summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorAleksander Machniak <machniak@kolabsys.com>2014-03-21 16:05:35 +0100
committerAleksander Machniak <machniak@kolabsys.com>2014-03-21 16:06:58 +0100
commit5a62c7e3594c60b7f37c417d5a004010ffb8c767 (patch)
tree020dc86e360f66ba977983a938387b5dbbd82efb /lib
parent26afc433416d6fcec4ca35f48d516f7c9330e949 (diff)
downloadwebadmin-5a62c7e3594c60b7f37c417d5a004010ffb8c767.tar.gz
Add ACI form widget (Request #1782)
Diffstat (limited to 'lib')
-rw-r--r--lib/Auth/LDAP.php3
-rw-r--r--lib/api/kolab_api_service_form_value.php16
-rw-r--r--lib/api/kolab_api_service_ou.php4
-rw-r--r--lib/api/kolab_api_service_resource.php2
-rw-r--r--lib/api/kolab_api_service_sharedfolder.php2
-rw-r--r--lib/api/kolab_api_service_user.php8
-rw-r--r--lib/client/kolab_client_task_ou.php21
-rw-r--r--lib/client/kolab_client_task_settings.php4
-rw-r--r--lib/ext/Net/LDAP3.php2
-rw-r--r--lib/kolab_api_service.php71
-rw-r--r--lib/kolab_client_task.php23
-rw-r--r--lib/kolab_form.php12
-rw-r--r--lib/locale/en_US.php51
13 files changed, 148 insertions, 71 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 83eb859..bfba321 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -1026,6 +1026,7 @@ class LDAP extends Net_LDAP3 {
// additional special attributes that aren't in LDAP schema
$additional_attributes = array(
'top' => array('nsRoleDN'),
+ '*' => array('aci'),
);
if (!empty($attributes)) {
@@ -1034,6 +1035,8 @@ class LDAP extends Net_LDAP3 {
$attributes['may'] = array_merge($attributes['may'], $attrs);
}
}
+
+ $attributes['may'] = array_merge($attributes['may'], $additional_attributes['*']);
}
return $attributes;
diff --git a/lib/api/kolab_api_service_form_value.php b/lib/api/kolab_api_service_form_value.php
index fec6372..58b30a1 100644
--- a/lib/api/kolab_api_service_form_value.php
+++ b/lib/api/kolab_api_service_form_value.php
@@ -950,6 +950,22 @@ class kolab_api_service_form_value extends kolab_api_service
private function select_options_attribute($postdata, $attribs = array())
{
+ // if objectClasses aren't specified we'll use all classes already in use
+ // not all classes in LDAP
+ if (empty($postdata['classes'])) {
+ $postdata['classes'] = array();
+
+ foreach ($this->supported_types as $type) {
+ foreach ($this->object_types($type) as $obj_type) {
+ if ($obj_type['attributes'] && $obj_type['attributes']['fields']) {
+ $postdata['classes'] = array_merge($postdata['classes'], (array) $obj_type['attributes']['fields']['objectclass']);
+ }
+ }
+ }
+ }
+
+ $postdata['classes'] = array_unique($postdata['classes']);
+
$auth = Auth::get_instance();
$list = $auth->schema_attributes($postdata['classes']);
diff --git a/lib/api/kolab_api_service_ou.php b/lib/api/kolab_api_service_ou.php
index 7e9eddc..b7c902e 100644
--- a/lib/api/kolab_api_service_ou.php
+++ b/lib/api/kolab_api_service_ou.php
@@ -167,11 +167,11 @@ class kolab_api_service_ou extends kolab_api_service
$result = $auth->organizationalunit_info($getdata['id']);
// normalize result
- $result = $this->parse_result_attributes('ou', $result, $dn);
+ $result = $this->parse_result_attributes('ou', $result);
if ($result) {
// get base_dn "attribute" for the API client
- $dn = substr($dn, strlen($result['ou']) + 4);
+ $dn = substr($result['entrydn'], strlen($result['ou']) + 4);
if (strpos($dn, 'ou=') === 0) {
$result['base_dn'] = $dn;
}
diff --git a/lib/api/kolab_api_service_resource.php b/lib/api/kolab_api_service_resource.php
index ac04f3b..f5d095f 100644
--- a/lib/api/kolab_api_service_resource.php
+++ b/lib/api/kolab_api_service_resource.php
@@ -165,8 +165,6 @@ class kolab_api_service_resource extends kolab_api_service
// normalize result
$result = $this->parse_result_attributes('resource', $result);
- //console($result);
-
if ($result) {
return $result;
}
diff --git a/lib/api/kolab_api_service_sharedfolder.php b/lib/api/kolab_api_service_sharedfolder.php
index 23518b3..d14c4fc 100644
--- a/lib/api/kolab_api_service_sharedfolder.php
+++ b/lib/api/kolab_api_service_sharedfolder.php
@@ -165,8 +165,6 @@ class kolab_api_service_sharedfolder extends kolab_api_service
// normalize result
$result = $this->parse_result_attributes('sharedfolder', $result);
- //console($result);
-
if ($result) {
return $result;
}
diff --git a/lib/api/kolab_api_service_user.php b/lib/api/kolab_api_service_user.php
index 6cf4483..acdaec0 100644
--- a/lib/api/kolab_api_service_user.php
+++ b/lib/api/kolab_api_service_user.php
@@ -178,11 +178,11 @@ class kolab_api_service_user extends kolab_api_service
$result = $this->parse_result_attributes('user', $result);
if (empty($result['ou'])) {
- $_dn = ldap_explode_dn($result_dn, 0);
+ $dn = ldap_explode_dn($result['entrydn'], 0);
// pop the count and rdn
- unset($_dn['count']);
- unset($_dn[0]);
- $result['ou'] = implode(',', $_dn);
+ unset($dn['count']);
+ unset($dn[0]);
+ $result['ou'] = implode(',', $dn);
}
Log::trace("user.info on " . $getdata['id'] . " parsed result: " . var_export($result, TRUE));
diff --git a/lib/client/kolab_client_task_ou.php b/lib/client/kolab_client_task_ou.php
index e1d80a8..1cddeff 100644
--- a/lib/client/kolab_client_task_ou.php
+++ b/lib/client/kolab_client_task_ou.php
@@ -70,10 +70,10 @@ class kolab_client_task_ou extends kolab_client_task
*/
public function action_info()
{
- $id = $this->get_input('id', 'POST');
- $result = $this->api_get('ou.info', array('id' => $id));
- $resource = $result->get();
- $output = $this->ou_form(null, $resource);
+ $id = $this->get_input('id', 'POST');
+ $result = $this->api_get('ou.info', array('id' => $id));
+ $unit = $result->get();
+ $output = $this->ou_form(null, $unit);
$this->output->set_object('taskcontent', $output);
}
@@ -136,16 +136,19 @@ class kolab_client_task_ou extends kolab_client_task
// Form sections
$sections = array(
'system' => 'ou.system',
+ 'aci' => 'ou.aci',
'other' => 'ou.other',
);
// field-to-section map and fields order
$fields_map = array(
- 'type_id' => 'system',
- 'type_id_name' => 'system',
- 'ou' => 'system',
- 'base_dn' => 'system',
- 'description' => 'system',
+ 'type_id' => 'system',
+ 'type_id_name' => 'system',
+ 'ou' => 'system',
+ 'base_dn' => 'system',
+ 'description' => 'system',
+
+ 'aci' => 'aci',
);
// Prepare fields
diff --git a/lib/client/kolab_client_task_settings.php b/lib/client/kolab_client_task_settings.php
index f1e37ac..56feb97 100644
--- a/lib/client/kolab_client_task_settings.php
+++ b/lib/client/kolab_client_task_settings.php
@@ -33,7 +33,7 @@ class kolab_client_task_settings extends kolab_client_task
protected $form_element_types = array(
'text', 'select', 'multiselect', 'list', 'list-autocomplete', 'checkbox', 'password', 'ldap_url',
- 'text-quota',
+ 'text-quota', 'aci',
);
@@ -763,7 +763,7 @@ class kolab_client_task_settings extends kolab_client_task
),
'options' => array(
'type' => kolab_form::INPUT_TEXTAREA,
- 'data-type' => kolab_form::TYPE_LIST,
+ 'data-type' => 'list',
),
'maxcount' => array(
'type' => kolab_form::INPUT_TEXT,
diff --git a/lib/ext/Net/LDAP3.php b/lib/ext/Net/LDAP3.php
index 674f261..550cebd 100644
--- a/lib/ext/Net/LDAP3.php
+++ b/lib/ext/Net/LDAP3.php
@@ -1441,7 +1441,7 @@ class Net_LDAP3
}
}
// not OU object, but changed ou attribute
- else if ((!empty($old_ou) || !empty($new_ou)) && strtolower($old_ou) !== strtolower($new_ou)) {
+ else if ((!empty($old_ou) && !empty($new_ou)) && strtolower($old_ou) !== strtolower($new_ou)) {
$mod_array['rename']['new_parent'] = $new_ou;
if (empty($mod_array['rename']['dn']) || empty($mod_array['rename']['new_rdn'])) {
$mod_array['rename']['dn'] = $subject_dn;
diff --git a/lib/kolab_api_service.php b/lib/kolab_api_service.php
index 4733347..752c243 100644
--- a/lib/kolab_api_service.php
+++ b/lib/kolab_api_service.php
@@ -67,22 +67,7 @@ abstract class kolab_api_service
return array();
}
- // get list of object types
- if ($object_name == 'domain') {
- $object_types = array(
- '1' => array(
- 'key' => 'default',
- 'attributes' => kolab_api_service_domain_types::$DEFAULT_TYPE_ATTRS,
- ),
- );
- $object_types['1']['attributes']['form_fields']['aci'] = array(
- 'type' => 'list',
- 'optional' => true,
- );
- }
- else {
- $object_types = $this->object_types($object_name);
- }
+ $object_types = $this->object_types($object_name);
if (empty($type_id)) {
if (count($object_types) == 1) {
@@ -224,7 +209,7 @@ abstract class kolab_api_service
*/
protected function object_types($object_name)
{
- if (!$object_name || !in_array($object_name, $this->supported_types_db)) {
+ if (!$object_name || !in_array($object_name, $this->supported_types)) {
return array();
}
@@ -238,29 +223,43 @@ abstract class kolab_api_service
}
}
- $sql_result = $this->db->query("SELECT * FROM {$object_name}_types ORDER BY name");
- $object_types = array();
-
- while ($row = $this->db->fetch_assoc($sql_result)) {
- $object_types[$row['id']] = array();
-
- foreach ($row as $key => $value) {
- if ($key != "id") {
- if ($key == "attributes") {
- $object_types[$row['id']][$key] = json_decode($value, true);
- }
- else {
- $object_types[$row['id']][$key] = $value;
+ // get list of object types
+ if ($object_name == 'domain') {
+ $object_types = array(
+ '1' => array(
+ 'key' => 'default',
+ 'attributes' => kolab_api_service_domain_types::$DEFAULT_TYPE_ATTRS,
+ ),
+ );
+ $object_types['1']['attributes']['form_fields']['aci'] = array(
+ 'type' => 'list',
+ 'optional' => true,
+ );
+ }
+ else {
+ $sql_result = $this->db->query("SELECT * FROM {$object_name}_types ORDER BY name");
+ $object_types = array();
+
+ while ($row = $this->db->fetch_assoc($sql_result)) {
+ $object_types[$row['id']] = array();
+
+ foreach ($row as $key => $value) {
+ if ($key != "id") {
+ if ($key == "attributes") {
+ $object_types[$row['id']][$key] = json_decode($value, true);
+ }
+ else {
+ $object_types[$row['id']][$key] = $value;
+ }
}
}
}
}
- //console("Object types for " . $object_name, $object_types);
-
if ($devel_mode == null) {
return $this->cache['object_types'][$object_name] = $object_types;
- } else {
+ }
+ else {
return $object_types;
}
@@ -458,11 +457,10 @@ abstract class kolab_api_service
*
* @param string $object_name Name of the object (user, group, etc.)
* @param array $attrs Entry attributes
- * @param string $dn Will be filled with object base DN
*
* @return array Entry attributes
*/
- protected function parse_result_attributes($object_name, $attrs = array(), &$dn = null)
+ protected function parse_result_attributes($object_name, $attrs = array())
{
//console("parse_result_attributes($object_name, \$attrs = ", $attrs);
@@ -523,6 +521,9 @@ abstract class kolab_api_service
// add object type id to the result
$attrs['type_id'] = $type_id;
+ // always return entrydn
+ $attrs['entrydn'] = $dn;
+
return $attrs;
}
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index 35eec94..2c016e6 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -849,7 +849,7 @@ class kolab_client_task
case 'list':
$result['type'] = kolab_form::INPUT_TEXTAREA;
- $result['data-type'] = kolab_form::TYPE_LIST;
+ $result['data-type'] = 'list';
if (!empty($field['maxlength'])) {
$result['data-maxlength'] = $field['maxlength'];
@@ -879,6 +879,24 @@ class kolab_client_task
$result['default'] = $field['default'];
break;
+ case 'aci':
+ $result['type'] = kolab_form::INPUT_TEXTAREA;
+ $result['data-type'] = 'aci';
+
+ $this->output->add_translation('aci.new', 'aci.edit', 'aci.remove',
+ 'aci.users', 'aci.rights', 'aci.targets', 'aci.aciname',
+ 'aci.read', 'aci.compare', 'aci.search', 'aci.write', 'aci.selfwrite',
+ 'aci.delete', 'aci.add', 'aci.proxy', 'aci.all', 'aci.allow', 'aci.deny',
+ 'aci.typeusers', 'aci.typegroups', 'aci.typeroles', 'aci.typeadmins', 'aci.typespecials',
+ 'aci.ldap-all', 'aci.ldap-anyone', 'aci.ldap-self', 'aci.ldap-parent',
+ 'aci.usersearch', 'aci.usersearchresult', 'aci.selected', 'aci.other',
+ 'aci.userselected', 'aci.useradd', 'aci.userremove', 'aci.thisentry',
+ 'aci.rights.target', 'aci.rights.filter', 'aci.rights.attrs', 'aci.checkall', 'aci.checknone',
+ 'aci.error.noname', 'aci.error.exists', 'aci.error.nousers',
+ 'button.cancel', 'button.ok'
+ );
+ break;
+
default:
$result['type'] = kolab_form::INPUT_TEXT;
@@ -1260,7 +1278,7 @@ class kolab_client_task
$value = $data[$idx];
// Convert data for the list field with autocompletion
- if ($field['data-type'] == kolab_form::TYPE_LIST) {
+ if ($field['data-type'] == 'list') {
if (!is_array($value)) {
if (!empty($field['data-autocomplete'])) {
$value = array($value => $value);
@@ -1363,6 +1381,7 @@ class kolab_client_task
$this->output->set_env('assoc_fields', $assoc_fields);
$this->output->set_env('required_fields', $req_fields);
$this->output->set_env('autocomplete_min_length', $ac_min_len);
+ $this->output->set_env('entrydn', $data['entrydn']);
$this->output->add_translation('form.required.empty', 'form.maxcount.exceeded',
$name . '.add.success', $name . '.edit.success', $name . '.delete.success',
$name . '.delete.confirm', $name . '.delete.force',
diff --git a/lib/kolab_form.php b/lib/kolab_form.php
index 6ce7332..9ebf900 100644
--- a/lib/kolab_form.php
+++ b/lib/kolab_form.php
@@ -40,8 +40,6 @@ class kolab_form
const INPUT_CONTENT = 20;
const INPUT_TEXTQUOTA = 30;
- const TYPE_LIST = 1;
-
private $attribs = array();
private $elements = array();
private $sections = array();
@@ -301,16 +299,6 @@ class kolab_form
$attribs['cols'] = 50;
}
- if (!empty($attribs['data-type'])) {
- switch ($attribs['data-type']) {
- case self::TYPE_LIST:
- $attribs['data-type'] = 'list';
- break;
- default:
- unset($attribs['data-type']);
- }
- }
-
$content = kolab_html::textarea($attribs, true);
break;
diff --git a/lib/locale/en_US.php b/lib/locale/en_US.php
index 35dc51c..bc74504 100644
--- a/lib/locale/en_US.php
+++ b/lib/locale/en_US.php
@@ -7,6 +7,55 @@ $LANG['about.support'] = 'Professional support is available from <a href="http:/
$LANG['about.technology'] = 'Technology';
$LANG['about.warranty'] = 'It comes with absolutely <b>no warranties</b> and is typically run entirely self supported. You can find help & information on the community <a href="http://kolab.org">web site</a> & <a href="http://wiki.kolab.org">wiki</a>.';
+$LANG['aci.new'] = 'New...';
+$LANG['aci.edit'] = 'Edit...';
+$LANG['aci.remove'] = 'Remove';
+$LANG['aci.users'] = 'Users';
+$LANG['aci.rights'] = 'Rights';
+$LANG['aci.targets'] = 'Targets';
+$LANG['aci.aciname'] = 'ACI name:';
+$LANG['aci.hosts'] = 'Hosts';
+$LANG['aci.times'] = 'Times';
+$LANG['aci.name'] = 'Name';
+$LANG['aci.userid'] = 'User ID';
+$LANG['aci.email'] = 'E-mail';
+$LANG['aci.read'] = 'Read';
+$LANG['aci.compare'] = 'Compare';
+$LANG['aci.search'] = 'Search';
+$LANG['aci.write'] = 'Write';
+$LANG['aci.selfwrite'] = 'Self-write';
+$LANG['aci.delete'] = 'Delete';
+$LANG['aci.add'] = 'Add';
+$LANG['aci.proxy'] = 'Proxy';
+$LANG['aci.all'] = 'All rights';
+$LANG['aci.allow'] = 'Allow';
+$LANG['aci.deny'] = 'Deny';
+$LANG['aci.typeusers'] = 'Users';
+$LANG['aci.typegroups'] = 'Groups';
+$LANG['aci.typeroles'] = 'Roles';
+$LANG['aci.typeadmins'] = 'Administrators';
+$LANG['aci.typespecials'] = 'Special Rights';
+$LANG['aci.ldap-self'] = 'Self';
+$LANG['aci.ldap-anyone'] = 'All users';
+$LANG['aci.ldap-all'] = 'All authenticated users';
+$LANG['aci.ldap-parent'] = 'Parent';
+$LANG['aci.usersearch'] = 'Search for:';
+$LANG['aci.usersearchresult'] = 'Search results:';
+$LANG['aci.userselected'] = 'Selected users/groups/roles:';
+$LANG['aci.useradd'] = 'Add';
+$LANG['aci.userremove'] = 'Remove';
+$LANG['aci.error.noname'] = 'ACI rule name is required!';
+$LANG['aci.error.exists'] = 'ACI rule with specified name already exists!';
+$LANG['aci.error.nousers'] = 'At least one user entry is required!';
+$LANG['aci.rights.target'] = 'Target entry:';
+$LANG['aci.rights.filter'] = 'Filter:';
+$LANG['aci.rights.attrs'] = 'Attributes:';
+$LANG['aci.checkall'] = 'Check all';
+$LANG['aci.checknone'] = 'Check none';
+$LANG['aci.thisentry'] = 'This entry';
+$LANG['aci.selected'] = 'all selected';
+$LANG['aci.other'] = 'all except selected';
+
$LANG['add'] = 'Add';
$LANG['api.notypeid'] = 'No object type ID specified!';
@@ -36,6 +85,7 @@ $LANG['attribute.validate.extended'] = 'extended';
$LANG['button.cancel'] = 'Cancel';
$LANG['button.delete'] = 'Delete';
+$LANG['button.ok'] = 'OK';
$LANG['button.save'] = 'Save';
$LANG['button.submit'] = 'Submit';
@@ -136,6 +186,7 @@ $LANG['modifiersname'] = 'Modified by';
$LANG['password.generate'] = 'Generate password';
$LANG['reqtime'] = 'Request time: $1 sec.';
+$LANG['ou.aci'] = 'Access Rights';
$LANG['ou.add'] = 'Add Unit';
$LANG['ou.add.success'] = 'Unit created successfully.';
$LANG['ou.ou'] = 'Unit Name';
generated by cgit v1.1 at 2021-02-26 06:39:19 +0000