|
#--
|
|
# LdapShadows, a Medium-level LDAP Access Library and Tool.
|
|
# Copyright (c) 2009 Marc Dequènes (Duck) <Duck@DuckCorp.org>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#++
|
|
|
|
|
|
module LdapShadows
|
|
module Elements
|
|
class LdapObject < ActiveLdap::Base
|
|
include LdapElement
|
|
|
|
@relations_info = {}
|
|
|
|
class << self
|
|
attr_reader :relations_info
|
|
end
|
|
|
|
# default
|
|
ldap_mapping :prefix => '', :classes => ['top'], :scope => :sub
|
|
|
|
def handle
|
|
name = self[dn_attribute] || self.attributes[dn_attribute] || self.dn
|
|
name = name.first if name.is_a? Array
|
|
name.strip
|
|
end
|
|
|
|
def full_handle
|
|
"#{self.class.handle}/#{self.handle}"
|
|
end
|
|
|
|
def self.cast
|
|
super
|
|
|
|
ldap_mapping self.parameters[:mapping].reject {|key, val| not ActiveLdap::Base::VALID_LDAP_MAPPING_OPTIONS.include?(key)}
|
|
end
|
|
|
|
def self.cast_relations
|
|
super
|
|
|
|
object_rel = {}
|
|
object_rel.merge!(self.parameters[:relations]) if self.parameters.include?(:relations)
|
|
self.possible_aspects.each do |aspect_name|
|
|
aspect = self.shadow.get_aspect(aspect_name)
|
|
if aspect.nil?
|
|
raise PreProcessingError, _("Aspect '%s' is missing for object '%s'") % [aspect_name, self.handle]
|
|
end
|
|
object_rel.merge!(aspect.parameters[:relations])
|
|
end
|
|
return if object_rel.empty?
|
|
|
|
object_relations_info = {}
|
|
object_rel.each_pair do |field_name, rel|
|
|
foreign_klass = self.shadow.get_object(rel[:object])
|
|
if foreign_klass.nil?
|
|
raise PreProcessingError, _("Relation '%s' for object '%s' is impossible: foreign object '%s' is missing") % [field_name, self.handle, rel[:object]]
|
|
end
|
|
rel[:class_name] = foreign_klass.to_s
|
|
|
|
case rel[:type]
|
|
when 'belongs_to'
|
|
belongs_to field_name, rel.reject {|key, val| not ActiveLdap::Associations::ClassMethods::VALID_BELONGS_TO_OPTIONS.include?(key) }
|
|
when 'has_many'
|
|
has_many field_name, rel.reject {|key, val| not ActiveLdap::Associations::ClassMethods::VALID_HAS_MANY_OPTIONS.include?(key) }
|
|
else
|
|
raise "bug in '#{self.handle}' object relations (wrong type)"
|
|
end
|
|
|
|
object_relations_info[field_name] = {
|
|
:foreign_klass => foreign_klass,
|
|
:single_value => ActiveLdap::Base.schema.attribute(rel[:foreign_key]).single_value?,
|
|
:read_only => rel[:read_only] || false
|
|
}
|
|
end
|
|
instance_variable_set(:@relations_info, object_relations_info)
|
|
end
|
|
|
|
def has_field?(field)
|
|
return false if field.downcase == "objectclass"
|
|
has_attribute?(field)
|
|
end
|
|
|
|
def human_name
|
|
attr_list = ['displayName', 'cn']
|
|
name_attribute = self.class.parameters[:presentation][:name_attribute]
|
|
attr_list.unshift(name_attribute) unless name_attribute.nil?
|
|
attr_list.each do |attr|
|
|
if attr == 'dn'
|
|
return self.dn
|
|
elsif self.attribute_present?(attr)
|
|
val = self.send(attr, true)
|
|
return val[0].strip
|
|
end
|
|
end
|
|
return ""
|
|
end
|
|
|
|
def human_description
|
|
attr_list = ['description']
|
|
desc_attribute = self.class.parameters[:presentation][:desc_attribute]
|
|
attr_list.unshift(desc_attribute) unless desc_attribute.nil?
|
|
attr_list.each do |attr|
|
|
if self.attribute_present?(attr)
|
|
return self[attr].is_a?(Array) ? self[attr][0] : self[attr]
|
|
end
|
|
end
|
|
return ""
|
|
end
|
|
|
|
def possible_relations
|
|
self.associations.collect {|assoc| assoc.to_s } - ['children']
|
|
end
|
|
|
|
def relations
|
|
rel_list = self.class.parameters[:mapping][:associated_relations]
|
|
|
|
aspects.values.each do |aspect|
|
|
rel_list += aspect.parameters[:mapping][:associated_relations]
|
|
end
|
|
|
|
rel_list & possible_relations
|
|
end
|
|
|
|
def self.possible_aspects
|
|
self.parameters[:mapping][:possible_aspects].sort
|
|
end
|
|
|
|
def aspects
|
|
present_aspects = {}
|
|
self.class.possible_aspects.each do |aspect_name|
|
|
aspect = self.class.shadow.get_aspect(aspect_name)
|
|
aspect_mapping = aspect.parameters[:mapping]
|
|
present_aspects[aspect.handle] = aspect if self.classes & aspect_mapping[:classes] == aspect_mapping[:classes]
|
|
end
|
|
|
|
present_aspects
|
|
end
|
|
|
|
def organized_data
|
|
ignored_attrs = self.class.shadow.get_config[:presentation][:hidden_attributes]
|
|
ignored_attrs += self.class.parameters[:presentation][:hidden_attributes]
|
|
attr_list = self.nonempty_attributes - ignored_attrs
|
|
|
|
expert_attributes = self.class.parameters[:presentation][:expert_attributes]
|
|
admin_attributes = attr_list.select do |attr|
|
|
ActiveLdap::Base.schema.attribute(attr).operational?
|
|
end
|
|
|
|
rel_list = self.possible_relations
|
|
|
|
# first pass to take aspects forced relations into account
|
|
obj_aspects = {}
|
|
self.aspects.values.each do |aspect|
|
|
aspect_data = aspect.parameters
|
|
|
|
unless aspect_data[:mapping][:associated_attributes].empty?
|
|
taken_attr_list = aspect_data[:mapping][:associated_attributes] & (attr_list + ignored_attrs)
|
|
unless taken_attr_list.empty?
|
|
obj_aspects[aspect.handle] ||= {}
|
|
obj_aspects[aspect.handle].merge!(fetch_attributes_data(taken_attr_list, expert_attributes, admin_attributes))
|
|
attr_list -= taken_attr_list
|
|
end
|
|
end
|
|
|
|
unless aspect_data[:mapping][:associated_relations].empty?
|
|
taken_rel_list = aspect_data[:mapping][:associated_relations] & rel_list
|
|
unless taken_rel_list.empty?
|
|
obj_aspects[aspect.handle] ||= {}
|
|
obj_aspects[aspect.handle].merge!(fetch_relations_data(taken_rel_list, expert_attributes))
|
|
rel_list -= taken_rel_list
|
|
end
|
|
end
|
|
end
|
|
|
|
# manage general attributes
|
|
obj_info = {}
|
|
if self.class.parameters[:mapping][:associate_unclaimed_attributes]
|
|
taken_attr_list = attr_list
|
|
else
|
|
taken_attr_list = admin_attributes
|
|
taken_attr_list += self.class.parameters[:mapping][:associated_attributes]
|
|
taken_attr_list += self.class.possible_attributes
|
|
end
|
|
taken_attr_list = taken_attr_list.uniq & attr_list
|
|
obj_info = fetch_attributes_data(taken_attr_list, expert_attributes, admin_attributes)
|
|
attr_list -= taken_attr_list
|
|
|
|
# manage general relations
|
|
if self.class.parameters[:mapping][:associated_relations]
|
|
taken_rel_list = self.class.parameters[:mapping][:associated_relations] & rel_list
|
|
unless taken_rel_list.empty?
|
|
obj_info.merge!(fetch_relations_data(taken_rel_list, expert_attributes))
|
|
rel_list -= taken_rel_list
|
|
end
|
|
end
|
|
|
|
# second pass to dispath the remaining attributes
|
|
unless attr_list.empty?
|
|
self.aspects.values.each do |aspect|
|
|
taken_attr_list = (aspect.possible_attributes & attr_list)
|
|
obj_aspects[aspect.handle] ||= {}
|
|
obj_aspects[aspect.handle].merge!(fetch_attributes_data(taken_attr_list, expert_attributes, admin_attributes))
|
|
attr_list -= taken_attr_list
|
|
|
|
break if attr_list.empty?
|
|
end
|
|
end
|
|
|
|
[obj_info, obj_aspects]
|
|
end
|
|
|
|
def modify(key, op, val)
|
|
if key.index(":")
|
|
type, field = key.split(":")
|
|
else
|
|
type = nil
|
|
field = key
|
|
end
|
|
|
|
case type
|
|
when nil
|
|
modify_field(key, op, val)
|
|
when 'rel'
|
|
modify_relation(field, op, val)
|
|
when ''
|
|
case field
|
|
when 'aspects'
|
|
modify_aspects(op, val)
|
|
else
|
|
raise PreProcessingError, _("Unknown core field '%s'") % field
|
|
end
|
|
else
|
|
raise PreProcessingError, _("Unknown type '%s' for field '%s'") % [type, field]
|
|
end
|
|
end
|
|
|
|
def modify_field(field, op, val)
|
|
unless self.has_field?(field)
|
|
raise PreProcessingError, _("No such field '%s' in object '%s'") % [field, self.class.handle]
|
|
end
|
|
|
|
attr_info = ActiveLdap::Base.schema.attribute(field)
|
|
if attr_info.read_only?
|
|
raise PreProcessingError, _("The field '%s' cannot be modified (read only)") % field
|
|
end
|
|
|
|
if attr_info.binary?
|
|
unless File.exists?(val)
|
|
raise PreProcessingError, _("The field '%s' contains binary data, you must provide a filename instead of a direct value") % field
|
|
end
|
|
|
|
begin
|
|
val = File.read(val)
|
|
rescue
|
|
raise PreProcessingError, _("The file for the binary field '%s' cannot be read: ") % [field, $!]
|
|
end
|
|
elsif attr_info.syntax.to_param == "1.3.6.1.4.1.1466.115.121.1.12"
|
|
if val =~ /([a-zA-Z]+)\/([a-zA-Z]+)/
|
|
obj_hdl = $1.downcase
|
|
item_hdl = $2
|
|
|
|
obj_klass = self.class.shadow.get_object(obj_hdl)
|
|
raise PreProcessingError, _("No such object '%s'") % obj_hdl if obj_klass.nil?
|
|
|
|
begin
|
|
item = obj_klass.find(item_hdl, :attributes => [''])
|
|
rescue ActiveLdap::EntryNotFound
|
|
raise PreProcessingError, _("No such item '%s/%s'") % [obj_klass.handle, item_hdl]
|
|
end
|
|
|
|
val = item.dn
|
|
end
|
|
end
|
|
|
|
old_val = self.send(field, true)
|
|
|
|
# if val is nil or the latest value is removed, then the attribute is removed from the object,
|
|
case op
|
|
when '='
|
|
val = [val] if old_val.is_a? Enumerable
|
|
return false if val == old_val
|
|
|
|
self.send(field + "=", val)
|
|
|
|
when '+='
|
|
if attr_info.single_value?
|
|
raise PreProcessingError, _("The field '%s' cannot hold more than one value") % field
|
|
end
|
|
|
|
return false if old_val.include?(val)
|
|
new_val = old_val << val
|
|
self.send(field + "=", new_val)
|
|
|
|
when '-='
|
|
return false unless old_val.include?(val)
|
|
|
|
new_val = old_val - [val]
|
|
self.send(field + "=", new_val)
|
|
|
|
else
|
|
raise SyntaxError, _("Unknown operator '%s'") % op
|
|
end
|
|
|
|
true
|
|
end
|
|
|
|
def modify_relation(rel, op, val)
|
|
unless self.relations.include?(rel)
|
|
raise PreProcessingError, _("No such relation '%s' for object '%s'") % [rel, self.class.handle]
|
|
end
|
|
|
|
rel_info = self.class.relations_info[rel.to_sym]
|
|
if rel_info[:read_only]
|
|
raise PreProcessingError, _("The relation '%s' cannot be modified (read only)") % rel
|
|
end
|
|
|
|
if val.blank?
|
|
raise PreProcessingError, _("No item handle specified for relation '%s'") % rel
|
|
end
|
|
|
|
# fetch remote object in relation, which will be the real 'val'
|
|
foreign_item_list = rel_info[:foreign_klass].find(:all, val)
|
|
if foreign_item_list.empty?
|
|
raise PreProcessingError, _("Foreign item '%s' for relation '%s' not found") % [val, rel]
|
|
end
|
|
if foreign_item_list.size > 1
|
|
raise WeirdError, _("Ambiguous item '%s' for relation '%s' (%s possible items)") %
|
|
[val, rel, foreign_item_list.size]
|
|
end
|
|
|
|
old_val = self.send(rel)
|
|
val = foreign_item_list.first
|
|
|
|
# if val is nil or the latest value is removed, then the association's attribute is removed from one side
|
|
case op
|
|
when '='
|
|
val = [val] if old_val.is_a? Enumerable
|
|
self.send(rel + "=", val)
|
|
|
|
when '+='
|
|
if rel_info[:single_value]
|
|
raise PreProcessingError, _("The relation '%s' cannot hold more than one foreign item") % rel
|
|
end
|
|
|
|
return false if old_val.include?(val)
|
|
|
|
self.send(rel) << val
|
|
|
|
when '-='
|
|
return false unless old_val.include?(val)
|
|
|
|
self.send(rel).delete(val)
|
|
|
|
else
|
|
raise SyntaxError, _("Unknown operator '%s'") % op
|
|
end
|
|
|
|
true
|
|
end
|
|
|
|
def modify_aspects(op, aspect_name)
|
|
unless self.class.possible_aspects.include?(aspect_name)
|
|
raise PreProcessingError, _("No such aspect '%s' for object '%s'") % [aspect_name, self.class.handle]
|
|
end
|
|
|
|
case op
|
|
when '='
|
|
raise PreProcessingError, _("The equality operator is not possible for aspects")
|
|
|
|
when '+='
|
|
return false if self.aspects.keys.include?(aspect_name)
|
|
|
|
self.add_aspect(aspect_name)
|
|
|
|
when '-='
|
|
return false unless self.aspects.keys.include?(aspect_name)
|
|
|
|
self.remove_aspect(aspect_name)
|
|
|
|
else
|
|
raise SyntaxError, _("Unknown operator '%s'") % op
|
|
end
|
|
|
|
true
|
|
end
|
|
|
|
def add_aspect(aspect_name)
|
|
return unless self.class.possible_aspects.include?(aspect_name)
|
|
|
|
aspect_mapping = self.class.shadow.get_aspect(aspect_name).parameters[:mapping]
|
|
add_class(*aspect_mapping[:classes])
|
|
|
|
# recursive dependency enforcement
|
|
aspect_mapping[:depend_aspects].each do |dep_aspect|
|
|
add_aspect(dep_aspect)
|
|
end
|
|
end
|
|
|
|
def remove_aspect(aspect_name)
|
|
return unless self.class.possible_aspects.include?(aspect_name)
|
|
|
|
# remove reverse-depends
|
|
self.class.possible_aspects.each do |rdep_aspect_name|
|
|
if self.class.shadow.get_aspect(rdep_aspect_name).parameters[:mapping][:depend_aspects].include?(aspect_name)
|
|
remove_aspect(rdep_aspect_name)
|
|
end
|
|
end
|
|
|
|
aspect_mapping = self.class.shadow.get_aspect(aspect_name).parameters[:mapping]
|
|
remove_class(*aspect_mapping[:classes])
|
|
end
|
|
|
|
def delete(options = {})
|
|
before_delete_jobs
|
|
super(options)
|
|
after_save_jobs
|
|
end
|
|
|
|
def delete_recursive
|
|
# TODO: recursive instanciation and reverse recursive hook calls
|
|
before_delete_jobs
|
|
self.class.delete_all(nil, :scope => :sub, :base => self.dn)
|
|
after_delete_jobs
|
|
end
|
|
|
|
# cannot override create_or_update() because of alias chaining
|
|
def save
|
|
before_save_jobs
|
|
r = super
|
|
after_save_jobs
|
|
r
|
|
end
|
|
|
|
def save!
|
|
before_save_jobs
|
|
r = super
|
|
after_save_jobs
|
|
r
|
|
end
|
|
|
|
protected
|
|
|
|
def before_save_jobs
|
|
check_hooks_before(:save)
|
|
check_missing_attributes
|
|
check_password
|
|
end
|
|
|
|
def before_delete_jobs
|
|
check_hooks_before(:delete)
|
|
end
|
|
|
|
def check_hooks_before(action)
|
|
case action
|
|
when :save
|
|
if self.new_entry?
|
|
self.class.hook_before_create(self)
|
|
else
|
|
self.class.hook_before_modify(self)
|
|
end
|
|
when :delete
|
|
self.class.hook_before_delete(self)
|
|
end
|
|
|
|
# TODO: move this in the LdapAspect class
|
|
self.aspects.each do |aspect|
|
|
aklass = self.class.shadow.get_aspect(aspect)
|
|
next if aklass.nil?
|
|
|
|
case action
|
|
when :save
|
|
if self.new_entry?
|
|
aklass.hook_before_create(self)
|
|
else
|
|
aklass.hook_before_modify(self)
|
|
end
|
|
when :delete
|
|
aklass.hook_before_delete(self)
|
|
end
|
|
end
|
|
end
|
|
|
|
def check_missing_attributes
|
|
missing_fields = self.missing_attributes
|
|
unless missing_fields.empty?
|
|
miss_str = []
|
|
missing_fields.each do |field|
|
|
str = Translator.translate_field_name(field)
|
|
str += " [#{field}]" if $program_options[:handles]
|
|
miss_str << str
|
|
end
|
|
raise PreProcessingError, _("Cannot save the item; the following fields are missing: %s") %
|
|
miss_str.join(", ")
|
|
end
|
|
end
|
|
|
|
def check_password
|
|
return unless self.modified_attributes([:replace], true).include? 'userPassword'
|
|
|
|
hash_func = self.class.config.global_config[:password_hash]
|
|
return if hash_func.nil?
|
|
|
|
self.userPassword = ActiveLdap::UserPassword.send(hash_func, self.userPassword)
|
|
end
|
|
|
|
def after_save_jobs
|
|
check_hooks_after(:save)
|
|
end
|
|
|
|
def after_delete_jobs
|
|
check_hooks_after(:delete)
|
|
end
|
|
|
|
def check_hooks_after(action)
|
|
# TODO: move this in the LdapAspect class
|
|
self.aspects.each do |aspect|
|
|
aklass = self.class.shadow.get_aspect(aspect)
|
|
next if aklass.nil?
|
|
|
|
case action
|
|
when :save
|
|
if self.new_entry?
|
|
aklass.hook_after_create(self)
|
|
else
|
|
aklass.hook_after_modify(self)
|
|
end
|
|
when :delete
|
|
aklass.hook_after_delete(self)
|
|
end
|
|
end
|
|
|
|
case action
|
|
when :save
|
|
if self.new_entry?
|
|
self.class.hook_after_create(self)
|
|
else
|
|
self.class.hook_after_modify(self)
|
|
end
|
|
when :delete
|
|
self.class.hook_after_delete(self)
|
|
end
|
|
end
|
|
|
|
def fetch_attributes_data(attr_list, expert_attributes, admin_attributes)
|
|
attr_data = self.attributes.collect do |key, val|
|
|
if attr_list.include?(key)
|
|
attr_info = ActiveLdap::Base.schema.attribute(key)
|
|
[key, {
|
|
:syntax => attr_info.syntax.to_param,
|
|
:value => val,
|
|
:multiple => (val.is_a?(Array) ? val.size : 1),
|
|
:expert => expert_attributes.include?(key),
|
|
:admin => admin_attributes.include?(key),
|
|
:binary => attr_info.binary?
|
|
}]
|
|
else
|
|
nil
|
|
end
|
|
end
|
|
Hash[attr_data.compact]
|
|
end
|
|
|
|
def fetch_relations_data(rel_list, expert_attributes)
|
|
rel_data = rel_list.collect do |rel|
|
|
data = self.send(rel)
|
|
if data.is_a? Enumerable
|
|
if data.empty?
|
|
value = nil
|
|
else
|
|
value = data.collect{|g| g.handle }
|
|
multiple = true
|
|
end
|
|
else
|
|
# the exists? method also ensure the object is loaded
|
|
if data.exists?
|
|
value = data.handle
|
|
else
|
|
value = nil
|
|
end
|
|
multiple = false
|
|
end
|
|
|
|
if value.nil?
|
|
nil
|
|
else
|
|
rel_key = "rel:" + rel
|
|
[rel_key, {
|
|
:syntax => nil,
|
|
:value => value,
|
|
:multiple => multiple,
|
|
:expert => expert_attributes.include?(rel_key),
|
|
:admin => false,
|
|
:binary => false
|
|
}]
|
|
end
|
|
end
|
|
Hash[rel_data.compact]
|
|
end
|
|
end
|
|
end
|
|
end
|