bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-09-29 01:29:55 +02:00
Code Issues Projects Releases Wiki Activity

LSrelation : Fix the bug that permit to change relation with object

Browse source 
that user can't modify
This commit is contained in:
Benjamin Renard 2009-11-11 20:00:59 +00:00
parent 216fae6b7f
commit bf209ccd04
9 changed files with 77 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
trunk/conf/LSobjects/config.LSobjects.LScompany.php
View file

@ -26,7 +26,6 @@ $GLOBALS['LSobjects']['LScompany'] = array (
'lscompany' 'lscompany'
), ),
'rdn' => 'ou', 'rdn' => 'ou',
'orderby' => 'displayName', // possible cases : 'displayName' ou 'subDn'
'container_dn' => 'ou=companies', 'container_dn' => 'ou=companies',
'display_name_format' => '%{ou}', 'display_name_format' => '%{ou}',
'label' => 'Companies', 'label' => 'Companies',

2
trunk/conf/LSobjects/config.LSobjects.LSgroup.php
View file

@ -26,7 +26,6 @@ $GLOBALS['LSobjects']['LSgroup'] = array (
'posixGroup' 'posixGroup'
), ),
'rdn' => 'cn', 'rdn' => 'cn',
'orderby' => 'displayName', // Valeurs possibles : 'displayName' ou 'subDn'
'container_dn' => 'ou=groups', 'container_dn' => 'ou=groups',
'container_auto_create' => array( 'container_auto_create' => array(
'objectclass' => array( 'objectclass' => array(
@ -121,6 +120,7 @@ $GLOBALS['LSobjects']['LSgroup'] = array (
'view' => 1, 'view' => 1,
'rights' => array( 'rights' => array(
'admin' => 'w', 'admin' => 'w',
'admingroup' => 'w',
'godfather' => 'w' 'godfather' => 'w'
), ),
'form' => array ( 'form' => array (

6
trunk/conf/LSobjects/config.LSobjects.LSpeople.php
View file

@ -27,7 +27,6 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
'posixAccount', 'posixAccount',
'sambaSamAccount', 'sambaSamAccount',
), ),
'orderby' => 'displayName', // Valeurs possibles : 'displayName' ou 'subDn'
'rdn' => 'uid', 'rdn' => 'uid',
'container_dn' => 'ou=people', 'container_dn' => 'ou=people',
@ -59,9 +58,12 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
'update_function' => 'updateUserGroups', 'update_function' => 'updateUserGroups',
'remove_function' => 'deleteOneMember', 'remove_function' => 'deleteOneMember',
'rename_function' => 'renameOneMember', 'rename_function' => 'renameOneMember',
'canEdit_function' => 'canEditGroupRelation',
'canEdit_attribute' => 'uniqueMember',
'rights' => array( 'rights' => array(
'self' => 'r', 'self' => 'r',
'admin' => 'w' 'admin' => 'w',
'admingroup' => 'w'
) )
) )
), ),

5
trunk/conf/config.inc.php
View file

@ -122,6 +122,11 @@ $GLOBALS['LSconfig'] = array(
'LSobject' => 'LSgroup' 'LSobject' => 'LSgroup'
) )
) )
),
'admingroup' => array (
'ou=company1,ou=companies,o=ls' => array (
'uid=user1,ou=people,ou=company1,ou=companies,o=ls' => NULL
)
) )
), ),
'authObjectType' => 'LSpeople', 'authObjectType' => 'LSpeople',

30
trunk/includes/class/class.LSldapObject.php
View file

@ -1493,15 +1493,23 @@ class LSldapObject {
* @param[in] $attrValue La valeur que doit avoir l'attribut : * @param[in] $attrValue La valeur que doit avoir l'attribut :
* - soit le dn (par defaut) * - soit le dn (par defaut)
* - soit la valeur [0] d'un attribut * - soit la valeur [0] d'un attribut
* @param[in] $canEditFunction Le nom de la fonction pour vérifier que la
* relation avec l'objet est éditable par le user
* *
* @retval boolean true si l'objet à été ajouté, False sinon * @retval boolean true si l'objet à été ajouté, False sinon
**/ **/
function addOneObjectInRelation($object,$attr,$objectType,$attrValue='dn') { function addOneObjectInRelation($object,$attr,$objectType,$attrValue='dn',$canEditFunction=NULL) {
if ((!$attr)||(!$objectType)) { if ((!$attr)||(!$objectType)) {
LSerror :: addErrorCode('LSrelations_05','addOneObjectInRelation'); LSerror :: addErrorCode('LSrelations_05','addOneObjectInRelation');
return; return;
} }
if ($object instanceof $objectType) { if ($object instanceof $objectType) {
if ($canEditFunction) {
if (!$this -> $canEditFunction()) {
LSerror :: addErrorCode('LSsession_11');
return;
}
}
if ($this -> attrs[$attr] instanceof LSattribute) { if ($this -> attrs[$attr] instanceof LSattribute) {
if ($attrValue=='dn') { if ($attrValue=='dn') {
$val = $object -> getDn(); $val = $object -> getDn();
@ -1543,15 +1551,23 @@ class LSldapObject {
* @param[in] $attrValue La valeur que doit avoir l'attribut : * @param[in] $attrValue La valeur que doit avoir l'attribut :
* - soit le dn (par defaut) * - soit le dn (par defaut)
* - soit la valeur [0] d'un attribut * - soit la valeur [0] d'un attribut
* @param[in] $canEditFunction Le nom de la fonction pour vérifier que la
* relation avec l'objet est éditable par le user
* *
* @retval boolean true si l'objet à été supprimé, False sinon * @retval boolean true si l'objet à été supprimé, False sinon
**/ **/
function deleteOneObjectInRelation($object,$attr,$objectType,$attrValue='dn') { function deleteOneObjectInRelation($object,$attr,$objectType,$attrValue='dn',$canEditFunction=NULL) {
if ((!$attr)||(!$objectType)) { if ((!$attr)||(!$objectType)) {
LSerror :: addErrorCode('LSrelations_05','deleteOneObjectInRelation'); LSerror :: addErrorCode('LSrelations_05','deleteOneObjectInRelation');
return; return;
} }
if ($object instanceof $objectType) { if ($object instanceof $objectType) {
if ($canEditFunction) {
if (!$this -> $canEditFunction()) {
LSerror :: addErrorCode('LSsession_11');
return;
}
}
if ($this -> attrs[$attr] instanceof LSattribute) { if ($this -> attrs[$attr] instanceof LSattribute) {
if ($attrValue=='dn') { if ($attrValue=='dn') {
$val = $object -> getDn(); $val = $object -> getDn();
@ -1638,10 +1654,12 @@ class LSldapObject {
* @param[in] $attrValue La valeur que doit avoir l'attribut : * @param[in] $attrValue La valeur que doit avoir l'attribut :
* - soit le dn (par defaut) * - soit le dn (par defaut)
* - soit la valeur [0] d'un attribut * - soit la valeur [0] d'un attribut
* @param[in] $canEditFunction Le nom de la fonction pour vérifier que la
* relation avec l'objet est éditable par le user
* *
* @retval boolean true si tout c'est bien passé, False sinon * @retval boolean true si tout c'est bien passé, False sinon
**/ **/
function updateObjectsInRelation($object,$listDns,$attr,$objectType,$attrValue='dn') { function updateObjectsInRelation($object,$listDns,$attr,$objectType,$attrValue='dn',$canEditFunction=NULL) {
if ((!$attr)||(!$objectType)) { if ((!$attr)||(!$objectType)) {
LSerror :: addErrorCode('LSrelations_05','updateObjectsInRelation'); LSerror :: addErrorCode('LSrelations_05','updateObjectsInRelation');
return; return;
@ -1685,7 +1703,7 @@ class LSldapObject {
continue; continue;
} }
else { else {
if (!$currentObjects[$i] -> deleteOneObjectInRelation($object,$attr,$objectType,$attrValue)) { if (!$currentObjects[$i] -> deleteOneObjectInRelation($object,$attr,$objectType,$attrValue,$canEditFunction)) {
return; return;
} }
} }
@ -1698,7 +1716,7 @@ class LSldapObject {
else { else {
$obj = new $type(); $obj = new $type();
if ($obj -> loadData($dn)) { if ($obj -> loadData($dn)) {
if (!$obj -> addOneObjectInRelation($object,$attr,$objectType,$attrValue)) { if (!$obj -> addOneObjectInRelation($object,$attr,$objectType,$attrValue,$canEditFunction)) {
return; return;
} }
} }
@ -1717,7 +1735,7 @@ class LSldapObject {
foreach($listDns as $dn) { foreach($listDns as $dn) {
$obj = new $type(); $obj = new $type();
if ($obj -> loadData($dn)) { if ($obj -> loadData($dn)) {
if (!$obj -> addOneObjectInRelation($object,$attr,$objectType,$attrValue)) { if (!$obj -> addOneObjectInRelation($object,$attr,$objectType,$attrValue,$canEditFunction)) {
return; return;
} }
} }

18
trunk/includes/class/class.LSobjects.LSgroup.php
View file

@ -64,7 +64,7 @@ class LSgroup extends LSldapObject {
* @retval boolean true si l'utilisateur à été ajouté, False sinon * @retval boolean true si l'utilisateur à été ajouté, False sinon
**/ **/
function addOneMember($object) { function addOneMember($object) {
return $this -> addOneObjectInRelation($object,$this -> memberAttr, $this -> userObjectType); return $this -> addOneObjectInRelation($object,$this -> memberAttr, $this -> userObjectType,'dn','canEditGroupRelation');
} }
/** /**
@ -75,7 +75,7 @@ class LSgroup extends LSldapObject {
* @retval boolean true si l'utilisateur à été supprimé, False sinon * @retval boolean true si l'utilisateur à été supprimé, False sinon
**/ **/
function deleteOneMember($object) { function deleteOneMember($object) {
return $this -> deleteOneObjectInRelation($object,$this -> memberAttr,$this -> userObjectType); return $this -> deleteOneObjectInRelation($object,$this -> memberAttr,$this -> userObjectType,'dn','canEditGroupRelation');
} }
/** /**
@ -99,7 +99,19 @@ class LSgroup extends LSldapObject {
* @retval boolean true si tout c'est bien passé, False sinon * @retval boolean true si tout c'est bien passé, False sinon
**/ **/
function updateUserGroups($object,$listDns) { function updateUserGroups($object,$listDns) {
return $this -> updateObjectsInRelation($object,$listDns,$this -> memberAttr,$this -> userObjectType); return $this -> updateObjectsInRelation($object,$listDns,$this -> memberAttr,$this -> userObjectType,'dn','canEditGroupRelation');
}
/**
* Test si l'utilisateur peut d'editer la relation avec ce groupe
*
* @retval boolean true si tout l'utilisateur peut éditer la relation, False sinon
**/
function canEditGroupRelation($dn=NULL) {
if (!$dn) {
$dn=$this -> dn;
}
return LSsession :: canEdit($this -> type_name,$this -> dn,$this -> memberAttr);
} }
} }

28
trunk/includes/class/class.LSrelation.php
View file

@ -80,7 +80,7 @@ class LSrelation {
if (LSsession :: relationCanEdit($object -> getValue('dn'),$object->getType(),$relationName)) { if (LSsession :: relationCanEdit($object -> getValue('dn'),$object->getType(),$relationName)) {
$return['actions'][] = array( $return['actions'][] = array(
'label' => _('Modify'), 'label' => _('Modify'),
'url' => 'select.php?LSobject='.$relationConf['LSobject'].'&multiple=1', 'url' => 'select.php?LSobject='.$relationConf['LSobject'].'&multiple=1'.((isset($relationConf['canEdit_attribute']))?'&editableAttr='.$relationConf['canEdit_attribute']:''),
'action' => 'modify' 'action' => 'modify'
); );
} }
@ -99,6 +99,12 @@ class LSrelation {
'text' => $o -> getDisplayName(NULL,true), 'text' => $o -> getDisplayName(NULL,true),
'dn' => $o -> getDn() 'dn' => $o -> getDn()
); );
if (isset($relationConf['canEdit_function'])) {
$o_infos['canEdit']= $o -> $relationConf['canEdit_function']();
}
else {
$o_infos['canEdit']=true;
}
$return['objectList'][] = $o_infos; $return['objectList'][] = $o_infos;
} }
} }
@ -187,7 +193,18 @@ class LSrelation {
$list = $objRel -> $relationConf['list_function']($object); $list = $objRel -> $relationConf['list_function']($object);
if (is_array($list)&&(!empty($list))) { if (is_array($list)&&(!empty($list))) {
foreach($list as $o) { foreach($list as $o) {
$data['html'].= "<li class='LSrelation'><a href='view.php?LSobject=".$relationConf['LSobject']."&amp;dn=".$o -> getDn()."' class='LSrelation' id='".$o -> getDn()."'>".$o -> getDisplayName(NULL,true)."</a></li>\n"; if (isset($relationConf['canEdit_function'])) {
if ($o -> $relationConf['canEdit_function']()) {
$class=' LSrelation_editable';
}
else {
$class='';
}
}
else {
$class=' LSrelation_editable';
}
$data['html'].= "<li class='LSrelation'><a href='view.php?LSobject=".$relationConf['LSobject']."&amp;dn=".$o -> getDn()."' class='LSrelation$class' id='".$o -> getDn()."'>".$o -> getDisplayName(NULL,true)."</a></li>\n";
} }
} }
else { else {
@ -249,12 +266,19 @@ class LSrelation {
$ok=false; $ok=false;
foreach($list as $o) { foreach($list as $o) {
if($o -> getDn() == $_REQUEST['dn']) { if($o -> getDn() == $_REQUEST['dn']) {
if (isset($relationConf['canEdit_function'])) {
if (!$o -> $relationConf['canEdit_function']()) {
LSerror :: addErrorCode('LSsession_11');
break;
}
}
if (!$o -> $relationConf['remove_function']($object)) { if (!$o -> $relationConf['remove_function']($object)) {
LSerror :: addErrorCode('LSrelations_03',$conf['relationName']); LSerror :: addErrorCode('LSrelations_03',$conf['relationName']);
} }
else { else {
$ok = true; $ok = true;
} }
break;
} }
} }
if (!$ok) { if (!$ok) {

2
trunk/includes/js/LSrelation.js
View file

@ -28,7 +28,7 @@ var LSrelation = new Class({
el.destroy(); el.destroy();
}, this); }, this);
this.deleteBtnId = 0; this.deleteBtnId = 0;
$$('a.LSrelation').each(function(a) { $$('a.LSrelation_editable').each(function(a) {
this.deleteBtn[this.deleteBtnId] = new Element('img'); this.deleteBtn[this.deleteBtnId] = new Element('img');
this.deleteBtn[this.deleteBtnId].src = varLSdefault.imagePath('delete.png'); this.deleteBtn[this.deleteBtnId].src = varLSdefault.imagePath('delete.png');
this.deleteBtn[this.deleteBtnId].setStyle('cursor','pointer'); this.deleteBtn[this.deleteBtnId].setStyle('cursor','pointer');

2
trunk/templates/default/LSrelations.tpl
View file

@ -8,7 +8,7 @@
{/if} {/if}
<ul id='LSrelation_ul_{$item.id}' class='LSrelation'> <ul id='LSrelation_ul_{$item.id}' class='LSrelation'>
{foreach from=$item.objectList item=object} {foreach from=$item.objectList item=object}
<li class='LSrelation'><a href='view.php?LSobject={$item.LSobject}&amp;dn={$object.dn}' class='LSrelation' id='{$object.dn}'>{$object.text}</a></li> <li class='LSrelation'><a href='view.php?LSobject={$item.LSobject}&amp;dn={$object.dn}' class='LSrelation{if $object.canEdit} LSrelation_editable{/if}' id='{$object.dn}'>{$object.text}</a></li>
{foreachelse} {foreachelse}
<li class='LSrelation'>{$item.emptyText}</li> <li class='LSrelation'>{$item.emptyText}</li>
{/foreach} {/foreach}