diff --git a/CHANGELOG b/CHANGELOG
index ec87b9105..c12a0c679 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,9 @@
+--------------------------------------------------------------------------------
+ Changes in version 4.3.4
+--------------------------------------------------------------------------------
+- clean up and test ldap authentication code
+- fix handling of multivalue attributes
+
--------------------------------------------------------------------------------
Changes in version 4.3.3
--------------------------------------------------------------------------------
diff --git a/SeedDMS_Core/Core/inc.ClassObject.php b/SeedDMS_Core/Core/inc.ClassObject.php
index 9e464264e..894025c02 100644
--- a/SeedDMS_Core/Core/inc.ClassObject.php
+++ b/SeedDMS_Core/Core/inc.ClassObject.php
@@ -105,16 +105,23 @@ class SeedDMS_Core_Object { /* {{{ */
/**
* Returns an attribute of the object for the given attribute definition
*
- * @return object object of class SeedDMS_Core_Attribute or false
+ * @return array|string value of attritbute or false. The value is an array
+ * if the attribute is defined as multi value
*/
function getAttributeValue($attrdef) { /* {{{ */
if (!$this->_attributes) {
$this->getAttributes();
}
- if (isset($this->_attributes[$attrdef->getId()]))
- return $this->_attributes[$attrdef->getId()]->getValue();
- else
+ if (isset($this->_attributes[$attrdef->getId()])) {
+ $value = $this->_attributes[$attrdef->getId()]->getValue();
+ if($attrdef->getMultipleValues()) {
+ $sep = substr($value, 0, 1);
+ return(explode($sep, substr($value, 1)));
+ } else {
+ return $value;
+ }
+ } else
return false;
} /* }}} */
@@ -122,6 +129,9 @@ class SeedDMS_Core_Object { /* {{{ */
/**
* Set an attribute of the object for the given attribute definition
*
+ * @param object $attrdef definition of attribute
+ * @param array|sting $value value of attribute, for multiple values this
+ * must be an array
* @return boolean true if operation was successful, otherwise false
*/
function setAttributeValue($attrdef, $value) { /* {{{ */
@@ -129,6 +139,10 @@ class SeedDMS_Core_Object { /* {{{ */
if (!$this->_attributes) {
$this->getAttributes();
}
+ if($attrdef->getMultipleValues() && is_array($value)) {
+ $sep = substr($attrdef->getValueSet(), 0, 1);
+ $value = $sep.implode($sep, $value);
+ }
if(!isset($this->_attributes[$attrdef->getId()])) {
switch(get_class($this)) {
case "SeedDMS_Core_Document":
diff --git a/SeedDMS_Core/package.xml b/SeedDMS_Core/package.xml
index 642f468e6..756565442 100644
--- a/SeedDMS_Core/package.xml
+++ b/SeedDMS_Core/package.xml
@@ -15,8 +15,8 @@
2014-02-01
- 4.3.3
- 4.3.3
+ 4.3.4
+ 4.3.4stable
@@ -24,10 +24,7 @@
GPL License
-- SeedDMS_Folder::getDocuments() and SeedDMS_Folder::getSubFolders() do not
- do any sorting if $orderby is not set.
-- database hostname can have port seperated by ':'
-- make all functions in SeedDMS_Core_File static (fixes problem with php 5.5.x)
+- fix handling of multivalue attributes
@@ -586,5 +583,24 @@ New release
- new methods SeedDMS_Core_DMS::checkFolders() and SeedDMS_Core_DMS::checkDocuments()
+
+ 2014-02-01
+
+
+ 4.3.3
+ 4.3.3
+
+
+ stable
+ stable
+
+ GPL License
+
+- SeedDMS_Folder::getDocuments() and SeedDMS_Folder::getSubFolders() do not
+ do any sorting if $orderby is not set.
+- database hostname can have port seperated by ':'
+- make all functions in SeedDMS_Core_File static (fixes problem with php 5.5.x)
+
+
diff --git a/op/op.AttributeMgr.php b/op/op.AttributeMgr.php
index 1a3d56495..1cbffa260 100644
--- a/op/op.AttributeMgr.php
+++ b/op/op.AttributeMgr.php
@@ -58,6 +58,13 @@ if ($action == "addattrdef") {
if (is_object($dms->getAttributeDefinitionByName($name))) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_exists"));
}
+ if($minvalues > 1 && $multiple == 0) {
+ UI::exitError(getMLText("admin_tools"),getMLText("attrdef_must_be_multiple"));
+ }
+ if($minvalues > $maxvalues) {
+ UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max"));
+ }
+
$newAttrdef = $dms->addAttributeDefinition($name, $objtype, $type, $multiple, $minvalues, $maxvalues, $valueset, $regex);
if (!$newAttrdef) {
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
@@ -124,6 +131,14 @@ else if ($action == "editattrdef") {
$maxvalues = intval($_POST["maxvalues"]);
$valueset = trim($_POST["valueset"]);
$regex = trim($_POST["regex"]);
+
+ if($minvalues > 1 && $multiple == 0) {
+ UI::exitError(getMLText("admin_tools"),getMLText("attrdef_must_be_multiple"));
+ }
+ if($minvalues > $maxvalues) {
+ UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max"));
+ }
+
if (!$attrdef->setName($name)) {
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
}
diff --git a/op/op.EditDocument.php b/op/op.EditDocument.php
index 37c1f6780..e572f201b 100644
--- a/op/op.EditDocument.php
+++ b/op/op.EditDocument.php
@@ -231,8 +231,8 @@ if($categories) {
}
}
+$oldattributes = $document->getAttributes();
if($attributes) {
- $oldattributes = $document->getAttributes();
foreach($attributes as $attrdefid=>$attribute) {
$attrdef = $dms->getAttributeDefinition($attrdefid);
if($attribute) {
@@ -251,6 +251,13 @@ if($attributes) {
}
}
}
+foreach($oldattributes as $attrdefid=>$oldattribute) {
+ if(!isset($attributes[$attrdefid])) {
+ if(!$document->removeAttribute($dms->getAttributeDefinition($attrdefid)))
+ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("error_occured"));
+ }
+
+}
if($sequence != "keep") {
if($document->setSequence($sequence)) {
diff --git a/op/op.EditFolder.php b/op/op.EditFolder.php
index ec60df20b..eaf40df4c 100644
--- a/op/op.EditFolder.php
+++ b/op/op.EditFolder.php
@@ -153,8 +153,8 @@ if(($oldcomment = $folder->getComment()) != $comment) {
}
}
+$oldattributes = $folder->getAttributes();
if($attributes) {
- $oldattributes = $folder->getAttributes();
foreach($attributes as $attrdefid=>$attribute) {
$attrdef = $dms->getAttributeDefinition($attrdefid);
if($attribute) {
@@ -173,6 +173,13 @@ if($attributes) {
}
}
}
+foreach($oldattributes as $attrdefid=>$oldattribute) {
+ if(!isset($attributes[$attrdefid])) {
+ if(!$folder->removeAttribute($dms->getAttributeDefinition($attrdefid)))
+ UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured"));
+ }
+
+}
if(strcasecmp($sequence, "keep")) {
if($folder->setSequence($sequence)) {
diff --git a/op/op.Login.php b/op/op.Login.php
index ea8001434..fd6269d4e 100644
--- a/op/op.Login.php
+++ b/op/op.Login.php
@@ -70,6 +70,10 @@ if ((!isset($pwd) || strlen($pwd)==0) && ($login != $guestUser->getLogin())) {
exit;
}
+/* Initialy set $user to false. It will contain a valid user record
+ * if authentication against ldap succeeds.
+ * _ldapHost will only have a value if the ldap connector has been enabled
+ */
$user = false;
if(isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) {
@@ -83,78 +87,70 @@ if(isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) {
}
if (is_bool($user)) {
- //
- // LDAP Sign In
- //
-
- /* new code by doudoux - TO BE TESTED */
- if (isset($settings->_ldapBaseDN)) {
- $ldapSearchAttribut = "uid=";
- $tmpDN = "uid=".$login.",".$settings->_ldapBaseDN;
+if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
+ if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) {
+ $ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort);
+ } else {
+ $ds = ldap_connect($settings->_ldapHost);
}
- if (isset($settings->_ldapType)) {
- if ($settings->_ldapType==1) {
- $ldapSearchAttribut = "sAMAccountName=";
- $tmpDN = $login.'@'.$settings->_ldapAccountDomainName;
+ if (!is_bool($ds)) {
+ /* Check if ldap base dn is set, and use ldap server if it is */
+ if (isset($settings->_ldapBaseDN)) {
+ $ldapSearchAttribut = "uid=";
+ $tmpDN = "uid=".$login.",".$settings->_ldapBaseDN;
}
- }
- /* end of new code */
- if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
- if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) {
- $ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort);
- }
- else {
- $ds = ldap_connect($settings->_ldapHost);
- }
- if (!is_bool($ds)) {
- // Ensure that the LDAP connection is set to use version 3 protocol.
- // Required for most authentication methods, including SASL.
- ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
-
- // try an anonymous bind first. If it succeeds, get the DN for the user.
- if (isset($settings->_ldapBindDN)) {
- $bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw);
- } else {
- $bind = @ldap_bind($ds);
+ /* Active directory has a different base dn */
+ if (isset($settings->_ldapType)) {
+ if ($settings->_ldapType==1) {
+ $ldapSearchAttribut = "sAMAccountName=";
+ $tmpDN = $login.'@'.$settings->_ldapAccountDomainName;
}
- $dn = false;
-
- /* new code by doudoux - TO BE TESTED */
- if ($bind) {
- $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
- if (!is_bool($search)) {
- $info = ldap_get_entries($ds, $search);
- if (!is_bool($info) && $info["count"]>0) {
- $dn = $info[0]['dn'];
- }
- }
- }
- /* end of new code */
-
- /* old code */
- if ($bind) {
- $search = ldap_search($ds, $settings->_ldapBaseDN, "uid=".$login);
- if (!is_bool($search)) {
- $info = ldap_get_entries($ds, $search);
- if (!is_bool($info) && $info["count"]>0) {
- $dn = $info[0]['dn'];
- }
+ }
+
+ // Ensure that the LDAP connection is set to use version 3 protocol.
+ // Required for most authentication methods, including SASL.
+ ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+ // try an authenticated/anonymous bind first.
+ // If it succeeds, get the DN for the user and use it for an authentication
+ // with the users password.
+ $bind = false;
+ if (isset($settings->_ldapBindDN)) {
+ $bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw);
+ } else {
+ $bind = @ldap_bind($ds);
+ }
+ $dn = false;
+ /* If bind succeed, then get the dn of for the user */
+ if ($bind) {
+ $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
+ if (!is_bool($search)) {
+ $info = ldap_get_entries($ds, $search);
+ if (!is_bool($info) && $info["count"]>0) {
+ $dn = $info[0]['dn'];
}
}
- /* end of old code */
+ }
-
- if (is_bool($dn)) {
- // This is the fallback position, in case the anonymous bind does not
- // succeed.
-
- /* new code by doudoux - TO BE TESTED */
- $dn = $tmpDN;
- /* old code */
- //$dn = "uid=".$login.",".$settings->_ldapBaseDN;
-
+ /* If the previous bind failed, try it with the users creditionals
+ * by simply setting $dn to a default string
+ */
+ if (is_bool($dn)) {
+ $dn = $tmpDN;
+ }
+
+ /* No do the actual authentication of the user */
+ $bind = @ldap_bind($ds, $dn, $pwd);
+ if ($bind) {
+ // Successfully authenticated. Now check to see if the user exists within
+ // the database. If not, add them in if _restricted is not set,
+ // but do not add their password.
+ $user = $dms->getUserByLogin($login);
+ if (is_bool($user) && !$settings->_restricted) {
+ // Retrieve the user's LDAP information.
+ $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login);
}
$bind = @ldap_bind($ds, $dn, $pwd);
if ($bind) {
@@ -185,6 +181,7 @@ if (is_bool($user)) {
}
}
}
+}
if (is_bool($user)) {
//
diff --git a/views/bootstrap/class.AttributeMgr.php b/views/bootstrap/class.AttributeMgr.php
index bc0f352e5..e482f58f1 100644
--- a/views/bootstrap/class.AttributeMgr.php
+++ b/views/bootstrap/class.AttributeMgr.php
@@ -186,7 +186,11 @@ function showAttributeDefinitions(selectObj) {
print "