allow to hide account types

additional LDAP filter for account types
2013-01-01 20:46:28 +00:00 · 2013-01-01 20:46:28 +00:00 · 7a3389a06d
parent 092c3f25aa
commit 7a3389a06d
18 changed files with 133 additions and 14 deletions
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@ -149,6 +149,11 @@ $helpArray = array (
 					"Text" => _("Here you can specify minimum requirements for passwords. The character classes are: lowercase, uppercase, numeric and symbols.")),
 				"250" => array ("Headline" => _("Filter"),
 					"Text" => _("Here you can input simple filter expressions (e.g. 'value' or 'v*'). The filter is case-sensitive.")),
+				"260" => array ("Headline" => _("Additional LDAP filter"),
+					"Text" => _('Use this to enter an additional LDAP filter (e.g. "(cn!=admin)") to reduce the number of visible elements for this account type.')
+						. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
+				"261" => array ("Headline" => _("Hidden"),
+					"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
 				// 300 - 399
 				// profile editor, file upload
 				"301" => array ("Headline" => _("RDN identifier"),
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@ -200,6 +200,16 @@ function metaRefresh($page) {
 	echo "</html>\n";
 }

+/**
+ * Checks if the given account type is hidden.
+ * 
+ * @param String $type account type (e.g. user)
+ * @return boolean is hidden
+ */
+function isAccountTypeHidden($type) {
+	$typeSettings = $_SESSION['config']->get_typeSettings();
+	return isset($typeSettings['hidden_' . $type]) && ($typeSettings['hidden_' . $type] == true);
+}

 /**
 * This class manages .conf files.
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@ -104,6 +104,11 @@ function get_ldap_filter($scope) {
 	}
 	// add built OR filter to AND filters
 	if ($orFilter != '') $filters['and'][] = $orFilter;
+	// add type filter
+	$typeSettings = $_SESSION['config']->get_typeSettings();
+	if (isset($typeSettings['filter_' . $scope]) && ($typeSettings['filter_' . $scope] != '')) {
+		$filters['and'][] = $typeSettings['filter_' . $scope];
+	}
 	// collapse AND filters
 	if (sizeof($filters['and']) < 2) return $filters['and'][0];
 	else return "(&" . implode("", $filters['and']) . ")";
--- a/lam/lib/types/group.inc
+++ b/lam/lib/types/group.inc
@ -262,7 +262,10 @@ class lamGroupList extends lamList {
 				// make a link for each member of the group
 				for ($d = 0; $d < sizeof($attr); $d++) {
 					$user = $attr[$d]; // user name
-					if (isset($primaryvals[$user])) {
+					if (isAccountTypeHidden('user')) {
+						$linklist[$d] = $user;
+					}
+					elseif (isset($primaryvals[$user])) {
 						$linklist[$d] = "<b><a href=\"userlink.php?user='" . $user . "' \">" . $user . "</a></b>";
 					}
 					else {
@ -274,7 +277,12 @@ class lamGroupList extends lamList {
 				// make a link for each member of the group
 				for ($d = 0; $d < sizeof($entry[$attribute]); $d++) {
 					$user = $entry[$attribute][$d]; // user name
-					$linklist[$d] = "<a href=\"userlink.php?user='" . $user . "' \">" . $user . "</a>";
+					if (!isAccountTypeHidden('user')) {
+						$linklist[$d] = "<a href=\"userlink.php?user='" . $user . "' \">" . $user . "</a>";
+					}
+					else {
+						$linklist[$d] = $user;
+					}
 				}
 			}
 			echo implode("; ", $linklist);
--- a/lam/lib/upgrade.inc
+++ b/lam/lib/upgrade.inc
@ -168,7 +168,7 @@ function recursiveCopy($src, $dst, $profiles, $fileFilter = null, $overwrite = t
 			StatusMessage('ERROR', 'Upgrade failed.', 'The directory \'' . $dst . '\' could not be created.');
 		}
 	}
-	while (false !== ($file = readdir($dir))) {
+	while (false !== ($file = @readdir($dir))) {
 		if ($file != '.'  && $file != '..'  && !in_array($file, $profiles)) {
 			if (is_dir($src . '/' . $file) && ($file == 'logos')) {
 				recursiveCopy($src . '/' . $file, $dst . '/' . $file, $profiles, $fileFilter, $overwrite);
--- a/lam/templates/account/edit.php
+++ b/lam/templates/account/edit.php
@ -4,6 +4,7 @@ $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006  Tilo Lutz
+                2005 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -28,6 +29,7 @@ $Id$
 *
 * @package modules
 * @author Tilo Lutz
+* @author Roland Gruber
 */

 /** security functions */
@ -60,6 +62,10 @@ if (isset($_GET['DN'])) {
 	$DN = str_replace("\\'", '', $_GET['DN']);
 	$type = str_replace("\\'", '', $_GET['type']);
 	if ($_GET['type'] == $type) $type = str_replace("'", '',$_GET['type']);
+	if (isAccountTypeHidden($type)) {
+		logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
+		die();
+	}
 	if ($_GET['DN'] == $DN) $DN = str_replace("'", '',$_GET['DN']);
 	$_SESSION['account'] = new accountContainer($type, 'account');
 	$result = $_SESSION['account']->load_account($DN);
@ -76,6 +82,10 @@ if (isset($_GET['DN'])) {
 else if (count($_POST)==0) {
 	$type = str_replace("\\'", '', $_GET['type']);
 	if ($_GET['type'] == $type) $type = str_replace("'", '',$_GET['type']);
+	if (isAccountTypeHidden($type)) {
+		logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
+		die();
+	}
 	$_SESSION['account'] = new accountContainer($type, 'account');
 	$_SESSION['account']->new_account();
 }
--- a/lam/templates/config/conftypes.php
+++ b/lam/templates/config/conftypes.php
@ -247,7 +247,18 @@ if (sizeof($activeTypes) > 0) {
 		$suffixInput = new htmlInputField('suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]]);
 		$suffixInput->setFieldSize(40);
 		$activeContainer->addElement($suffixInput);
-		$activeContainer->addElement(new htmlHelpLink('202'), true);
+		$activeContainer->addElement(new htmlHelpLink('202'));
+		$activeContainer->addElement(new htmlSpacer('10px', null));
+		// LDAP filter
+		$filterText = new htmlOutputText(_("Additional LDAP filter"));
+		$filterText->colspan = 2;
+		$activeContainer->addElement($filterText);
+		$activeContainer->addElement(new htmlSpacer('10px', null));
+		$filterInput = new htmlInputField('filter_' . $activeTypes[$i], $typeSettings['filter_' . $activeTypes[$i]]);
+		$filterInput->setFieldSize(40);
+		$activeContainer->addElement($filterInput);
+		$activeContainer->addElement(new htmlHelpLink('260'));
+		$activeContainer->addNewLine();
 		// list attributes
 		if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
 			$attributes = $typeSettings['attr_' . $activeTypes[$i]];
@ -262,7 +273,16 @@ if (sizeof($activeTypes) > 0) {
 		$attrsInput = new htmlInputField('attr_' . $activeTypes[$i], $attributes);
 		$attrsInput->setFieldSize(40);
 		$activeContainer->addElement($attrsInput);
-		$activeContainer->addElement(new htmlHelpLink('206'), true);
+		$activeContainer->addElement(new htmlHelpLink('206'));
+		$activeContainer->addElement(new htmlSpacer('10px', null));
+		// hidden type
+		$hiddenText = new htmlOutputText(_('Hidden'));
+		$hiddenText->colspan = 2;
+		$activeContainer->addElement($hiddenText);
+		$activeContainer->addElement(new htmlSpacer('10px', null));
+		$activeContainer->addElement(new htmlInputCheckbox('hidden_' . $activeTypes[$i], $typeSettings['hidden_' . $activeTypes[$i]]));
+		$activeContainer->addElement(new htmlHelpLink('261'));
+		$activeContainer->addNewLine();
 		// delete button
 		$delButton = new htmlButton('rem_'. $activeTypes[$i], _("Remove this account type"));
 		$delButton->colspan = 5;
@ -334,6 +354,7 @@ function checkInput() {
 				$errors[] = array("ERROR", _("LDAP Suffix is invalid!"), getTypeAlias($type));
 			}
 		}
+		// set attributes
 		elseif (substr($key, 0, 5) == "attr_") {
 			$typeSettings[$key] = $_POST[$key];
 			$type = substr($postKeys[$i], 5);
@ -341,6 +362,14 @@ function checkInput() {
 				$errors[] = array("ERROR", _("List attributes are invalid!"), getTypeAlias($type));
 			}
 		}
+		// set filter
+		elseif (substr($key, 0, 7) == "filter_") {
+			$typeSettings[$key] = $_POST[$key];
+		}
+		// set hidden
+		elseif (substr($key, 0, 7) == "hidden_") {
+			$typeSettings[$key] = ($_POST[$key] == 'on');
+		}
 	}
 	// save input
 	$conf->set_typeSettings($typeSettings);
--- a/lam/templates/lists/list.php
+++ b/lam/templates/lists/list.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2006  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -41,9 +41,15 @@ startSecureSession();

 setlanguage();

+$type = $_GET['type'];
+
+// check if list is hidden
+if (isAccountTypeHidden($type)) {
+	logNewMessage(LOG_ERR, 'User tried to access hidden account list: ' . $type);
+	die();
+}

 // create list object if needed
-$type = $_GET['type'];
 $listClass = getListClassName($type);
 if (!isset($_SESSION['list_' . $type])) {
 	$list = new $listClass($type);
--- a/lam/templates/main.php
+++ b/lam/templates/main.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2011  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -57,7 +57,13 @@ if ((sizeof($new_suffs) > 0) && checkIfWriteAccessIsAllowed()) {
 }
 else {
 	if (sizeof($types) > 0) {
-		metaRefresh("lists/list.php?type=" . $types[0]);
+		for ($i = 0; $i < sizeof($types); $i++) {
+			if (isAccountTypeHidden($types[$i])) {
+				continue;
+			}
+			metaRefresh("lists/list.php?type=" . $types[$i]);
+			break;
+		}
 	}
 	else {
 		metaRefresh("tree/treeViewContainer.php");
--- a/lam/templates/main_header.php
+++ b/lam/templates/main_header.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2011  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -200,6 +200,9 @@ jQuery(document).ready(function() {
 	<?php
 		$linkList = array();
 		for ($i = 0; $i < sizeof($types); $i++) {
+			if (isAccountTypeHidden($types[$i])) {
+				continue;
+			}
 			$link = '<a href="' . $headerPrefix . 'lists/list.php?type=' . $types[$i] .
 				'" onmouseover="jQuery(this).addClass(\'tabs-hover\');" onmouseout="jQuery(this).removeClass(\'tabs-hover\');">' .
 				'<img height="16" width="16" alt="' . $types[$i] . '" src="' . $headerPrefix . '../graphics/' . $types[$i] . '.png">&nbsp;' .
--- a/lam/templates/massBuildAccounts.php
+++ b/lam/templates/massBuildAccounts.php
@ -91,6 +91,13 @@ if (isset($_GET['showldif'])) {

 include 'main_header.php';
 $scope = htmlspecialchars($_POST['scope']);
+
+// check if account type is ok
+if (isAccountTypeHidden($scope)) {
+	logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
+	die();
+}
+
 echo '<div class="' . $scope . 'list-bright smallPaddingContent">';

 $selectedModules = explode(',', $_POST['selectedModules']);
--- a/lam/templates/massDoUpload.php
+++ b/lam/templates/massDoUpload.php
@ -62,6 +62,13 @@ setlanguage();

 include 'main_header.php';
 $scope = htmlspecialchars($_SESSION['mass_scope']);
+
+// check if account type is ok
+if (isAccountTypeHidden($scope)) {
+	logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
+	die();
+}
+
 echo '<div class="' . $scope . 'list-bright smallPaddingContent">';

 // create accounts
--- a/lam/templates/masscreate.php
+++ b/lam/templates/masscreate.php
@ -80,7 +80,7 @@ include 'main_header.php';
 $types = $_SESSION['config']->get_ActiveTypes();
 for ($i = 0; $i < sizeof($types); $i++) {
 	$myType = new $types[$i]();
-	if (!$myType->supportsFileUpload()) {
+	if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])) {
 		unset($types[$i]);
 	}
 }
--- a/lam/templates/ou_edit.php
+++ b/lam/templates/ou_edit.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2010  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -164,6 +164,9 @@ function display_main($message, $error) {
 	$types = array();
 	$typeList = $_SESSION['config']->get_ActiveTypes();
 	for ($i = 0; $i < sizeof($typeList); $i++) {
+		if (isAccountTypeHidden($typeList[$i])) {
+			continue;
+		}
 		$types[$typeList[$i]] = getTypeAlias($typeList[$i]);
 	}
 	natcasesort($types);
--- a/lam/templates/pdfedit/pdfmain.php
+++ b/lam/templates/pdfedit/pdfmain.php
@ -73,6 +73,9 @@ if(isset($_POST['createNewTemplate'])) {
 $scopes = $_SESSION['config']->get_ActiveTypes();
 $sortedScopes = array();
 for ($i = 0; $i < sizeof($scopes); $i++) {
+	if (isAccountTypeHidden($scopes[$i])) {
+		continue;
+	}
 	$sortedScopes[$scopes[$i]] = getTypeAlias($scopes[$i]);
 }
 natcasesort($sortedScopes);
--- a/lam/templates/pdfedit/pdfpage.php
+++ b/lam/templates/pdfedit/pdfpage.php
@ -4,7 +4,7 @@ $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006  Michael Duergner
-                2007 - 2010  Roland Gruber
+                2007 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -69,6 +69,11 @@ if(isset($_POST['type'])) {
 	}
 }

+if (isAccountTypeHidden($_GET['type'])) {
+	logNewMessage(LOG_ERR, 'User tried to access hidden PDF structure: ' . $_GET['type']);
+	die();
+}
+

 // Abort and go back to main pdf structure page
 if(isset($_GET['abort'])) {
--- a/lam/templates/profedit/profilemain.php
+++ b/lam/templates/profedit/profilemain.php
@ -51,6 +51,9 @@ $types = $_SESSION['config']->get_ActiveTypes();
 $profileClasses = array();
 $profileClassesTemp = array();
 for ($i = 0; $i < sizeof($types); $i++) {
+	if (isAccountTypeHidden($types[$i])) {
+		continue;
+	}
 	$profileClassesTemp[getTypeAlias($types[$i])] = array(
 		'scope' => $types[$i],
 		'title' => getTypeAlias($types[$i]),
@ -97,6 +100,10 @@ $container = new htmlTable();
 $container->addElement(new htmlTitle(_("Profile editor")), true);

 if (isset($_POST['deleteProfile']) && ($_POST['deleteProfile'] == 'true')) {
+	if (isAccountTypeHidden($_POST['profileDeleteType'])) {
+		logNewMessage(LOG_ERR, 'User tried to delete hidden account type profile: ' . $_POST['profileDeleteType']);
+		die();
+	}
 	// delete profile
 	if (delAccountProfile($_POST['profileDeleteName'], $_POST['profileDeleteType'])) {
 		$message = new htmlStatusMessage('INFO', _('Deleted profile.'), getTypeAlias($_POST['profileDeleteType']) . ': ' . htmlspecialchars($_POST['profileDeleteName']));
--- a/lam/templates/profedit/profilepage.php
+++ b/lam/templates/profedit/profilepage.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2010  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -61,6 +61,11 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
 if (isset($_POST['profname'])) $_GET['edit'] = $_POST['profname'];
 if (isset($_POST['accounttype'])) $_GET['type'] = $_POST['accounttype'];

+if (isAccountTypeHidden($_GET['type'])) {
+	logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']);
+	die();
+}
+
 // abort button was pressed
 // back to profile editor
 if (isset($_POST['abort'])) {