Context Navigation

class.group.inc.php @ 3396

Revision 3396, 18.4 KB checked in by eduardoalex, 14 years ago (diff)
Ticket #1223 - Corrigida a apresentacao dos usuarios de um grupo no mapa de disponibilidade
Property svn:eol-style set to `native` Property svn:executable set to ``*

Rev	Line
[2]	1	<?php
	2	/**********************************************************************************\
	3	* Expresso Administração *
	4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
	5	* --------------------------------------------------------------------------------*
	6	* This program is free software; you can redistribute it and/or modify it *
	7	* under the terms of the GNU General Public License as published by the *
	8	* Free Software Foundation; either version 2 of the License, or (at your *
	9	* option) any later version. *
	10	\**********************************************************************************/
	11
	12	include_once('class.ldap_functions.inc.php');
	13	include_once('class.db_functions.inc.php');
	14	include_once('class.imap_functions.inc.php');
	15	include_once('class.functions.inc.php');
	16
	17	class group
	18	{
	19	var $ldap_functions;
	20	var $db_functions;
	21	var $imap_functions;
	22	var $functions;
	23	var $current_config;
	24
	25	function group()
	26	{
	27	$this->ldap_functions = new ldap_functions;
	28	$this->db_functions = new db_functions;
	29	$this->imap_functions = new imap_functions;
	30	$this->functions = new functions;
	31	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
	32	}
	33
	34	function validate_fields($params)
	35	{
	36	return $this->ldap_functions->validate_fields_group($params);
	37	}
	38
	39	function create($params)
	40	{
	41	// Verifica o acesso do gerente
	42	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_groups'))
	43	{
	44	$return['status'] = false;
[414]	45	$return['msg'] = lang('You do not have access to create new groups') . '.';
[2]	46	return $return;
	47	}
	48
	49	$return['status'] = true;
	50
	51	//Retira os uids duplicados se existir
	52	$array_tmp = array();
[317]	53	$array_tmp = @array_unique($params['members']);
[2]	54	$params['members'] = $array_tmp;
[64]	55
	56	// Leio o ID a ser usado na criação do objecto.
	57	$next_id = ($this->db_functions->get_next_id('groups'));
	58	if ((!is_numeric($next_id['id'])) \|\| (!$next_id['status']))
	59	{
	60	$return['status'] = false;
[414]	61	$return['msg'] = lang('Problems getting group ID') . ':' . $next_id['msg'];
[64]	62	return $return;
	63	}
	64	else
	65	{
	66	$id = $next_id['id'];
	67	}
[2]	68
	69	// Cria array para incluir no LDAP
	70	$dn = 'cn=' . $params['cn'] . ',' . $params['context'];
	71
	72	$group_info = array();
	73	$group_info['cn'] = $params['cn'];
	74	$group_info['description'] = $params['description'];
	75	$group_info['gidNumber'] = $id;
	76	$group_info['objectClass'][] = 'top';
	77	$group_info['objectClass'][] = 'posixGroup';
	78	$group_info['objectClass'][] = 'phpgwAccount';
	79	$group_info['phpgwAccountExpires'] = '-1';
	80	$group_info['phpgwAccountType'] = 'g';
	81	$group_info['userPassword'] = '';
	82
[46]	83	// E-mail for groups
	84	if ($params['email'] != '')
	85	$group_info['mail'] = $params['email'];
	86
[317]	87	if ( (count($params['members'])) && (is_array($params['members'])) )
[2]	88	{
	89	foreach ($params['members'] as $index => $uidnumber)
	90	{
	91	$uid = $this->ldap_functions->uidnumber2uid($uidnumber);
	92	$group_info['memberuid'][] = $uid;
	93
	94	// Chama funcao para incluir os uidnumbers dos usuarios no grupo
	95	$result = $this->db_functions->add_user2group($id, $uidnumber);
	96
[414]	97	$this->db_functions->write_log("Added user to group on user criation", $group_info['cn'] . ": " . $dn);
[2]	98	}
	99	}
	100
	101	// Suporte ao SAMBA
	102	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
	103	{
	104	$group_info['objectClass'][] = 'sambaGroupMapping';
[46]	105	$group_info['sambaSID'] = $params['sambasid'] . '-' . (($id * 2) + 1001);
[2]	106	$group_info['sambaGroupType'] = '2';
	107	}
	108
[23]	109	// ADD ATTRIBUTES
	110	if ($params['phpgwaccountvisible'] == 'on')
	111	{
	112	$group_info['phpgwaccountvisible'] = '-1';
	113	}
	114
[2]	115	$result = $this->ldap_functions->ldap_add_entry($dn, $group_info);
	116	if (!$result['status'])
	117	{
	118	$return['status'] = false;
[317]	119	if ($result['error_number'] == '65')
[414]	120	{
	121	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
	122	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
[587]	123	lang("A updated version of these files can be found here") . ":\n" .
