Changeset View
Changeset View
Standalone View
Standalone View
src/app/Backends/LDAP.php
| Show First 20 Lines • Show All 974 Lines • ▼ Show 20 Lines | class LDAP | ||||
| /** | /** | ||||
| * Set common resource attributes | * Set common resource attributes | ||||
| */ | */ | ||||
| private static function setResourceAttributes($ldap, Resource $resource, &$entry) | private static function setResourceAttributes($ldap, Resource $resource, &$entry) | ||||
| { | { | ||||
| $entry['cn'] = $resource->name; | $entry['cn'] = $resource->name; | ||||
| $entry['owner'] = null; | $entry['owner'] = null; | ||||
| $entry['kolabinvitationpolicy'] = null; | $entry['kolabinvitationpolicy'] = null; | ||||
| $entry['acl'] = ''; | |||||
| $settings = $resource->getSettings(['invitation_policy', 'folder']); | $settings = $resource->getSettings(['invitation_policy', 'folder']); | ||||
| $entry['kolabtargetfolder'] = $settings['folder'] ?? ''; | $entry['kolabtargetfolder'] = $settings['folder'] ?? ''; | ||||
| // Here's how Wallace's resources module works: | // Here's how Wallace's resources module works: | ||||
| // - if policy is ACT_MANUAL and owner mail specified: a tentative response is sent, event saved, | // - if policy is ACT_MANUAL and owner mail specified: a tentative response is sent, event saved, | ||||
| // and mail sent to the owner to accept/decline the request. | // and mail sent to the owner to accept/decline the request. | ||||
| Show All 12 Lines | private static function setResourceAttributes($ldap, Resource $resource, &$entry) | ||||
| if (!empty($settings['invitation_policy'])) { | if (!empty($settings['invitation_policy'])) { | ||||
| if ($settings['invitation_policy'] === 'accept') { | if ($settings['invitation_policy'] === 'accept') { | ||||
| $entry['kolabinvitationpolicy'] = 'ACT_ACCEPT'; | $entry['kolabinvitationpolicy'] = 'ACT_ACCEPT'; | ||||
| } elseif ($settings['invitation_policy'] === 'reject') { | } elseif ($settings['invitation_policy'] === 'reject') { | ||||
| $entry['kolabinvitationpolicy'] = 'ACT_REJECT'; | $entry['kolabinvitationpolicy'] = 'ACT_REJECT'; | ||||
| } elseif (preg_match('/^manual:(\S+@\S+)$/', $settings['invitation_policy'], $m)) { | } elseif (preg_match('/^manual:(\S+@\S+)$/', $settings['invitation_policy'], $m)) { | ||||
| if (self::getUserEntry($ldap, $m[1], $userDN)) { | if (self::getUserEntry($ldap, $m[1], $userDN)) { | ||||
| $entry['owner'] = $userDN; | $entry['owner'] = $userDN; | ||||
| $entry['acl'] = $m[1] . ', full'; | |||||
| $entry['kolabinvitationpolicy'] = 'ACT_MANUAL'; | $entry['kolabinvitationpolicy'] = 'ACT_MANUAL'; | ||||
| } else { | } else { | ||||
| $entry['kolabinvitationpolicy'] = 'ACT_ACCEPT'; | $entry['kolabinvitationpolicy'] = 'ACT_ACCEPT'; | ||||
| } | } | ||||
| // TODO: Set folder ACL so the owner can write to it | |||||
| // TODO: Do we need to add lrs for anyone? | |||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
| /** | /** | ||||
| * Set common shared folder attributes | * Set common shared folder attributes | ||||
| */ | */ | ||||
| private static function setSharedFolderAttributes($ldap, SharedFolder $folder, &$entry) | private static function setSharedFolderAttributes($ldap, SharedFolder $folder, &$entry) | ||||
| ▲ Show 20 Lines • Show All 134 Lines • ▼ Show 20 Lines | |||||
| * @return null|array Resource entry, NULL if not found | * @return null|array Resource entry, NULL if not found | ||||
| */ | */ | ||||
| private static function getResourceEntry($ldap, $email, &$dn = null) | private static function getResourceEntry($ldap, $email, &$dn = null) | ||||
| { | { | ||||
| $domainName = explode('@', $email, 2)[1]; | $domainName = explode('@', $email, 2)[1]; | ||||
| $base_dn = self::baseDN($domainName, 'Resources'); | $base_dn = self::baseDN($domainName, 'Resources'); | ||||
| $attrs = ['dn', 'cn', 'mail', 'objectclass', 'kolabtargetfolder', | $attrs = ['dn', 'cn', 'mail', 'objectclass', 'kolabtargetfolder', | ||||
| 'kolabfoldertype', 'kolabinvitationpolicy', 'owner']; | 'kolabfoldertype', 'kolabinvitationpolicy', 'owner', 'acl']; | ||||
| // For resources we're using search() instead of get_entry() because | // For resources we're using search() instead of get_entry() because | ||||
| // a resource name is not constant, so e.g. on update we might have | // a resource name is not constant, so e.g. on update we might have | ||||
| // the new name, but not the old one. Email address is constant. | // the new name, but not the old one. Email address is constant. | ||||
| return self::searchEntry($ldap, $base_dn, "(mail=$email)", $attrs, $dn); | return self::searchEntry($ldap, $base_dn, "(mail=$email)", $attrs, $dn); | ||||
| } | } | ||||
| /** | /** | ||||
| ▲ Show 20 Lines • Show All 203 Lines • Show Last 20 Lines | |||||