/** * (non-PHPdoc) * @see svnadmin\core\interfaces.IGroupViewProvider::getGroups() */ public function getGroups() { $groupNamesArray = $this->m_authfile->groups(); $retArray = array(); if (is_array($groupNamesArray)) { for ($i = 0; $i < count($groupNamesArray); $i++) { $groupObj = new \svnadmin\core\entities\Group(); $groupObj->id = $groupNamesArray[$i]; $groupObj->name = $groupNamesArray[$i]; array_push($retArray, $groupObj); } } return $retArray; }
/** * Updates the SVNAuthFile with Users and Groups from LDAP server. */ public function updateSvnAuthFile($autoRemoveUsers = true, $autoRemoveGroups = true) { $this->init(); $E = \svnadmin\core\Engine::getInstance(); // Increase max_execution_time for big LDAP structures. $maxTime = intval(ini_get('max_execution_time')); if ($maxTime != 0 && $maxTime < 300) { @ini_set('max_execution_time', 300); } // Check connection before doing the update. $connector = new \IF_AbstractLdapConnector(); if (!$connector->connect($this->host_address, 0, $this->host_protocol_version)) { throw new \Exception("Can not connect.", 0); } else { if (!$connector->bind($this->bind_dn, $this->bind_password)) { throw new \Exception("Can not connect. Authentication failed."); } } try { // @todo Backup file. // Step 1 // Load the current SVNAuthFile and remove/reset all existing groups. // Load file. $svnAuthFilePath = $E->getConfig()->getValue("Subversion", "SVNAuthFile"); $svnAuthFile = new \IF_SVNAuthFileC($svnAuthFilePath); $svnAuthFileOld = new \IF_SVNAuthFileC($svnAuthFilePath); // Remove groups. $svnAuthFileGroups = $svnAuthFile->groups(); foreach ($svnAuthFileGroups as $g) { $svnAuthFile->deleteGroup($g); } // Step 2 // Get all users and groups from LDAP server. // Users. $users = array(); $users = $this->p_getUserEntries(); // Groups. $groups = array(); $groups = $this->p_getGroupEntries(true); // Step 3 // Iterate all groups which has been fetched from LDAP server // and create them in the SVNAuthFile. Addionally associate // all users to a group which are defined as member of a it. // // @todo Add the Realname or DN of a user as Alias to the SVNAuthFile. // Property name of a Group-Entry which holds the group's name. $gp_name = strtolower($this->groups_attributes[0]); // Property name of a Group-Entry which holds the member-id (DN). $gp_member_id = strtolower($this->groups_to_users_attribute); // Property name of a User-Entry which holds the user's name. $up_name = strtolower($this->users_attributes[0]); // Property name of a User-Entry which holds the value which is assigned in a Group-Entry as Member-ID. $up_id = strtolower($this->groups_to_users_attribute_value); foreach ($groups as $g) { if (!property_exists($g, $gp_name)) { continue; } // The group-name property doesn't exist. try { // Create group in SVNAuthFile. (throws Exception) $svnAuthFile->createGroup($g->{$gp_name}); } catch (\Exception $except) { $E->addException($except); continue; } // Find members. if (!property_exists($g, $gp_member_id)) { // No members. // @todo Should we delete empty groups from overview? } elseif (is_array($g->{$gp_member_id})) { // Multiple members. foreach ($g->{$gp_member_id} as $member_id) { // Get name of the member. foreach ($users as $u) { if ($u->{$up_id} == $member_id) { // Add user to SVNAuthFile-Group. $svnAuthFile->addUserToGroup($g->{$gp_name}, $u->{$up_name}); break; } } } } elseif (is_string($g->{$gp_member_id})) { // One member. $member_id = $g->{$gp_member_id}; // Get name of the member. foreach ($users as $u) { if ($u->{$up_id} == $member_id) { // Add user to SVNAuthFile-Group. $svnAuthFile->addUserToGroup($g->{$gp_name}, $u->{$up_name}); break; } } } } // foreach($groups) // Step 4 // Save new SVNAuthFile to disk. $svnAuthFile->save(); // Step 5 // Compare with previous file to revoke AccessPath permissions of // deleted groups and users. // // We need to reset the Provider object, because it holds the // SVNAuthFile and should be reloaded, because of the cahnges // above. $apEditProvider = $E->getProvider(PROVIDER_ACCESSPATH_EDIT); $apEditProvider->reset(); $removedUsers = array(); $removedGroups = array(); // Collect removed groups. // Groups which are in the old file but not in the new one. foreach ($svnAuthFileOld->groups() as $g) { if (!$svnAuthFile->groupExists($g)) { // The group $g is not in the new configuration (Removed from LDAP). $removedGroups[] = $g; if ($autoRemoveGroups) { try { $apEditProvider->removeGroupFromAllAccessPaths(new \svnadmin\core\entities\Group($g, $g)); $E->addMessage(tr("The group <b>%0</b> has been removed from LDAP. Removed all assigned permissions.", array($g))); } catch (\Exception $e) { $E->addException($e); } } } } // Collect removed users and groups with direct associated // Access-Path permissions and revoke the permissions. foreach ($svnAuthFile->repositories() as $r) { // Users. foreach ($svnAuthFile->usersOfRepository($r) as $u) { if ($u === "*") { continue; } // #87 Do not check for * user in LDAP.. if (!$this->userExists(new \svnadmin\core\entities\User($u, $u))) { // The user has direct AccessPath permissions but does // not exist on LDAP server. $removedUsers[] = $u; if ($autoRemoveUsers) { // Revoke permissions. try { $apEditProvider->removeUserFromAccessPath(new \svnadmin\core\entities\User($u, $u), new \svnadmin\core\entities\AccessPath($r)); $E->addMessage(tr("The user <b>%0</b> doesn't exist anymore. Removed direct Access-Path permission to <b>%1</b>", array($u, $r))); } catch (\Exception $e) { $E->addException($e); } } } } // foreach (users) // Groups. foreach ($svnAuthFile->groupsOfRepository($r) as $g) { // We can check against the new SVNAuthFile, because the // containing groups are updated from LDAP. //if (!$this->groupExists(new \svnadmin\core\entities\Group($g, $g))) if (!$svnAuthFile->groupExists($g)) { $removedGroups[] = $g; if ($autoRemoveGroups) { // Revoke permissions. try { $apEditProvider->removeGroupFromAccessPath(new \svnadmin\core\entities\Group($g, $g), new \svnadmin\core\entities\AccessPath($r)); $E->addMessage(tr("The group <b>%0</b> doesn't exist anymore. Removed direct Access-Path permission to <b>%1</b>", array($g, $r))); } catch (\Exception $e) { $E->addException($e); } } } } // foreach (groups) } // foreach (repositories) // Save changes made to "$apEditProvider". $apEditProvider->save(); } catch (\Exception $ex) { throw $ex; } }