/**
* creates the initial folder for new accounts
*
* @param mixed[int|Tinebase_Model_User] $_account the accountd object
* @return Tinebase_Record_RecordSet of subtype Tinebase_Model_Container
*/
public function createPersonalFolder($_accountId)
{
$translation = Tinebase_Translation::getTranslation('Webconference');
$accountId = Tinebase_Model_User::convertUserIdToInt($_accountId);
$account = Tinebase_User::getInstance()->getUserById($accountId);
$newContainer = new Tinebase_Model_Container(array('name' => sprintf($translation->_("%s's personal example records"), $account->accountFullName), 'type' => Tinebase_Model_Container::TYPE_PERSONAL, 'backend' => 'Sql', 'application_id' => Tinebase_Application::getInstance()->getApplicationByName('Webconference')->getId()));
$personalContainer = Tinebase_Container::getInstance()->addContainer($newContainer, NULL, FALSE, $accountId);
$container = new Tinebase_Record_RecordSet('Tinebase_Model_Container', array($personalContainer));
return $container;
}
/**
* check grant for action (CRUD)
*
* @param Tinebase_Record_Interface $_record
* @param string $_action
* @param boolean $_throw
* @param string $_errorMessage
* @param Tinebase_Record_Interface $_oldRecord
* @return boolean
* @throws Tinebase_Exception_AccessDenied
*
* @todo use this function in other create + update functions
* @todo invent concept for simple adding of grants (plugins?)
*/
protected function _checkGrant($_record, $_action, $_throw = TRUE, $_errorMessage = 'No Permission.', $_oldRecord = NULL)
{
if (!$this->_doContainerACLChecks || $_record->container_id && $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_ADMIN)) {
return TRUE;
}
switch ($_action) {
case 'get':
// NOTE: free/busy is not a read grant!
$hasGrant = $_record->hasGrant(Tinebase_Model_Grants::GRANT_READ);
if (!$hasGrant) {
$_record->doFreeBusyCleanup();
}
break;
case 'create':
$hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_ADD);
break;
case 'update':
$hasGrant = (bool) $_record->hasGrant(Tinebase_Model_Grants::GRANT_EDIT);
break;
case 'delete':
$hasGrant = (bool) $_record->hasGrant(Tinebase_Model_Grants::GRANT_DELETE);
break;
case 'sync':
$hasGrant = (bool) $_record->hasGrant(Tinebase_Model_Grants::GRANT_SYNC);
break;
case 'export':
$hasGrant = (bool) $_record->hasGrant(Tinebase_Model_Grants::GRANT_EXPORT);
break;
}
if (!$hasGrant) {
if ($_throw) {
throw new Tinebase_Exception_AccessDenied($_errorMessage);
} else {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . 'No permissions to ' . $_action . ' in container ' . $_record->container_id);
}
}
}
return $hasGrant;
}
/**
* append accountfilter
*
* @param Zend_Db_Select $select
* @param Tinebase_Backend_Sql_Abstract $backend
* @param Tinebase_Model_User $user
*/
protected function _appendAccountFilter($select, $backend, $user)
{
$accountIdFilter = $this->_findFilter('account_id');
$userId = $user->getId();
// set user account id as filter
if ($accountIdFilter === null) {
$accountIdFilter = $this->createFilter('account_id', 'equals', $userId);
$this->addFilter($accountIdFilter);
} else {
$accountIdFilter->setValue($userId);
}
$groupSelect = new Tinebase_Backend_Sql_Filter_GroupSelect($select);
$db = $backend->getAdapter();
$accountIdFilter->appendFilterSql($groupSelect, $backend);
$groupSelect->orWhere($db->quoteIdentifier('filter.account_id') . ' IS NULL');
$groupSelect->appendWhere(Zend_Db_Select::SQL_AND);
$this->removeFilter('account_id');
}
/**
* returns SQL condition for implicit grants
*
* @param string $_requiredGrant
* @param Tinebase_Model_User $_user (defaults to current user)
* @return string
*/
protected function _getImplicitGrantCondition($_requiredGrant, $_user = NULL)
{
$accountId = $_user ? $_user->getId() : Tinebase_Core::getUser()->getId();
$contactId = $_user ? $_user->contact_id : Tinebase_Core::getUser()->contact_id;
// delte grant couldn't be gained implicitly
if ($_requiredGrant == Tinebase_Model_Grants::GRANT_DELETE) {
return '1=0';
}
// organizer gets all other grants implicitly
$sql = $this->_db->quoteIdentifier('cal_events.organizer') . " = " . $this->_db->quote($contactId);
// attendee get read, sync, export and private grants implicitly
