X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fplugins%2Fpersonal%2Fgeneric%2Fclass_user.inc;h=b81be284c3904b0ca47389be2da75143c6580ed7;hb=599213321dc69ae86f2951df82d6d0c93e8cfc9d;hp=7df04a8e6659d9487d424fe83c84d02faa4711fa;hpb=dbcd9e03ffc676515d75211f11b6914483deb7b7;p=gosa.git
diff --git a/gosa-core/plugins/personal/generic/class_user.inc b/gosa-core/plugins/personal/generic/class_user.inc
index 7df04a8e6..b81be284c 100644
--- a/gosa-core/plugins/personal/generic/class_user.inc
+++ b/gosa-core/plugins/personal/generic/class_user.inc
@@ -108,12 +108,16 @@ class user extends plugin
var $view_logged = FALSE;
+ var $manager = "";
+ var $manager_name = "";
+
+
/* attribute list for save action */
var $attributes= array("sn", "givenName", "uid", "personalTitle", "academicTitle",
"homePostalAddress", "homePhone", "labeledURI", "ou", "o", "dateOfBirth", "gender","preferredLanguage",
"departmentNumber", "employeeNumber", "employeeType", "l", "st","jpegPhoto",
"roomNumber", "telephoneNumber", "mobile", "pager", "cn", "userPKCS12",
- "postalAddress", "facsimileTelephoneNumber", "userSMIMECertificate", "gosaLoginRestriction");
+ "postalAddress", "facsimileTelephoneNumber", "userSMIMECertificate", "gosaLoginRestriction", "manager");
var $objectclasses= array("top", "person", "organizationalPerson", "inetOrgPerson",
"gosaAccount");
@@ -137,7 +141,7 @@ class user extends plugin
$this->config= $config;
/* Configuration is fine, allways */
- if($this->config->get_cfg_value("honourIvbbAttributes") == "true"){
+ if($this->config->get_cfg_value("core","honourIvbbAttributes") == "true"){
$this->governmentmode = TRUE;
$this->attributes=array_merge($this->attributes,$this->govattrs);
}
@@ -171,7 +175,7 @@ class user extends plugin
}
/* Make hash default to md5 if not set in config */
- $hash= $this->config->get_cfg_value("passwordDefaultHash", "crypt/md5");
+ $hash= $this->config->get_cfg_value("core","passwordDefaultHash");
/* Load data from LDAP? */
if ($dn !== NULL){
@@ -255,6 +259,20 @@ class user extends plugin
$this->baseSelector->setSubmitButton(false);
$this->baseSelector->setHeight(300);
$this->baseSelector->update(true);
+
+
+ // Detect the managers name
+ $this->manager_name = "";
+ $ldap = $this->config->get_ldap_link();
+ if(!empty($this->manager)){
+ $ldap->cat($this->manager, array('cn'));
+ if($ldap->count()){
+ $attrs = $ldap->fetch();
+ $this->manager_name = $attrs['cn'][0];
+ }else{
+ $this->manager_name = "("._("unknown")."!): ".$this->manager;
+ }
+ }
}
@@ -265,7 +283,7 @@ class user extends plugin
plugin::execute();
/* Set list ACL */
- $this->gosaLoginRestrictionWidget->setAcl($this->getacl('gosaLoginRestriction', (!is_object($this->parent) && !session::is_set('edit'))));
+ $this->gosaLoginRestrictionWidget->setAcl($this->getacl('gosaLoginRestriction'));
$this->gosaLoginRestrictionWidget->update();
/* Handle add/delete for restriction mode */
@@ -286,8 +304,35 @@ class user extends plugin
new log("view","users/".get_class($this),$this->dn);
}
+ // Clear manager attribute if requested
+ if(preg_match("/ removeManager/i", " ".implode(array_keys($_POST),' ')." ")){
+ $this->manager = "";
+ $this->manager_name = "";
+ }
+
+ // Allow to select a new inetOrgPersion:manager
+ if(preg_match("/ editManager/i", " ".implode(array_keys($_POST),' ')." ")){
+ $this->dialog = new singleUserSelect($this->config, get_userinfo());
+ }
+ if($this->dialog && $this->dialog instanceOf singleUserSelect && count($this->dialog->detectPostActions())){
+ $users = $this->dialog->detectPostActions();
+ if(isset($users['action']) && $users['action'] =='userSelected' && isset($users['targets']) && count($users['targets'])){
+ $headpage = $this->dialog->getHeadpage();
+ $dn = $users['targets'][0];
+ $attrs = $headpage->getEntry($dn);
+ $this->manager = $dn;
+ $this->manager_name = $attrs['cn'][0];
+ $this->dialog = NULL;
+ }
+ }
+ if(isset($_POST['add_users_cancel'])){
+ $this->dialog = NULL;
+ }
+ if($this->dialog instanceOf singleUserSelect) return($this->dialog->execute());
+
+
$smarty= get_smarty();
- $smarty->assign("usePrototype", "true");
+
$smarty->assign("gosaLoginRestrictionWidget", $this->gosaLoginRestrictionWidget->render());
/* Assign sex */
@@ -347,6 +392,7 @@ class user extends plugin
}
$this->pwObject->display = TRUE;
$this->dialog= TRUE;
+ pathNavigator::registerPlugin(_("Password configuration"));
return ($this->pwObject->configure());
}
}
@@ -364,7 +410,7 @@ class user extends plugin
}
/* Remove picture? */
- if($this->acl_is_writeable("userPicture",(!is_object($this->parent) && !session::is_set('edit'))) ){
+ if($this->acl_is_writeable("userPicture")){
if (isset($_POST['picture_remove'])){
$this->set_picture ();
$this->jpegPhoto= "*removed*";
@@ -437,7 +483,7 @@ class user extends plugin
/* Remove certificate? */
- if($this->acl_is_writeable("Certificate",(!is_object($this->parent) && !session::is_set('edit')))){
+ if($this->acl_is_writeable("Certificate")){
foreach (array ("userCertificate", "userSMIMECertificate", "userPKCS12") as $val){
if (isset($_POST["remove_$val"])){
@@ -449,10 +495,8 @@ class user extends plugin
}
/* Upload new cert and close dialog? */
- if($this->acl_is_writeable("Certificate",(!is_object($this->parent) && !session::is_set('edit')))){
-
+ if($this->acl_is_writeable("Certificate")){
$fail =false;
-
if (isset($_POST['cert_edit_finish'])){
/* for all certificates do */
@@ -496,12 +540,14 @@ class user extends plugin
}
/* Display picture dialog */
if ($this->picture_dialog){
+ pathNavigator::registerPlugin(_("User picture"));
return($smarty->fetch (get_template_path('generic_picture.tpl', TRUE, dirname(__FILE__))));
}
/* Display cert dialog */
if ($this->cert_dialog){
- $smarty->assign("CertificateACL",$this->getacl("Certificate",(!is_object($this->parent) && !session::is_set('edit'))));
+ pathNavigator::registerPlugin(_("Certificates"));
+ $smarty->assign("CertificateACL",$this->getacl("Certificate"));
$smarty->assign("Certificate_readable",$this->acl_is_readable("Certificate"));
$smarty->assign("certificateSerialNumber",$this->certificateSerialNumber);
@@ -519,21 +565,21 @@ class user extends plugin
/* Additional info if start end time is '0' */
$add_str_info = "";
if($timeto == 0 && $timefrom == 0){
- $add_str_info = "
"._("(Some types of certificates are currently not supported and may be displayed as 'invalid'.)")."";
+ $add_str_info = "
".bold(_("(Not supported certificate types are marked as invalid.)"));
}
- $str = "
+ $str = "
- CN |
+ CN |
".preg_replace("/ /", " ", $certificate->getname())." |
".
sprintf(_("Certificate is valid from %s to %s and is currently %s."),
- "".date('d M Y',$timefrom)."",
- "".date('d M Y',$timeto)."",
- $certificate->isvalid()?""._("valid")."":
- ""._("invalid")."").$add_str_info;
+ bold(date('d M Y',$timefrom)),
+ bold(date('d M Y',$timeto)),
+ $certificate->isvalid()?bold(""._("valid").""):
+ bold(""._("invalid")."")).$add_str_info;
$smarty->assign($cert."info",$str);
$smarty->assign($cert."_state","true");
@@ -554,14 +600,14 @@ class user extends plugin
/* Prepare password hashes */
if ($this->pw_storage == ""){
- $this->pw_storage= $this->config->get_cfg_value("hash");
+ $this->pw_storage= $this->config->get_cfg_value("core","passwordDefaultHash");
}
$temp= passwordMethod::get_available_methods();
$is_configurable= FALSE;
$hashes = $temp['name'];
if(isset($temp[$this->pw_storage])){
- $test= new $temp[$this->pw_storage]($this->config);
+ $test= new $temp[$this->pw_storage]($this->config, $this->dn);
$is_configurable= $test->is_configurable();
}else{
new msg_dialog(_("Password method"),_("The selected password method is no longer available."),WARNING_DIALOG);
@@ -599,27 +645,20 @@ class user extends plugin
/* Set acls */
$tmp = $this->plinfo();
foreach($tmp['plProvidedAcls'] as $val => $translation){
- $smarty->assign("$val"."ACL", $this->getacl($val,(!is_object($this->parent) && !session::is_set('edit'))));
+ $smarty->assign("$val"."ACL", $this->getacl($val));
}
// Special ACL for gosaLoginRestrictions -
// In case of multiple edit, we need a readonly ACL for the list.
- $smarty->assign('gosaLoginRestriction_ONLY_R_ACL',
- preg_replace("/[^r]/i","", $this->getacl($val,(!is_object($this->parent) && !session::is_set('edit')))));
+ $smarty->assign('gosaLoginRestriction_ONLY_R_ACL', preg_replace("/[^r]/i","", $this->getacl($val)));
$smarty->assign("pwmode", $pwd_methods);
$smarty->assign("pwmode_select", $this->pw_storage);
$smarty->assign("pw_configurable", $is_configurable);
- $smarty->assign("passwordStorageACL", $this->getacl("userPassword",(!is_object($this->parent) && !session::is_set('edit'))));
-
- if(!session::is_set('edit')){
- $smarty->assign("CertificatesACL","");
- }else{
- $smarty->assign("CertificatesACL", $this->getacl("Certificate"));
- }
-
- $smarty->assign("userPictureACL", $this->getacl("userPicture",(!is_object($this->parent) && !session::is_set('edit'))));
- $smarty->assign("userPicture_is_readable", $this->acl_is_readable("userPicture",(!is_object($this->parent) && !session::is_set('edit'))));
+ $smarty->assign("passwordStorageACL", $this->getacl("userPassword"));
+ $smarty->assign("CertificatesACL", $this->getacl("Certificate"));
+ $smarty->assign("userPictureACL", $this->getacl("userPicture"));
+ $smarty->assign("userPicture_is_readable", $this->acl_is_readable("userPicture"));
/* Create base acls */
$smarty->assign("base", $this->baseSelector->render());
@@ -627,19 +666,19 @@ class user extends plugin
/* Save government mode attributes */
if($this->governmentmode){
$smarty->assign("governmentmode", "true");
- $ivbbmodes= array("nein", "ivbv", "testa", "ivbv,testa", "internet",
- "internet,ivbv", "internet,testa", "internet,ivbv,testa");
+ $ivbbmodes= array("nein", "", "ivbv", "testa", "ivbv,testa", "internet",
+ "internet,ivbv", "internet,testa", "internet,ivbv,testa");
$smarty->assign("ivbbmodes", $ivbbmodes);
foreach ($this->govattrs as $val){
$smarty->assign("$val", $this->$val);
- $smarty->assign("$val"."ACL", $this->getacl($val,(!is_object($this->parent) && !session::is_set('edit'))));
+ $smarty->assign("$val"."ACL", $this->getacl($val));
}
} else {
$smarty->assign("governmentmode", "false");
}
/* Special mode for uid */
- $uidACL= $this->getacl("uid",(!is_object($this->parent) && !session::is_set('edit')));
+ $uidACL= $this->getacl("uid");
if (isset ($this->dn)){
if ($this->dn != "new"){
$uidACL= preg_replace("/w/","",$uidACL);
@@ -663,6 +702,7 @@ class user extends plugin
$smarty->assign("has_phoneaccount", "false");
}
$smarty->assign("multiple_support" , $this->multiple_support_active);
+ $smarty->assign("manager_name",$this->manager_name);
return($smarty->fetch (get_template_path('generic.tpl', TRUE, dirname(__FILE__))));
}
@@ -706,10 +746,26 @@ class user extends plugin
while ($ldap->fetch()){
$og= new ogroup($this->config, $ldap->getDN());
unset($og->member[$this->dn]);
- $og->member= array_values($og->member);
$og->save ();
}
+ // Update 'manager' attributes from gosaDepartment and inetOrgPerson
+ $filter = "(&(objectClass=inetOrgPerson)(manager=".LDAP::prepare4filter($this->dn)."))";
+ $ocs = $ldap->get_objectclasses();
+ if(isset($ocs['gosaDepartment']['MAY']) && in_array('manager', $ocs['gosaDepartment']['MAY'])){
+ $filter = "(|".$filter."(&(objectClass=gosaDepartment)(manager=".LDAP::prepare4filter($this->dn).")))";
+ }
+ $leaf_deps= get_list($filter,array("all"),$this->config->current['BASE'],
+ array("manager","dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK);
+ foreach($leaf_deps as $entry){
+ $update = array('manager' => array());
+ $ldap->cd($entry['dn']);
+ $ldap->modify($update);
+ if(!$ldap->success()){
+ trigger_error(sprintf("Failed to update manager for '%s', error was '%s'", $entry['dn'], $ldap->get_error()));
+ }
+ }
+
/* Delete references to roles */
$ldap->cd ($this->config->current['BASE']);
$ldap->search ("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter($this->dn)."))", array("cn"));
@@ -724,7 +780,7 @@ class user extends plugin
}
/* If needed, let the password method do some cleanup */
- $tmp = new passwordMethod($this->config);
+ $tmp = new passwordMethod($this->config, $this->dn);
$available = $tmp->get_available_methods();
if (in_array_ics($this->pw_storage, $available['name'])){
$test= new $available[$this->pw_storage]($this->config);
@@ -772,7 +828,7 @@ class user extends plugin
/* Save government mode attributes */
if ($this->governmentmode){
foreach ($this->govattrs as $val){
- if ($this->acl_is_writeable($val,(!is_object($this->parent) && !session::is_set('edit'))) && isset($_POST["$val"])){
+ if ($this->acl_is_writeable($val)){
$data= stripcslashes($_POST["$val"]);
if ($data != $this->$val){
$this->is_modified= TRUE;
@@ -1096,11 +1152,11 @@ class user extends plugin
die ("Could not connect to LDAP server");
}
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
- if (function_exists("ldap_set_rebind_proc") && $this->config->get_cfg_value("ldapFollowReferrals") == "true") {
+ if (function_exists("ldap_set_rebind_proc") && $this->config->get_cfg_value("core","ldapFollowReferrals") == "true") {
ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1);
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
- if($this->config->get_cfg_value("ldapTLS") == "true"){
+ if($this->config->get_cfg_value("core","ldapTLS") == "true"){
ldap_start_tls($ds);
}
if (!($res = @ldap_bind($ds, $this->config->current['ADMIN'],
@@ -1115,7 +1171,7 @@ class user extends plugin
/* If needed, let the password method do some cleanup */
if ($this->pw_storage != $this->last_pw_storage){
- $tmp = new passwordMethod($this->config);
+ $tmp = new passwordMethod($this->config, $this->dn);
$available = $tmp->get_available_methods();
if (in_array_ics($this->last_pw_storage, $available['name'])){
$test= new $available[$this->last_pw_storage]($this->config,$this->dn);
@@ -1185,7 +1241,7 @@ class user extends plugin
function update_new_dn()
{
// Alternative way to handle DN
- $pattern= $this->config->get_cfg_value("accountRDN");
+ $pattern= $this->config->get_cfg_value("user","accountRDN");
if ($pattern != "") {
$rdn= $this->create_initial_rdn($pattern);
$attribute= preg_replace('/=.*$/', '', $rdn);
@@ -1203,7 +1259,7 @@ class user extends plugin
} else {
$pt= "";
- if($this->config->get_cfg_value("personalTitleInDN") == "true"){
+ if($this->config->get_cfg_value("core","personalTitleInDN") == "true"){
if(!empty($this->personalTitle)){
$pt = $this->personalTitle." ";
}
@@ -1212,7 +1268,7 @@ class user extends plugin
$this->cn= $pt.$this->givenName." ".$this->sn;
/* Permissions for that base? */
- if ($this->config->get_cfg_value("accountPrimaryAttribute") == "uid"){
+ if ($this->config->get_cfg_value("core","accountPrimaryAttribute") == "uid"){
$this->new_dn= 'uid='.$this->uid.','.get_people_ou().$this->base;
} else {
/* Don't touch dn, if cn hasn't changed */
@@ -1287,7 +1343,7 @@ class user extends plugin
if ($this->uid == ""){
$message[]= msgPool::required(_("Login"));
}
- if ($this->config->get_cfg_value("accountPrimaryAttribute") != "uid"){
+ if ($this->config->get_cfg_value("core","accountPrimaryAttribute") != "uid"){
$ldap->cat($this->new_dn);
if ($ldap->count() != 0 && $this->dn != $this->new_dn && $this->dn == 'new'){
$message[]= msgPool::duplicated(_("Name"));
@@ -1342,10 +1398,15 @@ class user extends plugin
/* Indicate whether a password change is needed or not */
function password_change_needed()
{
- if(in_array("pw_storage",$this->multi_boxes)){
- return(TRUE);
+ if($this->multiple_support_active){
+ return(FALSE);
+ }else{
+
+ if(in_array("pw_storage",$this->multi_boxes)){
+ return(TRUE);
+ }
+ return($this->pw_storage != $this->last_pw_storage && !$this->is_template);
}
- return($this->pw_storage != $this->last_pw_storage && !$this->is_template);
}
@@ -1377,11 +1438,11 @@ class user extends plugin
{
$ds= ldap_connect($this->config->current['SERVER']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
- if (function_exists("ldap_set_rebind_proc") && $this->config->get_cfg_value("ldapFollowReferrals") == "true"){
+ if (function_exists("ldap_set_rebind_proc") && $this->config->get_cfg_value("core","ldapFollowReferrals") == "true"){
ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1);
ldap_set_rebind_proc($ds, array(&$this, "rebind"));
}
- if ($this->config->get_cfg_value("ldapTLS") == "true"){
+ if ($this->config->get_cfg_value("core","ldapTLS") == "true"){
ldap_start_tls($ds);
}
@@ -1427,7 +1488,7 @@ class user extends plugin
/* Load certificate from file to object */
function set_cert($cert, $filename)
{
- if(!$this->acl_is_writeable("Certificate",(!is_object($this->parent) && !session::is_set('edit')))) return;
+ if(!$this->acl_is_writeable("Certificate")) return;
$fd = fopen ($filename, "rb");
if (filesize($filename)>0) {
$this->$cert= fread ($fd, filesize ($filename));
@@ -1581,6 +1642,20 @@ class user extends plugin
$this->old_userPKCS12= "";
$this->old_userSMIMECertificate= "";
$this->old_userCertificate= "";
+
+ /* Generate dateOfBirth entry */
+ if (isset ($source['dateOfBirth'])){
+ list($year, $month, $day)= explode("-", $source['dateOfBirth'][0], 3);
+ $this->dateOfBirth= "$day.$month.$year";
+ } else {
+ $this->dateOfBirth= "";
+ }
+
+ // Try to load the user picture
+ $tmp_dn = $this->dn;
+ $this->dn = $source['dn'];
+ $this->load_picture();
+ $this->dn = $tmp_dn;
}
@@ -1612,11 +1687,30 @@ class user extends plugin
"plCategory" => array("users" => array("description" => _("Users"),
"objectClass" => "gosaAccount")),
+
+ "plProperties" => array(
+ array(
+ "name" => "accountRDN",
+ "type" => "string",
+ "default" => "",
+ "description" => sprintf(
+ _("The 'accountRDN' option tells GOsa to use a placeholder pattern for generating account RDNs. A pattern can include attribute names prefaced by a % and normal text: %s. This will generate a RDN consisting of cn=.... filled with surname and given name of the edited account. This option disables the use of accountPrimaryAttribute and personalTitleInDn."),
+ "accountRDN=\"cn=%sn %givenName\""),
+ "check" => "gosaProperty::isString",
+ "migrate" => "",
+ "group" => "plugin",
+ "mandatory" => FALSE
+ )
+
+ ),
"plProvidedAcls" => array(
"sn" => _("Surname"),
"givenName" => _("Given name"),
- "uid" => _("User identification"),
+ "uid" => _("Login"),
+
+ "gosaUserDefinedFilter" => _("Allow definition of custom filters"),
+
"personalTitle" => _("Personal title"),
"academicTitle" => _("Academic title"),
@@ -1632,6 +1726,7 @@ class user extends plugin
"o" => _("Organization"),
"ou" => _("Department"),
"departmentNumber" => _("Department number"),
+ "manager" => _("Manager"),
"employeeNumber" => _("Employee number"),
"employeeType" => _("Employee type"),
@@ -1653,13 +1748,13 @@ class user extends plugin
);
- /* Append government attributes if required */
- global $config;
- if($config->get_cfg_value("honourIvbbAttributes") == "true"){
- foreach($govattrs as $attr => $desc){
- $ret["plProvidedAcls"][$attr] = $desc;
- }
- }
+# /* Append government attributes if required */
+# global $config;
+# if($config->get_cfg_value("core","honourIvbbAttributes") == "true"){
+# foreach($govattrs as $attr => $desc){
+# $ret["plProvidedAcls"][$attr] = $desc;
+# }
+# }
return($ret);
}
@@ -1696,6 +1791,9 @@ class user extends plugin
function multiple_save_object()
{
+
+ if(!isset($_POST['user_mulitple_edit'])) return;
+
plugin::multiple_save_object();
/* Get pw_storage mode */
@@ -1794,6 +1892,19 @@ class user extends plugin
}
}
+ // Detect the managers name
+ $this->manager_name = "";
+ $ldap = $this->config->get_ldap_link();
+ if(!empty($this->manager)){
+ $ldap->cat($this->manager, array('cn'));
+ if($ldap->count()){
+ $attrs = $ldap->fetch();
+ $this->manager_name = $attrs['cn'][0];
+ }else{
+ $this->manager_name = "("._("unknown")."!): ".$this->manager;
+ }
+ }
+
// Detect login restriction not used in all user objects.
$this->gosaLoginRestriction_some = array();
if(isset($all['gosaLoginRestriction'])){