feat(argonaut): Use target dn as ACL base for deployment queue

issue #5749

argonaut/addons/argonaut/class_argonautQueue.inc

@@ -35,8 +35,6 @@ class argonautQueue extends simpleManagement
   var $acl_base;
   protected $aclCategory = 'argonautQueue/';
 
-  static protected $macInfos = array();
-
   static function plInfo()
   {
     return array(
@@ -290,36 +288,16 @@ class argonautQueue extends simpleManagement
     return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->aclCategory.get_class($this), '0'));
   }
 
-  static function filterHostName($mac, $name = '')
+  static function filterHostName($mac, $name = '', $targetdn = '', $targettype = '')
   {
-    if (!isset(static::$macInfos[$mac[0]])) {
-      $types  = array('workstation','server','terminal');
-      $dn     = NULL;
-      foreach ($types as $type) {
-        $objects = objects::ls($type, array('dn' => 'raw'), NULL, '(macAddress='.$mac[0].')');
-        if (count($objects) > 1) {
-          trigger_error('Duplicated mac address '.$mac[0].' in LDAP');
-        }
-        if (count($objects) > 0) {
-          $dn = reset($objects)['dn'];
-          break;
-        }
-      }
-      if (!empty($dn)) {
-        static::$macInfos[$mac[0]] = array(
-          'dn'    => $dn,
-          'type'  => $type
-        );
-      }
-    }
     $text = '';
     if (isset($name[0]) && $name[0] != 'none') {
       $text = $name[0].' ('.$mac[0].')';
     } else {
       $text = $mac[0];
     }
-    if (isset(static::$macInfos[$mac[0]])) {
-      return objects::link(static::$macInfos[$mac[0]]['dn'], static::$macInfos[$mac[0]]['type'], '', $text, TRUE);
+    if (!empty($targetdn[0]) && !empty($targettype[0])) {
+      return objects::link($targetdn[0], $targettype[0], '', $text, TRUE);
     } else {
       return htmlentities($text, ENT_COMPAT, 'UTF-8');
     }

argonaut/addons/argonaut/class_filterArgonautEvents.inc

@@ -46,12 +46,20 @@ class filterArgonautEvents extends  filterLDAP
     $ui   = get_userinfo();
 
 
-    $acl_base = $config->current['BASE'];
-    $acl_is_writeable   = preg_match('/w/', $ui->get_permissions($acl_base, "argonautQueue/argonautQueue", "0"));
-    $acl_is_removeable  = preg_match('/d/', $ui->get_permissions($acl_base, "argonautQueue/argonautQueue", "0"));
-    $acl_is_readable    = preg_match('/r/', $ui->get_permissions($acl_base, "argonautQueue/argonautQueue", "0"));
-
     foreach ($entries as $entry) {
+      if (isset($entry['TARGETDN'])) {
+        $acl_base = $entry['TARGETDN'];
+      } else {
+        $acl_base = $config->current['BASE'];
+      }
+
+      $acl_is_writeable   = preg_match('/w/', $ui->get_permissions($acl_base, "argonautQueue/argonautQueue", "0"));
+      $acl_is_removeable  = preg_match('/d/', $ui->get_permissions($acl_base, "argonautQueue/argonautQueue", "0"));
+      $acl_is_readable    = preg_match('/r/', $ui->get_permissions($acl_base, "argonautQueue/argonautQueue", "0"));
+
+      if (!$acl_is_readable) {
+        continue;
+      }
 
       // Detect entry status
       $entry['objectClass'][] = "FAKE_OC__gotoEvent";

argonaut/addons/argonaut/deploy-list.xml

@@ -27,7 +27,7 @@
       <label>Target</label>
       <sortAttribute>MACADDRESS</sortAttribute>
       <sortType>string</sortType>
-      <value>%{filter:hostName(MACADDRESS,PLAINNAME)}</value>
+      <value>%{filter:hostName(MACADDRESS,PLAINNAME,TARGETDN,TARGETTYPE)}</value>
       <export>true</export>
     </column>
 

argonaut/include/class_supportDaemon.inc

@@ -315,7 +315,7 @@ class supportDaemon
     global $config;
     timezone::get_default_timezone();
     $entries_r  = array();
-    $macToCn    = array();
+    $macInfos   = array();
     $ldap       = $config->get_ldap_link();
     $ldap->cd($config->current['BASE']);
     foreach ($entries as &$entry) {
@@ -323,15 +323,30 @@ class supportDaemon
       $entry_r['MACADDRESS']  = $entry['target'];
 
       /* Do an ldap search only if we haven't done it for the same mac before */
-      if (isset($macToCn[$entry_r['MACADDRESS']])) {
-        $entry_r['PLAINNAME'] = $macToCn[$entry_r['MACADDRESS']];
-      } else {
-        $ldap->search('(macAddress='.$entry_r['MACADDRESS'].')', array('cn'));
-        if ($ldap_infos = $ldap->fetch()) {
-          $macToCn[$entry_r['MACADDRESS']]  = $ldap_infos['cn'][0];
-          $entry_r['PLAINNAME']             = $ldap_infos['cn'][0];
+      if (!isset($macInfos[$entry_r['MACADDRESS']])) {
+        $types = array('workstation','server','terminal');
+        foreach ($types as $type) {
+          $objects = objects::ls($type, array('dn' => 'raw', 'cn' => 1), NULL, '(macAddress='.$entry_r['MACADDRESS'].')');
+          if (count($objects) > 1) {
+            trigger_error('Duplicated mac address '.$entry_r['MACADDRESS'].' in LDAP');
+          }
+          if (count($objects) > 0) {
+            $macInfos[$entry_r['MACADDRESS']] = array(
+              'dn'    => reset($objects)['dn'],
+              'type'  => $type,
+              'cn'    => reset($objects)['cn']
+            );
+            break;
+          }
         }
       }
+      if (isset($macInfos[$entry_r['MACADDRESS']])) {
+        $entry_r['PLAINNAME']   = $macInfos[$entry_r['MACADDRESS']]['cn'];
+        $entry_r['TARGETDN']    = $macInfos[$entry_r['MACADDRESS']]['dn'];
+        $entry_r['TARGETTYPE']  = $macInfos[$entry_r['MACADDRESS']]['type'];
+      } else {
+        $entry_r['PLAINNAME']   = $entry_r['MACADDRESS'];
+      }
 
       $entry_r['ERROR']     = $entry['error'];
       $entry_r['PROGRESS']  = $entry['progress'];
@@ -344,7 +359,7 @@ class supportDaemon
 
       $entries_r[] = $entry_r;
     }
-    unset($entries);
+    unset($entry);
     return $entries_r;
   }