Merge remote-tracking branch 'gallery3-contrib/master'
This commit is contained in:
commit
be685c4db3
@ -11,7 +11,6 @@ $(document).keydown(function(e) {
|
|||||||
|
|
||||||
if(url != undefined) {
|
if(url != undefined) {
|
||||||
window.location = url;
|
window.location = url;
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
|
||||||
});
|
});
|
||||||
|
@ -34,10 +34,12 @@ $config["ldap"] = array(
|
|||||||
"driver" => "ldap",
|
"driver" => "ldap",
|
||||||
"allow_updates" => false,
|
"allow_updates" => false,
|
||||||
"params" => array(
|
"params" => array(
|
||||||
|
"guest_user" => "Guest",
|
||||||
"groups" => array("engineering", "everybody", "guest"),
|
"groups" => array("engineering", "everybody", "guest"),
|
||||||
"everybody_group" => "guest",
|
"everybody_group" => "guest",
|
||||||
"registered_users_group" => "everybody",
|
"registered_users_group" => "everybody",
|
||||||
"admins" => array("alice", "bob"),
|
"admins" => array("alice", "bob"),
|
||||||
|
"admin_mail" => "unknown@unknown.com",
|
||||||
"url" => "ldaps://ldap.mycompany.com/",
|
"url" => "ldaps://ldap.mycompany.com/",
|
||||||
"group_domain" => "ou=Posix,ou=Groups,dc=ymcompany,dc=com",
|
"group_domain" => "ou=Posix,ou=Groups,dc=ymcompany,dc=com",
|
||||||
"user_domain" => "ou=People,dc=MyCompany,dc=com",
|
"user_domain" => "ou=People,dc=MyCompany,dc=com",
|
||||||
|
@ -29,7 +29,7 @@ class ldap_installer {
|
|||||||
return $messages;
|
return $messages;
|
||||||
}
|
}
|
||||||
|
|
||||||
static function install() {
|
static function activate() {
|
||||||
IdentityProvider::change_provider("ldap");
|
IdentityProvider::change_provider("ldap");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -17,10 +17,16 @@
|
|||||||
* along with this program; if not, write to the Free Software
|
* along with this program; if not, write to the Free Software
|
||||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
*/
|
*/
|
||||||
|
define("LDAP_GUEST_ID", 0);
|
||||||
|
define("LDAP_EVERYBODY_ID", 0);
|
||||||
|
define("LDAP_REGISTERED_USERS_ID", 99999);
|
||||||
|
|
||||||
class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
||||||
static $_params;
|
static $_params;
|
||||||
private static $_connection;
|
private static $_connection;
|
||||||
private static $_guest_user;
|
private static $_guest_user;
|
||||||
|
private static $_everybody_group;
|
||||||
|
private static $_registered_users_group;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initializes the LDAP Driver
|
* Initializes the LDAP Driver
|
||||||
@ -29,6 +35,9 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
*/
|
*/
|
||||||
public function __construct($params) {
|
public function __construct($params) {
|
||||||
self::$_params = $params;
|
self::$_params = $params;
|
||||||
|
if (!in_array(self::$_params["everybody_group"], self::$_params["groups"]) || !in_array(self::$_params["registered_users_group"], self::$_params["groups"])) {
|
||||||
|
throw new Exception("Module ldap: Values of parameters \"everybody_group\" and \"registered_users_group\" must be listed in parameter \"groups\"!");
|
||||||
|
}
|
||||||
self::$_connection = ldap_connect(self::$_params["url"]);
|
self::$_connection = ldap_connect(self::$_params["url"]);
|
||||||
ldap_set_option(self::$_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
ldap_set_option(self::$_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||||
if (self::$_params["bind_rdn"]) {
|
if (self::$_params["bind_rdn"]) {
|
||||||
@ -42,18 +51,7 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
* @see IdentityProvider_Driver::guest.
|
* @see IdentityProvider_Driver::guest.
|
||||||
*/
|
*/
|
||||||
public function guest() {
|
public function guest() {
|
||||||
if (empty(self::$_guest_user)) {
|
return self::lookup_user_by_name(self::$_params["guest_user"]);
|
||||||
self::$_guest_user = new Ldap_User();
|
|
||||||
self::$_guest_user->id = 0;
|
|
||||||
self::$_guest_user->name = "Guest";
|
|
||||||
self::$_guest_user->full_name = "Guest";
|
|
||||||
self::$_guest_user->guest = true;
|
|
||||||
self::$_guest_user->admin = false;
|
|
||||||
self::$_guest_user->locale = null;
|
|
||||||
self::$_guest_user->email = null;
|
|
||||||
self::$_guest_user->groups = array($this->everybody());
|
|
||||||
}
|
|
||||||
return self::$_guest_user;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -86,8 +84,8 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
* @see IdentityProvider_Driver::lookup_user.
|
* @see IdentityProvider_Driver::lookup_user.
|
||||||
*/
|
*/
|
||||||
public function lookup_user($id) {
|
public function lookup_user($id) {
|
||||||
if ($id == 0) {
|
if ($id == LDAP_GUEST_ID) {
|
||||||
return $this->guest();
|
return self::lookup_user_by_name(self::$_params["guest_user"]);
|
||||||
}
|
}
|
||||||
$result = ldap_search(self::$_connection, self::$_params["user_domain"], "uidNumber=$id");
|
$result = ldap_search(self::$_connection, self::$_params["user_domain"], "uidNumber=$id");
|
||||||
$entries = ldap_get_entries(self::$_connection, $result);
|
$entries = ldap_get_entries(self::$_connection, $result);
|
||||||
@ -109,6 +107,19 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
if ($entries["count"] > 0) {
|
if ($entries["count"] > 0) {
|
||||||
return new Ldap_User($entries[0]);
|
return new Ldap_User($entries[0]);
|
||||||
}
|
}
|
||||||
|
if ($name == self::$_params["guest_user"]) {
|
||||||
|
if (empty(self::$_guest_user)) {
|
||||||
|
self::$_guest_user = new Ldap_User();
|
||||||
|
self::$_guest_user->id = LDAP_GUEST_ID;
|
||||||
|
self::$_guest_user->name = "$name";
|
||||||
|
self::$_guest_user->full_name = "$name";
|
||||||
|
self::$_guest_user->guest = true;
|
||||||
|
self::$_guest_user->admin = false;
|
||||||
|
self::$_guest_user->locale = null;
|
||||||
|
self::$_guest_user->email = null;
|
||||||
|
}
|
||||||
|
return self::$_guest_user;
|
||||||
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -137,13 +148,20 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
* @see IdentityProvider_Driver::lookup_group.
|
* @see IdentityProvider_Driver::lookup_group.
|
||||||
*/
|
*/
|
||||||
public function lookup_group($id) {
|
public function lookup_group($id) {
|
||||||
|
if ($id = LDAP_EVERYBODY_GROUP_ID) {
|
||||||
|
return self::lookup_group_by_name(self::$_params["everybody_group"]);
|
||||||
|
} else if ($id = LDAP_REGISTERED_USERS_ID) {
|
||||||
|
return self::lookup_group_by_name(self::$_params["registered_users_group"]);
|
||||||
|
}
|
||||||
$result = @ldap_search(self::$_connection, self::$_params["group_domain"], "gidNumber=$id");
|
$result = @ldap_search(self::$_connection, self::$_params["group_domain"], "gidNumber=$id");
|
||||||
$entry_id = ldap_first_entry(self::$_connection, $result);
|
$entry_id = ldap_first_entry(self::$_connection, $result);
|
||||||
|
|
||||||
if ($entry_id !== false) {
|
if ($entry_id !== false) {
|
||||||
$cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
|
$cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
|
||||||
$gid_number_entry = ldap_get_values(self::$_connection, $entry_id, "gidNumber");
|
$gid_number_entry = ldap_get_values(self::$_connection, $entry_id, "gidNumber");
|
||||||
return new Ldap_Group($gid_number_entry[0], $cn_entry[0]);
|
if (in_array($cn_entry, self::$_params["groups"])) {
|
||||||
|
return new Ldap_Group($gid_number_entry[0], $cn_entry[0]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@ -160,7 +178,21 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
if ($entry_id !== false) {
|
if ($entry_id !== false) {
|
||||||
$cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
|
$cn_entry = ldap_get_values(self::$_connection, $entry_id, "cn");
|
||||||
$gid_number_entry = ldap_get_values(self::$_connection, $entry_id, "gidNumber");
|
$gid_number_entry = ldap_get_values(self::$_connection, $entry_id, "gidNumber");
|
||||||
return new Ldap_Group($gid_number_entry[0], $cn_entry[0]);
|
if (in_array($cn_entry, self::$_params["groups"])) {
|
||||||
|
return new Ldap_Group($gid_number_entry[0], $cn_entry[0]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($name == self::$_params["everybody_group"]) {
|
||||||
|
if (!self::$_everybody_group) {
|
||||||
|
self::$_everybody_group = new Ldap_Group(LDAP_EVERYBODY_ID, $name);
|
||||||
|
}
|
||||||
|
return self::$_everybody_group;
|
||||||
|
}
|
||||||
|
if ($name == self::$_params["registered_users_group"]) {
|
||||||
|
if (!self::$_registered_users_group) {
|
||||||
|
self::$_registered_users_group = new Ldap_Group(LDAP_REGISTERED_USERS_ID, $name);
|
||||||
|
}
|
||||||
|
return self::$_registered_users_group;
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@ -171,7 +203,9 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
public function get_user_list($ids) {
|
public function get_user_list($ids) {
|
||||||
$users = array();
|
$users = array();
|
||||||
foreach ($ids as $id) {
|
foreach ($ids as $id) {
|
||||||
$users[] = $this->lookup_user($id);
|
if ($user = $this->lookup_user($id)) {
|
||||||
|
$users[] = $user;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $users;
|
return $users;
|
||||||
}
|
}
|
||||||
@ -182,21 +216,21 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
public function groups() {
|
public function groups() {
|
||||||
$groups = array();
|
$groups = array();
|
||||||
foreach (self::$_params["groups"] as $group_name) {
|
foreach (self::$_params["groups"] as $group_name) {
|
||||||
$groups[] = $this->lookup_group_by_name($group_name);
|
if ($group = $this->lookup_group_by_name($group_name)) {
|
||||||
|
$groups[] = $group;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $groups;
|
return $groups;
|
||||||
}
|
}
|
||||||
|
|
||||||
static function groups_for($user) {
|
static function groups_for($user) {
|
||||||
if ($user->guest) {
|
|
||||||
return $user->groups;
|
|
||||||
}
|
|
||||||
|
|
||||||
$result = ldap_search(self::$_connection, self::$_params["group_domain"],
|
$result = ldap_search(self::$_connection, self::$_params["group_domain"],
|
||||||
"(memberUid=$user->name)");
|
"(memberUid=$user->name)");
|
||||||
|
|
||||||
$associated_groups = self::$_params["groups"];
|
$associated_groups = self::$_params["groups"];
|
||||||
$groups = array();
|
$groups = array();
|
||||||
|
$in_everybody_group = false;
|
||||||
|
$in_registered_users_group = false;
|
||||||
for ($entry_id = ldap_first_entry(self::$_connection, $result);
|
for ($entry_id = ldap_first_entry(self::$_connection, $result);
|
||||||
$entry_id != false;
|
$entry_id != false;
|
||||||
$entry_id = ldap_next_entry(self::$_connection, $entry_id)) {
|
$entry_id = ldap_next_entry(self::$_connection, $entry_id)) {
|
||||||
@ -205,6 +239,18 @@ class IdentityProvider_Ldap_Driver implements IdentityProvider_Driver {
|
|||||||
if (in_array($group_name[0], $associated_groups)) {
|
if (in_array($group_name[0], $associated_groups)) {
|
||||||
$groups[] = new Ldap_Group($group_id[0], $group_name[0]);
|
$groups[] = new Ldap_Group($group_id[0], $group_name[0]);
|
||||||
}
|
}
|
||||||
|
if ($group_name[0] == self::$_params["everybody_group"]) {
|
||||||
|
$in_everybody_group = true;
|
||||||
|
}
|
||||||
|
if ($group_name[0] == self::$_params["registered_users_group"]) {
|
||||||
|
$in_registered_users_group = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!$in_everybody_group) {
|
||||||
|
$groups[] = self::lookup_group_by_name(self::$_params["everybody_group"]);
|
||||||
|
}
|
||||||
|
if (!$user->guest && !$in_registered_users_group) {
|
||||||
|
$groups[] = self::lookup_group_by_name(self::$_params["registered_users_group"]);
|
||||||
}
|
}
|
||||||
return $groups;
|
return $groups;
|
||||||
}
|
}
|
||||||
@ -235,7 +281,7 @@ class Ldap_User implements User_Definition {
|
|||||||
if (!empty($this->ldap_entry["displayname"][0])) {
|
if (!empty($this->ldap_entry["displayname"][0])) {
|
||||||
return $this->ldap_entry["displayname"][0];
|
return $this->ldap_entry["displayname"][0];
|
||||||
}
|
}
|
||||||
return $this->ldap_entry["cn"][0];
|
return $this->full_name;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function __get($key) {
|
public function __get($key) {
|
||||||
@ -257,10 +303,20 @@ class Ldap_User implements User_Definition {
|
|||||||
IdentityProvider_Ldap_Driver::$_params["admins"]);
|
IdentityProvider_Ldap_Driver::$_params["admins"]);
|
||||||
|
|
||||||
case "email":
|
case "email":
|
||||||
return $this->ldap_entry["mail"][0];
|
if (isset($this->ldap_entry["mail"])) {
|
||||||
|
return $this->ldap_entry["mail"][0];
|
||||||
|
} else if ($this->admin) {
|
||||||
|
IdentityProvider_Ldap_Driver::$_params["admin_mail"];
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
case "full_name":
|
case "full_name":
|
||||||
return $this->ldap_entry["cn"][0];
|
if (isset($this->ldap_entry["cn"])) {
|
||||||
|
return $this->ldap_entry["cn"][0];
|
||||||
|
} else {
|
||||||
|
return $this->name;
|
||||||
|
}
|
||||||
|
|
||||||
case "dn":
|
case "dn":
|
||||||
return $this->ldap_entry["dn"];
|
return $this->ldap_entry["dn"];
|
||||||
@ -281,6 +337,12 @@ class Ldap_User implements User_Definition {
|
|||||||
return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s",
|
return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s",
|
||||||
md5($this->email), $size, $default ? "&d=" . urlencode($default) : "");
|
md5($this->email), $size, $default ? "&d=" . urlencode($default) : "");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Called e.g. by user_profile.php:_can_view_profile_pages()
|
||||||
|
// We don't have "empty" users, so just return true
|
||||||
|
public function loaded() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class Ldap_Group implements Group_Definition {
|
class Ldap_Group implements Group_Definition {
|
||||||
|
Reference in New Issue
Block a user