/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
$this->_groupLDAP = Tinebase_Group::factory(Tinebase_Group::LDAP);
$this->_userLDAP = Tinebase_User::factory(Tinebase_User::LDAP);
$this->_groupSQL = Tinebase_Group::factory(Tinebase_Group::SQL);
$this->objects['initialGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit', 'description' => 'initial group'));
$this->objects['updatedGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit updated', 'description' => 'updated group'));
$this->objects['initialAccount'] = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit', 'accountStatus' => 'enabled', 'accountExpires' => NULL, 'accountPrimaryGroup' => 'must be set to valid groupid', 'accountLastName' => 'Tine 2.0', 'accountFirstName' => 'PHPUnit', 'accountEmailAddress' => '*****@*****.**'));
}
/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) {
$this->markTestSkipped('LDAP backend not enabled');
}
$this->_groupLDAP = Tinebase_Group::factory(Tinebase_Group::LDAP);
$this->_userLDAP = Tinebase_User::factory(Tinebase_User::LDAP);
$this->_groupSQL = Tinebase_Group::factory(Tinebase_Group::SQL);
$this->objects['initialGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit', 'description' => 'initial group'));
$this->objects['updatedGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit updated', 'description' => 'updated group'));
$this->objects['initialAccount'] = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit', 'accountStatus' => 'enabled', 'accountExpires' => NULL, 'accountPrimaryGroup' => 'must be set to valid groupid', 'accountLastName' => 'Tine 2.0', 'accountFirstName' => 'PHPUnit', 'accountEmailAddress' => '*****@*****.**'));
$this->objects['groups'] = new Tinebase_Record_RecordSet('Tinebase_Model_Group');
$this->objects['users'] = new Tinebase_Record_RecordSet('Tinebase_Model_FullUser');
}
/**
* get (create if it does not exist) container for shared contracts
*
* @return Tinebase_Model_Container|NULL
*/
public static function getSharedContractsContainer()
{
$sharedContracts = NULL;
$appId = Tinebase_Application::getInstance()->getApplicationByName('Sales')->getId();
try {
$sharedContractsId = Tinebase_Config::getInstance()->getConfig(Sales_Model_Config::SHAREDCONTRACTSID, $appId, '')->value;
$sharedContracts = Tinebase_Container::getInstance()->get($sharedContractsId);
} catch (Tinebase_Exception_NotFound $tenf) {
$newContainer = new Tinebase_Model_Container(array('name' => 'Shared Contracts', 'type' => Tinebase_Model_Container::TYPE_SHARED, 'backend' => 'Sql', 'application_id' => $appId));
$sharedContracts = Tinebase_Container::getInstance()->addContainer($newContainer, NULL, TRUE);
Tinebase_Config::getInstance()->setConfigForApplication(Sales_Model_Config::SHAREDCONTRACTSID, $sharedContracts->getId(), 'Sales');
// add grants for groups
$groupsBackend = Tinebase_Group::factory(Tinebase_Group::SQL);
$adminGroup = $groupsBackend->getDefaultAdminGroup();
$userGroup = $groupsBackend->getDefaultGroup();
Tinebase_Container::getInstance()->addGrants($sharedContracts, Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, $userGroup, array(Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_EDIT), TRUE);
Tinebase_Container::getInstance()->addGrants($sharedContracts, Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, $adminGroup, array(Tinebase_Model_Grants::GRANT_ADD, Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_EDIT, Tinebase_Model_Grants::GRANT_DELETE, Tinebase_Model_Grants::GRANT_ADMIN), TRUE);
}
return $sharedContracts;
}
/**
* try to update an user
*
*/
public function testUpdateUser()
{
$groupsBackend = Tinebase_Group::factory(Tinebase_Group::LDAP);
$user = $this->testAddUser();
$groupsBackend->addGroupMemberInSyncBackend($user->accountPrimaryGroup, $user);
$groupsBeforeUpdate = $groupsBackend->getGroupMembershipsFromSyncBackend($user);
$user->accountLoginName = 'tine20phpunituser-updated';
$this->_usernamesToDelete[] = $user->accountLoginName;
$testUser = $this->_backend->updateUser($user);
$groupsAfterUpdate = $groupsBackend->getGroupMembershipsFromSyncBackend($testUser);
sort($groupsBeforeUpdate);
sort($groupsAfterUpdate);
$this->assertEquals($user->accountLoginName, $testUser->accountLoginName);
$this->assertEquals($groupsBeforeUpdate, $groupsAfterUpdate);
}
/**
* migrate from SQL account storage to another one (for example LDAP)
* - deletes all users, groups and roles because they will be
* imported from new accounts storage backend
*/
protected function _migrateFromSqlAccountsStorage()
{
Setup_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Deleting all user accounts, groups, roles and rights');
Tinebase_User::factory(Tinebase_User::SQL)->deleteAllUsers();
$contactSQLBackend = new Addressbook_Backend_Sql();
$allUserContactIds = $contactSQLBackend->search(new Addressbook_Model_ContactFilter(array('type' => 'user')), null, true);
if (count($allUserContactIds) > 0) {
$contactSQLBackend->delete($allUserContactIds);
}
Tinebase_Group::factory(Tinebase_Group::SQL)->deleteAllGroups();
$listsSQLBackend = new Addressbook_Backend_List();
$allGroupListIds = $listsSQLBackend->search(new Addressbook_Model_ListFilter(array('type' => 'group')), null, true);
if (count($allGroupListIds) > 0) {
$listsSQLBackend->delete($allGroupListIds);
}
$roles = Tinebase_Acl_Roles::getInstance();
$roles->deleteAllRoles();
// import users (from new backend) / create initial users (SQL)
Tinebase_User::syncUsers(array('syncContactData' => TRUE));
$roles->createInitialRoles();
$applications = Tinebase_Application::getInstance()->getApplications(NULL, 'id');
foreach ($applications as $application) {
Setup_Initialize::initializeApplicationRights($application);
}
}
/**
* updates an existing user
*
* @todo check required objectclasses?
*
* @param Tinebase_Model_FullUser $_account
* @return Tinebase_Model_FullUser
*/
public function updateUserInSyncBackend(Tinebase_Model_FullUser $_account)
{
if ($this->_isReadOnlyBackend) {
return $_account;
}
$ldapEntry = $this->_getLdapEntry('accountId', $_account);
$ldapData = $this->_user2ldap($_account, $ldapEntry);
foreach ($this->_ldapPlugins as $plugin) {
$plugin->inspectUpdateUser($_account, $ldapData, $ldapEntry);
}
// no need to update this attribute, it's not allowed to change and even might not be update-able
unset($ldapData[$this->_userUUIDAttribute]);
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' DN: ' . $ldapEntry['dn']);
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' LDAP data: ' . print_r($ldapData, true));
}
$this->_ldap->update($ldapEntry['dn'], $ldapData);
$dn = Zend_Ldap_Dn::factory($ldapEntry['dn'], null);
$rdn = $dn->getRdn();
// do we need to rename the entry?
if (isset($ldapData[key($rdn)]) && $rdn[key($rdn)] != $ldapData[key($rdn)]) {
$groupsBackend = Tinebase_Group::factory(Tinebase_Group::LDAP);
// get the current group memberships
$memberships = $groupsBackend->getGroupMembershipsFromSyncBackend($_account);
// remove the user from current groups, because the dn/uid has changed
foreach ($memberships as $groupId) {
$groupsBackend->removeGroupMemberInSyncBackend($groupId, $_account);
}
$newDN = $this->_generateDn($_account);
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' rename ldap entry to: ' . $newDN);
}
$this->_ldap->rename($dn, $newDN);
// add the user to current groups again
foreach ($memberships as $groupId) {
$groupsBackend->addGroupMemberInSyncBackend($groupId, $_account);
}
}
// refetch user from ldap backend
$user = $this->getUserByPropertyFromSyncBackend('accountId', $_account, 'Tinebase_Model_FullUser');
return $user;
}
/**
* Override method because this app requires special rights
* @see tine20/Setup/Setup_Initialize#_createInitialRights($_application)
*
*/
protected function _createInitialRights(Tinebase_Model_Application $_application)
{
parent::_createInitialRights($_application);
$groupsBackend = Tinebase_Group::factory(Tinebase_Group::SQL);
$adminGroup = $groupsBackend->getDefaultAdminGroup();
// give anyone read rights to the internal addressbook
// give Adminstrators group read/edit/admin rights to the internal addressbook
Tinebase_Container::getInstance()->addGrants($this->_getInternalAddressbook(), Tinebase_Acl_Rights::ACCOUNT_TYPE_ANYONE, '0', array(Tinebase_Model_Grants::GRANT_READ), TRUE);
Tinebase_Container::getInstance()->addGrants($this->_getInternalAddressbook(), Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, $adminGroup, array(Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_EDIT, Tinebase_Model_Grants::GRANT_ADMIN), TRUE);
}
/**
* create initial admin account
*
* Method is called during Setup Initialization
*
* $_options may contain the following keys:
* <code>
* $options = array(
* 'adminLoginName' => 'admin',
* 'adminPassword' => 'lars',
* 'adminFirstName' => 'Tine 2.0',
* 'adminLastName' => 'Admin Account',
* 'adminEmailAddress' => '*****@*****.**',
* 'expires' => Tinebase_DateTime object
* );
* </code>
*
* @param array $_options [hash that may contain override values for admin user name and password]
* @return void
*/
public static function createInitialAccounts($_options)
{
if (!isset($_options['adminPassword']) || !isset($_options['adminLoginName'])) {
throw new Tinebase_Exception_InvalidArgument('Admin password and login name have to be set when creating initial account.', 503);
}
$adminLoginName = $_options['adminLoginName'];
$adminPassword = $_options['adminPassword'];
$adminFirstName = isset($_options['adminFirstName']) ? $_options['adminFirstName'] : 'Tine 2.0';
$adminLastName = isset($_options['adminLastName']) ? $_options['adminLastName'] : 'Admin Account';
$adminEmailAddress = array_key_exists('adminEmailAddress', $_options) ? $_options['adminEmailAddress'] : NULL;
// get admin & user groups
$userBackend = Tinebase_User::factory(Tinebase_User::SQL);
$groupsBackend = Tinebase_Group::factory(Tinebase_Group::SQL);
$adminGroup = $groupsBackend->getDefaultAdminGroup();
$userGroup = $groupsBackend->getDefaultGroup();
Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Creating initial admin user (login: '******' / email: ' . $adminEmailAddress . ')');
$user = new Tinebase_Model_FullUser(array('accountLoginName' => $adminLoginName, 'accountStatus' => 'enabled', 'accountPrimaryGroup' => $userGroup->getId(), 'accountLastName' => $adminLastName, 'accountDisplayName' => $adminLastName . ', ' . $adminFirstName, 'accountFirstName' => $adminFirstName, 'accountExpires' => isset($_options['expires']) ? $_options['expires'] : NULL, 'accountEmailAddress' => $adminEmailAddress));
if ($adminEmailAddress !== NULL) {
$user->imapUser = new Tinebase_Model_EmailUser(array('emailPassword' => $adminPassword));
$user->smtpUser = new Tinebase_Model_EmailUser(array('emailPassword' => $adminPassword));
}
// update or create user in local sql backend
try {
$userBackend->getUserByProperty('accountLoginName', $adminLoginName);
$user = $userBackend->updateUserInSqlBackend($user);
} catch (Tinebase_Exception_NotFound $ten) {
// call addUser here to make sure, sql user plugins (email, ...) are triggered
$user = $userBackend->addUser($user);
}
// set the password for the account
Tinebase_User::getInstance()->setPassword($user, $adminPassword);
// add the admin account to all groups
Tinebase_Group::getInstance()->addGroupMember($adminGroup, $user);
Tinebase_Group::getInstance()->addGroupMember($userGroup, $user);
}
