Context Navigation

class.group.inc.php @ 5133

Revision 5133, 16.8 KB checked in by wmerlotto, 12 years ago (diff)
Ticket #2305 - Enviando alteracoes, desenvolvidas internamente na Prognus, do modulo ExpressoAdmin.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class group
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25	function group()
26	{
27	$this->ldap_functions = new ldap_functions;
28	$this->db_functions = new db_functions;
29	$this->imap_functions = new imap_functions;
30	$this->functions = new functions;
31	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
32	}
33
34	function validate_fields($params)
35	{
36	return $this->ldap_functions->validate_fields_group($params);
37	}
38
39	function create($params)
40	{
41	// Verifica o acesso do gerente
42	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_groups'))
43	{
44	$return['status'] = false;
45	$return['msg'] = lang('You do not have access to create new groups') . '.';
46	return $return;
47	}
48
49	$return['status'] = true;
50
51	//Retira os uids duplicados se existir
52	$array_tmp = array();
53	$array_tmp = @array_unique($params['members']);
54	$params['members'] = $array_tmp;
55
56	// Leio o ID a ser usado na criação do objecto.
57	$next_id = ($this->db_functions->get_next_id('groups'));
58	if ((!is_numeric($next_id['id'])) \|\| (!$next_id['status']))
59	{
60	$return['status'] = false;
61	$return['msg'] = lang('Problems getting group ID') . ':' . $next_id['msg'];
62	return $return;
63	}
64	else
65	{
66	$id = $next_id['id'];
67	}
68
69	// Cria array para incluir no LDAP
70	$dn = 'cn=' . $params['cn'] . ',' . $params['context'];
71
72	$group_info = array();
73	$group_info['cn'] = $params['cn'];
74	$group_info['description'] = $params['description'];
75	$group_info['gidNumber'] = $id;
76	$group_info['objectClass'][] = 'top';
77	$group_info['objectClass'][] = 'posixGroup';
78	$group_info['objectClass'][] = 'phpgwAccount';
79	$group_info['phpgwAccountExpires'] = '-1';
80	$group_info['phpgwAccountType'] = 'g';
81	$group_info['userPassword'] = '';
82
83	// E-mail for groups
84	if ($params['email'] != '')
85	$group_info['mail'] = $params['email'];
86
87	if ( (count($params['members'])) && (is_array($params['members'])) )
88	{
89	foreach ($params['members'] as $index => $uidnumber)
90	{
91	$uid = $this->ldap_functions->uidnumber2uid($uidnumber);
92	$group_info['memberuid'][] = $uid;
93
94	// Chama funcao para incluir os uidnumbers dos usuarios no grupo
95	$result = $this->db_functions->add_user2group($id, $uidnumber);
96
97	$this->db_functions->write_log("Added user to group on user criation", $group_info['cn'] . ": " . $dn);
98	}
99	}
100
101	// Suporte ao SAMBA
102	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
103	{
104	$group_info['objectClass'][] = 'sambaGroupMapping';
105	$group_info['sambaSID'] = $params['sambasid'] . '-' . (($id * 2) + 1001);
106	$group_info['sambaGroupType'] = '2';
107	}
108
109	// ADD ATTRIBUTES
110	if ($params['phpgwaccountvisible'] == 'on')
111	{
112	$group_info['phpgwaccountvisible'] = '-1';
113	}
114
115	$result = $this->ldap_functions->ldap_add_entry($dn, $group_info);
116	if (!$result['status'])
117	{
118	$return['status'] = false;
119	if ($result['error_number'] == '65')
120	{
121	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
122	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
123	lang("A updated version of these files can be found here") . ":\n" .
124	"www.expressolivre.org -> Downloads -> schema.tgz";
125	}
126	else
127	$return['msg'] .= $result['msg'];
128	}
129
130	// Chama funcao para incluir os aplicativos ao grupo
131	$result = $this->db_functions->add_id2apps($id, $params['apps']);
132	if (!$result['status'])
133	{
134	$return['status'] = false;
135	$return['msg'] .= $result['msg'];
136	}
137
138	if ($return['status'] == true)
139	{
140	$this->db_functions->write_log("Created group",$dn);
141	}
142
143	return $return;
144	}
145
146	function save($new_values)
147	{
148	// Verifica o acesso do gerente
149	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups'))
150	{
151	$return['status'] = false;
152	$return['msg'] = lang('You do not have access to edit groups') . '.';
153	return $return;
154	}
155
156	$return['status'] = true;
157
158	//Retira os uids duplicados se existir
159	$array_tmp = array();
160	$array_tmp = array_unique($new_values['members']);
161	$new_values['members'] = $array_tmp;
162
163	$old_values = $this->get_info($new_values['gidnumber'], $new_values['manager_context']);
164	$diff = array_diff($new_values, $old_values);
165
166	$dn = 'cn=' . $old_values['cn'] . ',' . $old_values['context'];
167	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
168	// RENAME
169	if ($diff['context'] \|\| $diff['cn'])
170	{
171	if ( (strcasecmp($old_values['cn'], $new_values['cn']) != 0) \|\| (strcasecmp($old_values['context'], $new_values['context']) != 0) )
172	{
173	$newrdn = 'cn=' . $new_values['cn'];
174	$newparent = $new_values['context'];
175	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
176	if (!$result['status'])
177	{
178	$return['status'] = false;
179	$return['msg'] .= $result['msg'];
180	}
181	else
182	{
183	$dn = $newrdn . ',' . $newparent;
184	$this->db_functions->write_log('Renamed group', $old_values['cn'] . '->' . $dn);
185	}
186	}
187	}
188
189	$ldap_mod_replace = array();
190	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
191	// REPLACE SAMBASID OF SAMBA
192	if ( ($this->current_config['expressoAdmin_samba_support'] == 'true') && ($diff['sambasid']) && ($old_values['sambasid']))
193	{
194	$ldap_mod_replace['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
195	$this->db_functions->write_log('modified group samba domain', $dn . ': ' . $old_values['sambasid'] . '->' . $new_values['sambasid']);
196
197	}
198
199	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
200	// REPLACE DESCRIPTION
201	if ($new_values['description'] != $old_values['description'])
202	{
203	$ldap_mod_replace['description'] = $new_values['description'];
204	$this->db_functions->write_log('modified group description',$dn . ': ' . $old_values['description'] . '->' . $new_values['description'] );
205	}
206
207	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
208	// REPLACE E-Mail
209	if ((($old_values['email']) && ($diff['email'])) &&
210	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
211	{
212	$ldap_mod_replace['mail'] = $new_values['email'];
213	$this->db_functions->write_log('modified group email', $dn . ': ' . $old_values['email'] . '->' . $new_values['email']);
214	}
215
216	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
217	// CALL LDAP_REPLACE FUNCTION
218	if (count($ldap_mod_replace))
219	{
220	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
221	if (!$result['status'])
222	{
223	$return['status'] = false;
224	if ($result['error_number'] == '65')
225	{
226	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
227	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
228	lang("A updated version of these files can be found here") . ":\n" .
229	"www.expressolivre.org -> Downloads -> schema.tgz";
230	}
231	else
232	$return['msg'] .= $result['msg'];
233	}
234	}
235
236	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
237	// REMOVE ATTRS OF SAMBA
238	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($old_values['sambaGroup']) && ($new_values['use_attrs_samba'] != 'on'))
239	{
240	$ldap_remove['objectclass'] = 'sambaGroupMapping';
241	$ldap_remove['sambagrouptype'] = array();
242	$ldap_remove['sambaSID'] = array();
243
244	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
245	if (!$result['status'])
246	{
247	$return['status'] = false;
248	$return['msg'] .= $result['msg'];
249	}
250	else
251	$this->db_functions->write_log('removed group samba attributes',$dn);
252	}
253
254	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
255	// ADD ATTRS OF SAMBA
256	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$old_values['sambaGroup']) && ($new_values['use_attrs_samba'] == 'on'))
257	{
258	$ldap_add['objectClass'][] = 'sambaGroupMapping';
259	$ldap_add['sambagrouptype'] = '2';
260	$ldap_add['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
261
262	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
263	if (!$result['status'])
264	{
265	$return['status'] = false;
266	$return['msg'] .= $result['msg'];
267	}
268	else
269	$this->db_functions->write_log('Added samba attibutes to group',$dn);
270	}
271
272	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
273	// ADD ATTRIBUTES
274	$ldap_add = array();
275	if (($new_values['phpgwaccountvisible'] == 'on') && ($old_values['phpgwaccountvisible'] != '-1'))
276	{
277	$ldap_add['phpgwaccountvisible'] = '-1';
278	$this->db_functions->write_log("added attribute phpgwAccountVisible to group",$dn);
279	}
280	if ((($new_values['email']) && (!$old_values['email'])) &&
281	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
282	{
283	$ldap_add['mail'] = $new_values['email'];
284	$this->db_functions->write_log("added attribute mail to group",$dn);
285	}
286	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
287	// CALL LDAP_ADD FUNCTION
288	if (count($ldap_add))
289	{
290	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
291	if (!$result['status'])
292	{
293	$return['status'] = false;
294	if ($result['error_number'] == '65')
295	{
296	$return['msg'] .= lang("It was not possible create the group because the LDAP schemas are not update") . "\n" .
297	lang("The administrator must update the directory /etc/ldap/schema/ and re-start LDAP") . "\n" .
298	lang("A updated version of these files can be found here") . ":\n" .
299	"www.expressolivre.org -> Downloads -> schema.tgz";
300	}
301	else
302	$return['msg'] .= $result['msg'];
303	}
304	}
305
306	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
307	// REMOVE ATTRIBUTES
308	$ldap_remove = array();
309	if (($new_values['phpgwaccountvisible'] != 'on') && ($old_values['phpgwaccountvisible'] == '-1'))
310	{
311	$ldap_remove['phpgwaccountvisible'] = array();
312	$this->db_functions->write_log("removed attribute phpgwAccountVisible from group",$dn);
313	}
314	if (((!$new_values['email']) && ($old_values['email'])) &&
315	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
316	{
317	$ldap_remove['mail'] = array();
318	$this->db_functions->write_log("removed attribute mail from group",$dn);
319	}
320	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
321	// CALL LDAP_REMOVED FUNCTION
322	if (count($ldap_remove))
323	{
324	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
325	if (!$result['status'])
326	{
327	$return['status'] = false;
328	$return['msg'] .= $result['msg'];
329	}
330	}
331
332	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
333	// USERS
334
335	if (!$new_values['members'])
336	$new_values['members'] = array();
337	if (!$old_values['members'])
338	$old_values['members'] = array();
339
340	$add_users = array_diff($new_values['members'], $old_values['members']);
341	$remove_users = array_diff($old_values['members'], $new_values['members']);
342
343	if (count($add_users)>0)
344	{
345	$array_memberUids_add = array();
346	foreach($add_users as $uidnumber)
347	{
348	if (is_numeric($uidnumber) && ($uidnumber != -1))
349	{
350	$this->db_functions->add_user2group($new_values['gidnumber'], $uidnumber);
351	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
352	$array_memberUids_add[] = $user;
353	$this->db_functions->write_log("included user to group","dn:$dn -> uid:$user");
354	}
355	}
356	if (count($array_memberUids_add) > 0)
357	$this->ldap_functions->add_user2group($new_values['gidnumber'], $array_memberUids_add);
358	}
359	if (count($remove_users)>0)
360	{
361	$array_memberUids_remove = array();
362	foreach($remove_users as $uidnumber)
363	{
364	if ($uidnumber != -1)
365	{
366	$this->db_functions->remove_user2group($new_values['gidnumber'], $uidnumber);
367	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
368	$array_memberUids_remove[] = $user;
369	$this->db_functions->write_log("removed user from group","$dn: $user");
370	}
371	}
372	if (count($array_memberUids_remove)>0)
373	$this->ldap_functions->remove_user2group($new_values['gidnumber'], $array_memberUids_remove);
374	}
375
376	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
377	// APPS
378	$new_values2 = array();
379	$old_values2 = array();
380	if (count($new_values['apps'])>0)
381	{
382	foreach ($new_values['apps'] as $app=>$tmp)
383	{
384	$new_values2[] = $app;
385	}
386	}
387	if (count($old_values['apps'])>0)
388	{
389	foreach ($old_values['apps'] as $app=>$tmp)
390	{
391	$old_values2[] = $app;
392	}
393	}
394
395	$add_apps = array_flip(array_diff($new_values2, $old_values2));
396	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
397
398	if (count($add_apps)>0)
399	{
400	$this->db_functions->add_id2apps($new_values['gidnumber'], $add_apps);
401
402	foreach ($add_apps as $app => $index)
403	$this->db_functions->write_log("added application to group","$app: $dn");
404	}
405
406	if (count($remove_apps)>0)
407	{
408	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
409	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
410
411	foreach ($remove_apps as $app => $app_index)
412	{
413	if ($manager_apps[$app] == 'run')
414	$remove_apps2[$app] = $app_index;
415	}
416	$this->db_functions->remove_id2apps($new_values['gidnumber'], $remove_apps2);
417
418	foreach ($remove_apps2 as $app => $access)
419	$this->db_functions->write_log("removed application from group","$app: $dn");
420	}
421	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
422
423	return $return;
424	}
425
426
427	function get_info($gidnumber)
428	{
429	$group_info_ldap = $this->ldap_functions->get_group_info($gidnumber);
430	$group_info_db = $this->db_functions->get_group_info($gidnumber);
431
432	$group_info = array_merge($group_info_ldap, $group_info_db);
433	return $group_info;
434	}
435
436	function delete($params)
437	{
438	// Verifica o acesso do gerente
439	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_groups'))
440	{
441	$return['status'] = false;
442	$return['msg'] = lang('You do not have acces to remove groups') . '.';
443	return $return;
444	}
445
446	$return['status'] = true;
447
448	$gidnumber = $params['gidnumber'];
449	$cn = $params['cn'];
450
451	//LDAP
452	$result_ldap = $this->ldap_functions->delete_group($gidnumber);
453	if (!$result_ldap['status'])
454	{
455	$return['status'] = false;
456	$return['msg'] .= $result_ldap['msg'];
457	}
458
459	//DB
460	$result_db = $this->db_functions->delete_group($gidnumber);
461	if (!$result_db['status'])
462	{
463	$return['status'] = false;
464	$return['msg'] .= $result_ldap['msg'];
465	}
466
467	if ($return['status'] == true)
468	{
469	$this->db_functions->write_log("deleted group","$cn");
470	}
471
472	return $return;
473	}
474
475	}
476	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/expressoAdmin1_2/inc/class.group.inc.php @ 5133

Download in other formats: