X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fplugins%2Fpersonal%2Fgeneric%2Fclass_user.inc;h=b81be284c3904b0ca47389be2da75143c6580ed7;hb=599213321dc69ae86f2951df82d6d0c93e8cfc9d;hp=e23798d505def1313320302c6ac1f65f578b8605;hpb=c37b040e3346c647d590f65c174b44c0327af8d0;p=gosa.git diff --git a/gosa-core/plugins/personal/generic/class_user.inc b/gosa-core/plugins/personal/generic/class_user.inc index e23798d50..b81be284c 100644 --- a/gosa-core/plugins/personal/generic/class_user.inc +++ b/gosa-core/plugins/personal/generic/class_user.inc @@ -37,12 +37,6 @@ class user extends plugin var $plHeadline= "Generic"; var $plDescription= "Edit organizational user settings"; - /* The attribute gotoLastSystemLogin represents the timestamp of the last - successfull login on the users workstation. - Read the FAQ to get a hint about how to configure this. - */ - var $gotoLastSystemLogin = ""; - /* Plugin specific values */ var $base= ""; var $orig_base= ""; @@ -56,6 +50,8 @@ class user extends plugin var $o= ""; var $ou= ""; var $departmentNumber= ""; + var $gosaLoginRestriction= array(); + var $gosaLoginRestrictionWidget; var $employeeNumber= ""; var $employeeType= ""; var $roomNumber= ""; @@ -70,6 +66,7 @@ class user extends plugin var $use_dob= "0"; var $gender="0"; var $preferredLanguage="0"; + var $baseSelector; var $jpegPhoto= "*removed*"; var $photoData= ""; @@ -111,12 +108,16 @@ class user extends plugin var $view_logged = FALSE; + var $manager = ""; + var $manager_name = ""; + + /* attribute list for save action */ var $attributes= array("sn", "givenName", "uid", "personalTitle", "academicTitle", "homePostalAddress", "homePhone", "labeledURI", "ou", "o", "dateOfBirth", "gender","preferredLanguage", "departmentNumber", "employeeNumber", "employeeType", "l", "st","jpegPhoto", "roomNumber", "telephoneNumber", "mobile", "pager", "cn", "userPKCS12", - "postalAddress", "facsimileTelephoneNumber", "userSMIMECertificate"); + "postalAddress", "facsimileTelephoneNumber", "userSMIMECertificate", "gosaLoginRestriction", "manager"); var $objectclasses= array("top", "person", "organizationalPerson", "inetOrgPerson", "gosaAccount"); @@ -136,9 +137,11 @@ class user extends plugin 'dn' from LDAP */ function user (&$config, $dn= NULL) { + global $lang; + $this->config= $config; /* Configuration is fine, allways */ - if($this->config->get_cfg_value("honourIvbbAttributes") == "true"){ + if($this->config->get_cfg_value("core","honourIvbbAttributes") == "true"){ $this->governmentmode = TRUE; $this->attributes=array_merge($this->attributes,$this->govattrs); } @@ -146,13 +149,6 @@ class user extends plugin /* Load base attributes */ plugin::plugin ($config, $dn); - /* If gotoLastSystemLogin is available read it from ldap and create a readable - date time string. - */ - if(isset($this->attrs['gotoLastSystemLogin'][0]) && preg_match("/^[0-9]*$/",$this->attrs['gotoLastSystemLogin'][0])){ - $this->gotoLastSystemLogin = date("d.m.Y H:i:s", $this->attrs['gotoLastSystemLogin'][0]); - } - $this->orig_dn = $this->dn; $this->new_dn = $dn; @@ -179,7 +175,7 @@ class user extends plugin } /* Make hash default to md5 if not set in config */ - $hash= $this->config->get_cfg_value("passwordDefaultHash", "crypt/md5"); + $hash= $this->config->get_cfg_value("core","passwordDefaultHash"); /* Load data from LDAP? */ if ($dn !== NULL){ @@ -187,7 +183,7 @@ class user extends plugin /* Do base conversation */ if ($this->dn == "new"){ $ui= get_userinfo(); - $this->base= dn2base($ui->dn); + $this->base= dn2base(session::global_is_set("CurrentMainBase")?"cn=dummy,".session::global_get("CurrentMainBase"):$ui->dn); } else { $this->base= dn2base($dn); } @@ -232,23 +228,52 @@ class user extends plugin /* Generate dateOfBirth entry */ if (isset ($this->attrs['dateOfBirth'])){ /* This entry is ISO 8601 conform */ - list($year, $month, $day)= split("-", $this->attrs['dateOfBirth'][0], 3); + list($year, $month, $day)= explode("-", $this->attrs['dateOfBirth'][0], 3); - $this->dateOfBirth=array( 'mon'=> $month,"mday"=> $day,"year"=> $year); - $this->use_dob= "1"; + #TODO: use $lang to convert date + $this->dateOfBirth= "$day.$month.