eGW uses now negative id's for groups, this allows to better support ldap (you can have users and groups with identical id's)

2025-02-23 05:41:02 +01:00 · 2005-11-24 19:48:21 +00:00 · 2005-11-24 19:48:21 +00:00 · 9606f6ea25
commit 9606f6ea25
parent e92bd2b0fb
5 changed files with 157 additions and 104 deletions
--- a/phpgwapi/inc/class.accounts.inc.php
+++ b/phpgwapi/inc/class.accounts.inc.php
@ -237,7 +237,7 @@
 					}
 					elseif ($param['type'] == 'owngroups')
 					{
-						$group = -1;
+						$group = true;
 						$param['type'] = 'groups';
 					}
 					$start = $param['start'];
@ -269,7 +269,7 @@
 					}
 					if ($group)
 					{
-						$members = $group > 0 ? $GLOBALS['egw']->acl->get_ids_for_location($group, 1, 'phpgw_group') :
+						$members = is_int($group) ? $GLOBALS['egw']->acl->get_ids_for_location($group, 1, 'phpgw_group') :
 							$GLOBALS['egw']->acl->get_location_list_for_id('phpgw_group', 1,$GLOBALS['egw_info']['user']['account_id']);
 						if (!$members) $members = array();
 						$valid = !$app ? $members : array_intersect($valid,$members);	// use the intersection
@ -303,7 +303,7 @@
 		/**
 		 * Searches / lists accounts: users and/or groups
 		 *
-		 * @deprecated 
+		 * @deprecated use search
 		 */
 		function get_list($_type='both',$start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
 		{
@ -487,23 +487,17 @@
 				return $membership_list[$account_id];
 			}
-			$security_equals = Array();
+			if(!($gids = $GLOBALS['egw']->acl->get_location_list_for_id('phpgw_group', 1, $account_id)))
 			$security_equals = $GLOBALS['egw']->acl->get_location_list_for_id('phpgw_group', 1, $account_id);
 			if ($security_equals == False)
 			{
 				return $membership_list[$account_id] = False;
 			}
-			$this->memberships = Array();
+			$memberships = Array();
-
+			foreach($gids as $gid)
 			for ($idx=0; $idx<count($security_equals); $idx++)
 			{
-				$groups = (int)$security_equals[$idx];
+				$memberships[] = Array('account_id' => $gid, 'account_name' => $this->id2name($gid));
 				$this->memberships[] = Array('account_id' => $groups, 'account_name' => $this->id2name($groups));
 			}
-
+			return $membership_list[$account_id] = $memberships;
 			return $membership_list[$account_id] = $this->memberships;
 		}
 		/**
@ -515,25 +509,27 @@
 		 */
 		function member($accountid = '')
 		{
 			$this->setup_cache();
 			$member_list = &$this->cache['member_list'];
 			$account_id = get_account_id($accountid);
-			$security_equals = Array();
+			if (isset($member_list[$account_id]))
 			$acl =& CreateObject('phpgwapi.acl');
 			$security_equals = $acl->get_ids_for_location($account_id, 1, 'phpgw_group');
 			unset($acl);
 			if ($security_equals == False)
 			{
-				return False;
+				return $member_list[$account_id];
 			}
-			for ($idx=0; $idx<count($security_equals); $idx++)
+			if (!($uids = $GLOBALS['egw']->acl->get_ids_for_location($account_id, 1, 'phpgw_group')))
 			{
-				$name = $this->id2name((int)$security_equals[$idx]);
+				return $member_list[$account_id] = False;
 				$this->members[] = Array('account_id' => (int)$security_equals[$idx], 'account_name' => $name);
 			}
-			return $this->members;
+			$members = array();
 			foreach ($uids as $uid)
 			{
 				$members[] = Array('account_id' => $uid, 'account_name' => $this->id2name($uid));
 			}
 			return $member_list[$account_id] = $members;
 		}
 		/**
@ -620,7 +616,7 @@
 			);
 			foreach($app_users as $id)
 			{
-				$type = $GLOBALS['egw']->accounts->get_type($id);
+				$type = $this->get_type($id);
 				if($type == 'g')
 				{
 					$accounts['groups'][$id] = $id;
@ -662,7 +658,7 @@
 		/**
 		 * phpgw compatibility function, better use split_accounts
 		 *
-		 * @deprecated 
+		 * @deprecated  use split_accounts
 		 */
 		function return_members($accounts)
 		{
@ -732,25 +728,9 @@
 		 */
 		function get_type($accountid)
 		{
 			$this->setup_cache();
 			$account_type = &$this->cache['account_type'];
 			$account_id = get_account_id($accountid);
-			if (isset($this->account_type) && $account_id == $this->account_id)
+			return $account_id > 0 ? 'u' : ($account_id < 0 ? 'g' : false);
 			{
 				return $this->account_type;
 			}
 			if(@isset($account_type[$account_id]) && @$account_type[$account_id])
 			{
 				return $account_type[$account_id];
 			}
 			elseif($account_id == '')
 			{
 				return False;
 			}
 			return $account_type[$account_id] = accounts_::get_type($account_id);
 		}
 		/**
--- a/phpgwapi/inc/class.accounts_ldap.inc.php
+++ b/phpgwapi/inc/class.accounts_ldap.inc.php
@ -36,6 +36,15 @@
 		var $group_context = '';
 		var $total;
 		var $requiredObjectClasses = array(
 			'user' => array(
 				'top','organizationalperson','inetorgperson','posixaccount','shadowaccount','phpgwaccount'
 			),
 			'group' => array(
 				'top','posixgroup','phpgwaccount'
 			)
 		);
 		function accounts_()
 		{
 			$this->ds = $GLOBALS['egw']->common->ldapConnect();
@ -54,7 +63,7 @@
 			/* search the dn for the given uid */
 			if(($acct_type == 'g') && $this->group_context)
 			{
-				$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . (int)$this->account_id);
+				$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$this->account_id));
 			}
 			else
 			{
@ -65,7 +74,7 @@
 			/* Now dump it into the array; take first entry found */
 			if($acct_type =='g')
 			{
-				$this->data['account_id']   = $allValues[0]['gidnumber'][0];
+				$this->data['account_id']   = -$allValues[0]['gidnumber'][0];
 				$this->data['account_lid']  = $allValues[0]['cn'][0];
 				$this->data['firstname']    = $GLOBALS['egw']->translation->convert($allValues[0]['cn'][0],'utf-8');
 				$this->data['lastname']     = lang('Group');
@ -73,7 +82,7 @@
 			else
 			{
 				$this->data['account_id']  = $allValues[0]['uidnumber'][0];
-				$this->data['account_primary_group'] = $allValues[0]['gidnumber'][0];
+				$this->data['account_primary_group'] = -$allValues[0]['gidnumber'][0];
 				$this->data['account_lid'] = $allValues[0]['uid'][0];
 				$this->data['firstname']   = $GLOBALS['egw']->translation->convert($allValues[0]['givenname'][0],'utf-8');
 				$this->data['lastname']    = $GLOBALS['egw']->translation->convert($allValues[0]['sn'][0],'utf-8');
@ -103,13 +112,13 @@
 		function save_repository()
 		{
-			#_debug_array($this->data);
+
 			$acct_type = $this->get_type($this->account_id);
 			/* search the dn for the given u/gidnumber */
 			if(($acct_type == 'g') && $this->group_context)
 			{
-				$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . (int)$this->account_id);
+				$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$this->account_id));
 			}
 			else
 			{
@ -158,7 +167,7 @@
 				}
 				if($this->data['account_primary_group'])
 				{
-					$newData['gidnumber'] = $this->data['account_primary_group'];
+					$newData['gidnumber'] = abs($this->data['account_primary_group']);
 				}
 				if($this->data['lastlogin'])
 				{
@ -189,6 +198,15 @@
 					$newData['mail'] = $this->data['email'];
 				}
 				// check that we have all required objectclasses
 				unset($allValues[0]['objectclass']['count']);
 				// convert all values to lowercase
 				$currentObjectClasses = array_flip(array_change_key_case(array_flip($allValues[0]['objectclass'])));
 				$missingObjectClasses = array_diff($this->requiredObjectClasses['user'],$currentObjectClasses);
 				if(count($missingObjectClasses) > 0)
 				{
 					$newData['objectclass'] = array_merge($currentObjectClasses, $missingObjectClasses);
 				}
 				$newAccountID = $newData['uid'];
 				$oldAccountID = $newData['uid'];
 			}
@ -199,7 +217,7 @@
 					$this->data['account_lid'],
 					$GLOBALS['egw']->translation->charset(), 'utf-8'
 				);
-				$newData['gidnumber'] = $this->account_id;
+				$newData['gidnumber'] = abs($this->account_id);
 				$newGroupID = $newData['cn'];
 				$oldGroupID = $newData['cn'];
 			}
@ -362,7 +380,7 @@
 				foreach($this->data['account_groups'] as $key => $value)
 				{
 					// search for the group
-					$filter    = 'gidnumber=' . (int)$value;
+					$filter    = 'gidnumber=' . abs((int)$value);
 					$justThese = array('memberuid');
 					$sri = ldap_search($this->ds, $this->group_context, $filter, $justThese);
 					if($sri)
@ -401,7 +419,7 @@
 			$account_id = get_account_id($accountid);
 			$account_lid = $this->id2name((int)$account_id);
-			$filter = 'gidnumber=' . (int)$account_id;
+			$filter = 'gidnumber=' . abs((int)$account_id);
 			$sri = ldap_search($this->ds, $this->group_context, $filter);
 			if($sri)
 			{
@ -453,7 +471,7 @@
 			}
 		}
-		function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '',$query_type='')
+		function get_list($_type='both', $start = '',$sort = '', $order = '', $query = '', $offset = '', $query_type='')
 		{
 			//print "\$_type=$_type, \$start=$start , \$sort=$sort, \$order=$order, \$query=$query, \$offset=$offset, \$query_type=$query_type<br>";
 			$query = strtolower($query);
@ -530,7 +548,7 @@
 					if (!$GLOBALS['egw_info']['server']['global_denied_groups'][$test] && $allVals['cn'][0])
 					{
 						$accounts[] = Array(
-							'account_id'        => $allVals['gidnumber'][0],
+							'account_id'        => -$allVals['gidnumber'][0],
 							'account_lid'       => $allVals['cn'][0],
 							'account_type'      => $allVals['phpgwaccounttype'][0],
 							'account_firstname' => $GLOBALS['egw']->translation->convert($allVals['givenname'][0],'utf-8'),
@ -549,7 +567,6 @@
 			}
 			$sortedAccounts = $arrayFunctions->arfsort($accounts,explode(',',$order),$sort);
 			$this->total = count($accounts);
 			// return only the wanted accounts
 			if (is_array($sortedAccounts))
 			{
@ -579,7 +596,7 @@
 				if (@$allValues[0]['gidnumber'][0])
 				{
-					return (int)$allValues[0]['gidnumber'][0];
+					return -(int)$allValues[0]['gidnumber'][0];
 				}
 			}
 			$to_ldap = array(
@ -605,7 +622,7 @@
 			if ($which == 'account_lid' || $which == 'account_type')	// groups only support account_lid and account_type
 			{
 				$allValues = array();
-				$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
+				$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . abs((int)$account_id) . ')(phpgwaccounttype=g))');
 				$allValues = ldap_get_entries($this->ds, $sri);
 				$attr = $which == 'account_lid' ? 'cn' : 'phpgwaccounttype';
@ -634,28 +651,6 @@
 			return False;
 		}
 		function get_type($account_id)
 		{
 			$allValues = array();
 			$sri = ldap_search($this->ds, $this->user_context, '(&(uidnumber=' . (int)$account_id . ')(phpgwaccounttype=u))');
 			$allValues = ldap_get_entries($this->ds, $sri);
 			if ($allValues[0]['phpgwaccounttype'][0])
 			{
 				return $allValues[0]['phpgwaccounttype'][0];
 			}
 			$allValues = array();
 			$sri = ldap_search($this->ds, $this->group_context, '(&(gidnumber=' . (int)$account_id . ')(phpgwaccounttype=g))');
 			$allValues = ldap_get_entries($this->ds, $sri);
 			if ($allValues[0]['phpgwaccounttype'][0])
 			{
 				return $allValues[0]['phpgwaccounttype'][0];
 			}
 			return False;
 		}
 		/*
 		 * returns nonzero if $account exists in LDAP: 0: nowhere 1: user accounts, 2: group accounts, 3: both
 		 * $account can be an account_id (LDAP: uidnumber) or an account_lid (LDAP: uid) (is determinded by ettype($account) == 'integer')
@ -667,13 +662,12 @@
 			$users  = array();
 			$groups = array();
-			if(is_int($account))
+			if(is_numeric($account))
 			{
 				$ldapgroup = 'gidnumber';
 				$ldapacct  = 'uidnumber';
 				$account   = (int)$account;
 				/* If data is cached, use it. */
-				if(@isset($by_id[$account]) && @$by_id[$account])
+				if(isset($by_id[$account]))
 				{
 					return $by_id[$account];
 				}
@ -693,7 +687,7 @@
 			if ($acct_type == 'g' && $this->group_context)
 			{
-				$sri = ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . $account);
+				$sri = ldap_search($this->ds, $this->group_context, $ldapgroup . '=' . abs($account));
 				$groups = ldap_get_entries($this->ds, $sri);
 			}
 			$sri = ldap_search($this->ds, $this->user_context, $ldapacct . '=' . $account);
@ -718,7 +712,6 @@
 				$by_lid[$account] = $in;
 				$by_id[$this->name2id($account)] = $in;
 			}
 			return $in;
 		}
@ -732,7 +725,7 @@
 			}
 			else
 			{
-				$account_id = $account_info['account_id'];
+				$account_id = abs($account_info['account_id']);
 			}
 			$entry['userpassword']              = $account_info['account_passwd'];
 			$entry['phpgwaccounttype']          = $account_info['account_type'];
@ -817,6 +810,7 @@
 					$dn = 'cn='.$account_info['account_lid'] . ',' . $this->group_context;
 					unset($entry['homedirectory']);
 					unset($entry['loginshell']);
 					unset($entry['userpassword']);
 					$entry['objectclass'][0] = 'top';
 					$entry['objectclass'][1] = 'posixGroup';
 					$entry['objectclass'][2] = 'phpgwAccount';
@ -863,7 +857,7 @@
 					}
 					$entry['uid']            = $account_info['account_lid'];
 					$entry['uidnumber']      = $account_id;
-					$entry['gidnumber']      = $account_info['account_primary_group'];
+					$entry['gidnumber']      = abs($account_info['account_primary_group']);
 					$entry['userpassword']   = $GLOBALS['egw']->common->encrypt_password($account_info['account_passwd']);
 					$entry['objectclass'][0] = 'top';
 					$entry['objectclass'][1] = 'person';
@ -936,7 +930,14 @@
 				$GLOBALS['egw']->preferences->create_defaults($account_id);
 			}
-			return $account_id;
+			if($account_info['account_type'] == 'g')
 			{
 				return -$account_id;
 			}
 			else
 			{
 				return $account_id;
 			}
 		}
 		function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
@ -969,11 +970,11 @@
 			$default_group_id  = $this->name2id($GLOBALS['egw_info']['server']['default_group_lid']);
 			if (!$default_group_id)
 			{
-				$default_group_id = (int) $this->name2id('Default');
+				$default_group_id = abs((int)$this->name2id('Default'));
 			}
 			$primary_group = $GLOBALS['auto_create_acct']['primary_group'] &&
 				$this->get_type((int)$GLOBALS['auto_create_acct']['primary_group']) == 'g' ?
-				(int) $GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
+				(int)$GLOBALS['auto_create_acct']['primary_group'] : $default_group_id;
 			$acct_info = array(
 				'account_lid'       => $accountname,
@ -1063,7 +1064,7 @@
 			/* search the dn for the given uid */
 			if(($acct_type == 'g') && $this->group_context)
 			{
-				$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . (int)$account_id);
+				$sri = ldap_search($this->ds, $this->group_context, 'gidnumber=' . abs((int)$account_id));
 			}
 			else
 			{
@ -1109,10 +1110,10 @@
 			$entry['phpgwaccountlastloginfrom'] = $ip;
 			$sri = ldap_search($this->ds, $GLOBALS['egw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
-			$allValues = ldap_get_entries($ds, $sri);
+			$allValues = ldap_get_entries($this->ds, $sri);
 			$dn = $allValues[0]['dn'];
-			@ldap_modify($ds, $dn, $entry);
+			@ldap_modify($this->ds, $dn, $entry);
 			return $allValues[0]['phpgwaccountlastlogin'][0];
 		}
--- a/phpgwapi/inc/class.accounts_sql.inc.php
+++ b/phpgwapi/inc/class.accounts_sql.inc.php
@ -260,11 +260,6 @@
 			return False;
 		}
 		function get_type($account_id)
 		{
 			return $this->id2name($account_id,'account_type');
 		}
 		function exists($account_lid)
 		{
 			static $by_id, $by_lid;
@ -324,7 +319,14 @@
 			}
 			$this->db->insert($this->table,$account_data,False,__LINE__,__FILE__);
-			return $this->db->get_last_insert_id($this->table,'account_id');
+			$id = $account_data['account_id'] ? $account_data['account_id'] : $this->db->get_last_insert_id($this->table,'account_id');
 			if ($id > 0)
 			{
 				$this->db->update($this->table,array('account_id' => -$id),array('account_id' => $id),__LINE__,__FILE__);
 				return -$id;
 			}
 			return $id;
 		}
 		function auto_add($accountname, $passwd, $default_prefs = False, $default_acls = False, $expiredate = 0, $account_status = 'A')
@ -387,9 +389,7 @@
 			$this->db->transaction_begin();
-			$this->create($acct_info); /* create the account */
+			$accountid = $this->create($acct_info); /* create the account */
 			$accountid = $this->name2id($accountname); /* grab the account id or an error code */
 			if ($accountid) /* begin account setup */
 			{
--- a/phpgwapi/setup/setup.inc.php
+++ b/phpgwapi/setup/setup.inc.php
@ -14,7 +14,7 @@
 	/* Basic information about this app */
 	$setup_info['phpgwapi']['name']      = 'phpgwapi';
 	$setup_info['phpgwapi']['title']     = 'eGroupWare API';
-	$setup_info['phpgwapi']['version']   = '1.0.1.029';
+	$setup_info['phpgwapi']['version']   = '1.2';
 	$setup_info['phpgwapi']['versions']['current_header'] = '1.28';
 	$setup_info['phpgwapi']['enable']    = 3;
 	$setup_info['phpgwapi']['app_order'] = 1;
--- a/phpgwapi/setup/tables_update.inc.php
+++ b/phpgwapi/setup/tables_update.inc.php
@ -907,4 +907,76 @@
 		return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.0.1.029';
 	}
 	$test[] = '1.0.1.029';
 	function phpgwapi_upgrade1_0_1_029()
 	{
 		// convert all positive group id's to negative ones
 		// this allows duplicate id for users and groups in ldap
 		$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->config_table,'config_value',array(
 			'config_name' => 'account_repository',
 			'config_app'  => 'phpgwapi',
 		),__LINE__,__FILE__);
 		if($GLOBALS['egw_setup']->db->next_record() && $GLOBALS['egw_setup']->db->f('config_value') == 'ldap')
 		{
 			$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->acl_table,'DISTINCT acl_location',array(
 				'acl_appname' => 'phpgw_group',
 				'acl_location > 0',
 			),__LINE__,__FILE__);
 		}
 		else
 		{
 			$GLOBALS['egw_setup']->db->select($GLOBALS['egw_setup']->accounts_table,'account_id',array(
 				'account_type' => 'g',
 				'account_id > 0',
 			),__LINE__,__FILE__);
 		}
 		$groupIDs = array();
 		while($GLOBALS['egw_setup']->db->next_record())
 		{
 			$groupIDs[] = $GLOBALS['egw_setup']->db->f(0);
 		}
 		$tables = array();
 		foreach($GLOBALS['egw_setup']->db->table_names() as $data)
 		{
 			$tables[] = $data['table_name'];
 		}
 		foreach(array(
 			array('egw_acl','acl_location'),
 			array('egw_acl','acl_account'),
 			array('egw_accounts','account_id',"account_type='g'"),
 			array('egw_accounts','account_primary_group',"account_type='u'"),
 			array('egw_cal_user','cal_user_id',"cal_user_type='u'"),
 			array('egw_wiki_pages','wiki_readable',true),
 			array('egw_wiki_pages','wiki_writable',true),
 		) as $data)
 		{
 			$where = false;
 			list($table,$col,$where) = $data;
 			if (!in_array($table,$tables)) continue;	// app is not installed
 			if ($col == 'acl_location')	// varchar not int!
 			{
 				$set = $col.'='.$GLOBALS['egw_setup']->db->concat("'-'",$col);
 				$in = "$col IN ('".implode("','",$groupIDs)."')";
 			}
 			else
 			{
 				$set = "$col=-$col";
 				$in = "$col IN (".implode(',',$groupIDs).')';				
 			}
 			if ($where === true)
 			{
 				$in = '';
 				$where = '1=1';
 			}
 			$query = "UPDATE $table SET $set WHERE $in".($in && $where ? ' AND ' : '').$where;
 			//echo "<p>$query</p>\n";
 			$GLOBALS['egw_setup']->db->query($query,__LINE__,__FILE__);
 		}
 		return $GLOBALS['setup_info']['phpgwapi']['currentver'] = '1.2';
 	}
 ?>