[317]	124	"www.expressolivre.org -> Downloads -> schema.tgz";
[414]	125	}
[317]	126	else
	127	$return['msg'] .= $result['msg'];
[2]	128	}
	129
	130	// Chama funcao para incluir os aplicativos ao grupo
	131	$result = $this->db_functions->add_id2apps($id, $params['apps']);
	132	if (!$result['status'])
	133	{
	134	$return['status'] = false;
	135	$return['msg'] .= $result['msg'];
	136	}
[3251]	137	// PERSONAL DATA FIELDS TO BLOCK.
	138	if(is_array($params['acl_block_personal_data'])){
	139	$acl_personal_data = 0;
	140	foreach($params['acl_block_personal_data'] as $i => $data_field){
	141	$acl_personal_data \|= intval($data_field);
	142	}
	143	$this->db_functions->save_acl_personal_data($id, $acl_personal_data, 'add');
	144	}
[2]	145
	146	if ($return['status'] == true)
	147	{
[414]	148	$this->db_functions->write_log("Created group",$dn);
[2]	149	}
	150
	151	return $return;
	152	}
	153
	154	function save($new_values)
	155	{
	156	// Verifica o acesso do gerente
	157	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups'))
	158	{
	159	$return['status'] = false;
[414]	160	$return['msg'] = lang('You do not have access to edit groups') . '.';
[2]	161	return $return;
	162	}
	163
	164	$return['status'] = true;
	165
	166	//Retira os uids duplicados se existir
	167	$array_tmp = array();
	168	$array_tmp = array_unique($new_values['members']);
	169	$new_values['members'] = $array_tmp;
	170
	171	$old_values = $this->get_info($new_values['gidnumber'], $new_values['manager_context']);
	172	$diff = array_diff($new_values, $old_values);
	173
	174	$dn = 'cn=' . $old_values['cn'] . ',' . $old_values['context'];
	175	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	176	// RENAME
	177	if ($diff['context'] \|\| $diff['cn'])
	178	{
[355]	179	if ( (strcasecmp($old_values['cn'], $new_values['cn']) != 0) \|\| (strcasecmp($old_values['context'], $new_values['context']) != 0) )
[2]	180	{
[355]	181	$newrdn = 'cn=' . $new_values['cn'];
	182	$newparent = $new_values['context'];
	183	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
	184	if (!$result['status'])
	185	{
	186	$return['status'] = false;
	187	$return['msg'] .= $result['msg'];
	188	}
	189	else
	190	{
	191	$dn = $newrdn . ',' . $newparent;
[414]	192	$this->db_functions->write_log('Renamed group', $old_values['cn'] . '->' . $dn);
[355]	193	}
[2]	194	}
	195	}
	196
[46]	197	$ldap_mod_replace = array();
[2]	198	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[33]	199	// REPLACE SAMBASID OF SAMBA
[46]	200	if ( ($this->current_config['expressoAdmin_samba_support'] == 'true') && ($diff['sambasid']) && ($old_values['sambasid']))
[33]	201	{
[46]	202	$ldap_mod_replace['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
[414]	203	$this->db_functions->write_log('modified group samba domain', $dn . ': ' . $old_values['sambasid'] . '->' . $new_values['sambasid']);
	204
[33]	205	}
	206
	207	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[2]	208	// REPLACE DESCRIPTION
	209	if ($new_values['description'] != $old_values['description'])
	210	{
	211	$ldap_mod_replace['description'] = $new_values['description'];
[414]	212	$this->db_functions->write_log('modified group description',$dn . ': ' . $old_values['description'] . '->' . $new_values['description'] );
[33]	213	}
	214
	215	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[46]	216	// REPLACE E-Mail
	217	if ((($old_values['email']) && ($diff['email'])) &&
	218	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
	219	{
	220	$ldap_mod_replace['mail'] = $new_values['email'];
[414]	221	$this->db_functions->write_log('modified group email', $dn . ': ' . $old_values['email'] . '->' . $new_values['email']);
[46]	222	}
	223
	224	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	225	// CALL LDAP_REPLACE FUNCTION
[33]	226	if (count($ldap_mod_replace))
	227	{
[2]	228	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
	229	if (!$result['status'])
	230	{
	231	$return['status'] = false;
[317]	232	if ($result['error_number'] == '65')
[414]	233	{
	234	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
	235	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
[587]	236	lang("A updated version of these files can be found here") . ":\n" .
[317]	237	"www.expressolivre.org -> Downloads -> schema.tgz";
[414]	238	}
[317]	239	else
	240	$return['msg'] .= $result['msg'];
[2]	241	}
[33]	242	}
[2]	243
	244	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	245	// REMOVE ATTRS OF SAMBA
	246	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($old_values['sambaGroup']) && ($new_values['use_attrs_samba'] != 'on'))
	247	{
	248	$ldap_remove['objectclass'] = 'sambaGroupMapping';
	249	$ldap_remove['sambagrouptype'] = array();
	250	$ldap_remove['sambaSID'] = array();
	251
	252	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
	253	if (!$result['status'])
	254	{
	255	$return['status'] = false;
	256	$return['msg'] .= $result['msg'];
	257	}
	258	else
[414]	259	$this->db_functions->write_log('removed group samba attributes',$dn);
[2]	260	}
	261
	262	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	263	// ADD ATTRS OF SAMBA
	264	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$old_values['sambaGroup']) && ($new_values['use_attrs_samba'] == 'on'))
	265	{
[587]	266	$ldap_add['objectClass'][] = 'sambaGroupMapping';
	267	$ldap_add['sambagrouptype'] = '2';
	268	$ldap_add['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
	269
	270	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
	271	if (!$result['status'])
[2]	272	{
	273	$return['status'] = false;
[587]	274	$return['msg'] .= $result['msg'];
[2]	275	}
	276	else
[587]	277	$this->db_functions->write_log('Added samba attibutes to group',$dn);
[2]	278	}
[33]	279
[2]	280	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[23]	281	// ADD ATTRIBUTES
[46]	282	$ldap_add = array();
[23]	283	if (($new_values['phpgwaccountvisible'] == 'on') && ($old_values['phpgwaccountvisible'] != '-1'))
	284	{
	285	$ldap_add['phpgwaccountvisible'] = '-1';
[414]	286	$this->db_functions->write_log("added attribute phpgwAccountVisible to group",$dn);
[46]	287	}
	288	if ((($new_values['email']) && (!$old_values['email'])) &&
	289	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
	290	{
	291	$ldap_add['mail'] = $new_values['email'];
[414]	292	$this->db_functions->write_log("added attribute mail to group",$dn);
[46]	293	}
	294	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	295	// CALL LDAP_ADD FUNCTION
	296	if (count($ldap_add))
	297	{
[23]	298	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
	299	if (!$result['status'])
	300	{
	301	$return['status'] = false;
[317]	302	if ($result['error_number'] == '65')
[414]	303	{
	304	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
	305	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
[587]	306	lang("A updated version of these files can be found here") . ":\n" .
[414]	307	"www.expressolivre.org -> Downloads -> schema.tgz";
	308	}
[317]	309	else
	310	$return['msg'] .= $result['msg'];
[23]	311	}
	312	}
[46]	313
	314	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[23]	315	// REMOVE ATTRIBUTES
[46]	316	$ldap_remove = array();
[23]	317	if (($new_values['phpgwaccountvisible'] != 'on') && ($old_values['phpgwaccountvisible'] == '-1'))
	318	{
	319	$ldap_remove['phpgwaccountvisible'] = array();
[414]	320	$this->db_functions->write_log("removed attribute phpgwAccountVisible from group",$dn);
[46]	321	}
	322	if (((!$new_values['email']) && ($old_values['email'])) &&
	323	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
	324	{
	325	$ldap_remove['mail'] = array();
[414]	326	$this->db_functions->write_log("removed attribute mail from group",$dn);
[46]	327	}
	328	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	329	// CALL LDAP_REMOVED FUNCTION
	330	if (count($ldap_remove))
	331	{
[23]	332	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
	333	if (!$result['status'])
	334	{
	335	$return['status'] = false;
	336	$return['msg'] .= $result['msg'];
	337	}
	338	}
	339
	340	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[2]	341	// USERS
	342
	343	if (!$new_values['members'])
	344	$new_values['members'] = array();
	345	if (!$old_values['members'])
	346	$old_values['members'] = array();
	347
	348	$add_users = array_diff($new_values['members'], $old_values['members']);
	349	$remove_users = array_diff($old_values['members'], $new_values['members']);
	350
	351	if (count($add_users)>0)
	352	{
	353	$array_memberUids_add = array();
	354	foreach($add_users as $uidnumber)
	355	{
[86]	356	if (is_numeric($uidnumber) && ($uidnumber != -1))
[2]	357	{
	358	$this->db_functions->add_user2group($new_values['gidnumber'], $uidnumber);
	359	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
	360	$array_memberUids_add[] = $user;
[438]	361	$this->db_functions->write_log("included user to group","dn:$dn -> uid:$user");
[2]	362	}
	363	}
[396]	364	if (count($array_memberUids_add) > 0)
	365	$this->ldap_functions->add_user2group($new_values['gidnumber'], $array_memberUids_add);
[2]	366	}
	367	if (count($remove_users)>0)
	368	{
	369	$array_memberUids_remove = array();
	370	foreach($remove_users as $uidnumber)
	371	{
[86]	372	if ($uidnumber != -1)
	373	{
	374	$this->db_functions->remove_user2group($new_values['gidnumber'], $uidnumber);
	375	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
	376	$array_memberUids_remove[] = $user;
[414]	377	$this->db_functions->write_log("removed user from group","$dn: $user");
[86]	378	}
[2]	379	}
[396]	380	if (count($array_memberUids_remove)>0)
	381	$this->ldap_functions->remove_user2group($new_values['gidnumber'], $array_memberUids_remove);
[2]	382	}
	383
	384	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	385	// APPS
	386	$new_values2 = array();
	387	$old_values2 = array();
	388	if (count($new_values['apps'])>0)
	389	{
	390	foreach ($new_values['apps'] as $app=>$tmp)
	391	{
	392	$new_values2[] = $app;
	393	}
	394	}
	395	if (count($old_values['apps'])>0)
	396	{
	397	foreach ($old_values['apps'] as $app=>$tmp)
	398	{
	399	$old_values2[] = $app;
	400	}
	401	}
[9]	402
	403	$add_apps = array_flip(array_diff($new_values2, $old_values2));
	404	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
[2]	405
	406	if (count($add_apps)>0)
	407	{
[9]	408	$this->db_functions->add_id2apps($new_values['gidnumber'], $add_apps);
	409
	410	foreach ($add_apps as $app => $index)
[414]	411	$this->db_functions->write_log("added application to group","$app: $dn");
[2]	412	}
[9]	413
[2]	414	if (count($remove_apps)>0)
	415	{
[9]	416	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
	417	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
	418
	419	foreach ($remove_apps as $app => $app_index)
	420	{
	421	if ($manager_apps[$app] == 'run')
	422	$remove_apps2[$app] = $app_index;
	423	}
	424	$this->db_functions->remove_id2apps($new_values['gidnumber'], $remove_apps2);
	425
	426	foreach ($remove_apps2 as $app => $access)
[414]	427	$this->db_functions->write_log("removed application from group","$app: $dn");
[2]	428	}
[3251]	429	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	430	// PERSONAL DATA FIELDS TO BLOCK.
	431	$old_acl_personal_data = intval($old_values['acl_block_personal_data']);
	432	$new_acl_personal_data = 0;
	433	if(is_array($new_values['acl_block_personal_data'])){
	434	foreach($new_values['acl_block_personal_data'] as $i => $data_field){
	435	$new_acl_personal_data \|= intval($data_field);
	436	}
	437	}
	438	if($new_acl_personal_data != $old_acl_personal_data){
	439	if($new_acl_personal_data > 0 && $old_acl_personal_data == 0) {
	440	$this->db_functions->save_acl_personal_data($new_values['gidnumber'], $new_acl_personal_data, 'add');
	441	$this->db_functions->write_log("added ACL block personal data to group","dn:$dn -> acl: $new_acl_personal_data");
	442	}
	443	elseif($new_acl_personal_data == 0 && $old_acl_personal_data > 0){
	444	$this->db_functions->save_acl_personal_data($new_values['gidnumber'], $new_acl_personal_data, 'remove');
	445	$this->db_functions->write_log("removed ACL block personal data to group","dn:$dn");
	446	}
	447	else{
	448	$this->db_functions->save_acl_personal_data($new_values['gidnumber'], $new_acl_personal_data);
	449	$this->db_functions->write_log("changed ACL block personal data to group","dn:$dn -> acl: $old_acl_personal_data => $new_acl_personal_data");
	450	}
	451	}
[2]	452
	453	return $return;
	454	}
	455
	456
[3396]	457	function get_info($gidnumber,$use_global_context=false)
[2]	458	{
[3396]	459	$group_info_ldap = $this->ldap_functions->get_group_info($gidnumber,$use_global_context);
	460	$group_info_db = $this->db_functions->get_group_info($gidnumber,$use_global_context);
[2]	461
	462	$group_info = array_merge($group_info_ldap, $group_info_db);
	463	return $group_info;
	464	}
	465
	466	function delete($params)
	467	{
	468	// Verifica o acesso do gerente
	469	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_groups'))
	470	{
	471	$return['status'] = false;
[414]	472	$return['msg'] = lang('You do not have acces to remove groups') . '.';
[2]	473	return $return;
	474	}
	475
	476	$return['status'] = true;
	477
	478	$gidnumber = $params['gidnumber'];
	479	$cn = $params['cn'];
	480
	481	//LDAP
	482	$result_ldap = $this->ldap_functions->delete_group($gidnumber);
	483	if (!$result_ldap['status'])
	484	{
	485	$return['status'] = false;
	486	$return['msg'] .= $result_ldap['msg'];
	487	}
	488
	489	//DB
	490	$result_db = $this->db_functions->delete_group($gidnumber);
	491	if (!$result_db['status'])
	492	{
	493	$return['status'] = false;
	494	$return['msg'] .= $result_ldap['msg'];
	495	}
	496
	497	if ($return['status'] == true)
	498	{
[414]	499	$this->db_functions->write_log("deleted group","$cn");
[2]	500	}
	501
	502	return $return;
	503	}
	504
	505	}
	506	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/2.2/expressoAdmin1_2/inc/class.group.inc.php @ 3396

Download in other formats: