Removed tight coupling of group membership expansion and LDAPSource.
Any implementation of SOGoSource may now support group expansion by implementing the protocol MembershipAwareSource.pull/263/head
parent
856b0654ab
commit
2e98929900
|
@ -59,6 +59,7 @@
|
|||
#import <SOGo/SOGoWebDAVValue.h>
|
||||
#import <SOGo/WORequest+SOGo.h>
|
||||
#import <SOGo/WOResponse+SOGo.h>
|
||||
#import <SOGo/SOGoSource.h>
|
||||
|
||||
#import "iCalCalendar+SOGo.h"
|
||||
#import "iCalRepeatableEntityObject+SOGo.h"
|
||||
|
@ -70,7 +71,6 @@
|
|||
#import "SOGoTaskObject.h"
|
||||
#import "SOGoWebAppointmentFolder.h"
|
||||
|
||||
|
||||
#define defaultColor @"#AAAAAA"
|
||||
|
||||
@interface SOGoGCSFolder (SOGoPrivate)
|
||||
|
@ -437,19 +437,22 @@ static Class iCalEventK = nil;
|
|||
|
||||
if (rc)
|
||||
{
|
||||
#warning Duplicated code from SOGoGCSFolder subscribeUserOrGroup
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: theIdentifier];
|
||||
|
||||
if ([[dict objectForKey: @"isGroup"] boolValue])
|
||||
if (dict && [[dict objectForKey: @"isGroup"] boolValue])
|
||||
{
|
||||
SOGoGroup *aGroup;
|
||||
id <SOGoSource> source;
|
||||
|
||||
aGroup = [SOGoGroup groupWithIdentifier: theIdentifier
|
||||
inDomain: [[context activeUser] domain]];
|
||||
allUsers = [NSMutableArray arrayWithArray: [aGroup members]];
|
||||
source = [[SOGoUserManager sharedUserManager] sourceWithID: [dict objectForKey: @"SOGoSource"]];
|
||||
if ([source conformsToProtocol:@protocol(MembershipAwareSource)])
|
||||
{
|
||||
allUsers = [NSMutableArray arrayWithArray: [(id<MembershipAwareSource>)(source) membersForGroupWithUID: [dict objectForKey: @"c_uid"]]];
|
||||
|
||||
// We remove the active user from the group (if present) in order to
|
||||
// not subscribe him to their own resource!
|
||||
[allUsers removeObject: [context activeUser]];
|
||||
// We remove the active user from the group (if present) in order to
|
||||
// not subscribe him to their own resource!
|
||||
[allUsers removeObject: [context activeUser]];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
#import <SOGo/NSObject+DAV.h>
|
||||
#import <SOGo/NSString+Utilities.h>
|
||||
#import <SOGo/SOGoDateFormatter.h>
|
||||
#import <SOGo/SOGoGroup.h>
|
||||
#import <SOGo/SOGoUserManager.h>
|
||||
#import <SOGo/SOGoUser.h>
|
||||
#import <SOGo/SOGoUserSettings.h>
|
||||
#import <SOGo/SOGoDomainDefaults.h>
|
||||
|
@ -1670,10 +1670,13 @@ inRecurrenceExceptionsForEvent: (iCalEvent *) theEvent
|
|||
if ([event isAttendee: [[delegate email] rfc822Email]])
|
||||
ex = [NSException exceptionWithHTTPStatus: 409
|
||||
reason: @"delegate is a participant"];
|
||||
else if ([SOGoGroup groupWithEmail: [[delegate email] rfc822Email]
|
||||
inDomain: [ownerUser domain]])
|
||||
ex = [NSException exceptionWithHTTPStatus: 409
|
||||
reason: @"delegate is a group"];
|
||||
else {
|
||||
NSDictionary *dict;
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: [[delegate email] rfc822Email]];
|
||||
if (dict && [[dict objectForKey: @"isGroup"] boolValue])
|
||||
ex = [NSException exceptionWithHTTPStatus: 409
|
||||
reason: @"delegate is a group"];
|
||||
}
|
||||
}
|
||||
if (ex == nil)
|
||||
{
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
#import <SOGo/NSString+Utilities.h>
|
||||
#import <SOGo/SOGoBuild.h>
|
||||
#import <SOGo/SOGoMailer.h>
|
||||
#import <SOGo/SOGoGroup.h>
|
||||
#import <SOGo/SOGoSource.h>
|
||||
#import <SOGo/SOGoPermissions.h>
|
||||
#import <SOGo/SOGoUser.h>
|
||||
#import <SOGo/SOGoUserSettings.h>
|
||||
|
@ -525,7 +525,7 @@
|
|||
iCalPerson *currentAttendee;
|
||||
NSEnumerator *enumerator;
|
||||
NSAutoreleasePool *pool;
|
||||
SOGoGroup *group;
|
||||
NSDictionary *dict;
|
||||
|
||||
BOOL eventWasModified;
|
||||
unsigned int i, j;
|
||||
|
@ -549,37 +549,42 @@
|
|||
pool = [[NSAutoreleasePool alloc] init];
|
||||
}
|
||||
|
||||
group = [SOGoGroup groupWithEmail: [currentAttendee rfc822Email]
|
||||
inDomain: domain];
|
||||
if (group)
|
||||
{
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: [currentAttendee rfc822Email]];
|
||||
|
||||
if (dict && [[dict objectForKey: @"isGroup"] boolValue])
|
||||
{
|
||||
iCalPerson *person;
|
||||
NSArray *members;
|
||||
SOGoUser *user;
|
||||
id <SOGoSource> source;
|
||||
|
||||
// We did decompose a group...
|
||||
[allAttendees removeObject: currentAttendee];
|
||||
|
||||
members = [group members];
|
||||
for (i = 0; i < [members count]; i++)
|
||||
{
|
||||
user = [members objectAtIndex: i];
|
||||
eventWasModified = YES;
|
||||
source = [[SOGoUserManager sharedUserManager] sourceWithID: [dict objectForKey: @"SOGoSource"]];
|
||||
if ([source conformsToProtocol:@protocol(MembershipAwareSource)])
|
||||
{
|
||||
members = [(id<MembershipAwareSource>)(source) membersForGroupWithUID: [dict objectForKey: @"c_uid"]];
|
||||
for (i = 0; i < [members count]; i++)
|
||||
{
|
||||
user = [members objectAtIndex: i];
|
||||
eventWasModified = YES;
|
||||
|
||||
// If the organizer is part of the group, we skip it from
|
||||
// the addition to the attendees' list
|
||||
if ([user hasEmail: organizerEmail])
|
||||
continue;
|
||||
// If the organizer is part of the group, we skip it from
|
||||
// the addition to the attendees' list
|
||||
if ([user hasEmail: organizerEmail])
|
||||
continue;
|
||||
|
||||
person = [self iCalPersonWithUID: [user login]];
|
||||
[person setTag: @"ATTENDEE"];
|
||||
[person setParticipationStatus: [currentAttendee participationStatus]];
|
||||
[person setRsvp: [currentAttendee rsvp]];
|
||||
[person setRole: [currentAttendee role]];
|
||||
person = [self iCalPersonWithUID: [user login]];
|
||||
[person setTag: @"ATTENDEE"];
|
||||
[person setParticipationStatus: [currentAttendee participationStatus]];
|
||||
[person setRsvp: [currentAttendee rsvp]];
|
||||
[person setRole: [currentAttendee role]];
|
||||
|
||||
if (![allAttendees containsObject: person])
