allow to create Unix group when creating a user

This commit is contained in:
Roland Gruber 2020-04-07 17:52:57 +02:00
parent 18e1e5e3c1
commit c9990fa189
3 changed files with 71 additions and 10 deletions

View File

@ -1,4 +1,5 @@
June 2020 7.2 June 2020 7.2
- Unix: allow to create group with same name during user creation
- LAM Pro: - LAM Pro:
-> EMail sending can be done via SMTP without local mail server -> EMail sending can be done via SMTP without local mail server
-> License expiration warning can be sent via email or disabled -> License expiration warning can be sent via email or disabled

View File

@ -1076,7 +1076,7 @@ class posixAccount extends baseModule implements passwordService {
} }
$this->attributes['uidNumber'][0] = trim($_POST['uidNumber']); $this->attributes['uidNumber'][0] = trim($_POST['uidNumber']);
$this->attributes['gidNumber'][0] = $_POST['gidNumber']; $this->attributes['gidNumber'][0] = $_POST['gidNumber'];
if ($this->get_scope()=='user') { if ($this->get_scope() == 'user') {
if (($this->attributes['uid'][0] != $_POST['uid']) && !get_preg($_POST['uid'], '!upper')) { if (($this->attributes['uid'][0] != $_POST['uid']) && !get_preg($_POST['uid'], '!upper')) {
$errors[] = $this->messages['uid'][1]; $errors[] = $this->messages['uid'][1];
} }
@ -1202,10 +1202,57 @@ class posixAccount extends baseModule implements passwordService {
$this->attributes[$this->getPasswordAttrName($modules)][0] = pwd_hash('x', true, $this->moduleSettings['posixAccount_pwdHash'][0]); $this->attributes[$this->getPasswordAttrName($modules)][0] = pwd_hash('x', true, $this->moduleSettings['posixAccount_pwdHash'][0]);
} }
} }
if (isset($_POST['posixAccount_createGroup'])
&& !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hideCreateGroup')
&& ($this->get_scope() == 'user')
&& $this->getAccountContainer()->isNewAccount && get_preg($this->attributes['uid'][0], 'username')) {
$groupType = $this->getPosixGroupType();
$sessionKey = 'TMP' . getRandomNumber();
$accountContainerTmp = new accountContainer($groupType, $sessionKey);
$_SESSION[$sessionKey] = &$accountContainerTmp;
$accountContainerTmp->new_account();
$posixGroupModule = $accountContainerTmp->getAccountModule('posixGroup');
$nextGid = $posixGroupModule->getNextGIDs(1, $errors, $groupType);
if ($nextGid !== null) {
$newGroupName = $this->attributes['uid'][0];
$dnNewGroup = 'cn=' . $newGroupName . ',' . $groupType->getSuffix();
$attributesNewGroup = array(
'cn' => array($newGroupName),
'gidNumber' => $nextGid[0],
'objectClass' => array('posixGroup'),
);
$newGroupSuccess = @ldap_add(getLDAPServerHandle(), $dnNewGroup, $attributesNewGroup);
if ($newGroupSuccess) {
$errors[] = array('INFO', _('Created new group.'), htmlspecialchars($newGroupName));
$this->attributes['gidNumber'][0] = $nextGid[0];
$this->groupCache = null;
}
else {
$errors[] = array('ERROR', _('Unable to create new group.'), getDefaultLDAPErrorString(getLDAPServerHandle()));
}
}
}
// Return error-messages // Return error-messages
return $errors; return $errors;
} }
/**
* Returns the first found group type that contains posixGroup.
*
* @return ConfiguredType|null type
*/
private function getPosixGroupType() {
$typeManager = new TypeManager();
$groupTypes = $typeManager->getConfiguredTypesForScope('group');
foreach ($groupTypes as $groupType) {
$modules = $groupType->getModules();
if (in_array('posixGroup', $modules)) {
return $groupType;
}
}
return null;
}
/** /**
* Checks if an attribute contains only ASCII characters and replaces invalid characters. * Checks if an attribute contains only ASCII characters and replaces invalid characters.
* *
@ -1634,7 +1681,16 @@ class posixAccount extends baseModule implements passwordService {
$gidNumberSelect->setHasDescriptiveElements(true); $gidNumberSelect->setHasDescriptiveElements(true);
$return->add($gidNumberSelect, 12); $return->add($gidNumberSelect, 12);
if ($this->get_scope()=='user') { if ($this->get_scope() == 'user') {
// new Unix group with same name
$posixGroupType = $this->getPosixGroupType();
if ($this->getAccountContainer()->isNewAccount
&& !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hideCreateGroup')
&& ($posixGroupType !== null)
&& (!isset($this->attributes['uid'][0]) || !isset($groups[$this->attributes['uid'][0]]))) {
$return->addLabel(new htmlOutputText(' ', false));
$return->addField(new htmlButton('posixAccount_createGroup', _('Create group with same name')));
}
// additional groups // additional groups
if (!$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hidegon') || !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hideposixGroups')) { if (!$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hidegon') || !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hideposixGroups')) {
$return->addLabel(new htmlOutputText(_('Additional groups'))); $return->addLabel(new htmlOutputText(_('Additional groups')));
@ -2215,18 +2271,18 @@ class posixAccount extends baseModule implements passwordService {
$hiddenOptionsContainerHead = new htmlGroup(); $hiddenOptionsContainerHead = new htmlGroup();
$hiddenOptionsContainerHead->addElement(new htmlOutputText(_('Hidden options'))); $hiddenOptionsContainerHead->addElement(new htmlOutputText(_('Hidden options')));
$hiddenOptionsContainerHead->addElement(new htmlHelpLink('hiddenOptions')); $hiddenOptionsContainerHead->addElement(new htmlHelpLink('hiddenOptions'));
$configUserContainer->addLabel($hiddenOptionsContainerHead, 12); $configUserContainer->add($hiddenOptionsContainerHead, 12);
$configUserContainer->addField(new htmlOutputText(''));
$configUserContainer->addVerticalSpacer('0.5rem'); $configUserContainer->addVerticalSpacer('0.5rem');
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegecos', false, _('Gecos'), null, false), 12); $configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegecos', false, _('Gecos'), null, true), 12, 4, 4);
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidepassword', false, _('Password'), null, false), 12); $configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidepassword', false, _('Password'), null, true), 12, 4, 4);
$confActiveGONModules = array_merge($_SESSION['conf_config']->get_AccountModules('group'), $_SESSION['conf_config']->get_AccountModules('gon')); $confActiveGONModules = array_merge($_SESSION['conf_config']->get_AccountModules('group'), $_SESSION['conf_config']->get_AccountModules('gon'));
if (in_array('groupOfNames', $confActiveGONModules) || in_array('groupOfMembers', $confActiveGONModules) || in_array('groupOfUniqueNames', $confActiveGONModules)) { if (in_array('groupOfNames', $confActiveGONModules) || in_array('groupOfMembers', $confActiveGONModules) || in_array('groupOfUniqueNames', $confActiveGONModules)) {
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegon', false, _('Groups of names'), null, false), 12); $configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegon', false, _('Groups of names'), null, true), 12, 4, 4);
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hideposixGroups', false, _('Unix groups'), null, false), 12); $configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hideCreateGroup', false, _('Create group with same name'), null, true), 12, 4, 4);
$syncGroupsCheckbox = new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_syncGroups', false, _('Sync groups'), null, false); $configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hideposixGroups', false, _('Unix groups'), null, true), 12, 4, 4);
$syncGroupsCheckbox = new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_syncGroups', false, _('Sync groups'), null, true);
$syncGroupsCheckbox->setTableRowsToHide(array('posixAccount_' . $typeId . '_syncGroupsExclusions')); $syncGroupsCheckbox->setTableRowsToHide(array('posixAccount_' . $typeId . '_syncGroupsExclusions'));
$configUserContainer->add($syncGroupsCheckbox, 12); $configUserContainer->add($syncGroupsCheckbox, 12, 4, 4);
$configUserContainer->add(new htmlResponsiveInputTextarea('posixAccount_' . $typeId . '_syncGroupsExclusions', '', 20, 4, _('Exclude from group sync'), 'excludeFromGroupSync'), 12); $configUserContainer->add(new htmlResponsiveInputTextarea('posixAccount_' . $typeId . '_syncGroupsExclusions', '', 20, 4, _('Exclude from group sync'), 'excludeFromGroupSync'), 12);
} }
} }

View File

@ -107,6 +107,10 @@ legend {
color:black; color:black;
} }
button {
margin: 0.2rem;
}
input.listPageInput { input.listPageInput {
width: 3em; width: 3em;
text-align: center; text-align: center;