X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fadmin%2Fusers%2Fclass_userManagement.inc;h=c0042797a60a184c1b8ec58f9e99d9cff82d85f2;hb=4b45577aa0d449c2d36417afa256441f9dcb503f;hp=91827bc01932435f3e7317e9767203919cd00916;hpb=9b4218828c153aea81c47788f443153f3b04192a;p=gosa.git diff --git a/plugins/admin/users/class_userManagement.inc b/plugins/admin/users/class_userManagement.inc index 91827bc01..c0042797a 100644 --- a/plugins/admin/users/class_userManagement.inc +++ b/plugins/admin/users/class_userManagement.inc @@ -31,7 +31,6 @@ class userManagement extends plugin /* Dialog attributes */ var $usertab = NULL; var $ui = NULL; - var $acl = ""; var $templates = array(); var $got_uid = false; var $CopyPasteHandler = NULL; @@ -52,8 +51,6 @@ class userManagement extends plugin /* Creat dialog object */ $this->DivListUsers = new divListUsers($this->config,$this); - /* LOCK MESSAGE Vars */ - $_SESSION['LOCK_VARS_TO_USE'] = array("/^act$/","/^id$/","/^user_edit_/","/^user_del_/"); } @@ -62,6 +59,9 @@ class userManagement extends plugin /* Call parent execute */ plugin::execute(); + /* LOCK MESSAGE Vars */ + $_SESSION['LOCK_VARS_TO_USE'] = array("/^act$/","/^id$/","/^user_edit_/","/^user_del_/"); + $smarty = get_smarty(); // Smarty instance $s_action = ""; // Contains the action to be taken $s_entry = ""; // The value for s_action @@ -79,6 +79,7 @@ class userManagement extends plugin foreach(array("del" => "user_del", "edit" => "user_edit", "new" => "user_new", "new_tpl" => "user_tplnew", + "create_user_from_tpl" => "userfrom_tpl", "change_pw" => "user_chgpw", "editPaste" => "editPaste", "copy" => "copy", "cut" => "cut") as $act => $name){ @@ -103,6 +104,10 @@ class userManagement extends plugin $s_tab= "user"; } + if(!search_config($this->config->data['TABS'], $s_tab , "CLASS")){ + $s_tab = "user"; + } + /* Display the copy & paste dialog, if it is currently open */ $ret = $this->copyPasteHandling($s_action,$s_entry); if($ret){ @@ -130,9 +135,6 @@ class userManagement extends plugin above dialog */ add_lock ($this->dn, $this->ui->dn); - /* Set up the users ACL's for this 'dn' */ - $acl= get_permissions ($this->dn, $this->ui->subtreeACL); - /* Register usertab to trigger edit dialog */ $this->usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $this->dn); @@ -141,7 +143,7 @@ class userManagement extends plugin $this->usertab->current = $s_tab; /* Set ACL and move DN to the headline */ - $this->usertab->set_acl($acl); + $this->usertab->set_acl_base($this->dn); $_SESSION['objectinfo']= $this->dn; } @@ -182,13 +184,10 @@ class userManagement extends plugin /* Load permissions for selected 'dn' and check if we're allowed to remove this 'dn' */ - $acl= get_permissions ($this->dn, $this->ui->subtreeACL); - $acl= get_module_permission($acl, "user", $this->dn); - if (chkacl($acl, "password") == ""){ + if (preg_match("/w/",$this->ui->get_permissions($this->dn,"users/password"))){ /* User is allowed to change passwords, save 'dn' and 'acl' for next dialog. */ - $this->acl= $acl; $_SESSION['objectinfo']= $this->dn; return ($smarty->fetch(get_template_path('password.tpl', TRUE))); @@ -207,7 +206,11 @@ class userManagement extends plugin if (isset($_POST['password_finish'])){ /* For security reasons, check if user is allowed to set password again */ - if (chkacl($this->acl, "password") == "" || chkacl($this->acl, "create")){ + $dn = $this->dn; + $acl = $this->ui->get_permissions($dn, "users/password"); + $cacl= $this->ui->get_permissions($dn, "users/user"); + + if (preg_match('/w/', $acl) || preg_match('/c/', $cacl)){ /* Check input and feed errors into 'message' */ $message= array(); @@ -272,7 +275,6 @@ class userManagement extends plugin /* Missing permissions, show message */ print_red (_("You are not allowed to set this users password!")); } - /* Clean session, delete lock */ del_lock ($this->dn); unset ($this->usertab); @@ -297,26 +299,17 @@ class userManagement extends plugin /* Load permissions for selected 'dn' and check if we're allowed to remove this 'dn' */ - $acl= get_permissions ($this->dn, $this->ui->subtreeACL); - $this->acl= get_module_permission($acl, "user", $this->dn); - if (chkacl($this->acl, "delete") == ""){ - - /* Check locking, save current plugin in 'back_plugin', so - the dialog knows where to return. */ - if (($user= get_lock($this->dn)) != ""){ - return(gen_locked_message ($user, $this->dn)); - } - /* Lock the current entry, so nobody will edit it during deletion */ - add_lock ($this->dn, $this->ui->dn); - $smarty->assign("info", sprintf(_("You're about to delete the user %s."), @LDAP::fix($this->dn))); - return($smarty->fetch(get_template_path('remove.tpl', TRUE))); - } else { - - /* Obviously the user isn't allowed to delete. Show message and - clean session. */ - print_red (_("You are not allowed to delete this user!")); + /* Check locking, save current plugin in 'back_plugin', so + the dialog knows where to return. */ + if (($user= get_lock($this->dn)) != ""){ + return(gen_locked_message ($user, $this->dn)); } + + /* Lock the current entry, so nobody will edit it during deletion */ + add_lock ($this->dn, $this->ui->dn); + $smarty->assign("info", sprintf(_("You're about to delete the user %s."), @LDAP::fix($this->dn))); + return($smarty->fetch(get_template_path('remove.tpl', TRUE))); } @@ -329,11 +322,14 @@ class userManagement extends plugin /* Some nice guy may send this as POST, so we've to check for the permissions again. */ - if (chkacl($this->acl, "delete") == ""){ + + $acl = $this->ui->get_permissions($this->dn, "users/user"); + + if (preg_match('/d/', $acl)){ /* Delete request is permitted, perform LDAP action */ $this->usertab= new usertabs($this->config, $this->config->data['TABS']['USERTABS'],$this->dn); - $this->usertab->set_acl(array($this->acl)); + $this->usertab->set_acl_base(); $this->usertab->delete (); gosa_log ("User object '".$this->dn."' has been removed"); unset ($this->usertab); @@ -405,6 +401,7 @@ class userManagement extends plugin /* In case of new users, ask for a password, skip this for templates */ if (($set_pass || $this->usertab->password_change_needed()) && !$this->is_template){ + $this->dn = $this->usertab->dn; return($smarty->fetch(get_template_path('password.tpl', TRUE))); } @@ -434,11 +431,10 @@ class userManagement extends plugin foreach ($this->config->departments as $key => $value){ /* Get acls from different ou's */ - $acl= get_permissions (get_people_ou().$value, $this->ui->subtreeACL); - $acl= get_module_permission($acl, "user", get_people_ou().$value); - + $acl = $this->ui->get_permissions("cn=dummy,".get_people_ou().$value,"users/user") ; + /* If creation of a new user is allowed, append this template */ - if (chkacl($acl, "create") == ""){ + if (preg_match("/c/",$acl)){ /* Search all templates from the current dn */ $ldap->cd (get_people_ou().$value); @@ -465,11 +461,44 @@ class userManagement extends plugin Create a new user,template, user from template ********************/ + /* Check selected options for template */ + if (isset($_POST['template_continue'])){ + $message = array(); + if(!isset($_POST['template']) || (empty($_POST['template']))){ + $message[] = _("Please select a valid template."); + } + if(!isset($_POST['sn']) || (empty($_POST['sn']))){ + $message[]= _("The required field 'Name' is not set."); + } + if(!isset($_POST['givenName']) || (empty($_POST['givenName']))){ + $message[]= _("The required field 'Given name' is not set."); + } + + /* Show error message / continue editing */ + if (count($message) > 0){ + show_errors ($message); + + foreach(array("sn", "givenName", "uid", "template") as $attr){ + if(isset($_POST[$attr])){ + $smarty->assign("$attr", $_POST[$attr]); + }else{ + $smarty->assign("$attr", ""); + } + } + $smarty->assign("templates",$this->templates); + $smarty->assign("got_uid",$this->got_uid); + $smarty->assign("edit_uid",false); + return($smarty->fetch(get_template_path('template.tpl', TRUE))); + + } + } + /* New user/template request */ if (($s_action=="create_user_from_tpl")||($s_action=="new") || ($s_action=="new_tpl")){ /* By default we set 'dn' to 'new', all relevant plugins will react on this. */ $this->dn= "new"; + if (isset($this->config->current['IDGEN'])){ $this->got_uid= false; } else { @@ -478,8 +507,8 @@ class userManagement extends plugin /* Create new usertab object */ $this->usertab= new usertabs($this->config,$this->config->data['TABS']['USERTABS'], $this->dn); - $this->usertab->set_acl(array(':all')); $this->usertab->by_object['user']->base= $this->DivListUsers->selectedBase; + $this->usertab->set_acl_base('dummy,'.$this->DivListUsers->selectedBase); /* Take care about templates */ if ($s_action=="new_tpl"){ @@ -509,7 +538,8 @@ class userManagement extends plugin ********************/ /* Continue template editing */ - if ((isset($_POST['template_continue']) && $_POST['template'] != 'none' && !isset($_POST['uid']))){ + if ((isset($_POST['template_continue'])) && ($_POST['template'] != 'none') && (!isset($_POST['uid']))){ + $this->sn = $_POST['sn']; $this->givenName = $_POST['givenName']; @@ -560,7 +590,6 @@ class userManagement extends plugin return($smarty->fetch(get_template_path('template.tpl', TRUE))); } - /******************** No template selected continue edit ********************/ @@ -595,10 +624,6 @@ class userManagement extends plugin $this->usertab->adapt_from_template($template_dn); $template_base = preg_replace("/^[^,]+,".normalizePreg(get_people_ou())."/", '', $template_dn); $this->usertab->by_object['user']->base= $template_base; - - /* Set up the users ACL's for this 'dn' */ - $acl= get_permissions ($template_base, $this->ui->subtreeACL); - $this->usertab->set_acl($acl); } @@ -637,7 +662,8 @@ class userManagement extends plugin } /* Check if there is a snapshot dialog open */ - if($str = $this->showSnapshotDialog($this->DivListUsers->selectedBase,get_people_ou())){ + $base = $this->DivListUsers->selectedBase; + if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases())){ return($str); } @@ -656,6 +682,13 @@ class userManagement extends plugin } + /* Return departments, that will be included within snapshot detection */ + function get_used_snapshot_bases() + { + return(array(get_people_ou().$this->DivListUsers->selectedBase)); + } + + function reload() { /* Set base for all searches */ @@ -708,11 +741,11 @@ class userManagement extends plugin $ldap= $this->config->get_ldap_link(TRUE); if ($SubSearch){ - $ListTemp = get_list($filter, $this->ui->subtreeACL, $base, + $ListTemp = get_list($filter, "users", $base, array("uid", "givenName", "sn", "objectClass"), GL_SUBSEARCH | GL_SIZELIMIT); } else { $base= get_people_ou().$base; - $ListTemp = get_list($filter, $this->ui->subtreeACL, $base, + $ListTemp = get_list($filter, "users", $base, array("uid", "givenName", "sn", "objectClass"), GL_SIZELIMIT); } $SortTemp = array(); @@ -770,6 +803,9 @@ class userManagement extends plugin /* Use the last dn to search for it's ID in the newly generated list. */ $dn= $this->CopyPasteHandler->lastdn; + + /* Get new user list */ + $this->reload(); foreach($this->list as $id => $entry){ if($entry['dn'] == $dn){ $s_entry= $id; @@ -789,12 +825,19 @@ class userManagement extends plugin if($s_action == "copy"){ $this->CopyPasteHandler->Clear(); $dn= $this->list[trim($s_entry)]['dn']; - $acl= get_permissions ($dn, $this->ui->subtreeACL); - $obj = new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $dn); - $objNew = new usertabs($this->config, $this->config->data['TABS']['USERTABS'], "new"); - $obj-> set_acl($acl); - $objNew-> set_acl($acl); - $this->CopyPasteHandler->Copy($obj,$objNew); + + /* Check acl */ + $acl_all = $ui->has_complete_category_acls($this->selectedBase,"users") ; + if(preg_match("/(c.*w|w.*c)/",$acl_all)){ + $obj = new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $dn); + $obj->set_acl_base($dn); + $objNew = new usertabs($this->config, $this->config->data['TABS']['USERTABS'], "new"); + $objNew->set_acl_base($dn); + + $this->CopyPasteHandler->Copy($obj,$objNew); + }else{ + print_red("You are not allowed to copy this entry."); + } } /* Cut selected object. @@ -802,10 +845,16 @@ class userManagement extends plugin if($s_action == "cut"){ $this->CopyPasteHandler->Clear(); $dn= $this->list[trim($s_entry)]['dn']; - $acl= get_permissions ($dn, $this->ui->subtreeACL); - $obj= new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $dn); - $obj->set_acl($acl); - $this->CopyPasteHandler->Cut($obj); + + /* Check acl */ + $acl_all = $ui->has_complete_category_acls($this->selectedBase,"users") ; + if(preg_match("/(c.*w|w.*c)/",$acl_all)){ + $obj= new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $dn); + $obj->set_acl_base($dn); + $this->CopyPasteHandler->Cut($obj); + }else{ + print_red("You are not allowed to cut this entry."); + } } } } @@ -813,7 +862,9 @@ class userManagement extends plugin function save_object() { /* Handle divlist filter && department selection*/ - $this->DivListUsers->save_object(); + if(!is_object($this->usertab)){ + $this->DivListUsers->save_object(); + } } /* A set of disabled and therefore overloaded functions. They are @@ -823,7 +874,6 @@ class userManagement extends plugin function save() { } function adapt_from_template($dn) { } function password_change_needed() { } - function show_header($button_text, $text, $disabled= FALSE) { } } /* ... class userManagement */ // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: