![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 897c2fa)
raw | patch | inline | side by side (parent: 897c2fa)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Tue, 27 Oct 2009 08:06:24 +0000 (08:06 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Tue, 27 Oct 2009 08:06:24 +0000 (08:06 +0000) |
-We are now able to use templates again.
-Lock entries, mutliple too.
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@14643 594d385d-05f5-0310-b6e9-bd551577e9d8
-Lock entries, mutliple too.
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@14643 594d385d-05f5-0310-b6e9-bd551577e9d8
index 8161e394f35fe89fc31912bb0b529e5c8049111a..617b0226051b9220f54b12280d706f6e1687108a 100644 (file)
$this->tabObject= new $tab($this->config,$this->config->data['TABS'][$this->tabType], $this->dn, $this->aclCategory);
$this->tabObject->set_acl_base($this->dn);
$this->tabObject->delete ();
- $this->closeDialogs();
del_lock($this->dn);
} else {
logs to notify the administrator */
msg_dialog::display(_("Permission error"), msgPool::permDelete(), ERROR_DIALOG);
new log("security","groups/".get_class($this),$dn,array(),"Tried to trick deletion.");
- return;
}
}
- $this->closeDialogs();
$this->remove_lock();
+ $this->closeDialogs();
}
return("");
}else{
$this->tabObject->save();
- $this->closeDialogs();
$this->remove_lock();
+ $this->closeDialogs();
}
}
}
protected function cancelEdit()
{
- $this->closeDialogs();
$this->remove_lock();
+ $this->closeDialogs();
}
diff --git a/gosa-core/plugins/admin/users/class_userManagement.inc b/gosa-core/plugins/admin/users/class_userManagement.inc
index 570fe8b48d8a0567a97b26bd0fa425c8065ea9c6..8082f9f4fbc6463a16cc45a5c4f0026e4237a886 100644 (file)
var $sn = "";
var $givenName = "";
+ var $uid = "";
+ var $got_uid = "";
+ var $edit_uid = "";
// Tab definition
protected $tabClass = "usertabs";
// Register special user actions
$this->registerAction("lock", "lockEntry");
- $this->registerAction("unlock", "alert");
+ $this->registerAction("lockUsers", "lockUsers");
+ $this->registerAction("unlockUsers", "lockUsers");
$this->registerAction("new_template", "newTemplate");
$this->registerAction("newfromtpl", "newUserFromTemplate");
$this->registerAction("templateContinue", "templateContinue");
+ $this->registerAction("templatize", "templatizeUsers");
+ $this->registerAction("templatizeContinue", "templatizeContinue");
}
// Inject user actions
{
$action = management::detectPostActions();
if(isset($_POST['template_continue'])) $action['action'] = "templateContinue";
+ if(isset($_POST['templatize_continue'])) $action['action'] = "templatizeContinue";
return($action);
}
- function lockEntry($action,$entry)
- {
- $disallowed = array();
- $dns = array();
- foreach($entry as $dn){
- if (!preg_match("/w/",$this->ui->get_permissions($dn,"users/password"))){
- $disallowed[] = $dn;
- }else{
- $allowed[] = $dn;
- }
- }
- if(count($disallowed)){
- msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
- }
- $ldap = $this->config->get_ldap_link();
- foreach($allowed as $dn){
- $ldap->cat($dn, array('userPassword'));
- if($ldap->count() == 1){
- $val = $ldap->fetch();
- $pwd = $val['userPassword'][0];
- $method = passwordMethod::get_method($pwd,$val['dn']);
- $success= false;
- if($method instanceOf passwordMethod){
- if($method->is_locked($this->config,$val['dn'])){
- $success= $method->unlock_account($this->config,$val['dn']);
- }else{
- $success= $method->lock_account($this->config,$val['dn']);
- }
-
- /* Check for success */
- if (!$success){
- $hn= $method->get_hash_name();
- if (is_array($hn)){
- $hn= $hn[0];
- }
- msg_dialog::display(_("Account locking"),
- sprintf(_("Password method '%s' does not support locking. Account has not been locked!"), $hn),WARNING_DIALOG);
- }
- }else{
- // Can't lock unknown methods.
- }
- }
- }
- }
-
function alert($action,$values)
{
print_a(array($action,$values));
}
+ /*! \brief Intiates template creation.
+ */
function newTemplate($action,$entry)
{
$this->newEntry();
$this->tabObject->set_template_mode ();
}
-
- function templateContinue()
+
+ /*! \brief Intiates user creation.
+ * If we've user templates, then the user will be asked to use to use one.
+ * -> See 'templateContinue' for further handling.
+ */
+ function newUserFromTemplate($action="",$target=array(),$all=array())
{
- $smarty = get_smarty();
+ // Call parent method, it knows whats to do, locking and so on ...
+ management::newEntry($action,$target,$all);
+
+ // Reset uid selection.
+ $this->got_uid= "";
+
+ // Use template if there are any of them
$templates = array();
$templates['none']= _("none");
$templates = array_merge($templates,$this->get_templates());
- if (isset($_POST['template_continue'])){
- $message = array();
- if(!isset($_POST['template']) || (empty($_POST['template']))){
- $message[]= msgPool::invalid(_("Template"));
- }
- if(!isset($_POST['sn']) || (empty($_POST['sn']))){
- $message[]= msgPool::required(_("Name"));
+ // We've templates, so preset the current template and display the input dialog.
+ if (count($templates)){
+ $smarty = get_smarty();
+ foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
+ $smarty->assign("$attr", "");
}
- if(!isset($_POST['givenName']) || (empty($_POST['givenName']))){
- $message[]= msgPool::required(_("Given name"));
+ $smarty->assign("template", array_pop($target));
+ $smarty->assign("templates", $templates);
+ $smarty->assign("edit_uid", "");
+ return($smarty->fetch(get_template_path('template.tpl', TRUE)));
+
+ // -> See 'templateContinue' for further handling!
+ }
+ }
+
+
+
+ /*! \brief Intiates user creation.
+ * If we've user templates, then the user will be asked
+ * if he wants to use one.
+ * -> See 'templateContinue' for further handling.
+ */
+ function newEntry($action="",$target=array(),$all=array())
+ {
+
+ // Call parent method, it manages everything, locking, object creation...
+ management::newEntry($action,$target,$all);
+
+ // If we've at least one template, then ask the user if he wants to use one?
+ $templates = array();
+ $templates['none']= _("none");
+ $templates = array_merge($templates,$this->get_templates());
+
+ // Display template selection
+ if (count($templates)){
+ $smarty = get_smarty();
+
+ // Set default variables, normally empty.
+ foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
+ $smarty->assign($attr, "");
}
+ $smarty->assign("template", "none");
+ $smarty->assign("templates", $templates);
+ $smarty->assign("edit_uid", "");
+ return($smarty->fetch(get_template_path('template.tpl', TRUE)));
- /* Show error message / continue editing */
- if (count($message) > 0){
- msg_dialog::displayChecks($message);
+ // -> See 'templateContinue' for further handling!
+ }
+ }
- foreach(array("sn", "givenName", "uid", "template") as $attr){
- if(isset($_POST[$attr])){
- $smarty->assign("$attr", $_POST[$attr]);
- }else{
- $smarty->assign("$attr", "");
- }
+
+ /* !\brief This method is called whenever a template selection was displayed.
+ * Here we act on the use selection.
+ * - Does the user want to create a user from template?
+ * - Create user without template?
+ * - Input correct, every value given and valid?
+ */
+ function templateContinue()
+ {
+ // Get the list of available templates.
+ $templates = array();
+ $templates['none']= _("none");
+ $templates = array_merge($templates,$this->get_templates());
+
+ // Input validation, if someone wants to create a user from a template
+ // then validate the given values.
+ $message = array();
+ if(!isset($_POST['template']) || (empty($_POST['template']))){
+ $message[]= msgPool::invalid(_("Template"));
+ }
+ if(!isset($_POST['sn']) || (empty($_POST['sn']))){
+ $message[]= msgPool::required(_("Name"));
+ }
+ if(!isset($_POST['givenName']) || (empty($_POST['givenName']))){
+ $message[]= msgPool::required(_("Given name"));
+ }
+
+ /********************
+ * 1 We've had input errors - Display errors and show input dialog again.
+ ********************/
+
+ if (count($message) > 0){
+ msg_dialog::displayChecks($message);
+
+ // Preset input fields with user input.
+ $smarty = get_smarty();
+ foreach(array("sn", "givenName", "uid", "template") as $attr){
+ if(isset($_POST[$attr])){
+ $smarty->assign("$attr", get_post($attr));
+ }else{
+ $smarty->assign("$attr", "");
}
- $smarty->assign("templates",$templates);
- $smarty->assign("got_uid",$this->got_uid);
- $smarty->assign("edit_uid",false);
- return($smarty->fetch(get_template_path('template.tpl', TRUE)));
}
+
+ $smarty->assign("templates",$templates);
+ $smarty->assign("got_uid", $this->got_uid);
+ $smarty->assign("edit_uid",false);
+ return($smarty->fetch(get_template_path('template.tpl', TRUE)));
}
- /* Continue template editing */
+ /********************
+ * 2 There was a template selected, now ask for the uid.
+ ********************/
+
if ($_POST['template'] != 'none' && !isset($_POST['uid'])){
+ // Remember user input.
+ $smarty = get_smarty();
$this->sn = $_POST['sn'];
$this->givenName = $_POST['givenName'];
- /* Check for requred values */
- $message= array();
- if ($this->sn == "") {
- $message[]= msgPool::required(_("Name"));
- }
- if ($this->givenName == "") {
- $message[]= msgPool::required(_("Given name"));
- }
-
- /* Check if dn is used */
+ // Avoid duplicate entries, check if such a user already exists.
$dn= preg_replace("/^[^,]+,/i", "", $_POST['template']);
$ldap= $this->config->get_ldap_link();
$ldap->cd ($dn);
$ldap->search ("(&(sn=".normalizeLdap($this->sn).")(givenName=".normalizeLdap($this->givenName)."))", array("givenName"));
if ($ldap->count () != 0){
- msgPool::duplicated(_("Name"));
- }
+ msg_dialog::displayChecks(array(msgPool::duplicated(_("Name"))));
+ }else{
- /* Show error message / continue editing */
- if (count($message) > 0){
- msg_dialog::displayChecks($message);
- } else {
+ // Preset uid field by using the idGenerator
$attributes= array('sn' => $this->sn, 'givenName' => $this->givenName);
if ($this->config->get_cfg_value("idGenerator") != ""){
$uids= gen_uids ($this->config->get_cfg_value("idGenerator"), $attributes);
$this->got_uid= true;
}
+ // Assign user input
foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
$smarty->assign("$attr", $this->$attr);
}
return($smarty->fetch(get_template_path('template.tpl', TRUE)));
}
- /* No template. Ok. Lets fill data into the normal user dialog */
+
+ /********************
+ * 3 No template - Ok. Lets fill the data into the user object and skip templating here.
+ ********************/
if ($_POST['template'] == 'none'){
foreach(array("sn", "givenName", "uid") as $attr){
if (isset($_POST[$attr])){
$this->tabObject->by_object['user']->$attr= $_POST[$attr];
}
}
- }elseif(isset($_POST['uid'])){
+
+ // The user Tab object is already instantiated, so just go back and let the
+ // management class do the rest.
+ return("");
+ }
+
- /* Move user supplied data to sub plugins */
+ /********************
+ * 4 Template selected and uid given - Ok, then lets adapt tempalte values.
+ ********************/
+ if(isset($_POST['uid'])){
+
+ // Move user supplied data to sub plugins
foreach(array("uid","sn","givenName") as $attr){
$this->$attr = $_POST[$attr];
$this->tabObject->$attr = $this->$attr;
$this->tabObject->by_object['user']->$attr = $this->$attr;
}
+ // Adapt template values.
$template_dn = $_POST['template'];
$this->tabObject->adapt_from_template($template_dn, array("uid","cn","givenName","sn"));
$template_base = preg_replace("/^[^,]+,".preg_quote(get_people_ou(), '/')."/", '', $template_dn);
$this->tabObject->by_object['user']->base= $template_base;
+
+ // The user Tab object is already instantiated, so just go back and let the
+ // management class do the rest.
+ return("");
}
}
- function newUserFromTemplate($action,$entry)
- {
- // By default we set 'dn' to 'new', all relevant plugins will react on this.
- $this->dn= "new";
- $this->got_uid= ($this->config->get_cfg_value("idGenerator") == "");
+ /* !\brief This method applies a template to a set of users.
+ */
+ function templatizeUsers($action="",$target=array(),$all=array())
+ {
+ $this->dns = array();
+ if(count($target)){
- $tab = $this->tabClass;
- $this->tabObject= new $tab($this->config,$this->config->data['TABS'][$this->tabType], $this->dn, $this->aclCategory);
- $this->tabObject->by_object['user']->base= $this->headpage->getBase();
- $this->tabObject->set_acl_base($this->headpage->getBase());
+ // Get the list of available templates.
+ $templates = $this->get_templates();
- // Use template if there are any of them
- $templates = array();
- $templates['none']= _("none");
- $templates = array_merge($templates,$this->get_templates());
- if (count($templates)){
- $smarty = get_smarty();
- foreach(array("sn", "givenName", "uid", "got_uid") as $attr){
- $smarty->assign("$attr", "");
+ // Check entry locking
+ foreach($target as $dn){
+ if (($user= get_lock($dn)) != ""){
+ return(gen_locked_message ($user, $dn));
+ }
+ $this->dns[] = $dn;
}
- $smarty->assign("template", array_pop($entry));
+
+ // Display template
+ $smarty = get_smarty();
$smarty->assign("templates", $templates);
- $smarty->assign("edit_uid", "");
- return($smarty->fetch(get_template_path('template.tpl', TRUE)));
+ return($smarty->fetch(get_template_path('templatize.tpl', TRUE)));
+ }
+ }
+
+
+ /* !\brief This method is called whenever the templatize dialog was used.
+ */
+ function templatizeContinue()
+ {
+ // Template readable?
+ $template= get_post('template');
+ $acl = $this->ui->get_permissions($template, $this->aclCategory."/".$this->aclPlugin);
+ if (preg_match('/r/', $acl)){
+ $tab = $this->tabClass;
+ foreach ($this->dns as $dn){
+
+ // User writeable
+ $acl = $this->ui->get_permissions($dn, $this->aclCategory."/".$this->aclPlugin);
+ if (preg_match('/w/', $acl)){
+ $this->tabObject= new $tab($this->config, $this->config->data['TABS'][$this->tabType], $dn, $this->aclCategory);
+ $this->tabObject->adapt_from_template($template, array("sn", "givenName", "uid"));
+ $this->tabObject->save();
+ } else {
+ msg_dialog::display(_("Permission error"), msgPool::permModify($dn), ERROR_DIALOG);
+ }
+ }
+ } else {
+ msg_dialog::display(_("Permission error"), msgPool::permView($template), ERROR_DIALOG);
+ }
+
+ // Cleanup!
+ $this->remove_lock();
+ $this->closeDialogs();
+ }
+
+
+ /* !\brief Lock/unlock multiple users.
+ */
+ function lockUsers($action,$target,$all)
+ {
+ if($action == "lockUsers"){
+ $this->lockEntry($action,$target, $all, "lock");
+ }else{
+ $this->lockEntry($action,$target, $all, "unlock");
+ }
+ }
+
+
+ /* !\brief Locks/unlocks the given user(s).
+ */
+ function lockEntry($action,$entry, $all, $type = "toggle")
+ {
+
+ // Filter out entries we are not allowed to modify
+ $disallowed = array();
+ $dns = array();
+ foreach($entry as $dn){
+ if (!preg_match("/w/",$this->ui->get_permissions($dn,"users/password"))){
+ $disallowed[] = $dn;
+ }else{
+ $allowed[] = $dn;
+ }
+ }
+ if(count($disallowed)){
+ msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG);
+ }
+
+ // Try to lock/unlock the rest of the entries.
+ $ldap = $this->config->get_ldap_link();
+ foreach($allowed as $dn){
+ $ldap->cat($dn, array('userPassword'));
+ if($ldap->count() == 1){
+
+ // We can't lock empty passwords.
+ $val = $ldap->fetch();
+ if(!isset($val['userPassword'])){
+ continue;
+ }
+
+ // Detect the password method and try to lock/unlock.
+ $pwd = $val['userPassword'][0];
+ $method = passwordMethod::get_method($pwd,$val['dn']);
+ $success= true;
+ if($method instanceOf passwordMethod){
+ if($type == "toggle"){
+ if($method->is_locked($this->config,$val['dn'])){
+ $success= $method->unlock_account($this->config,$val['dn']);
+ }else{
+ $success= $method->lock_account($this->config,$val['dn']);
+ }
+ }elseif($type == "lock" && !$method->is_locked($this->config,$val['dn'])){
+ $success= $method->lock_account($this->config,$val['dn']);
+ }elseif($type == "unlock" && $method->is_locked($this->config,$val['dn'])){
+ $success= $method->unlock_account($this->config,$val['dn']);
+ }
+
+ // Check if everything went fine.
+ if (!$success){
+ $hn= $method->get_hash_name();
+ if (is_array($hn)){
+ $hn= $hn[0];
+ }
+ msg_dialog::display(_("Account locking"),
+ sprintf(_("Password method '%s' does not support locking. Account (%s) has not been locked!"),
+ $hn,$dn),WARNING_DIALOG);
+ }
+ }else{
+ // Can't lock unknown methods.
+ }
+ }
}
}
+
+ /* !\brief This method returns a list of all available templates.
+ */
function get_templates()
{
$templates= array();
$ldap= $this->config->get_ldap_link();
-
- /* Create list of templates */
foreach ($this->config->departments as $key => $value){
-
- /* Get acls from different ou's */
$acl = $this->ui->get_permissions($value,$this->aclCategory."/".$this->aclPlugin);
-
- /* If creation of a new user is allowed, append this template */
if (preg_match("/c/",$acl)){
- /* Search all templates from the current dn */
+ // Search all templates from the current dn.
$ldap->cd (get_people_ou().$value);
$ldap->search ("(objectClass=gosaUserTemplate)", array("uid"));
-
- /* Append */
if ($ldap->count() != 0){
while ($attrs= $ldap->fetch()){
$templates[$ldap->getDN()]= $attrs['uid'][0]." - ".LDAP::fix($key);
}
-
-
static function filterLockImage($userPassword)
{
$image= "images/empty.png";
-
if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
$image= "images/lists/locked.png";
$image= "images/lists/unlocked.png";
}
}
-
return $image;
}
static function filterLockLabel($userPassword)
{
$label= "";
-
if(isset($userPassword[0]) && preg_match("/^\{[^\}]/",$userPassword[0])){
if(preg_match("/^[^\}]*+\}!/",$userPassword[0])){
$label= _("Unlock account");
$label= _("Lock account");
}
}
-
return $label;
}
-
-
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>
diff --git a/gosa-core/plugins/admin/users/user-list.xml b/gosa-core/plugins/admin/users/user-list.xml
index e17e9ff62533bc08ae1e5b887bd4c3b5499fabd1..7ab138502011dbb2f3d9e30ca4ccff9886c66bc3 100644 (file)
<type>separator</type>
</action>
+ <action>
+ <name>lockUsers</name>
+ <type>entry</type>
+ <image>images/lists/locked.png</image>
+ <acl>uniBonnAccount/password[w]</acl>
+ <label>Lock users</label>
+ </action>
+
+ <action>
+ <name>unlockUsers</name>
+ <type>entry</type>
+ <image>images/lists/unlocked.png</image>
+ <acl>uniBonnAccount/password[w]</acl>
+ <label>Unlock users</label>
+ </action>
+
<action>
<type>separator</type>
</action>