From 2cea25c3243fa65a7aa5a0d9033d1f6de88f963a Mon Sep 17 00:00:00 2001 From: Gunnar Wrobel Date: Wed, 22 Apr 2009 23:04:01 +0200 Subject: [PATCH] Fix the filter definition. Improve handling group management for admins. --- .../Kolab/Server/Object/Kolab/Administrator.php | 3 +- .../Horde/Kolab/Server/Object/Kolab/Adminrole.php | 67 +++++++++++----------- .../Kolab/Server/Object/Kolab/Domainmaintainer.php | 9 +-- .../Horde/Kolab/Server/Object/Kolab/Maintainer.php | 5 +- 4 files changed, 45 insertions(+), 39 deletions(-) diff --git a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Administrator.php b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Administrator.php index ad20091d9..fb8598c38 100644 --- a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Administrator.php +++ b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Administrator.php @@ -35,7 +35,8 @@ class Horde_Kolab_Server_Object_Kolab_Administrator extends Horde_Kolab_Server_O * * @var string */ - protected $required_group = 'cn=admin,cn=internal'; + protected $required_group = array(self::ATTRIBUTE_CN => 'admin', + Horde_Kolab_Server_Object_Kolabgroupofnames::ATTRIBUTE_VISIBILITY => false); /** * Returns the server url of the given type for this user. diff --git a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Adminrole.php b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Adminrole.php index 1ad87fd6e..22ffb16a7 100644 --- a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Adminrole.php +++ b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Adminrole.php @@ -49,7 +49,31 @@ class Horde_Kolab_Server_Object_Kolab_Adminrole extends Horde_Kolab_Server_Objec */ public static function getFilter() { - return '(&(' . self::ATTRIBUTE_CN . '=*)(' . self::ATTRIBUTE_OC . '=' . self::OBJECTCLASS_INETORGPERSON . ')(!(' . self::ATTRIBUTE_UID . '=manager))(' . self::ATTRIBUTE_SN . '=*))'; + if (isset($conf['kolab']['server']['params']['admin'][self::ATTRIBUTE_SID])) { + $manager = $conf['kolab']['server']['params']['admin'][self::ATTRIBUTE_SID]; + } else { + $manager = 'manager'; + } + + $criteria = array('AND' => array( + array('field' => self::ATTRIBUTE_CN, + 'op' => '=', + 'test' => '*'), + array('field' => self::ATTRIBUTE_SN, + 'op' => '=', + 'test' => '*'), + array('field' => self::ATTRIBUTE_OC, + 'op' => '=', + 'test' => self::OBJECTCLASS_INETORGPERSON), + array('NOT' => array( + array('field' => self::ATTRIBUTE_SID, + 'op' => '=', + 'test' => $manager), + ), + ), + ), + ); + return $criteria; } /** @@ -59,49 +83,28 @@ class Horde_Kolab_Server_Object_Kolab_Adminrole extends Horde_Kolab_Server_Objec * * @return boolean|PEAR_Error True on success. */ - public function save($info) + public function save($info = null) { - $admins_uid = sprintf('%s,%s', $this->required_group, - $this->server->getBaseUid()); + $admin_group = new Horde_Kolab_Server_Object_Kolabgroupofnames($this->server, null, $this->required_group); $save_result = parent::save($info); - $admin_group = $this->server->fetch($admins_uid, - 'Horde_Kolab_Server_Object_Kolabgroupofnames'); if (!$admin_group->exists()) { - - $members = array($this->uid); - - //FIXME: This is not okay and also contains too much LDAP knowledge - $parts = split(',', $this->required_group); - list($groupname) = sscanf($parts[0], 'cn=%s'); - - $this->createAdminroleGroup($groupname, $members); + $data = array_merge($this->required_group, + array(Horde_Kolab_Server_Object_Kolabgroupofnames::ATTRIBUTE_MEMBER => array($this->uid))); } else { $result = $admin_group->isMember($this->uid); if ($result === false) { $members = $admin_group->getMembers(); $members[] = $this->uid; - $admin_group->save(array(Horde_Kolab_Server_Object_Kolabgroupofnames::ATTRIBUTE_MEMBER => $members)); + $data = array(Horde_Kolab_Server_Object_Kolabgroupofnames::ATTRIBUTE_MEMBER => $members); + } else { + $data = null; } } + if (!empty($data)) { + return $admin_group->save($data); + } return $save_result; } - - /** - * Create a required group to represent the admin role. - * - * @param string $groupname The name of the group. - * @param array $members The initial members. - * - * @return boolean True on success. - */ - protected function createAdminroleGroup($groupname, $members) - { - $result = $this->server->add(array('type' => 'Horde_Kolab_Server_Object_Kolabgroupofnames', - self::ATTRIBUTE_CN => $groupname, - Horde_Kolab_Server_Object_Kolabgroupofnames::ATTRIBUTE_MEMBER => $members, - Horde_Kolab_Server_Object_Kolabgroupofnames::ATTRIBUTE_VISIBILITY => false)); - return true; - } } diff --git a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Domainmaintainer.php b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Domainmaintainer.php index d50b95535..fafee6bf4 100644 --- a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Domainmaintainer.php +++ b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Domainmaintainer.php @@ -28,7 +28,7 @@ class Horde_Kolab_Server_Object_Kolab_Domainmaintainer extends Horde_Kolab_Server_Object_Kolab_Adminrole { - const ATTRIBUTE_DOMAIN = 'domain'; + const ATTRIBUTE_DOMAIN = 'domain'; /** * A structure to initialize the attribute structure for this class. @@ -45,9 +45,10 @@ class Horde_Kolab_Server_Object_Kolab_Domainmaintainer extends Horde_Kolab_Serve * The group the UID must be member of so that this object really * matches this class type. This may not include the root UID. * - * @var string + * @var array */ - protected $required_group = 'cn=domain-maintainer,cn=internal'; + protected $required_group = array(self::ATTRIBUTE_CN => 'domain-maintainer', + Horde_Kolab_Server_Object_Kolabgroupofnames::ATTRIBUTE_VISIBILITY => false); /** * Convert the object attributes to a hash. @@ -75,7 +76,7 @@ class Horde_Kolab_Server_Object_Kolab_Domainmaintainer extends Horde_Kolab_Serve * * @return boolean|PEAR_Error True on success. */ - public function save($info) + public function save($info = null) { foreach ($info[self::ATTRIBUTE_DOMAIN] as $domain) { $domain_uid = sprintf('cn=%s,cn=domain,cn=internal,%s', diff --git a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Maintainer.php b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Maintainer.php index 3bb1c250f..bf6e93a05 100644 --- a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Maintainer.php +++ b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Kolab/Maintainer.php @@ -33,8 +33,9 @@ class Horde_Kolab_Server_Object_Kolab_Maintainer extends Horde_Kolab_Server_Obje * The group the UID must be member of so that this object really * matches this class type. This may not include the root UID. * - * @var string + * @var array */ - protected $required_group = 'cn=maintainer,cn=internal'; + protected $required_group = array(self::ATTRIBUTE_CN => 'maintainer', + Horde_Kolab_Server_Object_Kolabgroupofnames::ATTRIBUTE_VISIBILITY => false); } -- 2.11.0