/**
* Retreive all users that belong to the given group.
*
* @param int $id
* @return array Users
*/
protected function actionGetUsers($params)
{
//don't check ACL here because this method may be called by anyone.
$group = \GO\Base\Model\Group::model()->findByPk($params['id'], false, true);
if (empty($group)) {
$group = new \GO\Base\Model\Group();
}
if (isset($params['add_users']) && !empty($group->id)) {
$users = json_decode($params['add_users']);
foreach ($users as $usr_id) {
if ($group->addUser($usr_id)) {
\GO\Base\Model\User::model()->findByPk($usr_id)->checkDefaultModels();
}
}
}
$store = \GO\Base\Data\Store::newInstance(\GO\Base\Model\User::model());
$store->getColumnModel()->formatColumn('name', '$model->name', array(), array('first_name', 'last_name'));
$storeParams = $store->getDefaultParams($params)->joinCustomFields(false);
$delresponse = array();
//manually check permission here because this method may be accessed by any logged in user. allowWithoutModuleAccess is used above.
if ($group->checkPermissionLevel(\GO\Base\Model\Acl::DELETE_PERMISSION)) {
// The users in the group "everyone" cannot be deleted
if ($group->id != \GO::config()->group_everyone) {
$store->processDeleteActions($params, 'GO\\Base\\Model\\UserGroup', array('group_id' => $group->id));
} else {
$delresponse['deleteSuccess'] = false;
$delresponse['deleteFeedback'] = 'Members of the group everyone cannot be deleted.';
}
}
$stmt = $group->users($storeParams);
$store->setStatement($stmt);
$response = $store->getData();
$response = array_merge($response, $delresponse);
return $response;
}
$module->id = $moduleController->id();
$module->save();
}
}
}
$admin = new \GO\Base\Model\User();
$admin->first_name = \GO::t('system');
$admin->last_name = \GO::t('admin');
$admin->username = $args['adminusername'];
$admin->password = $args['adminpassword'];
$admin->email = \GO::config()->webmaster_email = $args['adminemail'];
\GO::config()->save();
//disable password validation
\GO::config()->password_validate = false;
$admin->save();
$adminGroup->addUser($admin->id);
$admin->checkDefaultModels();
//module code here because we need the user and the module for this
if (\GO::modules()->files) {
$folder = \GO\Files\Model\Folder::model()->findByPath('users/' . $admin->username . '/Public', true);
$folder->visible = true;
$acl = $folder->setNewAcl();
$acl->addGroup(\GO::config()->group_everyone, \GO\Base\Model\Acl::DELETE_PERMISSION);
$folder->save();
}
//Insert default cronjob record for email reminders
$cron = new \GO\Base\Cron\CronJob();
$cron->name = 'Email Reminders';
$cron->active = true;
$cron->runonce = false;
$cron->minutes = '*/5';
/**
*
* php groupofficecli.php -r=ldapauth/sync/groups --delete=1 --max_delete_percentage=34 --dry=1
*
* @param type $params
* @throws Exception
*/
protected function actionGroups($params)
{
$this->requireCli();
\GO::session()->runAsRoot();
$dryRun = !empty($params['dry']);
if ($dryRun) {
echo "Dry run enabled.\n\n";
}
$ldapConn = \GO\Base\Ldap\Connection::getDefault();
if (empty(\GO::config()->ldap_groupsdn)) {
throw new \Exception('$config[\'ldap_groupsdn\'] is not set!');
}
$result = $ldapConn->search(\GO::config()->ldap_groupsdn, 'cn=*');
// $record = $result->fetch();
// $attr = $record->getAttributes();
// var_dump($attr);
// exit();
//
//keep an array of groups that exist in ldap. This array will be used later for deletes.
//admin group is not in ldap but should not be removed.
$groupsInLDAP = array(\GO::config()->group_root, \GO::config()->group_everyone, \GO::config()->group_internal);
$i = 0;
while ($record = $result->fetch()) {
$i++;
try {
$groupname = $record->cn[0];
if (empty($groupname)) {
throw new \Exception("Empty group name in LDAP record!");
}
$group = \GO\Base\Model\Group::model()->findByName($groupname);
if (!$group) {
echo "Creating group '" . $groupname . "'\n";
$group = new \GO\Base\Model\Group();
$group->name = $groupname;
if (!$dryRun && !$group->save()) {
echo "Error saving group: " . implode("\n", $group->getValidationErrors());
}
} else {
echo "Group '" . $groupname . "' exists\n";
}
$usersInGroup = array();
foreach ($record->memberuid as $username) {
$user = \GO\Base\Model\User::model()->findSingleByAttribute('username', $username);
if (!$user) {
echo "Error: user '" . $username . "' does not exist in Group-Office\n";
} else {
echo "Adding user '{$username}'\n";
if (!$dryRun) {
$group->addUser($user->id);
}
$usersInGroup[] = $user->id;
}
}
echo "Removing users from group\n";
$findParams = \GO\Base\Db\FindParams::newInstance();
$findParams->getCriteria()->addInCondition('user_id', $usersInGroup, 'link_t', true, true);
$usersToRemove = $group->users($findParams);
foreach ($usersToRemove as $user) {
echo "Removing user '" . $user->username . "'\n";
if (!$dryRun) {
$group->removeUser($user->id);
}
}
if (!$dryRun) {
$this->fireEvent("ldapsyncgroup", array($group, $record));
}
echo "Synced " . $groupname . "\n";
} catch (\Exception $e) {
echo "ERROR:\n";
echo (string) $e;
echo "LDAP record:";
var_dump($record->getAttributes());
}
if ($group) {
$groupsInLDAP[] = $group->id;
}
// if($i==100)
// exit("Reached 100. Exitting");
}
$stmt = \GO\Base\Model\Group::model()->find();
$totalInGO = $stmt->rowCount();
$totalInLDAP = count($groupsInLDAP);
echo "Groups in Group-Office: " . $totalInGO . "\n";
echo "Groups in LDAP: " . $totalInLDAP . "\n";
if (!empty($params['delete'])) {
$percentageToDelete = round((1 - $totalInLDAP / $totalInGO) * 100);
$maxDeletePercentage = isset($params['max_delete_percentage']) ? intval($params['max_delete_percentage']) : 5;
if ($percentageToDelete > $maxDeletePercentage) {
die("Delete Aborted because script was about to delete more then {$maxDeletePercentage}% of the groups (" . $percentageToDelete . "%, " . ($totalInGO - $totalInLDAP) . " groups)\n");
}
while ($group = $stmt->fetch()) {
if (!in_array($group->id, $groupsInLDAP)) {
echo "Deleting " . $group->name . "\n";
if (!$dryRun) {
$group->delete();
}
}
}
}
echo "Done\n\n";
//var_dump($attr);
}
