Skip to content
GitLab
Select Git revision
  • dev default
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_ogroup.inc 8.69 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4
5 
  Copyright (C) 2003  Cajus Pollmeier
6 
  Copyright (C) 2011-2020  FusionDirectory
7
8 
  This program is free software; you can redistribute it and/or modify
9 
  it under the terms of the GNU General Public License as published by
10 
  the Free Software Foundation; either version 2 of the License, or
11 
  (at your option) any later version.
12
13 
  This program is distributed in the hope that it will be useful,
14 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
15 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16 
  GNU General Public License for more details.
17
18 
  You should have received a copy of the GNU General Public License
19 
  along with this program; if not, write to the Free Software
20 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
21 
*/
22
23 
class ogroup extends simplePlugin
24 
{
25 
  var $used_workstations = [];
26
27 
  protected $savedTypedMembers;
28
29 
  static $objectTypes = [
30 
    'U' => 'user',
31 
    'G' => 'ogroup',
32 
    'A' => 'application',
33 
    'S' => 'server',
34 
    'W' => 'workstation',
35 
    'T' => 'terminal',
36 
    'F' => 'phone',
37 
    'P' => 'printer',
38 
    'D' => 'simpleSecurityObject',
39 
  ];
40
41 
  static function plInfo (): array
42 
  {
43 
    return [
44 
      'plShortName'   => _('Object group'),
45 
      'plDescription' => _('Object group information'),
46 
      'plPriority'    => 1,
47 
      'plObjectClass' => ['groupOfNames', 'gosaGroupOfNames'],
48 
      'plFilter'      => '(objectClass=groupOfNames)',
49 
      'plObjectType'  => ['ogroup' => [
50 
        'name'        => _('Group'),
51 
        'description' => _('Group'),
52 
        'ou'          => get_ou('ogroupRDN'),
53 
        'icon'        => 'geticon.php?context=types&icon=resource-group&size=16',
54 
        'tabClass'    => 'ogrouptabs',
55 
      ]],
56 
      'plForeignKeys'  => [
57 
        'member' => [
58 
          ['user',               'dn','member=%oldvalue%','*'],
59 
          ['ogroup',             'dn','member=%oldvalue%','*'],
60 
          ['application',        'dn','member=%oldvalue%','*'],
61 
          ['serverGeneric',      'dn','member=%oldvalue%','*'],
62 
          ['workstationGeneric', 'dn','member=%oldvalue%','*'],
63 
          ['terminalGeneric',    'dn','member=%oldvalue%','*'],
64 
          ['phoneGeneric',       'dn','member=%oldvalue%','*'],
65 
          ['printGeneric',       'dn','member=%oldvalue%','*'],
66 
        ],
67 
        'owner' => [
68 
          ['user','dn','owner=%oldvalue%','*']
69 
        ]
70 
      ],
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
'plSearchAttrs' => ['description'], 'plProvidedAcls' => parent::generatePlProvidedAcls(static::getAttributesInfo()) ]; } static function getAttributesInfo (): array { return [ 'main' => [ 'name' => _('Properties'), 'attrs' => [ new BaseSelectorAttribute(get_ou('ogroupRDN')), new StringAttribute( _('Name'), _('Name of this group'), 'cn', TRUE, '', '', (strict_uid_mode() ? '/^[a-z0-9_-]+$/' : '/^[a-z0-9_.-]+$/i') ), new TextAreaAttribute( _('Description'), _('Short description of this group'), 'description', FALSE ), new HiddenAttribute('gosaGroupObjects'), new UserAttribute( _('Owner'), _('Owner'), 'owner', FALSE ), ] ], 'members' => [ 'name' => _('Member objects'), 'attrs' => [ new GroupMembersAttribute( '', _('Objects member of this group'), 'member', TRUE, [], 'dn' ) ] ], 'system_trust' => [ 'name' => _('System trust'), 'icon' => 'geticon.php?context=status&icon=locked&size=16', 'attrs' => [ new SelectAttribute( _('Trust mode'), _('Type of authorization for those hosts'), 'trustMode', FALSE, ['', 'fullaccess', 'byhost'], '', [_('disabled'), _('full access'), _('allow access to these hosts')] ), new SystemsAttribute( '', _('Only allow this group to connect to this list of hosts'), 'host', FALSE ) ] ] ]; } function __construct ($dn = NULL, $object = NULL, $parent = NULL, $mainTab = FALSE) { parent::__construct($dn, $object, $parent, $mainTab); $this->attributesAccess['trustMode']->setInLdap(FALSE); $this->attributesAccess['trustMode']->setManagedAttributes( [ 'multiplevalues' => ['notbyhost' => ['','fullaccess']], 'erase' => [ 'notbyhost' => ['host'] ]
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
] ); if ((count($this->host) == 1) && ($this->host[0] == '*')) { $this->trustMode = 'fullaccess'; } elseif (count($this->host) > 0) { $this->trustMode = 'byhost'; } /* Detect all workstations, which are already assigned to an object group - Those objects will be hidden in the add object dialog. - Check() will complain if such a system is assigned to this object group.*/ $this->used_workstations = []; try { $ws_dns = array_keys(objects::ls(['workstation','terminal'])); $res = objects::ls('ogroup', ['member' => '*'], NULL, '(&(member=*)(|(gosaGroupObjects=[W])(gosaGroupObjects=[T])))'); } catch (NonExistingObjectTypeException $e) { /* If workstation/terminal objectType is not existing, systems plugin is missing so there are no systems */ $ws_dns = []; $res = []; } foreach ($res as $odn => $og) { if ($odn == $this->dn) { continue; } $this->used_workstations = array_merge($this->used_workstations, array_intersect($ws_dns, $og['member'])); } $this->reload(); $this->savedTypedMembers = $this->attributesAccess['member']->getTypedValues(); } function prepare_save (): array { $this->reload(); $errors = parent::prepare_save(); if ($this->trustMode == 'fullaccess') { $this->attrs['host'] = ['*']; } /* Trust accounts */ if (($this->trustMode != "") && !in_array('hostObject', $this->attrs['objectClass'])) { $this->attrs['objectClass'][] = 'hostObject'; } elseif (($this->trustMode == "") && (($key = array_search('hostObject', $this->attrs['objectClass'])) !== FALSE)) { unset($this->attrs['objectClass'][$key]); } return $errors; } function reload () { $this->gosaGroupObjects = $this->attributesAccess['member']->listObjectTypes(); } function check (): array { $errors = parent::check(); $this->reload(); if (preg_match('/W/', $this->gosaGroupObjects) && preg_match('/T/', $this->gosaGroupObjects)) { $errors[] = new SimplePluginCheckError( $this, htmlescape(_('Putting both workstations and terminals in the same group is not allowed')) ); } return $errors; } function ldap_save (): array
211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273
{ global $ui; $errors = []; if (isset($this->attrs['member'])) { $userMembers = []; $savedMembers = []; $members = $this->attributesAccess['member']->getTypedValues(); if (isset($members['U'])) { $userMembers = $members['U']; } if (isset($this->savedTypedMembers['U'])) { $savedMembers = $this->savedTypedMembers['U']; } $addingMembers = array_diff($userMembers, $savedMembers); $removingMembers = array_diff($savedMembers, $userMembers); foreach ($addingMembers as $dn) { if (strpos($ui->get_permissions($dn, 'user/userRoles', 'groupsMembership', $this->acl_skip_write()), 'w') === FALSE) { $errors[] = new SimplePluginPermissionError($this, msgPool::permModify($dn, 'groupsMembership')); } } foreach ($removingMembers as $dn) { if (strpos($ui->get_permissions($dn, 'user/userRoles', 'groupsMembership', $this->acl_skip_write()), 'w') === FALSE) { $errors[] = new SimplePluginPermissionError($this, msgPool::permModify($dn, 'groupsMembership')); } } } if (!empty($errors)) { return $errors; } return parent::ldap_save(); } function handleForeignKeys (string $olddn = NULL, string $newdn = NULL, string $mode = 'move') { if (($olddn !== NULL) && ($olddn == $newdn)) { return; } if ($this->is_template) { return; } parent::handleForeignKeys($olddn, $newdn, $mode); if ($this->attributeHaveChanged('gosaGroupObjects')) { /* Propagate member type changes to parent groups */ $parents = objects::ls('ogroup', ['dn' => 'raw'], NULL, '(member='.ldap_escape_f($this->dn).')'); foreach (array_keys($parents) as $dn) { $tabobject = objects::open($dn, 'ogroup'); $errors = $tabobject->save(); msg_dialog::displayChecks($errors); } } } function getGroupObjectTypes () { $this->reload(); return $this->gosaGroupObjects; } }