From 3256942daa0e49237a7a2c78e56e83b4c5946764 Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 1 Jul 2009 12:52:36 +0000 Subject: [PATCH] Added remove handling to roles. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@13869 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../roleManagement/class_roleGeneric.inc | 59 +++++++++++- .../roleManagement/class_roleManagement.inc | 94 ++++++++++++++++++- 2 files changed, 148 insertions(+), 5 deletions(-) diff --git a/gosa-plugins/roleManagement/admin/roleManagement/class_roleGeneric.inc b/gosa-plugins/roleManagement/admin/roleManagement/class_roleGeneric.inc index 9fd6a3705..2bfe6d1df 100644 --- a/gosa-plugins/roleManagement/admin/roleManagement/class_roleGeneric.inc +++ b/gosa-plugins/roleManagement/admin/roleManagement/class_roleGeneric.inc @@ -32,6 +32,8 @@ class roleGeneric extends plugin { var $base = ""; var $orig_dn = ""; + var $orig_cn = ""; + var $orig_base = ""; var $objectclasses = array("top","organizationalRole"); var $attributes = array("cn","x121Address","description", @@ -41,6 +43,7 @@ class roleGeneric extends plugin { plugin::plugin($config,$dn); $this->is_account = TRUE; $this->orig_dn = $dn; + $this->orig_cn = $this->cn; /* Set base */ if ($this->dn == "new"){ @@ -48,10 +51,12 @@ class roleGeneric extends plugin { } else { $this->base= preg_replace("/^[^,]+,".preg_quote(get_ou("roleRDN"), '/')."/","",$this->dn); } + $this->orig_base = $this->base; } - function execute(){ + function execute() + { $smarty = get_smarty(); /* Create base acls */ @@ -70,6 +75,39 @@ class roleGeneric extends plugin { } + function check() + { + $message = plugin::check(); + + /* Set the new acl base */ + if($this->dn == "new") { + $this->set_acl_base($this->base); + } + + /* Check if we are allowed to create/move this user + */ + if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){ + $message[]= msgPool::permCreate(); + }elseif($this->orig_dn != "new" && + !$this->acl_is_moveable($this->base) && + ($this->orig_base != $this->base || $this->orig_cn != $this->cn )){ + $message[]= msgPool::permMove(); + } + + /* Name already used? */ + $ldap= $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->search("(&(objectClass=organizationalRole)(cn=$this->cn))", array("cn")); + $ldap->fetch(); + if ($ldap->count() != 0 && ( $this->dn == 'new' || $this->cn != $this->orig_cn)){ + $message[]= msgPool::duplicated(_("Name")); + } + + + return($message); + } + + function convert_list() { $temp= ""; @@ -83,6 +121,23 @@ class roleGeneric extends plugin { return ($temp); } + + function remove_from_parent() + { + plugin::remove_from_parent(); + + $ldap= $this->config->get_ldap_link(); + $ldap->rmdir($this->dn); + if (!$ldap->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class())); + } + + new log("remove","roles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error()); + + /* Trigger remove signal */ + $this->handle_post_events("remove"); + } + function save(){ plugin::save(); @@ -110,6 +165,8 @@ class roleGeneric extends plugin { return (1); } + $this->handle_post_events($mode); + /* Remove ACL dependencies too */ if($this->dn != $this->orig_dn && $this->orig_dn != "new"){ $tmp = new acl($this->config,$this->parent,$this->dn); diff --git a/gosa-plugins/roleManagement/admin/roleManagement/class_roleManagement.inc b/gosa-plugins/roleManagement/admin/roleManagement/class_roleManagement.inc index d3d9da484..0d03e8d48 100644 --- a/gosa-plugins/roleManagement/admin/roleManagement/class_roleManagement.inc +++ b/gosa-plugins/roleManagement/admin/roleManagement/class_roleManagement.inc @@ -68,7 +68,7 @@ class roleManagement extends plugin plugin::execute(); /* Variables to restore after 'entry locked' warning was displayed */ - session::set('LOCK_VARS_TO_USE',array('/^role_/','/^act/','/^id/','/^menu_action/')); + session::set('LOCK_VARS_TO_USE',array('/^role_/','/^act/','/^id/','/^menu_action/','/^item/')); $smarty = get_smarty(); $s_action = ""; @@ -86,7 +86,7 @@ class roleManagement extends plugin break; } if(preg_match("/^role_del_/",$name)){ - $s_action = "del"; + $s_action = "remove"; $s_entry = preg_replace("/^role_del_([0-9]*)_.*$/","\\1",$name); break; } @@ -108,12 +108,98 @@ class roleManagement extends plugin } } + /*************** + * Remove handling + ***************/ + + if($s_action == "remove_multiple" || $s_action == "remove"){ + + if($s_action == "remove_multiple"){ + $ids = $this->list_get_selected_items(); + }else{ + $ids = array($s_entry); + } + + if(count($ids)){ + $this->dns = array(); + $disallowed = array(); + foreach($ids as $id){ + $dn = $this->roles[$id]['dn']; + $acl = $this->ui->get_permissions($dn, "roles/roleGeneric"); + if(preg_match("/d/",$acl)){ + $this->dns[$id] = $dn; + }else{ + $disallowed[] = $dn; + } + } + + if(count($disallowed)){ + msg_dialog::display(_("Permission"),msgPool::permDelete($disallowed),INFO_DIALOG); + } + + + if(count($this->dns)){ + if ($user= get_multiple_locks($this->dns)){ + return(gen_locked_message($user,$this->dns)); + } + $dns_names = array(); + foreach($this->dns as $dn){ + $dns_names[] = LDAP::fix($dn); + } + + /* Lock the current entry, so nobody will edit it during deletion */ + add_lock ($this->dns, $this->ui->dn); + + $smarty->assign("info", msgPool::deleteInfo($dns_names,_("role"))); + $smarty->assign("multiple", true); + return($smarty->fetch(get_template_path('remove.tpl', TRUE))); + } + } + } + + + /* Remove lock */ + if(isset($_POST['delete_multiple_roles_cancel'])){ + + /* Remove lock file after successfull deletion */ + $this->remove_lock(); + $this->dns = array(); + } + + + /* Confirmation for deletion has been passed. Users should be deleted. */ + if (isset($_POST['delete_multiple_roles_confirm'])){ + + /* Remove user by user and check acls before removeing them */ + foreach($this->dns as $key => $dn){ + + $acl = $this->ui->get_permissions($dn, "roles/roleGeneric"); + if (preg_match('/d/', $acl)){ + + /* Delete request is permitted, perform LDAP action */ + $this->dialog= new roletabs($this->config,$this->config->data['TABS']['ROLETABS'], $dn); + $this->dialog->delete(); + $this->dialog= NULL; + } else { + + /* Normally this shouldn't be reached, send some extra + logs to notify the administrator */ + msg_dialog::display(_("Permission error"), msgPool::permDelete(), INFO_DIALOG); + new log("security","roles/".get_class($this),$dn,array(),"Tried to trick deletion."); + } + } + + /* Remove lock file after successfull deletion */ + $this->remove_lock(); + $this->dns = array(); + } + /*************** * New handling ***************/ - if($s_action == "new" && $this->dialog instanceOf tabs){ + if($s_action == "new" && !$this->dialog instanceOf tabs){ $this->dialog = new roletabs($this->config, $this->config->data['TABS']['ROLETABS'], "new"); $this->dialog->set_acl_base($this->DivListRoles->selectedBase); } @@ -234,7 +320,7 @@ class roleManagement extends plugin $attrs = array("cn","description","objectClass"); if($this->DivListRoles->SubSearch){ - $res= get_sub_list($filter, "roles",get_ou('roleRDN'), $base, $attrs, GL_SIZELIMIT | GL_SUBSEARCH); + $res= get_sub_list($filter, "roles",array(), $base, $attrs, GL_SIZELIMIT | GL_SUBSEARCH); }else{ $res= get_sub_list($filter, "roles",get_ou('roleRDN'), get_ou('roleRDN').$base, $attrs, GL_SIZELIMIT ); } -- 2.30.2