$year"; } else { - $this->use_dob= "0"; + $this->dateOfBirth= ""; } /* Put gender attribute to upper case */ if (isset ($this->attrs['gender'])){ $this->gender= strtoupper($this->attrs['gender'][0]); } + + // Get login restrictions + if(isset($this->attrs['gosaLoginRestriction'])){ + $this->gosaLoginRestriction =array(); + for($i =0;$i < $this->attrs['gosaLoginRestriction']['count']; $i++){ + $this->gosaLoginRestriction[] = $this->attrs['gosaLoginRestriction'][$i]; + } + } + $this->gosaLoginRestrictionWidget= new sortableListing($this->gosaLoginRestriction); + $this->gosaLoginRestrictionWidget->setDeleteable(true); + $this->gosaLoginRestrictionWidget->setColspecs(array('*')); + $this->gosaLoginRestrictionWidget->setWidth("100%"); + $this->gosaLoginRestrictionWidget->setHeight("70px"); $this->orig_base = $this->base; - } + $this->baseSelector= new baseSelector($this->allowedBasesToMoveTo(), $this->base); + $this->baseSelector->setSubmitButton(false); + $this->baseSelector->setHeight(300); + $this->baseSelector->update(true); + // Detect the managers name + $this->manager_name = ""; + $ldap = $this->config->get_ldap_link(); + if(!empty($this->manager)){ + $ldap->cat($this->manager, array('cn')); + if($ldap->count()){ + $attrs = $ldap->fetch(); + $this->manager_name = $attrs['cn'][0]; + }else{ + $this->manager_name = "("._("unknown")."!): ".$this->manager; + } + } + } /* execute generates the html output for this node */ @@ -257,58 +282,58 @@ class user extends plugin /* Call parent execute */ plugin::execute(); + /* Set list ACL */ + $this->gosaLoginRestrictionWidget->setAcl($this->getacl('gosaLoginRestriction')); + $this->gosaLoginRestrictionWidget->update(); + + /* Handle add/delete for restriction mode */ + if (isset($_POST['add_res']) && isset($_POST['res'])) { + $val= validate($_POST['res']); + if (preg_match('/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/', $val) || + preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/([0-9]+)$/', $val) || + preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/', $val)) { + $this->gosaLoginRestrictionWidget->addEntry($val); + } else { + msg_dialog::display(_("Error"), _("Please add a single IP address or a network/netmask combination!"), ERROR_DIALOG); + } + } + /* Log view */ if($this->is_account && !$this->view_logged){ $this->view_logged = TRUE; new log("view","users/".get_class($this),$this->dn); } - $smarty= get_smarty(); - $smarty->assign("gotoLastSystemLogin",$this->gotoLastSystemLogin); - - /* Fill calendar */ - if ($this->dateOfBirth == "0"){ - $date= getdate(); - } else { - if(is_array($this->dateOfBirth)){ - $date = $this->dateOfBirth; - - // Trigger on dates like 1985-04-01, getdate only understands timestamps - } else if (!empty($this->dateOfBirth) && !is_numeric($this->dateOfBirth)){ - $date= getdate(strtotime($this->dateOfBirth)); + // Clear manager attribute if requested + if(preg_match("/ removeManager/i", " ".implode(array_keys($_POST),' ')." ")){ + $this->manager = ""; + $this->manager_name = ""; + } - } else { - $date = getdate($this->dateOfBirth); + // Allow to select a new inetOrgPersion:manager + if(preg_match("/ editManager/i", " ".implode(array_keys($_POST),' ')." ")){ + $this->dialog = new singleUserSelect($this->config, get_userinfo()); + } + if($this->dialog && $this->dialog instanceOf singleUserSelect && count($this->dialog->detectPostActions())){ + $users = $this->dialog->detectPostActions(); + if(isset($users['action']) && $users['action'] =='userSelected' && isset($users['targets']) && count($users['targets'])){ + $headpage = $this->dialog->getHeadpage(); + $dn = $users['targets'][0]; + $attrs = $headpage->getEntry($dn); + $this->manager = $dn; + $this->manager_name = $attrs['cn'][0]; + $this->dialog = NULL; } } - - $days= array(); - for($d= 1; $d<32; $d++){ - $days[$d]= $d; + if(isset($_POST['add_users_cancel'])){ + $this->dialog = NULL; } - $years= array(); + if($this->dialog instanceOf singleUserSelect) return($this->dialog->execute()); - if(($date['year']-100)<1901){ - $start = 1901; - }else{ - $start = $date['year']-100; - } - $end = $start +100; - - for($y= $start; $y<=$end; $y++){ - $years[]= $y; - } - $years['-']= "- "; - $months= msgPool::months(); - $months['-'] = '- '; + $smarty= get_smarty(); - $smarty->assign("day", $date["mday"]); - $smarty->assign("days", $days); - $smarty->assign("months", $months); - $smarty->assign("month", $date["mon"]-1); - $smarty->assign("years", $years); - $smarty->assign("year", $date["year"]); + $smarty->assign("gosaLoginRestrictionWidget", $this->gosaLoginRestrictionWidget->render()); /* Assign sex */ $sex= array(0 => " ", "F" => _("female"), "M" => _("male")); @@ -328,16 +353,6 @@ class user extends plugin return($str); } - /* Base select dialog */ - $once = true; - foreach($_POST as $name => $value){ - if(preg_match("/^chooseBase/",$name) && $once && $this->acl_is_writeable("base")){ - $once = false; - $this->dialog = new baseSelectDialog($this->config,$this,$this->allowedBasesToMoveTo()); - $this->dialog->setCurrentBase($this->base); - } - } - /* Password configure dialog handling */ if(is_object($this->pwObject) && $this->pwObject->display){ $output= $this->pwObject->configure(); @@ -377,6 +392,7 @@ class user extends plugin } $this->pwObject->display = TRUE; $this->dialog= TRUE; + pathNavigator::registerPlugin(_("Password configuration")); return ($this->pwObject->configure()); } } @@ -394,7 +410,7 @@ class user extends plugin } /* Remove picture? */ - if($this->acl_is_writeable("userPicture",(!is_object($this->parent) && !session::is_set('edit'))) ){ + if($this->acl_is_writeable("userPicture")){ if (isset($_POST['picture_remove'])){ $this->set_picture (); $this->jpegPhoto= "*removed*"; @@ -435,12 +451,6 @@ class user extends plugin $this->dialog= FALSE; } - /* Toggle dateOfBirth information */ - if (isset($_POST['set_dob'])){ - $this->use_dob= ($this->use_dob == "0")?"1":"0"; - } - - /* Want certificate= */ if ((isset($_POST['edit_cert'])) && $this->acl_is_readable("Certificate")){ @@ -473,7 +483,7 @@ class user extends plugin /* Remove certificate? */ - if($this->acl_is_writeable("Certificate",(!is_object($this->parent) && !session::is_set('edit')))){ + if($this->acl_is_writeable("Certificate")){ foreach (array ("userCertificate", "userSMIMECertificate", "userPKCS12") as $val){ if (isset($_POST["remove_$val"])){ @@ -485,10 +495,8 @@ class user extends plugin } /* Upload new cert and close dialog? */ - if($this->acl_is_writeable("Certificate",(!is_object($this->parent) && !session::is_set('edit')))){ - + if($this->acl_is_writeable("Certificate")){ $fail =false; - if (isset($_POST['cert_edit_finish'])){ /* for all certificates do */ @@ -532,12 +540,14 @@ class user extends plugin } /* Display picture dialog */ if ($this->picture_dialog){ + pathNavigator::registerPlugin(_("User picture")); return($smarty->fetch (get_template_path('generic_picture.tpl', TRUE, dirname(__FILE__)))); } /* Display cert dialog */ if ($this->cert_dialog){ - $smarty->assign("CertificateACL",$this->getacl("Certificate",(!is_object($this->parent) && !session::is_set('edit')))); + pathNavigator::registerPlugin(_("Certificates")); + $smarty->assign("CertificateACL",$this->getacl("Certificate")); $smarty->assign("Certificate_readable",$this->acl_is_readable("Certificate")); $smarty->assign("certificateSerialNumber",$this->certificateSerialNumber); @@ -555,21 +565,21 @@ class user extends plugin /* Additional info if start end time is '0' */ $add_str_info = ""; if($timeto == 0 && $timefrom == 0){ - $add_str_info = "
"._("(Some types of certificates are currently not supported and may be displayed as 'invalid'.)").""; + $add_str_info = "
".bold(_("(Not supported certificate types are marked as invalid.)")); } - $str = " + $str = "
- +
CNCN ".preg_replace("/ /", " ", $certificate->getname())."

". sprintf(_("Certificate is valid from %s to %s and is currently %s."), - "".date('d M Y',$timefrom)."", - "".date('d M Y',$timeto)."", - $certificate->isvalid()?""._("valid")."": - ""._("invalid")."").$add_str_info; + bold(date('d M Y',$timefrom)), + bold(date('d M Y',$timeto)), + $certificate->isvalid()?bold(""._("valid").""): + bold(""._("invalid")."")).$add_str_info; $smarty->assign($cert."info",$str); $smarty->assign($cert."_state","true"); @@ -590,14 +600,14 @@ class user extends plugin /* Prepare password hashes */ if ($this->pw_storage == ""){ - $this->pw_storage= $this->config->get_cfg_value("hash"); + $this->pw_storage= $this->config->get_cfg_value("core","passwordDefaultHash"); } $temp= passwordMethod::get_available_methods(); $is_configurable= FALSE; $hashes = $temp['name']; if(isset($temp[$this->pw_storage])){ - $test= new $temp[$this->pw_storage]($this->config); + $test= new $temp[$this->pw_storage]($this->config, $this->dn); $is_configurable= $test->is_configurable(); }else{ new msg_dialog(_("Password method"),_("The selected password method is no longer available."),WARNING_DIALOG); @@ -635,44 +645,40 @@ class user extends plugin /* Set acls */ $tmp = $this->plinfo(); foreach($tmp['plProvidedAcls'] as $val => $translation){ - $smarty->assign("$val"."ACL", $this->getacl($val,(!is_object($this->parent) && !session::is_set('edit')))); + $smarty->assign("$val"."ACL", $this->getacl($val)); } + // Special ACL for gosaLoginRestrictions - + // In case of multiple edit, we need a readonly ACL for the list. + $smarty->assign('gosaLoginRestriction_ONLY_R_ACL', preg_replace("/[^r]/i","", $this->getacl($val))); + $smarty->assign("pwmode", $pwd_methods); $smarty->assign("pwmode_select", $this->pw_storage); $smarty->assign("pw_configurable", $is_configurable); - $smarty->assign("passwordStorageACL", $this->getacl("userPassword",(!is_object($this->parent) && !session::is_set('edit')))); - $smarty->assign("base_select", $this->base); - - if(!session::is_set('edit')){ - $smarty->assign("CertificatesACL",""); - }else{ - $smarty->assign("CertificatesACL", $this->getacl("Certificate")); - } - - $smarty->assign("userPictureACL", $this->getacl("userPicture",(!is_object($this->parent) && !session::is_set('edit')))); - $smarty->assign("userPicture_is_readable", $this->acl_is_readable("userPicture",(!is_object($this->parent) && !session::is_set('edit')))); + $smarty->assign("passwordStorageACL", $this->getacl("userPassword")); + $smarty->assign("CertificatesACL", $this->getacl("Certificate")); + $smarty->assign("userPictureACL", $this->getacl("userPicture")); + $smarty->assign("userPicture_is_readable", $this->acl_is_readable("userPicture")); /* Create base acls */ - $tmp = @$this->allowedBasesToMoveTo(); - $smarty->assign("bases", $tmp); + $smarty->assign("base", $this->baseSelector->render()); /* Save government mode attributes */ if($this->governmentmode){ $smarty->assign("governmentmode", "true"); - $ivbbmodes= array("nein", "ivbv", "testa", "ivbv,testa", "internet", - "internet,ivbv", "internet,testa", "internet,ivbv,testa"); + $ivbbmodes= array("nein", "", "ivbv", "testa", "ivbv,testa", "internet", + "internet,ivbv", "internet,testa", "internet,ivbv,testa"); $smarty->assign("ivbbmodes", $ivbbmodes); foreach ($this->govattrs as $val){ $smarty->assign("$val", $this->$val); - $smarty->assign("$val"."ACL", $this->getacl($val,(!is_object($this->parent) && !session::is_set('edit')))); + $smarty->assign("$val"."ACL", $this->getacl($val)); } } else { $smarty->assign("governmentmode", "false"); } /* Special mode for uid */ - $uidACL= $this->getacl("uid",(!is_object($this->parent) && !session::is_set('edit'))); + $uidACL= $this->getacl("uid"); if (isset ($this->dn)){ if ($this->dn != "new"){ $uidACL= preg_replace("/w/","",$uidACL); @@ -696,6 +702,7 @@ class user extends plugin $smarty->assign("has_phoneaccount", "false"); } $smarty->assign("multiple_support" , $this->multiple_support_active); + $smarty->assign("manager_name",$this->manager_name); return($smarty->fetch (get_template_path('generic.tpl', TRUE, dirname(__FILE__)))); } @@ -742,8 +749,38 @@ class user extends plugin $og->save (); } + // Update 'manager' attributes from gosaDepartment and inetOrgPerson + $filter = "(&(objectClass=inetOrgPerson)(manager=".LDAP::prepare4filter($this->dn)."))"; + $ocs = $ldap->get_objectclasses(); + if(isset($ocs['gosaDepartment']['MAY']) && in_array('manager', $ocs['gosaDepartment']['MAY'])){ + $filter = "(|".$filter."(&(objectClass=gosaDepartment)(manager=".LDAP::prepare4filter($this->dn).")))"; + } + $leaf_deps= get_list($filter,array("all"),$this->config->current['BASE'], + array("manager","dn","objectClass"),GL_SUBSEARCH | GL_NO_ACL_CHECK); + foreach($leaf_deps as $entry){ + $update = array('manager' => array()); + $ldap->cd($entry['dn']); + $ldap->modify($update); + if(!$ldap->success()){ + trigger_error(sprintf("Failed to update manager for '%s', error was '%s'", $entry['dn'], $ldap->get_error())); + } + } + + /* Delete references to roles */ + $ldap->cd ($this->config->current['BASE']); + $ldap->search ("(&(objectClass=organizationalRole)(roleOccupant=".LDAP::prepare4filter($this->dn)."))", array("cn")); + while ($ldap->fetch()){ + $role= new roleGeneric($this->config, $ldap->getDN()); + $key = array_search($this->dn,$role->roleOccupant); + if($key !== FALSE){ + unset($role->roleOccupant[$key]); + $role->roleOccupant= array_values($role->roleOccupant); + $role->save (); + } + } + /* If needed, let the password method do some cleanup */ - $tmp = new passwordMethod($this->config); + $tmp = new passwordMethod($this->config, $this->dn); $available = $tmp->get_available_methods(); if (in_array_ics($this->pw_storage, $available['name'])){ $test= new $available[$this->pw_storage]($this->config); @@ -753,8 +790,7 @@ class user extends plugin } /* Remove ACL dependencies too */ - $tmp = new acl($this->config,$this->parent,$this->dn); - $tmp->remove_acl(); + acl::remove_acl_for($this->dn); /* Optionally execute a command after we're done */ $this->handle_post_events("remove",array("uid" => $this->uid)); @@ -772,10 +808,27 @@ class user extends plugin /* Parents save function */ plugin::save_object (); + /* Refresh base */ + if ($this->acl_is_moveable($this->base)){ + if (!$this->baseSelector->update()) { + msg_dialog::display(_("Error"), msgPool::permMove(), ERROR_DIALOG); + } + if ($this->base != $this->baseSelector->getBase()) { + $this->base= $this->baseSelector->getBase(); + $this->is_modified= TRUE; + } + } + + /* Sync lists */ + $this->gosaLoginRestrictionWidget->save_object(); + if ($this->gosaLoginRestrictionWidget->isModified()) { + $this->gosaLoginRestriction= array_values($this->gosaLoginRestrictionWidget->getMaintainedData()); + } + /* Save government mode attributes */ if ($this->governmentmode){ foreach ($this->govattrs as $val){ - if ($this->acl_is_writeable($val,(!is_object($this->parent) && !session::is_set('edit'))) && isset($_POST["$val"])){ + if ($this->acl_is_writeable($val)){ $data= stripcslashes($_POST["$val"]); if ($data != $this->$val){ $this->is_modified= TRUE; @@ -791,22 +844,6 @@ class user extends plugin $this->givenName= $this->sn; } - /* Save base and pw_storage, since these are no LDAP attributes */ - if (isset($_POST['base'])){ - - $tmp = $this->get_allowed_bases(); - if(isset($tmp[$_POST['base']])){ - $base= validate($_POST['base']); - if ($base != $this->base){ - $this->is_modified= TRUE; - } - $this->base= $base; - }else{ - $this->base = $base_tmp; - msg_dialog::display(_("Error"), msgPool::permMove(), ERROR_DIALOG); - } - } - /* Get pw_storage mode */ if (isset($_POST['pw_storage'])){ foreach(array("pw_storage") as $val){ @@ -858,19 +895,23 @@ class user extends plugin /* Save data to LDAP, depending on is_account we save or delete */ function save() { + global $lang; + /* Only force save of changes .... If this attributes aren't changed, avoid saving. */ + if($this->gender=="0") $this->gender =""; if($this->preferredLanguage=="0") $this->preferredLanguage =""; /* First use parents methods to do some basic fillup in $this->attrs */ plugin::save (); - if ($this->use_dob == "1"){ - /* If it is an array, the generic page has never been loaded - so there's no difference. Using an array would cause an error btw. */ + if ($this->dateOfBirth != ""){ if(!is_array($this->attrs['dateOfBirth'])) { - $this->attrs['dateOfBirth'] = date("Y-m-d", $this->dateOfBirth); + #TODO: use $lang to convert date + list($day, $month, $year)= explode(".", $this->dateOfBirth); + $this->attrs['dateOfBirth'] = sprintf("%04d-%02d-%02d", $year, $month, $day); } } @@ -933,7 +974,7 @@ class user extends plugin } /* Special handling for dateOfBirth value */ - if ($this->use_dob != "1"){ + if ($this->dateOfBirth == ""){ if ($this->is_new) { unset($this->attrs["dateOfBirth"]); } else { @@ -1057,6 +1098,7 @@ class user extends plugin foreach($temp as $id => $data){ if(isset($data['name']) && $data['name'] == $this->pw_storage){ $tmp = new $temp[$this->pw_storage]($this->config,$this->dn); + $tmp->set_hash($this->pw_storage); $this->attrs['userPassword'] = $tmp->create_template_hash($this->attrs); break; } @@ -1110,11 +1152,11 @@ class user extends plugin die ("Could not connect to LDAP server"); } ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - if (function_exists("ldap_set_rebind_proc") && $this->config->get_cfg_value("ldapFollowReferrals") == "true") { + if (function_exists("ldap_set_rebind_proc") && $this->config->get_cfg_value("core","ldapFollowReferrals") == "true") { ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1); ldap_set_rebind_proc($ds, array(&$this, "rebind")); } - if($this->config->get_cfg_value("ldapTLS") == "true"){ + if($this->config->get_cfg_value("core","ldapTLS") == "true"){ ldap_start_tls($ds); } if (!($res = @ldap_bind($ds, $this->config->current['ADMIN'], @@ -1129,7 +1171,7 @@ class user extends plugin /* If needed, let the password method do some cleanup */ if ($this->pw_storage != $this->last_pw_storage){ - $tmp = new passwordMethod($this->config); + $tmp = new passwordMethod($this->config, $this->dn); $available = $tmp->get_available_methods(); if (in_array_ics($this->last_pw_storage, $available['name'])){ $test= new $available[$this->last_pw_storage]($this->config,$this->dn); @@ -1153,27 +1195,89 @@ class user extends plugin return (0); } + + function create_initial_rdn($pattern) + { + // Only generate single RDNs + if (preg_match('/\+/', $pattern)){ + msg_dialog::display(_("Error"), _("Cannot build RDN: no + allowed to build sub RDN!"), ERROR_DIALOG); + return ""; + } + + // Extract attribute + $attribute= preg_replace('/=.*$/', '', $pattern); + if (!in_array_ics($attribute, $this->attributes)) { + msg_dialog::display(_("Error"), _("Cannot build RDN: attribute is not defined!"), ERROR_DIALOG); + return ""; + } + + // Sort attributes for length + $attrl= array(); + foreach ($this->attributes as $attr) { + $attrl[$attr]= strlen($attr); + } + arsort($attrl); + + // Walk thru sorted attributes and replace them in pattern + foreach ($attrl as $attr => $dummy) { + if (!is_array($this->$attr)){ + $pattern= preg_replace("/%$attr/", $this->$attr, $pattern); + } else { + // Array elements cannot be used for ID generation + if (preg_match("/%$attr/", $pattern)) { + msg_dialog::display(_("Error"), _("Cannot build RDN: invalid attribute parameters!"), ERROR_DIALOG); + break; + } + } + } + + // Internally assign value + $this->$attribute= preg_replace('/^[^=]+=/', '', $pattern); + + return $pattern; + } + function update_new_dn() { - $pt= ""; - if($this->config->get_cfg_value("personalTitleInDN") == "true"){ - if(!empty($this->personalTitle)){ - $pt = $this->personalTitle." "; + // Alternative way to handle DN + $pattern= $this->config->get_cfg_value("user","accountRDN"); + if ($pattern != "") { + $rdn= $this->create_initial_rdn($pattern); + $attribute= preg_replace('/=.*$/', '', $rdn); + $value= preg_replace('/^[^=]+=$/', '', $rdn); + + /* Don't touch dn, if $attribute hasn't changed */ + if (isset($this->saved_attributes[$attribute]) && $this->saved_attributes[$attribute] == $this->$attribute && + $this->orig_base == $this->base ){ + $this->new_dn= $this->dn; + } else { + $this->new_dn= $this->create_unique_dn2($rdn, get_people_ou().$this->base); } - } - $this->cn= $pt.$this->givenName." ".$this->sn; - /* Permissions for that base? */ - if ($this->config->get_cfg_value("accountPrimaryAttribute") == "uid"){ - $this->new_dn= 'uid='.$this->uid.','.get_people_ou().$this->base; + // Original way to handle DN } else { - /* Don't touch dn, if cn hasn't changed */ - if (isset($this->saved_attributes['cn']) && $this->saved_attributes['cn'] == $this->cn && - $this->orig_base == $this->base ){ - $this->new_dn= $this->dn; + + $pt= ""; + if($this->config->get_cfg_value("core","personalTitleInDN") == "true"){ + if(!empty($this->personalTitle)){ + $pt = $this->personalTitle." "; + } + } + + $this->cn= $pt.$this->givenName." ".$this->sn; + + /* Permissions for that base? */ + if ($this->config->get_cfg_value("core","accountPrimaryAttribute") == "uid"){ + $this->new_dn= 'uid='.$this->uid.','.get_people_ou().$this->base; } else { - $this->new_dn= $this->create_unique_dn('cn', get_people_ou().$this->base); + /* Don't touch dn, if cn hasn't changed */ + if (isset($this->saved_attributes['cn']) && $this->saved_attributes['cn'] == $this->cn && + $this->orig_base == $this->base ){ + $this->new_dn= $this->dn; + } else { + $this->new_dn= $this->create_unique_dn('cn', get_people_ou().$this->base); + } } } } @@ -1206,9 +1310,7 @@ class user extends plugin $this->set_acl_base($this->base); } - /* Check if we are allowed to create/move this user - */ - + /* Check if we are allowed to create/move this user */ if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){ $message[]= msgPool::permCreate(); }elseif($this->orig_dn != "new" && $this->new_dn != $this->orig_dn && !$this->acl_is_moveable($this->base)){ @@ -1229,6 +1331,11 @@ class user extends plugin $message[]= msgPool::required(_("Name")); } + // Check if a wrong base was supplied + if(!$this->baseSelector->checkLastBaseUpdate()){ + $message[]= msgPool::check_base();; + } + if (!$this->is_template){ if ($this->givenName == ""){ $message[]= msgPool::required(_("Given name")); @@ -1236,7 +1343,7 @@ class user extends plugin if ($this->uid == ""){ $message[]= msgPool::required(_("Login")); } - if ($this->config->get_cfg_value("accountPrimaryAttribute") != "uid"){ + if ($this->config->get_cfg_value("core","accountPrimaryAttribute") != "uid"){ $ldap->cat($this->new_dn); if ($ldap->count() != 0 && $this->dn != $this->new_dn && $this->dn == 'new'){ $message[]= msgPool::duplicated(_("Name")); @@ -1271,6 +1378,11 @@ class user extends plugin $message[]= msgPool::invalid(_("Pager"), $this->pager, "/[\/0-9 ()+*-]/"); } + /* Check dates */ + if (!tests::is_date($this->dateOfBirth)){ + $message[]= msgPool::invalid(_("Date of birth"), $this->dateOfBirth,"" ,"23.02.2009"); + } + /* Check for reserved characers */ if (preg_match ('/[,+"?\'()=<>;\\\\]/', $this->givenName)){ $message[]= msgPool::invalid(_("Given name"), $this->givenName, '/[^,+"?\'()=<>;\\\\]/'); @@ -1286,10 +1398,15 @@ class user extends plugin /* Indicate whether a password change is needed or not */ function password_change_needed() { - if(in_array("pw_storage",$this->multi_boxes)){ - return(TRUE); + if($this->multiple_support_active){ + return(FALSE); + }else{ + + if(in_array("pw_storage",$this->multi_boxes)){ + return(TRUE); + } + return($this->pw_storage != $this->last_pw_storage && !$this->is_template); } - return($this->pw_storage != $this->last_pw_storage); } @@ -1321,11 +1438,11 @@ class user extends plugin { $ds= ldap_connect($this->config->current['SERVER']); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - if (function_exists("ldap_set_rebind_proc") && $this->config->get_cfg_value("ldapFollowReferrals") == "true"){ + if (function_exists("ldap_set_rebind_proc") && $this->config->get_cfg_value("core","ldapFollowReferrals") == "true"){ ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1); ldap_set_rebind_proc($ds, array(&$this, "rebind")); } - if ($this->config->get_cfg_value("ldapTLS") == "true"){ + if ($this->config->get_cfg_value("core","ldapTLS") == "true"){ ldap_start_tls($ds); } @@ -1371,7 +1488,7 @@ class user extends plugin /* Load certificate from file to object */ function set_cert($cert, $filename) { - if(!$this->acl_is_writeable("Certificate",(!is_object($this->parent) && !session::is_set('edit')))) return; + if(!$this->acl_is_writeable("Certificate")) return; $fd = fopen ($filename, "rb"); if (filesize($filename)>0) { $this->$cert= fread ($fd, filesize ($filename)); @@ -1399,7 +1516,7 @@ class user extends plugin } /* Get base */ - $this->base= preg_replace('/^[^,]+,'.get_people_ou().'/i', '', $dn); + $this->base= preg_replace('/^[^,]+,'.preg_quote(get_people_ou(), '/').'/i', '', $dn); if($this->governmentmode){ @@ -1433,6 +1550,14 @@ class user extends plugin $this->sn= $this->parent->sn; $this->givenName= $this->parent->givenName; } + + if ($this->dateOfBirth) { + /* This entry is ISO 8601 conform */ + list($year, $month, $day)= explode("-", $this->dateOfBirth, 3); + + #TODO: use $lang to convert date + $this->dateOfBirth= "$day.$month.$year"; + } } @@ -1517,6 +1642,20 @@ class user extends plugin $this->old_userPKCS12= ""; $this->old_userSMIMECertificate= ""; $this->old_userCertificate= ""; + + /* Generate dateOfBirth entry */ + if (isset ($source['dateOfBirth'])){ + list($year, $month, $day)= explode("-", $source['dateOfBirth'][0], 3); + $this->dateOfBirth= "$day.$month.$year"; + } else { + $this->dateOfBirth= ""; + } + + // Try to load the user picture + $tmp_dn = $this->dn; + $this->dn = $source['dn']; + $this->load_picture(); + $this->dn = $tmp_dn; } @@ -1548,24 +1687,46 @@ class user extends plugin "plCategory" => array("users" => array("description" => _("Users"), "objectClass" => "gosaAccount")), + + "plProperties" => array( + array( + "name" => "accountRDN", + "type" => "string", + "default" => "", + "description" => sprintf( + _("The 'accountRDN' option tells GOsa to use a placeholder pattern for generating account RDNs. A pattern can include attribute names prefaced by a % and normal text: %s. This will generate a RDN consisting of cn=.... filled with surname and given name of the edited account. This option disables the use of accountPrimaryAttribute and personalTitleInDn."), + "accountRDN=\"cn=%sn %givenName\""), + "check" => "gosaProperty::isString", + "migrate" => "", + "group" => "plugin", + "mandatory" => FALSE + ) + + ), "plProvidedAcls" => array( "sn" => _("Surname"), "givenName" => _("Given name"), - "uid" => _("User identification"), + "uid" => _("Login"), + + "gosaUserDefinedFilter" => _("Allow definition of custom filters"), + "personalTitle" => _("Personal title"), "academicTitle" => _("Academic title"), "dateOfBirth" => _("Date of birth"), - "gender" => _("Gender"), + "gender" => _("Sex"), "preferredLanguage" => _("Preferred language"), "base" => _("Base"), "userPicture" => _("User picture"), + "gosaLoginRestriction" => _("Login