Added remove handling to roles.

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@13869 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-plugins/roleManagement/admin/roleManagement/class_roleGeneric.inc b/gosa-plugins/roleManagement/admin/roleManagement/class_roleGeneric.inc
index 9fd6a3705834740e86a2b151f48ad4c516e170c1..2bfe6d1df26904d8ad3295509308dd6813670a6a 100644 (file)
--- a/gosa-plugins/roleManagement/admin/roleManagement/class_roleGeneric.inc
+++ b/gosa-plugins/roleManagement/admin/roleManagement/class_roleGeneric.inc
@@ -32,6 +32,8 @@ class roleGeneric extends plugin {
 
   var $base = "";
   var $orig_dn = "";
+  var $orig_cn = "";
+  var $orig_base = "";
 
   var $objectclasses = array("top","organizationalRole");
   var $attributes = array("cn","x121Address","description",
@@ -41,6 +43,7 @@ class roleGeneric extends plugin {
     plugin::plugin($config,$dn);
     $this->is_account = TRUE;
     $this->orig_dn = $dn;
+    $this->orig_cn = $this->cn;
 
     /* Set base */
     if ($this->dn == "new"){
@@ -48,10 +51,12 @@ class roleGeneric extends plugin {
     } else {
       $this->base= preg_replace("/^[^,]+,".preg_quote(get_ou("roleRDN"), '/')."/","",$this->dn);
     }
+    $this->orig_base = $this->base;
   }
 
 
-  function execute(){
+  function execute()
+  {
     $smarty = get_smarty();
 
     /* Create base acls */
@@ -70,6 +75,39 @@ class roleGeneric extends plugin {
   }
 
 
+  function check()
+  {
+    $message = plugin::check();
+
+    /* Set the new acl base */
+    if($this->dn == "new") {
+      $this->set_acl_base($this->base);
+    }
+
+    /* Check if we are allowed to create/move this user
+     */
+    if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
+      $message[]= msgPool::permCreate();
+    }elseif($this->orig_dn != "new" && 
+        !$this->acl_is_moveable($this->base) && 
+        ($this->orig_base != $this->base || $this->orig_cn != $this->cn )){ 
+      $message[]= msgPool::permMove();
+    }
+
+    /* Name already used? */
+    $ldap= $this->config->get_ldap_link();
+    $ldap->cd($this->config->current['BASE']);
+    $ldap->search("(&(objectClass=organizationalRole)(cn=$this->cn))", array("cn"));
+    $ldap->fetch();
+    if ($ldap->count() != 0 && ( $this->dn == 'new' || $this->cn != $this->orig_cn)){
+      $message[]= msgPool::duplicated(_("Name"));
+    }
+
+
+    return($message);
+  }
+  
+
   function convert_list()
   {
     $temp= "";
@@ -83,6 +121,23 @@ class roleGeneric extends plugin {
     return ($temp);
   }
 
+  
+  function remove_from_parent()
+  {
+    plugin::remove_from_parent();
+
+    $ldap= $this->config->get_ldap_link();
+    $ldap->rmdir($this->dn);
+    if (!$ldap->success()){
+      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
+    }
+
+    new log("remove","roles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+
+    /* Trigger remove signal */
+    $this->handle_post_events("remove");
+  }
+
 
   function save(){
     plugin::save();
@@ -110,6 +165,8 @@ class roleGeneric extends plugin {
       return (1);
     }
 
+    $this->handle_post_events($mode);
+
     /* Remove ACL dependencies too */
     if($this->dn != $this->orig_dn && $this->orig_dn != "new"){
       $tmp = new acl($this->config,$this->parent,$this->dn);

diff --git a/gosa-plugins/roleManagement/admin/roleManagement/class_roleManagement.inc b/gosa-plugins/roleManagement/admin/roleManagement/class_roleManagement.inc
index d3d9da484ce961cb43e7e9060f7e6d99849640a9..0d03e8d484d4251a7506c698dac46c71fbd9224d 100644 (file)
--- a/gosa-plugins/roleManagement/admin/roleManagement/class_roleManagement.inc
+++ b/gosa-plugins/roleManagement/admin/roleManagement/class_roleManagement.inc
@@ -68,7 +68,7 @@ class roleManagement extends plugin
     plugin::execute();
 
     /* Variables to restore after 'entry locked' warning was displayed */
-    session::set('LOCK_VARS_TO_USE',array('/^role_/','/^act/','/^id/','/^menu_action/'));
+    session::set('LOCK_VARS_TO_USE',array('/^role_/','/^act/','/^id/','/^menu_action/','/^item/'));
 
     $smarty     = get_smarty();
     $s_action   = "";
@@ -86,7 +86,7 @@ class roleManagement extends plugin
         break;
       }
       if(preg_match("/^role_del_/",$name)){
-        $s_action = "del";  
+        $s_action = "remove";  
         $s_entry = preg_replace("/^role_del_([0-9]*)_.*$/","\\1",$name);
         break;
       }
@@ -108,12 +108,98 @@ class roleManagement extends plugin
       }
     }
 
+    /***************
+     * Remove handling
+     ***************/
+
+    if($s_action == "remove_multiple" || $s_action == "remove"){
+    
+      if($s_action == "remove_multiple"){
+        $ids = $this->list_get_selected_items();
+      }else{
+        $ids = array($s_entry);
+      }
+
+      if(count($ids)){
+        $this->dns = array();
+        $disallowed = array();
+        foreach($ids as $id){
+          $dn = $this->roles[$id]['dn'];
+          $acl = $this->ui->get_permissions($dn, "roles/roleGeneric");
+          if(preg_match("/d/",$acl)){
+            $this->dns[$id] = $dn;
+          }else{
+            $disallowed[] = $dn;
+          }
+        }
+
+        if(count($disallowed)){
+          msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
+        }
+
+
+        if(count($this->dns)){
+          if ($user= get_multiple_locks($this->dns)){
+            return(gen_locked_message($user,$this->dns));
+          }
+          $dns_names = array();
+          foreach($this->dns as $dn){
+            $dns_names[] = LDAP::fix($dn);
+          }
+
+          /* Lock the current entry, so nobody will edit it during deletion */
+          add_lock ($this->dns, $this->ui->dn);
+
+          $smarty->assign("info", msgPool::deleteInfo($dns_names,_("role")));
+          $smarty->assign("multiple", true);
+          return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
+        }
+      }
+    } 
+
+
+    /* Remove lock */
+    if(isset($_POST['delete_multiple_roles_cancel'])){
+
+      /* Remove lock file after successfull deletion */
+      $this->remove_lock();
+      $this->dns = array();
+    }
+
+
+    /* Confirmation for deletion has been passed. Users should be deleted. */
+    if (isset($_POST['delete_multiple_roles_confirm'])){
+
+      /* Remove user by user and check acls before removeing them */
+      foreach($this->dns as $key => $dn){
+
+        $acl = $this->ui->get_permissions($dn, "roles/roleGeneric");
+        if (preg_match('/d/', $acl)){
+
+          /* Delete request is permitted, perform LDAP action */
+          $this->dialog= new roletabs($this->config,$this->config->data['TABS']['ROLETABS'], $dn);
+          $this->dialog->delete();
+          $this->dialog= NULL;
+        } else {
+
+          /* Normally this shouldn't be reached, send some extra
+             logs to notify the administrator */
+          msg_dialog::display(_("Permission error"), msgPool::permDelete(), INFO_DIALOG);
+          new log("security","roles/".get_class($this),$dn,array(),"Tried to trick deletion.");
+        }
+      }
+
+      /* Remove lock file after successfull deletion */
+      $this->remove_lock();
+      $this->dns = array();
+    }
+
 
     /***************
      * New handling
      ***************/
 
-    if($s_action == "new" && $this->dialog instanceOf tabs){
+    if($s_action == "new" && !$this->dialog instanceOf tabs){
       $this->dialog = new roletabs($this->config, $this->config->data['TABS']['ROLETABS'], "new");
       $this->dialog->set_acl_base($this->DivListRoles->selectedBase);
     }
@@ -234,7 +320,7 @@ class roleManagement extends plugin
     $attrs = array("cn","description","objectClass");
 
     if($this->DivListRoles->SubSearch){
-      $res= get_sub_list($filter, "roles",get_ou('roleRDN'), $base, $attrs, GL_SIZELIMIT | GL_SUBSEARCH);
+      $res= get_sub_list($filter, "roles",array(), $base, $attrs, GL_SIZELIMIT | GL_SUBSEARCH);
     }else{
       $res= get_sub_list($filter, "roles",get_ou('roleRDN'), get_ou('roleRDN').$base, $attrs, GL_SIZELIMIT );
     }