Context Navigation

source: trunk/expressoAdmin1_2/inc/class.group.inc.php @ 86

Revision 86, 16.0 KB checked in by niltonneto, 17 years ago (diff)
* empty log message *
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**********************************************************************************\
3	* Expresso Administração *
4	* by Joao Alfredo Knopik Junior (joao.alfredo@gmail.com, jakjr@celepar.pr.gov.br) *
5	* --------------------------------------------------------------------------------*
6	* This program is free software; you can redistribute it and/or modify it *
7	* under the terms of the GNU General Public License as published by the *
8	* Free Software Foundation; either version 2 of the License, or (at your *
9	* option) any later version. *
10	\**********************************************************************************/
11
12	include_once('class.ldap_functions.inc.php');
13	include_once('class.db_functions.inc.php');
14	include_once('class.imap_functions.inc.php');
15	include_once('class.functions.inc.php');
16
17	class group
18	{
19	var $ldap_functions;
20	var $db_functions;
21	var $imap_functions;
22	var $functions;
23	var $current_config;
24
25
26	function group()
27	{
28	$this->ldap_functions = new ldap_functions;
29	$this->db_functions = new db_functions;
30	$this->imap_functions = new imap_functions;
31	$this->functions = new functions;
32	$this->current_config = $_SESSION['phpgw_info']['expresso']['expressoAdmin'];
33	}
34
35	function validate_fields($params)
36	{
37	return $this->ldap_functions->validate_fields_group($params);
38	}
39
40	function create($params)
41	{
42	// Verifica o acesso do gerente
43	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'add_groups'))
44	{
45	$return['status'] = false;
46	$return['msg'] = 'Você não tem acesso para criar novos grupos.';
47	return $return;
48	}
49
50	$return['status'] = true;
51
52	//Retira os uids duplicados se existir
53	$array_tmp = array();
54	$array_tmp = array_unique($params['members']);
55	$params['members'] = $array_tmp;
56
57	// Leio o ID a ser usado na criação do objecto.
58	$next_id = ($this->db_functions->get_next_id('groups'));
59	if ((!is_numeric($next_id['id'])) \|\| (!$next_id['status']))
60	{
61	$return['status'] = false;
62	$return['msg'] = "Problemas obtendo ID do usuário.\n" . $id['msg'];
63	return $return;
64	}
65	else
66	{
67	$id = $next_id['id'];
68	}
69	// Pega ID do BD e incrementa de 1.
70	//$id = (($this->db_functions->get_next_id()) + 1);
71	// Incrementa o id no BD.
72	//$this->db_functions->increment_id($id,'groups');
73
74	// Cria array para incluir no LDAP
75	$dn = 'cn=' . $params['cn'] . ',' . $params['context'];
76
77	$group_info = array();
78	$group_info['cn'] = $params['cn'];
79	$group_info['description'] = $params['description'];
80	$group_info['gidNumber'] = $id;
81	$group_info['objectClass'][] = 'top';
82	$group_info['objectClass'][] = 'posixGroup';
83	$group_info['objectClass'][] = 'phpgwAccount';
84	$group_info['phpgwAccountExpires'] = '-1';
85	$group_info['phpgwAccountType'] = 'g';
86	$group_info['userPassword'] = '';
87
88	// E-mail for groups
89	if ($params['email'] != '')
90	$group_info['mail'] = $params['email'];
91
92	if (count($params['members']))
93	{
94	foreach ($params['members'] as $index => $uidnumber)
95	{
96	$uid = $this->ldap_functions->uidnumber2uid($uidnumber);
97	$group_info['memberuid'][] = $uid;
98
99	// Chama funcao para incluir os uidnumbers dos usuarios no grupo
100	$result = $this->db_functions->add_user2group($id, $uidnumber);
101
102	$this->db_functions->write_log("Adicionado usuario $uid ao grupo ".$group_info['cn']." no momento da criação",$dn,$uidnumber,'','');
103	}
104	}
105
106	// Suporte ao SAMBA
107	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($params['use_attrs_samba'] == 'on'))
108	{
109	$group_info['objectClass'][] = 'sambaGroupMapping';
110	$group_info['sambaSID'] = $params['sambasid'] . '-' . (($id * 2) + 1001);
111	$group_info['sambaGroupType'] = '2';
112	}
113
114	// ADD ATTRIBUTES
115	if ($params['phpgwaccountvisible'] == 'on')
116	{
117	$group_info['phpgwaccountvisible'] = '-1';
118	}
119
120	$result = $this->ldap_functions->ldap_add_entry($dn, $group_info);
121	if (!$result['status'])
122	{
123	$return['status'] = false;
124	$return['msg'] .= $result['msg'];
125	}
126
127	// Chama funcao para incluir os aplicativos ao grupo
128	$result = $this->db_functions->add_id2apps($id, $params['apps']);
129	if (!$result['status'])
130	{
131	$return['status'] = false;
132	$return['msg'] .= $result['msg'];
133	}
134
135	if ($return['status'] == true)
136	{
137	$this->db_functions->write_log("Criado grupo de usuários $dn",'',$dn,'','');
138	}
139
140	return $return;
141	}
142
143	function save($new_values)
144	{
145	// Verifica o acesso do gerente
146	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'edit_groups'))
147	{
148	$return['status'] = false;
149	$return['msg'] = 'Você não tem acesso para editar grupos.';
150	return $return;
151	}
152
153	$return['status'] = true;
154
155	//Retira os uids duplicados se existir
156	$array_tmp = array();
157	$array_tmp = array_unique($new_values['members']);
158	$new_values['members'] = $array_tmp;
159
160	$old_values = $this->get_info($new_values['gidnumber'], $new_values['manager_context']);
161	$diff = array_diff($new_values, $old_values);
162
163	$dn = 'cn=' . $old_values['cn'] . ',' . $old_values['context'];
164	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
165	// RENAME
166	if ($diff['context'] \|\| $diff['cn'])
167	{
168	$newrdn = 'cn=' . $new_values['cn'];
169	$newparent = $new_values['context'];
170	$result = $this->ldap_functions->change_user_context($dn, $newrdn, $newparent);
171	if (!$result['status'])
172	{
173	$return['status'] = false;
174	$return['msg'] .= $result['msg'];
175	}
176	else
177	{
178	$dn = $newrdn . ',' . $newparent;
179	$this->db_functions->write_log('Renomeado grupo de usuários de '.$old_values['cn']." para $dn.",'',$dn,$old_values['cn'],'');
180	}
181	}
182
183	$ldap_mod_replace = array();
184	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
185	// REPLACE SAMBASID OF SAMBA
186	if ( ($this->current_config['expressoAdmin_samba_support'] == 'true') && ($diff['sambasid']) && ($old_values['sambasid']))
187	{
188	$ldap_mod_replace['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
189	$this->db_functions->write_log("Alterado dominio samba do grupo $dn para " . $new_values['sambasid'],'',$dn,'','');
190	}
191
192	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
193	// REPLACE DESCRIPTION
194	if ($new_values['description'] != $old_values['description'])
195	{
196	$ldap_mod_replace['description'] = $new_values['description'];
197	$this->db_functions->write_log("Modificado descrição do grupo $dn",'',$dn,'','');
198	}
199
200	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
201	// REPLACE E-Mail
202	if ((($old_values['email']) && ($diff['email'])) &&
203	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
204	{
205	$ldap_mod_replace['mail'] = $new_values['email'];
206	$this->db_functions->write_log("Modificado E-Mail do grupo $dn",'',$dn,'','');
207	}
208
209	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
210	// CALL LDAP_REPLACE FUNCTION
211	if (count($ldap_mod_replace))
212	{
213	$result = $this->ldap_functions->replace_user_attributes($dn, $ldap_mod_replace);
214	if (!$result['status'])
215	{
216	$return['status'] = false;
217	$return['msg'] .= $result['msg'];
218	}
219	}
220
221	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
222	// REMOVE ATTRS OF SAMBA
223	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && ($old_values['sambaGroup']) && ($new_values['use_attrs_samba'] != 'on'))
224	{
225	$ldap_remove['objectclass'] = 'sambaGroupMapping';
226	$ldap_remove['sambagrouptype'] = array();
227	$ldap_remove['sambaSID'] = array();
228
229	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
230	if (!$result['status'])
231	{
232	$return['status'] = false;
233	$return['msg'] .= $result['msg'];
234	}
235	else
236	$this->db_functions->write_log("Removido atributos samba do grupo $dn",'',$dn,'','');
237	}
238
239	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
240	// ADD ATTRS OF SAMBA
241	if (($this->current_config['expressoAdmin_samba_support'] == 'true') && (!$old_values['sambaGroup']) && ($new_values['use_attrs_samba'] == 'on'))
242	{
243	//Verifica se o binario para criar as senhas do samba exite.
244	if (!is_file('/home/expressolivre/mkntpwd'))
245	{
246	$return['status'] = false;
247	$return['msg'] .= "O arquivo binário /home/expressolivre/mkntpwd não exite.\\nEle é necessário para a criação das senhas usadas pelo SAMBA.\\nInforme o administrador ExpressoLivre sobre isto.\\n";
248	}
249	else
250	{
251	$ldap_add['objectClass'][] = 'sambaGroupMapping';
252	$ldap_add['sambagrouptype'] = '2';
253	$ldap_add['sambasid'] = $new_values['sambasid'] . '-' . ((2 * $new_values['gidnumber'])+1001);
254
255	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
256	if (!$result['status'])
257	{
258	$return['status'] = false;
259	$return['msg'] .= $result['msg'];
260	}
261	else
262	$this->db_functions->write_log("Adicionado atributos samba ao grupo $dn",'','','','');
263	}
264	}
265
266	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
267	// ADD ATTRIBUTES
268	$ldap_add = array();
269	if (($new_values['phpgwaccountvisible'] == 'on') && ($old_values['phpgwaccountvisible'] != '-1'))
270	{
271	$ldap_add['phpgwaccountvisible'] = '-1';
272	$this->db_functions->write_log("Adicionado atributo phpgwaccountvisible ao grupo $dn",'','','','');
273	}
274	if ((($new_values['email']) && (!$old_values['email'])) &&
275	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
276	{
277	$ldap_add['mail'] = $new_values['email'];
278	$this->db_functions->write_log("Adicionado atributo mail ao grupo $dn",'','','','');
279	}
280	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
281	// CALL LDAP_ADD FUNCTION
282	if (count($ldap_add))
283	{
284	$result = $this->ldap_functions->add_user_attributes($dn, $ldap_add);
285	if (!$result['status'])
286	{
287	$return['status'] = false;
288	$return['msg'] .= $result['msg'];
289	}
290	}
291
292	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
293	// REMOVE ATTRIBUTES
294	$ldap_remove = array();
295	if (($new_values['phpgwaccountvisible'] != 'on') && ($old_values['phpgwaccountvisible'] == '-1'))
296	{
297	$ldap_remove['phpgwaccountvisible'] = array();
298	$this->db_functions->write_log("Removido atributo phpgwaccountvisible do grupo $dn",'','','','');
299	}
300	if (((!$new_values['email']) && ($old_values['email'])) &&
301	$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'],'edit_email_groups'))
302	{
303	$ldap_remove['mail'] = array();
304	$this->db_functions->write_log("Removido atributo mail do grupo $dn",'','','','');
305	}
306	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
307	// CALL LDAP_REMOVED FUNCTION
308	if (count($ldap_remove))
309	{
310	$result = $this->ldap_functions->remove_user_attributes($dn, $ldap_remove);
311	if (!$result['status'])
312	{
313	$return['status'] = false;
314	$return['msg'] .= $result['msg'];
315	}
316	}
317
318	////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
319	// USERS
320
321	if (!$new_values['members'])
322	$new_values['members'] = array();
323	if (!$old_values['members'])
324	$old_values['members'] = array();
325
326	$add_users = array_diff($new_values['members'], $old_values['members']);
327	$remove_users = array_diff($old_values['members'], $new_values['members']);
328
329	if (count($add_users)>0)
330	{
331	$array_memberUids_add = array();
332	foreach($add_users as $uidnumber)
333	{
334	if (is_numeric($uidnumber) && ($uidnumber != -1))
335	{
336	$this->db_functions->add_user2group($new_values['gidnumber'], $uidnumber);
337	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
338	$array_memberUids_add[] = $user;
339	$this->db_functions->write_log("Adicionado usuário $user ao grupo $dn.",$dn,'','','');
340	}
341	else
342	{
343	// O memberUID existe no grupo, mas o usuário não existe no ldap
344	$this->ldap_functions->remove_user2group($new_values['gidnumber'], $uidnumber);
345	}
346	}
347	$this->ldap_functions->add_user2group($new_values['gidnumber'], $array_memberUids_add);
348	}
349	if (count($remove_users)>0)
350	{
351	$array_memberUids_remove = array();
352	foreach($remove_users as $uidnumber)
353	{
354	if ($uidnumber != -1)
355	{
356	$this->db_functions->remove_user2group($new_values['gidnumber'], $uidnumber);
357	$user = $this->ldap_functions->uidnumber2uid($uidnumber);
358	$array_memberUids_remove[] = $user;
359	$this->db_functions->write_log("Removido usuário $user do grupo $dn.",$dn,'','','');
360	}
361	}
362	$this->ldap_functions->remove_user2group($new_values['gidnumber'], $array_memberUids_remove);
363	}
364
365	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
366	// APPS
367	$new_values2 = array();
368	$old_values2 = array();
369	if (count($new_values['apps'])>0)
370	{
371	foreach ($new_values['apps'] as $app=>$tmp)
372	{
373	$new_values2[] = $app;
374	}
375	}
376	if (count($old_values['apps'])>0)
377	{
378	foreach ($old_values['apps'] as $app=>$tmp)
379	{
380	$old_values2[] = $app;
381	}
382	}
383
384	$add_apps = array_flip(array_diff($new_values2, $old_values2));
385	$remove_apps = array_flip(array_diff($old_values2, $new_values2));
386
387	if (count($add_apps)>0)
388	{
389	$this->db_functions->add_id2apps($new_values['gidnumber'], $add_apps);
390
391	foreach ($add_apps as $app => $index)
392	$this->db_functions->write_log("Adicionado aplicativo $app ao grupo $dn",'',$dn,'','');
393	}
394
395	if (count($remove_apps)>0)
396	{
397	//Verifica se o gerente tem acesso a aplicação antes de remove-la do usuario.
398	$manager_apps = $this->db_functions->get_apps($_SESSION['phpgw_session']['session_lid']);
399
400	foreach ($remove_apps as $app => $app_index)
401	{
402	if ($manager_apps[$app] == 'run')
403	$remove_apps2[$app] = $app_index;
404	}
405	$this->db_functions->remove_id2apps($new_values['gidnumber'], $remove_apps2);
406
407	foreach ($remove_apps2 as $app => $access)
408	$this->db_functions->write_log("Removido aplicativo $app do grupo $dn",'',$dn,'','');
409	}
410	//////////////////////////////////////////////////////////////////////////////////////////////////////////////////
411
412	return $return;
413	}
414
415
416	function get_info($gidnumber)
417	{
418	$group_info_ldap = $this->ldap_functions->get_group_info($gidnumber);
419	$group_info_db = $this->db_functions->get_group_info($gidnumber);
420
421	$group_info = array_merge($group_info_ldap, $group_info_db);
422	return $group_info;
423	}
424
425	function delete($params)
426	{
427	// Verifica o acesso do gerente
428	if (!$this->functions->check_acl($_SESSION['phpgw_session']['session_lid'], 'delete_groups'))
429	{
430	$return['status'] = false;
431	$return['msg'] = 'Você não tem acesso para excluir grupos.';
432	return $return;
433	}
434
435	$return['status'] = true;
436
437	$gidnumber = $params['gidnumber'];
438	$cn = $params['cn'];
439
440	//LDAP
441	$result_ldap = $this->ldap_functions->delete_group($gidnumber);
442	if (!$result_ldap['status'])
443	{
444	$return['status'] = false;
445	$return['msg'] .= $result_ldap['msg'];
446	}
447
448	//DB
449	$result_db = $this->db_functions->delete_group($gidnumber);
450	if (!$result_db['status'])
451	{
452	$return['status'] = false;
453	$return['msg'] .= $result_ldap['msg'];
454	}
455
456	if ($return['status'] == true)
457	{
458	$this->db_functions->write_log("Deletado grupo de usuários $cn",'',$cn,'','');
459	}
460
461	return $return;
462	}
463
464	}
465	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: