allow to hide account types

additional LDAP filter for account types
2013-01-01 20:46:28 +00:00 · 2013-01-01 20:46:28 +00:00 · 7a3389a06d
parent 092c3f25aa
commit 7a3389a06d
18 changed files with 133 additions and 14 deletions
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@ -149,6 +149,11 @@ $helpArray = array (
 					"Text" => _("Here you can specify minimum requirements for passwords. The character classes are: lowercase, uppercase, numeric and symbols.")),
 				"250" => array ("Headline" => _("Filter"),
 					"Text" => _("Here you can input simple filter expressions (e.g. 'value' or 'v*'). The filter is case-sensitive.")),
 				"260" => array ("Headline" => _("Additional LDAP filter"),
 					"Text" => _('Use this to enter an additional LDAP filter (e.g. "(cn!=admin)") to reduce the number of visible elements for this account type.')
 						. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
 				"261" => array ("Headline" => _("Hidden"),
 					"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
 				// 300 - 399
 				// profile editor, file upload
 				"301" => array ("Headline" => _("RDN identifier"),
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@ -200,6 +200,16 @@ function metaRefresh($page) {
 	echo "</html>\n";
 }
 /**
 * Checks if the given account type is hidden.
 * 
 * @param String $type account type (e.g. user)
 * @return boolean is hidden
 */
 function isAccountTypeHidden($type) {
 	$typeSettings = $_SESSION['config']->get_typeSettings();
 	return isset($typeSettings['hidden_' . $type]) && ($typeSettings['hidden_' . $type] == true);
 }
 /**
 * This class manages .conf files.
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@ -104,6 +104,11 @@ function get_ldap_filter($scope) {
 	}
 	// add built OR filter to AND filters
 	if ($orFilter != '') $filters['and'][] = $orFilter;
 	// add type filter
 	$typeSettings = $_SESSION['config']->get_typeSettings();
 	if (isset($typeSettings['filter_' . $scope]) && ($typeSettings['filter_' . $scope] != '')) {
 		$filters['and'][] = $typeSettings['filter_' . $scope];
 	}
 	// collapse AND filters
 	if (sizeof($filters['and']) < 2) return $filters['and'][0];
 	else return "(&" . implode("", $filters['and']) . ")";
--- a/lam/lib/types/group.inc
+++ b/lam/lib/types/group.inc
@ -262,7 +262,10 @@ class lamGroupList extends lamList {
 				// make a link for each member of the group
 				for ($d = 0; $d < sizeof($attr); $d++) {
 					$user = $attr[$d]; // user name
-					if (isset($primaryvals[$user])) {
+					if (isAccountTypeHidden('user')) {
 						$linklist[$d] = $user;
 					}
 					elseif (isset($primaryvals[$user])) {
 						$linklist[$d] = "<b><a href=\"userlink.php?user='" . $user . "' \">" . $user . "</a></b>";
 					}
 					else {
@ -274,7 +277,12 @@ class lamGroupList extends lamList {
 				// make a link for each member of the group
 				for ($d = 0; $d < sizeof($entry[$attribute]); $d++) {
 					$user = $entry[$attribute][$d]; // user name
-					$linklist[$d] = "<a href=\"userlink.php?user='" . $user . "' \">" . $user . "</a>";
+					if (!isAccountTypeHidden('user')) {
 						$linklist[$d] = "<a href=\"userlink.php?user='" . $user . "' \">" . $user . "</a>";
 					}
 					else {
 						$linklist[$d] = $user;
 					}
 				}
 			}
 			echo implode("; ", $linklist);
--- a/lam/lib/upgrade.inc
+++ b/lam/lib/upgrade.inc
@ -168,7 +168,7 @@ function recursiveCopy($src, $dst, $profiles, $fileFilter = null, $overwrite = t
 			StatusMessage('ERROR', 'Upgrade failed.', 'The directory \'' . $dst . '\' could not be created.');
 		}
 	}
-	while (false !== ($file = readdir($dir))) {
+	while (false !== ($file = @readdir($dir))) {
 		if ($file != '.'  && $file != '..'  && !in_array($file, $profiles)) {
 			if (is_dir($src . '/' . $file) && ($file == 'logos')) {
 				recursiveCopy($src . '/' . $file, $dst . '/' . $file, $profiles, $fileFilter, $overwrite);
--- a/lam/templates/account/edit.php
+++ b/lam/templates/account/edit.php
@ -4,6 +4,7 @@ $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006  Tilo Lutz
                2005 - 2012  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -28,6 +29,7 @@ $Id$
 *
 * @package modules
 * @author Tilo Lutz
 * @author Roland Gruber
 */
 /** security functions */
@ -60,6 +62,10 @@ if (isset($_GET['DN'])) {
 	$DN = str_replace("\\'", '', $_GET['DN']);
 	$type = str_replace("\\'", '', $_GET['type']);
 	if ($_GET['type'] == $type) $type = str_replace("'", '',$_GET['type']);
 	if (isAccountTypeHidden($type)) {
 		logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
 		die();
 	}
 	if ($_GET['DN'] == $DN) $DN = str_replace("'", '',$_GET['DN']);
 	$_SESSION['account'] = new accountContainer($type, 'account');
 	$result = $_SESSION['account']->load_account($DN);
@ -76,6 +82,10 @@ if (isset($_GET['DN'])) {
 else if (count($_POST)==0) {
 	$type = str_replace("\\'", '', $_GET['type']);
 	if ($_GET['type'] == $type) $type = str_replace("'", '',$_GET['type']);
 	if (isAccountTypeHidden($type)) {
 		logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
 		die();
 	}
 	$_SESSION['account'] = new accountContainer($type, 'account');
 	$_SESSION['account']->new_account();
 }
--- a/lam/templates/config/conftypes.php
+++ b/lam/templates/config/conftypes.php
@ -247,7 +247,18 @@ if (sizeof($activeTypes) > 0) {
 		$suffixInput = new htmlInputField('suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]]);
 		$suffixInput->setFieldSize(40);
 		$activeContainer->addElement($suffixInput);
-		$activeContainer->addElement(new htmlHelpLink('202'), true);
+		$activeContainer->addElement(new htmlHelpLink('202'));
 		$activeContainer->addElement(new htmlSpacer('10px', null));
 		// LDAP filter
 		$filterText = new htmlOutputText(_("Additional LDAP filter"));
 		$filterText->colspan = 2;
 		$activeContainer->addElement($filterText);
 		$activeContainer->addElement(new htmlSpacer('10px', null));
 		$filterInput = new htmlInputField('filter_' . $activeTypes[$i], $typeSettings['filter_' . $activeTypes[$i]]);
 		$filterInput->setFieldSize(40);
 		$activeContainer->addElement($filterInput);
 		$activeContainer->addElement(new htmlHelpLink('260'));
 		$activeContainer->addNewLine();
 		// list attributes
 		if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
 			$attributes = $typeSettings['attr_' . $activeTypes[$i]];
@ -262,7 +273,16 @@ if (sizeof($activeTypes) > 0) {
 		$attrsInput = new htmlInputField('attr_' . $activeTypes[$i], $attributes);
 		$attrsInput->setFieldSize(40);
 		$activeContainer->addElement($attrsInput);
-		$activeContainer->addElement(new htmlHelpLink('206'), true);
+		$activeContainer->addElement(new htmlHelpLink('206'));
 		$activeContainer->addElement(new htmlSpacer('10px', null));
 		// hidden type
 		$hiddenText = new htmlOutputText(_('Hidden'));
 		$hiddenText->colspan = 2;
 		$activeContainer->addElement($hiddenText);
 		$activeContainer->addElement(new htmlSpacer('10px', null));
 		$activeContainer->addElement(new htmlInputCheckbox('hidden_' . $activeTypes[$i], $typeSettings['hidden_' . $activeTypes[$i]]));
 		$activeContainer->addElement(new htmlHelpLink('261'));
 		$activeContainer->addNewLine();
 		// delete button
 		$delButton = new htmlButton('rem_'. $activeTypes[$i], _("Remove this account type"));
 		$delButton->colspan = 5;
@ -334,6 +354,7 @@ function checkInput() {
 				$errors[] = array("ERROR", _("LDAP Suffix is invalid!"), getTypeAlias($type));
 			}
 		}
 		// set attributes
 		elseif (substr($key, 0, 5) == "attr_") {
 			$typeSettings[$key] = $_POST[$key];
 			$type = substr($postKeys[$i], 5);
@ -341,6 +362,14 @@ function checkInput() {
 				$errors[] = array("ERROR", _("List attributes are invalid!"), getTypeAlias($type));
 			}
 		}
 		// set filter
 		elseif (substr($key, 0, 7) == "filter_") {
 			$typeSettings[$key] = $_POST[$key];
 		}
 		// set hidden
 		elseif (substr($key, 0, 7) == "hidden_") {
 			$typeSettings[$key] = ($_POST[$key] == 'on');
 		}
 	}
 	// save input
 	$conf->set_typeSettings($typeSettings);
--- a/lam/templates/lists/list.php
+++ b/lam/templates/lists/list.php
@ -3,7 +3,7 @@
 $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2006  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -41,9 +41,15 @@ startSecureSession();
 setlanguage();
 $type = $_GET['type'];
 // check if list is hidden
 if (isAccountTypeHidden($type)) {
 	logNewMessage(LOG_ERR, 'User tried to access hidden account list: ' . $type);
 	die();
 }
 // create list object if needed
 $type = $_GET['type'];
 $listClass = getListClassName($type);
 if (!isset($_SESSION['list_' . $type])) {
 	$list = new $listClass($type);
--- a/lam/templates/main.php
+++ b/lam/templates/main.php
@ -3,7 +3,7 @@
 $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2011  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -57,7 +57,13 @@ if ((sizeof($new_suffs) > 0) && checkIfWriteAccessIsAllowed()) {
 }
 else {
 	if (sizeof($types) > 0) {
-		metaRefresh("lists/list.php?type=" . $types[0]);
+		for ($i = 0; $i < sizeof($types); $i++) {
 			if (isAccountTypeHidden($types[$i])) {
 				continue;
 			}
 			metaRefresh("lists/list.php?type=" . $types[$i]);
 			break;
 		}
 	}
 	else {
 		metaRefresh("tree/treeViewContainer.php");
--- a/lam/templates/main_header.php
+++ b/lam/templates/main_header.php
@ -3,7 +3,7 @@
 $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2011  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -200,6 +200,9 @@ jQuery(document).ready(function() {
 	<?php
 		$linkList = array();
 		for ($i = 0; $i < sizeof($types); $i++) {
 			if (isAccountTypeHidden($types[$i])) {
 				continue;
 			}
 			$link = '<a href="' . $headerPrefix . 'lists/list.php?type=' . $types[$i] .
 				'" onmouseover="jQuery(this).addClass(\'tabs-hover\');" onmouseout="jQuery(this).removeClass(\'tabs-hover\');">' .
 				'<img height="16" width="16" alt="' . $types[$i] . '" src="' . $headerPrefix . '../graphics/' . $types[$i] . '.png">&nbsp;' .
--- a/lam/templates/massBuildAccounts.php
+++ b/lam/templates/massBuildAccounts.php
@ -91,6 +91,13 @@ if (isset($_GET['showldif'])) {
 include 'main_header.php';
 $scope = htmlspecialchars($_POST['scope']);
 // check if account type is ok
 if (isAccountTypeHidden($scope)) {
 	logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
 	die();
 }
 echo '<div class="' . $scope . 'list-bright smallPaddingContent">';
 $selectedModules = explode(',', $_POST['selectedModules']);
--- a/lam/templates/massDoUpload.php
+++ b/lam/templates/massDoUpload.php
@ -62,6 +62,13 @@ setlanguage();
 include 'main_header.php';
 $scope = htmlspecialchars($_SESSION['mass_scope']);
 // check if account type is ok
 if (isAccountTypeHidden($scope)) {
 	logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
 	die();
 }
 echo '<div class="' . $scope . 'list-bright smallPaddingContent">';
 // create accounts
--- a/lam/templates/masscreate.php
+++ b/lam/templates/masscreate.php
@ -80,7 +80,7 @@ include 'main_header.php';
 $types = $_SESSION['config']->get_ActiveTypes();
 for ($i = 0; $i < sizeof($types); $i++) {
 	$myType = new $types[$i]();
-	if (!$myType->supportsFileUpload()) {
+	if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])) {
 		unset($types[$i]);
 	}
 }
--- a/lam/templates/ou_edit.php
+++ b/lam/templates/ou_edit.php
@ -3,7 +3,7 @@
 $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2010  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -164,6 +164,9 @@ function display_main($message, $error) {
 	$types = array();
 	$typeList = $_SESSION['config']->get_ActiveTypes();
 	for ($i = 0; $i < sizeof($typeList); $i++) {
 		if (isAccountTypeHidden($typeList[$i])) {
 			continue;
 		}
 		$types[$typeList[$i]] = getTypeAlias($typeList[$i]);
 	}
 	natcasesort($types);
--- a/lam/templates/pdfedit/pdfmain.php
+++ b/lam/templates/pdfedit/pdfmain.php
@ -73,6 +73,9 @@ if(isset($_POST['createNewTemplate'])) {
 $scopes = $_SESSION['config']->get_ActiveTypes();
 $sortedScopes = array();
 for ($i = 0; $i < sizeof($scopes); $i++) {
 	if (isAccountTypeHidden($scopes[$i])) {
 		continue;
 	}
 	$sortedScopes[$scopes[$i]] = getTypeAlias($scopes[$i]);
 }
 natcasesort($sortedScopes);
--- a/lam/templates/pdfedit/pdfpage.php
+++ b/lam/templates/pdfedit/pdfpage.php
@ -4,7 +4,7 @@ $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006  Michael Duergner
-                2007 - 2010  Roland Gruber
+                2007 - 2012  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -69,6 +69,11 @@ if(isset($_POST['type'])) {
 	}
 }
 if (isAccountTypeHidden($_GET['type'])) {
 	logNewMessage(LOG_ERR, 'User tried to access hidden PDF structure: ' . $_GET['type']);
 	die();
 }
 // Abort and go back to main pdf structure page
 if(isset($_GET['abort'])) {
--- a/lam/templates/profedit/profilemain.php
+++ b/lam/templates/profedit/profilemain.php
@ -51,6 +51,9 @@ $types = $_SESSION['config']->get_ActiveTypes();
 $profileClasses = array();
 $profileClassesTemp = array();
 for ($i = 0; $i < sizeof($types); $i++) {
 	if (isAccountTypeHidden($types[$i])) {
 		continue;
 	}
 	$profileClassesTemp[getTypeAlias($types[$i])] = array(
 		'scope' => $types[$i],
 		'title' => getTypeAlias($types[$i]),
@ -97,6 +100,10 @@ $container = new htmlTable();
 $container->addElement(new htmlTitle(_("Profile editor")), true);
 if (isset($_POST['deleteProfile']) && ($_POST['deleteProfile'] == 'true')) {
 	if (isAccountTypeHidden($_POST['profileDeleteType'])) {
 		logNewMessage(LOG_ERR, 'User tried to delete hidden account type profile: ' . $_POST['profileDeleteType']);
 		die();
 	}
 	// delete profile
 	if (delAccountProfile($_POST['profileDeleteName'], $_POST['profileDeleteType'])) {
 		$message = new htmlStatusMessage('INFO', _('Deleted profile.'), getTypeAlias($_POST['profileDeleteType']) . ': ' . htmlspecialchars($_POST['profileDeleteName']));
--- a/lam/templates/profedit/profilepage.php
+++ b/lam/templates/profedit/profilepage.php
@ -3,7 +3,7 @@
 $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2010  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -61,6 +61,11 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
 if (isset($_POST['profname'])) $_GET['edit'] = $_POST['profname'];
 if (isset($_POST['accounttype'])) $_GET['type'] = $_POST['accounttype'];
 if (isAccountTypeHidden($_GET['type'])) {
 	logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']);
 	die();
 }
 // abort button was pressed
 // back to profile editor
 if (isset($_POST['abort'])) {