restrictions"), + "o" => _("Organization"), "ou" => _("Department"), "departmentNumber" => _("Department number"), + "manager" => _("Manager"), "employeeNumber" => _("Employee number"), "employeeType" => _("Employee type"), @@ -1587,13 +1748,13 @@ class user extends plugin ); - /* Append government attributes if required */ - global $config; - if($config->get_cfg_value("honourIvbbAttributes") == "true"){ - foreach($govattrs as $attr => $desc){ - $ret["plProvidedAcls"][$attr] = $desc; - } - } +# /* Append government attributes if required */ +# global $config; +# if($config->get_cfg_value("core","honourIvbbAttributes") == "true"){ +# foreach($govattrs as $attr => $desc){ +# $ret["plProvidedAcls"][$attr] = $desc; +# } +# } return($ret); } @@ -1620,12 +1781,19 @@ class user extends plugin $ret['orig_base']="Changed_by_Multi_Plug"; $ret['base']=$this->base; } + + $ret['gosaLoginRestriction'] = $this->gosaLoginRestriction; + $ret['gosaLoginRestriction_some'] = $this->gosaLoginRestriction_some; + return($ret); } function multiple_save_object() { + + if(!isset($_POST['user_mulitple_edit'])) return; + plugin::multiple_save_object(); /* Get pw_storage mode */ @@ -1640,8 +1808,15 @@ class user extends plugin } } } - if(isset($_POST['base'])){ - $this->base = get_post('base'); + + /* Refresh base */ + if ($this->acl_is_moveable($this->base)){ + if (!$this->baseSelector->update()) { + msg_dialog::display(_("Error"), msgPool::permMove(), ERROR_DIALOG); + } + if ($this->base != $this->baseSelector->getBase()) { + $this->base= $this->baseSelector->getBase(); + } } if(isset($_POST['user_mulitple_edit'])){ @@ -1651,6 +1826,12 @@ class user extends plugin } } } + + /* Sync lists */ + $this->gosaLoginRestrictionWidget->save_object(); + if ($this->gosaLoginRestrictionWidget->isModified()) { + $this->gosaLoginRestriction= array_values($this->gosaLoginRestrictionWidget->getMaintainedData()); + } } @@ -1695,6 +1876,89 @@ class user extends plugin } + /*! \brief Prepares the plugin to be used for multiple edit + * Update plugin attributes with given array of attribtues. + * \param array Array with attributes that must be updated. + */ + function init_multiple_support($attrs,$all) + { + plugin::init_multiple_support($attrs,$all); + + // Get login restrictions + if(isset($attrs['gosaLoginRestriction'])){ + $this->gosaLoginRestriction =array(); + for($i =0;$i < $attrs['gosaLoginRestriction']['count']; $i++){ + $this->gosaLoginRestriction[] = $attrs['gosaLoginRestriction'][$i]; + } + } + + // Detect the managers name + $this->manager_name = ""; + $ldap = $this->config->get_ldap_link(); + if(!empty($this->manager)){ + $ldap->cat($this->manager, array('cn')); + if($ldap->count()){ + $attrs = $ldap->fetch(); + $this->manager_name = $attrs['cn'][0]; + }else{ + $this->manager_name = "("._("unknown")."!): ".$this->manager; + } + } + + // Detect login restriction not used in all user objects. + $this->gosaLoginRestriction_some = array(); + if(isset($all['gosaLoginRestriction'])){ + for($i=0;$i<$all['gosaLoginRestriction']['count'];$i++){ + $this->gosaLoginRestriction_some[] = $all['gosaLoginRestriction'][$i]; + } + } + + + // Reinit the login restriction list. + $data = $this->convertLoginRestriction(); + if(count($data)){ + $this->gosaLoginRestrictionWidget->setListData($data['data'], $data['displayData']); + } + } + + + function set_multi_edit_values($attrs) + { + $lR = array(); + + // Update loginRestrictions, keep my settings while ip is optional + foreach($attrs['gosaLoginRestriction_some'] as $ip){ + if(in_array($ip, $this->gosaLoginRestriction) && in_array($ip, $attrs['gosaLoginRestriction'])){ + $lR[] = $ip; + } + } + + // Add enforced loginRestrictions + foreach($attrs['gosaLoginRestriction'] as $ip){ + $lR[] = $ip; + } + + $lR = array_values(array_unique($lR)); + $this->is_modified |= array_differs($this->gosaLoginRestriction, $lR); + plugin::set_multi_edit_values($attrs); + $this->gosaLoginRestriction = $lR; + } + + + function convertLoginRestriction() + { + $all = array_unique(array_merge($this->gosaLoginRestriction,$this->gosaLoginRestriction_some)); + $data = array(); + foreach($all as $ip){ + $data['data'][] = $ip; + if(!in_array($ip, $this->gosaLoginRestriction)){ + $data['displayData'][] = array('mode' => LIST_MARKED , 'data' => array($ip.' ('._("Entries differ").')')); + }else{ + $data['displayData'][] = array('mode' => 0 , 'data' => array($ip)); + } + } + return($data); + } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: