- Développement des capacité de l'interface (ajout / suppression / copie / modification)

- Création d'un annuaire de test (dossier lsexample)
- Debug divers
This commit is contained in:
Benjamin Renard 2008-02-12 17:59:44 +00:00
parent 7d2e3baf8b
commit bcebcb311c
38 changed files with 2142 additions and 551 deletions

View file

@ -43,7 +43,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
'admin' => 'w'
),
'form' => array (
'test' => 1
'modify' => 1,
'create' => 1
)
),
'dc' => array (
@ -57,7 +58,8 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
),
'view' => 1,
'form' => array (
'test' => 1
'modify' => 1,
'create' => 1
)
)
)

View file

@ -22,6 +22,7 @@
$GLOBALS['LSobjects']['LSeegroup'] = array (
'objectclass' => array(
'lsgroup',
'posixGroup'
),
'rdn' => 'cn',
@ -51,7 +52,8 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'admin' => 'w'
),
'form' => array (
'test' => 1
'modify' => 1,
'create' => 1
)
),
'gidNumber' => array (
@ -59,6 +61,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'ldap_type' => 'numeric',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_gidNumber',
'validation' => array (
array (
'filter' => 'gidNumber=%{val}',
@ -71,7 +74,7 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'admin' => 'w'
),
'form' => array (
'test' => 1
'modify' => 1
)
),
'uniqueMember' => array (
@ -91,10 +94,10 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'admin' => 'w'
),
'form' => array (
'test' => 1
'modify' => 1,
'create' => 1
),
'possible_values' => array(
'aucun' => _('-- Selectionner --'),
'OTHER_OBJECT' => array(
'object_type' => 'LSeepeople', // Nom de l'objet à lister
'display_attribute' => '%{cn} (%{uidNumber})', // Spécifie le attributs à lister pour le choix,

View file

@ -23,6 +23,7 @@
$GLOBALS['LSobjects']['LSeepeople'] = array (
'objectclass' => array(
'top',
'lspeople',
'posixAccount',
'sambaSamAccount',
),
@ -58,8 +59,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 0,
'add' => 1
'modify' => 0,
'create' => 1
)
),
'uidNumber' => array (
@ -86,7 +87,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 0,
'modify' => 0,
)
),
'cn' => array (
@ -103,8 +104,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
)
),
'givenName' => array (
@ -125,8 +126,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
),
'onDisplay' => 'return_data'
),
@ -135,15 +136,15 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'ldap_type' => 'ascii',
'html_type' => 'text',
'required' => 1,
'rights' => array( // Définition de droits : 'r' => lecture / 'w' => modification / '' => aucun (par defaut)
'self' => 'w', // définition des droits de l'utilisateur sur lui même
'user' => 'r', // définition des droits de tout les utilisateurs
'rights' => array(
'self' => 'w',
'user' => 'r',
'admin' => 'w'
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
)
),
'gidNumber' => array (
@ -166,8 +167,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
),
'possible_values' => array(
'OTHER_OBJECT' => array(
@ -200,8 +201,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
),
'possible_values' => array(
'/bin/false' => _('Aucun'),
@ -218,7 +219,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'admin' => 'r'
),
'form' => array (
//'test' => 0,
//'modify' => 0,
)
),
'homeDirectory' => array (
@ -233,7 +234,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'mail' => array (
@ -253,8 +254,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
)
),
'personalTitle' => array (
@ -270,8 +271,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
),
'possible_values' => array(
'M.' => 'M.',
@ -295,7 +296,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'vacationActive' => array (
@ -315,7 +316,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
),
'possible_values' => array(
'' => 'Non',
@ -333,7 +334,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'vacationForward' => array (
@ -352,7 +353,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'mailQuota' => array (
@ -370,7 +371,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
)
),
'description' => array (
@ -384,7 +385,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
),
'view' => 1,
'form' => array (
'test' => 1,
'modify' => 1,
'create' => 1
)
),
'userPassword' => array (
@ -401,23 +403,29 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'sambaNTPassword'
),
'form' => array (
'test' => 1,
'add' => 1
'modify' => 1,
'create' => 1
)
),
'sambaLMPassword' => array (
'label' => _('Mot de passe Samba (LM)'),
'ldap_type' => 'ascii',
'html_type' => 'password',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_sambaLMPassword'
'generate_function' => 'generate_sambaLMPassword',
'form' => array (
'modify' => 0
)
),
'sambaNTPassword' => array (
'label' => _('Mot de passe Samba (NT)'),
'ldap_type' => 'ascii',
'html_type' => 'password',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_sambaNTPassword'
'generate_function' => 'generate_sambaNTPassword',
'form' => array (
'modify' => 0
)
)
)
);

View file

@ -104,6 +104,10 @@ $GLOBALS['LSerror_code'] = array (
'msg' => _("LSldapObject : L'attribut %{attr_depend} dépendant de l'attribut %{attr} n'existe pas."),
'level' => 'w'
),
35 => array (
'msg' => _("LSldapObject : Erreur durant la suppression de %{objectname}."),
'level' => 'c'
),
// LSldapObject
41 => array (
@ -238,6 +242,11 @@ $GLOBALS['LSerror_code'] = array (
1011 => array (
'msg' => _("LSsession : Vous n'êtes pas authorisé à effectuer cette action."),
'level' => 'c'
),
1012 => array (
'msg' => _("LSsession : Des informations sont manquantes pour l'affichage de cette page."),
'level' => 'c'
)
);
?>

View file

@ -28,13 +28,13 @@ $GLOBALS['LSconfig'] = array(
'cacheLSrights' => true,
'ldap_servers' => array (
array (
'name' => 'Ldap 1',
'name' => 'LSexample',
'ldap_config'=> array(
'host' => '127.0.0.1',
'port' => 389,
'version' => 3,
'starttls' => false,
'binddn' => 'uid=toto,ou=people,o=ls',
'binddn' => 'uid=eeggs,ou=people,o=ls',
'bindpw' => 'toto',
'basedn' => 'o=ls',
'options' => array(),
@ -42,9 +42,11 @@ $GLOBALS['LSconfig'] = array(
'scope' => 'sub'
),
'LSadmins' => array (
'o=ost' => array (
'uid=toto,ou=people,o=ls' => NULL,
'cn=adminldap,ou=groups,o=ost' => array (
'o=ls' => array (
'uid=eeggs,ou=people,o=ls' => NULL
),
'ou=people,o=ls' => array (
'cn=adminldap,ou=groups,o=ls' => array (
'attr' => 'uniqueMember',
'LSobject' => 'LSeegroup'
)
@ -76,7 +78,7 @@ $GLOBALS['LSconfig'] = array(
);
//Debug
$GLOBALS['LSdebug']['active'] = false;
$GLOBALS['LSdebug']['active'] = true;
// Définitions des locales
$textdomain = 'ldapsaisie';

79
trunk/create.php Normal file
View file

@ -0,0 +1,79 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* http://ldapsaisie.labs.libre-entreprise.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
require_once 'includes/functions.php';
require_once 'includes/class/class.LSsession.php';
$GLOBALS['LSsession'] = new LSsession();
if($LSsession -> startLSsession()) {
if (isset($_POST['LSform_objecttype'])) {
$LSobject = $_POST['LSform_objecttype'];
}
else if (isset($_GET['LSobject'])) {
$LSobject = $_GET['LSobject'];
}
if (isset($LSobject)) {
// Création d'un LSobject
if (class_exists($LSobject)) {
if ( $GLOBALS['LSsession'] -> canCreate($LSobject) ) {
$object = new $LSobject();
if ($_GET['load']!='') {
$form = $object -> getForm('create',$_GET['load']);
}
else {
$form = $object -> getForm('create');
}
if ($form->validate()) {
// MàJ des données de l'objet LDAP
if ($object -> updateData('create')) {
header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn());
}
}
// Définition du Titre de la page
$GLOBALS['Smarty'] -> assign('pagetitle',_('Nouveau').' : '.$object -> getLabel());
$GLOBALS['LSsession'] -> setTemplate('create.tpl');
$form -> display();
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(21);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
}
else {
$GLOBALS['LSsession'] -> setTemplate('login.tpl');
}
// Affichage des retours d'erreurs
$GLOBALS['LSsession'] -> displayTemplate();
?>

View file

@ -184,6 +184,7 @@
}
$password = $ldapObject -> attrs[ LS_SAMBA_USERPASSWORD_ATTR ] -> ldap -> getClearPassword();
debug('pwd : '.$password);
$sambapassword = new smbHash;
$sambaNTPassword = $sambapassword -> nthash($password);

View file

@ -80,14 +80,6 @@ class LSattr_html {
function addToForm (&$form,$idForm,$data=NULL) {
$GLOBALS['LSerror'] -> addErrorCode(101,$this -> name);
}
function __sleep() {
return ( array_keys( get_object_vars( &$this ) ) );
}
function __wakeup() {
return true;
}
}
?>

View file

@ -37,10 +37,10 @@ class LSattr_html_select_list extends LSattr_html{
* @retval LSformElement L'element du formulaire ajouté
*/
function addToForm (&$form,$idForm,$data=NULL) {
if (count($data)>1) {
/*if (count($data)>1) {
$GLOBALS['LSerror'] -> addErrorCode(103,'select_list');
return;
}
}*/
$possible_values=$this -> getPossibleValues();
$this -> config['text_possible_values'] = $possible_values;
$element=$form -> addElement('select', $this -> name, $this -> config['label'],$this -> config);

View file

@ -47,7 +47,7 @@ class LSattr_ldap_password extends LSattr_ldap {
* @retval mixed La valeur traitée de l'attribut
*/
function getUpdateData($data) {
$this -> clearPassord = $data[0];
$this -> clearPassword = $data[0];
return '{CRYPT}'.crypt($data[0],'$1$'.$this -> getSalt().'$');
}

View file

@ -184,15 +184,19 @@ class LSattribute {
* @param[in] object $form Le formulaire dans lequel doit être ajouté l'attribut
* @param[in] string $idForm L'identifiant du formulaire
* @param[in] objet &$obj Objet utilisable pour la génération de la valeur de l'attribut
* @param[in] array $value valeur de l'élement
*
* @retval boolean true si l'ajout a fonctionner ou qu'il n'est pas nécessaire, false sinon
*/
function addToForm(&$form,$idForm,&$obj=NULL) {
function addToForm(&$form,$idForm,&$obj=NULL,$value=NULL) {
if(isset($this -> config['form'][$idForm])) {
if($this -> myRights() == 'n') {
return true;
}
if($this -> data !='') {
if ($value) {
$data = $value;
}
else if($this -> data !='') {
$data=$this -> getFormVal();
}
else if (isset($this -> config['default_value'])) {
@ -235,6 +239,11 @@ class LSattribute {
return true;
}
/**
* Récupération des droits de l'utilisateur sur l'attribut
*
* @retval string 'r'/'w'/'n' pour 'read'/'write'/'none'
**/
function myRights() {
// cache
if ($this -> _myRights != NULL) {
@ -484,13 +493,6 @@ class LSattribute {
return $this -> config['dependAttrs'];
}
function __sleep() {
return ( array_keys( get_object_vars( &$this ) ) );
}
function __wakeup() {
return true;
}
}
?>

View file

@ -85,7 +85,7 @@ class LSform {
$GLOBALS['Smarty'] -> assign('LSform_header',$LSform_header);
$LSform_object = array(
'type' => $this -> ldapObject -> getType(),
'dn' => $this -> ldapObject -> getDn()
'dn' => $this -> ldapObject -> getValue('dn')
);
$GLOBALS['Smarty'] -> assign('LSform_object',$LSform_object);
$fields = array();

View file

@ -183,7 +183,7 @@ class LSformElement {
* @retval boolean true si la valeur est présente en POST, false sinon
*/
function getPostData(&$return) {
if($this -> params['form'][$this -> form -> idForm] != 1) {
if($this -> isFreeze()) {
return true;
}
if (isset($_POST[$this -> name])) {

View file

@ -67,7 +67,10 @@ class LSformElement_password extends LSformElement {
function getDisplay(){
$return = $this -> getLabelInfos();
if (!$this -> isFreeze()) {
$return['html'] = "<input type='password' name='".$this -> name."[]' />\n* "._('Modification uniquement').".";
$return['html'] = "<input type='password' name='".$this -> name."[]' />\n";
if (!empty($this -> values)) {
$return['html'] .= "* "._('Modification uniquement').".";
}
}
else {
if (empty($this -> values)) {

View file

@ -50,7 +50,7 @@ class LSformElement_select extends LSformElement {
$multiple_tag='multiple';
}
$return['html'] = "<select name='".$this -> name."' $multiple_tag class='LSform'>\n";
$return['html'] = "<select name='".$this -> name."[]' $multiple_tag class='LSform'>\n";
foreach ($this -> params['text_possible_values'] as $choice_value => $choice_text) {
if (in_array($choice_value, $this -> values)) {
$selected=' selected';

View file

@ -260,6 +260,17 @@ class LSldap {
return ($this -> cnx == NULL)?false:true;
}
/**
* Supprime un objet de l'annuaire
*
* @param[in] string DN de l'objet à supprimer
*
* @retval boolean True si l'objet à été supprimé, false sinon
*/
function remove($dn) {
return $this -> cnx -> delete($dn);
}
}
?>

View file

@ -89,12 +89,15 @@ class LSldapObject {
function loadData($dn) {
$this -> dn = $dn;
$data = $GLOBALS['LSldap'] -> getAttrs($dn);
if(!empty($data)) {
foreach($this -> attrs as $attr_name => $attr) {
if(!$this -> attrs[$attr_name] -> loadData($data[$attr_name]))
return;
}
return true;
}
return;
}
/**
* Recharge les données de l'objet
@ -166,21 +169,39 @@ class LSldapObject {
* et de chaque attribut.
*
* @param[in] $idForm [<b>required</b>] Identifiant du formulaire a créer
* @param[in] $config Configuration spécifique pour le formulaire
* @param[in] $load DN d'un objet similaire dont la valeur des attribut doit être chargé dans le formulaire.
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @retval LSform Le formulaire crée
*/
function getForm($idForm,$config=array()) {
function getForm($idForm,$load=NULL) {
$GLOBALS['LSsession'] -> loadLSclass('LSform');
$LSform = new LSform($this,$idForm);
$this -> forms[$idForm] = array($LSform,$config);
$this -> forms[$idForm] = array($LSform,$load);
if ($load) {
$type = $this -> getType();
$loadObject = new $type();
if (!$loadObject -> loadData($load)) {
$load=false;
}
}
if ($load) {
foreach($this -> attrs as $attr_name => $attr) {
if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this,$loadObject -> getValue($attr_name))) {
$LSform -> can_validate = false;
}
}
}
else {
foreach($this -> attrs as $attr_name => $attr) {
if(!$this -> attrs[$attr_name] -> addToForm($LSform,$idForm,$this)) {
$LSform -> can_validate = false;
}
}
}
return $LSform;
}
@ -261,7 +282,7 @@ class LSldapObject {
}
else {
$GLOBALS['LSerror'] -> addErrorCode(23,$this -> type_name);
$GLOBALS['LSerror'] -> stop();
return;
}
}
$new_data = $LSform -> exportValues();
@ -276,12 +297,12 @@ class LSldapObject {
if(function_exists($this -> config['before_save'])) {
if(!$this -> config['before_save']($this)) {
$GLOBALS['LSerror'] -> addErrorCode(28,$this -> config['before_save']);
$GLOBALS['LSerror'] -> stop();
return;
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(27,$this -> config['before_save']);
$GLOBALS['LSerror'] -> stop();
return;
}
}
if ($this -> submitChange($idForm)) {
@ -290,16 +311,25 @@ class LSldapObject {
$this -> reloadData();
$this -> refreshForm($idForm);
}
else {
return;
}
if((isset($this -> config['after_save']))&&(!$this -> submitError)) {
if(function_exists($this -> config['after_save'])) {
if(!$this -> config['after_save']($this)) {
$GLOBALS['LSerror'] -> addErrorCode(30,$this -> config['after_save']);
return;
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(29,$this -> config['after_save']);
return;
}
}
return true;
}
else {
return;
}
}
@ -478,6 +508,7 @@ class LSldapObject {
if(!empty($submitData)) {
$dn=$this -> getDn();
if($dn) {
$this -> dn=$dn;
debug($submitData);
return $GLOBALS['LSldap'] -> update($this -> type_name,$dn, $submitData);
}
@ -486,6 +517,9 @@ class LSldapObject {
return;
}
}
else {
return true;
}
}
/**
@ -848,24 +882,35 @@ class LSldapObject {
return $this -> type_name;
}
/**
* Retourne qui est l'utilisateur par rapport à cet object
*
* @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
*/
function whoami() {
if (!$this -> _whoami)
$this -> _whoami = $GLOBALS['LSsession'] -> whoami($this -> dn);
return $this -> _whoami;
}
/**
* Retourne le label de l'objet
*
* @retval string Le label de l'objet ($this -> config['label'])
*/
function getLabel() {
return $this -> config['label'];
}
function __sleep() {
return ( array_keys( get_object_vars( &$this ) ) );
}
function __wakeup() {
return true;
/**
* Supprime l'objet dans l'annuaire
*
* @retval boolean True si l'objet à été supprimé, false sinon
*/
function remove() {
return $GLOBALS['LSldap'] -> remove($this -> getDn());
}
}
?>

View file

@ -240,10 +240,10 @@ class LSsession {
if (!$this -> LSldapConnect())
return;
$this -> loadLSrights();
$this -> loadLSaccess();
}
$this -> LSuserObject = new $this -> ldapServer['authobject']();
$this -> LSuserObject -> loadData($this -> dn);
$this -> loadLSaccess();
$GLOBALS['Smarty'] -> assign('LSsession_username',$this -> LSuserObject -> getDisplayValue());
return true;
@ -589,16 +589,25 @@ class LSsession {
}
}
/**
* Charge les droits d'accès de l'utilisateur pour construire le menu de l'interface
*
* @retval void
*/
function loadLSaccess() {
if ($this -> canAccess($this -> LSuserObject -> getType(),$this -> dn)) {
$LSaccess = array(
'SELF' => array(
'label' => _('Mon compte'),
'DNs' => $this -> dn
)
);
}
else {
$LSaccess = array();
}
foreach ($GLOBALS['LSobjects'] as $objecttype => $objectconf) {
$objectdn = $objectconf['container_dn'].','.$this -> topDn;
if ($this -> isAdmin($objectdn) ) {
if ($this -> canAccess($objecttype) ) {
$LSaccess[$objecttype] = array (
'label' => $objectconf['label'],
'Dns' => 'All'
@ -608,6 +617,13 @@ class LSsession {
$this -> LSaccess = $LSaccess;
}
/**
* Dit si l'utilisateur est admin de le DN spécifié
*
* @param[in] string DN de l'objet
*
* @retval boolean True si l'utilisateur est admin sur l'objet, false sinon.
*/
function isAdmin($dn) {
foreach($this -> LSrights['topDn_admin'] as $topDn_admin) {
if($dn == $topDn_admin) {
@ -620,6 +636,13 @@ class LSsession {
return;
}
/**
* Retourne qui est l'utilisateur par rapport à l'object
*
* @param[in] string Le DN de l'objet
*
* @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
*/
function whoami($dn) {
if ($this -> isAdmin($dn)) {
return 'admin';
@ -632,15 +655,51 @@ class LSsession {
return 'user';
}
function canAccess($LSobject,$dn=NULL,$right=NULL) {
/**
* Retourne le droit de l'utilisateur à accèder à un objet
*
* @param[in] string $LSobject Le type de l'objet
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
* @param[in] string $right Le type de droit d'accès à tester ('r'/'w')
* @param[in] string $attr Le nom de l'attribut auquel on test l'accès
*
* @retval boolean True si l'utilisateur a accès, false sinon
*/
function canAccess($LSobject,$dn=NULL,$right=NULL,$attr=NULL) {
if (!$this -> loadLSobject($LSobject))
return;
if ($dn) {
$whoami = $this -> whoami($dn);
}
else {
$whoami = 'user';
$objectdn=$GLOBALS['LSobjects'][$LSobject]['container_dn'].','.$this -> topDn;
$whoami = $this -> whoami($objectdn);
}
// Pour un attribut particulier
if ($attr) {
if ($attr=='rdn') {
$attr=$GLOBALS['LSobjects'][$LSobject]['rdn'];
}
if (!isset($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr])) {
return;
}
if (($right=='r')||($right=='w')) {
if ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]==$right) {
return true;
}
return;
}
else {
if ( ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='r') || ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='w') ) {
return true;
}
return;
}
}
// Pour un attribut quelconque
if (is_array($GLOBALS['LSobjects'][$LSobject]['attrs'])) {
if (($right=='r')||($right=='w')) {
foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) {
@ -660,17 +719,42 @@ class LSsession {
return;
}
function canEdit($LSobject,$dn=NULL) {
return $this -> canAccess($LSobject,$dn,'w');
/**
* Retourne le droit de l'utilisateur à editer à un objet
*
* @param[in] string $LSobject Le type de l'objet
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
* @param[in] string $attr Le nom de l'attribut auquel on test l'accès
*
* @retval boolean True si l'utilisateur a accès, false sinon
*/
function canEdit($LSobject,$dn=NULL,$attr=NULL) {
return $this -> canAccess($LSobject,$dn,'w',$attr);
}
function __sleep() {
return ( array_keys( get_object_vars( &$this ) ) );
/**
* Retourne le droit de l'utilisateur à supprimer un objet
*
* @param[in] string $LSobject Le type de l'objet
* @param[in] string $dn Le DN de l'objet (le container_dn du type de l'objet par défaut)
*
* @retval boolean True si l'utilisateur a accès, false sinon
*/
function canRemove($LSobject,$dn) {
return $this -> canAccess($LSobject,$dn,'w','rdn');
}
function __wakeup() {
return true;
/**
* Retourne le droit de l'utilisateur à créer un objet
*
* @param[in] string $LSobject Le type de l'objet
*
* @retval boolean True si l'utilisateur a accès, false sinon
*/
function canCreate($LSobject) {
return $this -> canAccess($LSobject,NULL,'w','rdn');
}
}
?>

175
trunk/lsexample/ls.schema Normal file
View file

@ -0,0 +1,175 @@
# Easter-eggs OID: 1.3.6.1.4.1.10650
# 1.3.6.1.4.1.10650.2 LDAP OID
# 1.3.6.1.4.1.10650.3 Customers OID
#
# 1.3.6.1.4.1.10650.2.1 Ldap Attributes
# 1.3.6.1.4.1.10650.2.1.1 Admin sys Ldap Attributes
# 1.3.6.1.4.1.10650.2.1.2 Dev Ldap Attributes
# 1.3.6.1.4.1.10650.2.1.3 Global Attributes
# 1.3.6.1.4.1.10650.2.2 Ldap Objectclass
# 1.3.6.1.4.1.10650.2.2.1 Admin sys Ldap Objectclass
# 1.3.6.1.4.1.10650.2.2.2 Dev Ldap Objectclass
# 1.3.6.1.4.1.10650.2.2.3 Global OC
# Ost
# 1.3.6.1.4.1.10650.3.1127.2.1 Ldap attributes
# 1.3.6.1.4.1.10650.3.1127.2.2 Ldap OC
# <Ee attributes>
attributetype (1.3.6.1.4.1.10650.2.1.1.1
NAME 'eeallowedservices'
DESC 'List of allowed services'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
# </Ee attributes>
# <From qmail schema>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailAlternateAddress'
SUBSTR caseIgnoreSubstringsMatch
DESC 'Secondary (alias) mailaddresses for the same user'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.7914.1.2.1.7 NAME 'mailForwardingAddress'
DESC 'Address(es) to forward all incoming messages to.'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# </From qmail schema>
# <From courier.schema>
attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox'
DESC 'The absolute path to the mailbox for a mail account in a non-default location'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop'
DESC 'RFC822 Mailbox - mail alias'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# </From courier.schema>
# <From postfix>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.5 NAME 'mailQuota'
DESC 'The amount of space the user can use until all further messages get bounced.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
SINGLE-VALUE )
# </From postfix>
# <From gnarwl>
# Original
#attributetype ( 1.3.6.1.4.1.11048.1.1.1.1
# NAME 'vacationActive'
# SINGLE-VALUE
# EQUALITY booleanMatch
# DESC 'A flag, for marking the user as being away'
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# Ee
attributetype ( 1.3.6.1.4.1.11048.1.1.1.1
NAME 'vacationActive'
SINGLE-VALUE
DESC 'Equal to uid@autoreponse.foo.bar, for marking the user as being away'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.11048.1.1.1.3
NAME 'vacationInfo'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
DESC 'Absentee note to leave behind, while on vacation'
EQUALITY octetStringMatch )
attributetype ( 1.3.6.1.4.1.11048.1.1.1.4
NAME 'vacationStart'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
DESC 'Beginning of vacation'
EQUALITY octetStringMatch )
# Original
#attributetype ( 1.3.6.1.4.1.11048.1.1.1.5
# NAME 'vacationEnd'
# SINGLE-VALUE
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
# DESC 'End of vacation'
# EQUALITY octetStringMatch )
# Ee
attributetype ( 1.3.6.1.4.1.11048.1.1.1.5
NAME 'vacationEnd'
SINGLE-VALUE
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
DESC 'End of vacation'
ORDERING generalizedTimeOrderingMatch
EQUALITY generalizedTimeMatch )
attributetype (1.3.6.1.4.1.11048.1.1.1.10
NAME 'vacationForward'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
DESC 'Where to forward mails to, while on vacation' )
# </From gnarwl>
## Objectclasses
# LS people
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.1
NAME 'lspeople'
DESC 'LS people Objectclass'
STRUCTURAL
MUST ( uid $ cn )
MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ mail $ mailalternateaddress $ personalTitle $ description $ userPassword $ eeallowedservices $ mailforwardingaddress $ maildrop $ mailquota $ mailbox $ vacationActive $ vacationInfo $ vacationEnd $ vacationForward ))
# LS Alias
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.2
NAME 'lsalias'
DESC 'LS alias Objectclass'
STRUCTURAL
MUST ( mail $ maildrop )
MAY ( mailalternateaddress $ description ))
# LS group
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.3
NAME 'lsgroup'
DESC 'LS group Objectclass'
STRUCTURAL
MUST ( cn )
MAY ( uniquemember $ description ))
# LS system account
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.4
NAME 'lssysaccount'
DESC 'LS system account Objectclass'
STRUCTURAL
MUST ( uid )
MAY (userpassword $ description))
# Ost mailbox
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.5
NAME 'lsmailbox'
DESC 'LS custom mailbox Objectclass'
STRUCTURAL
MUST ( uid )
MAY ( userPassword $ description $ eeallowedservices $ maildrop $ mailbox $ mail $ mailalternateaddress $ mailforwardingaddress $ mailquota ))
# Ost computer
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.6
NAME 'lscomputer'
DESC 'LS computer Objectclass'
STRUCTURAL
MUST ( uid ))
# Ost samba domains
objectclass (1.3.6.1.4.1.10650.3.1127.2.2.8
NAME 'lssambadomain'
DESC 'LS samba domain Objectclass'
STRUCTURAL)

View file

@ -0,0 +1,604 @@
dn: o=ls
objectClass: top
objectClass: organization
o: ls
structuralObjectClass: organization
entryUUID: 2229e388-825b-1029-838c-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000001#000#000000
dn: ou=sysaccounts,o=ls
objectClass: top
objectClass: organizationalUnit
ou: sysaccounts
structuralObjectClass: organizationalUnit
entryUUID: 2238a738-825b-1029-838d-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000002#000#000000
dn: ou=people,o=ls
objectClass: top
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
entryUUID: 223b67e8-825b-1029-838e-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000003#000#000000
dn: ou=mailboxes,o=ls
objectClass: top
objectClass: organizationalUnit
ou: mailboxes
structuralObjectClass: organizationalUnit
entryUUID: 2240f622-825b-1029-8390-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000005#000#000000
dn: ou=aliases,o=ls
objectClass: top
objectClass: organizationalUnit
ou: aliases
structuralObjectClass: organizationalUnit
entryUUID: 2243b88a-825b-1029-8391-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000006#000#000000
dn: ou=computers,o=ls
objectClass: top
objectClass: organizationalUnit
ou: computers
structuralObjectClass: organizationalUnit
entryUUID: 22468588-825b-1029-8392-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000007#000#000000
dn: ou=sambadomains,o=ls
objectClass: top
objectClass: organizationalUnit
ou: sambadomains
structuralObjectClass: organizationalUnit
entryUUID: 224cf30a-825b-1029-8394-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000009#000#000000
dn: sambaDomainName=LS_NT,ou=sambadomains,o=ls
objectClass: top
objectClass: lssambadomain
objectClass: sambaDomain
sambaDomainName: LS_NT
sambaSID: S-1-5-21-2421470416-3566881284-3047381809
structuralObjectClass: lssambadomain
entryUUID: 2250d4ac-825b-1029-8395-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#00000a#000#000000
dn: ou=groups,o=ls
objectClass: top
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: 224947d2-825b-1029-8393-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111624Z
modifyTimestamp: 20050706111624Z
entryCSN: 20050706111624.000000Z#000008#000#000000
dn: cn=adminldap,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: adminldap
gidNumber: 70000
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-70000
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 226bb240-825b-1029-8396-b10e837060e0
creatorsName: cn=anonymous
createTimestamp: 20050706111625Z
uniqueMember: uid=eeggs,ou=people,o=ls
entryCSN: 20080211142717.746402Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211142717Z
dn: uid=mail,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: mail
structuralObjectClass: lssysaccount
userPassword: toto
entryUUID: 22958d72-825b-1029-839c-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111625Z
modifyTimestamp: 20050706111625Z
entryCSN: 20050706111625.000000Z#000007#000#000000
dn: uid=ftp,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: ftp
structuralObjectClass: lssysaccount
userPassword: toto
entryUUID: 22a46608-825b-1029-839d-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111625Z
modifyTimestamp: 20050706111625Z
entryCSN: 20050706111625.000000Z#000008#000#000000
dn: uid=http,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: http
structuralObjectClass: lssysaccount
userPassword: toto
entryUUID: 22a7274e-825b-1029-839e-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111625Z
modifyTimestamp: 20050706111625Z
entryCSN: 20050706111625.000000Z#000009#000#000000
dn: uid=samba,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: samba
structuralObjectClass: lssysaccount
entryUUID: 22a9f44c-825b-1029-839f-b10e837060e0
creatorsName: cn=anonymous
createTimestamp: 20050706111625Z
userPassword: toto
entryCSN: 20050706115506.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050706115506Z
dn: uid=ldapsaisie,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: ldapsaisie
structuralObjectClass: lssysaccount
userPassword: toto
entryUUID: 22acb6aa-825b-1029-83a0-b10e837060e0
creatorsName: cn=anonymous
modifiersName: cn=anonymous
createTimestamp: 20050706111625Z
modifyTimestamp: 20050706111625Z
entryCSN: 20050706111625.000000Z#00000b#000#000000
dn: uid=nss,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: nss
structuralObjectClass: lssysaccount
entryUUID: 22b06d40-825b-1029-83a1-b10e837060e0
creatorsName: cn=anonymous
createTimestamp: 20050706111625Z
userPassword: toto
entryCSN: 20050706115152.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050706115152Z
dn: uid=eeggs,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: eeggs
uidNumber: 100000
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-201000
structuralObjectClass: lspeople
entryUUID: 22b70a42-825b-1029-83a3-b10e837060e0
creatorsName: cn=anonymous
createTimestamp: 20050706111625Z
gidNumber: 102009
mail: eeggs@ldapsaisie.biz
facsimileTelephoneNumber: 030000000
vacationInfo: Je suis absent pour le moment
vacationEnd: 20070101000000Z
vacationForward: brenard@easter-eggs.com
eeallowedservices: MAIL
eeallowedservices: FTP
description: Utilisateur test Easter-eggs
cn: Easter Eggs
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
mailbox: eeggs/
personalTitle: M.
userPassword: toto
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
mailQuota: 5
homeDirectory: /home/eeggs
loginShell: /bin/false
givenName: Easter
maildrop: eeggs@ldapsaisie.biz
vacationActive:
sn: Eggs
entryCSN: 20080211134602.394624Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211134602Z
dn: uid=invite,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: invite
cn: Utilisateur de passage
givenName: Utilisateur
sn: de passage
homeDirectory: /home/invite
loginShell: /bin/false
uidNumber: 101012
gidNumber: 101009
userPassword: toto
sambaAcctFlags: [U ]
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-203019
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203024
mailbox: invite/
mailQuota: 52428800
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
mail: invite@ldapsaisie.biz
maildrop: invite@ldapsaisie.biz
structuralObjectClass: lspeople
entryUUID: 233dd144-825b-1029-9a9d-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111626Z
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
entryCSN: 20050706133832.000000Z#000008#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050706133832Z
dn: uid=hmartin,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: hmartin
homeDirectory: /home/com
loginShell: /bin/false
uidNumber: 101022
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203044
structuralObjectClass: lspeople
entryUUID: 234393a4-825b-1029-9a9f-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111626Z
givenName: Henri
sn: MARTIN
gidNumber: 102001
mail: henri.martin@ldapsaisie.biz
maildrop: henri.martin@ldapsaisie.biz
mailAlternateAddress: hmartin@ldapsaisie.biz
vacationEnd: 20060101000000Z
mailQuota: 52428800
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
cn: Henri MARTIN
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
mailbox: hmartin/
personalTitle: M.
userPassword: toto
sambaLMPassword: AAD3B435B51404EEAAD3B435B51404EE
sambaNTPassword: 31D6CFE0D16AE931B73C59D7E0C089C0
entryCSN: 20080211164417.161923Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211164417Z
dn: uid=secretariat,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: secretariat
homeDirectory: /home/secretariat
loginShell: /bin/false
uidNumber: 101036
userPassword: toto
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203072
structuralObjectClass: lspeople
entryUUID: 239920bc-825b-1029-9abb-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111627Z
sambaNTPassword: 8DB716B655D71DF6BD056A41B22B9EA9
sambaLMPassword: 6CE56DC112C920EF0F5E44C88BF9DC39
givenName: Secretariat
sn: Secretariat
gidNumber: 70513
mail: secretariat@ldapsaisie.biz
maildrop: secretariat@ldapsaisie.biz
vacationEnd: 20050101000000Z
mailQuota: 52428800
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
cn: Secretariat Secretariat
mailbox: secretariat/
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-513
entryCSN: 20050706144306.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050706144306Z
dn: uid=ls,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uid: ls
homeDirectory: /home/ls
loginShell: /bin/false
uidNumber: 101068
userPassword: toto
sambaAcctFlags: [U ]
sambaLMPassword: 6E72264E11F708C0AAD3B435B51404EE
sambaNTPassword: 8D9B9B87EE8C0423691F4F0E00C5BDE1
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203136
structuralObjectClass: lspeople
entryUUID: 23afa346-825b-1029-9ac3-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111627Z
givenName: _
sn: LdapSaisie
gidNumber: 102001
mail: ls@ldapsaisie.biz
maildrop: ls@ldapsaisie.biz
vacationEnd: 20060101000000Z
mailQuota: 52428800
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
cn: LS
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
mailbox: ls/
entryCSN: 20061212145541.000000Z#000001#000#000000
modifiersName: uid=catbo,ou=people,o=ls
modifyTimestamp: 20061212145541Z
dn: cn=invite,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: invite
gidNumber: 101009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203019
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 2425636a-825b-1029-9ae1-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
entryCSN: 20070308165544.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070308165544Z
dn: cn=ls,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: ls
gidNumber: 102001
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205003
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 242bef1e-825b-1029-9ae3-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
uniqueMember: uid=secretariat,ou=people,o=ls
entryCSN: 20080211142555.171664Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211142555Z
dn: cn=informatique,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 102009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205019
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 2438d9d6-825b-1029-9ae7-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
cn: informatique
uniqueMember: uid=eeggs,ou=people,o=ls
entryCSN: 20070309093000.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070309093000Z
dn: cn=direction,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: direction
gidNumber: 102007
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205015
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 243f7a34-825b-1029-9ae9-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
entryCSN: 20070309093009.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070309093009Z
dn: cn=administratif,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: administratif
gidNumber: 102005
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205011
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 245e0cb0-825b-1029-9af4-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
entryCSN: 20070308180424.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070308180424Z
dn: cn=communication,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: communication
gidNumber: 102003
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205007
sambaGroupType: 2
structuralObjectClass: lsgroup
entryUUID: 2460db34-825b-1029-9af5-8f6e2b792dd2
creatorsName: cn=anonymous
createTimestamp: 20050706111628Z
entryCSN: 20070308180413.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070308180413Z
dn: uid=spam,ou=mailboxes,o=ls
uid: spam
userPassword: toto
mailQuota: 104857600
eeallowedservices: MAIL
mail: spam@ldapsaisie.biz
maildrop: spam@ldapsaisie.biz
mailbox: spam/
objectClass: top
objectClass: lsmailbox
structuralObjectClass: lsmailbox
entryUUID: c88b9eb4-8301-1029-9567-dda2c03231d0
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20050707070920Z
entryCSN: 20050707070920.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050707070920Z
dn: uid=virus,ou=mailboxes,o=ls
uid: virus
userPassword: toto
mailbox: virus/
objectClass: top
objectClass: lsmailbox
structuralObjectClass: lsmailbox
entryUUID: 974dac8c-8303-1029-9569-dda2c03231d0
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20050707072216Z
mailQuota: 104857600
eeallowedservices: MAIL
mail: virus@ldapsaisie.biz
maildrop: virus@ldapsaisie.biz
entryCSN: 20050707072249.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20050707072249Z
dn: uid=gnarwl,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: gnarwl
structuralObjectClass: lssysaccount
entryUUID: f55954e0-fdcc-1029-9d72-de06c303d7ef
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20051210133105Z
userPassword: toto
entryCSN: 20051210133237.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20051210133237Z
dn: mail=informatique@ldapsaisie.biz,ou=aliases,o=ls
objectClass: top
objectClass: lsalias
structuralObjectClass: lsalias
entryUUID: 081e6612-fdd0-1029-9d73-de06c303d7ef
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20051210135305Z
mail: informatique@ldapsaisie.biz
description: Service Informatique
maildrop: eeggs@ldapsaisie.biz
entryCSN: 20051210141428.000000Z#000001#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20051210141428Z
dn: uid=erwpa,ou=people,o=ls
uid: erwpa
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: sambaSamAccount
uidNumber: 101082
sambaAcctFlags: [U ]
homeDirectory: /home/erwpa
loginShell: /bin/false
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203164
structuralObjectClass: lspeople
entryUUID: aa7fcb30-b1a3-102a-875e-dcce935f6f2c
sn: PAGEARD
gidNumber: 102009
mail: erwan.page@ldapsaisie.biz
maildrop: erwan.page@ldapsaisie.biz
vacationEnd: 20060101000000Z
eeallowedservices: MAIL
eeallowedservices: SAMBA
eeallowedservices: FTP
cn: Erwan PAGE
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
mailbox: erwpa/
personalTitle: M.
givenName: Erwan
userPassword: toto
sambaLMPassword: BAC14D04669EE1D1AAD3B435B51404EE
sambaNTPassword: FBBF55D0EF0E34D39593F55C5F2CA5F2
entryCSN: 20080211170049.821887Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20080211170049Z
dn: cn=test,ou=groups,o=ls
cn: test
description: test BR
objectClass: top
objectClass: lsgroup
objectClass: sambaGroupMapping
objectClass: posixGroup
sambaGroupType: 2
gidNumber: 102012
sambaSID: 42
structuralObjectClass: lsgroup
entryUUID: 91b290d2-6117-102b-9c6f-91889acd20dc
creatorsName: uid=eeggs,ou=people,o=ls
createTimestamp: 20070307164933Z
entryCSN: 20070308165811.000000Z#000000#000#000000
modifiersName: uid=eeggs,ou=people,o=ls
modifyTimestamp: 20070308165811Z

View file

@ -0,0 +1,208 @@
## Racine
access to dn.regex="^o=ls$" attrs="entry,children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * read
## Sysaccounts
### Ajout d'entrees par les admins
access to dn.regex="^ou=sysaccounts,o=ls$" attrs="children"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="userPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by anonymous auth
by * none
### Les admins peuvent modifier tous les attributs, les autres ne voient rien
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * none
## Aliases
### Ajout d'entrees par les admins
access to dn.regex="^ou=aliases,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
### Les admins peuvent modifier tous les attributs, tout le monde peut voir
access to dn.regex="^mail=[^,]+,ou=aliases,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
## Mailboxes
### Ajout d'entrees par les admins
access to dn.regex="^ou=mailboxes,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
### Les admins peuvent modifier le mot de passe, les autres peuvent s'en servir pour l'authentification
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="userPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by anonymous auth
by * none
### Les admins peuvent modifier ces attributs, l'appli mail le voir, les autres aucun droits
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="mailbox,mailforwardingaddress"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=mail,ou=sysaccounts,o=ls" read
by * none
### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
access to dn.regex="^uid=[^,]+,ou=mailboxes,o=ls$" attrs="uid,description,mail,mailalternateaddress,mailquota,eeallowedservices"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * read
## Groups
### Ajout d'entrees par les admins
access to dn.regex="^ou=groups,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
### Les admins peuvent tout modifier, les authentifies peuvent tout voir
access to dn.regex="^cn=[^,]+,ou=groups,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
## Peoples
### Ajout d'entrees par les admins
access to dn.regex="^ou=people,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * read
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * read
### Les admins peuvent modifier le mot de passe, samba le mettre à jour, les autres peuvent s'en servir pour l'authentification
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="userPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by self write
by anonymous auth
by * none
### Les admins peuvent modifier ces attributs, l'appli mail les voir, les autres aucun droits
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailbox"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=mail,ou=sysaccounts,o=ls" read
by * none
### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="uid,mailquota,eeallowedservices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sambaPrimaryGroupSID"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, gnarwl peut les modifier et mail les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="mailforwardingaddress"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=gnarwl,ou=sysaccounts,o=ls" write
by self write
by dn="uid=mail,ou=sysaccounts,o=ls" read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir, gnarwl peut les modifier
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationActive"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=gnarwl,ou=sysaccounts,o=ls" write
by self write
by users read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, mail et gnarwl peuvent les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="vacationForward"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by self write
by dn="uid=mail,ou=sysaccounts,o=ls" read
by dn="uid=gnarwl,ou=sysaccounts,o=ls" read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, samba aussi
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by self write
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="c,cn,jpegPhoto,personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobile,fax,mail,mailalternateaddress,maildrop,description,vacationInfo,vacationEnd"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by self write
by users read
by * read
## Computers
### Ajout d'entrees par les admins
access to dn.regex="^ou=computers,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by users read
by * none
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by users read
by * none
### Les admins peuvent modifier ces attributs, samba peut les voir
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by * none
### Les admins peuvent modifier ces attributs, les authentifiés peuvent les voir
access to dn.regex="^uid=[^,]+,ou=computers,o=ls$" attrs="cn,uid,uidNumber,gidNumber,homeDirectory,sambaSID,sambaPrimaryGroupSID,sambaAcctFlags,sambaPwdCanChange,sambaPwdMustChange,sambaPwdLastSet"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by users read
by * none
## Les authentifies peuvent voir les noeuds et les admins peuvent en ajouter
access to * attrs="entry"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by users read
by * none
## SambaDomains
### Ajout d'entrees par les admins
access to dn.regex="^ou=sambadomains,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" read
by users read
by * none
## Le reste
access to *
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by * none

View file

@ -0,0 +1,28 @@
include /etc/ldap/schema/ls.schema
database bdb
suffix "o=ls"
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/ls
# Indices to maintain
index objectClass eq
index uid pres,eq
index uidNumber eq
index gidNumber eq
index eeallowedservices eq
index cn pres,eq
index mail pres,eq
index mailalternateaddress pres,eq
index sambasid eq
index sambaDomainName eq
index memberUid eq
# Save the time that the entry gets modified, for database #1
lastmod on
include /etc/ldap/permissions-ls.conf

View file

@ -30,20 +30,54 @@ if($LSsession -> startLSsession()) {
// Définition du Titre de la page
$GLOBALS['Smarty'] -> assign('pagetitle',_('Modifier'));
if (isset($_POST['LSform_objecttype'])) {
$LSobject = $_POST['LSform_objecttype'];
}
else if (isset($_GET['LSobject'])) {
$LSobject = $_GET['LSobject'];
}
if (isset($_POST['LSform_objectdn'])) {
$dn = $_POST['LSform_objectdn'];
}
else if (isset($_GET['dn'])) {
$dn = $_GET['dn'];
}
if ((isset($dn)) && (isset($LSobject)) ) {
// Création d'un LSobject
if (class_exists($_GET['LSobject'])) {
debug('me : '.$GLOBALS['LSsession'] -> whoami($_GET['dn']));
if ( $GLOBALS['LSsession'] -> whoami($_GET['dn']) != 'user' ) {
$object = new $_GET['LSobject']();
if ($object -> loadData($_GET['dn'])) {
$form = $object -> getForm('test');
if (class_exists($LSobject)) {
if ( $GLOBALS['LSsession'] -> canEdit($LSobject,$dn) ) {
$LSview_actions[] = array(
'label' => _('Voir'),
'url' =>'view.php?LSobject='.$LSobject.'&amp;dn='.$dn,
'action' => 'view'
);
if ($GLOBALS['LSsession'] -> canRemove($LSobject,$dn)) {
$LSview_actions[] = array(
'label' => _('Supprimer'),
'url' => 'remove.php?LSobject='.$LSobject.'&amp;dn='.$dn,
'action' => 'delete'
);
}
$object = new $LSobject();
if ($object -> loadData($dn)) {
$form = $object -> getForm('modify');
if ($form->validate()) {
// MàJ des données de l'objet LDAP
$object -> updateData('test');
if ($object -> updateData('modify')) {
header('Location: view.php?LSobject='.$LSobject.'&dn='.$object -> getDn());
}
}
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
$GLOBALS['LSsession'] -> setTemplate('modify.tpl');
$form -> display();
}
else debug('erreur durant le chargement du dn');
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
@ -52,9 +86,11 @@ if($LSsession -> startLSsession()) {
else {
$GLOBALS['LSerror'] -> addErrorCode(21);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
// Template
$GLOBALS['LSsession'] -> setTemplate('modify.tpl');
}
else {
$GLOBALS['LSsession'] -> setTemplate('login.tpl');

78
trunk/remove.php Normal file
View file

@ -0,0 +1,78 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* http://ldapsaisie.labs.libre-entreprise.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
require_once 'includes/functions.php';
require_once 'includes/class/class.LSsession.php';
$GLOBALS['LSsession'] = new LSsession();
if($LSsession -> startLSsession()) {
if ((isset($_GET['LSobject'])) && (isset($_GET['dn']))) {
if ($GLOBALS['LSsession'] -> loadLSobject($_GET['LSobject'])) {
if ( $GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn']) ) {
$object = new $_GET['LSobject']();
if ($object -> loadData($_GET['dn'])) {
if (isset($_GET['valid'])) {
$objectname=$object -> getDisplayValue();
$GLOBALS['Smarty'] -> assign('pagetitle',_('Suppression').' : '.$objectname);
if ($object -> remove()) {
$GLOBALS['Smarty'] -> assign('question',$objectname.' '._('a bien été supprimé').'.');
}
else {
$GLOBALS['LSerror'] -> addErrorCode(35,$objectname);
}
}
else {
// Définition du Titre de la page
$GLOBALS['Smarty'] -> assign('pagetitle',_('Suppresion').' : '.$object -> getDisplayValue());
$GLOBALS['Smarty'] -> assign('question',_('Voulez-vous vraiment supprimer').' <strong>'.$object -> getDisplayValue().'</strong> ?');
$GLOBALS['Smarty'] -> assign('validation_url','remove.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$_GET['dn'].'&amp;valid');
$GLOBALS['Smarty'] -> assign('validation_txt',_('Valider'));
}
$GLOBALS['LSsession'] -> setTemplate('question.tpl');
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1011);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(21);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
}
else {
$GLOBALS['LSsession'] -> setTemplate('login.tpl');
}
// Affichage des retours d'erreurs
$GLOBALS['LSsession'] -> displayTemplate();
?>

View file

@ -0,0 +1,52 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
<link rel="stylesheet" type="text/css" href="templates/css/base.css" media="screen" title="Normal" />
{$LSsession_css}
{$LSsession_js}
</head>
<body>
<div id='LSerror'>
{$LSerrors}
</div>
<div id='LSdebug'>
<a href='#' id='LSdebug_hidden'>X</a>
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
</div>
<div id='main'>
<div id='left'>
<img src='templates/images/logo.png' alt='Logo' id='logo'/>
<ul class='menu'>
{foreach from=$LSaccess item=item key=LSobject}
<li class='menu'><a href='view.php?LSobject={$LSobject}' class='menu'>{$item.label}</a></li>
{/foreach}
</ul>
</div>
<div id='right'>
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
<form action='{$LSform_action}' method='post' class='LSform'>
{$LSform_header}
<dl class='LSform'>
{foreach from=$LSform_fields item=field}
<dt class='LSform'>{$field.label}</dt>
<dd class='LSform'>{$field.html}{if $field.add != ''} <span class='LSform-addfield'>+ Ajouter un champ</span>{/if}</dd>
{if $field.errors != ''}
{foreach from=$field.errors item=error}
<dd class='LSform LSform-errors'>{$error}</dd>
{/foreach}
{/if}
{/foreach}
<dd class='LSform'><input type='submit' value='{$LSform_submittxt}' class='LSform' /></dd>
</dl>
</form>
</div>
<hr class='spacer' />
</div>
</body>
</html>

View file

@ -1,20 +1,3 @@
p.LSform-view-actions {
text-align: right;
font-size: 0.8em;
margin: 0.2em;
margin-right: 3em;
color: #0072b8;
}
a.LSform-view-actions {
text-decoration: none;
color: #0072b8;
}
a.LSform-view-actions:hover {
text-decoration: underline;
}
dl.LSform {
margin: 0;
margin-left: 2em;

View file

@ -114,6 +114,10 @@ td.LSobject-list-actions {
width: 7em;
}
td.LSobject-list-names {
cursor: pointer;
}
p.LSobject-list-page {
text-align: center;
margin: 0.5em;
@ -132,3 +136,21 @@ a.LSobject-list-page:hover {
strong.LSobject-list-page {
color: #0072b8;
}
p.LSview-actions {
text-align: right;
font-size: 0.8em;
margin: 0.2em;
margin-right: 3em;
color: #0072b8;
}
p.question {
margin-left: 3em;
}
a.question {
margin-left: 10em;
margin-top: 3em;
color: #0072b8;
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 773 B

View file

Before

Width:  |  Height:  |  Size: 498 B

After

Width:  |  Height:  |  Size: 498 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 477 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 655 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 805 B

After

Width:  |  Height:  |  Size: 799 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 317 B

View file

@ -29,7 +29,13 @@
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
<p class='LSform-view-actions'><a href='view.php?LSobject={$LSform_object.type}&amp;dn={$LSform_object.dn}' class='LSform-view-actions'>Voir</a></p>
{if $LSview_actions != ''}
<p class='LSview-actions'>
{foreach from=$LSview_actions item=item}
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
{/foreach}
</p>
{/if}
<form action='{$LSform_action}' method='post' class='LSform'>
{$LSform_header}

View file

@ -0,0 +1,45 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>LdapSaisie{if $pagetitle != ''} - {$pagetitle}{/if}</title>
<link rel="stylesheet" type="text/css" href="templates/css/base.css" media="screen" title="Normal" />
{$LSsession_css}
{$LSsession_js}
</head>
<body>
<div id='LSerror'>
{$LSerrors}
</div>
<div id='LSdebug'>
<a href='#' id='LSdebug_hidden'>X</a>
<div id='LSdebug_infos'>{if $LSdebug != ''}{$LSdebug}{/if}</div>
</div>
<div id='main'>
<div id='left'>
<img src='templates/images/logo.png' alt='Logo' id='logo'/>
<ul class='menu'>
{foreach from=$LSaccess item=item key=LSobject_type}
<li class='menu'><a href='view.php?LSobject={$LSobject_type}' class='menu'>{$item.label}</a></li>
{/foreach}
</ul>
</div>
<div id='right'>
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
{if $LSview_actions != ''}
<p class='LSview-actions'>
{foreach from=$LSview_actions item=item}
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
{/foreach}
</p>
{/if}
<p class='question'>{$question}</p>
{if $validation_txt!=''}<a href='{$validation_url}' class='question'>Valider</a>{/if}
</div>
<hr class='spacer' />
</div>
</body>
</html>

View file

@ -28,7 +28,14 @@
<div id='right'>
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
{if $LSform_canEdit == 'true'}<p class='LSform-view-actions'><a href='modify.php?LSobject={$LSform_object.type}&amp;dn={$LSform_object.dn}' class='LSform-view-actions'>Modifier</a></p>{/if}
{if $LSview_actions != ''}
<p class='LSview-actions'>
{foreach from=$LSview_actions item=item}
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
{/foreach}
</p>
{/if}
<dl class='LSform'>
{foreach from=$LSform_fields item=field}
<dt class='LSform'>{$field.label}</dt>

View file

@ -28,6 +28,14 @@
<div id='right'>
<p id='status'>Connecté en tant que <span id='user_name'>{$LSsession_username}</span></b> <a href='index.php?LSsession_logout'><img src='templates/images/logout.png' alt='Logout' title='Logout' /></a></p>
{if $pagetitle != ''}<h1>{$pagetitle}</h1>{/if}
{if $LSview_actions != ''}
<p class='LSview-actions'>
{foreach from=$LSview_actions item=item}
<a href='{$item.url}' class='LSview-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}' /></a>
{/foreach}
</p>
{/if}
<table class='LSobject-list'>
<tr class='LSobject-list'>
<th class='LSobject-list'>{$LSobject_list_objectname}</th>
@ -36,7 +44,13 @@
{foreach from=$LSobject_list item=object}
<tr class='LSobject-list'>
<td class='LSobject-list LSobject-list-names'><a href='view.php?LSobject={$LSobject_list_objecttype}&amp;dn={$object.dn}' class='LSobject-list'>{$object.displayValue}</a> </td>
<td class='LSobject-list LSobject-list-actions'>{if $object.canEdit}<a href='modify.php?LSobject={$LSobject_list_objecttype}&amp;dn={$object.dn}' class='LSobject-list-actions'><img src='templates/images/edit.png' alt='{$_Modifier}' title='{$_Modifier}'/></a>{/if}</td>
<td class='LSobject-list LSobject-list-actions'>
{if $object.actions!=''}
{foreach from=$object.actions item=item}
<a href='{$item.url}' class='LSobject-list-actions'><img src='templates/images/{$item.action}.png' alt='{$item.label}' title='{$item.label}'/></a>
{/foreach}
{/if}
</td>
</tr>
{/foreach}
</table>

View file

@ -28,14 +28,37 @@ require_once 'includes/class/class.LSsession.php';
$GLOBALS['LSsession'] = new LSsession();
if($LSsession -> startLSsession()) {
if (isset($_GET['LSobject'])) {
$LSobject = $_GET['LSobject'];
if ( $LSobject == 'SELF' ) {
if ($GLOBALS['LSsession'] -> canAccess($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
if ( $GLOBALS['LSsession'] -> canEdit($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
$GLOBALS['Smarty'] -> assign('LSform_canEdit',true);
if ( $GLOBALS['LSsession'] -> canEdit($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn')) ) {
$LSview_actions[] = array (
'label' => _('Modifier'),
'url' => 'modify.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&amp;dn='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
'action' => 'modify'
);
}
if ($GLOBALS['LSsession'] -> canCreate($GLOBALS['LSsession']-> LSuserObject -> getType())) {
$LSview_actions[] = array(
'label' => _('Copier'),
'url' =>'create.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&amp;load='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
'action' => 'copy'
);
}
if ($GLOBALS['LSsession'] -> canRemove($GLOBALS['LSsession']-> LSuserObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
$LSview_actions[] = array (
'label' => _('Supprimer'),
'url' => 'remove.php?LSobject='.$GLOBALS['LSsession']-> LSuserObject -> getType().'&amp;dn='.$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'),
'action' => 'delete'
);
}
$GLOBALS['Smarty'] -> assign('pagetitle',_('Mon compte'));
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
$form = $GLOBALS['LSsession']-> LSuserObject -> getView();
$form -> displayView();
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
@ -49,12 +72,35 @@ if($LSsession -> startLSsession()) {
if ( isset($_GET['dn']) ) {
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$_GET['dn'])) {
if ( $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$_GET['dn']) ) {
$GLOBALS['Smarty'] -> assign('LSform_canEdit','true');
$LSview_actions[] = array(
'label' => _('Modifier'),
'url' =>'modify.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$_GET['dn'],
'action' => 'modify'
);
}
if ($GLOBALS['LSsession'] -> canCreate($_GET['LSobject'])) {
$LSview_actions[] = array(
'label' => _('Copier'),
'url' =>'create.php?LSobject='.$_GET['LSobject'].'&amp;load='.$_GET['dn'],
'action' => 'copy'
);
}
if ($GLOBALS['LSsession'] -> canRemove($_GET['LSobject'],$_GET['dn'])) {
$LSview_actions[] = array(
'label' => _('Supprimer'),
'url' => 'remove.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$_GET['dn'],
'action' => 'delete'
);
}
$object = new $_GET['LSobject']();
$object -> loadData($_GET['dn']);
$view = $object -> getView();
$view -> displayView();
$GLOBALS['Smarty'] -> assign('pagetitle',$object -> getDisplayValue());
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
$GLOBALS['LSsession'] -> setTemplate('view.tpl');
}
else {
@ -66,6 +112,16 @@ if($LSsession -> startLSsession()) {
$object = new $_GET['LSobject']();
$GLOBALS['Smarty']->assign('pagetitle',$object -> getLabel());
$GLOBALS['Smarty']->assign('LSobject_list_objectname',$object -> getLabel());
if ($GLOBALS['LSsession'] -> canCreate($_GET['LSobject'])) {
$LSview_actions[] = array (
'label' => _('Nouveau'),
'url' => 'create.php?LSobject='.$_GET['LSobject'],
'action' => 'create'
);
$canCopy=true;
}
$list=$object -> listObjects();
$nbObjects=count($list);
if ($nbObjects > NB_LSOBJECT_LIST) {
@ -81,11 +137,42 @@ if($LSsession -> startLSsession()) {
}
}
foreach($list as $thisObject) {
unset($actions);
if ($GLOBALS['LSsession'] -> canAccess($_GET['LSobject'],$thisObject->getValue('dn'))) {
$actions[] = array(
'label' => _('Voir'),
'url' =>'view.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$thisObject -> getValue('dn'),
'action' => 'view'
);
if ($GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$thisObject->getValue('dn'))) {
$actions[]=array(
'label' => _('Modifier'),
'url' => 'modify.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$thisObject->getValue('dn'),
'action' => 'modify'
);
}
if ($canCopy) {
$actions[] = array(
'label' => _('Copier'),
'url' =>'create.php?LSobject='.$_GET['LSobject'].'&amp;load='.$thisObject -> getValue('dn'),
'action' => 'copy'
);
}
if ($GLOBALS['LSsession'] -> canRemove($thisObject -> getType(),$GLOBALS['LSsession']-> LSuserObject -> getValue('dn'))) {
$actions[] = array (
'label' => _('Supprimer'),
'url' => 'remove.php?LSobject='.$_GET['LSobject'].'&amp;dn='.$thisObject -> getValue('dn'),
'action' => 'delete'
);
}
$objectList[]=array(
'dn' => $thisObject->getValue('dn'),
'displayValue' => $thisObject->getDisplayValue(),
'canEdit' => $GLOBALS['LSsession'] -> canEdit($_GET['LSobject'],$thisObject->getValue('dn'))
'actions' => $actions
);
}
else {
@ -98,6 +185,7 @@ if($LSsession -> startLSsession()) {
$GLOBALS['Smarty']->assign('_Modifier',_('Modifier'));
$GLOBALS['Smarty']->assign('LSobject_list',$objectList);
$GLOBALS['Smarty']->assign('LSobject_list_objecttype',$_GET['LSobject']);
$GLOBALS['Smarty'] -> assign('LSview_actions',$LSview_actions);
$GLOBALS['LSsession'] -> setTemplate('viewList.tpl');
}
}
@ -105,6 +193,10 @@ if($LSsession -> startLSsession()) {
$GLOBALS['LSerror'] -> addErrorCode(1004,$_GET['LSobject']);
}
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1012);
}
}
else {
$GLOBALS['LSsession'] -> setTemplate('login.tpl');