Changeset View
Changeset View
Standalone View
Standalone View
src/app/Backends/LDAP.php
Show First 20 Lines • Show All 974 Lines • ▼ Show 20 Lines | class LDAP | ||||
/** | /** | ||||
* Set common resource attributes | * Set common resource attributes | ||||
*/ | */ | ||||
private static function setResourceAttributes($ldap, Resource $resource, &$entry) | private static function setResourceAttributes($ldap, Resource $resource, &$entry) | ||||
{ | { | ||||
$entry['cn'] = $resource->name; | $entry['cn'] = $resource->name; | ||||
$entry['owner'] = null; | $entry['owner'] = null; | ||||
$entry['kolabinvitationpolicy'] = null; | $entry['kolabinvitationpolicy'] = null; | ||||
$entry['acl'] = ''; | |||||
$settings = $resource->getSettings(['invitation_policy', 'folder']); | $settings = $resource->getSettings(['invitation_policy', 'folder']); | ||||
$entry['kolabtargetfolder'] = $settings['folder'] ?? ''; | $entry['kolabtargetfolder'] = $settings['folder'] ?? ''; | ||||
// Here's how Wallace's resources module works: | // Here's how Wallace's resources module works: | ||||
// - if policy is ACT_MANUAL and owner mail specified: a tentative response is sent, event saved, | // - if policy is ACT_MANUAL and owner mail specified: a tentative response is sent, event saved, | ||||
// and mail sent to the owner to accept/decline the request. | // and mail sent to the owner to accept/decline the request. | ||||
Show All 12 Lines | private static function setResourceAttributes($ldap, Resource $resource, &$entry) | ||||
if (!empty($settings['invitation_policy'])) { | if (!empty($settings['invitation_policy'])) { | ||||
if ($settings['invitation_policy'] === 'accept') { | if ($settings['invitation_policy'] === 'accept') { | ||||
$entry['kolabinvitationpolicy'] = 'ACT_ACCEPT'; | $entry['kolabinvitationpolicy'] = 'ACT_ACCEPT'; | ||||
} elseif ($settings['invitation_policy'] === 'reject') { | } elseif ($settings['invitation_policy'] === 'reject') { | ||||
$entry['kolabinvitationpolicy'] = 'ACT_REJECT'; | $entry['kolabinvitationpolicy'] = 'ACT_REJECT'; | ||||
} elseif (preg_match('/^manual:(\S+@\S+)$/', $settings['invitation_policy'], $m)) { | } elseif (preg_match('/^manual:(\S+@\S+)$/', $settings['invitation_policy'], $m)) { | ||||
if (self::getUserEntry($ldap, $m[1], $userDN)) { | if (self::getUserEntry($ldap, $m[1], $userDN)) { | ||||
$entry['owner'] = $userDN; | $entry['owner'] = $userDN; | ||||
$entry['acl'] = $m[1] . ', full'; | |||||
$entry['kolabinvitationpolicy'] = 'ACT_MANUAL'; | $entry['kolabinvitationpolicy'] = 'ACT_MANUAL'; | ||||
} else { | } else { | ||||
$entry['kolabinvitationpolicy'] = 'ACT_ACCEPT'; | $entry['kolabinvitationpolicy'] = 'ACT_ACCEPT'; | ||||
} | } | ||||
// TODO: Set folder ACL so the owner can write to it | |||||
// TODO: Do we need to add lrs for anyone? | |||||
} | } | ||||
} | } | ||||
} | } | ||||
/** | /** | ||||
* Set common shared folder attributes | * Set common shared folder attributes | ||||
*/ | */ | ||||
private static function setSharedFolderAttributes($ldap, SharedFolder $folder, &$entry) | private static function setSharedFolderAttributes($ldap, SharedFolder $folder, &$entry) | ||||
▲ Show 20 Lines • Show All 134 Lines • ▼ Show 20 Lines | |||||
* @return null|array Resource entry, NULL if not found | * @return null|array Resource entry, NULL if not found | ||||
*/ | */ | ||||
private static function getResourceEntry($ldap, $email, &$dn = null) | private static function getResourceEntry($ldap, $email, &$dn = null) | ||||
{ | { | ||||
$domainName = explode('@', $email, 2)[1]; | $domainName = explode('@', $email, 2)[1]; | ||||
$base_dn = self::baseDN($domainName, 'Resources'); | $base_dn = self::baseDN($domainName, 'Resources'); | ||||
$attrs = ['dn', 'cn', 'mail', 'objectclass', 'kolabtargetfolder', | $attrs = ['dn', 'cn', 'mail', 'objectclass', 'kolabtargetfolder', | ||||
'kolabfoldertype', 'kolabinvitationpolicy', 'owner']; | 'kolabfoldertype', 'kolabinvitationpolicy', 'owner', 'acl']; | ||||
// For resources we're using search() instead of get_entry() because | // For resources we're using search() instead of get_entry() because | ||||
// a resource name is not constant, so e.g. on update we might have | // a resource name is not constant, so e.g. on update we might have | ||||
// the new name, but not the old one. Email address is constant. | // the new name, but not the old one. Email address is constant. | ||||
return self::searchEntry($ldap, $base_dn, "(mail=$email)", $attrs, $dn); | return self::searchEntry($ldap, $base_dn, "(mail=$email)", $attrs, $dn); | ||||
} | } | ||||
/** | /** | ||||
▲ Show 20 Lines • Show All 203 Lines • Show Last 20 Lines |