-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial brain dump. Adding and removing users from groups works.
- Loading branch information
0 parents
commit 5c4910a
Showing
28 changed files
with
6,558 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<?php | ||
/** | ||
* Add a new user to a group. | ||
* | ||
* @since 8/28/09 | ||
* @package | ||
* | ||
* @copyright Copyright © 2009, Middlebury College | ||
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL) | ||
*/ | ||
|
||
if (!isset($_POST['group_id']) || !$_POST['group_id']) | ||
throw new InvalidArgumentException("No group_id passed"); | ||
|
||
$groupId = base64_decode($_POST['group_id'], true); | ||
if (!$groupId) | ||
throw new InvalidArgumentException("Invalid group_id passed"); | ||
|
||
if (!isset($_POST['user_id']) || !$_POST['user_id']) | ||
throw new InvalidArgumentException("No user_id passed"); | ||
|
||
$userId = base64_decode($_POST['user_id'], true); | ||
if (!$userId) | ||
throw new InvalidArgumentException("Invalid user_id passed"); | ||
|
||
|
||
// Verify that the current user really can manage the group. | ||
$groups = $ldap->read('(objectclass=group)', $groupId, array('managedby', 'member')); | ||
if (count($groups) != 1) | ||
throw new Exception("Could not find the group specified"); | ||
$group = $groups[0]; | ||
if ($group['managedby'][0] != $_SESSION['user']) | ||
throw new PermissionDeniedException("You are not authorized to manage this group."); | ||
|
||
// Verify that the user is not already in the group | ||
if (in_array($userId, $group['member'])) | ||
throw new Exception("The user is already a member of this group."); | ||
|
||
// Add the user. | ||
$ldap->addAttribute($groupId, 'member', $userId); | ||
|
||
while(ob_get_level()) | ||
ob_end_clean(); | ||
header('Content-Type: text/plain'); | ||
print "Success"; | ||
exit; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<ul class='menu'> | ||
<li>My Groups</li> | ||
<li><a href="<?php echo getUrl('list_web'); ?>">All Web Groups</a></li> | ||
<li><a href="<?php echo getUrl('list_all'); ?>">All Groups</a></li> | ||
</ul> | ||
|
||
<?php | ||
$groups = array(); | ||
foreach ($ldapConfig['WritableGroupContainers'] as $baseDN) { | ||
$query = '(objectClass=group)'; | ||
$groups = array_merge($groups, $ldap->search($query, $baseDN, array('cn', 'managedby', 'member'))); | ||
} | ||
|
||
// Filter on ones managed by the current user | ||
foreach ($groups as $key => $group) { | ||
if ($group['managedby'][0] != $_SESSION['user']) | ||
unset($groups[$key]); | ||
} | ||
$groups = array_values($groups); | ||
|
||
foreach ($groups as $group) { | ||
$levels = ldap_explode_dn($group['dn'], 1); | ||
unset($levels['count']); | ||
array_pop($levels); | ||
array_pop($levels); | ||
$levels = array_reverse($levels); | ||
|
||
print "\n<div class='group'>"; | ||
// print "\n\t<h2>".$group['cn'][0]."</h2>"; | ||
// print "\n\t<h2>".implode('/', $levels)."</h2>"; | ||
|
||
// print "\n\t<fieldset class='location'>\n\t\t<legend>Location</legend>"; | ||
// foreach ($levels as $level) | ||
// print "\n\t<ul>\n\t<li>".$level." <br/>"; | ||
// foreach ($levels as $level) | ||
// print "\n\t</li>\n\t</ul>"; | ||
// print "\n\t</fieldset>"; | ||
|
||
print "\n\t<fieldset class='members'>\n\t\t<legend>".implode(' / ', $levels)."</legend>"; | ||
print "\n\t\t<ul>"; | ||
sort ($group['member']); | ||
foreach ($group['member'] as $memberDN) { | ||
$members = $ldap->read('(objectclass=*)', $memberDN, array('givenName', 'sn', 'mail')); | ||
$member = $members[0]; | ||
|
||
print "\n\t\t<li>".$member['givenname'][0]." ".$member['sn'][0]." (".$member['mail'][0].") "; | ||
print "\n\t\t\t<input type='hidden' class='group_id' value='".base64_encode($group['dn'])."'/>"; | ||
print "\n\t\t\t<input type='hidden' class='member_id' value='".base64_encode($memberDN)."'/>"; | ||
print "<button class='remove_button'>Remove</button>"; | ||
print "</li>"; | ||
} | ||
print "\n\t\t</ul>"; | ||
print "\n\t\t<input type='text' class='new_member' size='50'/>"; | ||
print "\n\t\t\t<input type='hidden' class='group_id' value='".base64_encode($group['dn'])."'/>"; | ||
print "\n\t\t<button class='add_button'>Add</button>"; | ||
|
||
print "\n\t</fieldset>"; | ||
|
||
|
||
print "\n</div>"; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<?php | ||
/** | ||
* @since 8/27/09 | ||
* @package group_manager | ||
* | ||
* @copyright Copyright © 2009, Middlebury College | ||
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL) | ||
*/ | ||
|
||
// Already logged in. | ||
if (isset($_SESSION['user']) && strlen($_SESSION['user'])) | ||
forward('list'); | ||
|
||
// Bind as the user and send them to the list | ||
if (isset($_POST['username']) && strlen($_POST['username']) && isset($_POST['password']) && strlen($_POST['password'])) { | ||
$_SESSION['user'] = $ldap->bindAsUser($_POST['username'], $_POST['password']); | ||
forward('list'); | ||
} | ||
|
||
// Print out the login form. | ||
?> | ||
|
||
<form action="<? echo getUrl('login'); ?>" method="post"> | ||
<fieldset> | ||
<legend>Login</legend> | ||
<label>Username: <input type="text" name="username"/></label> <br/> | ||
<label>Password: <input type="password" name="password"/></label> <br/> | ||
<input type="submit" value="Log In"/> | ||
</fieldset> | ||
</form> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<?php | ||
/** | ||
* Add a new user to a group. | ||
* | ||
* @since 8/28/09 | ||
* @package | ||
* | ||
* @copyright Copyright © 2009, Middlebury College | ||
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL) | ||
*/ | ||
|
||
if (!isset($_POST['group_id']) || !$_POST['group_id']) | ||
throw new InvalidArgumentException("No group_id passed"); | ||
|
||
$groupId = base64_decode($_POST['group_id'], true); | ||
if (!$groupId) | ||
throw new InvalidArgumentException("Invalid group_id passed"); | ||
|
||
if (!isset($_POST['user_id']) || !$_POST['user_id']) | ||
throw new InvalidArgumentException("No user_id passed"); | ||
|
||
$userId = base64_decode($_POST['user_id'], true); | ||
if (!$userId) | ||
throw new InvalidArgumentException("Invalid user_id passed"); | ||
|
||
|
||
// Verify that the current user really can manage the group. | ||
$groups = $ldap->read('(objectclass=group)', $groupId, array('managedby', 'member')); | ||
if (count($groups) != 1) | ||
throw new Exception("Could not find the group specified"); | ||
$group = $groups[0]; | ||
if ($group['managedby'][0] != $_SESSION['user']) | ||
throw new PermissionDeniedException("You are not authorized to manage this group."); | ||
|
||
// Verify that the user is not already in the group | ||
if (!in_array($userId, $group['member'])) { | ||
throw new Exception("The user is not a member of this group."); | ||
} | ||
// Add the user. | ||
$ldap->delAttribute($groupId, 'member', $userId); | ||
|
||
while(ob_get_level()) | ||
ob_end_clean(); | ||
header('Content-Type: text/plain'); | ||
print "Success"; | ||
exit; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
<?php | ||
/** | ||
* Search for users or groups. | ||
* | ||
* @since 8/28/09 | ||
* @package | ||
* | ||
* @copyright Copyright © 2009, Middlebury College | ||
* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License (GPL) | ||
*/ | ||
|
||
while(ob_get_level()) | ||
ob_end_clean(); | ||
|
||
header('Content-Type: text/plain'); | ||
|
||
$q = strtolower($_GET["q"]); | ||
if (!$q) | ||
exit; | ||
if (!preg_match('/^[\w@.\'_-\s]+$/i', $q)) | ||
exit; | ||
|
||
if (isset($_GET['limit'])) { | ||
$limit = (int)$_GET['limit']; | ||
$limit = max(1, $limit); | ||
$limit = min(100, $limit); | ||
} else { | ||
$limit = 20; | ||
} | ||
|
||
$results = $ldap->search('(ANR='.$q.')', $ldapConfig['BaseDN'], array('givenName', 'sn', 'cn', 'mail', 'objectClass'), $limit); | ||
foreach ($results as $entry) { | ||
if (in_array('group', $entry['objectclass'])) { | ||
$levels = ldap_explode_dn($entry['dn'], 1); | ||
unset($levels['count']); | ||
array_pop($levels); | ||
array_pop($levels); | ||
$levels = array_reverse($levels); | ||
print implode('/', $levels); | ||
} else { | ||
if (isset($entry['givenname'][0]) && isset($entry['sn'][0])) | ||
print $entry['givenname'][0]." ".$entry['sn'][0]; | ||
else if (isset($entry['cn'][0])) | ||
print $entry['cn'][0]; | ||
else | ||
continue; | ||
|
||
if (isset($entry['mail'][0])) | ||
print " (".$entry['mail'][0].")"; | ||
} | ||
|
||
print "|".base64_encode($entry['dn'])."\n"; | ||
} | ||
|
||
|
||
exit; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<?php | ||
|
||
// Configure the first LDAP Server. | ||
$ldapConfig = array(); | ||
$ldapConfig['LDAPHost'] = 'ad.middlebury.edu'; | ||
$ldapConfig['LDAPPort'] = 389; | ||
$ldapConfig['BindDN'] = 'binduser'; | ||
$ldapConfig['BindDNPassword'] = 'bindpassword'; | ||
$ldapConfig['BaseDN'] = 'DC=middlebury,DC=edu'; | ||
$ldapConfig['UserBaseDN'] = 'DC=middlebury,DC=edu'; | ||
$ldapConfig['GroupBaseDN'] = 'OU=Groups,DC=middlebury,DC=edu'; | ||
$ldapConfig['WritableGroupContainers'] = array( | ||
'OU=MIDD,OU=web data,DC=middlebury,DC=edu', | ||
'OU=MIIS,OU=web data,DC=middlebury,DC=edu', | ||
); | ||
|
||
|
||
define('DISPLAY_ERROR_BACKTRACE', false); | ||
define('SHOW_TIMERS', true); | ||
define('SHOW_TIMERS_IN_OUTPUT', false); |
Oops, something went wrong.