Permalink
Browse files

Initial brain dump. Adding and removing users from groups works.

  • Loading branch information...
0 parents commit 5c4910ac4b009031f46c0d073b192b1ac4e083e9 @adamfranco adamfranco committed Sep 3, 2009
@@ -0,0 +1,46 @@
+<?php
+/**
+ * Add a new user to a group.
+ *
+ * @since 8/28/09
+ * @package
+ *
+ * @copyright Copyright &copy; 2009, Middlebury College
+ * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL)
+ */
+
+if (!isset($_POST['group_id']) || !$_POST['group_id'])
+ throw new InvalidArgumentException("No group_id passed");
+
+$groupId = base64_decode($_POST['group_id'], true);
+if (!$groupId)
+ throw new InvalidArgumentException("Invalid group_id passed");
+
+if (!isset($_POST['user_id']) || !$_POST['user_id'])
+ throw new InvalidArgumentException("No user_id passed");
+
+$userId = base64_decode($_POST['user_id'], true);
+if (!$userId)
+ throw new InvalidArgumentException("Invalid user_id passed");
+
+
+// Verify that the current user really can manage the group.
+$groups = $ldap->read('(objectclass=group)', $groupId, array('managedby', 'member'));
+if (count($groups) != 1)
+ throw new Exception("Could not find the group specified");
+$group = $groups[0];
+if ($group['managedby'][0] != $_SESSION['user'])
+ throw new PermissionDeniedException("You are not authorized to manage this group.");
+
+// Verify that the user is not already in the group
+if (in_array($userId, $group['member']))
+ throw new Exception("The user is already a member of this group.");
+
+// Add the user.
+$ldap->addAttribute($groupId, 'member', $userId);
+
+while(ob_get_level())
+ ob_end_clean();
+header('Content-Type: text/plain');
+print "Success";
+exit;
@@ -0,0 +1,61 @@
+<ul class='menu'>
+ <li>My Groups</li>
+ <li><a href="<?php echo getUrl('list_web'); ?>">All Web Groups</a></li>
+ <li><a href="<?php echo getUrl('list_all'); ?>">All Groups</a></li>
+</ul>
+
+<?php
+$groups = array();
+foreach ($ldapConfig['WritableGroupContainers'] as $baseDN) {
+ $query = '(objectClass=group)';
+ $groups = array_merge($groups, $ldap->search($query, $baseDN, array('cn', 'managedby', 'member')));
+}
+
+// Filter on ones managed by the current user
+foreach ($groups as $key => $group) {
+ if ($group['managedby'][0] != $_SESSION['user'])
+ unset($groups[$key]);
+}
+$groups = array_values($groups);
+
+foreach ($groups as $group) {
+ $levels = ldap_explode_dn($group['dn'], 1);
+ unset($levels['count']);
+ array_pop($levels);
+ array_pop($levels);
+ $levels = array_reverse($levels);
+
+ print "\n<div class='group'>";
+// print "\n\t<h2>".$group['cn'][0]."</h2>";
+// print "\n\t<h2>".implode('/', $levels)."</h2>";
+
+// print "\n\t<fieldset class='location'>\n\t\t<legend>Location</legend>";
+// foreach ($levels as $level)
+// print "\n\t<ul>\n\t<li>".$level." <br/>";
+// foreach ($levels as $level)
+// print "\n\t</li>\n\t</ul>";
+// print "\n\t</fieldset>";
+
+ print "\n\t<fieldset class='members'>\n\t\t<legend>".implode(' / ', $levels)."</legend>";
+ print "\n\t\t<ul>";
+ sort ($group['member']);
+ foreach ($group['member'] as $memberDN) {
+ $members = $ldap->read('(objectclass=*)', $memberDN, array('givenName', 'sn', 'mail'));
+ $member = $members[0];
+
+ print "\n\t\t<li>".$member['givenname'][0]." ".$member['sn'][0]." (".$member['mail'][0].") ";
+ print "\n\t\t\t<input type='hidden' class='group_id' value='".base64_encode($group['dn'])."'/>";
+ print "\n\t\t\t<input type='hidden' class='member_id' value='".base64_encode($memberDN)."'/>";
+ print "<button class='remove_button'>Remove</button>";
+ print "</li>";
+ }
+ print "\n\t\t</ul>";
+ print "\n\t\t<input type='text' class='new_member' size='50'/>";
+ print "\n\t\t\t<input type='hidden' class='group_id' value='".base64_encode($group['dn'])."'/>";
+ print "\n\t\t<button class='add_button'>Add</button>";
+
+ print "\n\t</fieldset>";
+
+
+ print "\n</div>";
+}
@@ -0,0 +1,30 @@
+<?php
+/**
+ * @since 8/27/09
+ * @package group_manager
+ *
+ * @copyright Copyright &copy; 2009, Middlebury College
+ * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL)
+ */
+
+// Already logged in.
+if (isset($_SESSION['user']) && strlen($_SESSION['user']))
+ forward('list');
+
+// Bind as the user and send them to the list
+if (isset($_POST['username']) && strlen($_POST['username']) && isset($_POST['password']) && strlen($_POST['password'])) {
+ $_SESSION['user'] = $ldap->bindAsUser($_POST['username'], $_POST['password']);
+ forward('list');
+}
+
+// Print out the login form.
+?>
+
+<form action="<? echo getUrl('login'); ?>" method="post">
+ <fieldset>
+ <legend>Login</legend>
+ <label>Username: <input type="text" name="username"/></label> <br/>
+ <label>Password: <input type="password" name="password"/></label> <br/>
+ <input type="submit" value="Log In"/>
+ </fieldset>
+</form>
@@ -0,0 +1,46 @@
+<?php
+/**
+ * Add a new user to a group.
+ *
+ * @since 8/28/09
+ * @package
+ *
+ * @copyright Copyright &copy; 2009, Middlebury College
+ * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL)
+ */
+
+if (!isset($_POST['group_id']) || !$_POST['group_id'])
+ throw new InvalidArgumentException("No group_id passed");
+
+$groupId = base64_decode($_POST['group_id'], true);
+if (!$groupId)
+ throw new InvalidArgumentException("Invalid group_id passed");
+
+if (!isset($_POST['user_id']) || !$_POST['user_id'])
+ throw new InvalidArgumentException("No user_id passed");
+
+$userId = base64_decode($_POST['user_id'], true);
+if (!$userId)
+ throw new InvalidArgumentException("Invalid user_id passed");
+
+
+// Verify that the current user really can manage the group.
+$groups = $ldap->read('(objectclass=group)', $groupId, array('managedby', 'member'));
+if (count($groups) != 1)
+ throw new Exception("Could not find the group specified");
+$group = $groups[0];
+if ($group['managedby'][0] != $_SESSION['user'])
+ throw new PermissionDeniedException("You are not authorized to manage this group.");
+
+// Verify that the user is not already in the group
+if (!in_array($userId, $group['member'])) {
+ throw new Exception("The user is not a member of this group.");
+}
+// Add the user.
+$ldap->delAttribute($groupId, 'member', $userId);
+
+while(ob_get_level())
+ ob_end_clean();
+header('Content-Type: text/plain');
+print "Success";
+exit;
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Search for users or groups.
+ *
+ * @since 8/28/09
+ * @package
+ *
+ * @copyright Copyright &copy; 2009, Middlebury College
+ * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL)
+ */
+
+while(ob_get_level())
+ ob_end_clean();
+
+header('Content-Type: text/plain');
+
+$q = strtolower($_GET["q"]);
+if (!$q)
+ exit;
+if (!preg_match('/^[\w@.\'_-\s]+$/i', $q))
+ exit;
+
+if (isset($_GET['limit'])) {
+ $limit = (int)$_GET['limit'];
+ $limit = max(1, $limit);
+ $limit = min(100, $limit);
+} else {
+ $limit = 20;
+}
+
+$results = $ldap->search('(ANR='.$q.')', $ldapConfig['BaseDN'], array('givenName', 'sn', 'cn', 'mail', 'objectClass'), $limit);
+foreach ($results as $entry) {
+ if (in_array('group', $entry['objectclass'])) {
+ $levels = ldap_explode_dn($entry['dn'], 1);
+ unset($levels['count']);
+ array_pop($levels);
+ array_pop($levels);
+ $levels = array_reverse($levels);
+ print implode('/', $levels);
+ } else {
+ if (isset($entry['givenname'][0]) && isset($entry['sn'][0]))
+ print $entry['givenname'][0]." ".$entry['sn'][0];
+ else if (isset($entry['cn'][0]))
+ print $entry['cn'][0];
+ else
+ continue;
+
+ if (isset($entry['mail'][0]))
+ print " (".$entry['mail'][0].")";
+ }
+
+ print "|".base64_encode($entry['dn'])."\n";
+}
+
+
+exit;
@@ -0,0 +1,20 @@
+<?php
+
+// Configure the first LDAP Server.
+$ldapConfig = array();
+$ldapConfig['LDAPHost'] = 'ad.middlebury.edu';
+$ldapConfig['LDAPPort'] = 389;
+$ldapConfig['BindDN'] = 'binduser';
+$ldapConfig['BindDNPassword'] = 'bindpassword';
+$ldapConfig['BaseDN'] = 'DC=middlebury,DC=edu';
+$ldapConfig['UserBaseDN'] = 'DC=middlebury,DC=edu';
+$ldapConfig['GroupBaseDN'] = 'OU=Groups,DC=middlebury,DC=edu';
+$ldapConfig['WritableGroupContainers'] = array(
+ 'OU=MIDD,OU=web data,DC=middlebury,DC=edu',
+ 'OU=MIIS,OU=web data,DC=middlebury,DC=edu',
+ );
+
+
+define('DISPLAY_ERROR_BACKTRACE', false);
+define('SHOW_TIMERS', true);
+define('SHOW_TIMERS_IN_OUTPUT', false);
Oops, something went wrong.

0 comments on commit 5c4910a

Please sign in to comment.