if (in_array($_requiredGrant, array(Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_SYNC, Tinebase_Model_Grants::GRANT_EXPORT, Tinebase_Model_Grants::GRANT_PRIVATE))) {
$readCond = $this->_db->quoteIdentifier('attendeeaccounts.id') . ' = ' . $this->_db->quote($accountId) . ' AND (' . $this->_db->quoteInto($this->_db->quoteIdentifier('attendee.user_type') . ' = ?', Calendar_Model_Attender::USERTYPE_USER) . ' OR ' . $this->_db->quoteInto($this->_db->quoteIdentifier('attendee.user_type') . ' = ?', Calendar_Model_Attender::USERTYPE_GROUPMEMBER) . ')';
$sql = "({$sql}) OR ({$readCond})";
}
return "({$sql})";
}
/**
* returns arrays of metainfo from given accountIds
*
* @param array $_accountIds
* @return array of strings
*/
protected function _getAccountsMetaData(array $_accountIds)
{
$filterArray = array();
foreach ($_accountIds as $accountId) {
$accountId = Tinebase_Model_User::convertUserIdToInt($accountId);
$filterArray[] = "(objectGUID={$accountId})";
}
// fetch all dns at once
$filter = '(|' . implode('', $filterArray) . ')';
$accounts = $this->_ldap->fetchAll($this->_options['userDn'], $filter, array('sAMAccountName', 'objectGUID', 'objectclass'));
if (count($accounts) != count($_accountIds)) {
throw new Exception("Some dn's are missing");
}
$result = array();
foreach ($accounts as $account) {
unset($account['objectclass']['count']);
$result[] = array('dn' => $account['dn'], 'uid' => $account['sAMAccountName'][0], 'uidNumber' => $account['objectGUID'][0], 'objectClass' => $account['objectclass']);
}
return $result;
}
/**
* remove one groupmember from the group
*
* @param mixed $_groupId
* @param mixed $_accountId
*/
public function removeGroupMemberFromSqlBackend($_groupId, $_accountId)
{
$groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$accountId = Tinebase_Model_User::convertUserIdToInt($_accountId);
$where = array($this->_db->quoteInto($this->_db->quoteIdentifier('group_id') . '= ?', $groupId), $this->_db->quoteInto($this->_db->quoteIdentifier('account_id') . '= ?', $accountId));
$this->groupMembersTable->delete($where);
$this->_clearCache(array('getGroupMembers' => $groupId, 'getGroupMemberships' => $accountId));
}
/**
* updates an user
*
* this function updates an user
*
* @param Tinebase_Model_FullUser $_user
* @return Tinebase_Model_FullUser
* @throws
*/
public function updateUserInSqlBackend(Tinebase_Model_FullUser $_user)
{
if (!$_user->isValid()) {
throw new Tinebase_Exception_Record_Validation('Invalid user object. ' . print_r($_user->getValidationErrors(), TRUE));
}
$accountId = Tinebase_Model_User::convertUserIdToInt($_user);
$oldUser = $this->getFullUserById($accountId);
if (empty($_user->contact_id)) {
$_user->visibility = 'hidden';
$_user->contact_id = null;
}
$accountData = $this->_recordToRawData($_user);
// don't update id
unset($accountData['id']);
// ignore all other states (expired and blocked)
if ($_user->accountStatus == Tinebase_User::STATUS_ENABLED) {
$accountData[$this->rowNameMapping['accountStatus']] = $_user->accountStatus;
if ($oldUser->accountStatus === Tinebase_User::STATUS_BLOCKED) {
$accountData[$this->rowNameMapping['loginFailures']] = 0;
} elseif ($oldUser->accountStatus === Tinebase_User::STATUS_EXPIRED) {
$accountData[$this->rowNameMapping['accountExpires']] = null;
}
} elseif ($_user->accountStatus == Tinebase_User::STATUS_DISABLED) {
$accountData[$this->rowNameMapping['accountStatus']] = $_user->accountStatus;
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . print_r($accountData, true));
}
try {
$accountsTable = new Tinebase_Db_Table(array('name' => SQL_TABLE_PREFIX . 'accounts'));
$where = array($this->_db->quoteInto($this->_db->quoteIdentifier('id') . ' = ?', $accountId));
$accountsTable->update($accountData, $where);
} catch (Exception $e) {
Tinebase_TransactionManager::getInstance()->rollBack();
throw $e;
}
return $this->getUserById($accountId, 'Tinebase_Model_FullUser');
}
/**
* check grant for action (CRUD)
*
* @param Tinebase_Record_Interface $_record
* @param string $_action
* @param boolean $_throw
* @param string $_errorMessage
* @param Tinebase_Record_Interface $_oldRecord
* @return boolean
* @throws Tinebase_Exception_AccessDenied
*
* @todo use this function in other create + update functions
* @todo invent concept for simple adding of grants (plugins?)
*/
protected function _checkGrant($_record, $_action, $_throw = TRUE, $_errorMessage = 'No Permission.', $_oldRecord = NULL)
{
if (!$this->_doContainerACLChecks || !$_record->has('container_id') || $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_ADMIN)) {
return TRUE;
}
$hasGrant = FALSE;
switch ($_action) {
case 'get':
$hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_READ);
break;
case 'create':
$hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_ADD);
break;
case 'update':
$hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_EDIT);
break;
case 'delete':
$container = Tinebase_Container::getInstance()->getContainerById($_record->container_id);
$hasGrant = $this->_currentAccount->hasGrant($_record->container_id, Tinebase_Model_Grants::GRANT_DELETE);
break;
}
if (!$hasGrant) {
if ($_throw) {
throw new Tinebase_Exception_AccessDenied($_errorMessage);
} else {
Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' No permissions to ' . $_action . ' in container ' . $_record->container_id);
}
}
return $hasGrant;
}
/**
* get metatada of existing user
*
* @param string $_userId
* @return array
*/
protected function _getMetaData($_userId)
{
$userId = Tinebase_Model_User::convertUserIdToInt($_userId);
$filter = Zend_Ldap_Filter::equals($this->_rowNameMapping['accountId'], Zend_Ldap::filterEscape($userId));
$result = $this->_ldap->search($filter, $this->_baseDn, $this->_userSearchScope);
if (count($result) !== 1) {
throw new Tinebase_Exception_NotFound("user with userid {$_userId} not found");
}
return $result->getFirst();
}
/**
* returns arrays of metainfo from given accountIds
*
* @param array $_accountIds
* @return array of strings
*/
protected function _getAccountsMetaData(array $_accountIds)
{
$filterArray = array();
foreach ($_accountIds as $accountId) {
$accountId = Tinebase_Model_User::convertUserIdToInt($accountId);
$filterArray[] = Zend_Ldap_Filter::equals($this->_userUUIDAttribute, Zend_Ldap::filterEscape($accountId));
}
$filter = new Zend_Ldap_Filter_Or($filterArray);
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' $filter: ' . $filter . ' count: ' . count($filterArray));
}
// fetch all dns at once
$accounts = $this->_ldap->search($filter, $this->_options['userDn'], $this->_userSearchScope, array('uid', $this->_userUUIDAttribute, 'objectclass'));
if (count($_accountIds) != count($accounts)) {
$wantedAccountIds = array();
$retrievedAccountIds = array();
foreach ($_accountIds as $accountId) {
$wantedAccountIds[] = Tinebase_Model_User::convertUserIdToInt($accountId);
}
foreach ($accounts as $account) {
$retrievedAccountIds[] = $account[$this->_userUUIDAttribute][0];
}
throw new Tinebase_Exception_NotFound("Some dn's are missing. " . print_r(array_diff($wantedAccountIds, $retrievedAccountIds), true));
}
$result = array();
foreach ($accounts as $account) {
$result[] = array('dn' => $account['dn'], 'objectclass' => $account['objectclass'], 'uid' => $account['uid'][0], $this->_userUUIDAttribute => $account[$this->_userUUIDAttribute][0]);
}
return $result;
}
/**
* updates an user
*
* this function updates an user
*
* @param Tinebase_Model_FullUser $_user
* @return Tinebase_Model_FullUser
* @throws
*/
public function updateUserInSqlBackend(Tinebase_Model_FullUser $_user)
{
if (!$_user->isValid()) {
throw new Tinebase_Exception_Record_Validation('Invalid user object. ' . print_r($_user->getValidationErrors(), TRUE));
}
$accountId = Tinebase_Model_User::convertUserIdToInt($_user);
$oldUser = $this->getFullUserById($accountId);
$accountsTable = new Tinebase_Db_Table(array('name' => SQL_TABLE_PREFIX . 'accounts'));
if (empty($_user->contact_id)) {
$_user->visibility = 'hidden';
$_user->contact_id = null;
}
$accountData = array('login_name' => $_user->accountLoginName, 'expires_at' => $_user->accountExpires instanceof DateTime ? $_user->accountExpires->get(Tinebase_Record_Abstract::ISO8601LONG) : NULL, 'primary_group_id' => $_user->accountPrimaryGroup, 'home_dir' => $_user->accountHomeDirectory, 'login_shell' => $_user->accountLoginShell, 'openid' => $_user->openid, 'visibility' => $_user->visibility, 'contact_id' => $_user->contact_id, $this->rowNameMapping['accountDisplayName'] => $_user->accountDisplayName, $this->rowNameMapping['accountFullName'] => $_user->accountFullName, $this->rowNameMapping['accountFirstName'] => $_user->accountFirstName, $this->rowNameMapping['accountLastName'] => $_user->accountLastName, $this->rowNameMapping['accountEmailAddress'] => $_user->accountEmailAddress);
// ignore all other states (expired and blocked)
if ($_user->accountStatus == Tinebase_User::STATUS_ENABLED) {
$accountData[$this->rowNameMapping['accountStatus']] = $_user->accountStatus;
if ($oldUser->accountStatus === Tinebase_User::STATUS_BLOCKED) {
$accountData[$this->rowNameMapping['loginFailures']] = 0;
} elseif ($oldUser->accountStatus === Tinebase_User::STATUS_EXPIRED) {
$accountData[$this->rowNameMapping['accountExpires']] = null;
}
} elseif ($_user->accountStatus == Tinebase_User::STATUS_DISABLED) {
$accountData[$this->rowNameMapping['accountStatus']] = $_user->accountStatus;
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . print_r($accountData, true));
}
try {
$accountsTable = new Tinebase_Db_Table(array('name' => SQL_TABLE_PREFIX . 'accounts'));
$where = array($this->_db->quoteInto($this->_db->quoteIdentifier('id') . ' = ?', $accountId));
$accountsTable->update($accountData, $where);
} catch (Exception $e) {
Tinebase_TransactionManager::getInstance()->rollBack();
throw $e;
}
return $this->getUserById($accountId, 'Tinebase_Model_FullUser');
}
/**
* @see Tinebase_Record_Abstract
*/
public function __construct($_data = NULL, $_bypassFilters = false, $_convertDates = true)
{
$this->_validators = array('accountId' => array('allowEmpty' => true), 'accountLoginName' => array('presence' => 'required'), 'accountLastLogin' => array('allowEmpty' => true), 'accountLastLoginfrom' => array('allowEmpty' => true), 'accountLastPasswordChange' => array('allowEmpty' => true), 'accountStatus' => array(new Zend_Validate_InArray(array(Tinebase_Model_User::ACCOUNT_STATUS_ENABLED, Tinebase_Model_User::ACCOUNT_STATUS_DISABLED, Tinebase_Model_User::ACCOUNT_STATUS_BLOCKED, Tinebase_Model_User::ACCOUNT_STATUS_EXPIRED)), Zend_Filter_Input::DEFAULT_VALUE => Tinebase_Model_User::ACCOUNT_STATUS_ENABLED), 'accountExpires' => array('allowEmpty' => true), 'accountPrimaryGroup' => array('presence' => 'required'), 'accountDisplayName' => array('presence' => 'required'), 'accountLastName' => array('presence' => 'required'), 'accountFirstName' => array('allowEmpty' => true), 'accountFullName' => array('presence' => 'required'), 'accountEmailAddress' => array('allowEmpty' => true), 'accountHomeDirectory' => array('allowEmpty' => true), 'accountLoginShell' => array('allowEmpty' => true), 'lastLoginFailure' => array('allowEmpty' => true), 'loginFailures' => array('allowEmpty' => true), 'sambaSAM' => array('allowEmpty' => true), 'openid' => array('allowEmpty' => true), 'contact_id' => array('allowEmpty' => true), 'container_id' => array('allowEmpty' => true), 'emailUser' => array('allowEmpty' => true), 'groups' => array('allowEmpty' => true), 'imapUser' => array('allowEmpty' => true), 'smtpUser' => array('allowEmpty' => true), 'visibility' => array(new Zend_Validate_InArray(array(Tinebase_Model_User::VISIBILITY_HIDDEN, Tinebase_Model_User::VISIBILITY_DISPLAYED)), Zend_Filter_Input::DEFAULT_VALUE => Tinebase_Model_User::VISIBILITY_DISPLAYED), 'created_by' => array('allowEmpty' => true), 'creation_time' => array('allowEmpty' => true), 'last_modified_by' => array('allowEmpty' => true), 'last_modified_time' => array('allowEmpty' => true), 'is_deleted' => array('allowEmpty' => true), 'deleted_time' => array('allowEmpty' => true), 'deleted_by' => array('allowEmpty' => true), 'seq' => array('allowEmpty' => true));
parent::__construct($_data, $_bypassFilters, $_convertDates);
}
/**
* get list of role members
*
* @param int $_accountId
* @return array of array with account ids & types
* @throws Tinebase_Exception_NotFound
*/
public function getRoleMemberships($_accountId)
{
$accountId = Tinebase_Model_User::convertUserIdToInt($_accountId);
$groupMemberships = Tinebase_Group::getInstance()->getGroupMemberships($accountId);
if (empty($groupMemberships)) {
throw new Tinebase_Exception_NotFound('Any account must belong to at least one group. The account with accountId ' . $accountId . ' does not belong to any group.');
}
$memberships = array();
$select = $this->_roleMembersTable->select();
$select->where($this->_db->quoteInto($this->_db->quoteIdentifier('account_id') . ' = ?', $_accountId) . ' AND ' . $this->_db->quoteInto($this->_db->quoteIdentifier('account_type') . ' = ?', Tinebase_Acl_Rights::ACCOUNT_TYPE_USER))->orwhere($this->_db->quoteInto($this->_db->quoteIdentifier('account_id') . ' IN (?)', $groupMemberships) . ' AND ' . $this->_db->quoteInto($this->_db->quoteIdentifier('account_type') . ' = ?', Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP));
$rows = $this->_roleMembersTable->fetchAll($select)->toArray();
foreach ($rows as $membership) {
$memberships[] = $membership['role_id'];
}
return $memberships;
}
/**
* fetch one contact of a user identified by his user_id
*
* @param int $_userId
* @return Addressbook_Model_Contact
* @throws Addressbook_Exception_NotFound if contact not found
*/
public function getByUserId($_userId)
{
$userId = Tinebase_Model_User::convertUserIdToInt($_userId);
$contactData = $this->_ldap->fetch($this->_baseDn, "uidnumber={$userId}", $this->_getSupportedLdapAttributes());
if (!$contactData) {
throw new Addressbook_Exception_NotFound("Contact with user id {$_userId} not found.");
}
$contact = $this->_ldap2Contacts(array($contactData))->offsetGet(0);
$contact->jpegphoto = $this->_ldap->fetchBinaryAttribute($this->_baseDn, "uidnumber={$userId}", 'jpegphoto');
return $contact;
}
/**
* try to convert id of account object and check if correct exceptions are thrown
*
*/
public function testConvertAccountIdToIntWithAccount()
{
$noIdAccount = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit-noid', 'accountStatus' => Tinebase_User::STATUS_DISABLED, 'accountExpires' => null, 'accountPrimaryGroup' => Tinebase_Core::getUser()->accountPrimaryGroup, 'accountLastName' => 'Tine 2.0 noid', 'accountFirstName' => 'PHPUnit noid', 'accountEmailAddress' => '*****@*****.**'));
$this->setExpectedException('Tinebase_Exception_NotFound');
Tinebase_Model_User::convertUserIdToInt($noIdAccount);
}
/**
* inspect get user by property
*
* @param Tinebase_Model_User $_user the user object
*/
public function inspectGetUserByProperty(Tinebase_Model_User $_user)
{
if (!$_user instanceof Tinebase_Model_FullUser) {
return;
}
$userId = $_user->getId();
$select = $this->_getSelect()->where($this->_db->quoteIdentifier($this->_userTable . '.' . $this->_propertyMapping['emailUserId']) . ' = ?', $userId);
// Perform query - retrieve user from database
$stmt = $this->_db->query($select);
$queryResult = $stmt->fetch();
$stmt->closeCursor();
if (!$queryResult) {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . $this->_subconfigKey . ' config for user ' . $userId . ' not found!');
}
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . print_r($queryResult, TRUE));
}
// convert data to Tinebase_Model_EmailUser
$emailUser = $this->_rawDataToRecord((array) $queryResult);
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . print_r($emailUser->toArray(), TRUE));
}
// modify/correct user name
// set emailUsername to Tine 2.0 account login name and append domain for login purposes if set
if (empty($emailUser->emailUsername)) {
$emailUser->emailUsername = $this->_getEmailUserName($_user);
}
if ($this instanceof Tinebase_EmailUser_Smtp_Interface) {
$_user->smtpUser = $emailUser;
$_user->emailUser = Tinebase_EmailUser::merge($_user->emailUser, clone $_user->smtpUser);
} else {
$_user->imapUser = $emailUser;
$_user->emailUser = Tinebase_EmailUser::merge(clone $_user->imapUser, $_user->emailUser);
}
}
/**
* get grants for containers assigned to given account of multiple records
*
* @param Tinebase_Record_RecordSet $_records records to get the grants for
* @param string|Tinebase_Model_User $_accountId the account to get the grants for
* @param string $_containerProperty container property
* @param string $_grantModel
* @throws Tinebase_Exception_NotFound
* @return array of containers|void
*/
public function getContainerGrantsOfRecords(Tinebase_Record_RecordSet $_records, $_accountId, $_containerProperty = 'container_id', $_grantModel = 'Tinebase_Model_Grants')
{
$containerIds = array();
foreach ($_records as $record) {
if (isset($record[$_containerProperty]) && !isset($containerIds[Tinebase_Model_Container::convertContainerIdToInt($record[$_containerProperty])])) {
$containerIds[Tinebase_Model_Container::convertContainerIdToInt($record[$_containerProperty])] = null;
}
}
if (empty($containerIds)) {
return array();
}
$accountId = $_accountId instanceof Tinebase_Record_Abstract ? $_accountId->getId() : $_accountId;
$select = $this->_getSelect('*', TRUE)->where("{$this->_db->quoteIdentifier('container.id')} IN (?)", array_keys($containerIds))->join(array('container_acl' => SQL_TABLE_PREFIX . 'container_acl'), "{$this->_db->quoteIdentifier('container_acl.container_id')} = {$this->_db->quoteIdentifier('container.id')}", array('*', 'account_grants' => $this->_dbCommand->getAggregate('container_acl.account_grant')))->group('container.id', 'container_acl.account_type', 'container_acl.account_id');
$this->addGrantsSql($select, $accountId, '*');
Tinebase_Backend_Sql_Abstract::traitGroup($select);
$stmt = $this->_db->query('/*' . __FUNCTION__ . '*/' . $select);
$rows = $stmt->fetchAll(Zend_Db::FETCH_ASSOC);
$containers = array();
// add results to container ids and get grants array
foreach ($rows as $row) {
// NOTE id is non-ambiguous
$row['id'] = $row['container_id'];
$grantsArray = array_unique(explode(',', $row['account_grants']));
$row['account_grants'] = $this->_getGrantsFromArray($grantsArray, $accountId, $_grantModel)->toArray();
$containers[$row['id']] = new Tinebase_Model_Container($row, TRUE);
try {
$containers[$row['id']]->path = $containers[$row['id']]->getPath();
} catch (Exception $e) {
// @todo is it correct to catch all exceptions here?
