diff --git a/lib/api/kolab_api_service_user.php b/lib/api/kolab_api_service_user.php index 43ab530..d63636d 100644 --- a/lib/api/kolab_api_service_user.php +++ b/lib/api/kolab_api_service_user.php @@ -1,234 +1,269 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | | Author: Jeroen van Meeuwen | +--------------------------------------------------------------------------+ */ /** * Service providing user data management */ class kolab_api_service_user extends kolab_api_service { /** * Returns service capabilities. * * @param string $domain Domain name * * @return array Capabilities list */ public function capabilities($domain) { - //console("kolab_api_service_group::capabilities"); - $auth = Auth::get_instance($domain); $effective_rights = $auth->list_rights('user'); - //console("effective_rights", $effective_rights); - $rights = array(); if (in_array('add', $effective_rights['entryLevelRights'])) { $rights['add'] = "w"; } if (in_array('delete', $effective_rights['entryLevelRights'])) { $rights['delete'] = "w"; } if (in_array('modrdn', $effective_rights['entryLevelRights'])) { - $rights['edit'] = "w"; + $rights['edit'] = "w"; + $rights['password'] = "w"; } if (in_array('read', $effective_rights['entryLevelRights'])) { $rights['info'] = "r"; $rights['find'] = "r"; } $rights['effective_rights'] = "r"; return $rights; } /** * Create user. * * @param array $get GET parameters * @param array $post POST parameters * * @return array|bool User attributes or False on error. */ public function user_add($getdata, $postdata) { Log::trace("user_add()", $postdata); $attributes = $this->parse_input_attributes('user', $postdata); password_policy::validate_password($attributes['userpassword']); Log::trace("user_add()", $attributes); $auth = Auth::get_instance(); $result = $auth->user_add($attributes, $postdata['type_id']); if ($result) { if ($id = $this->unique_attribute_value($result)) { $attributes['id'] = $id; } return $attributes; } return false; } /** * Delete user. * * @param array $get GET parameters * @param array $post POST parameters * * @return bool True on success, False on failure */ public function user_delete($getdata, $postdata) { - //console("user_delete()", $getdata, $postdata); if (!isset($postdata['id'])) { return false; } // TODO: Input validation $auth = Auth::get_instance(); $result = $auth->user_delete($postdata['id']); - if ($result) { - return $result; - } - - return false; + return $result; } + /** + * Update user. + * + * @param array $get GET parameters + * @param array $post POST parameters + * + * @return array|bool User attributes or False on error. + */ public function user_edit($getdata, $postdata) { Log::trace("\$postdata to user_edit()", $postdata); $user_attributes = $this->parse_input_attributes('user', $postdata); Log::trace("\$user_attributes as result from parse_input_attributes", $user_attributes); if (!empty($user_attributes['userpassword'])) { password_policy::validate_password($user_attributes['userpassword']); } $auth = Auth::get_instance(); $result = $auth->user_edit($postdata['id'], $user_attributes, $postdata['type_id']); // Return the $mod_array if ($result) { return $result; } return false; + } + /** + * Update user password. + * + * @param array $get GET parameters + * @param array $post POST parameters + * + * @return bool True on success, False on failure + */ + public function user_password($getdata, $postdata) + { + $password = $postdata['password']; + $user_id = $postdata['id']; + + if (empty($user_id) || !is_string($password) || !strlen($password)) { + return false; + } + + if ($user_id === 'me') { + $user_id = $_SESSION['user']->get_userid(); + } + + password_policy::validate_password($password); + + $auth = Auth::get_instance(); + $result = $auth->user_edit($user_id, array('userpassword' => $password)); + + return $result !== false; } + /** + * Effective rights on user record. + * + * @param array $get GET parameters + * @param array $post POST parameters + * + * @return array Effective rights + */ public function user_effective_rights($getdata, $postdata) { $auth = Auth::get_instance(); $effective_rights = $auth->list_rights(empty($getdata['id']) ? 'user' : $getdata['id']); return $effective_rights; } /** * User information. * * @param array $get GET parameters * @param array $post POST parameters * * @return array|bool User attributes, False on error */ public function user_info($getdata, $postdata) { if (!isset($getdata['id'])) { return false; } $auth = Auth::get_instance(); $attrs = $this->object_attributes('user'); $result = $auth->user_info($getdata['id'], $attrs); // normalize result $result = $this->parse_result_attributes('user', $result); Log::trace("user.info on " . $getdata['id'] . " parsed result: " . var_export($result, TRUE)); if ($result) { return $result; } return false; } /** * Find user and return his data. * It is a combination of user.info and users.list with search capabilities * If the search returns only one record we'll return user data. * * @param array $get GET parameters * @param array $post POST parameters * * @return array|bool User attributes, False on error */ public function user_find($get, $post) { $auth = Auth::get_instance(); $attributes = array(''); $params = array('page_size' => 2); $search = $this->parse_list_search($post); // find user(s) $users = $auth->list_users(null, $attributes, $search, $params); if (empty($users) || empty($users['list'])) { return Array(); } if ($users['count'] > 1) { throw new Exception("More than a single entry found.", 942); } // get user data $attrs = $this->object_attributes('user'); $result = $auth->user_info(key($users['list']), $attrs); // normalize result $result = $this->parse_result_attributes('user', $result); if ($result) { return $result; } return false; } - }