Context Navigation

source: trunk/expressoAdmin1_2/inc/class.group.inc.php @ 2712

Revision 2712, 16.8 KB checked in by rodsouza, 14 years ago (diff)
Ticket #1058 - Adaptando todo o expressoAdmin1_2 para não realizar reload.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Rev	Line
[2]	1	<?php
	2	/**********************************************************************************\
	3	* Expresso Administração *
	4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
	5	* --------------------------------------------------------------------------------*
	6	* This program is free software; you can redistribute it and/or modify it *
	7	* under the terms of the GNU General Public License as published by the *
	8	* Free Software Foundation; either version 2 of the License, or (at your *
	9	* option) any later version. *
	10	\**********************************************************************************/
	11
	12	include_once('class.ldap_functions.inc.php');
	13	include_once('class.db_functions.inc.php');
	14	include_once('class.imap_functions.inc.php');
	15	include_once('class.functions.inc.php');
	16
	17	class group
	18	{
	19	var $ldap_functions;
	20	var $db_functions;
	21	var $imap_functions;
	22	var $functions;
	23	var $current_config;
	24
	25	function group()
	26	{
	27	$this->ldap_functions = new ldap_functions;
	28	$this->db_functions = new db_functions;
	29	$this->imap_functions = new imap_functions;
	30	$this->functions = new functions;
	31	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
	32	}
	33
	34	function validate_fields($params)
	35	{
[2712]	36	return serialize( $this->ldap_functions->validate_fields_group($params) );
[2]	37	}
	38
	39	function create($params)
	40	{
	41	// Verifica o acesso do gerente
	42	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_groups'))
	43	{
	44	$return['status'] = false;
[414]	45	$return['msg'] = lang('You do not have access to create new groups') . '.';
[2]	46	return $return;
	47	}
	48
	49	$return['status'] = true;
	50
	51	//Retira os uids duplicados se existir
	52	$array_tmp = array();
[317]	53	$array_tmp = @array_unique($params['members']);
[2]	54	$params['members'] = $array_tmp;
[64]	55
	56	// Leio o ID a ser usado na criação do objecto.
	57	$next_id = ($this->db_functions->get_next_id('groups'));
	58	if ((!is_numeric($next_id['id'])) \|\| (!$next_id['status']))
	59	{
	60	$return['status'] = false;
[414]	61	$return['msg'] = lang('Problems getting group ID') . ':' . $next_id['msg'];
[64]	62	return $return;
	63	}
	64	else
	65	{
	66	$id = $next_id['id'];
	67	}
[2]	68
	69	// Cria array para incluir no LDAP
	70	$dn = 'cn=' . $params['cn'] . ',' . $params['context'];
	71
	72	$group_info = array();
	73	$group_info['cn'] = $params['cn'];
	74	$group_info['description'] = $params['description'];
	75	$group_info['gidNumber'] = $id;
	76	$group_info['objectClass'][] = 'top';
	77	$group_info['objectClass'][] = 'posixGroup';
	78	$group_info['objectClass'][] = 'phpgwAccount';
	79	$group_info['phpgwAccountExpires'] = '-1';
	80	$group_info['phpgwAccountType'] = 'g';
	81	$group_info['userPassword'] = '';
	82
[46]	83	// E-mail for groups
	84	if ($params['email'] != '')
	85	$group_info['mail'] = $params['email'];
	86
[317]	87	if ( (count($params['members'])) && (is_array($params['members'])) )
[2]	88	{
	89	foreach ($params['members'] as $index => $uidnumber)
	90	{
	91	$uid = $this->ldap_functions->uidnumber2uid($uidnumber);
	92	$group_info['memberuid'][] = $uid;
	93
	94	// Chama funcao para incluir os uidnumbers dos usuarios no grupo
	95	$result = $this->db_functions->add_user2group($id, $uidnumber);
	96
[414]	97	$this->db_functions->write_log("Added user to group on user criation", $group_info['cn'] . ": " . $dn);
[2]	98	}
	99	}
	100
	101	// Suporte ao SAMBA
	102	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
	103	{
	104	$group_info['objectClass'][] = 'sambaGroupMapping';
[46]	105	$group_info['sambaSID'] = $params['sambasid'] . '-' . (($id * 2) + 1001);
[2]	106	$group_info['sambaGroupType'] = '2';
	107	}
	108
[23]	109	// ADD ATTRIBUTES
	110	if ($params['phpgwaccountvisible'] == 'on')
	111	{
	112	$group_info['phpgwaccountvisible'] = '-1';
	113	}
	114
[2]	115	$result = $this->ldap_functions->ldap_add_entry($dn, $group_info);
	116	if (!$result['status'])
	117	{
	118	$return['status'] = false;
[317]	119	if ($result['error_number'] == '65')
[414]	120	{
	121	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
	122	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
[587]	123	lang("A updated version of these files can be found here") . ":\n" .
[317]	124	"www.expressolivre.org -> Downloads -> schema.tgz";
[414]	125	}
[317]	126	else
	127	$return['msg'] .= $result['msg'];
[2]	128	}
	129
	130	// Chama funcao para incluir os aplicativos ao grupo
	131	$result = $this->db_functions->add_id2apps($id, $params['apps']);
	132	if (!$result['status'])
	133	{
	134	$return['status'] = false;
	135	$return['msg'] .= $result['msg'];
	136	}
	137
	138	if ($return['status'] == true)
	139	{
[414]	140	$this->db_functions->write_log("Created group",$dn);
[2]	141	}
	142
	143	return $return;
	144	}
	145
	146	function save($new_values)
	147	{
	148	// Verifica o acesso do gerente
	149	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups'))
	150	{
	151	$return['status'] = false;
[414]	152	$return['msg'] = lang('You do not have access to edit groups') . '.';
[2]	153	return $return;
	154	}
	155
	156	$return['status'] = true;
	157
	158	//Retira os uids duplicados se existir
	159	$array_tmp = array();
	160	$array_tmp = array_unique($new_values['members']);
	161	$new_values['members'] = $array_tmp;
	162
	163	$old_values = $this->get_info($new_values['gidnumber'], $new_values['manager_context']);
	164	$diff = array_diff($new_values, $old_values);
	165
	166	$dn = 'cn=' . $old_values['cn'] . ',' . $old_values['context'];
	167	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	168	// RENAME
	169	if ($diff['context'] \|\| $diff['cn'])
	170	{
[355]	171	if ( (strcasecmp($old_values['cn'], $new_values['cn']) != 0) \|\| (strcasecmp($old_values['context'], $new_values['context']) != 0) )
[2]	172	{
[355]	173	$newrdn = 'cn=' . $new_values['cn'];
	174	$newparent = $new_values['context'];
	175	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
	176	if (!$result['status'])
	177	{
	178	$return['status'] = false;
	179	$return['msg'] .= $result['msg'];
	180	}
	181	else
	182	{
	183	$dn = $newrdn . ',' . $newparent;
[414]	184	$this->db_functions->write_log('Renamed group', $old_values['cn'] . '->' . $dn);
[355]	185	}
[2]	186	}
	187	}
	188
[46]	189	$ldap_mod_replace = array();
[2]	190	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[33]	191	// REPLACE SAMBASID OF SAMBA
[46]	192	if ( ($this->current_config['expressoAdmin_samba_support'] == 'true') && ($diff['sambasid']) && ($old_values['sambasid']))
[33]	193	{
[46]	194	$ldap_mod_replace['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
[414]	195	$this->db_functions->write_log('modified group samba domain', $dn . ': ' . $old_values['sambasid'] . '->' . $new_values['sambasid']);
	196
[33]	197	}
	198
	199	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[2]	200	// REPLACE DESCRIPTION
	201	if ($new_values['description'] != $old_values['description'])
	202	{
	203	$ldap_mod_replace['description'] = $new_values['description'];
[414]	204	$this->db_functions->write_log('modified group description',$dn . ': ' . $old_values['description'] . '->' . $new_values['description'] );
[33]	205	}
	206
	207	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[46]	208	// REPLACE E-Mail
	209	if ((($old_values['email']) && ($diff['email'])) &&
	210	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
	211	{
	212	$ldap_mod_replace['mail'] = $new_values['email'];
[414]	213	$this->db_functions->write_log('modified group email', $dn . ': ' . $old_values['email'] . '->' . $new_values['email']);
[46]	214	}
	215
	216	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	217	// CALL LDAP_REPLACE FUNCTION
[33]	218	if (count($ldap_mod_replace))
	219	{
[2]	220	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
	221	if (!$result['status'])
	222	{
	223	$return['status'] = false;
[317]	224	if ($result['error_number'] == '65')
[414]	225	{
	226	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
	227	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
[587]	228	lang("A updated version of these files can be found here") . ":\n" .
[317]	229	"www.expressolivre.org -> Downloads -> schema.tgz";
[414]	230	}
[317]	231	else
	232	$return['msg'] .= $result['msg'];
[2]	233	}
[33]	234	}
[2]	235
	236	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	237	// REMOVE ATTRS OF SAMBA
	238	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($old_values['sambaGroup']) && ($new_values['use_attrs_samba'] != 'on'))
	239	{
	240	$ldap_remove['objectclass'] = 'sambaGroupMapping';
	241	$ldap_remove['sambagrouptype'] = array();
	242	$ldap_remove['sambaSID'] = array();
	243
	244	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
	245	if (!$result['status'])
	246	{
	247	$return['status'] = false;
	248	$return['msg'] .= $result['msg'];
	249	}
	250	else
[414]	251	$this->db_functions->write_log('removed group samba attributes',$dn);
[2]	252	}
	253
	254	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	255	// ADD ATTRS OF SAMBA
	256	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$old_values['sambaGroup']) && ($new_values['use_attrs_samba'] == 'on'))
	257	{
[587]	258	$ldap_add['objectClass'][] = 'sambaGroupMapping';
	259	$ldap_add['sambagrouptype'] = '2';
	260	$ldap_add['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
	261
	262	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
	263	if (!$result['status'])
[2]	264	{
	265	$return['status'] = false;
[587]	266	$return['msg'] .= $result['msg'];
[2]	267	}
	268	else
[587]	269	$this->db_functions->write_log('Added samba attibutes to group',$dn);
[2]	270	}
[33]	271
[2]	272	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[23]	273	// ADD ATTRIBUTES
[46]	274	$ldap_add = array();
[23]	275	if (($new_values['phpgwaccountvisible'] == 'on') && ($old_values['phpgwaccountvisible'] != '-1'))
	276	{
	277	$ldap_add['phpgwaccountvisible'] = '-1';
[414]	278	$this->db_functions->write_log("added attribute phpgwAccountVisible to group",$dn);
[46]	279	}
	280	if ((($new_values['email']) && (!$old_values['email'])) &&
	281	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
	282	{
	283	$ldap_add['mail'] = $new_values['email'];
[414]	284	$this->db_functions->write_log("added attribute mail to group",$dn);
[46]	285	}
	286	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	287	// CALL LDAP_ADD FUNCTION
	288	if (count($ldap_add))
	289	{
[23]	290	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
	291	if (!$result['status'])
	292	{
	293	$return['status'] = false;
[317]	294	if ($result['error_number'] == '65')
[414]	295	{
	296	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
	297	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
[587]	298	lang("A updated version of these files can be found here") . ":\n" .
[414]	299	"www.expressolivre.org -> Downloads -> schema.tgz";
	300	}
[317]	301	else
	302	$return['msg'] .= $result['msg'];
[23]	303	}
	304	}
[46]	305
	306	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[23]	307	// REMOVE ATTRIBUTES
[46]	308	$ldap_remove = array();
[23]	309	if (($new_values['phpgwaccountvisible'] != 'on') && ($old_values['phpgwaccountvisible'] == '-1'))
	310	{
	311	$ldap_remove['phpgwaccountvisible'] = array();
[414]	312	$this->db_functions->write_log("removed attribute phpgwAccountVisible from group",$dn);
[46]	313	}
	314	if (((!$new_values['email']) && ($old_values['email'])) &&
	315	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
	316	{
	317	$ldap_remove['mail'] = array();
[414]	318	$this->db_functions->write_log("removed attribute mail from group",$dn);
[46]	319	}
	320	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	321	// CALL LDAP_REMOVED FUNCTION
	322	if (count($ldap_remove))
	323	{
[23]	324	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
	325	if (!$result['status'])
	326	{
	327	$return['status'] = false;
	328	$return['msg'] .= $result['msg'];
	329	}
	330	}
	331
	332	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
[2]	333	// USERS
	334
	335	if (!$new_values['members'])
	336	$new_values['members'] = array();
	337	if (!$old_values['members'])
	338	$old_values['members'] = array();
	339
	340	$add_users = array_diff($new_values['members'], $old_values['members']);
	341	$remove_users = array_diff($old_values['members'], $new_values['members']);
	342
	343	if (count($add_users)>0)
	344	{
	345	$array_memberUids_add = array();
	346	foreach($add_users as $uidnumber)
	347	{
[86]	348	if (is_numeric($uidnumber) && ($uidnumber != -1))
[2]	349	{
	350	$this->db_functions->add_user2group($new_values['gidnumber'], $uidnumber);
	351	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
	352	$array_memberUids_add[] = $user;
[438]	353	$this->db_functions->write_log("included user to group","dn:$dn -> uid:$user");
[2]	354	}
	355	}
[396]	356	if (count($array_memberUids_add) > 0)
	357	$this->ldap_functions->add_user2group($new_values['gidnumber'], $array_memberUids_add);
[2]	358	}
	359	if (count($remove_users)>0)
	360	{
	361	$array_memberUids_remove = array();
	362	foreach($remove_users as $uidnumber)
	363	{
[86]	364	if ($uidnumber != -1)
	365	{
	366	$this->db_functions->remove_user2group($new_values['gidnumber'], $uidnumber);
	367	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
	368	$array_memberUids_remove[] = $user;
[414]	369	$this->db_functions->write_log("removed user from group","$dn: $user");
[86]	370	}
[2]	371	}
[396]	372	if (count($array_memberUids_remove)>0)
	373	$this->ldap_functions->remove_user2group($new_values['gidnumber'], $array_memberUids_remove);
[2]	374	}
	375
	376	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	377	// APPS
	378	$new_values2 = array();
	379	$old_values2 = array();
	380	if (count($new_values['apps'])>0)
	381	{
	382	foreach ($new_values['apps'] as $app=>$tmp)
	383	{
	384	$new_values2[] = $app;
	385	}
	386	}
	387	if (count($old_values['apps'])>0)
	388	{
	389	foreach ($old_values['apps'] as $app=>$tmp)
	390	{
	391	$old_values2[] = $app;
	392	}
	393	}
[9]	394
	395	$add_apps = array_flip(array_diff($new_values2, $old_values2));
	396	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
[2]	397
	398	if (count($add_apps)>0)
	399	{
[9]	400	$this->db_functions->add_id2apps($new_values['gidnumber'], $add_apps);
	401
	402	foreach ($add_apps as $app => $index)
[414]	403	$this->db_functions->write_log("added application to group","$app: $dn");
[2]	404	}
[9]	405
[2]	406	if (count($remove_apps)>0)
	407	{
[9]	408	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
	409	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
	410
	411	foreach ($remove_apps as $app => $app_index)
	412	{
	413	if ($manager_apps[$app] == 'run')
	414	$remove_apps2[$app] = $app_index;
	415	}
	416	$this->db_functions->remove_id2apps($new_values['gidnumber'], $remove_apps2);
	417
	418	foreach ($remove_apps2 as $app => $access)
[414]	419	$this->db_functions->write_log("removed application from group","$app: $dn");
[2]	420	}
	421	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
	422
	423	return $return;
	424	}
	425
	426
[64]	427	function get_info($gidnumber)
[2]	428	{
[64]	429	$group_info_ldap = $this->ldap_functions->get_group_info($gidnumber);
[2]	430	$group_info_db = $this->db_functions->get_group_info($gidnumber);
	431
	432	$group_info = array_merge($group_info_ldap, $group_info_db);
	433	return $group_info;
	434	}
	435
	436	function delete($params)
	437	{
	438	// Verifica o acesso do gerente
	439	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_groups'))
	440	{
	441	$return['status'] = false;
[414]	442	$return['msg'] = lang('You do not have acces to remove groups') . '.';
[2]	443	return $return;
	444	}
	445
	446	$return['status'] = true;
	447
	448	$gidnumber = $params['gidnumber'];
	449	$cn = $params['cn'];
	450
	451	//LDAP
	452	$result_ldap = $this->ldap_functions->delete_group($gidnumber);
	453	if (!$result_ldap['status'])
	454	{
	455	$return['status'] = false;
	456	$return['msg'] .= $result_ldap['msg'];
	457	}
	458
	459	//DB
	460	$result_db = $this->db_functions->delete_group($gidnumber);
	461	if (!$result_db['status'])
	462	{
	463	$return['status'] = false;
	464	$return['msg'] .= $result_ldap['msg'];
	465	}
	466
	467	if ($return['status'] == true)
	468	{
[414]	469	$this->db_functions->write_log("deleted group","$cn");
[2]	470	}
	471
	472	return $return;
	473	}
	474
	475	}
[2712]	476	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: