Context Navigation

source: trunk/expressoAdmin1_2/inc/class.group.inc.php @ 414

Revision 414, 17.1 KB checked in by niltonneto, 16 years ago (diff)
Alterações feitas por João Alfredo. Email: jakjr@…
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class group
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25
26	function group()
27	{
28	$this->ldap_functions = new ldap_functions;
29	$this->db_functions = new db_functions;
30	$this->imap_functions = new imap_functions;
31	$this->functions = new functions;
32	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
33	}
34
35	function validate_fields($params)
36	{
37	return $this->ldap_functions->validate_fields_group($params);
38	}
39
40	function create($params)
41	{
42	// Verifica o acesso do gerente
43	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_groups'))
44	{
45	$return['status'] = false;
46	$return['msg'] = lang('You do not have access to create new groups') . '.';
47	return $return;
48	}
49
50	$return['status'] = true;
51
52	//Retira os uids duplicados se existir
53	$array_tmp = array();
54	$array_tmp = @array_unique($params['members']);
55	$params['members'] = $array_tmp;
56
57	// Leio o ID a ser usado na criação do objecto.
58	$next_id = ($this->db_functions->get_next_id('groups'));
59	if ((!is_numeric($next_id['id'])) \|\| (!$next_id['status']))
60	{
61	$return['status'] = false;
62	$return['msg'] = lang('Problems getting group ID') . ':' . $next_id['msg'];
63	return $return;
64	}
65	else
66	{
67	$id = $next_id['id'];
68	}
69
70	// Cria array para incluir no LDAP
71	$dn = 'cn=' . $params['cn'] . ',' . $params['context'];
72
73	$group_info = array();
74	$group_info['cn'] = $params['cn'];
75	$group_info['description'] = $params['description'];
76	$group_info['gidNumber'] = $id;
77	$group_info['objectClass'][] = 'top';
78	$group_info['objectClass'][] = 'posixGroup';
79	$group_info['objectClass'][] = 'phpgwAccount';
80	$group_info['phpgwAccountExpires'] = '-1';
81	$group_info['phpgwAccountType'] = 'g';
82	$group_info['userPassword'] = '';
83
84	// E-mail for groups
85	if ($params['email'] != '')
86	$group_info['mail'] = $params['email'];
87
88	if ( (count($params['members'])) && (is_array($params['members'])) )
89	{
90	foreach ($params['members'] as $index => $uidnumber)
91	{
92	$uid = $this->ldap_functions->uidnumber2uid($uidnumber);
93	$group_info['memberuid'][] = $uid;
94
95	// Chama funcao para incluir os uidnumbers dos usuarios no grupo
96	$result = $this->db_functions->add_user2group($id, $uidnumber);
97
98	$this->db_functions->write_log("Added user to group on user criation", $group_info['cn'] . ": " . $dn);
99	}
100	}
101
102	// Suporte ao SAMBA
103	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
104	{
105	$group_info['objectClass'][] = 'sambaGroupMapping';
106	$group_info['sambaSID'] = $params['sambasid'] . '-' . (($id * 2) + 1001);
107	$group_info['sambaGroupType'] = '2';
108	}
109
110	// ADD ATTRIBUTES
111	if ($params['phpgwaccountvisible'] == 'on')
112	{
113	$group_info['phpgwaccountvisible'] = '-1';
114	}
115
116	$result = $this->ldap_functions->ldap_add_entry($dn, $group_info);
117	if (!$result['status'])
118	{
119	$return['status'] = false;
120	if ($result['error_number'] == '65')
121	{
122	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
123	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
124	lang("A update version of this files can be found here") . ":\n" .
125	"www.expressolivre.org -> Downloads -> schema.tgz";
126	}
127	else
128	$return['msg'] .= $result['msg'];
129	}
130
131	// Chama funcao para incluir os aplicativos ao grupo
132	$result = $this->db_functions->add_id2apps($id, $params['apps']);
133	if (!$result['status'])
134	{
135	$return['status'] = false;
136	$return['msg'] .= $result['msg'];
137	}
138
139	if ($return['status'] == true)
140	{
141	$this->db_functions->write_log("Created group",$dn);
142	}
143
144	return $return;
145	}
146
147	function save($new_values)
148	{
149	// Verifica o acesso do gerente
150	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups'))
151	{
152	$return['status'] = false;
153	$return['msg'] = lang('You do not have access to edit groups') . '.';
154	return $return;
155	}
156
157	$return['status'] = true;
158
159	//Retira os uids duplicados se existir
160	$array_tmp = array();
161	$array_tmp = array_unique($new_values['members']);
162	$new_values['members'] = $array_tmp;
163
164	$old_values = $this->get_info($new_values['gidnumber'], $new_values['manager_context']);
165	$diff = array_diff($new_values, $old_values);
166
167	$dn = 'cn=' . $old_values['cn'] . ',' . $old_values['context'];
168	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
169	// RENAME
170	if ($diff['context'] \|\| $diff['cn'])
171	{
172	if ( (strcasecmp($old_values['cn'], $new_values['cn']) != 0) \|\| (strcasecmp($old_values['context'], $new_values['context']) != 0) )
173	{
174	$newrdn = 'cn=' . $new_values['cn'];
175	$newparent = $new_values['context'];
176	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
177	if (!$result['status'])
178	{
179	$return['status'] = false;
180	$return['msg'] .= $result['msg'];
181	}
182	else
183	{
184	$dn = $newrdn . ',' . $newparent;
185	$this->db_functions->write_log('Renamed group', $old_values['cn'] . '->' . $dn);
186	}
187	}
188	}
189
190	$ldap_mod_replace = array();
191	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
192	// REPLACE SAMBASID OF SAMBA
193	if ( ($this->current_config['expressoAdmin_samba_support'] == 'true') && ($diff['sambasid']) && ($old_values['sambasid']))
194	{
195	$ldap_mod_replace['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
196	$this->db_functions->write_log('modified group samba domain', $dn . ': ' . $old_values['sambasid'] . '->' . $new_values['sambasid']);
197
198	}
199
200	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
201	// REPLACE DESCRIPTION
202	if ($new_values['description'] != $old_values['description'])
203	{
204	$ldap_mod_replace['description'] = $new_values['description'];
205	$this->db_functions->write_log('modified group description',$dn . ': ' . $old_values['description'] . '->' . $new_values['description'] );
206	}
207
208	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
209	// REPLACE E-Mail
210	if ((($old_values['email']) && ($diff['email'])) &&
211	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
212	{
213	$ldap_mod_replace['mail'] = $new_values['email'];
214	$this->db_functions->write_log('modified group email', $dn . ': ' . $old_values['email'] . '->' . $new_values['email']);
215	}
216
217	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
218	// CALL LDAP_REPLACE FUNCTION
219	if (count($ldap_mod_replace))
220	{
221	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
222	if (!$result['status'])
223	{
224	$return['status'] = false;
225	if ($result['error_number'] == '65')
226	{
227	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
228	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
229	lang("A update version of this files can be found here") . ":\n" .
230	"www.expressolivre.org -> Downloads -> schema.tgz";
231	}
232	else
233	$return['msg'] .= $result['msg'];
234	}
235	}
236
237	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
238	// REMOVE ATTRS OF SAMBA
239	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($old_values['sambaGroup']) && ($new_values['use_attrs_samba'] != 'on'))
240	{
241	$ldap_remove['objectclass'] = 'sambaGroupMapping';
242	$ldap_remove['sambagrouptype'] = array();
243	$ldap_remove['sambaSID'] = array();
244
245	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
246	if (!$result['status'])
247	{
248	$return['status'] = false;
249	$return['msg'] .= $result['msg'];
250	}
251	else
252	$this->db_functions->write_log('removed group samba attributes',$dn);
253	}
254
255	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
256	// ADD ATTRS OF SAMBA
257	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$old_values['sambaGroup']) && ($new_values['use_attrs_samba'] == 'on'))
258	{
259	if (!is_file('/home/expressolivre/mkntpwd'))
260	{
261	$return['status'] = false;
262	$return['msg'] .= lang("The file /home/expressolivre/mkntpwd does not exist") . ".\n";
263	$return['msg'] .= lang("It is necessery to create samba passwords") . ".\n";
264	$return['msg'] .= lang("Inform your system administrator about this") . ".\n";
265	}
266	else
267	{
268	$ldap_add['objectClass'][] = 'sambaGroupMapping';
269	$ldap_add['sambagrouptype'] = '2';
270	$ldap_add['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
271
272	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
273	if (!$result['status'])
274	{
275	$return['status'] = false;
276	$return['msg'] .= $result['msg'];
277	}
278	else
279	$this->db_functions->write_log('Added samba attibutes to group',$dn);
280	}
281	}
282
283	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
284	// ADD ATTRIBUTES
285	$ldap_add = array();
286	if (($new_values['phpgwaccountvisible'] == 'on') && ($old_values['phpgwaccountvisible'] != '-1'))
287	{
288	$ldap_add['phpgwaccountvisible'] = '-1';
289	$this->db_functions->write_log("added attribute phpgwAccountVisible to group",$dn);
290	}
291	if ((($new_values['email']) && (!$old_values['email'])) &&
292	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
293	{
294	$ldap_add['mail'] = $new_values['email'];
295	$this->db_functions->write_log("added attribute mail to group",$dn);
296	}
297	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
298	// CALL LDAP_ADD FUNCTION
299	if (count($ldap_add))
300	{
301	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
302	if (!$result['status'])
303	{
304	$return['status'] = false;
305	if ($result['error_number'] == '65')
306	{
307	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
308	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
309	lang("A update version of this files can be found here") . ":\n" .
310	"www.expressolivre.org -> Downloads -> schema.tgz";
311	}
312	else
313	$return['msg'] .= $result['msg'];
314	}
315	}
316
317	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
318	// REMOVE ATTRIBUTES
319	$ldap_remove = array();
320	if (($new_values['phpgwaccountvisible'] != 'on') && ($old_values['phpgwaccountvisible'] == '-1'))
321	{
322	$ldap_remove['phpgwaccountvisible'] = array();
323	$this->db_functions->write_log("removed attribute phpgwAccountVisible from group",$dn);
324	}
325	if (((!$new_values['email']) && ($old_values['email'])) &&
326	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
327	{
328	$ldap_remove['mail'] = array();
329	$this->db_functions->write_log("removed attribute mail from group",$dn);
330	}
331	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
332	// CALL LDAP_REMOVED FUNCTION
333	if (count($ldap_remove))
334	{
335	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
336	if (!$result['status'])
337	{
338	$return['status'] = false;
339	$return['msg'] .= $result['msg'];
340	}
341	}
342
343	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
344	// USERS
345
346	if (!$new_values['members'])
347	$new_values['members'] = array();
348	if (!$old_values['members'])
349	$old_values['members'] = array();
350
351	$add_users = array_diff($new_values['members'], $old_values['members']);
352	$remove_users = array_diff($old_values['members'], $new_values['members']);
353
354	if (count($add_users)>0)
355	{
356	$array_memberUids_add = array();
357	foreach($add_users as $uidnumber)
358	{
359	if (is_numeric($uidnumber) && ($uidnumber != -1))
360	{
361	$this->db_functions->add_user2group($new_values['gidnumber'], $uidnumber);
362	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
363	$array_memberUids_add[] = $user;
364	$this->db_functions->write_log("included user to group","$dn: $user");
365	}
366	}
367	if (count($array_memberUids_add) > 0)
368	$this->ldap_functions->add_user2group($new_values['gidnumber'], $array_memberUids_add);
369	}
370	if (count($remove_users)>0)
371	{
372	$array_memberUids_remove = array();
373	foreach($remove_users as $uidnumber)
374	{
375	if ($uidnumber != -1)
376	{
377	$this->db_functions->remove_user2group($new_values['gidnumber'], $uidnumber);
378	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
379	$array_memberUids_remove[] = $user;
380	$this->db_functions->write_log("removed user from group","$dn: $user");
381	}
382	}
383	if (count($array_memberUids_remove)>0)
384	$this->ldap_functions->remove_user2group($new_values['gidnumber'], $array_memberUids_remove);
385	}
386
387	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
388	// APPS
389	$new_values2 = array();
390	$old_values2 = array();
391	if (count($new_values['apps'])>0)
392	{
393	foreach ($new_values['apps'] as $app=>$tmp)
394	{
395	$new_values2[] = $app;
396	}
397	}
398	if (count($old_values['apps'])>0)
399	{
400	foreach ($old_values['apps'] as $app=>$tmp)
401	{
402	$old_values2[] = $app;
403	}
404	}
405
406	$add_apps = array_flip(array_diff($new_values2, $old_values2));
407	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
408
409	if (count($add_apps)>0)
410	{
411	$this->db_functions->add_id2apps($new_values['gidnumber'], $add_apps);
412
413	foreach ($add_apps as $app => $index)
414	$this->db_functions->write_log("added application to group","$app: $dn");
415	}
416
417	if (count($remove_apps)>0)
418	{
419	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
420	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
421
422	foreach ($remove_apps as $app => $app_index)
423	{
424	if ($manager_apps[$app] == 'run')
425	$remove_apps2[$app] = $app_index;
426	}
427	$this->db_functions->remove_id2apps($new_values['gidnumber'], $remove_apps2);
428
429	foreach ($remove_apps2 as $app => $access)
430	$this->db_functions->write_log("removed application from group","$app: $dn");
431	}
432	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
433
434	return $return;
435	}
436
437
438	function get_info($gidnumber)
439	{
440	$group_info_ldap = $this->ldap_functions->get_group_info($gidnumber);
441	$group_info_db = $this->db_functions->get_group_info($gidnumber);
442
443	$group_info = array_merge($group_info_ldap, $group_info_db);
444	return $group_info;
445	}
446
447	function delete($params)
448	{
449	// Verifica o acesso do gerente
450	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_groups'))
451	{
452	$return['status'] = false;
453	$return['msg'] = lang('You do not have acces to remove groups') . '.';
454	return $return;
455	}
456
457	$return['status'] = true;
458
459	$gidnumber = $params['gidnumber'];
460	$cn = $params['cn'];
461
462	//LDAP
463	$result_ldap = $this->ldap_functions->delete_group($gidnumber);
464	if (!$result_ldap['status'])
465	{
466	$return['status'] = false;
467	$return['msg'] .= $result_ldap['msg'];
468	}
469
470	//DB
471	$result_db = $this->db_functions->delete_group($gidnumber);
472	if (!$result_db['status'])
473	{
474	$return['status'] = false;
475	$return['msg'] .= $result_ldap['msg'];
476	}
477
478	if ($return['status'] == true)
479	{
480	$this->db_functions->write_log("deleted group","$cn");
481	}
482
483	return $return;
484	}
485
486	}
487	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: