Commit 1a14a48d authored by Côme Bernigaud's avatar Côme Bernigaud Committed by Benoit Mortier
Browse files

Fixes #3384 We need to remove manual handling of foreignKeys

parent d5c3a0a1
......@@ -2,7 +2,7 @@
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2013 FusionDirectory
Copyright (C) 2011-2014 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -282,7 +282,6 @@ class acl extends plugin
$this->handle_post_events('remove');
}
/*
* \brief Return plugin informations for acl handling
*/
......@@ -300,94 +299,6 @@ class acl extends plugin
'plProvidedAcls' => array()
);
}
/*!
* \brief Remove acls defined for $src
*
* \param String $dn The DN
*
* FIXME
*/
static function remove_acl_for($dn)
{
global $config;
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))", array("gosaAclEntry","dn"));
$new_entries = array();
while ($attrs = $ldap->fetch()) {
if (!isset($attrs['gosaAclEntry'])) {
continue;
}
unset($attrs['gosaAclEntry']['count']);
// Remove entry directly
foreach ($attrs['gosaAclEntry'] as $entry) {
$parts = explode(':', $entry);
$members = explode(',', $parts[2]);
$new_members = array();
foreach ($members as $member) {
if (base64_decode($member) != $dn) {
$new_members[] = $member;
} else {
fusiondirectory_log("modify", "user/acl", $attrs['dn'], array(), sprintf("Removed acl for %s on object %s.", $dn, $attrs['dn']));
}
}
/* We can completely remove the entry if there are no members anymore */
if (count($new_members)) {
$parts[2] = implode(",", $new_members);
$new_entries[] = implode(":", $parts);
}
}
// There should be a modification, so write it back
$ldap->cd($attrs['dn']);
$new_attrs = array("gosaAclEntry" => $new_entries);
$ldap->modify($new_attrs);
if (!$ldap->success()) {
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
}
}
}
/*!
* \brief Update the acl membership
*
* \param String $src The source
*
* \param String $dst The destination
*/
static function update_acl_membership($src, $dst)
{
global $config;
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))", array("gosaAclEntry","dn"));
while ($attrs = $ldap->fetch()) {
$acl = new acl($config, $attrs['dn']);
foreach ($acl->gosaAclEntry as $id => $entry) {
foreach ($entry['members'] as $m_id => $member) {
if ($m_id == "U:".$src) {
unset($acl->gosaAclEntry[$id]['members'][$m_id]);
$new = "U:".$dst;
$acl->gosaAclEntry[$id]['members'][$new] = $new;
fusiondirectory_log("modify", "user/acl", $attrs['dn'], array(), sprintf("Updated acl for user %s on object %s.", $src, $attrs['dn']));
}
if ($m_id == "G:".$src) {
unset($acl->gosaAclEntry[$id]['members'][$m_id]);
$new = "G:".$dst;
$acl->gosaAclEntry[$id]['members'][$new] = $new;
fusiondirectory_log("modify", "group/acl", $attrs['dn'], array(), sprintf("Updated acl for group %s on object %s.", $src, $attrs['dn']));
}
}
}
$acl->save();
}
}
}
?>
......@@ -1115,10 +1115,6 @@ class plugin
* Move a given ldap object indentified by $src_dn to the
* given destination $dst_dn
*
* - Ensure that all references are updated (ogroups)
* - Update ACLs
* - Update accessTo
*
* \param string $src_dn the source DN.
*
* \param string $dst_dn the destination DN.
......
......@@ -227,44 +227,6 @@ class group extends simplePlugin
parent::post_save();
}
function remove_from_parent()
{
parent::remove_from_parent();
$ldap = $this->config->get_ldap_link();
/* Delete references to object groups TODO : replace with foreign key*/
$ldap->cd ($this->config->current['BASE']);
$ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
while ($ldap->fetch()) {
$og = new ogroup($this->config, $ldap->getDN());
unset($og->member[$this->dn]);
$og->save ();
}
/* Remove ACL dependencies too,
*/
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))", array("gosaAclEntry","dn"));
while ($attrs = $ldap->fetch()) {
$acl = new acl($this->config, $attrs['dn'], $this->parent);
foreach ($acl->gosaAclEntry as $id => $entry) {
foreach ($entry['members'] as $m_id => $member) {
if ($m_id == "G:".$this->dn || $m_id == "U:".$this->dn) {
unset($acl->gosaAclEntry[$id]['members'][$m_id]);
fusiondirectory_log("modify", "group/acl", $attrs['dn'], array(), sprintf("Removed acl for %s on object %s.", $this->dn, $attrs['dn']));
}
}
}
$acl->save();
}
/* Remove ACL dependencies, too */
acl::remove_acl_for($this->dn);
}
function compute_dn()
{
return 'cn='.$this->attributesAccess['cn']->getValue().','.get_groups_ou().$this->base;
......
......@@ -396,61 +396,6 @@ class user extends simplePlugin
session::set('ui', $ui);
session::set('Last_init_lang', 'update');
}
/* Remove ACL dependencies too */
if (($this->dn != $this->orig_dn) && ($this->orig_dn != 'new') && (!$this->is_template)) {
acl::update_acl_membership($this->orig_dn, $this->dn);
}
}
function ldap_remove()
{
parent::ldap_remove();
$fixed_dn = LDAP::prepare4filter($this->dn);
$ldap = $this->config->get_ldap_link();
/* Delete references to object groups */
$ldap->cd ($this->config->current['BASE']);
$ldap->search ('(&(objectClass=gosaGroupOfNames)(member='.$fixed_dn.'))', array('cn'));
while ($ldap->fetch()) {
$og = new ogroup($this->config, $ldap->getDN());
unset($og->member[$this->dn]);
$og->save();
}
// Update 'manager' attributes from gosaDepartment and inetOrgPerson
$filter = '(&(objectClass=inetOrgPerson)(manager='.$fixed_dn.'))';
$filter = '(|'.$filter.'(&(objectClass=gosaDepartment)(manager='.$fixed_dn.')))';
$leaf_deps = get_list($filter, array('all'), $this->config->current['BASE'],
array('manager','dn','objectClass'), GL_SUBSEARCH | GL_NO_ACL_CHECK);
foreach ($leaf_deps as $entry) {
$update = array('manager' => array());
$ldap->cd($entry['dn']);
$ldap->modify($update);
if (!$ldap->success()) {
trigger_error(sprintf("Failed to update manager for '%s', error was '%s'", $entry['dn'], $ldap->get_error()));
}
}
if (class_available('roleGeneric')) {
/* Delete references to roles */
$ldap->cd ($this->config->current['BASE']);
$ldap->search ('(&(objectClass=organizationalRole)(roleOccupant='.$fixed_dn.'))', array('cn'));
while ($ldap->fetch()) {
$role = new roleGeneric($this->config, $ldap->getDN());
$key = array_search($this->dn, $role->roleOccupant);
if ($key !== FALSE) {
unset($role->roleOccupant[$key]);
$role->roleOccupant = array_values($role->roleOccupant);
$role->save ();
}
}
}
/* Remove ACL dependencies too */
acl::remove_acl_for($this->dn);
}
}
?>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment