Context Navigation

source: trunk/expressoAdmin1_2/inc/class.group.inc.php @ 33

Revision 33, 14.0 KB checked in by niltonneto, 17 years ago (diff)
* empty log message *
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class group
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25
26	function group()
27	{
28	$this->ldap_functions = new ldap_functions;
29	$this->db_functions = new db_functions;
30	$this->imap_functions = new imap_functions;
31	$this->functions = new functions;
32	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
33	}
34
35	function validate_fields($params)
36	{
37	return $this->ldap_functions->validate_fields_group($params);
38	}
39
40	function create($params)
41	{
42	// Verifica o acesso do gerente
43	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_groups'))
44	{
45	$return['status'] = false;
46	$return['msg'] = 'Você não tem acesso para criar novos grupos.';
47	return $return;
48	}
49
50	$return['status'] = true;
51
52	//Retira os uids duplicados se existir
53	$array_tmp = array();
54	$array_tmp = array_unique($params['members']);
55	$params['members'] = $array_tmp;
56
57	// Pega ID do BD e incrementa de 1.
58	$id = (($this->db_functions->get_next_id()) + 1);
59
60	// Incrementa o id no BD.
61	$this->db_functions->increment_id($id,'groups');
62
63	// Cria array para incluir no LDAP
64	$dn = 'cn=' . $params['cn'] . ',' . $params['context'];
65
66	$group_info = array();
67	$group_info['cn'] = $params['cn'];
68	$group_info['description'] = $params['description'];
69	$group_info['gidNumber'] = $id;
70	$group_info['objectClass'][] = 'top';
71	$group_info['objectClass'][] = 'posixGroup';
72	$group_info['objectClass'][] = 'phpgwAccount';
73	$group_info['phpgwAccountExpires'] = '-1';
74	$group_info['phpgwAccountType'] = 'g';
75	$group_info['userPassword'] = '';
76
77	if (count($params['members']))
78	{
79	foreach ($params['members'] as $index => $uidnumber)
80	{
81	$uid = $this->ldap_functions->uidnumber2uid($uidnumber);
82	$group_info['memberuid'][] = $uid;
83
84	// Chama funcao para incluir os uidnumbers dos usuarios no grupo
85	$result = $this->db_functions->add_user2group($id, $uidnumber);
86
87	$this->db_functions->write_log("Adicionado usuario $uid ao grupo ".$group_info['cn']." no momento da criação",$dn,$uidnumber,'','');
88	}
89	}
90
91	// Suporte ao SAMBA
92	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
93	{
94	$group_info['objectClass'][] = 'sambaGroupMapping';
95	$group_info['sambaSID'] = $params['sambadomain'] . '-' . (($id * 2) + 1001);
96	$group_info['sambaGroupType'] = '2';
97	}
98
99	// ADD ATTRIBUTES
100	if ($params['phpgwaccountvisible'] == 'on')
101	{
102	$group_info['phpgwaccountvisible'] = '-1';
103	}
104
105	$result = $this->ldap_functions->ldap_add_entry($dn, $group_info);
106	if (!$result['status'])
107	{
108	$return['status'] = false;
109	$return['msg'] .= $result['msg'];
110	}
111
112	// Chama funcao para incluir os aplicativos ao grupo
113	$result = $this->db_functions->add_id2apps($id, $params['apps']);
114	if (!$result['status'])
115	{
116	$return['status'] = false;
117	$return['msg'] .= $result['msg'];
118	}
119
120	if ($return['status'] == true)
121	{
122	$this->db_functions->write_log("Criado grupo de usuários $dn",'',$dn,'','');
123	}
124
125	return $return;
126	}
127
128	function save($new_values)
129	{
130	// Verifica o acesso do gerente
131	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups'))
132	{
133	$return['status'] = false;
134	$return['msg'] = 'Você não tem acesso para editar grupos.';
135	return $return;
136	}
137
138	$return['status'] = true;
139
140	//Retira os uids duplicados se existir
141	$array_tmp = array();
142	$array_tmp = array_unique($new_values['members']);
143	$new_values['members'] = $array_tmp;
144
145	$old_values = $this->get_info($new_values['gidnumber'], $new_values['manager_context']);
146	$diff = array_diff($new_values, $old_values);
147
148	$dn = 'cn=' . $old_values['cn'] . ',' . $old_values['context'];
149	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
150	// RENAME
151	if ($diff['context'] \|\| $diff['cn'])
152	{
153	$newrdn = 'cn=' . $new_values['cn'];
154	$newparent = $new_values['context'];
155	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
156	if (!$result['status'])
157	{
158	$return['status'] = false;
159	$return['msg'] .= $result['msg'];
160	}
161	else
162	{
163	$dn = $newrdn . ',' . $newparent;
164	$this->db_functions->write_log('Renomeado grupo de usuários de '.$old_values['cn']." para $dn.",'',$dn,$old_values['cn'],'');
165	}
166	}
167
168	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
169	// REPLACE SAMBASID OF SAMBA
170	if ( ($this->current_config['expressoAdmin_samba_support'] == 'true') && ($diff['sambadomain']) )
171	{
172	$ldap_mod_replace['sambaSID'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['uidnumber'])+1001);
173	$this->db_functions->write_log("Alterado dominio samba do grupo $dn para " . $new_values['sambadomain'],'',$dn,'','');
174	}
175
176	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
177	// REPLACE DESCRIPTION
178	if ($new_values['description'] != $old_values['description'])
179	{
180	$ldap_mod_replace['description'] = $new_values['description'];
181	$this->db_functions->write_log("Modificado descrição do grupo $dn",'',$dn,'','');
182	}
183
184	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
185	// CALL LDAP_REPLACE FUNCTION
186	if (count($ldap_mod_replace))
187	{
188	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
189	if (!$result['status'])
190	{
191	$return['status'] = false;
192	$return['msg'] .= $result['msg'];
193	}
194	}
195
196	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
197	// REMOVE ATTRS OF SAMBA
198	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($old_values['sambaGroup']) && ($new_values['use_attrs_samba'] != 'on'))
199	{
200	$ldap_remove['objectclass'] = 'sambaGroupMapping';
201	$ldap_remove['sambagrouptype'] = array();
202	$ldap_remove['sambaSID'] = array();
203
204	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
205	if (!$result['status'])
206	{
207	$return['status'] = false;
208	$return['msg'] .= $result['msg'];
209	}
210	else
211	$this->db_functions->write_log("Removido atributos samba do grupo $dn",'',$dn,'','');
212	}
213
214	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
215	// ADD ATTRS OF SAMBA
216	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$old_values['sambaGroup']) && ($new_values['use_attrs_samba'] == 'on'))
217	{
218	//Verifica se o binario para criar as senhas do samba exite.
219	if (!is_file('/home/expressolivre/mkntpwd'))
220	{
221	$return['status'] = false;
222	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n";
223	}
224	else
225	{
226	$ldap_add['objectClass'][] = 'sambaGroupMapping';
227	$ldap_add['sambagrouptype'] = '2';
228	$ldap_add['sambasid'] = $new_values['sambadomain'] . '-' . ((2 * $new_values['gidnumber'])+1001);
229
230	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
231	if (!$result['status'])
232	{
233	$return['status'] = false;
234	$return['msg'] .= $result['msg'];
235	}
236	else
237	$this->db_functions->write_log("Adicionado atributos samba ao grupo $dn",'','','','');
238	}
239	}
240
241	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
242	// ADD ATTRIBUTES
243	if (($new_values['phpgwaccountvisible'] == 'on') && ($old_values['phpgwaccountvisible'] != '-1'))
244	{
245	$ldap_add['phpgwaccountvisible'] = '-1';
246	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
247	if (!$result['status'])
248	{
249	$return['status'] = false;
250	$return['msg'] .= $result['msg'];
251	}
252	else
253	$this->db_functions->write_log("Adicionado atributo phpgwaccountvisible ao grupo $dn",'','','','');
254	}
255
256	// REMOVE ATTRIBUTES
257	if (($new_values['phpgwaccountvisible'] != 'on') && ($old_values['phpgwaccountvisible'] == '-1'))
258	{
259	$ldap_remove['phpgwaccountvisible'] = array();
260	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
261	if (!$result['status'])
262	{
263	$return['status'] = false;
264	$return['msg'] .= $result['msg'];
265	}
266	else
267	$this->db_functions->write_log("Removido atributo phpgwaccountvisible do grupo $dn",'','','','');
268	}
269
270	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
271	// USERS
272
273	if (!$new_values['members'])
274	$new_values['members'] = array();
275	if (!$old_values['members'])
276	$old_values['members'] = array();
277
278	$add_users = array_diff($new_values['members'], $old_values['members']);
279	$remove_users = array_diff($old_values['members'], $new_values['members']);
280
281	if (count($add_users)>0)
282	{
283	$array_memberUids_add = array();
284	foreach($add_users as $uidnumber)
285	{
286	if (is_numeric($uidnumber))
287	{
288	$this->db_functions->add_user2group($new_values['gidnumber'], $uidnumber);
289	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
290	$array_memberUids_add[] = $user;
291	$this->db_functions->write_log("Adicionado usuário $user ao grupo $dn.",$dn,'','','');
292	}
293	else
294	{
295	// O memberUID existe no grupo, mas o usuário não existe no ldap
296	$this->ldap_functions->remove_user2group($new_values['gidnumber'], $uidnumber);
297	}
298	}
299	$this->ldap_functions->add_user2group($new_values['gidnumber'], $array_memberUids_add);
300	}
301	if (count($remove_users)>0)
302	{
303	$array_memberUids_remove = array();
304	foreach($remove_users as $uidnumber)
305	{
306	$this->db_functions->remove_user2group($new_values['gidnumber'], $uidnumber);
307	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
308	$array_memberUids_remove[] = $user;
309	$this->db_functions->write_log("Removido usuário $user do grupo $dn.",$dn,'','','');
310	}
311	$this->ldap_functions->remove_user2group($new_values['gidnumber'], $array_memberUids_remove);
312	}
313
314	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
315	// APPS
316	$new_values2 = array();
317	$old_values2 = array();
318	if (count($new_values['apps'])>0)
319	{
320	foreach ($new_values['apps'] as $app=>$tmp)
321	{
322	$new_values2[] = $app;
323	}
324	}
325	if (count($old_values['apps'])>0)
326	{
327	foreach ($old_values['apps'] as $app=>$tmp)
328	{
329	$old_values2[] = $app;
330	}
331	}
332
333	$add_apps = array_flip(array_diff($new_values2, $old_values2));
334	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
335
336	if (count($add_apps)>0)
337	{
338	$this->db_functions->add_id2apps($new_values['gidnumber'], $add_apps);
339
340	foreach ($add_apps as $app => $index)
341	$this->db_functions->write_log("Adicionado aplicativo $app ao grupo $dn",'',$dn,'','');
342	}
343
344	if (count($remove_apps)>0)
345	{
346	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
347	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
348
349	foreach ($remove_apps as $app => $app_index)
350	{
351	if ($manager_apps[$app] == 'run')
352	$remove_apps2[$app] = $app_index;
353	}
354	$this->db_functions->remove_id2apps($new_values['gidnumber'], $remove_apps2);
355
356	foreach ($remove_apps2 as $app => $access)
357	$this->db_functions->write_log("Removido aplicativo $app do grupo $dn",'',$dn,'','');
358	}
359	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
360
361	return $return;
362	}
363
364
365	function get_info($gidnumber, $context)
366	{
367	$group_info_ldap = $this->ldap_functions->get_group_info($gidnumber, $context);
368	$group_info_db = $this->db_functions->get_group_info($gidnumber);
369
370	$group_info = array_merge($group_info_ldap, $group_info_db);
371	return $group_info;
372	}
373
374	function delete($params)
375	{
376	// Verifica o acesso do gerente
377	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_groups'))
378	{
379	$return['status'] = false;
380	$return['msg'] = 'Você não tem acesso para excluir grupos.';
381	return $return;
382	}
383
384	$return['status'] = true;
385
386	$gidnumber = $params['gidnumber'];
387	$cn = $params['cn'];
388
389	//LDAP
390	$result_ldap = $this->ldap_functions->delete_group($gidnumber);
391	if (!$result_ldap['status'])
392	{
393	$return['status'] = false;
394	$return['msg'] .= $result_ldap['msg'];
395	}
396
397	//DB
398	$result_db = $this->db_functions->delete_group($gidnumber);
399	if (!$result_db['status'])
400	{
401	$return['status'] = false;
402	$return['msg'] .= $result_ldap['msg'];
403	}
404
405	if ($return['status'] == true)
406	{
407	$this->db_functions->write_log("Deletado grupo de usuários $cn",'',$cn,'','');
408	}
409
410	return $return;
411	}
412
413	}
414	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: