ldap_functions = new ldap_functions; $this->db_functions = new db_functions; $this->imap_functions = new imap_functions; $this->functions = new functions; $this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin']; } function validate_fields($params) { return $this->ldap_functions->validate_fields_group($params); } function create($params) { // Verifica o acesso do gerente if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_groups')) { $return['status'] = false; $return['msg'] = 'Você não tem acesso para criar novos grupos.'; return $return; } $return['status'] = true; //Retira os uids duplicados se existir $array_tmp = array(); $array_tmp = array_unique($params['members']); $params['members'] = $array_tmp; // Pega ID do BD e incrementa de 1. $id = (($this->db_functions->get_next_id()) + 1); // Incrementa o id no BD. $this->db_functions->increment_id($id,'groups'); // Cria array para incluir no LDAP $dn = 'cn=' . $params['cn'] . ',' . $params['context']; $group_info = array(); $group_info['cn'] = $params['cn']; $group_info['description'] = $params['description']; $group_info['gidNumber'] = $id; $group_info['objectClass'][] = 'top'; $group_info['objectClass'][] = 'posixGroup'; $group_info['objectClass'][] = 'phpgwAccount'; $group_info['phpgwAccountExpires'] = '-1'; $group_info['phpgwAccountType'] = 'g'; $group_info['userPassword'] = ''; // E-mail for groups if ($params['email'] != '') $group_info['mail'] = $params['email']; if (count($params['members'])) { foreach ($params['members'] as $index => $uidnumber) { $uid = $this->ldap_functions->uidnumber2uid($uidnumber); $group_info['memberuid'][] = $uid; // Chama funcao para incluir os uidnumbers dos usuarios no grupo $result = $this->db_functions->add_user2group($id, $uidnumber); $this->db_functions->write_log("Adicionado usuario $uid ao grupo ".$group_info['cn']." no momento da criação",$dn,$uidnumber,'',''); } } // Suporte ao SAMBA if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on')) { $group_info['objectClass'][] = 'sambaGroupMapping'; $group_info['sambaSID'] = $params['sambasid'] . '-' . (($id * 2) + 1001); $group_info['sambaGroupType'] = '2'; } // ADD ATTRIBUTES if ($params['phpgwaccountvisible'] == 'on') { $group_info['phpgwaccountvisible'] = '-1'; } $result = $this->ldap_functions->ldap_add_entry($dn, $group_info); if (!$result['status']) { $return['status'] = false; $return['msg'] .= $result['msg']; } // Chama funcao para incluir os aplicativos ao grupo $result = $this->db_functions->add_id2apps($id, $params['apps']); if (!$result['status']) { $return['status'] = false; $return['msg'] .= $result['msg']; } if ($return['status'] == true) { $this->db_functions->write_log("Criado grupo de usuários $dn",'',$dn,'',''); } return $return; } function save($new_values) { // Verifica o acesso do gerente if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups')) { $return['status'] = false; $return['msg'] = 'Você não tem acesso para editar grupos.'; return $return; } $return['status'] = true; //Retira os uids duplicados se existir $array_tmp = array(); $array_tmp = array_unique($new_values['members']); $new_values['members'] = $array_tmp; $old_values = $this->get_info($new_values['gidnumber'], $new_values['manager_context']); $diff = array_diff($new_values, $old_values); $dn = 'cn=' . $old_values['cn'] . ',' . $old_values['context']; //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // RENAME if ($diff['context'] || $diff['cn']) { $newrdn = 'cn=' . $new_values['cn']; $newparent = $new_values['context']; $result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent); if (!$result['status']) { $return['status'] = false; $return['msg'] .= $result['msg']; } else { $dn = $newrdn . ',' . $newparent; $this->db_functions->write_log('Renomeado grupo de usuários de '.$old_values['cn']." para $dn.",'',$dn,$old_values['cn'],''); } } $ldap_mod_replace = array(); //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // REPLACE SAMBASID OF SAMBA if ( ($this->current_config['expressoAdmin_samba_support'] == 'true') && ($diff['sambasid']) && ($old_values['sambasid'])) { $ldap_mod_replace['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001); $this->db_functions->write_log("Alterado dominio samba do grupo $dn para " . $new_values['sambasid'],'',$dn,'',''); } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // REPLACE DESCRIPTION if ($new_values['description'] != $old_values['description']) { $ldap_mod_replace['description'] = $new_values['description']; $this->db_functions->write_log("Modificado descrição do grupo $dn",'',$dn,'',''); } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // REPLACE E-Mail if ((($old_values['email']) && ($diff['email'])) && $this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups')) { $ldap_mod_replace['mail'] = $new_values['email']; $this->db_functions->write_log("Modificado E-Mail do grupo $dn",'',$dn,'',''); } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // CALL LDAP_REPLACE FUNCTION if (count($ldap_mod_replace)) { $result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace); if (!$result['status']) { $return['status'] = false; $return['msg'] .= $result['msg']; } } ////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // REMOVE ATTRS OF SAMBA if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($old_values['sambaGroup']) && ($new_values['use_attrs_samba'] != 'on')) { $ldap_remove['objectclass'] = 'sambaGroupMapping'; $ldap_remove['sambagrouptype'] = array(); $ldap_remove['sambaSID'] = array(); $result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove); if (!$result['status']) { $return['status'] = false; $return['msg'] .= $result['msg']; } else $this->db_functions->write_log("Removido atributos samba do grupo $dn",'',$dn,'',''); } ////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // ADD ATTRS OF SAMBA if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$old_values['sambaGroup']) && ($new_values['use_attrs_samba'] == 'on')) { //Verifica se o binario para criar as senhas do samba exite. if (!is_file('/home/expressolivre/mkntpwd')) { $return['status'] = false; $return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n"; } else { $ldap_add['objectClass'][] = 'sambaGroupMapping'; $ldap_add['sambagrouptype'] = '2'; $ldap_add['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001); $result = $this->ldap_functions->add_user_attributes($dn, $ldap_add); if (!