fernando/luos
1
0
Fork 0
Code Releases Activity

Merged in paulis/processmaker/PM-1060 (pull request #2361)

Browse Source 
PM-1060: LdapAdvanced Feature in core
This commit is contained in:
Julio Cesar Laura Avendaño
2015-06-25 10:58:10 -04:00
parent 5ad4469e12 5f4fedbaaa
commit f17a612c93
25 changed files with 6973 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
workflow/engine/methods/authSources/authSourcesSynchronize.php Executable file
View File

@@ -0,0 +1,61 @@
<?php
/**
* authSourcesSynchronize.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2011 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
**/
global $RBAC;
switch ($RBAC->userCanAccess("PM_USERS")) {
case - 2:
G::SendTemporalMessage("ID_USER_HAVENT_RIGHTS_SYSTEM", "error", "labels");
G::header("location: ../login/login");
die;
break;
case - 1:
G::SendTemporalMessage("ID_USER_HAVENT_RIGHTS_PAGE", "error", "labels");
G::header("location: ../login/login");
die;
break;
case -3:
G::SendTemporalMessage("ID_USER_HAVENT_RIGHTS_PAGE", "error", "labels");
G::header("location: ../login/login");
die;
break;
}
if (!isset($_REQUEST["tab"])) {
$_REQUEST["tab"] = "synchronizeDepartments";
}
$authenticationSource = array("AUTH_SOURCE_UID" => $_REQUEST["authUid"], "CURRENT_TAB" => ($_REQUEST["tab"] == "synchronizeDepartments" ? 0 : 1));
$oHeadPublisher =& headPublisher::getSingleton();
$oHeadPublisher->addExtJsScript("authSources/authSourcesSynchronize", false);
$oHeadPublisher->addContent("authSources/authSourcesSynchronize");
$oHeadPublisher->assign("AUTHENTICATION_SOURCE", $authenticationSource);
global $G_PUBLISH;
$G_PUBLISH = new Publisher();
G::RenderPage("publish", "extJs");

472
workflow/engine/methods/authSources/authSourcesSynchronizeAjax.php Executable file
View File

@@ -0,0 +1,472 @@
<?php
/**
* authSourcesSynchronizeAjax.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2011 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
**/
class treeNode extends stdclass
{
public $text = "";
public $cls = "";
public $leaf = false;
public $checked = false;
public $children = array();
public $id = "";
}
try {
require_once ("classes" . PATH_SEP . "model" . PATH_SEP . "Department.php");
G::LoadThirdParty("pear" . PATH_SEP . "json", "class.json");
$json = new Services_JSON();
header("Content-Type: application/json;");
switch ($_REQUEST["m"]) {
case "loadDepartments":
global $ldapAdvanced;
global $departments;
global $terminatedOu;
global $baseDN;
$ldapAdvanced = getLDAPAdvanceInstance($_REQUEST["authUid"]);
$RBAC =& RBAC::getSingleton();
$authenticationSource = $RBAC->authSourcesObj->load($_REQUEST["authUid"]);
$baseDN = $authenticationSource["AUTH_SOURCE_BASE_DN"];
$departments = $ldapAdvanced->searchDepartments();
$terminatedOu = $ldapAdvanced->getTerminatedOu();
$nodes = lookForChildrenDeps("");
die($json->encode($nodes));
break;
case "saveDepartments":
$depsToCheck = explode("|", $_REQUEST["departmentsDN"]);
$depsToCheck = array_map("urldecode", $depsToCheck);
$depsToUncheck = getDepartmentsToUncheck($depsToCheck);
$RBAC =& RBAC::getSingleton();
$authenticationSource = $RBAC->authSourcesObj->load($_REQUEST["authUid"]);
$ldapAdvanced = getLDAPAdvanceInstance($_REQUEST["authUid"]);
foreach ($depsToCheck as $departmentDN) {
$baseDN = str_replace($authenticationSource["AUTH_SOURCE_BASE_DN"], "", $departmentDN);
$ous = custom_ldap_explode_dn($departmentDN);
$currentDep = array_shift($ous);
$parentDN = implode(",", $ous);
//$ous = custom_ldap_explode_dn($baseDN);
//$currentDep = array_shift($ous);
foreach ($ous as $key => $val) {
$aux = explode("=", $val);
if (isset($aux[0]) && strtolower(trim($aux[0])) != "ou") {
unset($ous[$key]);
}
}
if ($currentDep == "") {
$depTitle = "ROOT " . $authenticationSource["AUTH_SOURCE_BASE_DN"];
} else {
$depAux = explode("=", $currentDep);
$depTitle = trim($depAux[1]);
}
$departmentUID = $ldapAdvanced->getDepUidIfExistsDN($departmentDN);
if ($departmentUID == "") {
if (count($ous) == 0) {
$parentUid = "";
} else {
$parentUid = $ldapAdvanced->getDepUidIfExistsDN($parentDN);
if ($parentUid == "") {
$response = new stdclass();
$response->status = "ERROR";
$response->message = "Parent departments are needed before create this sub department " . $parentDN;
die($json->encode($response));
}
}
$department = new department();
$row["DEP_TITLE"] = stripslashes($depTitle);
$row["DEP_PARENT"] = $parentUid;
$row["DEP_LDAP_DN"] = $departmentDN;
$row["DEP_REF_CODE"] = "";
$departmentUID = $department->create($row);
if ($departmentUID == false) {
$response = new stdclass();
$response->status = "ERROR";
$response->message = "Error creating department";
die($json->encode($response));
}
}
}
if (count($depsToUncheck) > 0) {
foreach ($depsToUncheck as $departmentDN) {
$departmentUID = $ldapAdvanced->getDepUidIfExistsDN($departmentDN);
if ($departmentUID != "") {
$department = new department();
$departmentInfo = $department->Load($departmentUID);
$arrayAux1 = custom_ldap_explode_dn($departmentDN);
foreach ($arrayAux1 as $index => $value) {
$arrayAux2 = explode("=", $value);
if (isset($arrayAux2[0]) && strtolower(trim($arrayAux2[0])) == "ou") {
unset($arrayAux1[$index]);
}
}
$departmentBaseDn = implode(",", $arrayAux1);
if (strtolower($departmentBaseDn) == strtolower($authenticationSource["AUTH_SOURCE_BASE_DN"])) {
$departmentInfo["DEP_LDAP_DN"] = "";
$department->update($departmentInfo);
if (!isset($authenticationSource["AUTH_SOURCE_DATA"]["DEPARTMENTS_TO_UNASSIGN"])) {
$authenticationSource["AUTH_SOURCE_DATA"]["DEPARTMENTS_TO_UNASSIGN"] = array();
}
$authenticationSource["AUTH_SOURCE_DATA"]["DEPARTMENTS_TO_UNASSIGN"][] = $departmentUID;
}
}
}
$RBAC->authSourcesObj->update($authenticationSource);
}
$response = new stdclass();
$response->status = "OK";
die($json->encode($response));
break;
case "loadGroups":
global $ldapAdvanced;
global $groups;
$ldapAdvanced = getLDAPAdvanceInstance($_REQUEST["authUid"]);
$groups = $ldapAdvanced->searchGroups();
$nodes = lookForChildrenGroups();
die($json->encode($nodes));
break;
case "saveGroups":
$groupsToCheck = explode("|", $_REQUEST["groupsDN"]);
$groupsToCheck = array_map("urldecode", $groupsToCheck);
$groupsToUncheck = getGroupsToUncheck($groupsToCheck);
$RBAC =& RBAC::getSingleton();
$authenticationSource = $RBAC->authSourcesObj->load($_REQUEST["authUid"]);
$ldapAdvanced = getLDAPAdvanceInstance($_REQUEST["authUid"]);
foreach ($groupsToCheck as $groupDN) {
//$baseDN = str_replace($authenticationSource["AUTH_SOURCE_BASE_DN"], "", $groupDN);
$ous = custom_ldap_explode_dn($groupDN);
$currentGroup = array_shift($ous);
//$parentDN = implode(",", $ous);
//$ous = custom_ldap_explode_dn($baseDN);
//$currentGroup = array_shift($ous);
foreach ($ous as $key => $val) {
$aux = explode("=", $val);
if (isset($aux[0]) && strtolower(trim($aux[0]) != "ou")) {
unset($ous[$key]);
}
}
$groupAux = explode("=", $currentGroup);
$groupTitle = isset($groupAux[1]) ? trim($groupAux[1]) : "";
$groupUID = $ldapAdvanced->getGrpUidIfExistsDN($groupDN);
if ($groupUID == "") {
$group = new Groupwf();
$row["GRP_TITLE"] = stripslashes($groupTitle);
$row["GRP_LDAP_DN"] = $groupDN;
$groupUID = $group->create($row);
if ($groupUID == false) {
$response = new stdclass();
$response->status = "ERROR";
$response->message = "Error creating group";
die($json->encode($response));
}
}
}
if (count($groupsToUncheck) > 0) {
foreach ($groupsToUncheck as $groupDN) {
$groupUID = $ldapAdvanced->getGrpUidIfExistsDN($groupDN);
if ($groupUID != "") {
$group = new Groupwf();
$groupInfo = $group->Load($groupUID);
$groupInfo["GRP_LDAP_DN"] = "";
$group->update($groupInfo);
if (!isset($authenticationSource["AUTH_SOURCE_DATA"]["GROUPS_TO_UNASSIGN"])) {
$authenticationSource["AUTH_SOURCE_DATA"]["GROUPS_TO_UNASSIGN"] = array();
}
$authenticationSource["AUTH_SOURCE_DATA"]["GROUPS_TO_UNASSIGN"][] = $groupUID;
}
}
$RBAC->authSourcesObj->update($authenticationSource);
}
$response = new stdclass();
$response->status = "OK";
die($json->encode($response));
break;
}
} catch (Exception $error) {
$response = new stdclass();
$response->status = "ERROR";
$response->message = $error->getMessage();
die($json->encode($response));
}
function getLDAPAdvanceInstance($authUid)
{
$RBAC = &RBAC::getSingleton();
$ldapAdvanced = new ldapAdvanced();
$ldapAdvanced->sAuthSource = $authUid;
$ldapAdvanced->sSystem = $RBAC->sSystem;
return $ldapAdvanced;
}
function getDepartments($parent)
{
global $departments;
global $terminatedOu;
global $baseDN;
$parentDepartments = $departments;
$childDepartments = $departments;
$currentDepartments = array();
foreach ($parentDepartments as $key => $val) {
if (strtolower($val["dn"]) != strtolower($parent)) {
if ((strtolower($val["parent"]) == strtolower($parent)) && (strtolower($val["ou"]) != strtolower($terminatedOu))) {
$node = array();
$node["DEP_UID"] = $val["ou"];
$node["DEP_TITLE"] = $val["ou"];
$node["DEP_USERS"] = $val["users"];
$node["DEP_DN"] = $val["dn"];
$node["HAS_CHILDREN"] = false;
$departments[$key]["hasChildren"] = false;
foreach ($childDepartments as $key2 => $val2) {
if (strtolower($val2["parent"]) == strtolower($val["dn"])) {
$node["HAS_CHILDREN"] = true;
$departments[$key]["hasChildren"] = true;
break;
}
}
$node["DEP_LAST"] = false;
$currentDepartments[] = $node;
}
}
}
if (isset($currentDepartments[count($currentDepartments) - 1])) {
$currentDepartments[count($currentDepartments) - 1]["DEP_LAST"] = true;
}
return $currentDepartments;
}
function lookForChildrenDeps($parent)
{
global $ldapAdvanced;
global $departments;
$allDepartments = getDepartments($parent);
$departmentsObjects = array();
$arrayDepartmentNumberOfUsersFromDb = $ldapAdvanced->departmentsGetNumberOfUsersFromDb();
foreach ($allDepartments as $department) {
$departmentObject = new treeNode();
$departmentObject->text = htmlentities($department["DEP_TITLE"], ENT_QUOTES, "UTF-8");
$departmentUid = $ldapAdvanced->getDepUidIfExistsDN($department["DEP_DN"]);
if ($departmentUid != "") {
$departmentObject->text .= " (" . ((isset($arrayDepartmentNumberOfUsersFromDb[$departmentUid]))? $arrayDepartmentNumberOfUsersFromDb[$departmentUid] : 0) . ")";
$departmentObject->checked = true;
} else {
$departmentObject->checked = false;
}
if ($department["HAS_CHILDREN"] == 1) {
$departmentObject->children = lookForChildrenDeps($department["DEP_DN"]);
}
$departmentObject->id = urlencode($department["DEP_DN"]);
$departmentsObjects[] = $departmentObject;
}
return $departmentsObjects;
}
function getDepartmentsWithDN()
{
$arrayDepartmentLdapDn = array();
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(DepartmentPeer::DEP_LDAP_DN);
$criteria->add(DepartmentPeer::DEP_LDAP_DN, "", Criteria::NOT_EQUAL);
$criteria->add(DepartmentPeer::DEP_LDAP_DN, null, Criteria::ISNOTNULL);
$rsCriteria = DepartmentPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
while ($rsCriteria->next()) {
$row = $rsCriteria->getRow();
$arrayDepartmentLdapDn[] = $row;
}
return $arrayDepartmentLdapDn;
}
function getDepartmentsToUncheck($depsToCheck)
{
$departmentsWithDN = getDepartmentsWithDN();
$depsToUncheck = array();
foreach ($departmentsWithDN as $departmentWithDN) {
$found = false;
foreach ($depsToCheck as $depToCheck) {
if ($departmentWithDN["DEP_LDAP_DN"] == $depToCheck) {
$found = true;
}
}
if (!$found) {
$depsToUncheck[] = $departmentWithDN["DEP_LDAP_DN"];
}
}
return $depsToUncheck;
}
function getGroups()
{
global $groups;
$currentGroups = array();
foreach ($groups as $key => $val) {
$node = array();
$node["GRP_UID"] = $val["cn"];
$node["GRP_TITLE"] = $val["cn"];
$node["GRP_USERS"] = $val["users"];
$node["GRP_DN"] = $val["dn"];
$currentGroups[] = $node;
}
return $currentGroups;
}
function lookForChildrenGroups()
{
global $ldapAdvanced;
global $groups;
$allGroups = getGroups();
$groupsObjects = array();
$arrayGroupNumberOfUsersFromDb = $ldapAdvanced->groupsGetNumberOfUsersFromDb();
foreach ($allGroups as $group) {
$groupObject = new treeNode();
$groupObject->text = htmlentities($group["GRP_TITLE"], ENT_QUOTES, "UTF-8");
$groupUid = $ldapAdvanced->getGrpUidIfExistsDN($group["GRP_DN"]);
if ($groupUid != "") {
$groupObject->text .= " (" . ((isset($arrayGroupNumberOfUsersFromDb[$groupUid]))? $arrayGroupNumberOfUsersFromDb[$groupUid] : 0) . ")";
$groupObject->checked = true;
} else {
$groupObject->checked = false;
}
$groupObject->id = urlencode($group["GRP_DN"]);
$groupsObjects[] = $groupObject;
}
return $groupsObjects;
}
function getGroupsWithDN()
{
$groupInstance = new Groupwf();
$allGroups = $groupInstance->getAll()->data;
$groupsWithDN = array();
foreach ($allGroups as $group) {
if ($group["GRP_LDAP_DN"] != "") {
$groupsWithDN[] = $group;
}
}
return $groupsWithDN;
}
function getGroupsToUncheck($groupsToCheck)
{
$groupsWithDN = getGroupsWithDN();
$groupsToUncheck = array();
foreach ($groupsWithDN as $groupWithDN) {
$found = false;
foreach ($groupsToCheck as $groupToCheck) {
if ($groupWithDN["GRP_LDAP_DN"] == $groupToCheck) {
$found = true;
}
}
if (!$found) {
$groupsToUncheck[] = $groupWithDN["GRP_LDAP_DN"];
}
}
return $groupsToUncheck;
}
function custom_ldap_explode_dn($dn)
{
$result = ldap_explode_dn($dn, 0);
unset($result["count"]);
foreach ($result as $key => $value) {
$result[$key] = addcslashes(preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $value), '<>,"');
}
return($result);
}

12
workflow/engine/methods/authSources/authSources_Ajax.php
View File

@@ -158,17 +158,15 @@ try {
if (($sObject != '.') && ($sObject != '..') && ($sObject != '.svn') && ($sObject != 'ldap')) {
if (is_file( PATH_RBAC . 'plugins' . PATH_SEP . $sObject )) {
$sType = trim(str_replace(array("class.", ".php"), "", $sObject));
$statusPlugin = $pluginRegistry->getStatusPlugin($sType);
$flagAdd = false;
if (preg_match("/^(?:enabled|disabled)$/", $statusPlugin)) {
if ($statusPlugin == "enabled") {
$flagAdd = true;
}
} else {
/*----------------------------------********---------------------------------*/
if (PMLicensedFeatures
::getSingleton()
->verifyfeature('zLhSk5TeEQrNFI2RXFEVktyUGpnczV1WEJNWVp6cjYxbTU3R29mVXVZNWhZQT0=')) {
$flagAdd = true;
}
/*----------------------------------********---------------------------------*/
if ($flagAdd) {
$arr[] = array("sType" => $sType, "sLabel" => $sType);

23
workflow/engine/methods/authSources/authSources_Edit.php
View File

@@ -83,17 +83,8 @@ if ($fields['AUTH_SOURCE_PROVIDER'] == 'ldap') {
$oHeadPublisher->assign( 'sUID', $_GET['sUID'] );
G::RenderPage( 'publish', 'extJs' );
} else {
if (file_exists( PATH_PLUGINS . $fields['AUTH_SOURCE_PROVIDER'] . PATH_SEP . $fields['AUTH_SOURCE_PROVIDER'] . 'Edit.xml' )) {
$pluginEnabled = 0;
if (file_exists(PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . ".php")) {
$pluginRegistry = &PMPluginRegistry::getSingleton();
$pluginDetail = $pluginRegistry->getPluginDetails($fields["AUTH_SOURCE_PROVIDER"] . ".php");
if ($pluginDetail && $pluginDetail->enabled) {
$pluginEnabled = 1;
}
}
if (file_exists( PATH_XMLFORM . 'ldapAdvanced/' . $fields['AUTH_SOURCE_PROVIDER'] . 'Edit.xml' )) {
$pluginEnabled = 1;
if ($pluginEnabled == 1) {
//The attributes the users
@@ -110,17 +101,17 @@ if ($fields['AUTH_SOURCE_PROVIDER'] == 'ldap') {
}
$fields["AUTH_SOURCE_ATTRIBUTE_IDS"] = $attributes;
if (file_exists(PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . $fields["AUTH_SOURCE_PROVIDER"] . 'Flag')) {
if (file_exists(PATH_XMLFORM . 'ldapAdvanced/' . $fields['AUTH_SOURCE_PROVIDER'] . 'Flag')) {
$oHeadPublisher = & headPublisher::getSingleton ();
$oHeadPublisher->assign("Fields", $fields);
$oHeadPublisher->addExtJsScript (PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . 'js' . PATH_SEP . 'library', false, true );
$oHeadPublisher->addExtJsScript (PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . 'js' . PATH_SEP . 'ldapAdvancedForm', false, true );
$oHeadPublisher->addExtJsScript (PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . 'js' . PATH_SEP . 'ldapAdvancedList', false, true );
$oHeadPublisher->addExtJsScript (PATH_TPL. 'ldapAdvanced/library', false, true );
$oHeadPublisher->addExtJsScript (PATH_TPL. 'ldapAdvanced/ldapAdvancedForm', false, true );
$oHeadPublisher->addExtJsScript (PATH_TPL. 'ldapAdvanced/ldapAdvancedList', false, true );
G::RenderPage ('publish', 'extJs');
die();
}
$G_PUBLISH->AddContent("xmlform", "xmlform", $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . $fields["AUTH_SOURCE_PROVIDER"] . "Edit", "", $fields, "../authSources/authSources_Save");
$G_PUBLISH->AddContent("xmlform", "xmlform", 'ldapAdvanced/' . $fields['AUTH_SOURCE_PROVIDER'] . 'Edit', '', $fields, '../authSources/authSources_Save');
} else {
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', array ('MESSAGE' => G::LoadTranslation( 'ID_AUTH_SOURCE_MISSING' )
) );

9
workflow/engine/methods/authSources/authSources_List.php
View File

@@ -33,16 +33,21 @@ G::LoadClass( 'configuration' );
$c = new Configurations();
$configPage = $c->getConfiguration( 'authSourcesList', 'pageSize', '', $_SESSION['USER_LOGGED'] );
$Config['pageSize'] = isset( $configPage['pageSize'] ) ? $configPage['pageSize'] : 20;
$G_MAIN_MENU = 'processmaker';
$G_SUB_MENU = 'users';
$G_ID_MENU_SELECTED = 'USERS';
$G_ID_SUB_MENU_SELECTED = 'AUTH_SOURCES';
$G_PUBLISH = new Publisher();
$licensedFeatures = & PMLicensedFeatures::getSingleton();
$oHeadPublisher = & headPublisher::getSingleton();
$oHeadPublisher->addExtJsScript( 'authSources/authSourcesList', false ); //adding a javascript file .js
$oHeadPublisher->addExtJsScript( 'authSources/authSourcesList', false ); //adding a javascript file .js
/*----------------------------------********---------------------------------*/
if ($licensedFeatures->verifyfeature('sywN09PSzh1MVdOajZBdnhMbFhCSnpNT1lLTEFwVklmOTE=')) {
$oHeadPublisher->addExtJsScript( 'authSources/authSourcesListSyn', false ); //adding a javascript file .js
}
/*----------------------------------********---------------------------------*/
$oHeadPublisher->addContent( 'authSources/authSourcesList' ); //adding a html file .html.
$oHeadPublisher->assign( 'FORMATS', $c->getFormats() );
$oHeadPublisher->assign( 'CONFIG', $Config );

27
workflow/engine/methods/authSources/authSources_New.php
View File

@@ -37,19 +37,8 @@ $G_ID_SUB_MENU_SELECTED = 'AUTH_SOURCES';
$fields = array ('AUTH_SOURCE_PROVIDER' => $_REQUEST['AUTH_SOURCE_PROVIDER']);
$G_PUBLISH = new Publisher();
if (file_exists( PATH_PLUGINS . $fields['AUTH_SOURCE_PROVIDER'] . PATH_SEP . $fields['AUTH_SOURCE_PROVIDER'] . 'Edit.xml' )) {
$pluginEnabled = 0;
if (file_exists(PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . ".php")) {
$pluginRegistry = &PMPluginRegistry::getSingleton();
$pluginDetail = $pluginRegistry->getPluginDetails($fields["AUTH_SOURCE_PROVIDER"] . ".php");
if ($pluginDetail && $pluginDetail->enabled) {
$pluginEnabled = 1;
}
}
if (file_exists( PATH_XMLFORM . 'ldapAdvanced/' . $fields['AUTH_SOURCE_PROVIDER'] . 'Edit.xml' )) {
$pluginEnabled = 1;
if ($pluginEnabled == 1) {
//The attributes the users
G::LoadClass("pmFunctions");
@@ -64,17 +53,17 @@ if (file_exists( PATH_PLUGINS . $fields['AUTH_SOURCE_PROVIDER'] . PATH_SEP . $fi
}
}
$fields["AUTH_SOURCE_ATTRIBUTE_IDS"] = $attributes;
if (file_exists(PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . $fields["AUTH_SOURCE_PROVIDER"] . 'Flag')) {
if (file_exists(PATH_XMLFORM . 'ldapAdvanced/' . $fields['AUTH_SOURCE_PROVIDER'] . 'Flag')) {
$oHeadPublisher = & headPublisher::getSingleton ();
$oHeadPublisher->assign("Fields", $fields);
$oHeadPublisher->addExtJsScript (PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . 'js' . PATH_SEP . 'library', false, true );
$oHeadPublisher->addExtJsScript (PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . 'js' . PATH_SEP . 'ldapAdvancedForm', false, true );
$oHeadPublisher->addExtJsScript (PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . 'js' . PATH_SEP . 'ldapAdvancedList', false, true );
$oHeadPublisher->addExtJsScript (PATH_TPL. 'ldapAdvanced/library', false, true );
$oHeadPublisher->addExtJsScript (PATH_TPL. 'ldapAdvanced/ldapAdvancedForm', false, true );
$oHeadPublisher->addExtJsScript (PATH_TPL. 'ldapAdvanced/ldapAdvancedList', false, true );
G::RenderPage ('publish', 'extJs');
die();
}
$G_PUBLISH->AddContent("xmlform", "xmlform", $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . $fields["AUTH_SOURCE_PROVIDER"] . "Edit", "", $fields, "../authSources/authSources_Save");
$G_PUBLISH->AddContent("xmlform", "xmlform", 'ldapAdvanced/' . $fields['AUTH_SOURCE_PROVIDER'] . 'Edit', '', $fields, '../authSources/authSources_Save');
} else {
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', array ('MESSAGE' => G::LoadTranslation( 'ID_AUTH_SOURCE_MISSING' )) );
}

24
workflow/engine/methods/authSources/authSources_SearchUsers.php
View File

@@ -35,20 +35,16 @@ $G_ID_SUB_MENU_SELECTED = 'AUTH_SOURCES';
$G_PUBLISH = new Publisher();
$fields = $RBAC->getAuthSource( $_GET['sUID'] );
if (file_exists( PATH_PLUGINS . $fields['AUTH_SOURCE_PROVIDER'] . PATH_SEP . $fields['AUTH_SOURCE_PROVIDER'] . 'Edit.xml' )) {
if (file_exists( PATH_XMLFORM . 'ldapAdvanced/' . $fields['AUTH_SOURCE_PROVIDER'] . 'Edit.xml' )) {
$pluginEnabled = 0;
if (file_exists(PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . ".php")) {
$pluginRegistry = &PMPluginRegistry::getSingleton();
$pluginDetail = $pluginRegistry->getPluginDetails($fields["AUTH_SOURCE_PROVIDER"] . ".php");
if ($pluginDetail && $pluginDetail->enabled) {
$pluginEnabled = 1;
}
/*----------------------------------********---------------------------------*/
$licensedFeatures = & PMLicensedFeatures::getSingleton();
if ($licensedFeatures->verifyfeature('sywN09PSzh1MVdOajZBdnhMbFhCSnpNT1lLTEFwVklmOTE=')) {
$pluginEnabled = 1;
}
/*----------------------------------********---------------------------------*/
if ($pluginEnabled == 0) {
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', array ('MESSAGE' => G::LoadTranslation( 'ID_AUTH_SOURCE_MISSING' ) ) );
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', array ('MESSAGE' => G::LoadTranslation( 'ID_AUTH_SOURCE_FEATURE_MISSING' ) ) );
G::RenderPage( 'publish', 'blank' );
} else {
G::LoadClass('configuration');
@@ -61,12 +57,12 @@ if (file_exists( PATH_PLUGINS . $fields['AUTH_SOURCE_PROVIDER'] . PATH_SEP . $fi
$oHeadPublisher->assign("FORMATS", $c->getFormats());
$oHeadPublisher->assign("CONFIG", $Config);
if (file_exists(PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . $fields["AUTH_SOURCE_PROVIDER"] . 'Flag')) {
if (file_exists(PATH_XMLFORM . 'ldapAdvanced/' . $fields['AUTH_SOURCE_PROVIDER'] . 'Flag')) {
$oHeadPublisher = & headPublisher::getSingleton ();
$oHeadPublisher->assign("Fields", $fields);
$oHeadPublisher->addExtJsScript (PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . 'js' . PATH_SEP . 'library', false, true );
$oHeadPublisher->addExtJsScript (PATH_PLUGINS . $fields["AUTH_SOURCE_PROVIDER"] . PATH_SEP . 'js' . PATH_SEP . 'ldapAdvancedSearch', false, true );
$oHeadPublisher->addExtJsScript (PATH_TPL. 'ldapAdvanced/library', false, true );
$oHeadPublisher->addExtJsScript (PATH_TPL. 'ldapAdvanced/ldapAdvancedSearch', false, true );
G::RenderPage ('publish', 'extJs');
die();
}

348
workflow/engine/methods/authSources/ldapAdvancedProxy.php Executable file
View File

@@ -0,0 +1,348 @@
<?php
$function = $_REQUEST['functionAccion'];
switch ($function) {
case "ldapVerifyIfExistsRecordsInDb":
$response = array();
try {
$authenticationSourceUid = $_POST["authenticationSourceUid"];
$arrayAuthenticationSourceData = $RBAC->getAuthSource($authenticationSourceUid);
$flagUser = false;
$flagDepartment = false;
$flagGroup = false;
//Users
$criteria = new Criteria("rbac");
$criteria->addSelectColumn(RbacUsersPeer::USR_UID);
$criteria->add(RbacUsersPeer::USR_AUTH_USER_DN, "%" . $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], Criteria::LIKE);
$criteria->setOffset(0); //Start
$criteria->setLimit(1); //Limit
$rsCriteria = RbacUsersPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
if ($rsCriteria->next()) {
$flagUser = true;
}
//Departments
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(DepartmentPeer::DEP_UID);
$criteria->add(DepartmentPeer::DEP_LDAP_DN, "%" . $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], Criteria::LIKE);
$criteria->setOffset(0); //Start
$criteria->setLimit(1); //Limit
$rsCriteria = DepartmentPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
if ($rsCriteria->next()) {
$flagDepartment = true;
}
//Groups
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(GroupwfPeer::GRP_UID);
$criteria->add(GroupwfPeer::GRP_LDAP_DN, "%" . $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], Criteria::LIKE);
$criteria->setOffset(0); //Start
$criteria->setLimit(1); //Limit
$rsCriteria = GroupwfPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
if ($rsCriteria->next()) {
$flagGroup = true;
}
//Response
$response["status"] = "OK";
$response["existsRecords"] = ($flagUser || $flagDepartment || $flagGroup)? 1 : 0;
} catch (Exception $e) {
//Response
$response["status"] = "ERROR";
$response["message"] = $e->getMessage();
}
echo G::json_encode($response);
break;
case 'ldapGrid':
$data = array();
switch ($_REQUEST['tipo']) {
case 'crear':
$data = array('ID' => G::generateUniqueID());
break;
case 'read':
if (isset($_REQUEST['data']) && $_REQUEST['data'] != '') {
$dataValue = G::json_decode($_REQUEST['data']);
$data = array();
foreach ($dataValue as $value) {
$data[] = array(
'ID' => G::generateUniqueID(),
'ATTRIBUTE_LDAP' => $value->attributeLdap,
'ATTRIBUTE_USER' => $value->attributeUser
);
}
}
break;
default:
break;
}
echo G::json_encode(array('success'=> true, 'data' => $data, 'message'=>'Created Quote', 'total' => count($data)));
break;
case 'ldapSave':
if (isset($_POST['AUTH_SOURCE_SHOWGRID-checkbox'])) {
if ($_POST['AUTH_SOURCE_SHOWGRID-checkbox'] == 'on') {
$_POST['AUTH_SOURCE_SHOWGRID'] = 'on';
$attributes = G::json_decode($_POST['AUTH_SOURCE_GRID_TEXT']);
$con = 1;
foreach ($attributes as $value) {
$_POST['AUTH_SOURCE_GRID_ATTRIBUTE'][$con] = (array)$value;
$con++;
}
}
unset($_POST['AUTH_SOURCE_SHOWGRID-checkbox']);
}
if ($_POST['AUTH_ANONYMOUS'] == '1') {
$_POST['AUTH_SOURCE_SEARCH_USER'] = '';
$_POST['AUTH_SOURCE_PASSWORD'] = '';
}
if (isset($_POST['AUTH_SOURCE_GRID_TEXT'])) {
unset($_POST['AUTH_SOURCE_GRID_TEXT']);
}
if (isset($_POST['DELETE1'])) {
unset($_POST['DELETE1']);
}
if (isset($_POST['DELETE2'])) {
unset($_POST['DELETE2']);
}
if (isset($_POST['AUTH_SOURCE_ATTRIBUTE_IDS'])) {
unset($_POST['AUTH_SOURCE_ATTRIBUTE_IDS']);
}
if (isset($_POST['AUTH_SOURCE_SHOWGRID_FLAG'])) {
unset($_POST['AUTH_SOURCE_SHOWGRID_FLAG']);
}
if (isset($_POST['AUTH_SOURCE_GRID_TEXT'])) {
unset($_POST['AUTH_SOURCE_GRID_TEXT']);
}
$aCommonFields = array ('AUTH_SOURCE_UID','AUTH_SOURCE_NAME','AUTH_SOURCE_PROVIDER','AUTH_SOURCE_SERVER_NAME','AUTH_SOURCE_PORT','AUTH_SOURCE_ENABLED_TLS','AUTH_ANONYMOUS','AUTH_SOURCE_SEARCH_USER','AUTH_SOURCE_PASSWORD','AUTH_SOURCE_VERSION','AUTH_SOURCE_BASE_DN','AUTH_SOURCE_OBJECT_CLASSES','AUTH_SOURCE_ATTRIBUTES');
$aFields = $aData = array ();
foreach ($_POST as $sField => $sValue) {
if (in_array( $sField, $aCommonFields )) {
$aFields[$sField] = $sValue;
} else {
$aData[$sField] = $sValue;
}
}
if (!isset($aData['AUTH_SOURCE_SHOWGRID']) || $aData['AUTH_SOURCE_SHOWGRID'] == 'off') {
unset($aData['AUTH_SOURCE_GRID_ATTRIBUTE']);
unset($aData['AUTH_SOURCE_SHOWGRID']);
}
$aFields['AUTH_SOURCE_DATA'] = $aData;
if ($aFields['AUTH_SOURCE_UID'] == '') {
$RBAC->createAuthSource( $aFields );
} else {
$RBAC->updateAuthSource( $aFields );
}
echo G::json_encode(array('success'=> true));
break;
case "searchUsers":
$response = array();
try {
$pageSize = $_POST["pageSize"];
$authenticationSourceUid = $_POST["sUID"];
$keyword = $_POST["sKeyword"];
$start = (isset($_POST["start"]))? $_POST["start"]: 0;
$limit = (isset($_POST["limit"]))? $_POST["limit"]: $pageSize;
//Get Users from Database
$arrayUser = array();
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(UsersPeer::USR_USERNAME);
$criteria->add(UsersPeer::USR_STATUS, "CLOSED", Criteria::NOT_EQUAL);
$rsCriteria = UsersPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
while ($rsCriteria->next()) {
$row = $rsCriteria->getRow();
$arrayUser[$row["USR_USERNAME"]] = 1;
}
//Get data
$arrayData = array();
$ldapAdvanced = new ldapAdvanced();
$ldapAdvanced->sAuthSource = $authenticationSourceUid;
$result = $ldapAdvanced->searchUsers($keyword, $start, $limit);
foreach ($result["data"] as $value) {
$arrayUserData = $value;
if (!isset($arrayUser[$arrayUserData["sUsername"]])) {
$arrayUserData["STATUS"] = "NOT IMPORTED";
$arrayUserData["IMPORT"] = 1;
} else {
$arrayUserData["STATUS"] = "IMPORTED";
$arrayUserData["IMPORT"] = 0;
}
$arrayData[] = $arrayUserData;
}
//Response
$response["status"] = "OK";
$response["success"] = true;
$response["resultTotal"] = $result["numRecTotal"];
$response["resultRoot"] = $arrayData;
} catch (Exception $e) {
//Response
$response["status"] = "ERROR";
$response["message"] = $e->getMessage();
}
echo G::json_encode($response);
break;
case 'importUsers':
$usersImport = $_REQUEST['UsersImport'];
$authSourceUid = $_REQUEST['AUTH_SOURCE_UID'];
$aUsers = G::json_decode($usersImport);
global $RBAC;
$aFields = $RBAC->getAuthSource( $authSourceUid );
$aAttributes = array();
if (isset($aFields['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'])) {
$aAttributes = $aFields['AUTH_SOURCE_DATA']['AUTH_SOURCE_GRID_ATTRIBUTE'];
}
$usersCreated = '';
$countUsers = 0;
//$usersImport
foreach ($aUsers as $sUser) {
$aUser = (array)$sUser;
$matches = array();
$aData = array();
$aData['USR_USERNAME'] = str_replace( "*", "'", $aUser['sUsername'] );
$aData["USR_PASSWORD"] = "00000000000000000000000000000000";
// note added by gustavo gustavo-at-colosa.com
// asign the FirstName and LastName variables
// add replace to change D*Souza to D'Souza by krlos
$aData['USR_FIRSTNAME'] = str_replace( "*", "'", $aUser['sFirstname'] );
$aData['USR_LASTNAME'] = str_replace( "*", "'", $aUser['sLastname'] );
$aData['USR_EMAIL'] = $aUser['sEmail'];
$aData['USR_DUE_DATE'] = date( 'Y-m-d', mktime( 0, 0, 0, date( 'm' ), date( 'd' ), date( 'Y' ) + 2 ) );
$aData['USR_CREATE_DATE'] = date( 'Y-m-d H:i:s' );
$aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
$aData['USR_BIRTHDAY'] = date( 'Y-m-d' );
$aData['USR_STATUS'] = (isset($aUser['USR_STATUS'])) ? (($aUser['USR_STATUS'] == 'ACTIVE') ? 1 : 0) : 1;
$aData['USR_AUTH_TYPE'] = strtolower( $aFields['AUTH_SOURCE_PROVIDER'] );
$aData['UID_AUTH_SOURCE'] = $aFields['AUTH_SOURCE_UID'];
// validating with regexp if there are some missing * inside the DN string
// if it's so the is changed to the ' character
preg_match( '/[a-zA-Z]\*[a-zA-Z]/', $aUser['sDN'], $matches );
foreach ($matches as $key => $match) {
$newMatch = str_replace( '*', '\'', $match );
$aUser['sDN'] = str_replace( $match, $newMatch, $aUser['sDN'] );
}
$aData['USR_AUTH_USER_DN'] = $aUser['sDN'];
try {
$sUserUID = $RBAC->createUser( $aData, 'PROCESSMAKER_OPERATOR', $aFields['AUTH_SOURCE_NAME']);
$usersCreated .= $aData['USR_USERNAME'].' ';
$countUsers ++;
} catch (Exception $oError) {
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', array ('MESSAGE' => $oError->getMessage()) );
G::RenderPage("publish", "blank");
die();
}
$aData['USR_STATUS'] = (isset($aUser['USR_STATUS'])) ? $aUser['USR_STATUS'] :'ACTIVE';
$aData['USR_UID'] = $sUserUID;
$aData['USR_ROLE'] = 'PROCESSMAKER_OPERATOR';
G::LoadClass("calendar");
$calendarObj = new Calendar();
$calendarObj->assignCalendarTo($sUserUID, '00000000000000000000000000000001', 'USER');
if (count($aAttributes)) {
foreach ($aAttributes as $value) {
if (isset($aUser[$value['attributeUser']])) {
$aData[$value['attributeUser']] = str_replace( "*", "'", $aUser[$value['attributeUser']] );
if ($value['attributeUser'] == 'USR_STATUS') {
$evalValue = $aData[$value['attributeUser']];
$statusValue = $aData['USR_STATUS'];
$aData[$value['attributeUser']] = $statusValue;
}
}
}
}
require_once 'classes/model/Users.php';
$oUser = new Users();
$oUser->create( $aData );
}
$sClassName = strtolower($aFields['AUTH_SOURCE_PROVIDER']);
$plugin = new $sClassName();
$aAuthSource = $RBAC->authSourcesObj->load($authSourceUid);
if (is_null($plugin->ldapcnn)) {
$plugin->ldapcnn = $plugin->ldapConnection($aAuthSource);
}
$ldapcnn = $plugin->ldapcnn;
$plugin->log($ldapcnn, "Users imported $countUsers: " . $usersCreated);
echo G::json_encode(array('success'=> true));
break;
case "ldapTestConnection":
$response = array();
try {
if ($_POST["AUTH_ANONYMOUS"] == "1") {
$_POST["AUTH_SOURCE_SEARCH_USER"] = "";
$_POST["AUTH_SOURCE_PASSWORD"] = "";
}
$arrayAuthenticationSourceData = $_POST;
//Test connection
$ldapAdvanced = new ldapAdvanced();
$ldapcnn = $ldapAdvanced->ldapConnection($arrayAuthenticationSourceData);
//Response
$response["status"] = "OK";
} catch (Exception $e) {
//Response
$response["status"] = "ERROR";
$response["message"] = $e->getMessage();
}
echo G::json_encode($response);
break;
default:
break;
}

651
workflow/engine/methods/services/ldapadvanced.php Executable file
View File

@@ -0,0 +1,651 @@
<?php
class ldapadvancedClassCron
{
public $deletedRemoved = 0; //Users in the removed OU
public $deletedRemovedUsers = "";
public $dAlready = 0; //Count for already existing users
public $dMoved = 0; //Users moved from a Department to another Department
public $dImpossible = 0; //Users already created using another Authentication source
public $dCreated = 0; //Users created
public $dRemoved = 0; //Users removed
public $dAlreadyUsers = "";
public $dMovedUsers = "";
public $dImpossibleUsers = "";
public $dCreatedUsers = "";
public $dRemovedUsers = "";
public $gAlready = 0;
public $gMoved = 0;
public $gImpossible = 0;
public $gCreated = 0;
public $gRemoved = 0;
public $gAlreadyUsers = "";
public $gMovedUsers = "";
public $gImpossibleUsers = "";
public $gCreatedUsers = "";
public $gRemovedUsers = "";
public $managersHierarchy = array();
public $oldManagersHierarchy = array();
public $managersToClear = array();
public $deletedManager = 0;
public function __construct()
{
}
/**
function executed by the cron
this function will synchronize users from ldap/active directory to PM users tables
@return void
*/
public function executeCron($debug)
{
$rbac = &RBAC::getSingleton();
if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource();
}
$plugin = new ldapAdvanced();
$plugin->sSystem = $rbac->sSystem;
$plugin->setFrontEnd(true);
$plugin->setDebug($debug);
//Get all authsource for this plugin ( ldapAdvanced plugin, because other authsources are not needed )
$arrayAuthenticationSource = $plugin->getAuthSources();
$aDepartments = $plugin->getDepartments("");
$aGroups = $plugin->getGroups();
//$arrayDepartmentUserAd = array(); //(D) Update Users
//$arrayGroupUserAd = array(); //(G) Update Users
//echo "\n";
$plugin->frontEndShow("START");
$plugin->debugLog("START");
foreach ($arrayAuthenticationSource as $value) {
$arrayAuthenticationSourceData = $value;
$plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$arrayAuthenticationSourceData ---->\n" . print_r($arrayAuthenticationSourceData, true));
$plugin->sAuthSource = $arrayAuthenticationSourceData["AUTH_SOURCE_UID"];
$plugin->ldapcnn = null;
$plugin->setArrayDepartmentUserSynchronizedChecked(array());
$plugin->setArrayUserUpdateChecked(array());
//Get all User (USR_UID, USR_USERNAME, USR_AUTH_USER_DN) registered in RBAC with this Authentication Source
$plugin->setArrayAuthenticationSourceUsers($arrayAuthenticationSourceData["AUTH_SOURCE_UID"]); //INITIALIZE DATA
$plugin->frontEndShow("TEXT", "Authentication Source: " . $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"]);
$plugin->log(null, "Executing cron for Authentication Source: " . $arrayAuthenticationSourceData["AUTH_SOURCE_NAME"]);
//Get all departments from Ldap/ActiveDirectory and build a hierarchy using dn (ou->ou parent)
$aLdapDepts = $plugin->searchDepartments();
//Obtain all departments from PM with a valid department in LDAP/ActiveDirectory
$aRegisteredDepts = $plugin->getRegisteredDepartments($aLdapDepts, $aDepartments);
$plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$aRegisteredDepts ---->\n" . print_r($aRegisteredDepts, true));
//Get all group from Ldap/ActiveDirectory
$aLdapGroups = $plugin->searchGroups();
//Obtain all groups from PM with a valid group in LDAP/ActiveDirectory
$aRegisteredGroups = $plugin->getRegisteredGroups($aLdapGroups, $aGroups);
$plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$aRegisteredGroups ---->\n" . print_r($aRegisteredGroups, true));
//Get all users from Removed OU
$this->usersRemovedOu = $plugin->getUsersFromRemovedOu($arrayAuthenticationSourceData);
$plugin->deactiveArrayOfUsers($this->usersRemovedOu);
//Variables
$this->deletedRemoved = count($this->usersRemovedOu);
$this->deletedRemovedUsers = "";
$this->dAlready = 0;
$this->dMoved = 0;
$this->dImpossible = 0;
$this->dCreated = 0;
$this->dRemoved = 0;
$this->dAlreadyUsers = "";
$this->dMovedUsers = "";
$this->dImpossibleUsers = "";
$this->dCreatedUsers = "";
$this->dRemovedUsers = "";
$this->gAlready = 0;
$this->gMoved = 0;
$this->gImpossible = 0;
$this->gCreated = 0;
$this->gRemoved = 0;
$this->gAlreadyUsers = "";
$this->gMovedUsers = "";
$this->gImpossibleUsers = "";
$this->gCreatedUsers = "";
$this->gRemovedUsers = "";
//Department - Synchronize Users
$numDepartments = count($aRegisteredDepts);
$count = 0;
$plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$numDepartments ----> $numDepartments");
foreach ($aRegisteredDepts as $registeredDept) {
$count++;
//(D) Update Users
//if (!isset($arrayDepartmentUserAd[$registeredDept["DEP_UID"]])) {
// $arrayDepartmentUserAd[$registeredDept["DEP_UID"]] = array(); //Current users in department based in Active Directory
//}
//
//$arrayAux = $this->departmentSynchronizeUsers($plugin, $numDepartments, $count, $registeredDept);
//$arrayAux = array_merge($arrayDepartmentUserAd[$registeredDept["DEP_UID"]], $arrayAux);
//
//$arrayDepartmentUserAd[$registeredDept["DEP_UID"]] = array_unique($arrayAux);
$arrayAux = $this->departmentSynchronizeUsers($plugin, $numDepartments, $count, $registeredDept);
}
//Department - Print log
$logResults = sprintf(
"- Departments -> Existing users: %d, moved: %d, impossible: %d, created: %d, removed: %d",
$this->dAlready,
$this->dMoved,
$this->dImpossible,
$this->dCreated,
$this->dRemoved
);
$plugin->frontEndShow("TEXT", $logResults);
$plugin->log(null, $logResults);
//Group - Synchronize Users
$numGroups = count($aRegisteredGroups);
$count = 0;
$plugin->debugLog("ldapadvanced.php > function executeCron() > foreach > \$numGroups ----> $numGroups");
foreach ($aRegisteredGroups as $registeredGroup) {
$count++;
//(G) Update Users
//if (!isset($arrayGroupUserAd[$registeredGroup["GRP_UID"]])) {
// $arrayGroupUserAd[$registeredGroup["GRP_UID"]] = array(); //Current users in group based in Active Directory
//}
//
//$arrayAux = $this->groupSynchronizeUsers($plugin, $numGroups, $count, $registeredGroup);
//$arrayAux = array_merge($arrayGroupUserAd[$registeredGroup["GRP_UID"]], $arrayAux);
//
//$arrayGroupUserAd[$registeredGroup["GRP_UID"]] = array_unique($arrayAux);
$arrayAux = $this->groupSynchronizeUsers($plugin, $numGroups, $count, $registeredGroup);
}
//Group - Print log
$logResults = sprintf(
"- Groups -> Existing users: %d, moved: %d, impossible: %d, created: %d, removed: %d",
$this->gAlready,
$this->gMoved,
$this->gImpossible,
$this->gCreated,
$this->gRemoved
);
$plugin->frontEndShow("TEXT", $logResults);
$plugin->log(null, $logResults);
//Manager
$plugin->clearManager($this->managersToClear);
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["DEPARTMENTS_TO_UNASSIGN"])) {
if (is_array($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["DEPARTMENTS_TO_UNASSIGN"])) {
foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["DEPARTMENTS_TO_UNASSIGN"] as $departmentUID) {
// Delete manager assignments
$criteriaSet = new Criteria("workflow");
$criteriaSet->add(UsersPeer::USR_REPORTS_TO, "");
$criteriaWhere = new Criteria("workflow");
$criteriaWhere->add(UsersPeer::DEP_UID, $departmentUID);
$criteriaWhere->add(UsersPeer::USR_REPORTS_TO, "", Criteria::NOT_EQUAL);
$this->deletedManager = BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection("workflow"));
// Delete department assignments
$criteriaSet = new Criteria("workflow");
$criteriaSet->add(UsersPeer::DEP_UID, "");
$criteriaWhere = new Criteria("workflow");
$criteriaWhere->add(UsersPeer::DEP_UID, $departmentUID);
$this->dMoved += UsersPeer::doCount($criteriaWhere);
BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection("workflow"));
}
}
unset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["DEPARTMENTS_TO_UNASSIGN"]);
$rbac = &RBAC::getSingleton();
$rbac->authSourcesObj->update($arrayAuthenticationSourceData);
}
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["GROUPS_TO_UNASSIGN"])) {
if (is_array($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["GROUPS_TO_UNASSIGN"])) {
foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["GROUPS_TO_UNASSIGN"] as $groupUID) {
// Delete manager assignments
$groupsInstance = new Groups();
$criteria = $groupsInstance->getUsersGroupCriteria($groupUID);
$dataset = UsersPeer::doSelectRS($criteria);
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$dataset->next();
$users = array();
while ($row = $dataset->getRow()) {
$users[] = $row["USR_UID"];
$dataset->next();
}
$criteriaSet = new Criteria("workflow");
$criteriaSet->add(UsersPeer::USR_REPORTS_TO, "");
$criteriaWhere = new Criteria("workflow");
$criteriaWhere->add(UsersPeer::USR_UID, $users, Criteria::IN);
$criteriaWhere->add(UsersPeer::USR_REPORTS_TO, "", Criteria::NOT_EQUAL);
$this->deletedManager = BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection("workflow"));
// Delete group assignments
$criteria = new Criteria("workflow");
$criteria->add(GroupUserPeer::GRP_UID, $groupUID);
$this->gMoved += GroupUserPeer::doCount($criteria);
BasePeer::doDelete($criteria, Propel::getConnection("workflow"));
}
}
unset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["GROUPS_TO_UNASSIGN"]);
$rbac = &RBAC::getSingleton();
$rbac->authSourcesObj->update($arrayAuthenticationSourceData);
}
// Delete the managers that not exists in PM
$criteria = new Criteria("rbac");
$criteria->addSelectColumn(RbacUsersPeer::USR_AUTH_USER_DN);
$criteria->add(RbacUsersPeer::USR_AUTH_USER_DN, "", Criteria::NOT_EQUAL);
$dataset = RbacUsersPeer::doSelectRS($criteria);
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$dataset->next();
$existingUsers = array();
while ($row = $dataset->getRow()) {
$existingUsers[] = $row["USR_AUTH_USER_DN"];
$dataset->next();
}
foreach ($this->managersHierarchy as $managerDN => $subordinates) {
if (!in_array($managerDN, $existingUsers)) {
unset($this->managersHierarchy[$managerDN]);
}
}
// Get the managers assigments counters
$plugin->synchronizeManagers($this->managersHierarchy);
$deletedManagersAssignments = self::array_diff_assoc_recursive($this->oldManagersHierarchy, $this->managersHierarchy);
$newManagersAssignments = self::array_diff_assoc_recursive($this->managersHierarchy, $this->oldManagersHierarchy);
$deletedManagers = array();
$newManagers = array();
$movedManagers = array();
if (is_array($deletedManagersAssignments)) {
foreach ($deletedManagersAssignments as $dn1 => $subordinates1) {
foreach ($subordinates1 as $subordinate) {
if (!in_array($subordinate, $deletedManagers)) {
$deletedManagers[] = $subordinate;
}
foreach ($newManagersAssignments as $dn2 => $subordinates2) {
if (isset($subordinates2[$subordinate])) {
$movedManagers[] = $subordinate;
}
}
}
}
}
if (is_array($newManagersAssignments)) {
foreach ($newManagersAssignments as $dn1 => $subordinates1) {
foreach ($subordinates1 as $subordinate) {
if (!in_array($subordinate, $newManagers)) {
$newManagers[] = $subordinate;
}
foreach ($deletedManagersAssignments as $dn2 => $subordinates2) {
if (isset($subordinates2[$subordinate])) {
if (!in_array($subordinate, $movedManagers)) {
$movedManagers[] = $subordinate;
}
}
}
}
}
}
//Print and log the users's information
//Deleted/Removed Users
$logResults = sprintf("- Deleted/Removed Users: %d", $this->deletedRemoved);
$plugin->frontEndShow("TEXT", $logResults);
$plugin->log(null, $logResults);
if ($this->deletedRemoved > 0) {
$plugin->log(null, "Deleted/Removed Users: ");
$plugin->log(null, $this->deletedRemovedUsers);
}
if ($this->dAlready + $this->gAlready > 0) {
$plugin->log(null, "Existing Users: ");
$plugin->log(null, $this->dAlreadyUsers . " " . $this->gAlreadyUsers);
}
if ($this->dMoved + $this->gMoved > 0) {
$plugin->log(null, "Moved Users: ");
$plugin->log(null, $this->dMovedUsers . " " . $this->gMovedUsers);
}
if ($this->dImpossible + $this->gImpossible > 0) {
$plugin->log(null, "Impossible Users: ");
$plugin->log(null, $this->dImpossibleUsers . " " . $this->gImpossibleUsers);
}
if ($this->dCreated + $this->gCreated > 0) {
$plugin->log(null, "Created Users: ");
$plugin->log(null, $this->dCreatedUsers . " " . $this->gCreatedUsers);
}
if ($this->dRemoved + $this->gRemoved > 0) {
$plugin->log(null, "Removed Users: ");
$plugin->log(null, $this->dRemovedUsers . " " . $this->gRemovedUsers);
}
//Print and log the managers assignments"s information
$logResults = sprintf(
"- Managers assignments: created %d, moved %d, removed %d",
count($newManagers) - count($movedManagers),
count($movedManagers),
count($deletedManagers) - count($movedManagers) + $this->deletedManager
);
$plugin->frontEndShow("TEXT", $logResults);
$plugin->log(null, $logResults);
//Update Users data based on the LDAP Server
$plugin->usersUpdateData($arrayAuthenticationSourceData["AUTH_SOURCE_UID"]);
}
$plugin->frontEndShow("END");
//(D) Update Users
////Department //Upgrade users in departments
//foreach ($arrayDepartmentUserAd as $departmentUid => $arrayUserAd) {
// $plugin->setArrayDepartmentUsers($departmentUid); //INITIALIZE DATA
//
// $arrayAux = array_diff(array_keys($plugin->arrayDepartmentUsersByUid), $arrayUserAd);
//
// $this->departmentRemoveUsers($departmentUid, $arrayAux);
//}
//(G) Update Users
////Group //Upgrade users in groups
//foreach ($arrayGroupUserAd as $groupUid => $arrayUserAd) {
// $plugin->setArrayGroupUsers($groupUid); //INITIALIZE DATA
//
// $arrayAux = array_diff(array_keys($plugin->arrayGroupUsersByUid), $arrayUserAd);
//
// $this->groupRemoveUsers($groupUid, $arrayAux);
//}
//// Developed by Gary and Ronald
//$usersInfo = $plugin->ASUpdateInfo('');
//if (isset($usersInfo) && $usersInfo > 0) {
// $this->dMoved = $usersInfo;
//}
//// End Developed by Gary and Ronald
$plugin->debugLog("END");
}
public function array_diff_assoc_recursive($array1, $array2)
{
foreach ($array1 as $key => $value) {
if (is_array($value)) {
if (!isset($array2[$key])) {
$difference[$key] = $value;
} else {
if (!is_array($array2[$key])) {
$difference[$key] = $value;
} else {
$new_diff = self::array_diff_assoc_recursive($value, $array2[$key]);
if ($new_diff != false) {
$difference[$key] = $new_diff;
}
}
}
} else {
if (!isset($array2[$key]) || $array2[$key] != $value) {
$difference[$key] = $value;
}
}
}
return (!isset($difference))? array() : $difference;
}
public function departmentRemoveUsers($departmentUid, array $arrayUserUid)
{
try {
$department = new Department();
$department->Load($departmentUid);
$departmentManagerUid = $department->getDepManager();
foreach ($arrayUserUid as $value) {
$userUid = $value;
$department->removeUserFromDepartment($departmentUid, $userUid);
if ($userUid == $departmentManagerUid) {
$department->update(array("DEP_UID" => $departmentUid, "DEP_MANAGER" => ""));
$department->updateDepartmentManager($departmentUid);
}
}
} catch (Exception $e) {
throw $e;
}
}
public function groupRemoveUsers($groupUid, array $arrayUserUid)
{
try {
$group = new Groups();
foreach ($arrayUserUid as $value) {
$userUid = $value;
$group->removeUserOfGroup($groupUid, $userUid);
}
} catch (Exception $e) {
throw $e;
}
}
public function departmentSynchronizeUsers($ldapAdvanced, $numDepartments, $count, array $arrayDepartmentData)
{
try {
$ldapAdvanced->debugLog("ldapadvanced.php > function departmentSynchronizeUsers() > START");
$ldapAdvanced->debugLog("ldapadvanced.php > function departmentSynchronizeUsers() > \$arrayDepartmentData ---->\n" . print_r($arrayDepartmentData, true));
//Get users from ProcessMaker tables (for this Department)
$ldapAdvanced->setArrayDepartmentUsers($arrayDepartmentData["DEP_UID"]); //INITIALIZE DATA
//Clear the manager assignments
$arrayUserUid = array();
foreach ($ldapAdvanced->arrayDepartmentUsersByUid as $key => $user) {
$arrayUserUid[] = $user["USR_UID"];
if (isset($user["USR_REPORTS_TO"]) && $user["USR_REPORTS_TO"] != "") {
$dn = (isset($ldapAdvanced->arrayAuthenticationSourceUsersByUid[$user["USR_REPORTS_TO"]]["USR_AUTH_USER_DN"]))? $ldapAdvanced->arrayAuthenticationSourceUsersByUid[$user["USR_REPORTS_TO"]]["USR_AUTH_USER_DN"] : "";
if ($dn != "") {
if (!isset($this->oldManagersHierarchy[$dn])) {
$this->oldManagersHierarchy[$dn] = array();
}
$this->oldManagersHierarchy[$dn][$user["USR_UID"]] = $user["USR_UID"];
}
}
}
$this->managersToClear = $arrayUserUid;
//Synchronize Users from Department
//Now we need to go over ldapusers and check if the user exists in ldap but not in PM, then we need to create it
$arrayData = array(
"already" => $this->dAlready,
"moved" => $this->dMoved,
"impossible" => $this->dImpossible,
"created" => $this->dCreated,
"alreadyUsers" => $this->dAlreadyUsers,
"movedUsers" => $this->dMovedUsers,
"impossibleUsers" => $this->dImpossibleUsers,
"createdUsers" => $this->dCreatedUsers,
"managersHierarchy" => $this->managersHierarchy,
"arrayUserUid" => array(),
"n" => $numDepartments,
"i" => $count
);
//Get Users from LDAP (for this Department)
$arrayData = $ldapAdvanced->ldapGetUsersFromDepartment("SYNCHRONIZE", $arrayDepartmentData["DEP_LDAP_DN"], $arrayData);
$this->dAlready = $arrayData["already"];
$this->dMoved = $arrayData["moved"];
$this->dImpossible = $arrayData["impossible"];
$this->dCreated = $arrayData["created"];
$this->dAlreadyUsers = $arrayData["alreadyUsers"];
$this->dMovedUsers = $arrayData["movedUsers"];
$this->dImpossibleUsers = $arrayData["impossibleUsers"];
$this->dCreatedUsers = $arrayData["createdUsers"];
$this->managersHierarchy = $arrayData["managersHierarchy"];
$arrayUserUid = $arrayData["arrayUserUid"];
//(D) Update Users
$arrayAux = array_diff(array_keys($ldapAdvanced->arrayDepartmentUsersByUid), $arrayUserUid);
$this->departmentRemoveUsers($arrayDepartmentData["DEP_UID"], $arrayAux);
$this->dRemoved += count($arrayAux);
$this->dRemovedUsers = "";
$ldapAdvanced->debugLog("ldapadvanced.php > function departmentSynchronizeUsers() > END");
//Return all UID of Users synchronized in the Department (Return all UID of Users of this Department)
return $arrayUserUid;
} catch (Exception $e) {
throw $e;
}
}
public function groupSynchronizeUsers($ldapAdvanced, $numGroups, $count, array $arrayGroupData)
{
try {
$ldapAdvanced->debugLog("ldapadvanced.php > function groupSynchronizeUsers() > START");
$ldapAdvanced->debugLog("ldapadvanced.php > function groupSynchronizeUsers() > \$arrayGroupData ---->\n" . print_r($arrayGroupData, true));
//Get users from ProcessMaker tables (for this Group)
$ldapAdvanced->setArrayGroupUsers($arrayGroupData["GRP_UID"]); //INITIALIZE DATA
//Clear the manager assignments
$arrayUserUid = array();
foreach ($ldapAdvanced->arrayGroupUsersByUid as $key => $user) {
$arrayUserUid[] = $user["USR_UID"];
if (isset($user["USR_REPORTS_TO"]) && $user["USR_REPORTS_TO"] != "") {
$dn = (isset($ldapAdvanced->arrayAuthenticationSourceUsersByUid[$user["USR_REPORTS_TO"]]["USR_AUTH_USER_DN"]))? $ldapAdvanced->arrayAuthenticationSourceUsersByUid[$user["USR_REPORTS_TO"]]["USR_AUTH_USER_DN"] : "";
if ($dn != "") {
if (!isset($this->oldManagersHierarchy[$dn])) {
$this->oldManagersHierarchy[$dn] = array();
}
$this->oldManagersHierarchy[$dn][$user["USR_UID"]] = $user["USR_UID"];
}
}
}
$this->managersToClear = array_merge($this->managersToClear, $arrayUserUid);
//Synchronize Users from Group
//Now we need to go over ldapusers and check if the user exists in ldap but not in PM, then we need to create it
$arrayData = array(
"already" => $this->gAlready,
"moved" => $this->gMoved,
"impossible" => $this->gImpossible,
"created" => $this->gCreated,
"alreadyUsers" => $this->gAlreadyUsers,
"movedUsers" => $this->gMovedUsers,
"impossibleUsers" => $this->gImpossibleUsers,
"createdUsers" => $this->gCreatedUsers,
"managersHierarchy" => $this->managersHierarchy,
"arrayUserUid" => array(),
"n" => $numGroups,
"i" => $count
);
//Get Users from LDAP (for this Group)
$arrayData = $ldapAdvanced->ldapGetUsersFromGroup("SYNCHRONIZE", $arrayGroupData, $arrayData);
$this->gAlready = $arrayData["already"];
$this->gMoved = $arrayData["moved"];
$this->gImpossible = $arrayData["impossible"];
$this->gCreated = $arrayData["created"];
$this->gAlreadyUsers = $arrayData["alreadyUsers"];
$this->gMovedUsers = $arrayData["movedUsers"];
$this->gImpossibleUsers = $arrayData["impossibleUsers"];
$this->gCreatedUsers = $arrayData["createdUsers"];
$this->managersHierarchy = $arrayData["managersHierarchy"];
$arrayUserUid = $arrayData["arrayUserUid"];
//(G) Update Users
$arrayAux = array_diff(array_keys($ldapAdvanced->arrayGroupUsersByUid), $arrayUserUid);
$this->groupRemoveUsers($arrayGroupData["GRP_UID"], $arrayAux);
$this->gRemoved += count($arrayAux);
$this->gRemovedUsers = "";
$ldapAdvanced->debugLog("ldapadvanced.php > function groupSynchronizeUsers() > END");
//Return all UID of Users synchronized in the Group (Return all UID of Users of this Group)
return $arrayUserUid;
} catch (Exception $e) {
throw $e;
}
}
}