class_simplePlugin.inc

<?php
/*
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)

  Copyright (C) 2012-2019  FusionDirectory

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/

/*!
 * \file class_simplePlugin.inc
 * Source code for the class simplePlugin
 */

/*! \brief This class is made for easy plugin creation for editing LDAP attributes
 *
 */
class simplePlugin implements SimpleTab
{
  /*! \brief This attribute store all information about attributes */
  public $attributesInfo;

  /*! \brief This attribute store references toward attributes
   *
   * associative array that stores attributeLdapName => reference on object
   */
  public $attributesAccess = [];

  /*!
    \brief Mark plugin as account

    Defines whether this plugin is defined as an account or not.
    This has consequences for the plugin to be saved from tab
    mode. If it is set to 'FALSE' the tab will call the delete
    function, else the save function. Should be set to 'TRUE' if
    the construtor detects a valid LDAP object.

    \sa simplePlugin::is_this_account()
   */
  public $is_account            = FALSE;
  public $initially_was_account = FALSE;
  public $ignore_account        = FALSE;

  public $acl_base      = '';
  public $acl_category  = '';

  /*! \brief dn of the opened object */
  public $dn      = '';

  /*! \brief original dn of the opened object */
  public $orig_dn = '';

  /*!
   * \brief Reference to parent object
   *
   * This variable is used when the plugin is included in tabs
   * and keeps reference to the tab class. Communication to other
   * tabs is possible by 'name'. So the 'fax' plugin can ask the
   * 'userinfo' plugin for the fax number.
   *
   * \sa simpleTabs
   */
  public $parent = NULL;

  /*!
    \brief Mark plugin as template

    Defines whether we are editing a template or a normal object.
    Has consequences on the way execute() shows the formular and how
    save() puts the data to LDAP.
   */
  public $is_template    = FALSE;

  /*!
    \brief Represent temporary LDAP data

    This should only be used internally.
   */
  public $attrs = [];

  /*! \brief The objectClasses set by this tab */
  protected $objectclasses = [];

  /*! \brief The state of the attributes when we opened the object */
  protected $saved_attributes = [];

  /*! \brief Do we want a header allowing to able/disable this plugin */
  protected $displayHeader = FALSE;

  /*! \brief Is this plugin the main tab, the one that handle the object itself */
  protected $mainTab = FALSE;

  protected $header = "";

  protected $templatePath;

  protected $dialog = FALSE;

  /*! \brief Are we executed in a edit-mode environment? (this is FALSE if we're called from management, TRUE if we're called from a main.inc)
   */
  protected $needEditMode = FALSE;

  /*! \brief Attributes that needs to be initialized before the others */
  protected $preInitAttributes = [];

  /*! \brief FALSE to disable inheritance. Array like array ('objectClass' => 'attribute') to specify oc of the groups it might be inherited from
   */
  protected $inheritance      = FALSE;
  protected $member_of_group  = FALSE;
  protected $editing_group    = NULL;
  protected $group_attrs      = [];

  /*! \brief Used when the entry is opened as "readonly" due to locks */
  protected $read_only = FALSE;

  /*! \brief Last LDAP error (used by logging calls from post_* methods) */
  protected $ldap_error;

  /*!
   * \brief Object entry CSN
   *
   * If an entry was edited while we have edited the entry too,
   * an error message will be shown.
   * To configure this check correctly read the FAQ.
   */
  protected $entryCSN = '';

  private $hadSubobjects = FALSE;

  /*! \brief constructor
   *
   *  \param string $dn The dn of this instance
   *  \param Object $object An object to copy values from
   *  \param Object $parent A parent instance, usually a simpleTabs instance.
   *  \param boolean $mainTab Whether or not this is the main tab
   *  \param array $attributesInfo An attributesInfo array, if NULL, getAttributesInfo will be used.
   *
   */
  function __construct (string $dn = NULL, $object = NULL, $parent = NULL, bool $mainTab = FALSE, array $attributesInfo = NULL)
  {
    global $config;

    $this->dn       = $dn;
    $this->parent   = $parent;
    $this->mainTab  = $mainTab;

    try {
      $plInfo = pluglist::pluginInfos(get_class($this));
    } catch (UnknownClassException $e) {
      /* May happen in special cases like setup */
      $plInfo = [];
    }

    if (empty($this->objectclasses) && isset($plInfo['plObjectClass'])) {
      $this->objectclasses = $plInfo['plObjectClass'];
    }

    if ($attributesInfo === NULL) {
      $attributesInfo = $this->getAttributesInfo();
    }
    if (!$this->displayHeader) {
      // If we don't display the header to activate/deactive the plugin, that means it's always activated
      $this->ignore_account = TRUE;
    }

    $this->attributesInfo = [];
    foreach ($attributesInfo as $section => $sectionInfo) {
      $attrs = [];
      foreach ($sectionInfo['attrs'] as $attr) {
        $name = $attr->getLdapName();
        if (isset($attrs[$name])) {
          // We check that there is no duplicated attribute name
          trigger_error("Duplicated attribute LDAP name '$name' in a simplePlugin subclass");
        }
        // We make so that attribute have their LDAP name as key
        // That allow the plugin to use $this->attributesInfo[$sectionName]['attrs'][$myLdapName] to retreive the attribute info.
        $attrs[$name] = $attr;
      }
      $sectionInfo['attrs']           = $attrs;
      $this->attributesInfo[$section] = $sectionInfo;
      foreach ($this->attributesInfo[$section]['attrs'] as $name => $attr) {
        if (isset($this->attributesAccess[$name])) {
          // We check that there is no duplicated attribute name
          trigger_error("Duplicated attribute LDAP name '$name' in a simplePlugin subclass");
        }
        $this->attributesAccess[$name] =& $this->attributesInfo[$section]['attrs'][$name];
        unset($this->$name);
      }
    }

    /* Ensure that we've a valid acl_category set */
    if (empty($this->acl_category)) {
      if (isset($plInfo['plCategory'])) {
        $c = key($plInfo['plCategory']);
        if (is_numeric($c)) {
          $c = $plInfo['plCategory'][0];
        }
        $this->acl_category = $c.'/';
      }
    }

    /* Handle read only */
    if ($this->dn != 'new') {
      /* Check if this entry was opened in read only mode */
      if (isset($_POST['open_readonly']) && session::global_is_set('LOCK_CACHE')) {
        $cache = session::get('LOCK_CACHE');
        if (isset($cache['READ_ONLY'][$this->dn])) {
          $this->read_only = TRUE;
        }
      }

      /* Save current dn as acl_base */
      $this->acl_base = $this->dn;
    }

    /* Load LDAP data */
    if (($this->dn != 'new' && $this->dn !== NULL) || ($object !== NULL)) {
      /* Load data to 'attrs' */
      if ($object !== NULL) {
        /* From object */
        $this->attrs = $object->attrs;
        if (isset($object->is_template)) {
          $this->setTemplate($object->is_template);
        }
      } else {
        /* From LDAP */
        $ldap = $config->get_ldap_link();
        $ldap->cat($this->dn);
        $this->attrs = $ldap->fetch();
        if (empty($this->attrs)) {
          throw new NonExistingLdapNodeException('Could not open dn '.$this->dn);
        }
        if ($this->mainTab) {
          /* Make sure that initially_was_account is TRUE if we loaded an LDAP node,
           *  even if it’s missing an objectClass */
          $this->is_account = TRUE;
        }
      }

      /* Set the template flag according to the existence of objectClass fdTemplate */
      if (isset($this->attrs['objectClass']) && in_array_ics('fdTemplate', $this->attrs['objectClass'])) {
        @DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, 'found', 'Template check');
        $this->setTemplate(TRUE);
        $this->templateLoadAttrs($this->attrs);
      }

      /* Is Account? */
      if ($this->is_this_account($this->attrs)) {
        $this->is_account = TRUE;
        @DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, get_class($this), 'Tab active');
      }
    }

    if (is_array($this->inheritance)) {
      /* Check group membership */
      $ldap = $config->get_ldap_link();
      $ldap->cd($config->current['BASE']);
      foreach ($this->inheritance as $oc => $at) {
        if ($this->mainTab) {
          $filter = '(&(objectClass='.$oc.')('.$at.'='.ldap_escape_f($this->dn).'))';
        } else {
          $filter = '(&(objectClass='.$oc.')'.static::getLdapFilter().'('.$at.'='.ldap_escape_f($this->dn).'))';
        }
        $ldap->search($filter, $this->attributes);
        if ($ldap->count() == 1) {
          $this->member_of_group = TRUE;
          $attrs = $ldap->fetch();
          $this->group_attrs = $attrs;
          break;
        }
      }
    }

    /* Save initial account state */
    $this->initially_was_account = $this->is_account;

    $this->loadAttributes();

    $this->prepareSavedAttributes();

    $this->orig_dn = $dn;

    if ($this->mainTab) {
      $this->is_account = TRUE;
      $this->entryCSN = getEntryCSN($this->dn);
    }

    if (!isset($this->templatePath)) {
      $this->templatePath = get_template_path('simpleplugin.tpl');
    }
  }

  protected function loadAttributes ()
  {
    // We load attributes values
    // First the one flagged as preInit
    foreach ($this->preInitAttributes as $attr) {
      $this->attributesAccess[$attr]->setParent($this);
      $this->attributesAccess[$attr]->loadValue($this->attrs);
    }
    // Then the others
    foreach ($this->attributesInfo as &$sectionInfo) {
      foreach ($sectionInfo['attrs'] as $name => &$attr) {
        if (in_array($name, $this->preInitAttributes)) {
          /* skip the preInit ones */
          continue;
        }
        $attr->setParent($this);
        $attr->loadValue($this->attrs);
      }
      unset($attr);
    }
    unset($sectionInfo);
  }

  function is_this_account ($attrs)
  {
    $result = static::isAccount($attrs);
    if ($result === NULL) {
      if (!empty($this->objectclasses)) {
        trigger_error('Deprecated fallback was used for '.get_called_class().'::is_this_account');
      }
      $found = TRUE;
      foreach ($this->objectclasses as $obj) {
        if (preg_match('/^top$/i', $obj)) {
          continue;
        }
        if (!isset($attrs['objectClass']) || !in_array_ics($obj, $attrs['objectClass'])) {
          $found = FALSE;
          break;
        }
      }
      return $found;
    }
    return $result;
  }

  function setTemplate (bool $bool)
  {
    $this->is_template = $bool;
    if ($this->is_template && $this->mainTab) {
      /* Unshift special section for template infos */
      $this->attributesInfo = array_merge(
        [
          '_template' => [
            'class' => ['fullwidth'],
            'name'  => _('Template settings'),
            'attrs' => [
              '_template_cn' => new StringAttribute(
                _('Template name'), _('This is the name of the template'),
                '_template_cn', TRUE,
                '', 'template_cn'
              )
            ]
          ],
          '_template_dummy' => [
            'class' => ['invisible'],
            'name'  => '_template_dummy',
            'attrs' => []
          ]
        ],
        $this->attributesInfo
      );
      $this->attributesAccess['_template_cn'] =& $this->attributesInfo['_template']['attrs']['_template_cn'];
      $this->attributesAccess['_template_cn']->setInLdap(FALSE);
      $this->attributesAccess['_template_cn']->setValue($this->_template_cn);
      $this->attributesAccess['_template_cn']->setParent($this);
      unset($this->_template_cn);
    }
  }

  protected function templateLoadAttrs (array $template_attrs)
  {
    if ($this->mainTab) {
      $this->_template_cn = $template_attrs['cn'][0];
    }
    $this->attrs = templateHandling::fieldsFromLDAP($template_attrs);
  }

  protected function templateSaveAttrs ()
  {
    global $config;
    $ldap = $config->get_ldap_link();
    $ldap->cat($this->dn);
    $template_attrs = $ldap->fetch();
    if (!$template_attrs) {
      if (!$this->mainTab) {
        trigger_error('It seems main tab has not been saved.');
      }
      $template_attrs = [
        'objectClass'     => ['fdTemplate'],
        'fdTemplateField' => []
      ];
    }
    $template_attrs = templateHandling::fieldsToLDAP($template_attrs, $this->attrs);
    if ($this->mainTab) {
      $template_attrs['cn'] = $this->_template_cn;
    }
    return $template_attrs;
  }

  /*! \brief This function returns an LDAP filter for this plugin object classes
   */
  function getObjectClassFilter ()
  {
    trigger_error('Deprecated');
    return static::getLdapFilter();
  }

  /*! \brief This function allows to use the syntax $plugin->attributeName to get attributes values
   *
   * It calls the getValue method on the concerned attribute
   * It also adds the $plugin->attribtues syntax to get attributes list
   */
  public function __get ($name)
  {
    if ($name == 'attributes') {
      $plugin = $this;
      return array_filter(array_keys($this->attributesAccess),
        function ($a) use ($plugin)
        {
          return $plugin->attributesAccess[$a]->isInLdap();
        }
      );
    } elseif (isset($this->attributesAccess[$name])) {
      return $this->attributesAccess[$name]->getValue();
    } else {
      /* Calling default behaviour */
      return $this->$name;
    }
  }

  /*! \brief This function allows to use the syntax $plugin->attributeName to set attributes values

    It calls the setValue method on the concerned attribute
   */
  public function __set ($name, $value)
  {
    if ($name == 'attributes') {
      trigger_error('Tried to set obsolete attribute "attributes" (it is now dynamic)');
    } elseif (isset($this->attributesAccess[$name])) {
      $this->attributesAccess[$name]->setValue($value);
    } else {
      /* Calling default behaviour */
      $this->$name = $value;
    }
  }

  /*! \brief This function allows to use the syntax isset($plugin->attributeName)

    It returns FALSE if the attribute has an empty value.
   */
  public function __isset ($name)
  {
    if ($name == 'attributes') {
      return TRUE;
    }
    return isset($this->attributesAccess[$name]);
  }

  /*! \brief This function returns the dn this object should have
   */
  public function compute_dn (): string
  {
    global $config;
    if (!$this->mainTab) {
      msg_dialog::display(_('Fatal error'), _('Only main tab can compute dn'), FATAL_ERROR_DIALOG);
      exit;
    }
    if (!isset($this->parent) || !($this->parent instanceof simpleTabs)) {
      msg_dialog::display(
        _('Fatal error'),
        sprintf(
          _('Could not compute dn: no parent tab class for "%s"'),
          get_class($this)
        ),
        FATAL_ERROR_DIALOG
      );
      exit;
    }
    $infos = $this->parent->objectInfos();
    if ($infos === FALSE) {
      msg_dialog::display(
        _('Fatal error'),
        sprintf(
          _('Could not compute dn: could not find objectType infos from tab class "%s"'),
          get_class($this->parent)
        ),
        FATAL_ERROR_DIALOG
      );
      exit;
    }
    $attr = $infos['mainAttr'];
    $ou   = $infos['ou'];
    if (isset($this->base)) {
      $base = $this->base;
    } else {
      $base = $config->current['BASE'];
    }
    if ($this->is_template) {
      return 'cn='.ldap_escape_dn($this->_template_cn).',ou=templates,'.$ou.$base;
    }
    return $attr.'='.ldap_escape_dn($this->attributesAccess[$attr]->computeLdapValue()).','.$ou.$base;
  }

  protected function addAttribute (string $section, Attribute $attr)
  {
    $name = $attr->getLdapName();
    $this->attributesInfo[$section]['attrs'][$name] = $attr;
    $this->attributesAccess[$name] =& $this->attributesInfo[$section]['attrs'][$name];
    $this->attributesAccess[$name]->setParent($this);
    unset($this->$name);
  }

  protected function removeAttribute (string $section, string $id)
  {
    unset($this->attributesInfo[$section]['attrs'][$id]);
    unset($this->attributesAccess[$id]);
  }

  /*!
   * \brief Returns a list of all available departments for this object.
   *
   * If this object is new, all departments we are allowed to create a new object in are returned.
   * If this is an existing object, return all deps we are allowed to move this object to.
   * Used by BaseSelectorAttribute
   *
   * \return array [dn] => "..name"  // All deps. we are allowed to act on.
  */
  function get_allowed_bases (): array
  {
    global $config;
    $deps = [];

    /* Is this a new object ? Or just an edited existing object */
    foreach ($config->idepartments as $dn => $name) {
      if (
          (!$this->initially_was_account && $this->acl_is_createable($dn)) ||
          ($this->initially_was_account && $this->acl_is_moveable($dn))
        ) {
        $deps[$dn] = $name;
      }
    }

    /* Add current base */
    if (isset($this->base) && isset($config->idepartments[$this->base])) {
      $deps[$this->base] = $config->idepartments[$this->base];
    } elseif (strtolower($this->dn) != strtolower($config->current['BASE'])) {
      trigger_error('Cannot return list of departments, no default base found in class '.get_class($this).'. (base is "'.$this->base.'")');
    }
    return $deps;
  }

  /*!
   * \brief Set acl base
   *
   * \param string $base
   */
  function set_acl_base (string $base)
  {
    $this->acl_base = $base;
  }

  /*!
   * \brief Set acl category
   *
   * \param string $category
   */
  function set_acl_category (string $category)
  {
    $this->acl_category = "$category/";
  }

  /*!
    * \brief Move ldap entries from one place to another
    *
    * \param  string  $src_dn the source DN.
    *
    * \param  string  $dst_dn the destination DN.
    *
    * \return TRUE on success, error string on failure
    */
  function move (string $src_dn, string $dst_dn)
  {
    global $config, $ui;

    /* Do not move if only case has changed */
    if (strtolower($src_dn) == strtolower($dst_dn)) {
      return TRUE;
    }

    /* Try to move with ldap routines */
    $ldap = $config->get_ldap_link();
    $ldap->cd($config->current['BASE']);
    $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $dst_dn));
    if (!$ldap->rename_dn($src_dn, $dst_dn)) {
      logging::log('debug', 'Ldap Protocol v3 implementation error, ldap_rename failed.',
        "FROM: $src_dn  -- TO: $dst_dn", [], $ldap->get_error());
      @DEBUG(DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, "Rename failed FROM: $src_dn  -- TO:  $dst_dn",
        'Ldap Protocol v3 implementation error. Error:'.$ldap->get_error());
      return $ldap->get_error();
    }

    /* Update userinfo if necessary */
    if (preg_match('/'.preg_quote($src_dn, '/').'$/i', $ui->dn)) {
      $ui_dn = preg_replace('/'.preg_quote($src_dn, '/').'$/i', $dst_dn, $ui->dn);
      logging::log('view', 'acl/'.get_class($this), $this->dn, [], 'Updated userinfo dn from "'.$ui->dn.'" to "'.$ui_dn.'"');
      $ui->dn = $ui_dn;
    }

    /* Check if departments were moved. If so, force the reload of config->departments */
    $ldap->cd($dst_dn);
    $ldap->search('(objectClass=gosaDepartment)', ['dn']);
    if ($ldap->count()) {
      $config->get_departments();
      $config->make_idepartments();
      $ui->reset_acl_cache();
    }

    $this->handleForeignKeys($src_dn, $dst_dn);
    return TRUE;
  }

  function getRequiredAttributes (): array
  {
    $tmp = [];
    foreach ($this->attributesAccess as $attr) {
      if ($attr->isRequired()) {
        $tmp[] = $attr->getLdapName();
      }
    }
    return $tmp;
  }

  function editing_group ()
  {
    if ($this->editing_group == NULL) {
      if (isset($this->parent)) {
        $this->editing_group = (get_class($this->parent->getBaseObject()) == 'ogroup');
      } else {
        return NULL;
      }
    }
    return $this->editing_group;
  }

  /*! \brief Indicates if this object is opened as read-only (because of locks) */
  function readOnly ()
  {
    return $this->read_only;
  }

  /*! \brief This function display the plugin and return the html code
   */
  function execute (): string
  {
    @DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $this->dn, "execute");

    /* Reset Lock message POST/GET check array, to prevent preg_match errors */
    session::set('LOCK_VARS_TO_USE', []);
    session::set('LOCK_VARS_USED_GET', []);
    session::set('LOCK_VARS_USED_POST', []);
    session::set('LOCK_VARS_USED_REQUEST', []);

    $this->displayPlugin  = TRUE;
    $this->header         = "";

    if (is_object($this->dialog)) {
      $dialogResult = $this->dialog->execute();
      if ($dialogResult === FALSE) {
        $this->closeDialog();
      } else {
        $this->header         = $dialogResult;
        $this->displayPlugin  = FALSE;
        return $this->header;
      }
    }

    if ($this->displayHeader) {
      /* Show tab dialog headers */
      if ($this->parent !== NULL) {
        list($disabled, $buttonText, $text) = $this->getDisplayHeaderInfos();
        $this->header = $this->show_header(
          $buttonText,
          $text,
          $this->is_account,
          $disabled,
          get_class($this).'_modify_state'
        );
        if (!$this->is_account) {
          $this->displayPlugin = FALSE;
          return $this->header.$this->inheritanceDisplay();
        }
      } elseif (!$this->is_account) {
        $plInfo = pluglist::pluginInfos(get_class($this));
        $this->header = '<img alt="'._('Error').'" src="geticon.php?context=status&amp;icon=dialog-error&amp;size=16" align="middle"/>&nbsp;<b>'.
                        msgPool::noValidExtension($plInfo['plShortName'])."</b>";
        $this->displayPlugin = FALSE;
        return $this->header.$this->inheritanceDisplay();
      }
    }

    $smarty = get_smarty();

    $this->renderAttributes(FALSE);
    $smarty->assign("hiddenPostedInput", get_class($this)."_posted");
    if (isset($this->focusedField)) {
      $smarty->assign("focusedField", $this->focusedField);
      unset($this->focusedField);
    } else {
      $smarty->assign("focusedField", key($this->attributesAccess));
    }

    return $this->header.$smarty->fetch($this->templatePath);
  }

  public function getDisplayHeaderInfos (): array
  {
    $plInfo   = pluglist::pluginInfos(get_class($this));
    $disabled = $this->acl_skip_write();
    if ($this->is_account) {
      $depends = [];
      if (isset($plInfo['plDepending'])) {
        foreach ($plInfo['plDepending'] as $plugin) {
          if (isset($this->parent->by_object[$plugin]) &&
              $this->parent->by_object[$plugin]->is_account) {
            $disabled       = TRUE;
            $dependPlInfos  = pluglist::pluginInfos($plugin);
            $depends[]      = $dependPlInfos['plShortName'];
          }
        }
      }
      $buttonText = msgPool::removeFeaturesButton($plInfo['plShortName']);
      $text       = msgPool::featuresEnabled($plInfo['plShortName'], $depends);
    } else {
      $depends    = [];
      $conflicts  = [];
      if (isset($plInfo['plDepends'])) {
        foreach ($plInfo['plDepends'] as $plugin) {
          if (isset($this->parent->by_object[$plugin]) &&
              !$this->parent->by_object[$plugin]->is_account) {
            $disabled   = TRUE;
            $dependPlInfos  = pluglist::pluginInfos($plugin);
            $depends[]      = $dependPlInfos['plShortName'];
          }
        }
      }
      if (isset($plInfo['plConflicts'])) {
        foreach ($plInfo['plConflicts'] as $plugin) {
          if (isset($this->parent->by_object[$plugin]) &&
              $this->parent->by_object[$plugin]->is_account) {
            $disabled   = TRUE;
            $conflictPlInfos  = pluglist::pluginInfos($plugin);
            $conflicts[]      = $conflictPlInfos['plShortName'];
          }
        }
      }
      $buttonText = msgPool::addFeaturesButton($plInfo['plShortName']);
      $text       = msgPool::featuresDisabled($plInfo['plShortName'], $depends, $conflicts);
    }
    return [$disabled,$buttonText,$text];
  }

  /*!
   * \brief Show header message for tab dialogs
   *
   * \param string $button_text The button text
   *
   * \param string $text The text
   *
   * \param boolean $plugin_enabled Is the plugin/tab activated
   *
   * \param boolean $button_disabled Is the button disabled
   *
   * \param string $name The html name of the input, defaults to modify_state
   */
  function show_header (string $button_text, string $text, bool $plugin_enabled, bool $button_disabled = FALSE, string $name = 'modify_state'): string
  {
    if ($button_disabled || ((!$this->acl_is_createable() && !$plugin_enabled) || (!$this->acl_is_removeable() && $plugin_enabled))) {
      $state = 'disabled="disabled"';
    } else {
      $state = '';
    }
    $display = '<div width="100%"><p><b>'.$text.'</b><br/>'."\n";
    $display .= '<input type="submit" formnovalidate="formnovalidate" value="'.$button_text.'" name="'.$name.'" '.$state.'></p></div><hr class="separator"/>';

    return $display;
  }

  /*! \brief Check if logged in user have enough right to write this attribute value
   *
   * \param mixed $attr Attribute object or name (in this case it will be fetched from attributesAccess)
   */
  function attrIsWriteable ($attr): bool
  {
    if (!is_object($attr)) {
      $attr = $this->attributesAccess[$attr];
    }
    if ($attr->getLdapName() == 'base') {
      return (
        !$this->acl_skip_write() &&
        (!$this->initially_was_account || $this->acl_is_moveable() || $this->acl_is_removeable())
      );
    }
    return $this->acl_is_writeable($attr->getAcl(), $this->acl_skip_write());
  }

  function renderAttributes (bool $readOnly = FALSE)
  {
    global $ui;
    $smarty = get_smarty();

    if ($this->is_template) {
      $smarty->assign('template_cnACL', $ui->get_permissions($this->acl_base, $this->acl_category.'template', 'template_cn', $this->acl_skip_write()));
    }

    /* Handle rights to modify the base */
    if (isset($this->attributesAccess['base'])) {
      if ($this->attrIsWriteable('base')) {
        $smarty->assign('baseACL', 'rw');
      } else {
        $smarty->assign('baseACL', 'r');
      }
    }

    $sections = [];
    foreach ($this->attributesInfo as $section => $sectionInfo) {
      $legend = $sectionInfo['name'];
      if (isset($sectionInfo['icon'])) {
        $legend = '<img '.
                  'src="'.htmlentities($sectionInfo['icon'], ENT_COMPAT, 'UTF-8').'" '.
                  'alt="" '.
                  '/>'.$legend;
      }
      $smarty->assign("section", $legend);
      $smarty->assign("sectionId", $section);
      if (isset($sectionInfo['class'])) {
        $smarty->assign("sectionClasses", ' '.join(' ', $sectionInfo['class']));
      } else {
        $smarty->assign("sectionClasses", '');
      }
      $attributes = [];
      foreach ($sectionInfo['attrs'] as $attr) {
        if ($attr->getAclInfo() !== FALSE) {
          // We assign ACLs so that attributes can use them in their template code
          $smarty->assign($attr->getAcl()."ACL", $this->aclGetPermissions($attr->getAcl(), NULL, $this->acl_skip_write()));
        }
        $attr->renderAttribute($attributes, $readOnly);
      }
      $smarty->assign("attributes", $attributes);
      // We fetch each section with the section template
      if (isset($sectionInfo['template'])) {
        $displaySection = $smarty->fetch($sectionInfo['template']);
      } else {
        $displaySection = $smarty->fetch(get_template_path('simpleplugin_section.tpl'));
      }
      $sections[$section] = $displaySection;
    }
    $smarty->assign("sections", $sections);
  }

  function inheritanceDisplay (): string
  {
    if (!$this->member_of_group) {
      return "";
    }
    $class = get_class($this);
    $attrsWrapper = new stdClass();
    $attrsWrapper->attrs = $this->group_attrs;
    $group = new $class($this->group_attrs['dn'], $attrsWrapper, $this->parent, $this->mainTab);
    $smarty = get_smarty();

    $group->renderAttributes(TRUE);
    $smarty->assign("hiddenPostedInput", get_class($this)."_posted");

    return "<h1>Inherited information:</h1><div></div>\n".$smarty->fetch($this->templatePath);
  }

  /*! \brief This function allows you to open a dialog
   *
   *  \param mixed $dialog The dialog object
   */
  function openDialog ($dialog)
  {
    $this->dialog = $dialog;
  }

  /*! \brief This function closes the dialog
   */
  function closeDialog ()
  {
    $this->dialog = NULL;
  }

  public function setNeedEditMode (bool $bool)
  {
    $this->needEditMode = $bool;
  }

  protected function acl_skip_write (): bool
  {
    return ($this->needEditMode && !session::is_set('edit'));
  }

  /*! \brief Can we write the attribute */
  function acl_is_writeable ($attribute, bool $skipWrite = FALSE): bool
  {
    return preg_match('/w/', $this->aclGetPermissions($attribute, NULL, $skipWrite));
  }

  /*!
   * \brief Can we read the acl
   *
   * \param string $attribute
   */
  function acl_is_readable ($attribute): bool
  {
    return preg_match('/r/', $this->aclGetPermissions($attribute));
  }

  /*!
   * \brief Can we create the object
   *
   * \param string $base Empty string
   */
  function acl_is_createable (string $base = NULL): bool
  {
    return preg_match('/c/', $this->aclGetPermissions('0', $base));
  }

  /*!
   * \brief Can we delete the object
   *
   * \param string $base Empty string
   */
  function acl_is_removeable (string $base = NULL): bool
  {
    return preg_match('/d/', $this->aclGetPermissions('0', $base));
  }

  /*!
   * \brief Can we move the object
   *
   * \param string $base Empty string
   */
  function acl_is_moveable (string $base = NULL): bool
  {
    return preg_match('/m/', $this->aclGetPermissions('0', $base));
  }

  /*! \brief Get the acl permissions for an attribute or the plugin itself */
  function aclGetPermissions ($attribute = '0', string $base = NULL, bool $skipWrite = FALSE): string
  {
    if (isset($this->parent) && isset($this->parent->ignoreAcls) && $this->parent->ignoreAcls) {
      return 'cdmr'.($skipWrite ? '' : 'w');
    }
    $ui         = get_userinfo();
    $skipWrite  |= $this->readOnly();
    if ($base === NULL) {
      $base = $this->acl_base;
    }
    return $ui->get_permissions($base, $this->acl_category.get_class($this), $attribute, $skipWrite);
  }

  /*! \brief This function removes the object from LDAP
   */
  function remove (bool $fulldelete = FALSE): array
  {
    if (!$this->initially_was_account) {
      return [];
    }

    if (!$fulldelete && !$this->acl_is_removeable()) {
      trigger_error('remove was called on a tab without enough ACL rights');
      return [];
    }

    $this->prepare_remove();
    if ($this->is_template && (!defined('_OLD_TEMPLATES_') || !_OLD_TEMPLATES_)) {
      $this->attrs = $this->templateSaveAttrs();
      $this->saved_attributes = [];
    }
    /* Pre hooks */
    $errors = $this->pre_remove();
    if (!empty($errors)) {
      return $errors;
    }
    $errors = $this->ldap_remove();