From 41469a4570c25d1b309bd81f7fb31dbe016d47d0 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Sat, 1 Feb 2014 21:52:45 +0100 Subject: [PATCH 1/3] clean up and test ldap code --- op/op.Login.php | 86 +++++++++++++++++++------------------------------ 1 file changed, 34 insertions(+), 52 deletions(-) diff --git a/op/op.Login.php b/op/op.Login.php index 27d1947cf..5c1ba9fb9 100644 --- a/op/op.Login.php +++ b/op/op.Login.php @@ -69,37 +69,40 @@ if ((!isset($pwd) || strlen($pwd)==0) && ($login != $guestUser->getLogin())) { // LDAP Sign In // -/* new code by doudoux - TO BE TESTED */ -if (isset($settings->_ldapBaseDN)) { - $ldapSearchAttribut = "uid="; - $tmpDN = "uid=".$login.",".$settings->_ldapBaseDN; -} - -if (isset($settings->_ldapType)) -{ - if ($settings->_ldapType==1) - { - $ldapSearchAttribut = "sAMAccountName="; - $tmpDN = $login.'@'.$settings->_ldapAccountDomainName; - } -} -/* end of new code */ - - +/* Initialy set $user to false. It will contain a valid user record + * if authentication against ldap succeeds. + * _ldapHost will only have a value if the ldap connector has been enabled + */ $user = false; if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { if (isset($settings->_ldapPort) && is_int($settings->_ldapPort)) { $ds = ldap_connect($settings->_ldapHost, $settings->_ldapPort); - } - else { + } else { $ds = ldap_connect($settings->_ldapHost); } + if (!is_bool($ds)) { + /* Check if ldap base dn is set, and use ldap server if it is */ + if (isset($settings->_ldapBaseDN)) { + $ldapSearchAttribut = "uid="; + $tmpDN = "uid=".$login.",".$settings->_ldapBaseDN; + } + + /* Active directory has a different base dn */ + if (isset($settings->_ldapType)) { + if ($settings->_ldapType==1) { + $ldapSearchAttribut = "sAMAccountName="; + $tmpDN = $login.'@'.$settings->_ldapAccountDomainName; + } + } + // Ensure that the LDAP connection is set to use version 3 protocol. // Required for most authentication methods, including SASL. ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - // try an authenticated/anonymous bind first. If it succeeds, get the DN for the user. + // try an authenticated/anonymous bind first. + // If it succeeds, get the DN for the user and use it for an authentication + // with the users password. $bind = false; if (isset($settings->_ldapBindDN)) { $bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw); @@ -107,55 +110,34 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { $bind = @ldap_bind($ds); } $dn = false; - - /* new code by doudoux - TO BE TESTED */ - if ($bind) { - $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login); - if (!is_bool($search)) { - $info = ldap_get_entries($ds, $search); - if (!is_bool($info) && $info["count"]>0) { - $dn = $info[0]['dn']; - } - } - } - /* end of new code */ - - /* old code */ - if ($bind) { - $search = ldap_search($ds, $settings->_ldapBaseDN, "uid=".$login); + /* If bind succeed, then get the dn of for the user */ + if ($bind) { + $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login); if (!is_bool($search)) { $info = ldap_get_entries($ds, $search); if (!is_bool($info) && $info["count"]>0) { $dn = $info[0]['dn']; } } - } - /* end of old code */ + } - + /* If the previous bind failed, try it with the users creditionals + * by simply setting $dn to a default string + */ if (is_bool($dn)) { - // This is the fallback position, in case the anonymous bind does not - // succeed. - - /* new code by doudoux - TO BE TESTED */ $dn = $tmpDN; - /* old code */ - //$dn = "uid=".$login.",".$settings->_ldapBaseDN; - } + + /* No do the actual authentication of the user */ $bind = @ldap_bind($ds, $dn, $pwd); if ($bind) { // Successfully authenticated. Now check to see if the user exists within - // the database. If not, add them in, but do not add their password. + // the database. If not, add them in if _restricted is not set, + // but do not add their password. $user = $dms->getUserByLogin($login); if (is_bool($user) && !$settings->_restricted) { // Retrieve the user's LDAP information. - - - /* new code by doudoux - TO BE TESTED */ $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login); - /* old code */ - //$search = ldap_search($ds, $dn, "uid=".$login); if (!is_bool($search)) { $info = ldap_get_entries($ds, $search); From 5c07f7545b7c40b180ab7ed059451453bb1ade7a Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 20 Feb 2014 21:03:03 +0100 Subject: [PATCH 2/3] fix handling of multivalue attributes --- SeedDMS_Core/Core/inc.ClassObject.php | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/SeedDMS_Core/Core/inc.ClassObject.php b/SeedDMS_Core/Core/inc.ClassObject.php index 9e464264e..894025c02 100644 --- a/SeedDMS_Core/Core/inc.ClassObject.php +++ b/SeedDMS_Core/Core/inc.ClassObject.php @@ -105,16 +105,23 @@ class SeedDMS_Core_Object { /* {{{ */ /** * Returns an attribute of the object for the given attribute definition * - * @return object object of class SeedDMS_Core_Attribute or false + * @return array|string value of attritbute or false. The value is an array + * if the attribute is defined as multi value */ function getAttributeValue($attrdef) { /* {{{ */ if (!$this->_attributes) { $this->getAttributes(); } - if (isset($this->_attributes[$attrdef->getId()])) - return $this->_attributes[$attrdef->getId()]->getValue(); - else + if (isset($this->_attributes[$attrdef->getId()])) { + $value = $this->_attributes[$attrdef->getId()]->getValue(); + if($attrdef->getMultipleValues()) { + $sep = substr($value, 0, 1); + return(explode($sep, substr($value, 1))); + } else { + return $value; + } + } else return false; } /* }}} */ @@ -122,6 +129,9 @@ class SeedDMS_Core_Object { /* {{{ */ /** * Set an attribute of the object for the given attribute definition * + * @param object $attrdef definition of attribute + * @param array|sting $value value of attribute, for multiple values this + * must be an array * @return boolean true if operation was successful, otherwise false */ function setAttributeValue($attrdef, $value) { /* {{{ */ @@ -129,6 +139,10 @@ class SeedDMS_Core_Object { /* {{{ */ if (!$this->_attributes) { $this->getAttributes(); } + if($attrdef->getMultipleValues() && is_array($value)) { + $sep = substr($attrdef->getValueSet(), 0, 1); + $value = $sep.implode($sep, $value); + } if(!isset($this->_attributes[$attrdef->getId()])) { switch(get_class($this)) { case "SeedDMS_Core_Document": From 90bea9a2fb9a9c2710912737917987780b7cd724 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 20 Feb 2014 21:05:22 +0100 Subject: [PATCH 3/3] fix handling of multivalue attributes --- op/op.AttributeMgr.php | 15 +++++++++++++++ op/op.EditDocument.php | 9 ++++++++- op/op.EditFolder.php | 9 ++++++++- views/bootstrap/class.AttributeMgr.php | 18 +++++++++++++++--- views/bootstrap/class.Bootstrap.php | 14 +++++++++++--- 5 files changed, 57 insertions(+), 8 deletions(-) diff --git a/op/op.AttributeMgr.php b/op/op.AttributeMgr.php index 1a3d56495..1cbffa260 100644 --- a/op/op.AttributeMgr.php +++ b/op/op.AttributeMgr.php @@ -58,6 +58,13 @@ if ($action == "addattrdef") { if (is_object($dms->getAttributeDefinitionByName($name))) { UI::exitError(getMLText("admin_tools"),getMLText("attrdef_exists")); } + if($minvalues > 1 && $multiple == 0) { + UI::exitError(getMLText("admin_tools"),getMLText("attrdef_must_be_multiple")); + } + if($minvalues > $maxvalues) { + UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max")); + } + $newAttrdef = $dms->addAttributeDefinition($name, $objtype, $type, $multiple, $minvalues, $maxvalues, $valueset, $regex); if (!$newAttrdef) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); @@ -124,6 +131,14 @@ else if ($action == "editattrdef") { $maxvalues = intval($_POST["maxvalues"]); $valueset = trim($_POST["valueset"]); $regex = trim($_POST["regex"]); + + if($minvalues > 1 && $multiple == 0) { + UI::exitError(getMLText("admin_tools"),getMLText("attrdef_must_be_multiple")); + } + if($minvalues > $maxvalues) { + UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max")); + } + if (!$attrdef->setName($name)) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); } diff --git a/op/op.EditDocument.php b/op/op.EditDocument.php index 37c1f6780..e572f201b 100644 --- a/op/op.EditDocument.php +++ b/op/op.EditDocument.php @@ -231,8 +231,8 @@ if($categories) { } } +$oldattributes = $document->getAttributes(); if($attributes) { - $oldattributes = $document->getAttributes(); foreach($attributes as $attrdefid=>$attribute) { $attrdef = $dms->getAttributeDefinition($attrdefid); if($attribute) { @@ -251,6 +251,13 @@ if($attributes) { } } } +foreach($oldattributes as $attrdefid=>$oldattribute) { + if(!isset($attributes[$attrdefid])) { + if(!$document->removeAttribute($dms->getAttributeDefinition($attrdefid))) + UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("error_occured")); + } + +} if($sequence != "keep") { if($document->setSequence($sequence)) { diff --git a/op/op.EditFolder.php b/op/op.EditFolder.php index ec60df20b..eaf40df4c 100644 --- a/op/op.EditFolder.php +++ b/op/op.EditFolder.php @@ -153,8 +153,8 @@ if(($oldcomment = $folder->getComment()) != $comment) { } } +$oldattributes = $folder->getAttributes(); if($attributes) { - $oldattributes = $folder->getAttributes(); foreach($attributes as $attrdefid=>$attribute) { $attrdef = $dms->getAttributeDefinition($attrdefid); if($attribute) { @@ -173,6 +173,13 @@ if($attributes) { } } } +foreach($oldattributes as $attrdefid=>$oldattribute) { + if(!isset($attributes[$attrdefid])) { + if(!$folder->removeAttribute($dms->getAttributeDefinition($attrdefid))) + UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured")); + } + +} if(strcasecmp($sequence, "keep")) { if($folder->setSequence($sequence)) { diff --git a/views/bootstrap/class.AttributeMgr.php b/views/bootstrap/class.AttributeMgr.php index bc0f352e5..e482f58f1 100644 --- a/views/bootstrap/class.AttributeMgr.php +++ b/views/bootstrap/class.AttributeMgr.php @@ -186,7 +186,11 @@ function showAttributeDefinitions(selectObj) { print "getID()."\">" . htmlspecialchars($doc->getName()) . "\n"; print "".htmlspecialchars($owner->getFullName()).""; print "".getOverallStatusText($status["status"]).""; - print "".$doc->getAttributeValue($attrdef).""; + $value = $doc->getAttributeValue($attrdef); + if(is_array($value)) + print "".implode('; ', $value).""; + else + print "".$value.""; print ""; print " ".getMLText("edit").""; print "\n"; @@ -209,7 +213,11 @@ function showAttributeDefinitions(selectObj) { print ""; print "getID()."\">" . htmlspecialchars($folder->getName()) . "\n"; print "".htmlspecialchars($owner->getFullName()).""; - print "".$folder->getAttributeValue($attrdef).""; + $value = $folder->getAttributeValue($attrdef); + if(is_array($value)) + print "".implode('; ', $value).""; + else + print "".$value.""; print ""; print " ".getMLText("edit").""; print ""; @@ -237,7 +245,11 @@ function showAttributeDefinitions(selectObj) { print "".htmlspecialchars($owner->getFullName()).""; print "".$content->getMimeType().""; print "".$content->getVersion().""; - print "".$content->getAttributeValue($attrdef).""; + $value = $content->getAttributeValue($attrdef); + if(is_array($value)) + print "".implode('; ', $value).""; + else + print "".$value.""; print ""; print " ".getMLText("edit").""; print "\n"; diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index b4a1ea3ef..dbfbeebb9 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -875,13 +875,21 @@ function folderSelected(id, name) { function printAttributeEditField($attrdef, $objvalue, $fieldname='attributes') { /* {{{ */ if($valueset = $attrdef->getValueSetAsArray()) { - echo "getId()."]"; + if($attrdef->getMultipleValues()) { + echo "[]\" multiple"; + } else { + echo "\""; + } + echo ">"; + if(!$attrdef->getMultipleValues()) { echo ""; } foreach($valueset as $value) { echo ""; }