Merge remote-tracking branch 'gallery3-contrib/master'

3.0/modules/arrow_nav/js/arrow_nav.js

@@ -11,7 +11,6 @@ $(document).keydown(function(e) {
   
   if(url != undefined) {
       window.location = url;
+      return false;
   }
-
-  return false;
 });

3.0/modules/ldap/config/identity.php

@@ -34,10 +34,12 @@ $config["ldap"] = array(
   "driver"        => "ldap",
   "allow_updates" => false,
   "params"        => array(
+    "guest_user" => "Guest",
     "groups" => array("engineering", "everybody", "guest"),
     "everybody_group" => "guest",
     "registered_users_group" => "everybody",
     "admins" => array("alice", "bob"),
+    "admin_mail" => "unknown@unknown.com",
     "url" => "ldaps://ldap.mycompany.com/",
     "group_domain" => "ou=Posix,ou=Groups,dc=ymcompany,dc=com",
     "user_domain" => "ou=People,dc=MyCompany,dc=com",

3.0/modules/ldap/helpers/ldap_installer.php

@@ -29,7 +29,7 @@ class ldap_installer {
     return $messages;
   }
 
-  static function install() {
+  static function activate() {
     IdentityProvider::change_provider("ldap");
   }
 

3.0/modules/ldap/libraries/drivers/IdentityProvider/Ldap.php

@@ -17,10 +17,16 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
+define("LDAP_GUEST_ID", 0);
+define("LDAP_EVERYBODY_ID", 0);
+define("LDAP_REGISTERED_USERS_ID", 99999);
+
 class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
   static $_params;
   private static $_connection;
   private static $_guest_user;
+  private static $_everybody_group;
+  private static $_registered_users_group;
 
   /**
    * Initializes the LDAP Driver
@@ -29,6 +35,9 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
    */
   public function __construct($params) {
     self::$_params = $params;
+    if (!in_array(self::$_params["everybody_group"], self::$_params["groups"]) || !in_array(self::$_params["registered_users_group"], self::$_params["groups"])) {
+      throw new Exception("Module ldap: Values of parameters \"everybody_group\" and \"registered_users_group\" must be listed in parameter \"groups\"!");
+    }
     self::$_connection = ldap_connect(self::$_params["url"]);
     ldap_set_option(self::$_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
     if (self::$_params["bind_rdn"]) {
@@ -42,18 +51,7 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
    * @see IdentityProvider_Driver::guest.
    */
   public function guest() {
-    if (empty(self::$_guest_user)) {
-      self::$_guest_user = new Ldap_User();
-      self::$_guest_user->id = 0;
-      self::$_guest_user->name = "Guest";
-      self::$_guest_user->full_name = "Guest";
-      self::$_guest_user->guest = true;
-      self::$_guest_user->admin = false;
-      self::$_guest_user->locale = null;
-      self::$_guest_user->email = null;
-      self::$_guest_user->groups = array($this->everybody());
-    }
-    return self::$_guest_user;
+    return self::lookup_user_by_name(self::$_params["guest_user"]);
   }
 
   /**
@@ -86,8 +84,8 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
    * @see IdentityProvider_Driver::lookup_user.
    */
   public function lookup_user($id) {
-    if ($id == 0) {
-      return $this->guest();
+    if ($id == LDAP_GUEST_ID) {
+      return self::lookup_user_by_name(self::$_params["guest_user"]);
     }
     $result = ldap_search(self::$_connection, self::$_params["user_domain"], "uidNumber=$id");
     $entries = ldap_get_entries(self::$_connection, $result);
@@ -109,6 +107,19 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
     if ($entries["count"] > 0) {
       return new Ldap_User($entries[0]);
     }
+    if ($name == self::$_params["guest_user"]) {
+      if (empty(self::$_guest_user)) {
+        self::$_guest_user = new Ldap_User();
+        self::$_guest_user->id = LDAP_GUEST_ID;
+        self::$_guest_user->name = "$name";
+        self::$_guest_user->full_name = "$name";
+        self::$_guest_user->guest = true;
+        self::$_guest_user->admin = false;
+        self::$_guest_user->locale = null;
+        self::$_guest_user->email = null;
+      }
+      return self::$_guest_user;
+    }
     return null;
   }
 
@@ -137,13 +148,20 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
    * @see IdentityProvider_Driver::lookup_group.
    */
   public function lookup_group($id) {
+    if ($id = LDAP_EVERYBODY_GROUP_ID) {
+      return self::lookup_group_by_name(self::$_params["everybody_group"]);
+    } else if ($id = LDAP_REGISTERED_USERS_ID) {
+      return self::lookup_group_by_name(self::$_params["registered_users_group"]);
+    }
     $result = @ldap_search(self::$_connection, self::$_params["group_domain"], "gidNumber=$id");
     $entry_id = ldap_first_entry(self::$_connection, $result);
 
     if ($entry_id !== false) {
       $cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
       $gid_number_entry = ldap_get_values(self::$_connection, $entry_id, "gidNumber");
-      return new Ldap_Group($gid_number_entry[0], $cn_entry[0]);
+      if (in_array($cn_entry, self::$_params["groups"])) {
+        return new Ldap_Group($gid_number_entry[0], $cn_entry[0]);
+      }
     }
     return null;
   }
@@ -160,7 +178,21 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
     if ($entry_id !== false) {
       $cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
       $gid_number_entry = ldap_get_values(self::$_connection, $entry_id, "gidNumber");
-      return new Ldap_Group($gid_number_entry[0], $cn_entry[0]);
+      if (in_array($cn_entry, self::$_params["groups"])) {
+        return new Ldap_Group($gid_number_entry[0], $cn_entry[0]);
+      }
+    }
+    if ($name == self::$_params["everybody_group"]) {
+      if (!self::$_everybody_group) {
+        self::$_everybody_group = new Ldap_Group(LDAP_EVERYBODY_ID, $name);
+      }
+      return self::$_everybody_group;
+    }
+    if ($name == self::$_params["registered_users_group"]) {
+      if (!self::$_registered_users_group) {
+        self::$_registered_users_group = new Ldap_Group(LDAP_REGISTERED_USERS_ID, $name);
+      }
+      return self::$_registered_users_group;
     }
     return null;
   }
@@ -171,7 +203,9 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
   public function get_user_list($ids) {
     $users = array();
     foreach ($ids as $id) {
-      $users[] = $this->lookup_user($id);
+      if ($user = $this->lookup_user($id)) {
+        $users[] = $user;
+      }
     }
     return $users;
   }
@@ -182,21 +216,21 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
   public function groups() {
     $groups = array();
     foreach (self::$_params["groups"] as $group_name) {
-      $groups[] = $this->lookup_group_by_name($group_name);
+      if ($group = $this->lookup_group_by_name($group_name)) {
+        $groups[] = $group;
+      }
     }
     return $groups;
   }
 
   static function groups_for($user) {
-    if ($user->guest) {
-      return $user->groups;
-    }
-
     $result = ldap_search(self::$_connection, self::$_params["group_domain"],
                           "(memberUid=$user->name)");
 
     $associated_groups = self::$_params["groups"];
     $groups = array();
+    $in_everybody_group = false;
+    $in_registered_users_group = false;
     for ($entry_id = ldap_first_entry(self::$_connection, $result);
          $entry_id != false;
          $entry_id = ldap_next_entry(self::$_connection, $entry_id)) {
@@ -205,6 +239,18 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
       if (in_array($group_name[0], $associated_groups)) {
         $groups[] = new Ldap_Group($group_id[0], $group_name[0]);
       }
+      if ($group_name[0] == self::$_params["everybody_group"]) {
+        $in_everybody_group = true;
+      }
+      if ($group_name[0] == self::$_params["registered_users_group"]) {
+        $in_registered_users_group = true;
+      }
+    }
+    if (!$in_everybody_group) {
+      $groups[] = self::lookup_group_by_name(self::$_params["everybody_group"]);
+    }
+    if (!$user->guest && !$in_registered_users_group) {
+      $groups[] = self::lookup_group_by_name(self::$_params["registered_users_group"]);
     }
     return $groups;
   }
@@ -235,7 +281,7 @@ class Ldap_User implements User_Definition {
     if (!empty($this->ldap_entry["displayname"][0])) {
       return $this->ldap_entry["displayname"][0];
     }
-    return $this->ldap_entry["cn"][0];
+    return $this->full_name;
   }
 
   public function __get($key) {
@@ -257,10 +303,20 @@ class Ldap_User implements User_Definition {
                       IdentityProvider_Ldap_Driver::$_params["admins"]);
 
     case "email":
-      return $this->ldap_entry["mail"][0];
+      if (isset($this->ldap_entry["mail"])) {
+        return $this->ldap_entry["mail"][0];
+      } else if ($this->admin) {
+        IdentityProvider_Ldap_Driver::$_params["admin_mail"];
+      } else {
+        return null;
+      }
 
     case "full_name":
-      return $this->ldap_entry["cn"][0];
+      if (isset($this->ldap_entry["cn"])) {
+        return $this->ldap_entry["cn"][0];
+      } else {
+        return $this->name;
+      }
 
     case "dn":
       return $this->ldap_entry["dn"];
@@ -281,6 +337,12 @@ class Ldap_User implements User_Definition {
     return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s",
                    md5($this->email), $size, $default ? "&d=" . urlencode($default) : "");
   }
+
+  // Called e.g. by user_profile.php:_can_view_profile_pages()
+  // We don't have "empty" users, so just return true
+  public function loaded() {
+    return true;
+  }
 }
 
 class Ldap_Group implements Group_Definition {