allow to hide account types

additional LDAP filter for account types
This commit is contained in:
Roland Gruber 2013-01-01 20:46:28 +00:00
parent 092c3f25aa
commit 7a3389a06d
18 changed files with 133 additions and 14 deletions

View File

@ -149,6 +149,11 @@ $helpArray = array (
"Text" => _("Here you can specify minimum requirements for passwords. The character classes are: lowercase, uppercase, numeric and symbols.")),
"250" => array ("Headline" => _("Filter"),
"Text" => _("Here you can input simple filter expressions (e.g. 'value' or 'v*'). The filter is case-sensitive.")),
"260" => array ("Headline" => _("Additional LDAP filter"),
"Text" => _('Use this to enter an additional LDAP filter (e.g. "(cn!=admin)") to reduce the number of visible elements for this account type.')
. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
"261" => array ("Headline" => _("Hidden"),
"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
// 300 - 399
// profile editor, file upload
"301" => array ("Headline" => _("RDN identifier"),

View File

@ -200,6 +200,16 @@ function metaRefresh($page) {
echo "</html>\n";
}
/**
* Checks if the given account type is hidden.
*
* @param String $type account type (e.g. user)
* @return boolean is hidden
*/
function isAccountTypeHidden($type) {
$typeSettings = $_SESSION['config']->get_typeSettings();
return isset($typeSettings['hidden_' . $type]) && ($typeSettings['hidden_' . $type] == true);
}
/**
* This class manages .conf files.

View File

@ -104,6 +104,11 @@ function get_ldap_filter($scope) {
}
// add built OR filter to AND filters
if ($orFilter != '') $filters['and'][] = $orFilter;
// add type filter
$typeSettings = $_SESSION['config']->get_typeSettings();
if (isset($typeSettings['filter_' . $scope]) && ($typeSettings['filter_' . $scope] != '')) {
$filters['and'][] = $typeSettings['filter_' . $scope];
}
// collapse AND filters
if (sizeof($filters['and']) < 2) return $filters['and'][0];
else return "(&" . implode("", $filters['and']) . ")";

View File

@ -262,7 +262,10 @@ class lamGroupList extends lamList {
// make a link for each member of the group
for ($d = 0; $d < sizeof($attr); $d++) {
$user = $attr[$d]; // user name
if (isset($primaryvals[$user])) {
if (isAccountTypeHidden('user')) {
$linklist[$d] = $user;
}
elseif (isset($primaryvals[$user])) {
$linklist[$d] = "<b><a href=\"userlink.php?user='" . $user . "' \">" . $user . "</a></b>";
}
else {
@ -274,8 +277,13 @@ class lamGroupList extends lamList {
// make a link for each member of the group
for ($d = 0; $d < sizeof($entry[$attribute]); $d++) {
$user = $entry[$attribute][$d]; // user name
if (!isAccountTypeHidden('user')) {
$linklist[$d] = "<a href=\"userlink.php?user='" . $user . "' \">" . $user . "</a>";
}
else {
$linklist[$d] = $user;
}
}
}
echo implode("; ", $linklist);
}

View File

@ -168,7 +168,7 @@ function recursiveCopy($src, $dst, $profiles, $fileFilter = null, $overwrite = t
StatusMessage('ERROR', 'Upgrade failed.', 'The directory \'' . $dst . '\' could not be created.');
}
}
while (false !== ($file = readdir($dir))) {
while (false !== ($file = @readdir($dir))) {
if ($file != '.' && $file != '..' && !in_array($file, $profiles)) {
if (is_dir($src . '/' . $file) && ($file == 'logos')) {
recursiveCopy($src . '/' . $file, $dst . '/' . $file, $profiles, $fileFilter, $overwrite);

View File

@ -4,6 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -28,6 +29,7 @@ $Id$
*
* @package modules
* @author Tilo Lutz
* @author Roland Gruber
*/
/** security functions */
@ -60,6 +62,10 @@ if (isset($_GET['DN'])) {
$DN = str_replace("\\'", '', $_GET['DN']);
$type = str_replace("\\'", '', $_GET['type']);
if ($_GET['type'] == $type) $type = str_replace("'", '',$_GET['type']);
if (isAccountTypeHidden($type)) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
die();
}
if ($_GET['DN'] == $DN) $DN = str_replace("'", '',$_GET['DN']);
$_SESSION['account'] = new accountContainer($type, 'account');
$result = $_SESSION['account']->load_account($DN);
@ -76,6 +82,10 @@ if (isset($_GET['DN'])) {
else if (count($_POST)==0) {
$type = str_replace("\\'", '', $_GET['type']);
if ($_GET['type'] == $type) $type = str_replace("'", '',$_GET['type']);
if (isAccountTypeHidden($type)) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
die();
}
$_SESSION['account'] = new accountContainer($type, 'account');
$_SESSION['account']->new_account();
}

View File

@ -247,7 +247,18 @@ if (sizeof($activeTypes) > 0) {
$suffixInput = new htmlInputField('suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]]);
$suffixInput->setFieldSize(40);
$activeContainer->addElement($suffixInput);
$activeContainer->addElement(new htmlHelpLink('202'), true);
$activeContainer->addElement(new htmlHelpLink('202'));
$activeContainer->addElement(new htmlSpacer('10px', null));
// LDAP filter
$filterText = new htmlOutputText(_("Additional LDAP filter"));
$filterText->colspan = 2;
$activeContainer->addElement($filterText);
$activeContainer->addElement(new htmlSpacer('10px', null));
$filterInput = new htmlInputField('filter_' . $activeTypes[$i], $typeSettings['filter_' . $activeTypes[$i]]);
$filterInput->setFieldSize(40);
$activeContainer->addElement($filterInput);
$activeContainer->addElement(new htmlHelpLink('260'));
$activeContainer->addNewLine();
// list attributes
if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
$attributes = $typeSettings['attr_' . $activeTypes[$i]];
@ -262,7 +273,16 @@ if (sizeof($activeTypes) > 0) {
$attrsInput = new htmlInputField('attr_' . $activeTypes[$i], $attributes);
$attrsInput->setFieldSize(40);
$activeContainer->addElement($attrsInput);
$activeContainer->addElement(new htmlHelpLink('206'), true);
$activeContainer->addElement(new htmlHelpLink('206'));
$activeContainer->addElement(new htmlSpacer('10px', null));
// hidden type
$hiddenText = new htmlOutputText(_('Hidden'));
$hiddenText->colspan = 2;
$activeContainer->addElement($hiddenText);
$activeContainer->addElement(new htmlSpacer('10px', null));
$activeContainer->addElement(new htmlInputCheckbox('hidden_' . $activeTypes[$i], $typeSettings['hidden_' . $activeTypes[$i]]));
$activeContainer->addElement(new htmlHelpLink('261'));
$activeContainer->addNewLine();
// delete button
$delButton = new htmlButton('rem_'. $activeTypes[$i], _("Remove this account type"));
$delButton->colspan = 5;
@ -334,6 +354,7 @@ function checkInput() {
$errors[] = array("ERROR", _("LDAP Suffix is invalid!"), getTypeAlias($type));
}
}
// set attributes
elseif (substr($key, 0, 5) == "attr_") {
$typeSettings[$key] = $_POST[$key];
$type = substr($postKeys[$i], 5);
@ -341,6 +362,14 @@ function checkInput() {
$errors[] = array("ERROR", _("List attributes are invalid!"), getTypeAlias($type));
}
}
// set filter
elseif (substr($key, 0, 7) == "filter_") {
$typeSettings[$key] = $_POST[$key];
}
// set hidden
elseif (substr($key, 0, 7) == "hidden_") {
$typeSettings[$key] = ($_POST[$key] == 'on');
}
}
// save input
$conf->set_typeSettings($typeSettings);

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Roland Gruber
Copyright (C) 2003 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -41,9 +41,15 @@ startSecureSession();
setlanguage();
$type = $_GET['type'];
// check if list is hidden
if (isAccountTypeHidden($type)) {
logNewMessage(LOG_ERR, 'User tried to access hidden account list: ' . $type);
die();
}
// create list object if needed
$type = $_GET['type'];
$listClass = getListClassName($type);
if (!isset($_SESSION['list_' . $type])) {
$list = new $listClass($type);

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2011 Roland Gruber
Copyright (C) 2003 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -57,7 +57,13 @@ if ((sizeof($new_suffs) > 0) && checkIfWriteAccessIsAllowed()) {
}
else {
if (sizeof($types) > 0) {
metaRefresh("lists/list.php?type=" . $types[0]);
for ($i = 0; $i < sizeof($types); $i++) {
if (isAccountTypeHidden($types[$i])) {
continue;
}
metaRefresh("lists/list.php?type=" . $types[$i]);
break;
}
}
else {
metaRefresh("tree/treeViewContainer.php");

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2011 Roland Gruber
Copyright (C) 2003 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -200,6 +200,9 @@ jQuery(document).ready(function() {
<?php
$linkList = array();
for ($i = 0; $i < sizeof($types); $i++) {
if (isAccountTypeHidden($types[$i])) {
continue;
}
$link = '<a href="' . $headerPrefix . 'lists/list.php?type=' . $types[$i] .
'" onmouseover="jQuery(this).addClass(\'tabs-hover\');" onmouseout="jQuery(this).removeClass(\'tabs-hover\');">' .
'<img height="16" width="16" alt="' . $types[$i] . '" src="' . $headerPrefix . '../graphics/' . $types[$i] . '.png">&nbsp;' .

View File

@ -91,6 +91,13 @@ if (isset($_GET['showldif'])) {
include 'main_header.php';
$scope = htmlspecialchars($_POST['scope']);
// check if account type is ok
if (isAccountTypeHidden($scope)) {
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
die();
}
echo '<div class="' . $scope . 'list-bright smallPaddingContent">';
$selectedModules = explode(',', $_POST['selectedModules']);

View File

@ -62,6 +62,13 @@ setlanguage();
include 'main_header.php';
$scope = htmlspecialchars($_SESSION['mass_scope']);
// check if account type is ok
if (isAccountTypeHidden($scope)) {
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
die();
}
echo '<div class="' . $scope . 'list-bright smallPaddingContent">';
// create accounts

View File

@ -80,7 +80,7 @@ include 'main_header.php';
$types = $_SESSION['config']->get_ActiveTypes();
for ($i = 0; $i < sizeof($types); $i++) {
$myType = new $types[$i]();
if (!$myType->supportsFileUpload()) {
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])) {
unset($types[$i]);
}
}

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2010 Roland Gruber
Copyright (C) 2003 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -164,6 +164,9 @@ function display_main($message, $error) {
$types = array();
$typeList = $_SESSION['config']->get_ActiveTypes();
for ($i = 0; $i < sizeof($typeList); $i++) {
if (isAccountTypeHidden($typeList[$i])) {
continue;
}
$types[$typeList[$i]] = getTypeAlias($typeList[$i]);
}
natcasesort($types);

View File

@ -73,6 +73,9 @@ if(isset($_POST['createNewTemplate'])) {
$scopes = $_SESSION['config']->get_ActiveTypes();
$sortedScopes = array();
for ($i = 0; $i < sizeof($scopes); $i++) {
if (isAccountTypeHidden($scopes[$i])) {
continue;
}
$sortedScopes[$scopes[$i]] = getTypeAlias($scopes[$i]);
}
natcasesort($sortedScopes);

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner
2007 - 2010 Roland Gruber
2007 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -69,6 +69,11 @@ if(isset($_POST['type'])) {
}
}
if (isAccountTypeHidden($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to access hidden PDF structure: ' . $_GET['type']);
die();
}
// Abort and go back to main pdf structure page
if(isset($_GET['abort'])) {

View File

@ -51,6 +51,9 @@ $types = $_SESSION['config']->get_ActiveTypes();
$profileClasses = array();
$profileClassesTemp = array();
for ($i = 0; $i < sizeof($types); $i++) {
if (isAccountTypeHidden($types[$i])) {
continue;
}
$profileClassesTemp[getTypeAlias($types[$i])] = array(
'scope' => $types[$i],
'title' => getTypeAlias($types[$i]),
@ -97,6 +100,10 @@ $container = new htmlTable();
$container->addElement(new htmlTitle(_("Profile editor")), true);
if (isset($_POST['deleteProfile']) && ($_POST['deleteProfile'] == 'true')) {
if (isAccountTypeHidden($_POST['profileDeleteType'])) {
logNewMessage(LOG_ERR, 'User tried to delete hidden account type profile: ' . $_POST['profileDeleteType']);
die();
}
// delete profile
if (delAccountProfile($_POST['profileDeleteName'], $_POST['profileDeleteType'])) {
$message = new htmlStatusMessage('INFO', _('Deleted profile.'), getTypeAlias($_POST['profileDeleteType']) . ': ' . htmlspecialchars($_POST['profileDeleteName']));

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2010 Roland Gruber
Copyright (C) 2003 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -61,6 +61,11 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
if (isset($_POST['profname'])) $_GET['edit'] = $_POST['profname'];
if (isset($_POST['accounttype'])) $_GET['type'] = $_POST['accounttype'];
if (isAccountTypeHidden($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']);
die();
}
// abort button was pressed
// back to profile editor
if (isset($_POST['abort'])) {