Artturi Markko
|
Monday 15 May 2006 12:27:40 pm
Hi Kristof, Yes, the links are still valid
> What do you get when you click on such a child node that is supposed to be removed? I get the user properties. In those, I can see under "Locations [2]" a list of the groups the user belongs to (and this list is correct)
> Maybe it's some caching issue. I've cleared all the cache but user is still where it should not.
Anyway, i DO have caching issues with my ldap search. When I modify a group on the ldap server, I have to clear "content", "content node" and "content subtree" cache in order to detect my modifications. Any idea about that ? Here's the code if it can help :
$db->begin();
foreach ( array_keys ( $LDAPUsers ) as $key )
{
$LDAPUser =& $LDAPUsers[$key];
$login = $LDAPUser['login'];
$userID = $LDAPUser['contentobject_id'];
$LDAPFilter = "( &";
if ( count( $LDAPFilters ) > 0 )
{
foreach ( array_keys( $LDAPFilters ) as $key )
{
$LDAPFilter .= "(" . $LDAPFilters[$key] . ")";
}
}
$LDAPFilter .= "($LDAPLogin=$login)";
$LDAPFilter .= ")";
$LDAPFilter = str_replace( $LDAPEqualSign, "=", $LDAPFilter );
if ( $LDAPSearchScope == "one" )
$sr = ldap_list( $ds, $LDAPBaseDN, $LDAPFilter, $attributeArray );
else if ( $LDAPSearchScope == "base" )
$sr = ldap_read( $ds, $LDAPBaseDN, $LDAPFilter, $attributeArray );
else
$sr = ldap_search( $ds, $LDAPBaseDN, $LDAPFilter, $attributeArray );
$info = ldap_get_entries( $ds, $sr );
if ( $info["count"] != 1 )
{
$cli->output( "Disable user " . $cli->stylize( 'emphasize', $login ) );
// Disable the user
$userSetting = eZUserSetting::fetch( $userID );
$userSetting->setAttribute( "is_enabled", false );
$userSetting->store();
}
else
{
// Update user information
$contentObject =& eZContentObject::fetch( $userID );
$parentNodeID = $contentObject->attribute( 'main_parent_node_id' );
$currentVersion = $contentObject->attribute( 'current_version' );
$version =& $contentObject->attribute( 'current' );
$contentObjectAttributes =& $version->contentObjectAttributes();
if ( $isUtf8Encoding )
{
$firstName = utf8_decode( $info[0][$LDAPFirstNameAttribute][0] );
$lastName = utf8_decode( $info[0][$LDAPLastNameAttribute][0] );
$ldapEMail = utf8_decode( $info[0][$LDAPEmailAttribute][0] );
}
else
{
$firstName = $info[0][$LDAPFirstNameAttribute][0];
$lastName = $info[0][$LDAPLastNameAttribute][0];
$ldapEMail = $info[0][$LDAPEmailAttribute][0];
}
$contentObjectAttributes[0]->setAttribute( 'data_text', $firstName );
$contentObjectAttributes[0]->store();
$contentObjectAttributes[1]->setAttribute( 'data_text', $lastName );
$contentObjectAttributes[1]->store();
$contentClass =& $contentObject->attribute( 'content_class' );
$name = $contentClass->contentObjectName( $contentObject );
$contentObject->setName( $name );
$existUser = eZUser::fetch( $userID );
$existUser->setAttribute('email', $ldapEMail );
$existUser->setAttribute('password_hash', "" );
$existUser->setAttribute('password_hash_type', 0 );
$existUser->store();
/** DETECT if mappings are defined in ldap.ini **/
if ( $LDAPUserGroupAM != null )
{
$republishRequired = false;
$IsLDAPMain = true;
$hasOtherNodeType = false;
$hasLDAPNodeType = false;
$otherNodeArray = array();
$LDAPNodeArray = array();
$newLDAPNodeArray = array();
$parentNodes =& $contentObject->parentNodes( $currentVersion );;
foreach( array_keys( $parentNodes ) as $key )
{
$parentNode =& $parentNodes[$key];
$parentNodeID = $parentNode->attribute( 'node_id' );
$parentNodeName = $parentNode->attribute( 'name' );
$nodeAssignment = eZNodeAssignment::fetch( $contentObject->attribute( 'id' ), $currentVersion, $parentNodeID );
$isMain = $nodeAssignment->attribute( 'is_main' );
$remoteID = $nodeAssignment->attribute( 'parent_remote_id' );
if ( preg_match( "/LDAP/i", $remoteID ) )
{
$LDAPNodeArray[] = array( 'parent_node_name' => $parentNodeName, 'parent_node_id' => $parentNodeID, 'is_main' => $isMain );
}
else
{
$otherNodeArray[] = array( 'parent_node_name' => $parentNodeName, 'parent_node_id' => $parentNodeID, 'is_main' => $isMain );
$hasOtherNodeType = true;
if ( $isMain )
{
$IsLDAPMain = false;
}
}
}
/* Aim of the query : get all the node_id of the mapped groups in ldap.ini */
$query = "SELECT ezcontentobject_tree.node_id
FROM ezcontentobject, ezcontentobject_tree
WHERE ezcontentobject.name IN ( ";
foreach ( $LDAPUserGroupAML as $value)
{
$r = explode("--", $value);
$ldap2ez[$r[0]] = $r[1];
$query .= "'" . $r[1] . "',";
}
$query = substr($query,0, -1) . ") AND ezcontentobject.id=ezcontentobject_tree.contentobject_id AND ezcontentobject.contentclass_id=3";
$allMappedGroups = $db->arrayQuery( $query );
$extraNodeAssignments = array();
$removeAssignments = array();
$LDAPUserGroupCount = count( $LDAPNodeArray );
$filter = "(&(objectClass=group)(member=" . $info[0]['dn'] . "))";
mapInEzGroups($filter, $LDAPBaseDN, $ds, $db, $ldap2ez, $extraNodeAssignments);
/** Find out which groups the user must not belong to **/
foreach ( array_keys($allMappedGroups) as $key )
{
if ( in_array($allMappedGroups[$key]['node_id'], $extraNodeAssignments) )
{
continue;
}
foreach ( array_keys($LDAPNodeArray) as $key2 )
{
if ( in_array($allMappedGroups[$key]['node_id'], $LDAPNodeArray[$key2]) )
{
$removeAssignments[] = $allMappedGroups[$key]['node_id'];
}
}
}
var_dump($extraNodeAssignments, $removeAssignments);
// count the number of "ez mapped groups" the user has to belong to
$groupCount = count( $extraNodeAssignments );
for ( $i = 0; $i < $groupCount ; $i++ )
{
/* check for all "ldap originated groups" the user already belongs to,
with the assumption it does not exist in $extraNodeAssignments */
$exist = false;
foreach( $LDAPNodeArray as $LDAPNode )
{
$existGroupName = $LDAPNode['parent_node_name'];
$existGroupID = $LDAPNode['parent_node_id'];
if ( strcasecmp( $existGroupID, $extraNodeAssignments[$i] ) == 0 )
{
$exist = true;
$hasLDAPNodeType = true;
if ( $IsLDAPMain and count( $newLDAPNodeArray ) == 0 )
{
$newLDAPNodeArray[] = array( 'parent_node_name' => $existGroupName, 'parent_node_id' => $existGroupID, 'is_main' => 1 );
}
else
{
$newLDAPNodeArray[] = array( 'parent_node_name' => $existGroupName, 'parent_node_id' => $existGroupID, 'is_main' => 0 );
}
$LDAPUserGroupCount--;
}
}
if ( $exist == false )
{
// Get the name from the id : this differs in order to use already written 'mapInEzGroups' function which returns an array of ids
$groupQuery = "SELECT ezcontentobject.name
FROM ezcontentobject, ezcontentobject_tree
WHERE ezcontentobject_tree.node_id=$extraNodeAssignments[$i]
AND ezcontentobject.id=ezcontentobject_tree.contentobject_id
AND ezcontentobject.contentclass_id=3";
$groupObject = $db->arrayQuery( $groupQuery );
if ( count( $groupObject ) > 0 )
{
$hasLDAPNodeType = true;
if ( $IsLDAPMain and count( $newLDAPNodeArray ) == 0 )
{
$newLDAPNodeArray[] = array( 'parent_node_name' => $groupObject[0]['name'], 'parent_node_id' => $extraNodeAssignments[$i], 'is_main' => 1 );
}
else
{
$newLDAPNodeArray[] = array( 'parent_node_name' => $groupObject[0]['name'], 'parent_node_id' => $extraNodeAssignments[$i], 'is_main' => 0 );
}
$republishRequired = true;
}
}
}
if ( $LDAPUserGroupCount != 0 || count($removeAssignments) > 0)
{
$republishRequired = true;
}
if ( $republishRequired )
{
$newVersion = $contentObject->createNewVersion();
$newVersionNr = $newVersion->attribute( 'version' );
$nodeAssignmentList =& $newVersion->attribute( 'node_assignments' );
// ok, here should be the BIG CLEANUP, but seems incomplete by juding of the result in admin interface (user still sits in the group).
foreach ( array_keys( $nodeAssignmentList ) as $key )
{
$nodeAssignment =& $nodeAssignmentList[$key];
$nodeAssignment->remove();
}
if ( $hasOtherNodeType )
{
foreach ( $otherNodeArray as $otherNode )
{
$newVersion->assignToNode( $otherNode['parent_node_id'], $otherNode['is_main'] );
}
}
if ( $hasLDAPNodeType )
{
foreach ( $newLDAPNodeArray as $newLDAPNode )
{
$newVersion->assignToNode( $newLDAPNode['parent_node_id'], $newLDAPNode['is_main'] );
$assignment = eZNodeAssignment::fetch( $contentObject->attribute( 'id' ), $newVersionNr, $newLDAPNode['parent_node_id'] );
$assignment->setAttribute( 'parent_remote_id', "LDAP_" . $newLDAPNode['parent_node_id'] );
$assignment->store();
}
}
if ( !$hasOtherNodeType and !$hasLDAPNodeType )
{
$newVersion->assignToNode( $defaultUserPlacement, 1 );
}
include_once( 'lib/ezutils/classes/ezoperationhandler.php' );
$operationResult = eZOperationHandler::execute( 'content', 'publish', array( 'object_id' => $userID,
'version' => $newVersionNr ) );
$cli->output( $cli->stylize( 'emphasize', $existUser->attribute('login') ) . " has changed group, updated." );
}
}
}
}
$db->commit();
|