/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) { $this->markTestSkipped('LDAP backend not enabled'); } $this->_backend = Tinebase_User::factory(Tinebase_User::LDAP); }
/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::SQL) { $this->markTestSkipped('SQL backend not enabled'); } $this->_backend = Tinebase_User::factory(Tinebase_User::SQL); parent::setUp(); }
/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { $this->_groupLDAP = Tinebase_Group::factory(Tinebase_Group::LDAP); $this->_userLDAP = Tinebase_User::factory(Tinebase_User::LDAP); $this->_groupSQL = Tinebase_Group::factory(Tinebase_Group::SQL); $this->objects['initialGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit', 'description' => 'initial group')); $this->objects['updatedGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit updated', 'description' => 'updated group')); $this->objects['initialAccount'] = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit', 'accountStatus' => 'enabled', 'accountExpires' => NULL, 'accountPrimaryGroup' => 'must be set to valid groupid', 'accountLastName' => 'Tine 2.0', 'accountFirstName' => 'PHPUnit', 'accountEmailAddress' => '*****@*****.**')); }
/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) { $this->markTestSkipped('LDAP backend not enabled'); } $this->_backend = Tinebase_User::factory(Tinebase_User::LDAP); if (!array_key_exists('Tinebase_User_Plugin_Samba', $this->_backend->getPlugins())) { $this->markTestSkipped('Samba LDAP plugin not enabled'); } $this->objects['users'] = array(); }
/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) { $this->markTestSkipped('LDAP backend not enabled'); } $this->_backend = Tinebase_User::factory(Tinebase_User::LDAP); if (!array_key_exists('Tinebase_EmailUser_Imap_LdapDbmailSchema', $this->_backend->getPlugins())) { $this->markTestSkipped('Dbmail LDAP plugin not enabled'); } $this->_config = Tinebase_Config::getInstance()->get(Tinebase_Config::IMAP, new Tinebase_Config_Struct())->toArray(); $this->objects['users'] = array(); }
/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::LDAP) { $this->markTestSkipped('LDAP backend not enabled'); } $this->_groupLDAP = Tinebase_Group::factory(Tinebase_Group::LDAP); $this->_userLDAP = Tinebase_User::factory(Tinebase_User::LDAP); $this->_groupSQL = Tinebase_Group::factory(Tinebase_Group::SQL); $this->objects['initialGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit', 'description' => 'initial group')); $this->objects['updatedGroup'] = new Tinebase_Model_Group(array('name' => 'tine20phpunit updated', 'description' => 'updated group')); $this->objects['initialAccount'] = new Tinebase_Model_FullUser(array('accountLoginName' => 'tine20phpunit', 'accountStatus' => 'enabled', 'accountExpires' => NULL, 'accountPrimaryGroup' => 'must be set to valid groupid', 'accountLastName' => 'Tine 2.0', 'accountFirstName' => 'PHPUnit', 'accountEmailAddress' => '*****@*****.**')); $this->objects['groups'] = new Tinebase_Record_RecordSet('Tinebase_Model_Group'); $this->objects['users'] = new Tinebase_Record_RecordSet('Tinebase_Model_FullUser'); }
/** * Sets up the fixture. * This method is called before a test is executed. * * @access protected */ protected function setUp() { if (Tinebase_User::getConfiguredBackend() !== Tinebase_User::SQL) { $this->markTestSkipped('SQL backend not enabled'); } $this->_backend = Tinebase_User::factory(Tinebase_User::SQL); // remove user left over by broken tests try { $user = $this->_backend->getUserByLoginName('tine20phpunituser', 'Tinebase_Model_FullUser'); $this->_backend->deleteUser($user); } catch (Tinebase_Exception_NotFound $tenf) { // do nothing } $this->objects['users'] = array(); }
/** * get all user passwords from ldap * - set pw for user (in sql and sql plugins) * - do not encrypt the pw again as it is encrypted in LDAP * * @throws Tinebase_Exception_Backend */ public static function syncLdapPasswords() { $userBackend = Tinebase_User::getInstance(); if (!$userBackend instanceof Tinebase_User_Ldap) { throw new Tinebase_Exception_Backend('Needs LDAP accounts backend'); } $result = $userBackend->getUserAttributes(array('entryUUID', 'userPassword')); if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' About to sync ' . count($result) . ' user passwords from LDAP to Tine 2.0.'); } $sqlBackend = Tinebase_User::factory(self::SQL); foreach ($result as $user) { try { $sqlBackend->setPassword($user['entryUUID'], $user['userPassword'], FALSE); } catch (Tinebase_Exception_NotFound $tenf) { if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Could not find user with id ' . $user['entryUUID'] . ' in SQL backend.'); } } } }
/** * migrate from SQL account storage to another one (for example LDAP) * - deletes all users, groups and roles because they will be * imported from new accounts storage backend */ protected function _migrateFromSqlAccountsStorage() { Setup_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Deleting all user accounts, groups, roles and rights'); Tinebase_User::factory(Tinebase_User::SQL)->deleteAllUsers(); $contactSQLBackend = new Addressbook_Backend_Sql(); $allUserContactIds = $contactSQLBackend->search(new Addressbook_Model_ContactFilter(array('type' => 'user')), null, true); if (count($allUserContactIds) > 0) { $contactSQLBackend->delete($allUserContactIds); } Tinebase_Group::factory(Tinebase_Group::SQL)->deleteAllGroups(); $listsSQLBackend = new Addressbook_Backend_List(); $allGroupListIds = $listsSQLBackend->search(new Addressbook_Model_ListFilter(array('type' => 'group')), null, true); if (count($allGroupListIds) > 0) { $listsSQLBackend->delete($allGroupListIds); } $roles = Tinebase_Acl_Roles::getInstance(); $roles->deleteAllRoles(); // import users (from new backend) / create initial users (SQL) Tinebase_User::syncUsers(array('syncContactData' => TRUE)); $roles->createInitialRoles(); $applications = Tinebase_Application::getInstance()->getApplications(NULL, 'id'); foreach ($applications as $application) { Setup_Initialize::initializeApplicationRights($application); } }
/** * reset password for given account * * @param array|string $account Tinebase_Model_FullUser data or account id * @param string $password the new password * @param bool $mustChange * @return array */ public function resetPassword($account, $password, $mustChange) { if (is_array($account)) { $account = new Tinebase_Model_FullUser($account); } else { $account = Tinebase_User::factory(Tinebase_User::getConfiguredBackend())->getFullUserById($account); } $controller = Admin_Controller_User::getInstance(); $controller->setAccountPassword($account, $password, $password, (bool) $mustChange); $result = array('success' => TRUE); return $result; }
/** * resolved app records and fills the related_record property with the corresponding record * * NOTE: With this, READ ACL is implicitly checked as non readable records won't get retuned! * * @param Tinebase_Record_RecordSet $_relations of Tinebase_Model_Relation * @param boolean $_ignoreACL * @return void * * @todo make getApplicationInstance work for tinebase record (Tinebase_Model_User for example) */ protected function resolveAppRecords($_relations, $_ignoreACL = FALSE) { // separate relations by model $modelMap = array(); foreach ($_relations as $relation) { if (!(isset($modelMap[$relation->related_model]) || array_key_exists($relation->related_model, $modelMap))) { $modelMap[$relation->related_model] = new Tinebase_Record_RecordSet('Tinebase_Model_Relation'); } $modelMap[$relation->related_model]->addRecord($relation); } // fill related_record foreach ($modelMap as $modelName => $relations) { // check right $split = explode('_Model_', $modelName); $rightClass = $split[0] . '_Acl_Rights'; $rightName = 'manage_' . strtolower($split[1]) . 's'; if (class_exists($rightClass)) { $ref = new ReflectionClass($rightClass); $u = Tinebase_Core::getUser(); // if a manage right is defined and the user has no manage_record or admin right, remove relations having this record class as related model if (is_object($u) && $ref->hasConstant(strtoupper($rightName)) && !$u->hasRight($split[0], $rightName) && !$u->hasRight($split[0], Tinebase_Acl_Rights::ADMIN)) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { $_relations->removeRecords($relations); Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Skipping relation due to no manage right: ' . $modelName); } continue; } } $getMultipleMethod = 'getMultiple'; if ($modelName === 'Tinebase_Model_User') { // @todo add related backend here //$appController = Tinebase_User::factory($relations->related_backend); $appController = Tinebase_User::factory(Tinebase_User::getConfiguredBackend()); $records = $appController->{$getMultipleMethod}($relations->related_id); } else { try { $appController = Tinebase_Core::getApplicationInstance($modelName); if (method_exists($appController, $getMultipleMethod)) { $records = $appController->{$getMultipleMethod}($relations->related_id, $_ignoreACL); // resolve record alarms if (count($records) > 0 && $records->getFirstRecord()->has('alarms')) { $appController->getAlarms($records); } } else { throw new Tinebase_Exception_AccessDenied('Controller ' . get_class($appController) . ' has no method ' . $getMultipleMethod); } } catch (Tinebase_Exception_AccessDenied $tea) { if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Removing relations from result. Got exception: ' . $tea->getMessage()); } $_relations->removeRecords($relations); continue; } } if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Resolving " . count($relations) . " relations"); } foreach ($relations as $relation) { $recordIndex = $records->getIndexById($relation->related_id); $relationIndex = $_relations->getIndexById($relation->getId()); if ($recordIndex !== false) { $_relations[$relationIndex]->related_record = $records[$recordIndex]; } else { // delete relation from set, as READ ACL is obviously not granted if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " removing {$relation->related_model} {$relation->related_backend} {$relation->related_id} (ACL)"); } unset($_relations[$relationIndex]); } } } }
/** * create initial admin account * * Method is called during Setup Initialization * * $_options may contain the following keys: * <code> * $options = array( * 'adminLoginName' => 'admin', * 'adminPassword' => 'lars', * 'adminFirstName' => 'Tine 2.0', * 'adminLastName' => 'Admin Account', * 'adminEmailAddress' => '*****@*****.**', * 'expires' => Tinebase_DateTime object * ); * </code> * * @param array $_options [hash that may contain override values for admin user name and password] * @return void */ public static function createInitialAccounts($_options) { if (!isset($_options['adminPassword']) || !isset($_options['adminLoginName'])) { throw new Tinebase_Exception_InvalidArgument('Admin password and login name have to be set when creating initial account.', 503); } $adminLoginName = $_options['adminLoginName']; $adminPassword = $_options['adminPassword']; $adminFirstName = isset($_options['adminFirstName']) ? $_options['adminFirstName'] : 'Tine 2.0'; $adminLastName = isset($_options['adminLastName']) ? $_options['adminLastName'] : 'Admin Account'; $adminEmailAddress = array_key_exists('adminEmailAddress', $_options) ? $_options['adminEmailAddress'] : NULL; // get admin & user groups $userBackend = Tinebase_User::factory(Tinebase_User::SQL); $groupsBackend = Tinebase_Group::factory(Tinebase_Group::SQL); $adminGroup = $groupsBackend->getDefaultAdminGroup(); $userGroup = $groupsBackend->getDefaultGroup(); Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Creating initial admin user (login: '******' / email: ' . $adminEmailAddress . ')'); $user = new Tinebase_Model_FullUser(array('accountLoginName' => $adminLoginName, 'accountStatus' => 'enabled', 'accountPrimaryGroup' => $userGroup->getId(), 'accountLastName' => $adminLastName, 'accountDisplayName' => $adminLastName . ', ' . $adminFirstName, 'accountFirstName' => $adminFirstName, 'accountExpires' => isset($_options['expires']) ? $_options['expires'] : NULL, 'accountEmailAddress' => $adminEmailAddress)); if ($adminEmailAddress !== NULL) { $user->imapUser = new Tinebase_Model_EmailUser(array('emailPassword' => $adminPassword)); $user->smtpUser = new Tinebase_Model_EmailUser(array('emailPassword' => $adminPassword)); } // update or create user in local sql backend try { $userBackend->getUserByProperty('accountLoginName', $adminLoginName); $user = $userBackend->updateUserInSqlBackend($user); } catch (Tinebase_Exception_NotFound $ten) { // call addUser here to make sure, sql user plugins (email, ...) are triggered $user = $userBackend->addUser($user); } // set the password for the account Tinebase_User::getInstance()->setPassword($user, $adminPassword); // add the admin account to all groups Tinebase_Group::getInstance()->addGroupMember($adminGroup, $user); Tinebase_Group::getInstance()->addGroupMember($userGroup, $user); }
/** * resolved app records and filles the related_record property with the corresponding record * * NOTE: With this, READ ACL is implicitly checked as non readable records won't get retuned! * * @param Tinebase_Record_RecordSet $_relations of Tinebase_Model_Relation * @param boolean $_ignoreACL * @return void * * @todo make getApplicationInstance work for tinebase record (Tinebase_Model_User for example) */ protected function resolveAppRecords($_relations, $_ignoreACL = FALSE) { // seperate relations by model $modelMap = array(); foreach ($_relations as $relation) { if (!array_key_exists($relation->related_model, $modelMap)) { $modelMap[$relation->related_model] = new Tinebase_Record_RecordSet('Tinebase_Model_Relation'); } $modelMap[$relation->related_model]->addRecord($relation); } // fill related_record foreach ($modelMap as $modelName => $relations) { $getMultipleMethod = 'getMultiple'; if ($modelName === 'Tinebase_Model_User') { // @todo add related backend here //$appController = Tinebase_User::factory($relations->related_backend); $appController = Tinebase_User::factory(Tinebase_User::getConfiguredBackend()); $records = $appController->{$getMultipleMethod}($relations->related_id); } else { try { $appController = Tinebase_Core::getApplicationInstance($modelName); $records = $appController->{$getMultipleMethod}($relations->related_id, $_ignoreACL); } catch (Tinebase_Exception_AccessDenied $tea) { // remove relations, user has no permission $_relations->removeRecords($relations); continue; } } foreach ($relations as $relation) { $recordIndex = $records->getIndexById($relation->related_id); $relationIndex = $_relations->getIndexById($relation->getId()); if ($recordIndex !== false) { $_relations[$relationIndex]->related_record = $records[$recordIndex]; } else { // delete relation from set, as READ ACL is obviously not granted if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " removing {$relation->related_model} {$relation->related_backend} {$relation->related_id} (ACL)"); } unset($_relations[$relationIndex]); } } } }