Merge branch 'seeddms-5.0.x' into develop

CHANGELOG

@@ -1,10 +1,11 @@
 --------------------------------------------------------------------------------
-                     Changes in version 5.0.2
+                     Changes in version 5.0.3
 --------------------------------------------------------------------------------
 - merged changes from 4.3.26
+- fix ldap authentification
 
 --------------------------------------------------------------------------------
-                     Changes in version 5.0.1
+                     Changes in version 5.0.2
 --------------------------------------------------------------------------------
 - merged changes from 4.3.25
 
@@ -29,6 +30,7 @@
 - move some left over javascript from html code into application.js (Closes #253)
 - take out last empty line from view/bootstrap/class.Search.php which causes a
   header to be send to early (Closes: #252, #254) 
+- regular users with sufficient access rights may remove documents via webdav
 
 --------------------------------------------------------------------------------
                      Changes in version 4.3.25

SeedDMS_Core/Core/inc.ClassDMS.php

@@ -1610,7 +1610,16 @@ class SeedDMS_Core_DMS {
 		if (!$res)
 			return false;
 
-		return $this->getUser($this->db->getInsertID());
+		$user = $this->getUser($this->db->getInsertID());
+
+		/* Check if 'onPostAddUser' callback is set */
+		if(isset($this->_dms->callbacks['onPostAddUser'])) {
+			$callback = $this->_dms->callbacks['onPostUser'];
+			if(!call_user_func($callback[0], $callback[1], $user)) {
+			}
+		}
+
+		return $user;
 	} /* }}} */
 
 	/**
@@ -1662,7 +1671,16 @@ class SeedDMS_Core_DMS {
 		if (!$this->db->getResult($queryStr))
 			return false;
 
-		return $this->getGroup($this->db->getInsertID());
+		$group = $this->getGroup($this->db->getInsertID());
+
+		/* Check if 'onPostAddGroup' callback is set */
+		if(isset($this->_dms->callbacks['onPostAddGroup'])) {
+			$callback = $this->_dms->callbacks['onPostAddGroup'];
+			if(!call_user_func($callback[0], $callback[1], $group)) {
+			}
+		}
+
+		return $group;
 	} /* }}} */
 
 	/**
@@ -1845,7 +1863,16 @@ class SeedDMS_Core_DMS {
 		if (!$this->db->getResult($queryStr))
 			return false;
 
-		return $this->getKeywordCategory($this->db->getInsertID());
+		$category = $this->getKeywordCategory($this->db->getInsertID());
+
+		/* Check if 'onPostAddKeywordCategory' callback is set */
+		if(isset($this->_dms->callbacks['onPostAddKeywordCategory'])) {
+			$callback = $this->_dms->callbacks['onPostAddKeywordCategory'];
+			if(!call_user_func($callback[0], $callback[1], $category)) {
+			}
+		}
+
+		return $category;
 	} /* }}} */
 
 	function getDocumentCategory($id) { /* {{{ */
@@ -1911,7 +1938,16 @@ class SeedDMS_Core_DMS {
 		if (!$this->db->getResult($queryStr))
 			return false;
 
-		return $this->getDocumentCategory($this->db->getInsertID());
+		$category = $this->getDocumentCategory($this->db->getInsertID());
+
+		/* Check if 'onPostAddDocumentCategory' callback is set */
+		if(isset($this->_dms->callbacks['onPostAddDocumentCategory'])) {
+			$callback = $this->_dms->callbacks['onPostAddDocumentCategory'];
+			if(!call_user_func($callback[0], $callback[1], $category)) {
+			}
+		}
+
+		return $category;
 	} /* }}} */
 
 	/**

SeedDMS_Core/Core/inc.ClassDocument.php

@@ -2227,7 +2227,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 
 		$db->startTransaction();
 
-		// FIXME: call a new function removeContent instead
+		// remove content of document
 		foreach ($this->_content as $version) {
 			if (!$this->removeContent($version)) {
 				$db->rollbackTransaction();

SeedDMS_Core/Core/inc.ClassFolder.php

@@ -531,6 +531,14 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
 		}
 
 		$db->commitTransaction();
+
+		/* Check if 'onPostAddSubFolder' callback is set */
+		if(isset($this->_dms->callbacks['onPostAddSubFolder'])) {
+			$callback = $this->_dms->callbacks['onPostAddSubFolder'];
+			if(!call_user_func($callback[0], $callback[1], $newFolder)) {
+			}
+		}
+
 		return $newFolder;
 	} /* }}} */
 
@@ -843,6 +851,14 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
 		}
 
 		$db->commitTransaction();
+
+		/* Check if 'onPostAddDocument' callback is set */
+		if(isset($this->_dms->callbacks['onPostAddDocument'])) {
+			$callback = $this->_dms->callbacks['onPostAddDocument'];
+			if(!call_user_func($callback[0], $callback[1], $document)) {
+			}
+		}
+
 		return array($document, $res);
 	} /* }}} */
 
@@ -858,6 +874,14 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
 	protected function removeFromDatabase() { /* {{{ */
 		$db = $this->_dms->getDB();
 
+		/* Check if 'onPreRemoveFolder' callback is set */
+		if(isset($this->_dms->callbacks['onPreRemoveFolder'])) {
+			$callback = $this->_dms->callbacks['onPreRemoveFolder'];
+			if(!call_user_func($callback[0], $callback[1], $this)) {
+				return false;
+			}
+		}
+
 		$db->startTransaction();
 		// unset homefolder as it will no longer exist
 		$queryStr = "UPDATE tblUsers SET homefolder=NULL WHERE homefolder =  " . $this->_id;
@@ -865,6 +889,7 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
 			$db->rollbackTransaction();
 			return false;
 		}
+
 		// Remove database entries
 		$queryStr = "DELETE FROM tblFolders WHERE id =  " . $this->_id;
 		if (!$db->getResult($queryStr)) {
@@ -889,6 +914,13 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
 		}
 		$db->commitTransaction();
 
+		/* Check if 'onPostRemoveFolder' callback is set */
+		if(isset($this->_dms->callbacks['onPostRemoveFolder'])) {
+			$callback = $this->_dms->callbacks['onPostRemoveFolder'];
+			if(!call_user_func($callback[0], $callback[1], $this->_id)) {
+			}
+		}
+
 		return true;
 	} /* }}} */
 

SeedDMS_Core/package.xml

@@ -1010,6 +1010,24 @@ SeedDMS_Core_DMS::getNotificationsByUser() are deprecated
 - SeedDMS_Core_User::getDocumentsLocked() sets locking user propperly
    </notes>
   </release>
+  <release>
+   <date>2016-03-08</date>
+   <time>07:12:53</time>
+   <version>
+    <release>4.3.25</release>
+    <api>4.3.25</api>
+   </version>
+   <stability>
+    <release>stable</release>
+    <api>stable</api>
+   </stability>
+   <license uri="http://opensource.org/licenses/gpl-license">GPL License</license>
+   <notes>
+- rename SeedDMS_Core_Group::getNotificationsByGroup() to getNotifications()
+- use __construct() for all constructors
+- fix setting multi value attributes for versions
+   </notes>
+  </release>
   <release>
    <date>2016-01-22</date>
    <time>14:34:58</time>
@@ -1042,5 +1060,21 @@ SeedDMS_Core_DMS::getNotificationsByUser() are deprecated
 - all changes from 4.3.25 merged
    </notes>
   </release>
+  <release>
+   <date>2016-04-04</date>
+   <time>14:34:58</time>
+   <version>
+    <release>5.0.3</release>
+    <api>5.0.3</api>
+   </version>
+   <stability>
+    <release>stable</release>
+    <api>stable</api>
+   </stability>
+   <license uri="http://opensource.org/licenses/gpl-license">GPL License</license>
+   <notes>
+- all changes from 4.3.26 merged
+   </notes>
+  </release>
  </changelog>
 </package>

op/op.Login.php

@@ -64,7 +64,7 @@ if(isset($_POST['pwd'])) {
 
 if($settings->_enableGuestLogin && (int) $settings->_guestID) {
 	$guestUser = $dms->getUser((int) $settings->_guestID);
-	if ((!isset($pwd) || strlen($pwd)==0) && ($login != $guestUser->getLogin()))  {
+	if ((!isset($pwd) || strlen($pwd)==0) && ($login != $guestUser->getLogin())) {
 		_printMessage(getMLText("login_error_title"),	getMLText("login_error_text")."\n");
 		exit;
 	}
@@ -129,11 +129,11 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
 		$dn = false;
 		/* If bind succeed, then get the dn of for the user */
 		if ($bind) {
-            if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
-			    $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$login.")".$settings->_ldapFilter.")");
-            } else {
-			    $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
-            }
+			if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
+				$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$login.")".$settings->_ldapFilter.")");
+			} else {
+				$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
+			}
 			if (!is_bool($search)) {
 				$info = ldap_get_entries($ds, $search);
 				if (!is_bool($info) && $info["count"]>0) {
@@ -158,39 +158,24 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
 			$user = $dms->getUserByLogin($login);
 			if (is_bool($user) && !$settings->_restricted) {
 				// Retrieve the user's LDAP information.
-        if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
-			    $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$login.")".$settings->_ldapFilter.")");
-        } else {
-					$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login); 
+				if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
+					$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$login.")".$settings->_ldapFilter.")");
+				} else {
+					$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
 				}
-			}
-			$bind = @ldap_bind($ds, $dn, $pwd);
-			if ($bind) {
-				// Successfully authenticated. Now check to see if the user exists within
-				// the database. If not, add them in, but do not add their password.
-				$user = $dms->getUserByLogin($login);
-				if (is_bool($user) && !$settings->_restricted) {
-					// Retrieve the user's LDAP information.
-					
-					
-					/* new code by doudoux  - TO BE TESTED */
-					$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login); 
-					/* old code */
-					//$search = ldap_search($ds, $dn, "uid=".$login);
-					
-					if (!is_bool($search)) {
-						$info = ldap_get_entries($ds, $search);
-						if (!is_bool($info) && $info["count"]==1 && $info[0]["count"]>0) {
-							$user = $dms->addUser($login, null, $info[0]['cn'][0], $info[0]['mail'][0], $settings->_language, $settings->_theme, "");
-						}
+
+				if (!is_bool($search)) {
+					$info = ldap_get_entries($ds, $search);
+					if (!is_bool($info) && $info["count"]==1 && $info[0]["count"]>0) {
+						$user = $dms->addUser($login, null, $info[0]['cn'][0], $info[0]['mail'][0], $settings->_language, $settings->_theme, "");
 					}
 				}
-				if (!is_bool($user)) {
-					$userid = $user->getID();
-				}
 			}
-			ldap_close($ds);
+			if (!is_bool($user)) {
+				$userid = $user->getID();
+			}
 		}
+		ldap_close($ds);
 	}
 }
 }
@@ -318,7 +303,7 @@ if (isset($_COOKIE["mydms_session"])) {
 	setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload);
 }
 
-// TODO: by the PHP manual: The superglobals $_GET and $_REQUEST  are already decoded.
+// TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded.
 // Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.
 
 if (isset($_POST["referuri"]) && strlen($_POST["referuri"])>0) {

webdav/webdav.php

@@ -668,9 +668,11 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
 		} else {
 			// check if user is admin
 			// only admins may delete documents
+			/* There is not reason to allow only admins to remove a document
 			if(!$this->user->isAdmin()) {
 				return "403 Forbidden";				 
 			}
+			 */
 
 			if(!$obj->remove()) {
 				return "409 Conflict";