4 commits - lib/api lib/Auth lib/Auth.php
Aleksander Machniak
machniak at kolabsys.com
Tue Apr 3 11:08:09 CEST 2012
lib/Auth.php | 25 -
lib/Auth/LDAP.php | 518 +++++++++++++++++++++---------------
lib/api/kolab_api_service_group.php | 51 ---
lib/api/kolab_api_service_user.php | 53 ---
4 files changed, 331 insertions(+), 316 deletions(-)
New commits:
commit 99174d825f6cbf0a64944e6753e714ad8e047ead
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Tue Apr 3 11:06:43 2012 +0200
Remove some redundant connect() calls.
The connection to LDAP according to selected domain is still not implemented.
diff --git a/lib/Auth.php b/lib/Auth.php
index 7216d8f..255afac 100644
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -247,13 +247,11 @@ class Auth {
{
// TODO: Consider a normal user does not have privileges on
// the base_dn where domain names and configuration is stored.
- $this->connect();
return $this->_auth[$this->domain]->list_domains();
}
public function list_rights($subject)
{
- $this->connect();
return $this->_auth[$this->domain]->effective_rights($subject);
}
commit 01d024e8b3f1f945a53a011b6bd287d91eca685d
Merge: d14e39c 2442158
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Tue Apr 3 11:04:29 2012 +0200
Merge branch 'master' of ssh://git.kolab.org/git/kolab-wap
Conflicts:
lib/Auth/LDAP.php
diff --cc lib/Auth/LDAP.php
index 5ca826e,9892b81..a7e785e
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@@ -329,6 -329,38 +329,7 @@@ class LDA
return $attributes;
}
- public function entry_find_by_attribute($attribute)
- {
- if (empty($attribute) || !is_array($attribute) || count($attribute) > 1) {
- return false;
- }
-
- if (empty($attribute[key($attribute)])) {
- return false;
- }
-
- $filter = "(&";
-
- foreach ($attribute as $key => $value) {
- $filter .= "(" . $key . "=" . $value . ")";
- }
-
- $filter .= ")";
-
- $base_dn = $this->domain_root_dn($this->domain);
-
- $result = self::normalize_result($this->search($base_dn, $filter, array_keys($attribute)));
-
- if (count($result) > 0) {
- error_log("Results found: " . implode(', ', array_keys($result)));
- return $result;
- }
- else {
- error_log("No result");
- return false;
- }
- }
+
public function get_attribute($subject_dn, $attribute)
{
$result = $this->search($subject_dn, '(objectclass=*)', (array)($attribute));
@@@ -428,141 -465,141 +429,9 @@@
return $roles;
}
-- public function modify_entry($subject_dn, $old_attrs, $new_attrs)
- {
- console($old_attrs);
-
- // TODO: Get $rdn_attr - we have type_id in $new_attrs
- $dn_components = ldap_explode_dn($subject_dn, 0);
- $rdn_components = explode('=', $dn_components[0]);
-
- $rdn_attr = $rdn_components[0];
-
- console($rdn_attr);
-
- // return;
-
- $mod_array = Array(
- "add" => Array(), // For use with ldap_mod_add()
- "del" => Array(), // For use with ldap_mod_del()
- "replace" => Array(), // For use with ldap_mod_replace()
- "rename" => Array(), // For use with ldap_rename()
- );
-
- // Compare each attribute value of the old attrs with the corresponding value
- // in the new attrs, if any.
- foreach ($old_attrs as $attr => $old_attr_value) {
- if (array_key_exists($attr, $new_attrs)) {
- if (!($new_attrs[$attr] === $old_attr_value)) {
- console("Attribute $attr changed from", $old_attr_value, "to", $new_attrs[$attr]);
- if ($attr === $rdn_attr) {
- $mod_array['rename'][$subject_dn] = $rdn_attr . '=' . $new_attrs[$attr];
- } else {
- if (empty($new_attrs[$attr])) {
- console("Adding to del: $attr");
- $mod_array['del'][$attr] = (array)($old_attr_value);
- } else {
- console("Adding to replace: $attr");
- $mod_array['replace'][$attr] = (array)($new_attrs[$attr]);
- }
- }
- } else {
- console("Attribute $attr unchanged");
- }
- } else {
- // TODO: Since we're not shipping the entire object back and forth, and only post
- // part of the data... we don't know what is actually removed (think modifiedtimestamp, etc.)
- console("Group attribute $attr not mentioned in \$new_attrs..., but not explicitly removed... by assumption");
- }
- }
-
- foreach ($new_attrs as $attr => $value) {
- if (array_key_exists($attr, $old_attrs)) {
- if (empty($value)) {
- if (!array_key_exists($attr, $mod_array['del'])) {
- console("Adding to del(2): $attr");
- $mod_array['del'][$attr] = (array)($old_attrs[$attr]);
- }
- } else {
- if (!($old_attrs[$attr] === $value) && !($attr === $rdn_attr)) {
- if (!array_key_exists($attr, $mod_array['replace'])) {
- console("Adding to replace(2): $attr");
- $mod_array['replace'][$attr] = $value;
- }
- }
- }
- } else {
- if (!empty($value)) {
- $mod_array['add'][$attr] = $value;
- }
- }
- }
-
- console($mod_array);
-
- $result = $this->modify_entry_attributes($subject_dn, $mod_array);
-
- if ($result) {
- return $mod_array;
- }
-
- }
-
- public function modify_entry_attributes($subject_dn, $attributes)
- {
- $this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
-
- // Opportunities to set false include failed ldap commands.
- $result = true;
-
- if (is_array($attributes['replace']) && !empty($attributes['replace'])) {
- $result = ldap_mod_replace($this->conn, $subject_dn, $attributes['replace']);
- }
-
- if (!$result) {
- console("Failed to replace the following attributes", $attributes['replace']);
- return false;
- }
-
- if (is_array($attributes['del']) && !empty($attributes['del'])) {
- $result = ldap_mod_del($this->conn, $subject_dn, $attributes['del']);
- }
-
- if (!$result) {
- console("Failed to delete the following attributes", $attributes['del']);
- return false;
- }
-
-
- if (is_array($attributes['add']) && !empty($attributes['add'])) {
- $result = ldap_mod_add($this->conn, $subject_dn, $attributes['add']);
- }
-
- if (!$result) {
- console("Failed to add the following attributes", $attributes['add']);
- return false;
- }
-
- if (is_array($attributes['rename']) && !empty($attributes['rename'])) {
- $olddn = key($attributes['rename']);
- $newrdn = $attributes['rename'][$olddn];
- $result = ldap_rename($this->conn, $olddn, $newrdn, NULL, true);
- }
-
- if (!$result) {
- return false;
- }
-
- if ($result) {
- return true;
- } else {
- return false;
- }
- }
-
+ public function user_add($attrs, $typeid = null)
{
- console($old_attrs);
-
- // TODO: Get $rdn_attr - we have type_id in $new_attrs
- $dn_components = ldap_explode_dn($subject_dn, 0);
- $rdn_components = explode('=', $dn_components[0]);
-
- $rdn_attr = $rdn_components[0];
-
- console($rdn_attr);
-
-// return;
-
- $mod_array = Array(
- "add" => Array(), // For use with ldap_mod_add()
- "del" => Array(), // For use with ldap_mod_del()
- "replace" => Array(), // For use with ldap_mod_replace()
- "rename" => Array(), // For use with ldap_rename()
- );
-
- // Compare each attribute value of the old attrs with the corresponding value
- // in the new attrs, if any.
- foreach ($old_attrs as $attr => $old_attr_value) {
- if (array_key_exists($attr, $new_attrs)) {
- if (!($new_attrs[$attr] === $old_attr_value)) {
- console("Attribute $attr changed from", $old_attr_value, "to", $new_attrs[$attr]);
- if ($attr === $rdn_attr) {
- $mod_array['rename'][$subject_dn] = $rdn_attr . '=' . $new_attrs[$attr];
- } else {
- if (empty($new_attrs[$attr])) {
- console("Adding to del: $attr");
- $mod_array['del'][$attr] = (array)($old_attr_value);
- } else {
- console("Adding to replace: $attr");
- $mod_array['replace'][$attr] = (array)($new_attrs[$attr]);
- }
- }
- } else {
- console("Attribute $attr unchanged");
- }
- } else {
- // TODO: Since we're not shipping the entire object back and forth, and only post
- // part of the data... we don't know what is actually removed (think modifiedtimestamp, etc.)
- console("Group attribute $attr not mentioned in \$new_attrs..., but not explicitly removed... by assumption");
- }
- }
-
- foreach ($new_attrs as $attr => $value) {
- if (array_key_exists($attr, $old_attrs)) {
- if (empty($value)) {
- if (!array_key_exists($attr, $mod_array['del'])) {
- console("Adding to del(2): $attr");
- $mod_array['del'][$attr] = (array)($old_attrs[$attr]);
- }
- } else {
- if (!($old_attrs[$attr] === $value) && !($attr === $rdn_attr)) {
- if (!array_key_exists($attr, $mod_array['replace'])) {
- console("Adding to replace(2): $attr");
- $mod_array['replace'][$attr] = $value;
- }
- }
- }
- } else {
- if (!empty($value)) {
- $mod_array['add'][$attr] = $value;
- }
- }
- }
-
- console($mod_array);
-
- $result = $this->modify_entry_attributes($subject_dn, $mod_array);
-
- if ($result) {
- return $mod_array;
- }
-
- }
-
- public function modify_entry_attributes($subject_dn, $attributes)
- {
- $this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
-
- // Opportunities to set false include failed ldap commands.
- $result = true;
-
- if (is_array($attributes['replace']) && !empty($attributes['replace'])) {
- $result = ldap_mod_replace($this->conn, $subject_dn, $attributes['replace']);
- }
-
- if (!$result) {
- console("Failed to replace the following attributes", $attributes['replace']);
- return false;
- }
-
- if (is_array($attributes['del']) && !empty($attributes['del'])) {
- $result = ldap_mod_del($this->conn, $subject_dn, $attributes['del']);
- }
-
- if (!$result) {
- console("Failed to delete the following attributes", $attributes['del']);
- return false;
- }
-
-
- if (is_array($attributes['add']) && !empty($attributes['add'])) {
- $result = ldap_mod_add($this->conn, $subject_dn, $attributes['add']);
- }
-
- if (!$result) {
- console("Failed to add the following attributes", $attributes['add']);
- return false;
- }
-
- if (is_array($attributes['rename']) && !empty($attributes['rename'])) {
- $olddn = key($attributes['rename']);
- $newrdn = $attributes['rename'][$olddn];
- $result = ldap_rename($this->conn, $olddn, $newrdn, NULL, true);
- }
-
- if (!$result) {
- return false;
- }
-
- if ($result) {
- return true;
- } else {
- return false;
- }
- }
-
- public function user_add($attrs, $type = null)
- {
- if ($type == null) {
+ if ($typeid == null) {
$type_str = 'user';
}
else {
@@@ -589,134 -626,35 +458,74 @@@
return $this->_add($dn, $attrs);
}
- public function user_delete($subject)
+ public function user_edit($user, $attributes, $typeid = null)
{
- $subject_dn = $this->resolve_subject($subject);
- if (!$subject_dn)
+/*
+ // Get the type "key" string for the next few settings.
+ if ($typeid == null) {
+ $type_str = 'user';
+ }
+ else {
+ $db = SQL::get_instance();
+ $_key = $db->fetch_assoc($db->query("SELECT `key` FROM user_types WHERE id = ?", $typeid));
+ $type_str = $_key['key'];
+ }
+*/
+ $conf = Conf::get_instance();
+
+ $unique_attr = $conf->get('unique_attribute');
+ if (!$unique_attr) {
+ $unique_attr = 'nsuniqueid';
+ }
+ $attributes[$unique_attr] = $user;
+
+ // Now that values have been re-generated where necessary, compare
+ // the new group attributes to the original group attributes.
- $_user = $this->user_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
++ $_user = $this->entry_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
+
+ if (!$_user) {
+ console("Could not find user");
return false;
- else
- return $this->_delete($subject_dn);
+ }
+
+ $_user_dn = key($_user);
+ $_user = $this->user_info(array('user' => $_user_dn), array());
+
+ // We should start throwing stuff over the fence here.
+ return $this->modify_entry($_user_dn, $_user, $attributes);
}
- public function user_find_by_attribute($attribute)
+ public function user_delete($user)
{
- $user_dn = $this->user_dn($user);
- return $this->entry_find_by_attribute($attribute);
++ $user_dn = $this->entry_dn($user);
+
+ if (!$user_dn) {
+ return false;
+ }
+
+ return $this->_delete($user_dn);
}
- public function user_find_by_attribute($attribute)
- {
- if (empty($attribute) || !is_array($attribute) || count($attribute) > 1) {
- return false;
- }
-
- if (empty($attribute[key($attribute)])) {
- return false;
- }
-
- $filter = "(&";
-
- foreach ($attribute as $key => $value) {
- $filter .= "(" . $key . "=" . $value . ")";
- }
-
- $filter .= ")";
-
- $base_dn = $this->domain_root_dn($this->domain);
-
- $result = self::normalize_result($this->search($base_dn, $filter, array_keys($attribute)));
-
- if (count($result) > 0) {
- error_log("Results found: " . implode(', ', array_keys($result)));
- return $result;
- }
- else {
- error_log("No result");
- return false;
- }
- }
-
- public function group_find_by_attribute($attribute)
- {
- if (empty($attribute) || !is_array($attribute) || count($attribute) > 1) {
- return false;
- }
-
- if (empty($attribute[key($attribute)])) {
- return false;
- }
-
- $filter = "(&";
-
- foreach ($attribute as $key => $value) {
- $filter .= "(" . $key . "=" . $value . ")";
- }
-
- $filter .= ")";
-
- $base_dn = $this->domain_root_dn($this->domain);
-
- $result = self::normalize_result($this->search($base_dn, $filter, array_keys($attribute)));
-
- if (count($result) > 0) {
- error_log("Results found: " . implode(', ', array_keys($result)));
- return $result;
- }
- else {
- error_log("No result");
- return false;
- }
- }
-
/**
* User attributes
*
*
*/
- public function user_info($subject)
+ public function user_info($user)
{
- $user_dn = $this->user_dn($user);
- $subject_dn = $this->resolve_subject($subject);
++ $user_dn = $this->entry_dn($user);
- if (!$user_dn) {
- if (!$subject_dn)
++ if (!$user_dn)
return false;
- }
- return self::normalize_result($this->search($subject_dn));
+ return self::normalize_result($this->search($user_dn));
+ }
+
++ public function user_find_by_attribute($attribute)
++ {
++ return $this->entry_find_by_attribute($attribute);
+ }
+
public function find_user_groups($member_dn)
{
error_log(__FILE__ . "(" . __LINE__ . "): " . $member_dn);
@@@ -764,77 -702,33 +573,82 @@@
return $this->_add($dn, $attrs);
}
- public function group_delete($subject)
+ public function group_edit($group, $attributes, $typeid = null)
{
- $subject_dn = $this->resolve_subject($subject);
- if (!$subject_dn)
+/*
+ // Get the type "key" string for the next few settings.
+ if ($typeid == null) {
+ $type_str = 'group';
+ }
+ else {
+ $db = SQL::get_instance();
+ $_key = $db->fetch_assoc($db->query("SELECT `key` FROM group_types WHERE id = ?", $typeid));
+ $type_str = $_key['key'];
+ }
+*/
+ $conf = Conf::get_instance();
+
+ // Group identifier
+ $unique_attr = $conf->get('unique_attribute');
+ if (!$unique_attr) {
+ $unique_attr = 'nsuniqueid';
+ }
+ $attributes[$unique_attr] = $group;
+
+ // Now that values have been re-generated where necessary, compare
+ // the new group attributes to the original group attributes.
- $_group = $this->group_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
++ $_group = $this->entry_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
+
+ if (!$_group) {
+ console("Could not find group");
return false;
+ }
+
+ $_group_dn = key($_group);
+ $_group = $this->group_info(array('group' => $_group_dn), array());
- return $this->_delete($subject_dn);
+ // We should start throwing stuff over the fence here.
+ return $this->modify_entry($_group_dn, $_group, $attributes);
}
- public function group_info($subject)
+ public function group_delete($group)
{
- $group_dn = $this->group_dn($group);
- $subject_dn = $this->resolve_subject($subject);
- if (!$subject_dn)
++ $group_dn = $this->entry_dn($group);
+
+ if (!$group_dn) {
return false;
+ }
- return self::normalize_result($this->search($subject_dn));
+ return $this->_delete($group_dn);
+ }
+
+ public function group_info($group)
+ {
- $group_dn = $this->group_dn($group);
++ $group_dn = $this->entry_dn($group);
+
+ if (!$group_dn) {
+ return false;
+ }
+
+ return self::normalize_result($this->search($group_dn));
}
- public function group_members_list($group)
+ public function group_members_list($subject)
{
- $group_dn = $this->group_dn($group);
- $subject_dn = $this->resolve_subject($subject);
- if (!$subject_dn)
++ $group_dn = $this->entry_dn($group);
+
+ if (!$group_dn) {
return false;
+ }
+
+ return $this->_list_group_members($group_dn);
+ }
- return $this->_list_group_members($subject_dn);
++ public function group_find_by_attribute($attribute)
++ {
++ return $this->entry_find_by_attribute($attribute);
+ }
+
/*
Translate a domain name into it's corresponding root dn.
*/
@@@ -1050,6 -944,29 +864,59 @@@
return $result;
}
- private function resolve_subject($subject)
++ private function entry_find_by_attribute($attribute)
++ {
++ if (empty($attribute) || !is_array($attribute) || count($attribute) > 1) {
++ return false;
++ }
++
++ if (empty($attribute[key($attribute)])) {
++ return false;
++ }
++
++ $filter = "(&";
++
++ foreach ($attribute as $key => $value) {
++ $filter .= "(" . $key . "=" . $value . ")";
++ }
++
++ $filter .= ")";
++
++ $base_dn = $this->domain_root_dn($this->domain);
++
++ $result = self::normalize_result($this->search($base_dn, $filter, array_keys($attribute)));
++
++ if (count($result) > 0) {
++ error_log("Results found: " . implode(', ', array_keys($result)));
++ return $result;
++ }
++ else {
++ error_log("No result");
++ return false;
++ }
++ }
++
++ private function entry_dn($subject)
+ {
+ $is_dn = ldap_explode_dn($subject, 1);
+
+ if (is_array($is_dn) && array_key_exists("count", $is_dn) && $is_dn["count"] > 1) {
+ return $subject;
- } else {
- $conf = Conf::get_instance();
++ }
+
- $unique_attr = $conf->get('unique_attribute');
- if (!$unique_attr) {
- $unique_attr = 'nsuniqueid';
- }
++ $conf = Conf::get_instance();
+
- $subject = $this->entry_find_by_attribute(array($unique_attr => $subject));
- if (!$subject) {
- return false;
- } else {
- return key($subject);
- }
++ $unique_attr = $conf->get('unique_attribute');
++ if (!$unique_attr) {
++ $unique_attr = 'nsuniqueid';
++ }
++
++ $subject = $this->entry_find_by_attribute(array($unique_attr => $subject));
++ if (!empty($subject)) {
++ return key($subject);
+ }
+ }
+
private function parse_attribute_level_rights($attribute_value)
{
$attribute_value = str_replace(", ", ",", $attribute_value);
@@@ -1091,56 -1008,18 +958,150 @@@
return $_attribute_value;
}
- /**
- * Result sorting callback for uasort()
- */
- public function sort_result($a, $b)
++ private function modify_entry($subject_dn, $old_attrs, $new_attrs)
+ {
- $str1 = $a[$this->sort_result_key];
- $str2 = $b[$this->sort_result_key];
++ console($old_attrs);
+
- return strcmp(mb_strtoupper($str1), mb_strtoupper($str2));
- }
++ // TODO: Get $rdn_attr - we have type_id in $new_attrs
++ $dn_components = ldap_explode_dn($subject_dn, 0);
++ $rdn_components = explode('=', $dn_components[0]);
+
- /**
- * Parses input value to find group DN.
- */
- private function group_dn($value)
- {
- $is_dn = ldap_explode_dn($value, 1);
++ $rdn_attr = $rdn_components[0];
+
- if ($is_dn) {
- return $value;
++ console($rdn_attr);
++
++// return;
++
++ $mod_array = Array(
++ "add" => Array(), // For use with ldap_mod_add()
++ "del" => Array(), // For use with ldap_mod_del()
++ "replace" => Array(), // For use with ldap_mod_replace()
++ "rename" => Array(), // For use with ldap_rename()
++ );
++
++ // Compare each attribute value of the old attrs with the corresponding value
++ // in the new attrs, if any.
++ foreach ($old_attrs as $attr => $old_attr_value) {
++ if (array_key_exists($attr, $new_attrs)) {
++ if (!($new_attrs[$attr] === $old_attr_value)) {
++ console("Attribute $attr changed from", $old_attr_value, "to", $new_attrs[$attr]);
++ if ($attr === $rdn_attr) {
++ $mod_array['rename'][$subject_dn] = $rdn_attr . '=' . $new_attrs[$attr];
++ } else {
++ if (empty($new_attrs[$attr])) {
++ console("Adding to del: $attr");
++ $mod_array['del'][$attr] = (array)($old_attr_value);
++ } else {
++ console("Adding to replace: $attr");
++ $mod_array['replace'][$attr] = (array)($new_attrs[$attr]);
++ }
++ }
++ } else {
++ console("Attribute $attr unchanged");
++ }
++ } else {
++ // TODO: Since we're not shipping the entire object back and forth, and only post
++ // part of the data... we don't know what is actually removed (think modifiedtimestamp, etc.)
++ console("Group attribute $attr not mentioned in \$new_attrs..., but not explicitly removed... by assumption");
++ }
++ }
++
++ foreach ($new_attrs as $attr => $value) {
++ if (array_key_exists($attr, $old_attrs)) {
++ if (empty($value)) {
++ if (!array_key_exists($attr, $mod_array['del'])) {
++ console("Adding to del(2): $attr");
++ $mod_array['del'][$attr] = (array)($old_attrs[$attr]);
++ }
++ } else {
++ if (!($old_attrs[$attr] === $value) && !($attr === $rdn_attr)) {
++ if (!array_key_exists($attr, $mod_array['replace'])) {
++ console("Adding to replace(2): $attr");
++ $mod_array['replace'][$attr] = $value;
++ }
++ }
++ }
++ } else {
++ if (!empty($value)) {
++ $mod_array['add'][$attr] = $value;
++ }
++ }
+ }
+
- $unique_attr = $this->unique_attribute();
- $group = $this->group_find_by_attribute(array($unique_attr => $value));
++ console($mod_array);
++
++ $result = $this->modify_entry_attributes($subject_dn, $mod_array);
+
- if (!empty($group)) {
- return key($group);
++ if ($result) {
++ return $mod_array;
+ }
++
+ }
+
- /**
- * Parses input value to find user DN.
- */
- private function user_dn($value)
++ private function modify_entry_attributes($subject_dn, $attributes)
+ {
- $is_dn = ldap_explode_dn($value, 1);
++ $this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
++
++ // Opportunities to set false include failed ldap commands.
++ $result = true;
++
++ if (is_array($attributes['replace']) && !empty($attributes['replace'])) {
++ $result = ldap_mod_replace($this->conn, $subject_dn, $attributes['replace']);
++ }
++
++ if (!$result) {
++ console("Failed to replace the following attributes", $attributes['replace']);
++ return false;
++ }
++
++ if (is_array($attributes['del']) && !empty($attributes['del'])) {
++ $result = ldap_mod_del($this->conn, $subject_dn, $attributes['del']);
++ }
++
++ if (!$result) {
++ console("Failed to delete the following attributes", $attributes['del']);
++ return false;
++ }
++
++
++ if (is_array($attributes['add']) && !empty($attributes['add'])) {
++ $result = ldap_mod_add($this->conn, $subject_dn, $attributes['add']);
++ }
++
++ if (!$result) {
++ console("Failed to add the following attributes", $attributes['add']);
++ return false;
++ }
+
- if ($is_dn) {
- return $value;
++ if (is_array($attributes['rename']) && !empty($attributes['rename'])) {
++ $olddn = key($attributes['rename']);
++ $newrdn = $attributes['rename'][$olddn];
++ $result = ldap_rename($this->conn, $olddn, $newrdn, NULL, true);
+ }
+
- $unique_attr = $this->unique_attribute();
- $user = $this->user_find_by_attribute(array($unique_attr => $value));
++ if (!$result) {
++ return false;
++ }
+
- if (!empty($user)) {
- return key($user);
++ if ($result) {
++ return true;
++ } else {
++ return false;
+ }
+ }
+
/**
+ * Result sorting callback for uasort()
+ */
+ public function sort_result($a, $b)
+ {
+ $str1 = $a[$this->sort_result_key];
+ $str2 = $b[$this->sort_result_key];
+
+ return strcmp(mb_strtoupper($str1), mb_strtoupper($str2));
+ }
+
+ /**
* Qualify a username.
*
* Where username is 'kanarip at kanarip.com', the function will return an
commit d14e39cd189577c427b93873ec444fa65b9ae271
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Tue Apr 3 10:38:15 2012 +0200
Move user_edit/group_edit code into LDAP class, keep service classes backend-unaware
diff --git a/lib/Auth.php b/lib/Auth.php
index b15adb5..7216d8f 100644
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -213,9 +213,14 @@ class Auth {
return $this->_auth[$_SESSION['user']->get_domain()]->get_attributes($subject, $attributes);
}
- public function group_add($attributes, $type=NULL)
+ public function group_add($attributes, $typeid = null)
{
- return $this->_auth[$_SESSION['user']->get_domain()]->group_add($attributes, $type);
+ return $this->_auth[$_SESSION['user']->get_domain()]->group_add($attributes, $typeid);
+ }
+
+ public function group_edit($group, $attributes, $typeid = null)
+ {
+ return $this->_auth[$_SESSION['user']->get_domain()]->group_edit($group, $attributes, $typeid);
}
public function group_delete($subject)
@@ -288,11 +293,6 @@ class Auth {
return $roles;
}
- public function modify_entry($subject, $attrs, $_attrs)
- {
- return $this->_auth[$_SESSION['user']->get_domain()]->modify_entry($subject, $attrs, $_attrs);
- }
-
public function primary_for_valid_domain($domain)
{
$this->domains = $this->list_domains();
@@ -315,9 +315,14 @@ class Auth {
}
}
- public function user_add($attributes, $type=NULL)
+ public function user_add($attributes, $typeid = null)
+ {
+ return $this->_auth[$_SESSION['user']->get_domain()]->user_add($attributes, $typeid);
+ }
+
+ public function user_edit($user, $attributes, $typeid = null)
{
- return $this->_auth[$_SESSION['user']->get_domain()]->user_add($attributes, $type);
+ return $this->_auth[$_SESSION['user']->get_domain()]->user_edit($user, $attributes, $typeid);
}
public function user_delete($userdata)
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index b7b47a6..5ca826e 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -560,14 +560,14 @@ class LDAP
}
}
- public function user_add($attrs, $type = null)
+ public function user_add($attrs, $typeid = null)
{
- if ($type == null) {
+ if ($typeid == null) {
$type_str = 'user';
}
else {
$db = SQL::get_instance();
- $_key = $db->fetch_assoc($db->query("SELECT `key` FROM user_types WHERE id = ?", $type));
+ $_key = $db->fetch_assoc($db->query("SELECT `key` FROM user_types WHERE id = ?", $typeid));
$type_str = $_key['key'];
}
@@ -589,6 +589,43 @@ class LDAP
return $this->_add($dn, $attrs);
}
+ public function user_edit($user, $attributes, $typeid = null)
+ {
+/*
+ // Get the type "key" string for the next few settings.
+ if ($typeid == null) {
+ $type_str = 'user';
+ }
+ else {
+ $db = SQL::get_instance();
+ $_key = $db->fetch_assoc($db->query("SELECT `key` FROM user_types WHERE id = ?", $typeid));
+ $type_str = $_key['key'];
+ }
+*/
+ $conf = Conf::get_instance();
+
+ $unique_attr = $conf->get('unique_attribute');
+ if (!$unique_attr) {
+ $unique_attr = 'nsuniqueid';
+ }
+ $attributes[$unique_attr] = $user;
+
+ // Now that values have been re-generated where necessary, compare
+ // the new group attributes to the original group attributes.
+ $_user = $this->user_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
+
+ if (!$_user) {
+ console("Could not find user");
+ return false;
+ }
+
+ $_user_dn = key($_user);
+ $_user = $this->user_info(array('user' => $_user_dn), array());
+
+ // We should start throwing stuff over the fence here.
+ return $this->modify_entry($_user_dn, $_user, $attributes);
+ }
+
public function user_delete($user)
{
$user_dn = $this->user_dn($user);
@@ -703,18 +740,18 @@ class LDAP
return $groups;
}
- public function group_add($attrs, $type = null)
+ public function group_add($attrs, $typeid = null)
{
- if ($type == null) {
+ if ($typeid == null) {
$type_str = 'group';
}
else {
$db = SQL::get_instance();
- $_key = $db->fetch_assoc($db->query("SELECT `key` FROM group_types WHERE id = ?", $type));
+ $_key = $db->fetch_assoc($db->query("SELECT `key` FROM group_types WHERE id = ?", $typeid));
$type_str = $_key['key'];
}
- // Check if the user_type has a specific base DN specified.
+ // Check if the group_type has a specific base DN specified.
$base_dn = $this->conf->get($type_str . "_group_base_dn");
// If not, take the regular user_base_dn
if (!$base_dn)
@@ -727,6 +764,44 @@ class LDAP
return $this->_add($dn, $attrs);
}
+ public function group_edit($group, $attributes, $typeid = null)
+ {
+/*
+ // Get the type "key" string for the next few settings.
+ if ($typeid == null) {
+ $type_str = 'group';
+ }
+ else {
+ $db = SQL::get_instance();
+ $_key = $db->fetch_assoc($db->query("SELECT `key` FROM group_types WHERE id = ?", $typeid));
+ $type_str = $_key['key'];
+ }
+*/
+ $conf = Conf::get_instance();
+
+ // Group identifier
+ $unique_attr = $conf->get('unique_attribute');
+ if (!$unique_attr) {
+ $unique_attr = 'nsuniqueid';
+ }
+ $attributes[$unique_attr] = $group;
+
+ // Now that values have been re-generated where necessary, compare
+ // the new group attributes to the original group attributes.
+ $_group = $this->group_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
+
+ if (!$_group) {
+ console("Could not find group");
+ return false;
+ }
+
+ $_group_dn = key($_group);
+ $_group = $this->group_info(array('group' => $_group_dn), array());
+
+ // We should start throwing stuff over the fence here.
+ return $this->modify_entry($_group_dn, $_group, $attributes);
+ }
+
public function group_delete($group)
{
$group_dn = $this->group_dn($group);
diff --git a/lib/api/kolab_api_service_group.php b/lib/api/kolab_api_service_group.php
index 3e4825e..9b9c076 100644
--- a/lib/api/kolab_api_service_group.php
+++ b/lib/api/kolab_api_service_group.php
@@ -96,55 +96,12 @@ class kolab_api_service_group extends kolab_api_service
public function group_edit($getdata, $postdata)
{
$group_attributes = $this->parse_input_attributes('group', $postdata);
+ $group = $postdata['id'];
- // Get the type "key" string for the next few settings.
- if ($postdata['type_id'] == null) {
- $type_str = 'group';
- }
- else {
- $db = SQL::get_instance();
- $_key = $db->fetch_assoc($db->query("SELECT `key` FROM group_types WHERE id = ?", $postdata['type_id']));
- $type_str = $_key['key'];
- }
-
- $conf = Conf::get_instance();
-
- // Group identifier
- $unique_attr = $conf->get('unique_attribute');
- if (!$unique_attr) {
- $unique_attr = 'nsuniqueid';
- }
- $group_attributes[$unique_attr] = $postdata['id'];
- unset($postdata['id']);
-
- // TODO: "rdn" is somewhat LDAP specific, but not used as something
- // LDAP specific...?
- $rdn_attr = $conf->get($type_str . '_group_name_attribute');
- if (!$rdn_attr) {
- $rdn_attr = $conf->get('group_name_attribute');
- }
- if (!$rdn_attr) {
- $rdn_attr = 'cn';
- }
-
- $auth = Auth::get_instance();
- $auth->connect();
-
- // Now that values have been re-generated where necessary, compare
- // the new group attributes to the original group attributes.
- $_group = $auth->group_find_by_attribute(array($unique_attr => $group_attributes[$unique_attr]));
-
- if (!$_group) {
- console("Could not find group");
- return false;
- }
-
- $_group_dn = key($_group);
- $_group = $this->group_info(Array('group' => $_group_dn), Array());
-
- // We should start throwing stuff over the fence here.
- $result = $auth->modify_entry($_group_dn, $_group, $group_attributes);
+ $auth = Auth::get_instance();
+ $result = $auth->group_edit($postdata['id'], $group_attributes, $postdata['type_id']);
+ // @TODO: return unique attribute or all attributes as group_add()
if ($result) {
return true;
}
diff --git a/lib/api/kolab_api_service_user.php b/lib/api/kolab_api_service_user.php
index b262698..fcc9128 100644
--- a/lib/api/kolab_api_service_user.php
+++ b/lib/api/kolab_api_service_user.php
@@ -103,56 +103,13 @@ class kolab_api_service_user extends kolab_api_service
{
console("\$postdata to user_edit()", $postdata);
- $user_attributes = $this->parse_input_attributes('user', $postdata);
-
- // Get the type "key" string for the next few settings.
- if ($postdata['type_id'] == null) {
- $type_str = 'user';
- }
- else {
- $db = SQL::get_instance();
- $_key = $db->fetch_assoc($db->query("SELECT `key` FROM user_types WHERE id = ?", $postdata['type_id']));
- $type_str = $_key['key'];
- }
-
- $conf = Conf::get_instance();
-
- $unique_attr = $conf->get('unique_attribute');
- if (!$unique_attr) {
- $unique_attr = 'nsuniqueid';
- }
- $user_attributes[$unique_attr] = $postdata['id'];
- unset($postdata['id']);
-
- // TODO: "rdn" is somewhat LDAP specific, but not used as something
- // LDAP specific...?
- $rdn_attr = $conf->get($type_str . '_user_name_attribute');
- if (!$rdn_attr) {
- $rdn_attr = $conf->get('user_name_attribute');
- }
- if (!$rdn_attr) {
- $rdn_attr = 'uid';
- }
+ $user_attributes = $this->parse_input_attributes('user', $postdata);
+ $user = $postdata['id'];
- // Obtain the original user's information.
- $auth = Auth::get_instance();
- $auth->connect();
-
- // Now that values have been re-generated where necessary, compare
- // the new group attributes to the original group attributes.
- $_user = $auth->user_find_by_attribute(array($unique_attr => $user_attributes[$unique_attr]));
-
- if (!$_user) {
- console("Could not find user");
- return false;
- }
-
- $_user_dn = key($_user);
- $_user = $this->user_info(array('user' => $_user_dn), array());
-
- // We should start throwing stuff over the fence here.
- $result = $auth->modify_entry($_user_dn, $_user, $user_attributes);
+ $auth = Auth::get_instance();
+ $result = $auth->user_edit($user, $user_attributes, $postdata['type_id']);
+ // @TODO: return unique attribute (?), it can change on edit
if ($result) {
return true;
}
commit 0679625db10468ab399aa6750effa431c4214bd1
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Tue Apr 3 10:04:48 2012 +0200
Unify input attributes handling including unique attribute
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index f633054..b7b47a6 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -351,38 +351,6 @@ class LDAP
return false;
}
- public function group_find_by_attribute($attribute)
- {
- if (empty($attribute) || !is_array($attribute) || count($attribute) > 1) {
- return false;
- }
-
- if (empty($attribute[key($attribute)])) {
- return false;
- }
-
- $filter = "(&";
-
- foreach ($attribute as $key => $value) {
- $filter .= "(" . $key . "=" . $value . ")";
- }
-
- $filter .= ")";
-
- $base_dn = $this->domain_root_dn($this->domain);
-
- $result = self::normalize_result($this->search($base_dn, $filter, array_keys($attribute)));
-
- if (count($result) > 0) {
- error_log("Results found: " . implode(', ', array_keys($result)));
- return $result;
- }
- else {
- error_log("No result");
- return false;
- }
- }
-
public function list_domains()
{
$domains = $this->domains_list();
@@ -621,24 +589,15 @@ class LDAP
return $this->_add($dn, $attrs);
}
- public function user_delete($subject)
+ public function user_delete($user)
{
- $is_dn = ldap_explode_dn($subject, 1);
- if (!$is_dn) {
- $conf = Conf::get_instance();
- $unique_attr = $conf->get('unique_attr');
- if (!$unique_attr) {
- $unique_attr = 'nsuniqueid';
- }
+ $user_dn = $this->user_dn($user);
- $user = $this->user_find_by_attribute(Array($unique_attr => $subject));
- $user_dn = key($user);
- $result = $this->_delete($user_dn);
- } else {
- $result = $this->_delete($subject);
+ if (!$user_dn) {
+ return false;
}
- return $result;
+ return $this->_delete($user_dn);
}
public function user_find_by_attribute($attribute)
@@ -673,6 +632,38 @@ class LDAP
}
}
+ public function group_find_by_attribute($attribute)
+ {
+ if (empty($attribute) || !is_array($attribute) || count($attribute) > 1) {
+ return false;
+ }
+
+ if (empty($attribute[key($attribute)])) {
+ return false;
+ }
+
+ $filter = "(&";
+
+ foreach ($attribute as $key => $value) {
+ $filter .= "(" . $key . "=" . $value . ")";
+ }
+
+ $filter .= ")";
+
+ $base_dn = $this->domain_root_dn($this->domain);
+
+ $result = self::normalize_result($this->search($base_dn, $filter, array_keys($attribute)));
+
+ if (count($result) > 0) {
+ error_log("Results found: " . implode(', ', array_keys($result)));
+ return $result;
+ }
+ else {
+ error_log("No result");
+ return false;
+ }
+ }
+
/**
* User attributes
*
@@ -680,15 +671,7 @@ class LDAP
*/
public function user_info($user)
{
- $is_dn = ldap_explode_dn($user, 1);
- if (!$is_dn) {
- list($this->userid, $this->domain) = $this->_qualify_id($user);
- $root_dn = $this->domain_root_dn($this->domain);
- $user_dn = $this->_get_user_dn($root_dn, '(mail=' . $user . ')');
- }
- else {
- $user_dn = $user;
- }
+ $user_dn = $this->user_dn($user);
if (!$user_dn) {
return false;
@@ -744,36 +727,20 @@ class LDAP
return $this->_add($dn, $attrs);
}
- public function group_delete($subject)
+ public function group_delete($group)
{
- $is_dn = ldap_explode_dn($subject, 1);
- if (!$is_dn) {
- $conf = Conf::get_instance();
- $unique_attr = $conf->get('unique_attr');
- if (!$unique_attr) {
- $unique_attr = 'nsuniqueid';
- }
+ $group_dn = $this->group_dn($group);
- $group = $this->group_find_by_attribute(Array($unique_attr => $subject));
- $group_dn = key($group);
- $result = $this->_delete($group_dn);
- } else {
- $result = $this->_delete($subject);
+ if (!$group_dn) {
+ return false;
}
- return $result;
+ return $this->_delete($group_dn);
}
public function group_info($group)
{
- $is_dn = ldap_explode_dn($group, 1);
- if (!$is_dn) {
- $root_dn = $this->domain_root_dn($this->domain);
- $group_dn = $this->_get_group_dn($root_dn, '(mail=' . $group . ')');
- }
- else {
- $group_dn = $group;
- }
+ $group_dn = $this->group_dn($group);
if (!$group_dn) {
return false;
@@ -784,14 +751,7 @@ class LDAP
public function group_members_list($group)
{
- $is_dn = ldap_explode_dn($group, 1);
- if (!$is_dn) {
- $root_dn = $this->domain_root_dn($this->domain);
- $group_dn = $this->_get_group_dn($root_dn, '(mail=' . $group . ')');
- }
- else {
- $group_dn = $group;
- }
+ $group_dn = $this->group_dn($group);
if (!$group_dn) {
return false;
@@ -1068,6 +1028,44 @@ class LDAP
}
/**
+ * Parses input value to find group DN.
+ */
+ private function group_dn($value)
+ {
+ $is_dn = ldap_explode_dn($value, 1);
+
+ if ($is_dn) {
+ return $value;
+ }
+
+ $unique_attr = $this->unique_attribute();
+ $group = $this->group_find_by_attribute(array($unique_attr => $value));
+
+ if (!empty($group)) {
+ return key($group);
+ }
+ }
+
+ /**
+ * Parses input value to find user DN.
+ */
+ private function user_dn($value)
+ {
+ $is_dn = ldap_explode_dn($value, 1);
+
+ if ($is_dn) {
+ return $value;
+ }
+
+ $unique_attr = $this->unique_attribute();
+ $user = $this->user_find_by_attribute(array($unique_attr => $value));
+
+ if (!empty($user)) {
+ return key($user);
+ }
+ }
+
+ /**
* Qualify a username.
*
* Where username is 'kanarip at kanarip.com', the function will return an
@@ -1470,6 +1468,7 @@ class LDAP
return "dc=" . implode(',dc=', explode('.', $relevant_associatedDomain));
}
+ // @TODO: this function isn't used anymore
private function _get_group_dn($root_dn, $search_filter)
{
// TODO: Why does this use privileged credentials?
@@ -1667,6 +1666,21 @@ class LDAP
}
/**
+ * Returns name of the unique attribute
+ */
+ private function unique_attribute()
+ {
+ $conf = Conf::get_instance();
+ $unique_attr = $conf->get('unique_attr');
+
+ if (!$unique_attr) {
+ $unique_attr = 'nsuniqueid';
+ }
+
+ return $unique_attr;
+ }
+
+ /**
* Quotes attribute value string
*
* @param string $str Attribute value
More information about the commits
mailing list