096 100644 --- a/gosa-core/include/class_plugin.inc +++ b/gosa-core/include/class_plugin.inc @@ -1,21 +1,23 @@ config= &$config; $this->dn= $dn; + // Ensure that we've a valid acl_category set. + if(empty($this->acl_category)){ + $tmp = $this->plInfo(); + if (isset($tmp['plCategory'])) { + $c = key($tmp['plCategory']); + if(is_numeric($c)){ + $c = $tmp['plCategory'][0]; + } + $this->acl_category = $c."/"; + } + } + /* Handle new accounts, don't read information from LDAP */ if ($dn == "new"){ return; } + /* Check if this entry was opened in read only mode */ + if(isset($_POST['open_readonly'])){ + if(session::global_is_set("LOCK_CACHE")){ + $cache = &session::get("LOCK_CACHE"); + if(isset($cache['READ_ONLY'][$this->dn])){ + $this->read_only = TRUE; + } + } + } + /* Save current dn as acl_base */ $this->acl_base= $dn; /* Get LDAP descriptor */ - $ldap= $this->config->get_ldap_link(); if ($dn !== NULL){ /* Load data to 'attrs' and save 'dn' */ - if ($parent !== NULL){ - $this->attrs= $parent->attrs; + if ($object !== NULL){ + $this->attrs= $object->attrs; } else { + $ldap= $this->config->get_ldap_link(); $ldap->cat ($dn); $this->attrs= $ldap->fetch(); } @@ -169,7 +195,7 @@ class plugin foreach ($this->attributes as $val){ $found= array_key_ics($val, $this->attrs); if ($found != ""){ - $this->$val= $this->attrs["$found"][0]; + $this->$val= $found[0]; } } @@ -181,7 +207,7 @@ class plugin /* Set the template flag according to the existence of objectClass gosaUserTemplate */ if (isset($this->attrs['objectClass'])){ - if (in_array ("gosaUserTemplate", $this->attrs['objectClass'])){ + if (in_array_ics ("gosaUserTemplate", $this->attrs['objectClass'])){ $this->is_template= TRUE; @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "found", "Template check"); @@ -208,23 +234,33 @@ class plugin /* Prepare saved attributes */ $this->saved_attributes= $this->attrs; foreach ($this->saved_attributes as $index => $value){ - if (preg_match('/^[0-9]+$/', $index)){ + if (is_numeric($index)){ unset($this->saved_attributes[$index]); continue; } - if (!in_array($index, $this->attributes) && $index != "objectClass"){ - unset($this->saved_attributes[$index]); - continue; - } - if ($this->saved_attributes[$index]["count"] == 1){ - $tmp= $this->saved_attributes[$index][0]; + + if (!in_array_ics($index, $this->attributes) && strcasecmp('objectClass', $index)){ unset($this->saved_attributes[$index]); - $this->saved_attributes[$index]= $tmp; continue; } + if (isset($this->saved_attributes[$index][0])){ + if(!isset($this->saved_attributes[$index]["count"])){ + $this->saved_attributes[$index]["count"] = count($this->saved_attributes[$index]); + } + if($this->saved_attributes[$index]["count"] == 1){ + $tmp= $this->saved_attributes[$index][0]; + unset($this->saved_attributes[$index]); + $this->saved_attributes[$index]= $tmp; + continue; + } + } unset($this->saved_attributes["$index"]["count"]); } + + if(isset($this->attrs['gosaUnitTag'])){ + $this->saved_attributes['gosaUnitTag'] = $this->attrs['gosaUnitTag'][0]; + } } /* Save initial account state */ @@ -232,21 +268,23 @@ class plugin } - /*! \brief execute plugin - - Generates the html output for this node + /*! \brief Generates the html output for this node */ function execute() { /* This one is empty currently. Fabian - please fill in the docu code */ - $_SESSION['current_class_for_help'] = get_class($this); + session::global_set('current_class_for_help',get_class($this)); /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ - $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array(); + session::set('LOCK_VARS_TO_USE',array()); + session::set('LOCK_VARS_USED_GET',array()); + session::set('LOCK_VARS_USED_POST',array()); + session::set('LOCK_VARS_USED_REQUEST',array()); + + pathNavigator::registerPlugin($this); } - /*! \brief execute plugin - Removes object from parent + /*! \brief Removes object from parent */ function remove_from_parent() { @@ -265,7 +303,7 @@ class plugin /* Remove objectClasses from entry */ $ldap->cd($this->dn); $this->attrs= array(); - $this->attrs['objectClass']= array_remove_entries($this->objectclasses,$oc); + $this->attrs['objectClass']= array_remove_entries_ics($this->objectclasses,$oc); /* Unset attributes from entry */ foreach ($this->attributes as $val){ @@ -284,7 +322,7 @@ class plugin } - /*! \brief Save HTML posted data to object + /*! \brief Save HTML posted data to object */ function save_object() { @@ -317,15 +355,12 @@ class plugin $data = ""; } $this->$val= $data; - //echo "".$val."
"; - }else{ - //echo "".$val."
"; } } } - /* Save data to LDAP, depending on is_account we save or delete */ + /*! \brief Save data to LDAP, depending on is_account we save or delete */ function save() { /* include global link_info */ @@ -363,13 +398,15 @@ class plugin } } + /* Handle tagging */ + $this->tag_attrs($this->attrs); } function cleanup() { foreach ($this->attrs as $index => $value){ - + /* Convert arrays with one element to non arrays, if the saved attributes are no array, too */ if (is_array($this->attrs[$index]) && @@ -418,7 +455,7 @@ class plugin } } - /* Check formular input */ + /*! \brief Check formular input */ function check() { $message= array(); @@ -434,8 +471,7 @@ class plugin if ($command != ""){ if (!check_command($command)){ - $message[]= sprintf(_("Command '%s', specified as CHECK hook for plugin '%s' doesn't seem to exist."), $command, - get_class($this)); + $message[]= msgPool::cmdnotfound("CHECK", get_class($this)); } else { /* Generate "ldif" for check hook */ @@ -488,14 +524,14 @@ class plugin $current_csn = getEntryCSN($this->dn); if($current_csn != $this->entryCSN && !empty($this->entryCSN) && !empty($current_csn)){ $this->entryCSN = $current_csn; - $message[] = _("The object has changed since opened in GOsa. Please ensure that nobody has done serious changes that may get lost if you save this entry."); + $message[] = _("The object has changed since opened in GOsa. All changes that may be done by others get lost if you save this entry!"); } } return ($message); } /* Adapt from template, using 'dn' */ - function adapt_from_template($dn) + function adapt_from_template($dn, $skip= array()) { /* Include global link_info */ $ldap= $this->config->get_ldap_link(); @@ -507,6 +543,11 @@ class plugin /* Walk through attributes */ foreach ($this->attributes as $val){ + /* Skip the ones in skip list */ + if (in_array($val, $skip)){ + continue; + } + if (isset($this->attrs["$val"][0])){ /* If attribute is set, replace dynamic parts: @@ -538,14 +579,14 @@ class plugin } } - /* Indicate whether a password change is needed or not */ + /* \brief Indicate whether a password change is needed or not */ function password_change_needed() { return FALSE; } - /* Show header message for tab dialogs */ + /*! \brief Show header message for tab dialogs */ function show_enable_header($button_text, $text, $disabled= FALSE) { if (($disabled == TRUE) || (!$this->acl_is_createable())){ @@ -553,15 +594,16 @@ class plugin } else { $state= ""; } - $display= "\n

$text

\n"; - $display.= "

 

"; + $display = "
\n"; + $display.= "

$text

\n"; + $display.= "\n"; + $display.= "
\n"; return($display); } - /* Show header message for tab dialogs */ + /*! \brief Show header message for tab dialogs */ function show_disable_header($button_text, $text, $disabled= FALSE) { if (($disabled == TRUE) || !$this->acl_is_removeable()){ @@ -569,133 +611,48 @@ class plugin } else { $state= ""; } - $display= "\n

$text

\n"; - $display.= "

 

"; - + $display = "
\n"; + $display.= "

$text

\n"; + $display.= "\n"; + $display.= "
\n"; return($display); } - /* Show header message for tab dialogs */ - function show_header($button_text, $text, $disabled= FALSE) - { - echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header
"; - if ($disabled == TRUE){ - $state= "disabled"; - } else { - $state= ""; - } - $display= "\n

$text

\n"; - $display.= "acl_is_createable()?'':'disabled')." ".$state. - ">

 

"; - return($display); - } - - - function postcreate($add_attrs= array()) + /* Create unique DN */ + function create_unique_dn2($data, $base) { - /* Find postcreate entries for this class */ - $command= $this->config->search(get_class($this), "POSTCREATE",array('menu', 'tabs')); - - if ($command != ""){ - - /* Additional attributes */ - foreach ($add_attrs as $name => $value){ - $command= preg_replace("/%$name/", $value, $command); - } - - /* Walk through attribute list */ - foreach ($this->attributes as $attr){ - if (!is_array($this->$attr)){ - $command= preg_replace("/%$attr/", $this->$attr, $command); - } - } - $command= preg_replace("/%dn/", $this->dn, $command); - - if (check_command($command)){ - @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, - $command, "Execute"); + $ldap= $this->config->get_ldap_link(); + $base= preg_replace("/^,*/", "", $base); - exec($command); - } else { - $message= sprintf(_("Command '%s', specified as POSTCREATE for plugin '%s' doesn't seem to exist."), $command, get_class($this)); - print_red ($message); - } + /* Try to use plain entry first */ + $dn= "$data,$base"; + $attribute= preg_replace('/=.*$/', '', $data); + $ldap->cat ($dn, array('dn')); + if (!$ldap->fetch()){ + return ($dn); } - } - function postmodify($add_attrs= array()) - { - /* Find postcreate entries for this class */ - $command= $this->config->search(get_class($this), "POSTMODIFY",array('menu','tabs')); - - if ($command != ""){ - - /* Additional attributes */ - foreach ($add_attrs as $name => $value){ - $command= preg_replace("/%$name/", $value, $command); - } - - /* Walk through attribute list */ - foreach ($this->attributes as $attr){ - if (!is_array($this->$attr)){ - $command= preg_replace("/%$attr/", $this->$attr, $command); - } + /* Look for additional attributes */ + foreach ($this->attributes as $attr){ + if ($attr == $attribute || $this->$attr == ""){ + continue; } - $command= preg_replace("/%dn/", $this->dn, $command); - if (check_command($command)){ - @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, - $command, "Execute"); - - exec($command); - } else { - $message= sprintf(_("Command '%s', specified as POSTMODIFY for plugin '%s' doesn't seem to exist."), $command, get_class($this)); - print_red ($message); + $dn= "$data+$attr=".$this->$attr.",$base"; + $ldap->cat ($dn, array('dn')); + if (!$ldap->fetch()){ + return ($dn); } } - } - function postremove($add_attrs= array()) - { - /* Find postremove entries for this class */ - $command= $this->config->search(get_class($this), "POSTREMOVE",array('menu','tabs')); - if ($command != ""){ - - /* Additional attributes */ - foreach ($add_attrs as $name => $value){ - $command= preg_replace("/%$name/", $value, $command); - } - - /* Walk through attribute list */ - foreach ($this->attributes as $attr){ - if (!is_array($this->$attr)){ - $command= preg_replace("/%$attr/", $this->$attr, $command); - } - } - $command= preg_replace("/%dn/", $this->dn, $command); - - /* Additional attributes */ - foreach ($add_attrs as $name => $value){ - $command= preg_replace("/%$name/", $value, $command); - } - - if (check_command($command)){ - @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, - $command, "Execute"); - - exec($command); - } else { - $message= sprintf(_("Command '%s', specified as POSTREMOVE for plugin '%s' doesn't seem to exist."), $command, get_class($this)); - print_red ($message); - } - } + /* None found */ + return ("none"); } - /* Create unique DN */ + + /*! \brief Create unique DN */ function create_unique_dn($attribute, $base) { $ldap= $this->config->get_ldap_link(); @@ -725,10 +682,11 @@ class plugin return ("none"); } + function rebind($ldap, $referral) { $credentials= LDAP::get_credentials($referral, $this->config->current['REFERRAL']); - if (ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) { + if (ldap_bind($ldap, $credentials['ADMIN'], $this->config->get_credentials($credentials['PASSWORD']))) { $this->error = "Success"; $this->hascon=true; $this->reconnect= true; @@ -754,8 +712,9 @@ class plugin ldap_set_rebind_proc($ds, array(&$this, "rebind")); } - $r=ldap_bind($ds,$this->config->current['ADMIN'], $this->config->current['PASSWORD']); - $sr=ldap_read($ds, @LDAP::fix($src_dn), "objectClass=*"); + $pwd = $this->config->get_credentials($this->config->current['ADMINPASSWORD']); + $r=ldap_bind($ds,$this->config->current['ADMINDN'], $pwd); + $sr=ldap_read($ds, LDAP::fix($src_dn), "objectClass=*"); /* Fill data from LDAP */ $new= array(); @@ -782,14 +741,14 @@ class plugin /* Adapt naming attribute */ $dst_name= preg_replace("/^([^=]+)=.*$/", "\\1", $dst_dn); $dst_val = preg_replace("/^[^=]+=([^,+]+).*,.*$/", "\\1", $dst_dn); - $new[$dst_name]= @LDAP::fix($dst_val); + $new[$dst_name]= LDAP::fix($dst_val); /* Check if this is a department. * If it is a dep. && there is a , override in his ou * change \2C to , again, else this entry can't be saved ... */ if((isset($new['ou'])) &&( preg_match("/\\,/",$new['ou']))){ - $new['ou'] = preg_replace("/\\\\,/",",",$new['ou']); + $new['ou'] = str_replace("\\\\,",",",$new['ou']); } /* Save copy */ @@ -801,13 +760,16 @@ class plugin /* FAIvariable=.../..., cn=.. could not be saved, because the attribute FAIvariable was different to the dn FAIvariable=..., cn=... */ + + if(!is_array($new['objectClass'])) $new['objectClass'] = array($new['objectClass']); + if(in_array_ics("FAIdebconfInfo",$new['objectClass'])){ $new['FAIvariable'] = $ldap->fix($new['FAIvariable']); } $ldap->cd($dst_dn); $ldap->add($new); - if ($ldap->error != "Success"){ + if (!$ldap->success()){ trigger_error("Trying to save $dst_dn failed.", E_USER_WARNING); return(FALSE); @@ -821,7 +783,7 @@ class plugin { /* Rename dn in possible object groups */ $ldap= $this->config->get_ldap_link(); - $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::fix($src_dn).'))', + $ldap->search('(&(objectClass=gosaGroupOfNames)(member='.@LDAP::prepare4filter($src_dn).'))', array('cn')); while ($attrs= $ldap->fetch()){ $og= new ogroup($this->config, $ldap->getDN()); @@ -833,7 +795,7 @@ class plugin $ldap->cat($dst_dn); $attrs= $ldap->fetch(); if (count($attrs)){ - trigger_error("Trying to overwrite ".@LDAP::fix($dst_dn).", which already exists.", + trigger_error("Trying to overwrite ".LDAP::fix($dst_dn).", which already exists.", E_USER_WARNING); return (FALSE); } @@ -841,7 +803,7 @@ class plugin $ldap->cat($src_dn); $attrs= $ldap->fetch(); if (!count($attrs)){ - trigger_error("Trying to move ".@LDAP::fix($src_dn).", which does not seem to exist.", + trigger_error("Trying to move ".LDAP::fix($src_dn).", which does not seem to exist.", E_USER_WARNING); return (FALSE); } @@ -850,15 +812,153 @@ class plugin $ldap->search("objectClass=*",array("dn")); while($attrs = $ldap->fetch()){ $src = $attrs['dn']; - $dst = preg_replace("/".normalizePreg($src_dn)."$/",$dst_dn,$attrs['dn']); + $dst = preg_replace("/".preg_quote($src_dn, '/')."$/",$dst_dn,$attrs['dn']); $this->_copy($src,$dst); } return (TRUE); } + + /*! \brief Rename/Move a given src_dn to the given dest_dn + * + * Move a given ldap object indentified by $src_dn to the + * given destination $dst_dn + * + * - Ensure that all references are updated (ogroups) + * - Update ACLs + * - Update accessTo + * + * \param string 'src_dn' the source DN. + * \param string 'dst_dn' the destination DN. + * \return boolean TRUE on success else FALSE. + */ + function rename($src_dn, $dst_dn) + { + $start = microtime(1); + + /* Try to move the source entry to the destination position */ + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$dst_dn)); + if (!$ldap->rename_dn($src_dn,$dst_dn)){ +# msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $src_dn, "", get_class())); + new log("debug","Ldap Protocol v3 implementation error, ldap_rename failed, falling back to manual copy.","FROM: $src_dn -- TO: $dst_dn",array(),$ldap->get_error()); + @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,"Rename failed FROM: $src_dn -- TO: $dst_dn", + "Ldap Protocol v3 implementation error, falling back to maunal method."); + return(FALSE); + } + + /* Get list of users,groups and roles within this tree, + maybe we have to update ACL references. + */ + $leaf_objs = get_list("(|(objectClass=posixGroup)(objectClass=gosaAccount)(objectClass=gosaRole))",array("all"),$dst_dn, + array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK); + foreach($leaf_objs as $obj){ + $new_dn = $obj['dn']; + $old_dn = preg_replace("/".preg_quote(LDAP::convert($dst_dn), '/')."$/i",$src_dn,LDAP::convert($new_dn)); + $this->update_acls($old_dn,$new_dn); + } + + // Migrate objectgroups if needed + $ogroups = get_sub_list("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))", + "ogroups", array(get_ou("ogroupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); + + // Walk through all objectGroups + foreach($ogroups as $ogroup){ + // Migrate old to new dn + $o_ogroup= new ogroup($this->config,$ogroup['dn']); + if (isset($o_ogroup->member[$src_dn])) { + unset($o_ogroup->member[$src_dn]); + } + $o_ogroup->member[$dst_dn]= $dst_dn; + + // Save object group + $o_ogroup->save(); + } + + // Migrate rfc groups if needed + $groups = get_sub_list("(&(objectClass=posixGroup)(member=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","groups", array(get_ou("groupRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); + + // Walk through all POSIX groups + foreach($groups as $group){ + + // Migrate old to new dn + $o_group= new group($this->config,$group['dn']); + $o_group->save(); + } + + /* Update roles to use the new entry dn */ + $roles = get_sub_list("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter(LDAP::fix($src_dn))."))","roles", array(get_ou("roleRDN")),$this->config->current['BASE'],array("dn"), GL_SUBSEARCH | GL_NO_ACL_CHECK); + + // Walk through all roles + foreach($roles as $role){ + $role = new roleGeneric($this->config,$role['dn']); + $key= array_search($src_dn, $role->roleOccupant); + if($key !== FALSE){ + $role->roleOccupant[$key] = $dst_dn; + $role->save(); + } + } + + // Update 'manager' attributes from gosaDepartment and inetOrgPerson + $filter = "(&(objectClass=inetOrgPerson)(manager=".LDAP::prepare4filter(LDAP::fix($src_dn))."))"; + $ocs = $ldap->get_objectclasses(); + if(isset($ocs['gosaDepartment']['MAY']) && in_array('manager', $ocs['gosaDepartment']['MAY'])){ + $filter = "(|".$filter."(&(objectClass=gosaDepartment)(manager=".LDAP::prepare4filter(LDAP::fix($src_dn)).")))"; + } + $leaf_deps= get_list($filter,array("all"),$this->config->current['BASE'], + array("manager","dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK); + foreach($leaf_deps as $entry){ + $update = array('manager' => $dst_dn); + $ldap->cd($entry['dn']); + $ldap->modify($update); + if(!$ldap->success()){ + trigger_error(sprintf("Failed to update manager for '%s', error was '%s'", $entry['dn'], $ldap->get_error())); + } + } + + /* Check if there are gosa departments moved. + If there were deps moved, the force reload of config->deps. + */ + $leaf_deps= get_list("(objectClass=gosaDepartment)",array("all"),$dst_dn, + array("dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK); + + if(count($leaf_deps)){ + $this->config->get_departments(); + $this->config->make_idepartments(); + session::global_set("config",$this->config); + $ui =get_userinfo(); + $ui->reset_acl_cache(); + } + + return(TRUE); + } + + + function move($src_dn, $dst_dn) { + /* Do not copy if only upper- lowercase has changed */ + if(strtolower($src_dn) == strtolower($dst_dn)){ + return(TRUE); + } + + + /* Try to move the entry instead of copy & delete + */ + if(TRUE){ + + /* Try to move with ldap routines, if this was not successfull + fall back to the old style copy & remove method + */ + if($this->rename($src_dn, $dst_dn)){ + return(TRUE); + }else{ + // See code below. + } + } + /* Copy source to destination */ if (!$this->copy($src_dn, $dst_dn)){ return (FALSE); @@ -867,7 +967,7 @@ class plugin /* Delete source */ $ldap= $this->config->get_ldap_link(); $ldap->rmdir_recursive($src_dn); - if ($ldap->error != "Success"){ + if (!$ldap->success()){ trigger_error("Trying to delete $src_dn failed.", E_USER_WARNING); return (FALSE); @@ -877,7 +977,7 @@ class plugin } - /* Move/Rename complete trees */ + /* \brief Move/Rename complete trees */ function recursive_move($src_dn, $dst_dn) { /* Check if the destination entry exists */ @@ -891,53 +991,15 @@ class plugin return (FALSE); } - /* Perform a search for all objects to be moved */ - $objects= array(); - $ldap->cd($src_dn); - $ldap->search("(objectClass=*)", array("dn")); - while($attrs= $ldap->fetch()){ - $dn= $attrs['dn']; - $objects[$dn]= strlen($dn); - } - - /* Sort objects by indent level */ - asort($objects); - reset($objects); - - /* Copy objects from small to big indent levels by replacing src_dn by dst_dn */ - foreach ($objects as $object => $len){ - $src= $object; - $dst= preg_replace("/$src_dn$/", "$dst_dn", $object); - if (!$this->copy($src, $dst)){ - return (FALSE); - } - } + $this->copy($src_dn, $dst_dn); /* Remove src_dn */ $ldap->cd($src_dn); - $ldap->recursive_remove(); + $ldap->recursive_remove($src_dn); return (TRUE); } - function handle_post_events($mode, $add_attrs= array()) - { - switch ($mode){ - case "add": - $this->postcreate($add_attrs); - break; - - case "modify": - $this->postmodify($add_attrs); - break; - - case "remove": - $this->postremove($add_attrs); - break; - } - } - - function saveCopyDialog(){ } @@ -947,6 +1009,7 @@ class plugin } + /*! \brief Prepare for Copy & Paste */ function PrepareForCopyPaste($source) { $todo = $this->attributes; @@ -967,31 +1030,29 @@ class plugin if (isset($source[$var])){ if(isset($source[$var]['count'])){ if($source[$var]['count'] > 1){ - $this->$var = array(); - $tmp = array(); - for($i = 0 ; $i < $source[$var]['count']; $i++){ - $tmp = $source[$var][$i]; - } + $tmp= $source[$var]; + unset($tmp['count']); $this->$var = $tmp; -# echo $var."=".$tmp."
"; }else{ $this->$var = $source[$var][0]; -# echo $var."=".$source[$var][0]."
"; } }else{ $this->$var= $source[$var]; -# echo $var."=".$source[$var]."
"; } } } } - - function handle_object_tagging($dn= "", $tag= "", $show= false) + /*! \brief Get gosaUnitTag for the given DN + If this is called from departmentGeneric, we have to skip this + tagging procedure. + */ + function tag_attrs(&$at, $dn= "", $tag= "", $show= false) { - //FIXME: How to optimize this? We have at least two - // LDAP accesses per object. It would be a good - // idea to have it integrated. + /* Skip tagging? */ + if($this->skipTagging){ + return; + } /* No dn? Self-operation... */ if ($dn == ""){ @@ -1006,12 +1067,12 @@ class plugin foreach ($this->config->adepartments as $key => $ntag){ /* This one is bigger than our dn, its not relevant... */ - if ($len <= strlen($key)){ + if ($len < strlen($key)){ continue; } /* This one matches with the latter part. Break and don't fix this entry */ - if (preg_match('/(^|,)'.normalizePreg($key).'$/', $dn)){ + if (preg_match('/(^|,)'.preg_quote($key, '/').'$/', $dn)){ @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "DEBUG: Possibly relevant: $key", "Tagging"); $relevant[strlen($key)]= $ntag; continue; @@ -1030,75 +1091,35 @@ class plugin } } + /*! \brief Add unit tag */ + /* Remove tags that may already be here... */ + remove_objectClass("gosaAdministrativeUnitTag", $at); + if (isset($at['gosaUnitTag'])){ + unset($at['gosaUnitTag']); + } /* Set tag? */ if ($tag != ""){ - /* Set objectclass and attribute */ - $ldap= $this->config->get_ldap_link(); - $ldap->cat($dn, array('gosaUnitTag', 'objectClass')); - $attrs= $ldap->fetch(); - if(isset($attrs['gosaUnitTag'][0]) && $attrs['gosaUnitTag'][0] == $tag){ - if ($show) { - echo sprintf(_("Object '%s' is already tagged"), @LDAP::fix($dn))."
"; - flush(); - } - return; - } - if (count($attrs)){ - if ($show){ - echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."
"; - flush(); - } - $nattrs= array("gosaUnitTag" => $tag); - $nattrs['objectClass']= array(); - for ($i= 0; $i<$attrs['objectClass']['count']; $i++){ - $oc= $attrs['objectClass'][$i]; - if ($oc != "gosaAdministrativeUnitTag"){ - $nattrs['objectClass'][]= $oc; - } - } - $nattrs['objectClass'][]= "gosaAdministrativeUnitTag"; - $ldap->cd($dn); - $ldap->modify($nattrs); - show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn)); - } else { - @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging"); - } - - } else { - /* Remove objectclass and attribute */ - $ldap= $this->config->get_ldap_link(); - $ldap->cat($dn, array('gosaUnitTag', 'objectClass')); - $attrs= $ldap->fetch(); - if (isset($attrs['objectClass']) && !in_array_ics("gosaAdministrativeUnitTag", $attrs['objectClass'])){ - @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "$dn is not tagged", "Tagging"); - return; - } - if (count($attrs)){ - if ($show){ - echo sprintf(_("Removing tag from object '%s'"), @LDAP::fix($dn))."
"; - flush(); - } - $nattrs= array("gosaUnitTag" => array()); - $nattrs['objectClass']= array(); - for ($i= 0; $i<$attrs['objectClass']['count']; $i++){ - $oc= $attrs['objectClass'][$i]; - if ($oc != "gosaAdministrativeUnitTag"){ - $nattrs['objectClass'][]= $oc; - } - } - $ldap->cd($dn); - $ldap->modify($nattrs); - show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn)); - } else { - @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging"); - } + add_objectClass("gosaAdministrativeUnitTag", $at); + $at['gosaUnitTag']= $tag; } + /* Initially this object was tagged. + - But now, it is no longer inside a tagged department. + So force the remove of the tag. + (objectClass was already removed obove) + */ + if($tag == "" && $this->gosaUnitTag){ + $at['gosaUnitTag'] = array(); + } } - /* Add possibility to stop remove process */ + /*! \brief Test for removability of the object + * + * Allows testing of conditions for removal of object. If removal should be aborted + * the function needs to remove an error message. + * */ function allow_remove() { $reason= ""; @@ -1106,7 +1127,7 @@ class plugin } - /* Create a snapshot of the current object */ + /*! \brief Create a snapshot of the current object */ function create_snapshot($type= "snapshot", $description= array()) { @@ -1116,28 +1137,32 @@ class plugin } /* Get configuration from gosa.conf */ - $tmp = $this->config->current; + $config = $this->config; /* Create lokal ldap connection */ $ldap= $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); /* check if there are special server configurations for snapshots */ - if(!isset($tmp['SNAPSHOT_SERVER'])){ + if($config->get_cfg_value("snapshotURI") == ""){ /* Source and destination server are both the same, just copy source to dest obj */ $ldap_to = $ldap; $snapldapbase = $this->config->current['BASE']; }else{ - $server = $tmp['SNAPSHOT_SERVER']; - $user = $tmp['SNAPSHOT_USER']; - $password = $tmp['SNAPSHOT_PASSWORD']; - $snapldapbase = $tmp['SNAPSHOT_BASE']; + $server = $config->get_cfg_value("snapshotURI"); + $user = $config->get_cfg_value("snapshotAdminDn"); + $password = $this->config->get_credentials($config->get_cfg_value("snapshotAdminPassword")); + $snapldapbase = $config->get_cfg_value("snapshotBase"); - $ldap_to = new LDAP($user,$password, $server); + $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); $ldap_to -> cd($snapldapbase); - show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase)); + + if (!$ldap_to->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class())); + } + } /* check if the dn exists */ @@ -1148,14 +1173,14 @@ class plugin /* Collect some infos */ $base = $this->config->current['BASE']; - $snap_base = $tmp['SNAPSHOT_BASE']; + $snap_base = $config->get_cfg_value("snapshotBase"); $base_of_object = preg_replace ('/^[^,]+,/i', '', $this->dn); - $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base; + $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base; /* Create object */ #$data = preg_replace('/^dn:.*\n/', '', $ldap->gen_ldif($this->dn,"(!(objectClass=gosaDepartment))")); $data = $ldap->gen_ldif($this->dn,"(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))"); - $newName = preg_replace("/\./", "", $sec."-".$usec); + $newName = str_replace(".", "", $sec."-".$usec); $target= array(); $target['objectClass'] = array("top", "gosaSnapshotObject"); $target['gosaSnapshotData'] = gzcompress($data, 6); @@ -1172,7 +1197,7 @@ class plugin $ldap_to->cat($new_dn); while($ldap_to->count()){ $ldap_to->cat($new_dn); - $newName = preg_replace("/\./", "", $sec."-".($usec++)); + $newName = str_replace(".", "", $sec."-".($usec++)); $new_dn = "gosaSnapshotTimestamp=".$newName.",".$new_base; $target['gosaSnapshotTimestamp'] = $newName; } @@ -1183,12 +1208,18 @@ class plugin $ldap_to->create_missing_trees($new_base); $ldap_to->cd($new_dn); $ldap_to->add($target); - - show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base)); - show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base)); + if (!$ldap_to->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $new_dn, LDAP_ADD, get_class())); + } + + if (!$ldap->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $new_base, "", get_class())); + } + } } + /*! \brief Remove a snapshot */ function remove_snapshot($dn) { $ui = get_userinfo(); @@ -1196,47 +1227,27 @@ class plugin $this->dn = $dn; $ldap = $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); - $ldap->rmdir_recursive($dn); + $ldap->rmdir_recursive($this->dn); + if(!$ldap->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn)); + } $this->dn = $old_dn; } - /* returns true if snapshots are enabled, and false if it is disalbed - There will also be some errors psoted, if the configuration failed */ + /*! \brief Test if snapshotting is enabled + * + * Test weither snapshotting is enabled or not. There will also be some errors posted, + * if the configuration failed + * \return TRUE if snapshots are enabled, and FALSE if it is disabled + */ function snapshotEnabled() { - $tmp = $this->config->current; - if(isset($tmp['ENABLE_SNAPSHOT'])){ - if (preg_match("/^true$/i", $tmp['ENABLE_SNAPSHOT']) || preg_match("/yes/i", $tmp['ENABLE_SNAPSHOT'])){ - - /* Check if the snapshot_base is defined */ - if(!isset($tmp['SNAPSHOT_BASE'])){ - print_red(sprintf(_("The snapshot functionality is enabled, but the required variable '%s' is not configured in your gosa.conf."),"SNAPSHOT_BASE")); - return(FALSE); - } - - /* check if there are special server configurations for snapshots */ - if(isset($tmp['SNAPSHOT_SERVER'])){ - - /* check if all required vars are available to create a new ldap connection */ - $missing = ""; - foreach(array("SNAPSHOT_SERVER","SNAPSHOT_USER","SNAPSHOT_PASSWORD","SNAPSHOT_BASE") as $var){ - if(!isset($tmp[$var])){ - $missing .= $var." "; - print_red(sprintf(_("The snapshot functionality is enabled, but the required variable(s) '%s' is not configured in your gosa.conf."),$missing)); - return(FALSE); - } - } - } - return(TRUE); - } - } - return(FALSE); + return $this->config->snapshotEnabled(); } - /* Return available snapshots for the given base - */ + /* \brief Return available snapshots for the given base */ function Available_SnapsShots($dn,$raw = false) { if(!$this->snapshotEnabled()) return(array()); @@ -1248,27 +1259,25 @@ class plugin $cfg= &$this->config->current; /* check if there are special server configurations for snapshots */ - - if(isset($cfg['SERVER']) && isset($cfg['SNAPSHOT_SERVER']) && $cfg['SERVER'] == $cfg['SNAPSHOT_SERVER']){ - $ldap_to = $ldap; - }elseif(isset($cfg['SNAPSHOT_SERVER'])){ - $server = $cfg['SNAPSHOT_SERVER']; - $user = $cfg['SNAPSHOT_USER']; - $password = $cfg['SNAPSHOT_PASSWORD']; - $snapldapbase = $cfg['SNAPSHOT_BASE']; - - $ldap_to = new LDAP($user,$password, $server); - $ldap_to -> cd ($snapldapbase); - show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn)); + if($this->config->get_cfg_value("snapshotURI") == ""){ + $ldap_to = $ldap; }else{ - $ldap_to = $ldap; + $server = $this->config->get_cfg_value("snapshotURI"); + $user = $this->config->get_cfg_value("snapshotAdminDn"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); + $snapldapbase = $this->config->get_cfg_value("snapshotBase"); + $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); + $ldap_to -> cd($snapldapbase); + if (!$ldap_to->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class())); + } } /* Prepare bases and some other infos */ $base = $this->config->current['BASE']; - $snap_base = $cfg['SNAPSHOT_BASE']; + $snap_base = $this->config->get_cfg_value("snapshotBase"); $base_of_object = preg_replace ('/^[^,]+,/i', '', $dn); - $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base; + $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base; $tmp = array(); /* Fetch all objects with gosaSnapshotDN=$dn */ @@ -1308,22 +1317,24 @@ class plugin $cfg= &$this->config->current; /* check if there are special server configurations for snapshots */ - if(isset($cfg['SNAPSHOT_SERVER'])){ - $server = $cfg['SNAPSHOT_SERVER']; - $user = $cfg['SNAPSHOT_USER']; - $password = $cfg['SNAPSHOT_PASSWORD']; - $snapldapbase = $cfg['SNAPSHOT_BASE']; - $ldap_to = new LDAP($user,$password, $server); - $ldap_to->cd ($snapldapbase); - show_ldap_error($ldap_to->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn)); + if($this->config->get_cfg_value("snapshotURI") == ""){ + $ldap_to = $ldap; }else{ - $ldap_to = $ldap; + $server = $this->config->get_cfg_value("snapshotURI"); + $user = $this->config->get_cfg_value("snapshotAdminDn"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); + $snapldapbase = $this->config->get_cfg_value("snapshotBase"); + $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); + $ldap_to -> cd($snapldapbase); + if (!$ldap_to->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class())); + } } /* Prepare bases */ $base = $this->config->current['BASE']; - $snap_base = $cfg['SNAPSHOT_BASE']; - $new_base = preg_replace("/".normalizePreg($base)."$/","",$base_of_object).$snap_base; + $snap_base = $this->config->get_cfg_value("snapshotBase"); + $new_base = preg_replace("/".preg_quote($base, '/')."$/","",$base_of_object).$snap_base; /* Fetch all objects and check if they do not exist anymore */ $ui = get_userinfo(); @@ -1362,7 +1373,7 @@ class plugin } - /* Restore selected snapshot */ + /* \brief Restore selected snapshot */ function restore_snapshot($dn) { if(!$this->snapshotEnabled()) return(array()); @@ -1372,16 +1383,18 @@ class plugin $cfg= &$this->config->current; /* check if there are special server configurations for snapshots */ - if(isset($cfg['SNAPSHOT_SERVER'])){ - $server = $cfg['SNAPSHOT_SERVER']; - $user = $cfg['SNAPSHOT_USER']; - $password = $cfg['SNAPSHOT_PASSWORD']; - $snapldapbase = $cfg['SNAPSHOT_BASE']; - $ldap_to = new LDAP($user,$password, $server); - $ldap_to->cd ($snapldapbase); - show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase)); + if($this->config->get_cfg_value("snapshotURI") == ""){ + $ldap_to = $ldap; }else{ - $ldap_to = $ldap; + $server = $this->config->get_cfg_value("snapshotURI"); + $user = $this->config->get_cfg_value("snapshotAdminDn"); + $password = $this->config->get_credentials($this->config->get_cfg_value("snapshotAdminPassword")); + $snapldapbase = $this->config->get_cfg_value("snapshotBase"); + $ldap_to = new ldapMultiplexer(new LDAP($user,$password, $server)); + $ldap_to -> cd($snapldapbase); + if (!$ldap_to->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap_to->get_error(), $snapldapbase, "", get_class())); + } } /* Get the snapshot */ @@ -1392,51 +1405,73 @@ class plugin $data = gzuncompress($ldap_to->get_attribute($dn,'gosaSnapshotData')); /* Import the given data */ + $err = ""; $ldap->import_complete_ldif($data,$err,false,false); - show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn)); + if (!$ldap->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, "", get_class())); + } } - function showSnapshotDialog($base,$baseSuffixe) + function showSnapshotDialog($base,$baseSuffixe,&$parent) { $once = true; + $ui = get_userinfo(); + $this->parent = $parent; + foreach($_POST as $name => $value){ /* Create a new snapshot, display a dialog */ - if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){ + if(preg_match("/^CreateSnapShotDialog_[^_]*_[xy]$/",$name) && $once){ + + $entry = base64_decode(preg_replace("/^CreateSnapShotDialog_([^_]*)_[xy]$/","\\1",$name)); $once = false; - $entry = preg_replace("/^CreateSnapShotDialog_/","",$name); - $entry = base64_decode(preg_replace("/_[xy]$/","",$entry)); - $this->snapDialog = new SnapShotDialog($this->config,$entry,$this); - } + $entry = preg_replace("/^CreateSnapShotDialog_/","",$entry); + if(!empty($entry) && $ui->allow_snapshot_create($entry,$this->parent->acl_module)){ + $this->snapDialog = new SnapShotDialog($this->config,$entry,$this); + }else{ + msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to create a snapshot for %s."),$entry),ERROR_DIALOG); + } + } + /* Restore a snapshot, display a dialog with all snapshots of the current object */ if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){ $once = false; - $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name); - $entry = base64_decode(preg_replace("/_[xy]$/","",$entry)); - $this->snapDialog = new SnapShotDialog($this->config,$entry,$this); - $this->snapDialog->display_restore_dialog = true; + $entry = base64_decode(preg_replace("/^RestoreSnapShotDialog_([^_]*)_[xy]$/i","\\1",$name)); + if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){ + $this->snapDialog = new SnapShotDialog($this->config,$entry,$this); + $this->snapDialog->display_restore_dialog = true; + }else{ + msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$entry),ERROR_DIALOG); + } } /* Restore one of the already deleted objects */ if(((isset($_POST['menu_action']) && $_POST['menu_action'] == "RestoreDeletedSnapShot") || preg_match("/^RestoreDeletedSnapShot_/",$name)) && $once){ $once = false; - $this->snapDialog = new SnapShotDialog($this->config,"",$this); - $this->snapDialog->set_snapshot_bases($baseSuffixe); - $this->snapDialog->display_restore_dialog = true; - $this->snapDialog->display_all_removed_objects = true; + + if($ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){ + $this->snapDialog = new SnapShotDialog($this->config,"",$this); + $this->snapDialog->set_snapshot_bases($baseSuffixe); + $this->snapDialog->display_restore_dialog = true; + $this->snapDialog->display_all_removed_objects = true; + }else{ + msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$base),ERROR_DIALOG); + } } /* Restore selected snapshot */ if(preg_match("/^RestoreSnapShot_/",$name) && $once){ $once = false; - $entry = preg_replace("/^RestoreSnapShot_/","",$name); - $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry))); - if(!empty($entry)){ + $entry = base64_decode(preg_replace("/^RestoreSnapShot_([^_]*)_[xy]$/i","\\1",$name)); + + if(!empty($entry) && $ui->allow_snapshot_restore($this->dn,$this->parent->acl_module)){ $this->restore_snapshot($entry); $this->snapDialog = NULL; + }else{ + msg_dialog::display(_("Permission"),sprintf(_("You are not allowed to restore a snapshot for %s."),$entry),ERROR_DIALOG); } } } @@ -1448,7 +1483,7 @@ class plugin $msgs = $this->snapDialog->check(); if(count($msgs)){ foreach($msgs as $msg){ - print_red($msg); + msg_dialog::display(_("Error"), $msg, ERROR_DIALOG); } }else{ $this->dn = $this->snapDialog->dn; @@ -1472,6 +1507,7 @@ class plugin } + /*! \brief Return plugin informations for acl handling */ static function plInfo() { return array(); @@ -1492,6 +1528,7 @@ class plugin function acl_is_writeable($attribute,$skip_write = FALSE) { + if($this->read_only) return(FALSE); $ui= get_userinfo(); return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write)); } @@ -1504,24 +1541,30 @@ class plugin } - function acl_is_createable() + function acl_is_createable($base ="") { + if($this->read_only) return(FALSE); $ui= get_userinfo(); - return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); + if($base == "") $base = $this->acl_base; + return preg_match('/c/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0')); } - function acl_is_removeable() + function acl_is_removeable($base ="") { + if($this->read_only) return(FALSE); $ui= get_userinfo(); - return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); + if($base == "") $base = $this->acl_base; + return preg_match('/d/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0')); } - function acl_is_moveable() + function acl_is_moveable($base = "") { + if($this->read_only) return(FALSE); $ui= get_userinfo(); - return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); + if($base == "") $base = $this->acl_base; + return preg_match('/m/', $ui->get_permissions($base, $this->acl_category.get_class($this), '0')); } @@ -1533,21 +1576,23 @@ class plugin function getacl($attribute,$skip_write= FALSE) { $ui= get_userinfo(); + $skip_write |= $this->read_only; return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write); } - /* Get all allowed bases to move an object to or to create a new object. - Idepartments also contains all base departments which lead to the allowed bases */ - function get_allowed_bases($category = "") + + /*! \brief Returns a list of all available departments for this object. + * + * If this object is new, all departments we are allowed to create a new user in + * are returned. If this is an existing object, return all deps. + * We are allowed to move tis object too. + * \return array [dn] => "..name" // All deps. we are allowed to act on. + */ + function get_allowed_bases() { $ui = get_userinfo(); $deps = array(); - /* Set category */ - if(empty($category)){ - $category = $this->acl_category.get_class($this); - } - /* Is this a new object ? Or just an edited existing object */ if(!$this->initially_was_account && $this->is_account){ $new = true; @@ -1555,17 +1600,10 @@ class plugin $new = false; } - $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category)); foreach($this->config->idepartments as $dn => $name){ - - if(!in_array_ics($dn,$cat_bases)){ - continue; - } - - $acl = $ui->get_permissions($dn,$category); - if($new && preg_match("/c/",$acl)){ + if($new && $this->acl_is_createable($dn)){ $deps[$dn] = $name; - }elseif(!$new && preg_match("/m/",$acl)){ + }elseif(!$new && $this->acl_is_moveable($dn)){ $deps[$dn] = $name; } } @@ -1573,16 +1611,18 @@ class plugin /* Add current base */ if(isset($this->base) && isset($this->config->idepartments[$this->base])){ $deps[$this->base] = $this->config->idepartments[$this->base]; + }elseif(strtolower($this->dn) == strtolower($this->config->current['BASE'])){ + }else{ - echo "No default base found. ".$this->base."
"; + trigger_error("Cannot return list of departments, no default base found in class ".get_class($this).". ".$this->base); } - return($deps); } - /* This function modifies object acls too, if an object is moved. - * $old_dn specifies the actually used dn - * $new_dn specifies the destiantion dn + + /* This function updates ACL settings if $old_dn was used. + * \param string 'old_dn' specifies the actually used dn + * \param string 'new_dn' specifies the destiantion dn */ function update_acls($old_dn,$new_dn,$output_changes = FALSE) { @@ -1593,9 +1633,11 @@ class plugin } /* Update userinfo if necessary */ - if($_SESSION['ui']->dn == $old_dn){ - $_SESSION['ui']->dn = $new_dn; - new log("view","acl/".get_class($this),$this->dn,array(),"Updated current user dn from '".$old_dn."' to '".$new_dn."'"); + $ui = session::global_get('ui'); + if($ui->dn == $old_dn){ + $ui->dn = $new_dn; + session::global_set('ui',$ui); + new log("view","acl/".get_class($this),$this->dn,array(),"Updated current object dn from '".$old_dn."' to '".$new_dn."'"); } /* Object was moved, ensure that all acls will be moved too */ @@ -1605,64 +1647,48 @@ class plugin $update = array(); $ldap = $this->config->get_ldap_link(); $ldap->cd ($this->config->current['BASE']); - $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry")); + $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($old_dn)."*))",array("cn","gosaAclEntry")); while($attrs = $ldap->fetch()){ - $acls = array(); - - /* Walk through acls */ + $found = false; for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){ + $acl_parts = explode(":",$attrs['gosaAclEntry'][$i]); - /* Reset vars */ - $found = false; + /* Roles uses antoher data storage order, members are stored int the third part, + while the members in direct ACL assignments are stored in the second part. + */ + $id = ($acl_parts[1] == "role") ? 3 : 2; - /* Get Acl parts */ - $acl_parts = split(":",$attrs['gosaAclEntry'][$i]); - - /* Get every single member for this acl */ - $members = array(); - if(preg_match("/,/",$acl_parts[2])){ - $members = split(",",$acl_parts[2]); - }else{ - $members = array($acl_parts[2]); - } - - /* Check if member match current dn */ + /* Update member entries to use $new_dn instead of old_dn + */ + $members = explode(",",$acl_parts[$id]); foreach($members as $key => $member){ $member = base64_decode($member); if($member == $old_dn){ - $found = true; $members[$key] = base64_encode($new_dn); + $found = TRUE; } } - - /* Create new member string */ - $new_members = ""; - foreach($members as $member){ - $new_members .= $member.","; - } - $new_members = preg_replace("/,$/","",$new_members); - $acl_parts[2] = $new_members; - - /* Reconstruckt acl entry */ - $acl_str =""; - foreach($acl_parts as $t){ - $acl_str .= $t.":"; - } - $acl_str = preg_replace("/:$/","",$acl_str); - } - - /* Acls for this object must be adjusted */ - if($found){ - - if($output_changes){ - echo "". - _("Changing ACL dn")." : 
 -"._("from")."  ". - $old_dn. - "
 -"._("to")." ". - $new_dn. - "
"; + + /* Check if the selected role has to updated + */ + if($acl_parts[1] == "role" && $acl_parts[2] == base64_encode($old_dn)){ + $acl_parts[2] = base64_encode($new_dn); + $found = TRUE; } + + /* Build new acl string */ + $acl_parts[$id] = implode($members,","); + $acls[] = implode($acl_parts,":"); + } + + /* Acls for this object must be adjusted */ + if($found){ + + $debug_info= _("Changing ACL dn")." : 
 -"._("from")."  ". + $old_dn."
 -"._("to")." ".$new_dn."
"; + @DEBUG (DEBUG_ACL, __LINE__, __FUNCTION__, __FILE__,$debug_info,"ACL"); + $update[$attrs['dn']] =array(); foreach($acls as $acl){ $update[$attrs['dn']]['gosaAclEntry'][] = $acl; @@ -1680,9 +1706,10 @@ class plugin - /* This function enables the entry Serial ID check. - * If an entry was edited while we have edited the entry too, - * an error message will be shown. + /*! \brief Enable the Serial ID check + * + * This function enables the entry Serial ID check. If an entry was edited while + * we have edited the entry too, an error message will be shown. * To configure this check correctly read the FAQ. */ function enable_CSN_check() @@ -1694,7 +1721,7 @@ class plugin /*! \brief Prepares the plugin to be used for multiple edit * Update plugin attributes with given array of attribtues. - * @param array Array with attributes that must be updated. + * \param array Array with attributes that must be updated. */ function init_multiple_support($attrs,$all) { @@ -1705,17 +1732,27 @@ class plugin /* Copy needed attributes */ foreach ($this->attributes as $val){ $found= array_key_ics($val, $this->multi_attrs); + if ($found != ""){ - if(isset($this->multi_attrs["$found"][0])){ - $this->$val= $this->multi_attrs["$found"][0]; + if(isset($this->multi_attrs["$val"][0])){ + $this->$val= $this->multi_attrs["$val"][0]; } } } } + + /*! \brief Enables multiple support for this plugin + */ + function enable_multiple_support() + { + $this->ignore_account = TRUE; + $this->multiple_support_active = TRUE; + } + /*! \brief Returns all values that have been modfied in multiple edit mode. - @return array Cotaining all mdofied values. + \return array Cotaining all modified values. */ function get_multi_edit_values() { @@ -1739,23 +1776,23 @@ class plugin } - /*! \brief execute plugin - - Generates the html output for this node - */ + /*! \brief Generates the html output for this node for multi edit*/ function multiple_execute() { /* This one is empty currently. Fabian - please fill in the docu code */ - $_SESSION['current_class_for_help'] = get_class($this); + session::global_set('current_class_for_help',get_class($this)); /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ - $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array(); + session::set('LOCK_VARS_TO_USE',array()); + session::set('LOCK_VARS_USED_GET',array()); + session::set('LOCK_VARS_USED_POST',array()); + session::set('LOCK_VARS_USED_REQUEST',array()); return("Multiple edit is currently not implemented for this plugin."); } - /*! \brief Save HTML posted data to object for multiple edit + /*! \brief Save HTML posted data to object for multiple edit */ function multiple_save_object() { @@ -1766,11 +1803,13 @@ class plugin /* Save values to object */ $this->multi_boxes = array(); foreach ($this->attributes as $val){ - if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){ + + /* Get selected checkboxes from multiple edit */ + if(isset($_POST["use_".$val])){ + $this->multi_boxes[] = $val; + } - if(isset($_POST["use_".$val])){ - $this->multi_boxes[] = $val; - } + if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){ /* Check for modifications */ if (get_magic_quotes_gpc()) { @@ -1792,14 +1831,254 @@ class plugin } + /*! \brief Returns all attributes of this plugin, + to be able to detect multiple used attributes + in multi_plugg::detect_multiple_used_attributes(). + @return array Attributes required for intialization of multi_plug + */ + public function get_multi_init_values() + { + $attrs = $this->attrs; + return($attrs); + } + + /*! \brief Check given values in multiple edit - @return array Error messages + \return array Error messages */ function multiple_check() { $message = plugin::check(); return($message); } + + + /*! \brief Returns the snapshot header part for "Actions" menu in management dialogs + \param $layer_menu + */ + function get_snapshot_header($base,$category) + { + $str = ""; + $ui = get_userinfo(); + if($this->snapshotEnabled() && $ui->allow_snapshot_restore($base,$category)){ + + $ok = false; + foreach($this->get_used_snapshot_bases() as $base){ + $ok |= count($this->getAllDeletedSnapshots($base)) >= 1 ; + } + + if($ok){ + $str = "..| "._("Restore"). "|RestoreDeletedSnapShot|\n"; + }else{ + $str = "..| "._("Restore")."||\n"; + } + } + return($str); + } + + + function get_snapshot_action($base,$category) + { + $str= ""; + $ui = get_userinfo(); + if($this->snapshotEnabled()){ + if ($ui->allow_snapshot_restore($base,$category)){ + + if(count($this->Available_SnapsShots($base))){ + $str.= " "; + } else { + $str = " "; + } + } + if($ui->allow_snapshot_create($base,$category)){ + $str.= " "; + }else{ + $str = "  "; + } + } + + return($str); + } + + + function get_copypaste_action($base,$category,$class,$copy = TRUE, $cut = TRUE) + { + $ui = get_userinfo(); + $action = ""; + if($this->CopyPasteHandler){ + if($cut){ + if($ui->is_cutable($base,$category,$class)){ + $action .= " "; + }else{ + $action.="  "; + } + } + if($copy){ + if($ui->is_copyable($base,$category,$class)){ + $action.= " "; + }else{ + $action.="  "; + } + } + } + + return($action); + } + + + function get_copypaste_header($base,$category,$copy = TRUE, $cut = TRUE) + { + $s = ""; + $ui =get_userinfo(); + + if(!is_array($category)){ + $category = array($category); + } + + /* Check permissions for each category, if there is at least one category which + support read or paste permissions for the given base, then display the specific actions. + */ + $readable = $pasteable = false; + foreach($category as $cat){ + $readable= $readable || preg_match('/r/', $ui->get_category_permissions($base, $cat)); + $pasteable= $pasteable || $ui->is_pasteable($base, $cat) == 1; + } + + if(($cut || $copy) && isset($this->CopyPasteHandler) && is_object($this->CopyPasteHandler)){ + if($readable){ + $s.= "..|---|\n"; + if($copy){ + $s.= "..|". + " "._("Copy")."|"."multiple_copy_systems|\n"; + } + if($cut){ + $s.= "..|". + " "._("Cut")."|"."multiple_cut_systems|\n"; + } + } + + if($pasteable){ + if($this->CopyPasteHandler->entries_queued()){ + $img = ""; + $s.="..|".$img." "._("Paste")."|editPaste|\n"; + }else{ + $img = ""; + $s.="..|".$img." "._("Paste")."\n"; + } + } + } + return($s); + } + + + function get_used_snapshot_bases() + { + return(array()); + } + + function is_modal_dialog() + { + return(isset($this->dialog) && $this->dialog); + } + + + /*! \brief Forward command execution requests + * to the hook execution method. + */ + function handle_post_events($mode, $addAttrs= array()) + { + if(!in_array($mode, array('add','remove','modify'))){ + trigger_error(sprintf("Invalid post event type given '%s'! Valid types are [add,modify,remove].", $mode)); + return; + } + switch ($mode){ + case "add": + plugin::callHook($this,"POSTCREATE", $addAttrs); + break; + + case "modify": + plugin::callHook($this,"POSTMODIFY", $addAttrs); + break; + + case "remove": + plugin::callHook($this,"POSTREMOVE", $addAttrs); + break; + } + } + + + /*! \brief Calls external hooks which are defined for this plugin (gosa.conf) + * Replaces placeholder by class values of this plugin instance. + * @param Allows to a add special replacements. + */ + static function callHook($plugin, $cmd, $addAttrs= array()) + { + global $config; + $command= $config->search(get_class($plugin), $cmd,array('menu','tabs')); + if ($command != ""){ + + // Walk trough attributes list and add the plugins attributes. + foreach ($plugin->attributes as $attr){ + if (!is_array($plugin->$attr)){ + $addAttrs[$attr] = $plugin->$attr; + } + } + $ui = get_userinfo(); + $addAttrs['callerDN']=$ui->dn; + $addAttrs['dn']=$plugin->dn; + + // Sort attributes by length, ensures correct replacement + $tmp = array(); + foreach($addAttrs as $name => $value){ + $tmp[$name] = strlen($name); + } + arsort($tmp); + + // Now replace the placeholder + foreach ($tmp as $name => $len){ + $value = $addAttrs[$name]; + $command= str_replace("%$name", "$value", $command); + } + + // If there are still some %.. in our command, try to fill these with some other class vars + if(preg_match("/%/",$command)){ + $attrs = get_object_vars($plugin); + foreach($attrs as $name => $value){ + if(is_array($value)){ + $s = ""; + foreach($value as $val){ + if(is_string($val) || is_int($val) || is_float($val) || is_bool($val)){ + $s .= '"'.$val.'",'; + } + } + $value = '['.trim($s,',').']'; + } + if(!is_string($value) && !is_int($value) && !is_float($value) && !is_bool($value)){ + continue; + } + $command= preg_replace("/%$name/", $value, $command); + } + } + + if (check_command($command)){ + @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__,$command,"Execute"); + exec($command,$arr); + if(is_array($arr)){ + $str = implode("\n",$arr); + @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Result: ".$str); + } + } else { + $message= msgPool::cmdnotfound("POSTCREATE", get_class($plugin)); + msg_dialog::display(_("Error"), $message, ERROR_DIALOG); + } + } + } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: