/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) {
$this->markTestSkipped('LDAP backend not enabled');
}
$this->_backend = Tinebase_User::factory(Tinebase_User::LDAP);
}
/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::SQL) {
$this->markTestSkipped('SQL backend not enabled');
}
$this->_backend = Tinebase_User::factory(Tinebase_User::SQL);
parent::setUp();
}
/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
$this->_groupLDAP = Tinebase_Group::factory(Tinebase_Group::LDAP);
$this->_userLDAP = Tinebase_User::factory(Tinebase_User::LDAP);
$this->_groupSQL = Tinebase_Group::factory(Tinebase_Group::SQL);
$this->objects['initialGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit', 'description' => 'initial group'));
$this->objects['updatedGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit updated', 'description' => 'updated group'));
$this->objects['initialAccount'] = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit', 'accountStatus' => 'enabled', 'accountExpires' => NULL, 'accountPrimaryGroup' => 'must be set to valid groupid', 'accountLastName' => 'Tine 2.0', 'accountFirstName' => 'PHPUnit', 'accountEmailAddress' => '*****@*****.**'));
}
/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) {
$this->markTestSkipped('LDAP backend not enabled');
}
$this->_backend = Tinebase_User::factory(Tinebase_User::LDAP);
if (!array_key_exists('Tinebase_User_Plugin_Samba', $this->_backend->getPlugins())) {
$this->markTestSkipped('Samba LDAP plugin not enabled');
}
$this->objects['users'] = array();
}
/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) {
$this->markTestSkipped('LDAP backend not enabled');
}
$this->_backend = Tinebase_User::factory(Tinebase_User::LDAP);
if (!array_key_exists('Tinebase_EmailUser_Imap_LdapDbmailSchema', $this->_backend->getPlugins())) {
$this->markTestSkipped('Dbmail LDAP plugin not enabled');
}
$this->_config = Tinebase_Config::getInstance()->get(Tinebase_Config::IMAP, new Tinebase_Config_Struct())->toArray();
$this->objects['users'] = array();
}
/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) {
$this->markTestSkipped('LDAP backend not enabled');
}
$this->_groupLDAP = Tinebase_Group::factory(Tinebase_Group::LDAP);
$this->_userLDAP = Tinebase_User::factory(Tinebase_User::LDAP);
$this->_groupSQL = Tinebase_Group::factory(Tinebase_Group::SQL);
$this->objects['initialGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit', 'description' => 'initial group'));
$this->objects['updatedGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit updated', 'description' => 'updated group'));
$this->objects['initialAccount'] = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit', 'accountStatus' => 'enabled', 'accountExpires' => NULL, 'accountPrimaryGroup' => 'must be set to valid groupid', 'accountLastName' => 'Tine 2.0', 'accountFirstName' => 'PHPUnit', 'accountEmailAddress' => '*****@*****.**'));
$this->objects['groups'] = new Tinebase_Record_RecordSet('Tinebase_Model_Group');
$this->objects['users'] = new Tinebase_Record_RecordSet('Tinebase_Model_FullUser');
}
/**
* Sets up the fixture.
* This method is called before a test is executed.
*
* @access protected
*/
protected function setUp()
{
if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::SQL) {
$this->markTestSkipped('SQL backend not enabled');
}
$this->_backend = Tinebase_User::factory(Tinebase_User::SQL);
// remove user left over by broken tests
try {
$user = $this->_backend->getUserByLoginName('tine20phpunituser', 'Tinebase_Model_FullUser');
$this->_backend->deleteUser($user);
} catch (Tinebase_Exception_NotFound $tenf) {
// do nothing
}
$this->objects['users'] = array();
}
/**
* get all user passwords from ldap
* - set pw for user (in sql and sql plugins)
* - do not encrypt the pw again as it is encrypted in LDAP
*
* @throws Tinebase_Exception_Backend
*/
public static function syncLdapPasswords()
{
$userBackend = Tinebase_User::getInstance();
if (!$userBackend instanceof Tinebase_User_Ldap) {
throw new Tinebase_Exception_Backend('Needs LDAP accounts backend');
}
$result = $userBackend->getUserAttributes(array('entryUUID', 'userPassword'));
if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) {
Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' About to sync ' . count($result) . ' user passwords from LDAP to Tine 2.0.');
}
$sqlBackend = Tinebase_User::factory(self::SQL);
foreach ($result as $user) {
try {
$sqlBackend->setPassword($user['entryUUID'], $user['userPassword'], FALSE);
} catch (Tinebase_Exception_NotFound $tenf) {
if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) {
Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Could not find user with id ' . $user['entryUUID'] . ' in SQL backend.');
}
}
}
}
/**
* migrate from SQL account storage to another one (for example LDAP)
* - deletes all users, groups and roles because they will be
* imported from new accounts storage backend
*/
protected function _migrateFromSqlAccountsStorage()
{
Setup_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Deleting all user accounts, groups, roles and rights');
Tinebase_User::factory(Tinebase_User::SQL)->deleteAllUsers();
$contactSQLBackend = new Addressbook_Backend_Sql();
$allUserContactIds = $contactSQLBackend->search(new Addressbook_Model_ContactFilter(array('type' => 'user')), null, true);
if (count($allUserContactIds) > 0) {
$contactSQLBackend->delete($allUserContactIds);
}
Tinebase_Group::factory(Tinebase_Group::SQL)->deleteAllGroups();
$listsSQLBackend = new Addressbook_Backend_List();
$allGroupListIds = $listsSQLBackend->search(new Addressbook_Model_ListFilter(array('type' => 'group')), null, true);
if (count($allGroupListIds) > 0) {
$listsSQLBackend->delete($allGroupListIds);
}
$roles = Tinebase_Acl_Roles::getInstance();
$roles->deleteAllRoles();
// import users (from new backend) / create initial users (SQL)
Tinebase_User::syncUsers(array('syncContactData' => TRUE));
$roles->createInitialRoles();
$applications = Tinebase_Application::getInstance()->getApplications(NULL, 'id');
foreach ($applications as $application) {
Setup_Initialize::initializeApplicationRights($application);
}
}
/**
* reset password for given account
*
* @param array|string $account Tinebase_Model_FullUser data or account id
* @param string $password the new password
* @param bool $mustChange
* @return array
*/
public function resetPassword($account, $password, $mustChange)
{
if (is_array($account)) {
$account = new Tinebase_Model_FullUser($account);
} else {
$account = Tinebase_User::factory(Tinebase_User::getConfiguredBackend())->getFullUserById($account);
}
$controller = Admin_Controller_User::getInstance();
$controller->setAccountPassword($account, $password, $password, (bool) $mustChange);
$result = array('success' => TRUE);
return $result;
}
/**
* resolved app records and fills the related_record property with the corresponding record
*
* NOTE: With this, READ ACL is implicitly checked as non readable records won't get retuned!
*
* @param Tinebase_Record_RecordSet $_relations of Tinebase_Model_Relation
* @param boolean $_ignoreACL
* @return void
*
* @todo make getApplicationInstance work for tinebase record (Tinebase_Model_User for example)
*/
protected function resolveAppRecords($_relations, $_ignoreACL = FALSE)
{
// separate relations by model
$modelMap = array();
foreach ($_relations as $relation) {
if (!(isset($modelMap[$relation->related_model]) || array_key_exists($relation->related_model, $modelMap))) {
$modelMap[$relation->related_model] = new Tinebase_Record_RecordSet('Tinebase_Model_Relation');
}
$modelMap[$relation->related_model]->addRecord($relation);
}
// fill related_record
foreach ($modelMap as $modelName => $relations) {
// check right
$split = explode('_Model_', $modelName);
$rightClass = $split[0] . '_Acl_Rights';
$rightName = 'manage_' . strtolower($split[1]) . 's';
if (class_exists($rightClass)) {
$ref = new ReflectionClass($rightClass);
$u = Tinebase_Core::getUser();
// if a manage right is defined and the user has no manage_record or admin right, remove relations having this record class as related model
if (is_object($u) && $ref->hasConstant(strtoupper($rightName)) && !$u->hasRight($split[0], $rightName) && !$u->hasRight($split[0], Tinebase_Acl_Rights::ADMIN)) {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
$_relations->removeRecords($relations);
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Skipping relation due to no manage right: ' . $modelName);
}
continue;
}
}
$getMultipleMethod = 'getMultiple';
if ($modelName === 'Tinebase_Model_User') {
// @todo add related backend here
//$appController = Tinebase_User::factory($relations->related_backend);
$appController = Tinebase_User::factory(Tinebase_User::getConfiguredBackend());
$records = $appController->{$getMultipleMethod}($relations->related_id);
} else {
try {
$appController = Tinebase_Core::getApplicationInstance($modelName);
if (method_exists($appController, $getMultipleMethod)) {
$records = $appController->{$getMultipleMethod}($relations->related_id, $_ignoreACL);
// resolve record alarms
if (count($records) > 0 && $records->getFirstRecord()->has('alarms')) {
$appController->getAlarms($records);
}
} else {
throw new Tinebase_Exception_AccessDenied('Controller ' . get_class($appController) . ' has no method ' . $getMultipleMethod);
}
} catch (Tinebase_Exception_AccessDenied $tea) {
if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) {
Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Removing relations from result. Got exception: ' . $tea->getMessage());
}
$_relations->removeRecords($relations);
continue;
}
}
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Resolving " . count($relations) . " relations");
}
foreach ($relations as $relation) {
$recordIndex = $records->getIndexById($relation->related_id);
$relationIndex = $_relations->getIndexById($relation->getId());
if ($recordIndex !== false) {
$_relations[$relationIndex]->related_record = $records[$recordIndex];
} else {
// delete relation from set, as READ ACL is obviously not granted
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " removing {$relation->related_model} {$relation->related_backend} {$relation->related_id} (ACL)");
}
unset($_relations[$relationIndex]);
}
}
}
}
/**
* create initial admin account
*
* Method is called during Setup Initialization
*
* $_options may contain the following keys:
* <code>
* $options = array(
* 'adminLoginName' => 'admin',
* 'adminPassword' => 'lars',
* 'adminFirstName' => 'Tine 2.0',
* 'adminLastName' => 'Admin Account',
* 'adminEmailAddress' => '*****@*****.**',
* 'expires' => Tinebase_DateTime object
* );
* </code>
*
* @param array $_options [hash that may contain override values for admin user name and password]
* @return void
*/
public static function createInitialAccounts($_options)
{
if (!isset($_options['adminPassword']) || !isset($_options['adminLoginName'])) {
throw new Tinebase_Exception_InvalidArgument('Admin password and login name have to be set when creating initial account.', 503);
}
$adminLoginName = $_options['adminLoginName'];
$adminPassword = $_options['adminPassword'];
$adminFirstName = isset($_options['adminFirstName']) ? $_options['adminFirstName'] : 'Tine 2.0';
$adminLastName = isset($_options['adminLastName']) ? $_options['adminLastName'] : 'Admin Account';
$adminEmailAddress = array_key_exists('adminEmailAddress', $_options) ? $_options['adminEmailAddress'] : NULL;
// get admin & user groups
$userBackend = Tinebase_User::factory(Tinebase_User::SQL);
$groupsBackend = Tinebase_Group::factory(Tinebase_Group::SQL);
$adminGroup = $groupsBackend->getDefaultAdminGroup();
$userGroup = $groupsBackend->getDefaultGroup();
Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Creating initial admin user (login: '******' / email: ' . $adminEmailAddress . ')');
$user = new Tinebase_Model_FullUser(array('accountLoginName' => $adminLoginName, 'accountStatus' => 'enabled', 'accountPrimaryGroup' => $userGroup->getId(), 'accountLastName' => $adminLastName, 'accountDisplayName' => $adminLastName . ', ' . $adminFirstName, 'accountFirstName' => $adminFirstName, 'accountExpires' => isset($_options['expires']) ? $_options['expires'] : NULL, 'accountEmailAddress' => $adminEmailAddress));
if ($adminEmailAddress !== NULL) {
$user->imapUser = new Tinebase_Model_EmailUser(array('emailPassword' => $adminPassword));
$user->smtpUser = new Tinebase_Model_EmailUser(array('emailPassword' => $adminPassword));
}
// update or create user in local sql backend
try {
$userBackend->getUserByProperty('accountLoginName', $adminLoginName);
$user = $userBackend->updateUserInSqlBackend($user);
} catch (Tinebase_Exception_NotFound $ten) {
// call addUser here to make sure, sql user plugins (email, ...) are triggered
$user = $userBackend->addUser($user);
}
// set the password for the account
Tinebase_User::getInstance()->setPassword($user, $adminPassword);
// add the admin account to all groups
Tinebase_Group::getInstance()->addGroupMember($adminGroup, $user);
Tinebase_Group::getInstance()->addGroupMember($userGroup, $user);
}
/**
* resolved app records and filles the related_record property with the corresponding record
*
* NOTE: With this, READ ACL is implicitly checked as non readable records won't get retuned!
*
* @param Tinebase_Record_RecordSet $_relations of Tinebase_Model_Relation
* @param boolean $_ignoreACL
* @return void
*
* @todo make getApplicationInstance work for tinebase record (Tinebase_Model_User for example)
*/
protected function resolveAppRecords($_relations, $_ignoreACL = FALSE)
{
// seperate relations by model
$modelMap = array();
foreach ($_relations as $relation) {
if (!array_key_exists($relation->related_model, $modelMap)) {
$modelMap[$relation->related_model] = new Tinebase_Record_RecordSet('Tinebase_Model_Relation');
}
$modelMap[$relation->related_model]->addRecord($relation);
}
// fill related_record
foreach ($modelMap as $modelName => $relations) {
$getMultipleMethod = 'getMultiple';
if ($modelName === 'Tinebase_Model_User') {
// @todo add related backend here
//$appController = Tinebase_User::factory($relations->related_backend);
$appController = Tinebase_User::factory(Tinebase_User::getConfiguredBackend());
$records = $appController->{$getMultipleMethod}($relations->related_id);
} else {
try {
$appController = Tinebase_Core::getApplicationInstance($modelName);
$records = $appController->{$getMultipleMethod}($relations->related_id, $_ignoreACL);
} catch (Tinebase_Exception_AccessDenied $tea) {
// remove relations, user has no permission
$_relations->removeRecords($relations);
continue;
}
}
foreach ($relations as $relation) {
$recordIndex = $records->getIndexById($relation->related_id);
$relationIndex = $_relations->getIndexById($relation->getId());
if ($recordIndex !== false) {
$_relations[$relationIndex]->related_record = $records[$recordIndex];
} else {
// delete relation from set, as READ ACL is obviously not granted
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " removing {$relation->related_model} {$relation->related_backend} {$relation->related_id} (ACL)");
}
unset($_relations[$relationIndex]);
}
}
}
}
