6 commits - lib/api lib/Auth lib/client lib/kolab_client_task.php lib/locale
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Sun Apr 8 12:39:50 CEST 2012
lib/Auth/LDAP.php | 34 +++++-------
lib/api/kolab_api_service_form_value.php | 87 +++++++++++++++++--------------
lib/api/kolab_api_service_group.php | 12 +++-
lib/client/kolab_client_task_group.php | 10 +++
lib/kolab_client_task.php | 2
lib/locale/en_US.php | 1
6 files changed, 84 insertions(+), 62 deletions(-)
New commits:
commit d727e6354b2fb0b4800023fa02fa6e993e812806
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Apr 8 12:39:34 2012 +0200
Add translation for group.member label
diff --git a/lib/locale/en_US.php b/lib/locale/en_US.php
index e9ee07b..1e423e4 100644
--- a/lib/locale/en_US.php
+++ b/lib/locale/en_US.php
@@ -114,6 +114,7 @@ $LANG['user.loginshell'] = 'Shell';
$LANG['user.uidnumber'] = 'User ID number';
$LANG['group.add'] = 'Add Group';
+$LANG['group.member'] = 'Member(s)';
$LANG['group.norecords'] = 'No group records found!';
$LANG['group.list'] = 'Groups List';
$LANG['group.list.records'] = '$1 to $2 of $3';
commit 05ccb02d08805a7cae8852c82378126c26989cd9
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Apr 8 12:38:56 2012 +0200
Use the correct service to call the API service method effective_rights() on
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index 4ccb5a4..7f14df4 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -851,7 +851,7 @@ class kolab_client_task
}
// Get the rights on the entry and attribute level
- $result = $this->api->get("user.effective_rights", array($name => $data['id']));
+ $result = $this->api->get($name . ".effective_rights", array($name => $data['id']));
$attribute_rights = $result->get('attributeLevelRights');
$entry_rights = $result->get('entryLevelRights');
commit 54f6a96bbbd67f9303a32f159d4ddc529b944fa1
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Apr 8 12:37:24 2012 +0200
Add the member attribute to the system tab on group information display
Use either displayname or cn as the attribute to use to render the auto-complete list
diff --git a/lib/client/kolab_client_task_group.php b/lib/client/kolab_client_task_group.php
index 5816408..d014a21 100644
--- a/lib/client/kolab_client_task_group.php
+++ b/lib/client/kolab_client_task_group.php
@@ -207,6 +207,7 @@ class kolab_client_task_group extends kolab_client_task
'cn' => 'system',
'gidnumber' => 'system',
'mail' => 'system',
+ 'member' => 'system',
'uniquemember' => 'system',
'memberurl' => 'system',
);
@@ -280,7 +281,14 @@ class kolab_client_task_group extends kolab_client_task
{
// convert to key=>value array, see kolab_api_service_form_value::list_options_uniquemember()
foreach ($list as $idx => $value) {
- $list[$idx] = $value['displayname'];
+ if (!empty($value['displayname'])) {
+ $list[$idx] = $value['displayname'];
+ } elseif (!empty($value['cn'])) {
+ $list[$idx] = $value['cn'];
+ } else {
+ console("No display name or cn for $idx");
+ }
+
if (!empty($value['mail'])) {
$list[$idx] .= ' <' . $value['mail'] . '>';
}
commit cfefc95f15e052edc8a23fb686bea2425fe6c9a6
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Apr 8 12:36:52 2012 +0200
Add service method group_effective_rights()
diff --git a/lib/api/kolab_api_service_group.php b/lib/api/kolab_api_service_group.php
index f5e87ed..6e53340 100644
--- a/lib/api/kolab_api_service_group.php
+++ b/lib/api/kolab_api_service_group.php
@@ -132,6 +132,13 @@ class kolab_api_service_group extends kolab_api_service
return false;
}
+ public function group_effective_rights($getdata, $postdata)
+ {
+ $auth = Auth::get_instance();
+ $effective_rights = $auth->list_rights($getdata['group']);
+ return $effective_rights;
+ }
+
/**
* Group information.
*
@@ -152,8 +159,6 @@ class kolab_api_service_group extends kolab_api_service
// normalize result
$result = $this->parse_result_attributes('group', $result);
- //console("group_info() \$result", $result);
-
if ($result) {
return $result;
}
@@ -174,9 +179,10 @@ class kolab_api_service_group extends kolab_api_service
$auth = Auth::get_instance();
if (empty($getdata['group'])) {
- //error_log("Empty \$getdata['group']");
+ error_log("Empty \$getdata['group']");
return FALSE;
}
+
$result = $auth->group_members_list($getdata['group'], false);
return array(
commit 45198c2af02fa8fe6df66c214d8acc316a25f7c0
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Apr 8 12:34:46 2012 +0200
Add list_options_member(), and consolidate the function with list_options_uniquemember() into _list_options_members()
Make sure displayname, cn and mail attributes are retrieved for potential members
diff --git a/lib/api/kolab_api_service_form_value.php b/lib/api/kolab_api_service_form_value.php
index b5371da..300da36 100644
--- a/lib/api/kolab_api_service_form_value.php
+++ b/lib/api/kolab_api_service_form_value.php
@@ -562,8 +562,11 @@ class kolab_api_service_form_value extends kolab_api_service
}
return $list;
+ }
-
+ private function list_options_member($postdata, $attribs = array())
+ {
+ return $this->_list_options_members($postdata, $attribs);
}
private function list_options_nsrole($postdata, $attribs = array())
@@ -598,45 +601,9 @@ class kolab_api_service_form_value extends kolab_api_service
return $list;
}
-
private function list_options_uniquemember($postdata, $attribs = array())
{
- $service = $this->controller->get_service('users');
-
- $keyword = array('value' => $postdata['search']);
- $data = array(
- 'attributes' => array('displayname', 'mail'),
- 'page_size' => 15,
- 'search' => array(
- 'displayname' => $keyword,
- 'cn' => $keyword,
- 'mail' => $keyword,
- ),
- );
-
- $result = $service->users_list(null, $data);
- $list = $result['list'];
-
- $service = $this->controller->get_service('groups');
- $data['attributes'] = array('cn', 'mail');
-
- $result = $service->groups_list(null, $data);
- $list = array_merge($list, $result['list']);
-
- // convert to key=>value array
- foreach ($list as $idx => $value) {
- $list[$idx] = $value['displayname'];
-
- if (empty($list[$idx])) {
- $list[$idx] = $value['cn'];
- }
-
- if (!empty($value['mail'])) {
- $list[$idx] .= ' <' . $value['mail'] . '>';
- }
- }
-
- return $list;
+ return $this->_list_options_members($postdata, $attribs);
}
private function select_options_c($postdata, $attribs = array())
@@ -715,4 +682,48 @@ class kolab_api_service_form_value extends kolab_api_service
return $result;
}
}
+
+ private function _list_options_members($postdata, $attribs = array())
+ {
+ $service = $this->controller->get_service('users');
+
+ $keyword = array('value' => $postdata['search']);
+ $data = array(
+ 'attributes' => array('displayname', 'cn', 'mail'),
+ 'page_size' => 15,
+ 'search' => array(
+ 'displayname' => $keyword,
+ 'cn' => $keyword,
+ 'mail' => $keyword,
+ ),
+ );
+
+ $result = $service->users_list(null, $data);
+
+ $list = $result['list'];
+
+ $service = $this->controller->get_service('groups');
+ $data['attributes'] = array('cn', 'mail');
+
+ $result = $service->groups_list(null, $data);
+ $list = array_merge($list, $result['list']);
+
+ // convert to key=>value array
+ foreach ($list as $idx => $value) {
+ if (!empty($value['displayname'])) {
+ $list[$idx] = $value['displayname'];
+ } elseif (!empty($value['cn'])) {
+ $list[$idx] = $value['cn'];
+ } else {
+ console("No display name or cn for $idx");
+ }
+
+ if (!empty($value['mail'])) {
+ $list[$idx] .= ' <' . $value['mail'] . '>';
+ }
+ }
+
+ return $list;
+ }
+
}
commit 7ef89e26e51ffcf28bd2f094bbcb0e144dd75f21
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Apr 8 12:30:16 2012 +0200
Enhance legacy_rights() with self-write access, and attributes from the schema
Make sure normalize_results maintains an array of objectclasses
Add objectclasses kolabgroupofnames and kolabgroupofuniquenames to be used as objects that need listing members
Make sure that the members and uniquemembers found, too, are arrays (including memberurl)
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index f8f0d24..cf64ff9 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -935,13 +935,7 @@ class LDAP
private function legacy_rights($subject)
{
- //console($subject);
-
- $subject = $this->user_info($subject);
-
- //console($subject);
-
- $subject_dn = key($subject);
+ $subject_dn = $this->entry_dn($subject);
$user_is_admin = false;
$user_is_self = false;
@@ -957,17 +951,13 @@ class LDAP
$user_group_dn_components = ldap_explode_dn($user_group_dn, 1);
unset($user_group_dn_components["count"]);
$user_group_cn = array_shift($user_group_dn_components);
- //console("Resolved user_group_dn $user_group_dn to cn $user_group_cn");
if (in_array($user_group_cn, array('admin', 'maintainer', 'domain-maintainer'))) {
// All rights default to write.
- //console("User is an admin");
$user_is_admin = true;
} else {
- //console("User is a user");
// The user is a regular user, see if the subject is the same has the
// user session's bind_dn.
- if ($subject == $_SESSION['user']->user_bind_dn) {
- //console("the subject $subject is the same as the user's bind_dn");
+ if ($subject_dn == $_SESSION['user']->user_bind_dn) {
$user_is_self = true;
}
}
@@ -976,7 +966,7 @@ class LDAP
if ($user_is_admin) {
$standard_rights = array("add", "delete", "read", "write");
} elseif ($user_is_self) {
- $standard_rights = array("read");
+ $standard_rights = array("read", "write");
} else {
$standard_rights = array("read");
}
@@ -986,9 +976,9 @@ class LDAP
'attributeLevelRights' => array(),
);
- $attributes = $this->allowed_attributes($subject[$subject_dn]['objectclass']);
- //console($attributes);
+ $subject = self::normalize_result($this->_search($subject_dn));
+ $attributes = $this->allowed_attributes($subject[$subject_dn]['objectclass']);
$attributes = array_merge($attributes['may'], $attributes['must']);
foreach ($attributes as $attribute) {
@@ -996,7 +986,6 @@ class LDAP
}
return $rights;
-
}
private function modify_entry($subject_dn, $old_attrs, $new_attrs)
@@ -1301,7 +1290,7 @@ class LDAP
if ($__result[$x][$attr]["count"] == 1) {
switch ($attr) {
case "objectclass":
- $result[$dn][$attr] = strtolower($__result[$x][$attr][0]);
+ $result[$dn][$attr] = array(strtolower($__result[$x][$attr][0]));
break;
default:
$result[$dn][$attr] = $__result[$x][$attr][0];
@@ -1830,16 +1819,18 @@ class LDAP
$entry = self::normalize_result($this->_search($dn));
- //console("ENTRIES for \$dn $dn", $entries);
+ //console("ENTRIES for \$dn $dn", $entry);
foreach ($entry[$dn] as $attribute => $value) {
if ($attribute == "objectclass") {
foreach ($value as $objectclass) {
switch (strtolower($objectclass)) {
case "groupofnames":
+ case "kolabgroupofnames":
$group_members = array_merge($group_members, $this->_list_group_member($dn, $entry[$dn]['member'], $recurse));
break;
case "groupofuniquenames":
+ case "kolabgroupofuniquenames":
$group_members = array_merge($group_members, $this->_list_group_uniquemember($dn, $entry[$dn]['uniquemember'], $recurse));
break;
case "groupofurls":
@@ -1858,6 +1849,9 @@ class LDAP
error_log("Called _list_group_member(" . $dn . ")");
$group_members = array();
+
+ $members = (array)($members);
+
if (empty($members)) {
return $group_members;
}
@@ -1898,6 +1892,8 @@ class LDAP
return $group_members;
}
+ $uniquemembers = (array)($uniquemembers);
+
if (is_string($uniquemembers)) {
//console("uniquemember for entry is not an array");
$uniquemembers = (array)($uniquemembers);
@@ -1934,7 +1930,7 @@ class LDAP
$group_members = array();
- foreach ((array)$memberurls as $url) {
+ foreach ((array)($memberurls) as $url) {
$ldap_uri_components = $this->_parse_memberurl($url);
$entries = self::normalize_result($this->_search($ldap_uri_components[3], $ldap_uri_components[6]));
More information about the commits
mailing list