From 3b20a34774f88f92cbbd95424fe96f0fea95fb49 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Wed, 6 Jan 2016 15:05:52 +0000
Subject: [PATCH] support for LDAP views based on nsview

---
 lam/HISTORY                                   |  4 ++
 .../templates/pdf/default.nsviewType.xml      |  6 +++
 .../templates/profiles/default.nsviewType     |  1 +
 lam/copyright                                 |  2 +
 lam/lib/baseModule.inc                        | 11 ++++-
 lam/lib/modules.inc                           | 16 ++++++-
 lam/style/500_layout.css                      |  6 ++-
 lam/templates/delete.php                      | 47 +++++++++++--------
 8 files changed, 70 insertions(+), 23 deletions(-)
 create mode 100644 lam/config/templates/pdf/default.nsviewType.xml
 create mode 100644 lam/config/templates/profiles/default.nsviewType

diff --git a/lam/HISTORY b/lam/HISTORY
index a49286c6..b6a66347 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -3,6 +3,10 @@ March 2016 5.3
   - Windows: support management of fax number
   - Login can show display name instead of server URL
   - Personal/Unix: support K5KEY hash type for smbk5pwd
+  - fixed bugs:
+   -> autoload errors in tree view
+  - LAM Pro:
+   -> Support for LDAP views based on nsview object class
 
 
 15.12.2015 5.2
diff --git a/lam/config/templates/pdf/default.nsviewType.xml b/lam/config/templates/pdf/default.nsviewType.xml
new file mode 100644
index 00000000..1cbc7126
--- /dev/null
+++ b/lam/config/templates/pdf/default.nsviewType.xml
@@ -0,0 +1,6 @@
+<pdf type="nsviewType" filename="printLogo.jpg" headline="LDAP Account Manager" foldingmarks="no">
+	<section name="_nsview_ou">
+		<entry name="nsview_nsViewFilter" />
+		<entry name="nsview_description" />
+	</section>
+</pdf>
\ No newline at end of file
diff --git a/lam/config/templates/profiles/default.nsviewType b/lam/config/templates/profiles/default.nsviewType
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/lam/config/templates/profiles/default.nsviewType
@@ -0,0 +1 @@
+
diff --git a/lam/copyright b/lam/copyright
index efbf4d09..eaa796ac 100644
--- a/lam/copyright
+++ b/lam/copyright
@@ -26,6 +26,7 @@ time.
 * lib/modules/mitKerberosStructural.inc
 * lib/modules/namedObject.inc
 * lib/modules/nisObject.inc
+* lib/modules/nsview.inc
 * lib/modules/passwordSelfReset.inc
 * lib/modules/oracleService.inc
 * lib/modules/organizationalRole*.inc
@@ -48,6 +49,7 @@ time.
 * lib/types/automountType.inc
 * lib/types/gon.inc
 * lib/types/nisObjectType.inc
+* lib/types/nsview.inc
 * lib/types/oracleContextType.inc
 * lib/types/ppolicyType.inc
 * lib/types/sudo.inc
diff --git a/lam/lib/baseModule.inc b/lam/lib/baseModule.inc
index 1b4b6a9a..6cb3b721 100644
--- a/lam/lib/baseModule.inc
+++ b/lam/lib/baseModule.inc
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2015  Roland Gruber
+  Copyright (C) 2003 - 2016  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -1222,6 +1222,15 @@ abstract class baseModule {
 		return 0;
 	}
 
+	/**
+	 * Defines if the LDAP entry has only virtual child entries. This is the case for e.g. LDAP views.
+	 *
+	 * @return boolean has only virtual children
+	 */
+	public function hasOnlyVirtualChildren() {
+		return false;
+	}
+
 	/**
 	 * This function processes user input.
 	 *
diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index 55b2533a..1547ac54 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2015  Roland Gruber
+  Copyright (C) 2003 - 2016  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -1971,6 +1971,20 @@ class accountContainer {
 		return $errors;
 	}
 
+	/**
+	 * Defines if the LDAP entry has only virtual child entries. This is the case for e.g. LDAP views.
+	 *
+	 * @return boolean has only virtual children
+	 */
+	public function hasOnlyVirtualChildren() {
+		foreach ($this->module as $module) {
+			if ($module->hasOnlyVirtualChildren()) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	/**
 	 * Returns a list of possible PDF entries for this account.
 	 *
diff --git a/lam/style/500_layout.css b/lam/style/500_layout.css
index 8e708be2..71271701 100644
--- a/lam/style/500_layout.css
+++ b/lam/style/500_layout.css
@@ -3,7 +3,7 @@ $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003  Leonhard Walchshaeusl
-  Copyright (C) 2005 - 2015  Roland Gruber
+  Copyright (C) 2005 - 2016  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -674,6 +674,10 @@ h4.schema_oclass_sub {
 .oracleContextType-bright { background:#b6eeff !important; }
 .oracleContextType-dark { background-color:#80e0e1 !important; }
 
+.nsviewType-border { border-color:#af8800; }
+.nsviewType-bright { background:#fff3c8 !important; }
+.nsviewType-dark { background-color:#ffe27f !important; }
+
 /** responsive styles */
 
 .row {
diff --git a/lam/templates/delete.php b/lam/templates/delete.php
index 97094baa..3bda6ad7 100644
--- a/lam/templates/delete.php
+++ b/lam/templates/delete.php
@@ -4,7 +4,7 @@
 
 	This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
 	Copyright (C) 2003 - 2006  Tilo Lutz
-	Copyright (C) 2007 - 2015  Roland Gruber
+	Copyright (C) 2007 - 2016  Roland Gruber
 
 	This program is free software; you can redistribute it and/or modify
 	it under the terms of the GNU General Public License as published by
@@ -103,9 +103,12 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
 		echo "<tr>\n";
 		echo "<td><b>" . _("Account name:") . "</b> " . htmlspecialchars($users[$i]) . "</td>\n";
 		echo "<td>&nbsp;&nbsp;<b>" . _('DN') . ":</b> " . htmlspecialchars($_SESSION['delete_dn'][$i]) . "</td>\n";
-		$childCount = getChildCount($_SESSION['delete_dn'][$i]);
-		if ($childCount > 0) {
-			echo "<td>&nbsp;&nbsp;<b>" . _('Number of child entries') . ":</b> " . $childCount . "</td>\n";
+		$_SESSION['account']->load_account($_SESSION['delete_dn'][$i]);
+		if (!$_SESSION['account']->hasOnlyVirtualChildren()) {
+			$childCount = getChildCount($_SESSION['delete_dn'][$i]);
+			if ($childCount > 0) {
+				echo "<td>&nbsp;&nbsp;<b>" . _('Number of child entries') . ":</b> " . $childCount . "</td>\n";
+			}
 		}
 		echo "</tr>\n";
 	}
@@ -158,7 +161,7 @@ if (isset($_POST['delete'])) {
 	echo "<input name=\"type\" type=\"hidden\" value=\"" . $_POST['type'] . "\">\n";
 	echo "<div class=\"".$_POST['type']."-bright smallPaddingContent\"><br>\n";
 	echo "<br>\n";
-	
+
 	// Delete dns
 	$allOk = true;
 	$allErrors = array();
@@ -255,7 +258,8 @@ if (isset($_POST['delete'])) {
 			}
 		}
 		if (!$stopprocessing) {
-			$messages = deleteDN($_SESSION['delete_dn'][$m]);
+			$recursive = !$_SESSION['account']->hasOnlyVirtualChildren();
+			$messages = deleteDN($_SESSION['delete_dn'][$m], $recursive);
 			$errors = array_merge($errors, $messages);
 			if (sizeof($errors) > 0) {
 				$stopprocessing = true;
@@ -273,7 +277,7 @@ if (isset($_POST['delete'])) {
 					}
 				}
 			}
-		}		
+		}
 		if (!$stopprocessing) {
 			echo sprintf(_('Deleted DN: %s'), $_SESSION['delete_dn'][$m]) . "<br>\n";
 			foreach ($errors as $error) {
@@ -328,27 +332,30 @@ function getChildCount($dn) {
 * Deletes a DN and all child entries.
 *
 * @param string $dn DN to delete
+* @param boolean $recursive recursive delete also child entries
 * @return array error messages
 */
-function deleteDN($dn) {
+function deleteDN($dn, $recursive) {
 	$errors = array();
 	if (($dn == null) || ($dn == '')) {
 		$errors[] = array('ERROR', _('Entry does not exist'));
 		return $errors;
 	}
-	$sr = @ldap_list($_SESSION['ldap']->server(), $dn, 'objectClass=*', array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
-	if ($sr) {
-		$entries = ldap_get_entries($_SESSION['ldap']->server(), $sr);
-		cleanLDAPResult($entries);
-		for ($i = 0; $i < sizeof($entries); $i++) {
-			// delete recursively
-			$subErrors = deleteDN($entries[$i]['dn']);
-			for ($e = 0; $e < sizeof($subErrors); $e++) $errors[] = $subErrors[$e];
+	if ($recursive) {
+		$sr = @ldap_list($_SESSION['ldap']->server(), $dn, 'objectClass=*', array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
+		if ($sr) {
+			$entries = ldap_get_entries($_SESSION['ldap']->server(), $sr);
+			cleanLDAPResult($entries);
+			for ($i = 0; $i < sizeof($entries); $i++) {
+				// delete recursively
+				$subErrors = deleteDN($entries[$i]['dn'], $recursive);
+				for ($e = 0; $e < sizeof($subErrors); $e++) $errors[] = $subErrors[$e];
+			}
+		}
+		else {
+			$errors[] = array ('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
+			return $errors;
 		}
-	}
-	else {
-		$errors[] = array ('ERROR', sprintf(_('Was unable to delete DN: %s.'), $dn), getDefaultLDAPErrorString($_SESSION['ldap']->server()));
-		return $errors;
 	}
 	// delete parent DN
 	$success = @ldap_delete($_SESSION['ldap']->server(), $dn);