Tinebase_Exception::log($e);
}
}
return $containers;
}
/**
* returns default displayContainer id of given attendee
*
* @param string $userAccountId
*/
public static function getDefaultDisplayContainerId($userAccountId)
{
$userAccountId = Tinebase_Model_User::convertUserIdToInt($userAccountId);
$displayCalId = Tinebase_Core::getPreference('Calendar')->getValueForUser(Calendar_Preference::DEFAULTCALENDAR, $userAccountId);
try {
// assert that displaycal is of type personal
$container = Tinebase_Container::getInstance()->getContainerById($displayCalId);
if ($container->type != Tinebase_Model_Container::TYPE_PERSONAL) {
$displayCalId = NULL;
}
} catch (Exception $e) {
$displayCalId = NULL;
}
if (!isset($displayCalId)) {
$containers = Tinebase_Container::getInstance()->getPersonalContainer($userAccountId, 'Calendar_Model_Event', $userAccountId, 0, true);
if ($containers->count() > 0) {
$displayCalId = $containers->getFirstRecord()->getId();
}
}
return $displayCalId;
}
/**
* try to convert id of account object and check if correct exceptions are thrown
*
*/
public function testConvertAccountIdToIntWithAccount()
{
$this->setExpectedException('Exception');
Tinebase_Model_User::convertUserIdToInt($this->objects['noIdAccount']);
}
/**
* get prefered extension of this account
*
* @param int $_accountId the id of the account to get the prefered extension for
* @return array
* @throws Phone_Exception_NotFound
*/
public function getPreferedExtension($_accountId)
{
$accountId = Tinebase_Model_User::convertUserIdToInt($_accountId);
$extensionsTable = new Tinebase_Db_Table(array('name' => SQL_TABLE_PREFIX . 'phone_extensions'));
$select = $extensionsTable->select()->where($this->_db->quoteIdentifier('account_id') . ' = ?', $accountId);
$row = $extensionsTable->fetchRow($select);
if ($row === NULL) {
throw new Phone_Exception_NotFound('No prefered extension found.');
}
return $row->toArray();
}
/**
* get metatada of existing user
*
* @param string $_userId
* @return array
*/
protected function _getMetaData($_userId)
{
$userId = $this->_encodeAccountId(Tinebase_Model_User::convertUserIdToInt($_userId));
$filter = Zend_Ldap_Filter::equals($this->_rowNameMapping['accountId'], $userId);
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' fetch meta data - filter: ' . $filter);
}
$result = $this->_ldap->search($filter, $this->_baseDn, $this->_userSearchScope);
if (count($result) !== 1) {
throw new Tinebase_Exception_NotFound("user with userid {$_userId} not found");
}
return $result->getFirst();
}
/**
* get grants assigned to given account of multiple records
*
* @param Tinebase_Record_RecordSet $_records records to get the grants for
* @param string|Tinebase_Model_User $_accountId the account to get the grants for
* @param string $_containerProperty container property
* @param string $_grantModel
* @throws Tinebase_Exception_NotFound
*/
public function getGrantsOfRecords(Tinebase_Record_RecordSet $_records, $_accountId, $_containerProperty = 'container_id', $_grantModel = 'Tinebase_Model_Grants')
{
// get container ids
$containers = array();
foreach ($_records as $record) {
if (isset($record[$_containerProperty]) && !isset($containers[Tinebase_Model_Container::convertContainerIdToInt($record[$_containerProperty])])) {
$containers[Tinebase_Model_Container::convertContainerIdToInt($record[$_containerProperty])] = array();
}
}
if (empty($containers)) {
return;
}
$accountId = Tinebase_Model_User::convertUserIdToInt($_accountId);
$select = $this->_getSelect(array('container.id', 'container.name'), TRUE)->where("{$this->_db->quoteIdentifier('container.id')} IN (?)", array_keys($containers))->join(array('container_acl' => SQL_TABLE_PREFIX . 'container_acl'), "{$this->_db->quoteIdentifier('container_acl.container_id')} = {$this->_db->quoteIdentifier('container.id')}", array('container_id', 'account_grants' => Tinebase_Backend_Sql_Command::getAggregateFunction($this->_db, $this->_db->quoteIdentifier('container_acl.account_grant'))))->group(array('container.id', 'container.name', 'container_acl.account_type', 'container_acl.container_id'));
$this->addGrantsSql($select, $accountId, '*');
$stmt = $this->_db->query($select);
$arr = $stmt->fetchAll(Zend_Db::FETCH_ASSOC);
// check array for duplicate entries of container_id
$rows = array();
$last_arr = array();
foreach ($arr as $row) {
if ($last_arr['container_id'] === $row['container_id']) {
$row['account_grants'] = $last_arr['account_grants'] . ',' . $row['account_grants'];
end($rows);
$rows[key($rows)] = $row;
} else {
array_push($rows, $row);
}
$last_arr = $row;
}
// add results to container ids and get grants array
foreach ($rows as $row) {
// NOTE id is non-ambiguous
$row['id'] = $row['container_id'];
$grantsArray = array_unique(explode(',', $row['account_grants']));
$row['account_grants'] = $this->_getGrantsFromArray($grantsArray, $accountId, $_grantModel)->toArray();
$containers[$row['id']] = new Tinebase_Model_Container($row, TRUE);
}
// add container & grants to records
foreach ($_records as &$record) {
try {
if (!isset($record->{$_containerProperty})) {
continue;
}
$containerId = $record[$_containerProperty];
if (!is_array($containerId) && !$containerId instanceof Tinebase_Record_Abstract && !empty($containers[$containerId])) {
$record[$_containerProperty] = $containers[$containerId];
$record[$_containerProperty]['path'] = $containers[$containerId]->getPath();
}
} catch (Exception $e) {
// if path is not determinable, skip this container
$_records->removeRecord($record);
}
}
}
/**
* inspect get user by property
*
* @param Tinebase_Model_User $_user the user object
*/
public function inspectGetUserByProperty(Tinebase_Model_User $_user)
{
if (!$_user instanceof Tinebase_Model_FullUser) {
return;
}
$userId = $_user->getId();
$select = $this->_getSelect();
if ($this->_hasTine20Userid === true) {
$select->where($this->_db->quoteIdentifier($this->_propertyMapping['emailUserId']) . ' = ?', $userId);
} else {
$select->where($this->_db->quoteIdentifier($this->_propertyMapping['emailUserId']) . ' = ?', $this->_convertToInt($userId));
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . $select->__toString());
}
// Perferom query - retrieve user from database
$stmt = $this->_db->query($select);
$queryResult = $stmt->fetch();
$stmt->closeCursor();
if (!$queryResult) {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . 'Dbmail config for user ' . $userId . ' not found!');
}
return;
}
#if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($queryResult, TRUE));
// convert data to Tinebase_Model_EmailUser
$emailUser = $this->_rawDataToRecord($queryResult);
#if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($emailUser->toArray(), TRUE));
// modify/correct user name
// set emailUsername to Tine accout login name and append domain for login purposes if set
$emailUser->emailUsername = $this->_appendDomain($_user->accountLoginName);
$_user->imapUser = $emailUser;
$_user->emailUser = Tinebase_EmailUser::merge(clone $_user->imapUser, isset($_user->emailUser) ? $_user->emailUser : null);
}
/**
* remove one groupmember from the group
*
* @param mixed $_groupId
* @param mixed $_accountId
*/
public function removeGroupMemberFromSqlBackend($_groupId, $_accountId)
{
$groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$accountId = Tinebase_Model_User::convertUserIdToInt($_accountId);
$where = array($this->_db->quoteInto($this->_db->quoteIdentifier('group_id') . '= ?', $groupId), $this->_db->quoteInto($this->_db->quoteIdentifier('account_id') . '= ?', $accountId));
$this->groupMembersTable->delete($where);
// invalidate cache
$cacheId = convertCacheId('groupMembers' . $groupId);
Tinebase_Core::getCache()->remove($cacheId);
$cacheId = convertCacheId('groupMemberships' . $accountId);
Tinebase_Core::getCache()->remove($cacheId);
}
/**
* checks if container is a personal container of given account
*
* @param mixed $account
*/
public function isPersonalOf($account)
{
return $this->type == Tinebase_Model_Container::TYPE_PERSONAL && $this->getOwner() == Tinebase_Model_User::convertUserIdToInt($account);
}
/**
* returns account_grants of given timeaccount
* - this function caches its result (with cache tag 'container')
*
* @param Tinebase_Model_User|int $_accountId
* @param Timetracker_Model_Timeaccount|string $_timeaccountId
* @param bool $_ignoreAcl
* @return array
*/
public static function getGrantsOfAccount($_accountId, $_timeaccountId, $_ignoreAcl = FALSE)
{
$cache = Tinebase_Core::getCache();
$cacheId = convertCacheId('getGrantsOfAccount' . Tinebase_Model_User::convertUserIdToInt($_accountId) . ($_timeaccountId instanceof Timetracker_Model_Timeaccount ? $_timeaccountId->getId() : $_timeaccountId) . $_ignoreAcl);
$result = $cache->load($cacheId);
if ($result === FALSE) {
$timeaccount = $_timeaccountId instanceof Timetracker_Model_Timeaccount ? $_timeaccountId : Timetracker_Controller_Timeaccount::getInstance()->get($_timeaccountId);
$containerGrantsArray = Tinebase_Container::getInstance()->getGrantsOfAccount($_accountId, $timeaccount->container_id, 'Timetracker_Model_TimeaccountGrants')->toArray();
$account_grants = new Timetracker_Model_TimeaccountGrants($containerGrantsArray);
$result = $account_grants->toArray();
$cache->save($result, $cacheId, array('container'));
}
return $result;
}
/**
* returns arrays of metainfo from given accountIds
*
* @param array $_accountIds
* @param boolean $throwExceptionOnMissingAccounts
* @return array of strings
*/
protected function _getAccountsMetaData(array $_accountIds, $throwExceptionOnMissingAccounts = TRUE)
{
$filterArray = array();
foreach ($_accountIds as $accountId) {
$accountId = Tinebase_Model_User::convertUserIdToInt($accountId);
$filterArray[] = Zend_Ldap_Filter::equals($this->_userUUIDAttribute, $this->_encodeAccountId($accountId));
}
$filter = new Zend_Ldap_Filter_Or($filterArray);
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' $filter: ' . $filter . ' count: ' . count($filterArray));
}
// fetch all dns at once
$accounts = $this->getLdap()->search($filter, $this->_options['userDn'], $this->_userSearchScope, array($this->_userUUIDAttribute, 'objectclass', 'primarygroupid'));
if (count($_accountIds) != count($accounts)) {
$wantedAccountIds = array();
$retrievedAccountIds = array();
foreach ($_accountIds as $accountId) {
$wantedAccountIds[] = Tinebase_Model_User::convertUserIdToInt($accountId);
}
foreach ($accounts as $account) {
$retrievedAccountIds[] = $account[$this->_userUUIDAttribute][0];
}
$message = "Some dn's are missing. " . print_r(array_diff($wantedAccountIds, $retrievedAccountIds), true);
if ($throwExceptionOnMissingAccounts) {
throw new Tinebase_Exception_NotFound($message);
} else {
if (Tinebase_Core::isLogLevel(Zend_Log::WARN)) {
Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' ' . $message);
}
}
}
$result = array();
foreach ($accounts as $account) {
$result[] = array('dn' => $account['dn'], 'objectclass' => $account['objectclass'], $this->_userUUIDAttribute => $this->_decodeGroupId($account[$this->_userUUIDAttribute][0]), 'primarygroupid' => $account['primarygroupid'][0]);
}
return $result;
}
/**
* set all groups an user is member of
*
* @param mixed $_userId the account as integer or Tinebase_Model_User
* @param mixed $_groupIds
* @return array
*/
public function setGroupMemberships($_userId, $_groupIds)
{
$this->checkRight('MANAGE_ACCOUNTS');
if ($_groupIds instanceof Tinebase_Record_RecordSet) {
$_groupIds = $_groupIds->getArrayOfIds();
}
if (count($_groupIds) === 0) {
throw new Tinebase_Exception_InvalidArgument('user must belong to at least one group');
}
$userId = Tinebase_Model_User::convertUserIdToInt($_userId);
$groupMemberships = Tinebase_Group::getInstance()->getGroupMemberships($userId);
$removeGroupMemberships = array_diff($groupMemberships, $_groupIds);
$addGroupMemberships = array_diff($_groupIds, $groupMemberships);
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' current groupmemberships: ' . print_r($groupMemberships, true));
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' new groupmemberships: ' . print_r($_groupIds, true));
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' added groupmemberships: ' . print_r($addGroupMemberships, true));
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' removed groupmemberships: ' . print_r($removeGroupMemberships, true));
}
foreach ($addGroupMemberships as $groupId) {
$this->addGroupMember($groupId, $userId);
}
foreach ($removeGroupMemberships as $groupId) {
$this->removeGroupMember($groupId, $userId);
}
return Tinebase_Group::getInstance()->getGroupMemberships($userId);
}
/**
* get list of role memberships
*
* @param int $accountId
* @param string $type
* @return array of array with role ids
* @throws Tinebase_Exception_NotFound
*/
public function getRoleMemberships($accountId, $type = Tinebase_Acl_Rights::ACCOUNT_TYPE_USER)
{
if ($type === Tinebase_Acl_Rights::ACCOUNT_TYPE_USER) {
$accountId = Tinebase_Model_User::convertUserIdToInt($accountId);
$groupMemberships = Tinebase_Group::getInstance()->getGroupMemberships($accountId);
if (empty($groupMemberships)) {
throw new Tinebase_Exception_NotFound('Any account must belong to at least one group. The account with accountId ' . $accountId . ' does not belong to any group.');
}
$classCacheId = Tinebase_Helper::convertCacheId($accountId . implode('', $groupMemberships) . $type);
} else {
if ($type === Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP) {
$accountId = Tinebase_Model_Group::convertGroupIdToInt($accountId);
$classCacheId = Tinebase_Helper::convertCacheId($accountId . $type);
} else {
throw new Tinebase_Exception_InvalidArgument('Invalid type: ' . $type);
}
}
if (isset($this->_classCache[__FUNCTION__][$classCacheId])) {
return $this->_classCache[__FUNCTION__][$classCacheId];
}
$select = $this->_getDb()->select()->distinct()->from(array('role_accounts' => SQL_TABLE_PREFIX . 'role_accounts'), array('role_id'))->where($this->_getDb()->quoteInto($this->_getDb()->quoteIdentifier('account_id') . ' = ?', $accountId) . ' AND ' . $this->_getDb()->quoteInto($this->_getDb()->quoteIdentifier('account_type') . ' = ?', $type));
if ($type === Tinebase_Acl_Rights::ACCOUNT_TYPE_USER) {
$select->orwhere($this->_getDb()->quoteInto($this->_getDb()->quoteIdentifier('account_id') . ' IN (?)', $groupMemberships) . ' AND ' . $this->_getDb()->quoteInto($this->_getDb()->quoteIdentifier('account_type') . ' = ?', Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP));
}
$stmt = $this->_getDb()->query($select);
$memberships = $stmt->fetchAll(Zend_Db::FETCH_COLUMN);
$this->_classCache[__FUNCTION__][$classCacheId] = $memberships;
return $memberships;
}
/**
* get all calendar grants
*
* @param Tinebase_Model_User $user
* @return array
*/
protected function _getAllCalendarGrants($user = null)
{
return array('account_id' => $user ? $user->getId() : Tinebase_Core::getUser()->getId(), 'account_type' => 'user', Tinebase_Model_Grants::GRANT_READ => true, Tinebase_Model_Grants::GRANT_ADD => true, Tinebase_Model_Grants::GRANT_EDIT => true, Tinebase_Model_Grants::GRANT_DELETE => true, Tinebase_Model_Grants::GRANT_PRIVATE => true, Tinebase_Model_Grants::GRANT_ADMIN => true, Tinebase_Model_Grants::GRANT_FREEBUSY => true);
}