$result['status']) { $return['status'] = false; $return['msg'] .= $result['msg']; } else $this->db_functions->write_log("Adicionado atributos samba ao grupo $dn",'','','',''); } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // ADD ATTRIBUTES $ldap_add = array(); if (($new_values['phpgwaccountvisible'] == 'on') && ($old_values['phpgwaccountvisible'] != '-1')) { $ldap_add['phpgwaccountvisible'] = '-1'; $this->db_functions->write_log("Adicionado atributo phpgwaccountvisible ao grupo $dn",'','','',''); } if ((($new_values['email']) && (!$old_values['email'])) && $this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups')) { $ldap_add['mail'] = $new_values['email']; $this->db_functions->write_log("Adicionado atributo mail ao grupo $dn",'','','',''); } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // CALL LDAP_ADD FUNCTION if (count($ldap_add)) { $result = $this->ldap_functions->add_user_attributes($dn, $ldap_add); if (!$result['status']) { $return['status'] = false; $return['msg'] .= $result['msg']; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // REMOVE ATTRIBUTES $ldap_remove = array(); if (($new_values['phpgwaccountvisible'] != 'on') && ($old_values['phpgwaccountvisible'] == '-1')) { $ldap_remove['phpgwaccountvisible'] = array(); $this->db_functions->write_log("Removido atributo phpgwaccountvisible do grupo $dn",'','','',''); } if (((!$new_values['email']) && ($old_values['email'])) && $this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups')) { $ldap_remove['mail'] = array(); $this->db_functions->write_log("Removido atributo mail do grupo $dn",'','','',''); } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // CALL LDAP_REMOVED FUNCTION if (count($ldap_remove)) { $result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove); if (!$result['status']) { $return['status'] = false; $return['msg'] .= $result['msg']; } } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // USERS if (!$new_values['members']) $new_values['members'] = array(); if (!$old_values['members']) $old_values['members'] = array(); $add_users = array_diff($new_values['members'], $old_values['members']); $remove_users = array_diff($old_values['members'], $new_values['members']); if (count($add_users)>0) { $array_memberUids_add = array(); foreach($add_users as $uidnumber) { if (is_numeric($uidnumber)) { $this->db_functions->add_user2group($new_values['gidnumber'], $uidnumber); $user = $this->ldap_functions->uidnumber2uid($uidnumber); $array_memberUids_add[] = $user; $this->db_functions->write_log("Adicionado usuário $user ao grupo $dn.",$dn,'','',''); } else { // O memberUID existe no grupo, mas o usuário não existe no ldap $this->ldap_functions->remove_user2group($new_values['gidnumber'], $uidnumber); } } $this->ldap_functions->add_user2group($new_values['gidnumber'], $array_memberUids_add); } if (count($remove_users)>0) { $array_memberUids_remove = array(); foreach($remove_users as $uidnumber) { $this->db_functions->remove_user2group($new_values['gidnumber'], $uidnumber); $user = $this->ldap_functions->uidnumber2uid($uidnumber); $array_memberUids_remove[] = $user; $this->db_functions->write_log("Removido usuário $user do grupo $dn.",$dn,'','',''); } $this->ldap_functions->remove_user2group($new_values['gidnumber'], $array_memberUids_remove); } ////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // APPS $new_values2 = array(); $old_values2 = array(); if (count($new_values['apps'])>0) { foreach ($new_values['apps'] as $app=>$tmp) { $new_values2[] = $app; } } if (count($old_values['apps'])>0) { foreach ($old_values['apps'] as $app=>$tmp) { $old_values2[] = $app; } } $add_apps = array_flip(array_diff($new_values2, $old_values2)); $remove_apps = array_flip(array_diff($old_values2, $new_values2)); if (count($add_apps)>0) { $this->db_functions->add_id2apps($new_values['gidnumber'], $add_apps); foreach ($add_apps as $app => $index) $this->db_functions->write_log("Adicionado aplicativo $app ao grupo $dn",'',$dn,'',''); } if (count($remove_apps)>0) { //Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario. $manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']); foreach ($remove_apps as $app => $app_index) { if ($manager_apps[$app] == 'run') $remove_apps2[$app] = $app_index; } $this->db_functions->remove_id2apps($new_values['gidnumber'], $remove_apps2); foreach ($remove_apps2 as $app => $access) $this->db_functions->write_log("Removido aplicativo $app do grupo $dn",'',$dn,'',''); } ////////////////////////////////////////////////////////////////////////////////////////////////////////////////// return $return; } function get_info($gidnumber, $context) { $group_info_ldap = $this->ldap_functions->get_group_info($gidnumber, $context); $group_info_db = $this->db_functions->get_group_info($gidnumber); $group_info = array_merge($group_info_ldap, $group_info_db); return $group_info; } function delete($params) { // Verifica o acesso do gerente if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_groups')) { $return['status'] = false; $return['msg'] = 'Você não tem acesso para excluir grupos.'; return $return; } $return['status'] = true; $gidnumber = $params['gidnumber']; $cn = $params['cn']; //LDAP $result_ldap = $this->ldap_functions->delete_group($gidnumber); if (!$result_ldap['status']) { $return['status'] = false; $return['msg'] .= $result_ldap['msg']; } //DB $result_db = $this->db_functions->delete_group($gidnumber); if (!$result_db['status']) { $return['status'] = false; $return['msg'] .= $result_ldap['msg']; } if ($return['status'] == true) { $this->db_functions->write_log("Deletado grupo de usuários $cn",'',$cn,'',''); } return $return; } } ?>