/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { $this->_groupLDAP = Tinebase_Group::factory(Tinebase_Group::LDAP); $this->_userLDAP = Tinebase_User::factory(Tinebase_User::LDAP); $this->_groupSQL = Tinebase_Group::factory(Tinebase_Group::SQL); $this->objects['initialGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit', 'description' => 'initial group')); $this->objects['updatedGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit updated', 'description' => 'updated group')); $this->objects['initialAccount'] = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit', 'accountStatus' => 'enabled', 'accountExpires' => NULL, 'accountPrimaryGroup' => 'must be set to valid groupid', 'accountLastName' => 'Tine 2.0', 'accountFirstName' => 'PHPUnit', 'accountEmailAddress' => '*****@*****.**')); }
/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) { $this->markTestSkipped('LDAP backend not enabled'); } $this->_groupLDAP = Tinebase_Group::factory(Tinebase_Group::LDAP); $this->_userLDAP = Tinebase_User::factory(Tinebase_User::LDAP); $this->_groupSQL = Tinebase_Group::factory(Tinebase_Group::SQL); $this->objects['initialGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit', 'description' => 'initial group')); $this->objects['updatedGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit updated', 'description' => 'updated group')); $this->objects['initialAccount'] = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit', 'accountStatus' => 'enabled', 'accountExpires' => NULL, 'accountPrimaryGroup' => 'must be set to valid groupid', 'accountLastName' => 'Tine 2.0', 'accountFirstName' => 'PHPUnit', 'accountEmailAddress' => '*****@*****.**')); $this->objects['groups'] = new Tinebase_Record_RecordSet('Tinebase_Model_Group'); $this->objects['users'] = new Tinebase_Record_RecordSet('Tinebase_Model_FullUser'); }
/** * get (create if it does not exist) container for shared contracts * * @return Tinebase_Model_Container|NULL */ public static function getSharedContractsContainer() { $sharedContracts = NULL; $appId = Tinebase_Application::getInstance()->getApplicationByName('Sales')->getId(); try { $sharedContractsId = Tinebase_Config::getInstance()->getConfig(Sales_Model_Config::SHAREDCONTRACTSID, $appId, '')->value; $sharedContracts = Tinebase_Container::getInstance()->get($sharedContractsId); } catch (Tinebase_Exception_NotFound $tenf) { $newContainer = new Tinebase_Model_Container(array('name' => 'Shared Contracts', 'type' => Tinebase_Model_Container::TYPE_SHARED, 'backend' => 'Sql', 'application_id' => $appId)); $sharedContracts = Tinebase_Container::getInstance()->addContainer($newContainer, NULL, TRUE); Tinebase_Config::getInstance()->setConfigForApplication(Sales_Model_Config::SHAREDCONTRACTSID, $sharedContracts->getId(), 'Sales'); // add grants for groups $groupsBackend = Tinebase_Group::factory(Tinebase_Group::SQL); $adminGroup = $groupsBackend->getDefaultAdminGroup(); $userGroup = $groupsBackend->getDefaultGroup(); Tinebase_Container::getInstance()->addGrants($sharedContracts, Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, $userGroup, array(Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_EDIT), TRUE); Tinebase_Container::getInstance()->addGrants($sharedContracts, Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, $adminGroup, array(Tinebase_Model_Grants::GRANT_ADD, Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_EDIT, Tinebase_Model_Grants::GRANT_DELETE, Tinebase_Model_Grants::GRANT_ADMIN), TRUE); } return $sharedContracts; }
/** * try to update an user * */ public function testUpdateUser() { $groupsBackend = Tinebase_Group::factory(Tinebase_Group::LDAP); $user = $this->testAddUser(); $groupsBackend->addGroupMemberInSyncBackend($user->accountPrimaryGroup, $user); $groupsBeforeUpdate = $groupsBackend->getGroupMembershipsFromSyncBackend($user); $user->accountLoginName = 'tine20phpunituser-updated'; $this->_usernamesToDelete[] = $user->accountLoginName; $testUser = $this->_backend->updateUser($user); $groupsAfterUpdate = $groupsBackend->getGroupMembershipsFromSyncBackend($testUser); sort($groupsBeforeUpdate); sort($groupsAfterUpdate); $this->assertEquals($user->accountLoginName, $testUser->accountLoginName); $this->assertEquals($groupsBeforeUpdate, $groupsAfterUpdate); }
/** * migrate from SQL account storage to another one (for example LDAP) * - deletes all users, groups and roles because they will be * imported from new accounts storage backend */ protected function _migrateFromSqlAccountsStorage() { Setup_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Deleting all user accounts, groups, roles and rights'); Tinebase_User::factory(Tinebase_User::SQL)->deleteAllUsers(); $contactSQLBackend = new Addressbook_Backend_Sql(); $allUserContactIds = $contactSQLBackend->search(new Addressbook_Model_ContactFilter(array('type' => 'user')), null, true); if (count($allUserContactIds) > 0) { $contactSQLBackend->delete($allUserContactIds); } Tinebase_Group::factory(Tinebase_Group::SQL)->deleteAllGroups(); $listsSQLBackend = new Addressbook_Backend_List(); $allGroupListIds = $listsSQLBackend->search(new Addressbook_Model_ListFilter(array('type' => 'group')), null, true); if (count($allGroupListIds) > 0) { $listsSQLBackend->delete($allGroupListIds); } $roles = Tinebase_Acl_Roles::getInstance(); $roles->deleteAllRoles(); // import users (from new backend) / create initial users (SQL) Tinebase_User::syncUsers(array('syncContactData' => TRUE)); $roles->createInitialRoles(); $applications = Tinebase_Application::getInstance()->getApplications(NULL, 'id'); foreach ($applications as $application) { Setup_Initialize::initializeApplicationRights($application); } }
/** * updates an existing user * * @todo check required objectclasses? * * @param Tinebase_Model_FullUser $_account * @return Tinebase_Model_FullUser */ public function updateUserInSyncBackend(Tinebase_Model_FullUser $_account) { if ($this->_isReadOnlyBackend) { return $_account; } $ldapEntry = $this->_getLdapEntry('accountId', $_account); $ldapData = $this->_user2ldap($_account, $ldapEntry); foreach ($this->_ldapPlugins as $plugin) { $plugin->inspectUpdateUser($_account, $ldapData, $ldapEntry); } // no need to update this attribute, it's not allowed to change and even might not be update-able unset($ldapData[$this->_userUUIDAttribute]); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' DN: ' . $ldapEntry['dn']); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' LDAP data: ' . print_r($ldapData, true)); } $this->_ldap->update($ldapEntry['dn'], $ldapData); $dn = Zend_Ldap_Dn::factory($ldapEntry['dn'], null); $rdn = $dn->getRdn(); // do we need to rename the entry? if (isset($ldapData[key($rdn)]) && $rdn[key($rdn)] != $ldapData[key($rdn)]) { $groupsBackend = Tinebase_Group::factory(Tinebase_Group::LDAP); // get the current group memberships $memberships = $groupsBackend->getGroupMembershipsFromSyncBackend($_account); // remove the user from current groups, because the dn/uid has changed foreach ($memberships as $groupId) { $groupsBackend->removeGroupMemberInSyncBackend($groupId, $_account); } $newDN = $this->_generateDn($_account); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' rename ldap entry to: ' . $newDN); } $this->_ldap->rename($dn, $newDN); // add the user to current groups again foreach ($memberships as $groupId) { $groupsBackend->addGroupMemberInSyncBackend($groupId, $_account); } } // refetch user from ldap backend $user = $this->getUserByPropertyFromSyncBackend('accountId', $_account, 'Tinebase_Model_FullUser'); return $user; }
/** * Override method because this app requires special rights * @see tine20/Setup/Setup_Initialize#_createInitialRights($_application) * */ protected function _createInitialRights(Tinebase_Model_Application $_application) { parent::_createInitialRights($_application); $groupsBackend = Tinebase_Group::factory(Tinebase_Group::SQL); $adminGroup = $groupsBackend->getDefaultAdminGroup(); // give anyone read rights to the internal addressbook // give Adminstrators group read/edit/admin rights to the internal addressbook Tinebase_Container::getInstance()->addGrants($this->_getInternalAddressbook(), Tinebase_Acl_Rights::ACCOUNT_TYPE_ANYONE, '0', array(Tinebase_Model_Grants::GRANT_READ), TRUE); Tinebase_Container::getInstance()->addGrants($this->_getInternalAddressbook(), Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, $adminGroup, array(Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_EDIT, Tinebase_Model_Grants::GRANT_ADMIN), TRUE); }
/** * create initial admin account * * Method is called during Setup Initialization * * $_options may contain the following keys: * <code> * $options = array( * 'adminLoginName' => 'admin', * 'adminPassword' => 'lars', * 'adminFirstName' => 'Tine 2.0', * 'adminLastName' => 'Admin Account', * 'adminEmailAddress' => '*****@*****.**', * 'expires' => Tinebase_DateTime object * ); * </code> * * @param array $_options [hash that may contain override values for admin user name and password] * @return void */ public static function createInitialAccounts($_options) { if (!isset($_options['adminPassword']) || !isset($_options['adminLoginName'])) { throw new Tinebase_Exception_InvalidArgument('Admin password and login name have to be set when creating initial account.', 503); } $adminLoginName = $_options['adminLoginName']; $adminPassword = $_options['adminPassword']; $adminFirstName = isset($_options['adminFirstName']) ? $_options['adminFirstName'] : 'Tine 2.0'; $adminLastName = isset($_options['adminLastName']) ? $_options['adminLastName'] : 'Admin Account'; $adminEmailAddress = array_key_exists('adminEmailAddress', $_options) ? $_options['adminEmailAddress'] : NULL; // get admin & user groups $userBackend = Tinebase_User::factory(Tinebase_User::SQL); $groupsBackend = Tinebase_Group::factory(Tinebase_Group::SQL); $adminGroup = $groupsBackend->getDefaultAdminGroup(); $userGroup = $groupsBackend->getDefaultGroup(); Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Creating initial admin user (login: '******' / email: ' . $adminEmailAddress . ')'); $user = new Tinebase_Model_FullUser(array('accountLoginName' => $adminLoginName, 'accountStatus' => 'enabled', 'accountPrimaryGroup' => $userGroup->getId(), 'accountLastName' => $adminLastName, 'accountDisplayName' => $adminLastName . ', ' . $adminFirstName, 'accountFirstName' => $adminFirstName, 'accountExpires' => isset($_options['expires']) ? $_options['expires'] : NULL, 'accountEmailAddress' => $adminEmailAddress)); if ($adminEmailAddress !== NULL) { $user->imapUser = new Tinebase_Model_EmailUser(array('emailPassword' => $adminPassword)); $user->smtpUser = new Tinebase_Model_EmailUser(array('emailPassword' => $adminPassword)); } // update or create user in local sql backend try { $userBackend->getUserByProperty('accountLoginName', $adminLoginName); $user = $userBackend->updateUserInSqlBackend($user); } catch (Tinebase_Exception_NotFound $ten) { // call addUser here to make sure, sql user plugins (email, ...) are triggered $user = $userBackend->addUser($user); } // set the password for the account Tinebase_User::getInstance()->setPassword($user, $adminPassword); // add the admin account to all groups Tinebase_Group::getInstance()->addGroupMember($adminGroup, $user); Tinebase_Group::getInstance()->addGroupMember($userGroup, $user); }