A very first step to remodel our current admin backend:

- all commands get loged and optional documented with requesting person and a comment - all commands can be run immediatly or scheduled for a later execusion - all commands can be run either from a command line (admin-cli), from the web GUI or via a remore administration from a different instance current status: - command queue / history table created (need to be installed) - base class for all comments - one exemplary command to change application rights of users or groups - admin-cli used the above comment and has additional parameters to set the requesting person, scheduled execution time and comment - GUI to watch the queue / history - URL to excute/schedule commands remote More to come now on a daily basis
2007-11-22 00:57:12 +00:00 · 2007-11-22 00:57:12 +00:00 · 462719d45e
commit 462719d45e
parent a453c389e5
10 changed files with 1113 additions and 54 deletions
--- a/admin/admin-cli.php
+++ b/admin/admin-cli.php
@ -27,12 +27,16 @@ else
 {
 	$action = '--help';
 }
 // this is kind of a hack, as the autocreate_session_callback can not change the type of the loaded account-class
 // so we need to make sure the right one is loaded by setting the domain before the header gets included.
-$arg0s = explode(',',@$arguments[0]);
+$arg0s = explode(',',@array_shift($arguments));
@list(,$_GET['domain']) = explode('@',$arg0s[0]);
-if (is_dir('/tmp')) ini_set('session.save_path','/tmp');	// regular users may have no rights to apache's session dir
+if (!is_writable(ini_get('session.save_path')) && is_dir('/tmp') && is_writable('/tmp'))
 {
 	ini_set('session.save_path','/tmp');	// regular users may have no rights to apache's session dir
 }
 $GLOBALS['egw_info'] = array(
 	'flags' => array(
@ -68,6 +72,9 @@ switch($action)
 	case '--change-account-id':
 		return do_change_account_id($arg0s);
 	case '--subscribe-other':
 		return do_subscribe_other($arg0s[2],$arg0s[3]);
 	case '--check-acl';
 		return do_check_acl();
@ -80,6 +87,43 @@ switch($action)
 }
 exit(0);
 /**
 * run a command object, after checking for additional arguments: sheduled, requested or comment
 *
 * @param admin_cmd $cmd
 * @return string see admin_cmd::run()
 */
 function run_command($cmd)
 {
 	global $arguments;
 	while ($arguments && ($extra = array_shift($arguments)))
 	{
 		switch($extra)
 		{
 			case '--shedule':	// shedule the command instead of running it directly
 				$time = admin_cmd::parse_date(array_shift($arguments));
 				break;
 			case '--requested':	// note who requested to run the command
 				$cmd->requested = 0;
 				$cmd->requested_email = array_shift($arguments);
 				break;
 			case '--comment':	// note a comment
 				$cmd->comment = array_shift($arguments);
 				break;
 			default:
 				//fail(99,lang('Unknown option %1',$extra);
 				echo lang('Unknown option %1',$extra)."\n\n";
 				usage('',99);
 				break;
 		}
 	}
 	return $cmd->run($time);
 }
 /**
 * callback to authenticate with the user/pw specified on the commandline
 * 
@ -118,7 +162,7 @@ function user_pass_from_argv(&$account)
 function usage($action=null,$ret=0)
 {
 	$cmd = basename($_SERVER['argv'][0]);
-	echo "Usage: $cmd --command admin-account[@domain],admin-password,options,...\n\n";
+	echo "Usage: $cmd --command admin-account[@domain],admin-password,options,... [--schedule {YYYY-mm-dd|+1 week|+5 days}] [--requested 'Name <email>'] [--comment 'comment ...']\n\n";
 	echo "--edit-user admin-account[@domain],admin-password,account[=new-account-name],first-name,last-name,password,email,expires{never(default)|YYYY-MM-DD|already},can-change-pw{yes(default)|no},anon-user{yes|no(default)},primary-group{Default(default)|...}[,groups,...]\n";
 	echo "	Edit or add a user to eGroupWare. If you specify groups, they *replace* the exiting memberships!\n";
@ -156,6 +200,16 @@ function do_account_app($args,$allow)
 	array_shift($args);	// admin-pw
 	$account = array_shift($args);
 	include_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd_account_app.inc.php');
 	$cmd = new admin_cmd_account_app($allow,$account,$args);
 	$msg = run_command($cmd);
 	if ($cmd->errno)
 	{
 		fail($cmd->errno,$cmd->error);
 	}
 	echo $msg."\n\n";
 	return 0;
 	if ($GLOBALS['egw']->acl->check('account_access',16,'admin'))	// user is explicitly forbidden to edit accounts
 	{
 		fail(2,lang("Permission denied !!!"));
@ -883,3 +937,59 @@ function list_exit_codes()
 		echo $num."\t".str_replace("\n","\n\t",$msg)."\n";
 	}
 }
 /**
 * Read the IMAP ACLs
 *
 * @param array $args admin-account[@domain],admin-password,accout_lid[,pw]
 * @return int 0 on success
 */
 function do_subscribe_other($account_lid,$pw=null)
 {
 	if (!($account_id = $GLOBALS['egw']->accounts->name2id($account_lid)))
 	{
 		fail(15,lang("Unknown account: %1 !!!",$account_lid));		
 	}
 	$GLOBALS['egw_info']['user'] = array(
 		'account_id' => $account_id,
 		'account_lid' => $account_lid,
 		'passwd' => $pw,
 	);
 	include_once(EGW_INCLUDE_ROOT.'/emailadmin/inc/class.bo.inc.php');
 	$emailadmin = new bo();
 	$user_profile = $emailadmin->getUserProfile('felamimail');
 	unset($emailadmin);
 	$icServer = new cyrusimap();
 	//$icServer =& $user_profile->ic_server[0];
 	//print_r($icServer);
 	$icServer->openConnection(!$pw);
 	$delimiter = $icServer->getHierarchyDelimiter();
 	$mailboxes = $icServer->getMailboxes();
 	//print_r($mailboxes);
 	$own_mbox = 'user'.$delimiter.$account_lid;
 	foreach($mailboxes as $n => $mailbox)
 	{
 //		if ($n < 1) continue;
 		if (substr($mailbox,0,5) != 'user'.$delimiter || substr($mailbox,0,strlen($own_mbox)) == $own_mbox) continue;
 		if (!$pw) $mailbox = str_replace('INBOX','user'.$delimiter.$account_lid,$mailbox);
 /*		$rights = $icServer->getACL($mailbox);
 		echo "getACL($mailbox)\n";
 		foreach($rights as $data)
 		{
 			echo $data['USER'].' '.$data['RIGHTS']."\n";
 		}*/
 		echo "subscribing $mailbox for $account_lid\n";
 		//$icServer->subscribeMailbox($mailbox);
 		//exit;
 	}
 }
--- a/admin/inc/class.admin_cmd.inc.php
+++ b/admin/inc/class.admin_cmd.inc.php
@ -0,0 +1,602 @@
 <?php
 /**
 * eGgroupWare admin - admin command base class
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @package admin
 * @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @version $Id$ 
 */
 /**
 * admin comand base class
 */
 abstract class admin_cmd
 {
 	const edit_user = 16;
 	const deleted = 0;
 	const scheduled = 1;
 	const successful = 2;
 	const failed = 3;
 	/**
 	 * The status of the command, one of either scheduled, successful, failed or deleted
 	 * 
 	 * @var int
 	 */
 	private $status;
 	static $stati = array(
 		admin_cmd::scheduled   => 'scheduled',
 		admin_cmd::successful => 'successful',
 		admin_cmd::failed     => 'failed',
 		admin_cmd::deleted    => 'deleted',
 	);
 	protected $created;
 	protected $creator;
 	protected $creator_email;
 	private $scheduled;
 	private $modified;
 	private $modifier;
 	private $modifier_email;
 	private $error;
 	private $errno;
 	public $requested;
 	public $requested_email;
 	public $comment;
 	private $id;
 	private $uid;
 	private $type = __CLASS__;
 	/**
 	 * Stores the data of the derived classes
 	 *
 	 * @var array
 	 */
 	private $data = array();
 	/**
 	 * Instance of the accounts class, after calling instanciate_accounts!
 	 *
 	 * @var accounts
 	 */
 	static protected $accounts;
 	/**
 	 * Instance of the acl class, after calling instanciate_acl!
 	 *
 	 * @var acl
 	 */
 	static protected $acl;
 	/**
 	 * Instance of so_sql for egw_admin_queue
 	 *
 	 * @var so_sql
 	 */
 	static private $sql;
 	/**
 	 * Executes the command
 	 * 
 	 * @return string success message
 	 * @throws Exception()
 	 */
 	abstract function exec();
 	/**
 	 * Return a title / string representation for a given command, eg. to display it
 	 *
 	 * @return string
 	 */
 	function __tostring()
 	{
 		return $this->type;
 	}
 	/**
 	 * Constructor
 	 *
 	 * @param array $data class vars as array
 	 */
 	function __construct(array $data)
 	{
 		$this->created = time();
 		$this->creator = $GLOBALS['egw_info']['user']['account_id'];
 		$this->creator_email = admin_cmd::user_email();
 		$this->type = get_class($this);
 		foreach($data as $name => $value)
 		{
 			$this->$name = $name == 'data' && !is_array($value) ? unserialize($value) : $value;
 		}
 		//_debug_array($this); exit;
 	}
 	/**
 	 * runs the command either immediatly ($time=null) or shedules it for the given time
 	 *
 	 * The command will be written to the database queue, incl. its scheduled start time or execution status
 	 *
 	 * @param $time=null timestamp to run the command or null to run it immediatly
 	 * @param $set_modifier=null should the current user be set as modifier, default true
 	 * @return mixed string with execution error or success message, false for other errors
 	 */
 	function run($time=null,$set_modifier=true)
 	{
 		if (!is_null($time))
 		{
 			$this->scheduled = $time;
 			$this->status = admin_cmd::scheduled;
 			$ret = lang('Command scheduled to run at %1',date('Y-m-d H:i',$time));
 		}
 		else
 		{
 			try {
 				$ret = $this->exec();
 				$this->status = admin_cmd::successful;
 			}
 			catch (Exception $e) {
 				$this->error = $e->getMessage();
 				$ret = $this->errno = $e->getCode();
 				$this->status = admin_cmd::failed;
 			}
 		}
 		if (!$this->save($set_modifier))
 		{
 			return false;
 		}
 		return $ret;
 	}
 	/**
 	 * Delete / canncels a scheduled command
 	 *
 	 * @return boolean true on success, false otherwise
 	 */
 	function delete()
 	{
 		if ($this->status != admin_cmd::scheduled) return false;
 		$this->status = admin_cmd::deleted;
 		return $this->save();
 	}
 	/**
 	 * Saving the object to the database
 	 *
 	 * @param boolean $set_modifier=true set the current user as modifier or 0 (= run by the system)
 	 * @return boolean true on success, false otherwise
 	 */
 	function save($set_modifier=true)
 	{
 		admin_cmd::_instanciate_sql();
 		if (!is_null($this->id))
 		{
 			$this->modified = time();
 			$this->modifier = $set_modifier ? $GLOBALS['egw_info']['user']['account_id'] : 0;
 			if ($set_modifier) $this->modifier_email = admin_cmd::user_email();
 		}
 		$vars = get_object_vars($this);
 		$vars['data'] = serialize($vars['data']);	// data is stored serialized
 		admin_cmd::$sql->init($vars);
 		if (admin_cmd::$sql->save() != 0)
 		{
 			return false;
 		}
 		if (is_null($this->id))
 		{
 			$this->id = admin_cmd::$sql->data['id'];
 			// if the cmd has no uid yet, we create one from our id and the install-id of this eGW instance
 			if (!$this->uid)
 			{
 				$this->uid = $this->id.'-'.$GLOBALS['egw_info']['server']['install_id'];
 				admin_cmd::$sql->save(array('uid' => $this->uid));
 			}
 		}
 		// install an async job, if we saved a scheduled job
 		if ($this->status == admin_cmd::scheduled)
 		{
 			admin_cmd::_set_async_job();
 		}
 		return true;
 	}
 	/**
 	 * reading a command from the queue returning the comand object
 	 *
 	 * @static 
 	 * @param int/string $id id or uid of the command
 	 * @return admin_cmd or null if record not found
 	 * @throws Exception(lang('Unknown command %1!',$class),0);
 	 */
 	static function read($id)
 	{
 		admin_cmd::_instanciate_sql();
 		$keys = is_numeric($id) ? array('id' => $id) : array('uid' => $id);
 		if (!($data = admin_cmd::$sql->read($keys)))
 		{
 			return $data;
 		}
 		return admin_cmd::instanciate($data);
 	}
 	/**
 	 * Instanciated the object / subclass using the given data
 	 *
 	 * @static 
 	 * @param array $data
 	 * @return admin_cmd
 	 * @throws Exception(lang('Unknown command %1!',$class),0);
 	 * @throws Exception(lang('%1 is no command!',$class),0);
 	 */
 	static function instanciate(array $data)
 	{
 		if (isset($data['data']) && !is_array($data['data']))
 		{
 			$data['data'] = unserialize($data['data']);
 		}
 		if (!class_exists($class = $data['type']))
 		{
 			list($app) = explode('_',$class);
 			@include_once(EGW_INCLUDE_ROOT.'/'.$app.'/inc/class.'.$class.'.inc.php');
 			if (!class_exists($class))
 			{
 				throw new Exception(lang('Unknown command %1!',$class),0);
 			}
 		}
 		$cmd = new $class($data);
 		if ($cmd instanceof admin_cmd)	// dont allow others classes to be executed that way!
 		{
 			return $cmd;
 		}
 		throw new Exception(lang('%1 is no command!',$class),0);
 	}
 	/**
 	 * calling get_rows of our static so_sql instance
 	 *
 	 * @static 
 	 * @param array $query
 	 * @param array &$rows
 	 * @param array $readonlys
 	 * @return int
 	 */
 	static function get_rows($query,&$rows,$readonlys)
 	{
 		admin_cmd::_instanciate_sql();
 		return admin_cmd::$sql->get_rows($query,$rows,$readonlys);
 	}
 	/**
 	 * calling search method of our static so_sql instance
 	 *
 	 * @static 
 	 * @param array/string $criteria array of key and data cols, OR a SQL query (content for WHERE), fully quoted (!)
 	 * @param boolean/string/array $only_keys=true True returns only keys, False returns all cols. or 
 	 *	comma seperated list or array of columns to return
 	 * @param string $order_by='' fieldnames + {ASC|DESC} separated by colons ',', can also contain a GROUP BY (if it contains ORDER BY)
 	 * @param string/array $extra_cols='' string or array of strings to be added to the SELECT, eg. "count(*) as num"
 	 * @param string $wildcard='' appended befor and after each criteria
 	 * @param boolean $empty=false False=empty criteria are ignored in query, True=empty have to be empty in row
 	 * @param string $op='AND' defaults to 'AND', can be set to 'OR' too, then criteria's are OR'ed together
 	 * @param mixed $start=false if != false, return only maxmatch rows begining with start, or array($start,$num), or 'UNION' for a part of a union query
 	 * @param array $filter=null if set (!=null) col-data pairs, to be and-ed (!) into the query without wildcards
 	 * @return array
 	 */
 	static function &search($criteria,$only_keys=True,$order_by='',$extra_cols='',$wildcard='',$empty=False,$op='AND',$start=false,$filter=null)
 	{
 		admin_cmd::_instanciate_sql();
 		return admin_cmd::$sql->search($criteria,$only_keys,$order_by,$extra_cols,$wildcard,$empty,$op,$start,$filter);
 	}
 	/**
 	 * Instanciate our static so_sql object
 	 *
 	 * @static 
 	 */
 	private static function _instanciate_sql()
 	{
 		include_once(EGW_INCLUDE_ROOT.'/etemplate/inc/class.so_sql.inc.php');
 		if (is_null(admin_cmd::$sql))
 		{
 			admin_cmd::$sql = new so_sql('admin','egw_admin_queue',null,'cmd_');
 		}
 	}
 	/**
 	 * magic method to read a property, all non admin-cmd properties are stored in the data array
 	 * 
 	 * @param string $property
 	 * @return mixed
 	 */
 	function __get($property)
 	{
 		if (property_exists('admin_cmd',$property))
 		{
 			return $this->$property;	// making all (non static) class vars readonly available
 		}
 		return $this->data[$property];
 	}
 	/**
 	 * magic method to set a property, all non admin-cmd properties are stored in the data array
 	 *
 	 * @param string $property
 	 * @param mixed $value
 	 * @return mixed
 	 */
 	protected function __set($property,$value)
 	{
 		$this->data[$property] = $value;
 	}
 	/**
 	 * Return the whole object-data as array, it's a cast of the object to an array
 	 *
 	 * @return array
 	 */
 	function as_array()
 	{
 		$vars = get_object_vars($this);
 		unset($vars['data']);
 		if ($this->data) $vars += $this->data;
 		return $vars;
 	}
 	/**
 	 * Check if the creator is still admin and has the neccessary admin rights
 	 *
 	 * @param string $extra_acl=null further admin rights to check, eg. 'account_access'
 	 * @param int $extra_deny=null further admin rights to check, eg. 16 = deny edit accounts
 	 * @throws Exception(lang("Permission denied !!!"),2);
 	 */
 	protected function _check_admin($extra_acl=null,$extra_deny=null)
 	{
 		if ($this->creator)
 		{
 			admin_cmd::_instanciate_acl($this->creator);
 			// todo: check only if and with $this->creator
 			if (!admin_cmd::$acl->check('run',1,'admin') &&		// creator is no longer admin
 				$extra_acl && $extra_deny && admin_cmd::$acl->check($extra_acl,$extra_deny,'admin'))	// creator is explicitly forbidden to do something
 			{
 				throw new Exception(lang("Permission denied !!!"),2);
 			}
 		}
 	}
 	/**
 	 * parse application names, titles or localised names and return array of app-names
 	 *
 	 * @param array $apps names, titles or localised names
 	 * @return array of app-names
 	 * @throws Exception(lang("Application '%1' not found (maybe not installed or misspelled)!",$name),8);
 	 */
 	protected static function _parse_apps(array $apps)
 	{
 		foreach($apps as $key => $name)
 		{
 			if (!isset($GLOBALS['egw_info']['apps'][$name]))
 			{
 				foreach($GLOBALS['egw_info']['apps'] as $app => $data)	// check against title and localised name
 				{
 					if (!strcasecmp($name,$data['title']) || !strcasecmp($name,lang($app)))
 					{
 						$apps[$key] = $name = $app;
 						break;
 					}
 				}
 			}
 			if (!isset($GLOBALS['egw_info']['apps'][$name]))
 			{
 				throw new Exception(lang("Application '%1' not found (maybe not installed or misspelled)!",$name),8);
 			}
 		}
 		return $apps;
 	}
 	/**
 	 * parse account name or id
 	 *
 	 * @param string/int $account
 	 * @param boolean $allow_only=null true=only user, false=only groups, default both
 	 * @return int account_id
 	 * @throws Exception(lang("Unknown account: %1 !!!",$this->account),15);
 	 * @throws Exception(lang("Wrong account type: %1 is NO %2 !!!",$account,$allow_only?lang('user'):lang('group')),15);
 	 */
 	protected static function _parse_account($account,$allow_only=null)
 	{
 		if (!($type = admin_cmd::$accounts->exists($account)) || 
 			!is_numeric($id=$account) && !($id = admin_cmd::$accounts->name2id($account)))
 		{
 			throw new Exception(lang("Unknown account: %1 !!!",$account),15);
 		}
 		if (!is_null($allow_only) && $allow_only !== ($type == 1))
 		{
 			throw new Exception(lang("Wrong account type: %1 is NO %2 !!!",$account,$allow_only?lang('user'):lang('group')),15);
 		}
 		if ($type == 2 && $id > 0) $id = -$id;	// groups use negative id's internally, fix it, if user given the wrong sign
 		return $id;
 	}
 	/**
 	 * Parses a date into an integer timestamp
 	 *
 	 * @param string $date
 	 * @return int timestamp
 	 */
 	static function parse_date($date)
 	{
 		if (!is_numeric($date))	// we allow to input a timestamp
 		{
 			$datein = $date;
 			// convert german DD.MM.YYYY format into ISO YYYY-MM-DD format
 			$date = preg_replace('/^([0-9]{1,2})\.([0-9]{1,2})\.([0-9]{4})$/','\3-\2-\1',$date);
 			if (($date = strtotime($date))  === false)
 			{
 				throw new Exception(lang('Invalid formated date "%1"!',$datein),998);
 			}
 		}
 		return (int)$date;
 	}
 	/**
 	 * Instanciated accounts class
 	 *
 	 * @todo accounts class instanciation for setup
 	 * @throws Exception(lang('%1 class not instanciated','accounts'),999);
 	 */
 	protected function _instanciate_accounts()
 	{
 		if (!is_object(admin_cmd::$accounts))
 		{
 			if (!is_object($GLOBALS['egw']->accounts))
 			{
 				throw new Exception(lang('%1 class not instanciated','accounts'),999);
 			}
 			admin_cmd::$accounts = $GLOBALS['egw']->accounts;
 		}
 	}
 	/**
 	 * Instanciated acl class
 	 *
 	 * @todo acl class instanciation for setup
 	 * @param int $account=null account_id the class needs to be instanciated for, default need only account-independent methods
 	 * @throws Exception(lang('%1 class not instanciated','acl'),999);
 	 */
 	protected function _instanciate_acl($account=null)
 	{
 		if (!is_object(admin_cmd::$acl) || $account && admin_cmd::$acl->account_id != $account)
 		{
 			if (!is_object($GLOBALS['egw']->acl))
 			{
 				throw new Exception(lang('%1 class not instanciated','acl'),999);
 			}
 			if ($account && $GLOBALS['egw']->acl->account_id != $account)
 			{
 				admin_cmd::$acl = new acl($account);
 				admin_cmd::$acl->read_repository();
 			}
 			else
 			{
 				admin_cmd::$acl = $GLOBALS['egw']->acl;
 			}
 		}
 	}
 	/**
 	 * RFC822 email address of the an account, eg. "Ralf Becker <RalfBecker@egroupware.org>"
 	 *
 	 * @param $account_id=null account_id, default current user
 	 * @return string
 	 */
 	static function user_email($account_id=null)
 	{
 		if ($account_id)
 		{
 			admin_cmd::_instanciate_accounts();
 			$fullname = admin_cmd::$accounts->id2name($account_id,'account_fullname');
 			$email = admin_cmd::$accounts->id2name($account_id,'account_email');
 		}
 		else
 		{
 			$fullname = $GLOBALS['egw_info']['user']['account_fullname'];
 			$email = $GLOBALS['egw_info']['user']['account_email'];
 		}
 		return $fullname . ($email ? ' <'.$email.'>' : '');
 	}
 	/**
 	 * Semaphore to not permanently set new jobs, while we running the current ones
 	 *
 	 * @var boolean
 	 */
 	private static $running_queued_jobs = false;
 	const async_job_id = 'admin-command-queue';
 	/**
 	 * Setup an async job to run the next scheduled command
 	 * 
 	 * Only needs to be called if a new command gets scheduled
 	 * 
 	 * @return boolean true if job installed, false if not necessary
 	 */
 	private static function _set_async_job()
 	{
 		if (admin_cmd::$running_queued_jobs)
 		{
 			return false;
 		}
 		if (!($jobs = admin_cmd::search(array(),false,'cmd_scheduled','','',false,'AND',array(0,1),array(
 			'cmd_status' => admin_cmd::scheduled,
 		))))
 		{
 			return false;		// no schduled command, no need to setup the job
 		}
 		$next = $jobs[0];
 		if (($time = $next['scheduled']) < time())	// should run immediatly
 		{
 			return admin_cmd::run_queued_jobs();
 		}
 		include_once(EGW_API_INC.'/class.asyncservice.inc.php');
 		$async =& new asyncservice();
 		// we cant use this class as callback, as it's abstract and ExecMethod used by the async service instanciated the class!
 		list($app) = explode('_',$class=$next['type']);
 		$callback = $app.'.'.$class.'.run_queued_jobs';
 		$async->cancel_timer(admin_cmd::async_job_id);	// we delete it in case a job already exists
 		return $async->set_timer($time,admin_cmd::async_job_id,$callback,null,$next['creator']);
 	}
 	/**
 	 * Callback for our async job
 	 *
 	 * @return boolean true if new job got installed, false if not necessary
 	 */
 	static function run_queued_jobs()
 	{
 		if (!($jobs = admin_cmd::search(array(),false,'cmd_scheduled','','',false,'AND',false,array(
 			'cmd_status' => admin_cmd::scheduled,
 			'cmd_scheduled <= '.time(),
 		))))
 		{
 			return false;		// no schduled commands, no need to setup the job
 		}
 		admin_cmd::$running_queued_jobs = true;	// stop admin_cmd::run() which calls admin_cmd::save() to install a new job
 		foreach($jobs as $job)
 		{
 			try {
 				$cmd = admin_cmd::instanciate($job);
 				$cmd->run(null,false);	// false = dont set current user as modifier, as job is run by the queue/system itself
 			}
 			catch (Exception $e) {	// we need to mark that command as failed, to prevent further execution
 				admin_cmd::$sql->init($job);
 				admin_cmd::$sql->save(array(
 					'status' => admin_cmd::failed,
 					'error'  => lang('Unknown command %1!',$job['type']),
 					'errno'  => 0,
 				));
 			}
 		}
 		admin_cmd::$running_queued_jobs = false;
 		return admin_cmd::_set_async_job();
 	}
 }
--- a/admin/inc/class.admin_cmd_account_app.inc.php
+++ b/admin/inc/class.admin_cmd_account_app.inc.php
@ -0,0 +1,87 @@
 <?php
 /**
 * eGgroupWare admin - admin command: give or remove run rights from a given account and application
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @package admin
 * @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @version $Id$ 
 */
 require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php');
 /**
 * admin command: give or remove run rights from a given account and application
 */
 class admin_cmd_account_app extends admin_cmd 
 {
 	/**
 	 * Constructor
 	 *
 	 * @param boolean/array $allow true=give rights, false=remove rights, or array with all 3 params
 	 * @param string/int $account=null account name or id
 	 * @param array/string $apps=null app-names
 	 */
 	function __construct($allow,$account=null,$apps=null)
 	{
 		if (!is_array($allow))
 		{
 			$allow = array(
 				'allow' => $allow,
 				'account' => $account,
 				'apps' => $apps,
 			);
 		}
 		if (isset($allow['apps']) && !is_array($allow['apps']))
 		{
 			$allow['apps'] = explode(',',$allow['apps']);
 		}
 		parent::__construct($allow);
 	}
 	/**
 	 * give or remove run rights from a given account and application
 	 * 
 	 * @return string success message
 	 * @throws Exception(lang("Permission denied !!!"),2)
 	 * @throws Exception(lang("Unknown account: %1 !!!",$this->account),15);
 	 * @throws Exception(lang("Application '%1' not found (maybe not installed or misspelled)!",$name),8);
 	 */
 	function exec()
 	{
 		admin_cmd::_instanciate_acl($this->creator);
 		admin_cmd::_instanciate_accounts();
 		$account_id = admin_cmd::_parse_account($this->account);
 		// check creator is still admin and not explicitly forbidden to edit accounts/groups
 		if ($this->creator) $this->_check_admin($account_id > 0 ? 'account_access' : 'group_access',16);
 		$apps = admin_cmd::_parse_apps($this->apps);
 		//echo "account=$this->account, account_id=$account_id, apps: ".implode(', ',$apps)."\n";
 		foreach($apps as $app)
 		{
 			if ($this->allow)
 			{
 				admin_cmd::$acl->add_repository($app,'run',$account_id,1);
 			}
 			else
 			{
 				admin_cmd::$acl->delete_repository($app,'run',$account_id);
 			}
 		}
 		return lang('Applications run rights updated.');
 	}
 	/**
 	 * Return a title / string representation for a given command, eg. to display it
 	 *
 	 * @return string
 	 */
 	function __tostring()
 	{
 		return lang('%1 rights for %2 and applications %3',$this->allow ? lang('Grant') : lang('Remove'),
 			$this->account,implode(', ',$this->apps));
 	}
 }
--- a/admin/inc/class.admin_cmds.inc.php
+++ b/admin/inc/class.admin_cmds.inc.php
@ -0,0 +1,79 @@
 <?php
 /**
 * eGgroupWare admin - UI for the command queue
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @package admin
 * @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @version $Id$ 
 */
 require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php');
 require_once(EGW_INCLUDE_ROOT.'/etemplate/inc/class.etemplate.inc.php');
 /**
 * UI for the admin comand queue
 */
 class admin_cmds
 {
 	var $public_functions = array(
 		'index' => true,
 	);
 	/**
 	 * calling get_rows of our static so_sql instance
 	 *
 	 * @param array $query
 	 * @param array &$rows
 	 * @param array $readonlys
 	 * @return int
 	 */
 	function get_rows($query,&$rows,$readonlys)
 	{
 		$total = admin_cmd::get_rows($query,$rows,$readonlys);
 		$readonlys = array();
 		if (!$rows) return array();
 		foreach($rows as &$row)
 		{
 			try {
 				$cmd = admin_cmd::instanciate($row);
 				$row['title'] = $cmd->__tostring();	// we call __tostring explicit, as a cast to string requires php5.2+
 			}
 			catch (Exception $e) {
 				$row['title'] = $e->getMessage();
 			}
 			$readonlys["delete[$row[id]]"] = $row['status'] != admin_cmd::scheduled;
 		}
 		//_debug_array($rows);
 		return $total;
 	}
 	function index(array $content=null)
 	{
 		$tpl = new etemplate('admin.cmds');
 		if (!is_array($content))
 		{
 			$content['nm'] = $GLOBALS['egw']->x; sessions::appsession('cmds','admin');
 			if (!is_array($content['nm']))
 			{
 				$content['nm'] = array(
 					'get_rows' => 'admin.admin_cmds.get_rows',	// I  method/callback to request the data for the rows eg. 'notes.bo.get_rows'
 					'no_filter' => true,	// I  disable the 1. filter
 					'no_filter2' => true,	// I  disable the 2. filter (params are the same as for filter)
 					'no_cat' => true,		// I  disable the cat-selectbox
 					'order' => 'cmd_created',
 					'sort' => 'DESC',
 				);		
 			}
 		}
 		$tpl->exec('admin.admin_cmds.index',$content,array(
 			'status' => admin_cmd::$stati,
 		));
 	}
 }
--- a/admin/inc/class.uiaccounts.inc.php
+++ b/admin/inc/class.uiaccounts.inc.php
@ -547,6 +547,7 @@
 			if ($GLOBALS['egw']->acl->check('account_access',4,'admin'))
 			{
 				$this->list_users();
 				return;
 			}
 			if($_POST['submit'])
--- a/admin/inc/hook_admin.inc.php
+++ b/admin/inc/hook_admin.inc.php
@ -81,6 +81,7 @@
 	{
 		$file['phpInfo']         = "javascript:openwindow('" . $GLOBALS['egw']->link('/admin/phpinfo.php') . "')"; //$GLOBALS['egw']->link('/admin/phpinfo.php');
 	}
 	$file['Admin queue and history'] = $GLOBALS['egw']->link('/index.php','menuaction=admin.admin_cmds.index');
 	/* Do not modify below this line */
 	display_section('admin',$file);
--- a/admin/remote.php
+++ b/admin/remote.php
@ -0,0 +1,98 @@
 <?php
 /**
 * eGgroupWare admin - remote admin comand execution
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @package admin
 * @copyright (c) 2007 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @version $Id$ 
 */
 $GLOBALS['egw_info'] = array(
 	'flags' => array(
 		'currentapp' => 'login',
 		'noheader' => true,
 	)
 );
 include('../header.inc.php');
 $GLOBALS['egw']->applications->read_installed_apps();	// set $GLOBALS['egw_info']['apps'] (not set for login)
 $instance = $_REQUEST['domain'];
 if (!isset($GLOBALS['egw_domain'][$instance]))
 {
 	$instance = $GLOBALS['egw_info']['server']['default_domain'];
 }
 $domain_data = $GLOBALS['egw_domain'][$instance];
 if (!$domain_data || is_numeric($_REQUEST['uid']) ||
 	$_REQUEST['secret'] != ($md5=md5($_REQUEST['uid'].$GLOBALS['egw_info']['server']['install_id'].$domain_data['config_password'])))
 {
 	header("HTTP/1.1 401 Unauthorized");
 	//die("secret != '$md5'");
 	echo lang('Permission denied!');
 	$GLOBALS['egw']->common->egw_exit();
 }
 require_once(EGW_INCLUDE_ROOT.'/admin/inc/class.admin_cmd.inc.php');
 // check if uid belongs to an existing command --> return it's status
 // this is also a security meassure, as a captured uid+secret can not be used to send new commands
 $cmd = admin_cmd::read($_REQUEST['uid']);
 if (is_object($cmd))
 {
 	exit_with_status($cmd);
 }
 // check if requests contains a reasonable looking admin command to be queued
 if (!$_REQUEST['uid'] ||	// no uid
 	!$_REQUEST['type'] ||	// no command class name
 	!$_REQUEST['creator_email'])	// no creator email
 {
 	header("HTTP/1.1 400 Bad format!");
 	echo lang('Bad format!');
 	$GLOBALS['egw']->common->egw_exit();
 }
 // create command from request data
 $data = isset($_POST['uid']) ? $_POST : $_GET;
 unset($data['secret']);
 unset($data['id']);		// we are remote
 $data['creator'] = 0;	// remote
 if (isset($data['modifier'])) $data['modifier'] = 0;
 if (isset($data['requested'])) $data['requested'] = 0;
 // instanciate comand and run it
 try {
 	$cmd = admin_cmd::instanciate($data);
 	//_debug_array($cmd); exit;
 	$success_msg = $cmd->run($data['sheduled']);
 }
 catch (Exception $e) {
 	header('HTTP/1.1 400 '.$e->getMessage());
 	echo $e->getCode().' '.$e->getMessage();
 	$GLOBALS['egw']->common->egw_exit();
 }
 exit_with_status($cmd,$success_msg);
 function exit_with_status($cmd,$success_msg='Successful')
 {
 	switch($cmd->status)
 	{
 		case admin_cmd::failed:	// errors are returned as 400 HTTP status
 			header('HTTP/1.1 400 '.$cmd->error);
 			echo $cmd->errno.' '.$cmd->error;
 			break;
 		default:				// everything else is returned as 200 HTTP status
 			$success_msg = $cmd->stati[$cmd->status];
 			// fall through
 		case admin_cmd::successful:
 			header('HTTP/1.1 200 '.$cmd->stati[$cmd->status]);
 			echo $success_msg;
 	}
 	$GLOBALS['egw']->common->egw_exit();
 }
--- a/admin/setup/setup.inc.php
+++ b/admin/setup/setup.inc.php
@ -1,20 +1,18 @@
 <?php
-	/**************************************************************************\
+/**
-	* eGroupWare - Administration                                              *
+ * eGroupWare - Admin
-	* http://www.egroupware.org                                                *
+ *
-	* --------------------------------------------                             *
+ * @link http://www.egroupware.org
-	*  This program is free software; you can redistribute it and/or modify it *
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
-	*  under the terms of the GNU General Public License as published by the   *
+ * @package admin
-	*  Free Software Foundation; either version 2 of the License, or (at your  *
+ * @subpackage setup
-	*  option) any later version.                                              *
+ * @version $Id$
-	\**************************************************************************/
+ */
 	/* $Id$ */
 $setup_info['admin']['name']      = 'admin';
-	$setup_info['admin']['version']   = '1.4';
+$setup_info['admin']['version']   = '1.5.001';
 $setup_info['admin']['app_order'] = 1;
-	$setup_info['admin']['tables']    = '';
+$setup_info['admin']['tables']    = array('egw_admin_queue');
 $setup_info['admin']['enable']    = 1;
 $setup_info['admin']['author'][] = array(
@ -49,10 +47,9 @@
 /* Dependencies for this app to work */
 $setup_info['admin']['depends'][] = array(
 	'appname' => 'phpgwapi',
-		'versions' => Array('1.3','1.4','1.5')
+	'versions' => Array('1.4','1.5')
 );
 $setup_info['admin']['depends'][] = array(
 	'appname' => 'etemplate',
-		'versions' => Array('1.3','1.4','1.5')
+	'versions' => Array('1.4','1.5')
 );
 ?>
--- a/admin/setup/tables_current.inc.php
+++ b/admin/setup/tables_current.inc.php
@ -0,0 +1,41 @@
 <?php
 /**
 * eGroupWare - Setup
 *
 * Created by eTemplates DB-Tools written by ralfbecker@outdoor-training.de
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package admin
 * @subpackage setup
 * @version $Id$
 */
 $phpgw_baseline = array(
 	'egw_admin_queue' => array(
 		'fd' => array(
 			'cmd_id' => array('type' => 'auto'),
 			'cmd_uid' => array('type' => 'varchar','precision' => '255','nullable' => False),
 			'cmd_creator' => array('type' => 'int','precision' => '4','nullable' => False),
 			'cmd_creator_email' => array('type' => 'varchar','precision' => '128','nullable' => False),
 			'cmd_created' => array('type' => 'int','precision' => '8','nullable' => False),
 			'cmd_type' => array('type' => 'varchar','precision' => '32','nullable' => False,'default' => 'admin_cmd'),
 			'cmd_status' => array('type' => 'int','precision' => '1'),
 			'cmd_scheduled' => array('type' => 'int','precision' => '8'),
 			'cmd_modified' => array('type' => 'int','precision' => '8'),
 			'cmd_modifier' => array('type' => 'int','precision' => '4'),
 			'cmd_modifier_email' => array('type' => 'varchar','precision' => '128'),
 			'cmd_error' => array('type' => 'varchar','precision' => '255'),
 			'cmd_errno' => array('type' => 'int','precision' => '4'),
 			'cmd_requested' => array('type' => 'int','precision' => '4'),
 			'cmd_requested_email' => array('type' => 'varchar','precision' => '128'),
 			'cmd_comment' => array('type' => 'varchar','precision' => '255'),
 			'cmd_data' => array('type' => 'blob')
 		),
 		'pk' => array('cmd_id'),
 		'fk' => array(),
 		'ix' => array('cmd_status','cmd_scheduled'),
 		'uc' => array('cmd_uid')
 	)
 );
--- a/admin/setup/tables_update.inc.php
+++ b/admin/setup/tables_update.inc.php
@ -0,0 +1,43 @@
 <?php
 /**
 * eGroupWare - Setup
 *
 * Created by eTemplates DB-Tools written by ralfbecker@outdoor-training.de
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package admin
 * @subpackage setup
 * @version $Id$
 */
 function admin_upgrade1_4()
 {
 	$GLOBALS['egw_setup']->oProc->CreateTable('egw_admin_queue',array(
 		'fd' => array(
 			'cmd_id' => array('type' => 'auto'),
 			'cmd_uid' => array('type' => 'varchar','precision' => '255','nullable' => False),
 			'cmd_creator' => array('type' => 'int','precision' => '4','nullable' => False),
 			'cmd_creator_email' => array('type' => 'varchar','precision' => '128','nullable' => False),
 			'cmd_created' => array('type' => 'int','precision' => '8','nullable' => False),
 			'cmd_type' => array('type' => 'varchar','precision' => '32','nullable' => False,'default' => 'admin_cmd'),
 			'cmd_status' => array('type' => 'int','precision' => '1'),
 			'cmd_scheduled' => array('type' => 'int','precision' => '8'),
 			'cmd_modified' => array('type' => 'int','precision' => '8'),
 			'cmd_modifier' => array('type' => 'int','precision' => '4'),
 			'cmd_modifier_email' => array('type' => 'varchar','precision' => '128'),
 			'cmd_error' => array('type' => 'varchar','precision' => '255'),
 			'cmd_errno' => array('type' => 'int','precision' => '4'),
 			'cmd_requested' => array('type' => 'int','precision' => '4'),
 			'cmd_requested_email' => array('type' => 'varchar','precision' => '128'),
 			'cmd_comment' => array('type' => 'varchar','precision' => '255'),
 			'cmd_data' => array('type' => 'blob')
 		),
 		'pk' => array('cmd_id'),
 		'fk' => array(),
 		'ix' => array('cmd_status','cmd_scheduled'),
 		'uc' => array('cmd_uid')
 	));
 	return $GLOBALS['setup_info']['admin']['currentver'] = '1.5.001';		
 }