Project

General

Profile

Download (21.7 KB) Statistics
| Branch: | Tag: | Revision:

root/lib/ldap_shadows/elements/object.rb @ 5b1a6342

#--
# LdapShadows, a Medium-level LDAP Access Library and Tool.
# Copyright (c) 2009 Marc Dequènes (Duck) <Duck@DuckCorp.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++


module LdapShadows
module Elements
class LdapObject < ActiveLdap::Base
include LdapElement

@relations_info = {}

class << self
attr_reader :relations_info
end

# default
ldap_mapping :prefix => '', :classes => ['top'], :scope => :sub

def handle
name = self[dn_attribute] || self.attributes[dn_attribute] || self.dn
name = name.first if name.is_a? Array
name.strip
end

def full_handle
"#{self.class.handle}/#{self.handle}"
end

def self.cast
super

ldap_mapping self.parameters[:mapping]
end

def self.cast_relations
super

object_rel = {}
object_rel.merge!(self.parameters[:relations]) if self.parameters.include?(:relations)
self.parameters[:presentation][:allowed_aspects].each do |aspect_name|
aspect = self.shadow.get_aspect(aspect_name)
if aspect.nil?
raise PreProcessingError, _("Aspect '%s' is missing for object '%s'") % [aspect_name, self.handle]
end
object_rel.merge!(aspect.parameters[:relations])
end
return if object_rel.empty?

object_relations_info = {}
object_rel.each_pair do |field_name, rel|
foreign_klass = self.shadow.get_object(rel[:object])
if foreign_klass.nil?
raise PreProcessingError, _("Relation '%s' for object '%s' is impossible: foreign object '%s' is missing") % [field_name, self.handle, rel[:object]]
end
rel[:class_name] = foreign_klass.to_s

case rel[:type]
when 'belongs_to'
belongs_to field_name, rel.reject {|key, val| not ActiveLdap::Associations::ClassMethods::VALID_BELONGS_TO_OPTIONS.include?(key) }
when 'has_many'
has_many field_name, rel.reject {|key, val| not ActiveLdap::Associations::ClassMethods::VALID_HAS_MANY_OPTIONS.include?(key) }
else
raise "bug in '#{self.handle}' object relations (wrong type)"
end

object_relations_info[field_name] = {
:foreign_klass => foreign_klass,
:single_value => ActiveLdap::Base.schema.attribute(rel[:foreign_key]).single_value?,
:read_only => rel[:read_only] || false
}
end
instance_variable_set(:@relations_info, object_relations_info)
end

def has_field?(field)
return false if field.downcase == "objectclass"
has_attribute?(field)
end

def human_name
attr_list = ['displayName', 'cn']
name_attribute = self.class.parameters[:presentation][:name_attribute]
attr_list.unshift(name_attribute) unless name_attribute.nil?
attr_list.each do |attr|
if attr == 'dn'
return self.dn
elsif self.attribute_present?(attr)
val = self.send(attr, true)
return val[0].strip
end
end
return ""
end

def human_description
attr_list = ['description']
desc_attribute = self.class.parameters[:presentation][:desc_attribute]
attr_list.unshift(desc_attribute) unless desc_attribute.nil?
attr_list.each do |attr|
if self.attribute_present?(attr)
return self[attr].is_a?(Array) ? self[attr][0] : self[attr]
end
end
return ""
end

def possible_relations
self.associations.collect {|assoc| assoc.to_s } - ['children']
end

def relations
rel_list = []

rel_list += self.class.parameters[:presentation][:associated_relations] if self.class.parameters[:presentation][:associated_relations]

aspects.values.each do |aspect|
rel_list += aspect.parameters[:presentation][:associated_relations]
end

rel_list & possible_relations
end

def self.possible_aspects
self.parameters[:presentation][:allowed_aspects].collect{|key| key.to_s }.sort
end

def aspects
present_aspects = {}
self.class.parameters[:presentation][:allowed_aspects].each do |aspect_name|
aspect = self.class.shadow.get_aspect(aspect_name)
aspect_mapping = aspect.parameters[:mapping]
present_aspects[aspect.handle] = aspect if self.classes & aspect_mapping[:classes] == aspect_mapping[:classes]
end

present_aspects
end

def info_for_relation(rel)
return nil unless self.relations.include?(rel)

self.class.relations_info[rel.to_sym]
end

def organized_data
ignored_attrs = self.class.shadow.get_config[:presentation][:hidden_attributes]
ignored_attrs += self.class.parameters[:presentation][:hidden_attributes]
attr_list = self.nonempty_attributes - ignored_attrs

expert_attributes = self.class.parameters[:presentation][:expert_attributes]
admin_attributes = attr_list.select do |attr|
ActiveLdap::Base.schema.attribute(attr).operational?
end

rel_list = self.possible_relations

# first pass to take aspects forced relations into account
obj_aspects = {}
self.aspects.values.each do |aspect|
aspect_data = aspect.parameters

unless aspect_data[:presentation][:associated_attributes].empty?
taken_attr_list = aspect_data[:presentation][:associated_attributes] & (attr_list + ignored_attrs)
unless taken_attr_list.empty?
obj_aspects[aspect.handle] ||= {}
obj_aspects[aspect.handle].merge!(fetch_attributes_data(taken_attr_list, expert_attributes, admin_attributes))
attr_list -= taken_attr_list
end
end

unless aspect_data[:presentation][:associated_relations].empty?
taken_rel_list = aspect_data[:presentation][:associated_relations] & rel_list
unless taken_rel_list.empty?
obj_aspects[aspect.handle] ||= {}
obj_aspects[aspect.handle].merge!(fetch_relations_data(taken_rel_list, expert_attributes))
rel_list -= taken_rel_list
end
end
end

# manage general attributes
obj_info = {}
if self.class.parameters[:presentation][:associate_unclaimed_attributes]
taken_attr_list = attr_list
else
taken_attr_list = admin_attributes
taken_attr_list += self.class.parameters[:presentation][:associated_attributes]
taken_attr_list += self.class.possible_attributes
end
taken_attr_list = taken_attr_list.uniq & attr_list
obj_info = fetch_attributes_data(taken_attr_list, expert_attributes, admin_attributes)
attr_list -= taken_attr_list

# manage general relations
if self.class.parameters[:presentation][:associated_relations]
taken_rel_list = self.class.parameters[:presentation][:associated_relations] & rel_list
unless taken_rel_list.empty?
obj_info.merge!(fetch_relations_data(taken_rel_list, expert_attributes))
rel_list -= taken_rel_list
end
end

# second pass to dispath the remaining attributes
unless attr_list.empty?
self.aspects.values.each do |aspect|
taken_attr_list = (aspect.possible_attributes & attr_list)
obj_aspects[aspect.handle] ||= {}
obj_aspects[aspect.handle].merge!(fetch_attributes_data(taken_attr_list, expert_attributes, admin_attributes))
attr_list -= taken_attr_list

break if attr_list.empty?
end
end

[obj_info, obj_aspects]
end

def item_modify_from_string(str)
unless str =~ /^([a-zA-Z]*(?::[a-zA-Z]+)?)(=|\+=|-=)(.*)$/
raise SyntaxError, _("modification parameter '%s' is invalid") % str
end
key = $1
op = $2
val = $3

item_modify(key, op, val)
end

def item_modify(key, op, val)
if key.index(":")
type, field = key.split(":")
else
type = nil
field = key
end

case type
when nil
item_modify_field(key, op, val)
when 'rel'
item_modify_relation(field, op, val)
when ''
case field
when 'aspects'
item_modify_aspects(op, val)
else
raise PreProcessingError, _("Unknown core field '%s'") % field
end
else
raise PreProcessingError, _("Unknown type '%s' for field '%s'") % [type, field]
end
end

def item_modify_field(field, op, val)
unless self.has_field?(field)
raise PreProcessingError, _("No such field '%s' in object '%s'") % [field, self.class.handle]
end

attr_info = ActiveLdap::Base.schema.attribute(field)
if attr_info.read_only?
raise PreProcessingError, _("The field '%s' cannot be modified (read only)") % field
end

if attr_info.binary?
unless File.exists?(val)
raise PreProcessingError, _("The field '%s' contains binary data, you must provide a filename instead of a direct value") % field
end

begin
val = File.read(val)
rescue
raise PreProcessingError, _("The file for the binary field '%s' cannot be read: ") % [field, $!]
end
end

old_val = self.send(field, true)

# if val is nil or the latest value is removed, then the attribute is removed from the object,
case op
when '='
val = [val] if old_val.is_a? Enumerable
return false if val == old_val

self.send(field + "=", val)

when '+='
if attr_info.single_value?
raise PreProcessingError, _("The field '%s' cannot hold more than one value") % field
end

return false if old_val.include?(val)
new_val = old_val << val
self.send(field + "=", new_val)

when '-='
return false unless old_val.include?(val)

new_val = old_val - [val]
self.send(field + "=", new_val)

else
raise SyntaxError, _("Unknown operator '%s'") % op
end

true
end

def item_modify_relation(rel, op, val)
unless self.relations.include?(rel)
raise PreProcessingError, _("No such relation '%s' for object '%s'") % [rel, self.class.handle]
end

rel_info = self.info_for_relation(rel)
if rel_info[:read_only]
raise PreProcessingError, _("The relation '%s' cannot be modified (read only)") % rel
end

# fetch remote object in relation, which will be the real 'val'
foreign_item_list = rel_info[:foreign_klass].find(:all, val)
if foreign_item_list.empty?
raise PreProcessingError, _("Foreign item '%s' for relation '%s' not found") % [val, rel]
end
if foreign_item_list.size > 1
raise WeirdError, _("Ambiguous item '%s' for relation '%s' (%s possible items)") %
[val, rel, foreign_item_list.size]
end

old_val = self.send(rel)
val = foreign_item_list.first

# if val is nil or the latest value is removed, then the association's attribute is removed from one side
case op
when '='
val = [val] if old_val.is_a? Enumerable
self.send(rel + "=", val)

when '+='
if rel_info[:single_value]
raise PreProcessingError, _("The relation '%s' cannot hold more than one foreign item") % rel
end

return false if old_val.include?(val)

self.send(rel) << val

when '-='
return false unless old_val.include?(val)

self.send(rel).delete(val)

else
raise SyntaxError, _("Unknown operator '%s'") % op
end

true
end

def item_modify_aspects(op, aspect_name)
unless self.class.possible_aspects.include?(aspect_name)
raise PreProcessingError, _("No such aspect '%s' for object '%s'") % [aspect_name, self.class.handle]
end

case op
when '='
raise PreProcessingError, _("The equality operator is not possible for aspects")

when '+='
return false if self.aspects.keys.include?(aspect)

self.add_aspect(aspect)

when '-='
return false unless self.aspects.keys.include?(aspect)

self.remove_aspect(aspect)

else
raise SyntaxError, _("Unknown operator '%s'") % op
end

true
end

def self.items_find_from_strings(shadow, str_list)
ldap_search_objects = "(objectClass=*)"
ldap_search_aspects = ""
ldap_search_fields = []
str_list.each do |str|
unless str =~ /^([a-zA-Z]*(?::[a-zA-Z]+)?)(=|~=)(.*)$/
raise SyntaxError, _("search parameter '%s' is invalid") % str
end
key = $1
op = $2
val = $3

if key.index(":")
type, field = key.split(":")
else
type = nil
field = key
end

case type
when nil
ldap_search_fields << ldap_search_string_field(field, op, val)
when 'rel'
raise PreProcessingError, _("Searching relations is not implemented yet")
when ''
case field
when 'objects'
ldap_search_objects = ldap_search_string_objects(shadow, field, op, val)
when 'aspects'
ldap_search_aspects = ldap_search_string_aspects(shadow, field, op, val)
else
raise PreProcessingError, _("Unknown core field '%s'") % field
end
else
raise PreProcessingError, _("Unknown type '%s' for field '%s'") % [type, field]
end
end
ldap_search_string = "(&" + ldap_search_objects + ldap_search_aspects + ldap_search_fields.join + ")"

LdapObject.find(:all, :scope => :sub, :filter => ldap_search_string, :attributes => ["objectClass"])
end

def self.ldap_search_string_field(field, op, val)
esc_val = self.connection.escape_filter_value(val)
case op
when "="
"(#{field}=#{esc_val})"

when "~="
raise PreProcessingError, _("Searching with regex is not implemented yet")

else
raise SyntaxError, _("Unknown operator '%s'") % op
end
end

def self.ldap_search_string_objects(shadow, field, op, val_list)
ldap_search_parts = val_list.split(",").collect do |val|
obj_hdl = val.downcase.singularize
obj_klass = shadow.get_object(obj_hdl)
raise PreProcessingError, _("No such object '%s'") % val if obj_klass.nil?

ldap_classes = obj_klass.required_classes

case op
when "="
"(&" + ldap_classes.collect{|cl| "(objectClass=#{cl})" }.join + ")"

when "~="
raise PreProcessingError, _("Searching with regex is not possible with objects")

else
raise SyntaxError, _("Unknown operator '%s'") % op
end
end
"(|" + ldap_search_parts.join + ")"
end

def self.ldap_search_string_aspects(shadow, field, op, val_list)
ldap_search_parts = val_list.split(",").collect do |val|
aspect = shadow.get_aspect(val)
raise PreProcessingError, _("No such aspect '%s'") % val if aspect.nil?

ldap_classes = aspect.parameters[:mapping][:classes]

case op
when "="
"(&" + ldap_classes.collect{|cl| "(objectClass=#{cl})" }.join + ")"

when "~="
raise PreProcessingError, _("Searching with regex is not possible with aspects")

else
raise SyntaxError, _("Unknown operator '%s'") % op
end
end
"(&" + ldap_search_parts.join + ")"
end

def self.find_raw_item_object(shadow, raw_item)
# easy case
base_obj_klass = LdapShadows::Elements::LdapObject
if raw_item.class != base_obj_klass and raw_item.class.ancestors.include?(base_obj_klass)
return raw_item.class.handle
end

shadow.objects.each do |obj_hdl|
obj_klass = shadow.get_object(obj_hdl)
ldap_classes = obj_klass.required_classes
return obj_hdl if raw_item.classes & ldap_classes == ldap_classes
end
nil
end

def self.raw_item_info(shadow, raw_item)
obj_hdl = self.find_raw_item_object(shadow, raw_item)
if obj_hdl
obj_klass = shadow.get_object(obj_hdl)
item = obj_klass.new(raw_item.dn)
{:name => item.full_handle, :item => item, :object => obj_klass}
else
{:name => "unknown/#{raw_item.dn}"}
end
end

def add_aspect(aspect_name)
return unless self.class.possible_aspects.include?(aspect_name)

aspect_mapping = self.class.shadow.get_aspect(aspect_name).parameters[:mapping]
add_class(*aspect_mapping[:classes])

# recursive dependency enforcement
aspect_mapping[:depend_aspects].each do |dep_aspect|
add_aspect(dep_aspect)
end
end

def remove_aspect(aspect_name)
return unless self.class.possible_aspects.include?(aspect_name)

aspect_mapping = self.class.shadow.get_aspect(aspect_name).parameters[:mapping]
remove_class(*aspect_mapping[:classes])
end

def delete(options = {})
before_delete_jobs
super(options)
after_save_jobs
end

def delete_recursive
# TODO: recursive instanciation and reverse recursive hook calls
before_delete_jobs
self.class.delete_all(nil, :scope => :sub, :base => self.dn)
after_delete_jobs
end

# cannot override create_or_update() because of alias chaining
def save
before_save_jobs
r = super
after_save_jobs
r
end

def save!
before_save_jobs
r = super
after_save_jobs
r
end

protected

def before_save_jobs
check_hooks_before(:save)
check_missing_attributes
check_password
end

def before_delete_jobs
check_hooks_before(:delete)
end

def check_hooks_before(action)
case action
when :save
if self.new_entry?
self.class.hook_before_create(self)
else
self.class.hook_before_modify(self)
end
when :delete
self.class.hook_before_delete(self)
end

# TODO: move this in the LdapAspect class
self.aspects.each do |aspect|
aklass = self.class.shadow.get_aspect(aspect)
next if aklass.nil?

case action
when :save
if self.new_entry?
aklass.hook_before_create(self)
else
aklass.hook_before_modify(self)
end
when :delete
aklass.hook_before_delete(self)
end
end
end

def check_missing_attributes
missing_fields = self.missing_attributes
unless missing_fields.empty?
miss_str = []
missing_fields.each do |field|
str = Translator.translate_field_name(field)
str += " [#{field}]" if $program_options[:handles]
miss_str << str
end
raise PreProcessingError, _("Cannot save the item; the following fields are missing: %s") %
miss_str.join(", ")
end
end

def check_password
return unless self.modified_attributes([:replace], true).include? 'userPassword'

hash_func = self.class.config.global_config[:password_hash]
return if hash_func.nil?

self.userPassword = ActiveLdap::UserPassword.send(hash_func, self.userPassword)
end

def after_save_jobs
check_hooks_after(:save)
end

def after_delete_jobs
check_hooks_after(:delete)
end

def check_hooks_after(action)
# TODO: move this in the LdapAspect class
self.aspects.each do |aspect|
aklass = self.class.shadow.get_aspect(aspect)
next if aklass.nil?

case action
when :save
if self.new_entry?
aklass.hook_after_create(self)
else
aklass.hook_after_modify(self)
end
when :delete
aklass.hook_after_delete(self)
end
end

case action
when :save
if self.new_entry?
self.class.hook_after_create(self)
else
self.class.hook_after_modify(self)
end
when :delete
self.class.hook_after_delete(self)
end
end

def fetch_attributes_data(attr_list, expert_attributes, admin_attributes)
attr_data = self.attributes.collect do |key, val|
if attr_list.include?(key)
[key, {
:value => val,
:multiple => (val.is_a?(Array) ? val.size : 1),
:expert => expert_attributes.include?(key),
:admin => admin_attributes.include?(key),
:binary => ActiveLdap::Base.schema.attribute(key).binary?
}]
else
nil
end
end
Hash[attr_data.compact]
end

def fetch_relations_data(rel_list, expert_attributes)
rel_data = rel_list.collect do |rel|
data = self.send(rel)
if data.is_a? Enumerable
if data.empty?
value = nil
else
value = data.collect{|g| g.handle }
multiple = true
end
else
# the exists? method also ensure the object is loaded
if data.exists?
value = data.handle
else
value = nil
end
multiple = false
end

if value.nil?
nil
else
rel_key = "rel:" + rel
[rel_key, {
:value => value,
:multiple => multiple,
:expert => expert_attributes.include?(rel_key),
:admin => false,
:binary => false
}]
end
end
Hash[rel_data.compact]
end
end
end
end
(2-2/2)