|
||||
[allAttendees addObject: person];
|
||||
}
|
||||
if (![allAttendees containsObject: person])
|
||||
[allAttendees addObject: person];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
j++;
|
||||
|
|
|
@ -58,7 +58,6 @@
|
|||
#import <SOGo/NSObject+DAV.h>
|
||||
#import <SOGo/SOGoPermissions.h>
|
||||
#import <SOGo/SOGoSystemDefaults.h>
|
||||
#import <SOGo/SOGoGroup.h>
|
||||
#import <SOGo/SOGoUser.h>
|
||||
#import <SOGo/SOGoUserFolder.h>
|
||||
#import <SOGo/SOGoUserManager.h>
|
||||
|
@ -1425,15 +1424,15 @@ _compareFetchResultsByMODSEQ (id entry1, id entry2, void *data)
|
|||
|
||||
- (NSString *) _sogoACLUIDToIMAPUID: (NSString *) uid
|
||||
{
|
||||
SOGoGroup *group;
|
||||
NSDictionary *dict;
|
||||
SOGoUser *user;
|
||||
|
||||
if ([uid isEqualToString: defaultUserID])
|
||||
return uid;
|
||||
|
||||
group = [SOGoGroup groupWithIdentifier: uid
|
||||
inDomain: [[context activeUser] domain]];
|
||||
if (group)
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: uid];
|
||||
|
||||
if (dict && [[dict objectForKey: @"isGroup"] boolValue])
|
||||
return [[[[context activeUser] domainDefaults] imapAclGroupIdPrefix]
|
||||
stringByAppendingString: uid];
|
||||
|
||||
|
|
|
@ -75,7 +75,6 @@ SOGo_HEADER_FILES = \
|
|||
SOGoWebDAVAclManager.h \
|
||||
SOGoWebDAVValue.h \
|
||||
SOGoMailer.h \
|
||||
SOGoGroup.h \
|
||||
SOGoUser.h \
|
||||
\
|
||||
CardElement+SOGo.h \
|
||||
|
@ -155,7 +154,6 @@ SOGo_OBJC_FILES = \
|
|||
SOGoWebDAVAclManager.m \
|
||||
SOGoWebDAVValue.m \
|
||||
SOGoMailer.m \
|
||||
SOGoGroup.m \
|
||||
SOGoUser.m \
|
||||
\
|
||||
CardElement+SOGo.m \
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
@class NSMutableDictionary;
|
||||
@class NSString;
|
||||
|
||||
@interface LDAPSource : NSObject <SOGoDNSource>
|
||||
@interface LDAPSource : NSObject <SOGoDNSource, MembershipAwareSource>
|
||||
{
|
||||
int _queryLimit;
|
||||
int _queryTimeout;
|
||||
|
|
|
@ -34,6 +34,7 @@
|
|||
#import "NSString+Crypto.h"
|
||||
#import "SOGoCache.h"
|
||||
#import "SOGoSystemDefaults.h"
|
||||
#import "SOGoUserManager.h"
|
||||
|
||||
#import "LDAPSource.h"
|
||||
|
||||
|
@ -1990,4 +1991,138 @@ _makeLDAPChanges (NGLdapConnection *ldapConnection,
|
|||
}
|
||||
}
|
||||
|
||||
#define CHECK_CLASS(o) ({ \
|
||||
if ([o isKindOfClass: [NSString class]]) \
|
||||
o = [NSArray arrayWithObject: o]; \
|
||||
})
|
||||
|
||||
- (NSArray *) membersForGroupWithUID: (NSString *) uid
|
||||
{
|
||||
NSMutableArray *dns, *uids, *logins;
|
||||
NSString *dn, *login;
|
||||
SOGoUserManager *um;
|
||||
NSDictionary *d;
|
||||
SOGoUser *user;
|
||||
NSArray *o;
|
||||
NSAutoreleasePool *pool;
|
||||
int i, c;
|
||||
NGLdapEntry *entry;
|
||||
NSMutableArray *members = nil;
|
||||
|
||||
if ([uid hasPrefix: @"@"])
|
||||
uid = [uid substringFromIndex: 1];
|
||||
|
||||
entry = [self lookupGroupEntryByUID: uid inDomain: nil];
|
||||
|
||||
if (entry)
|
||||
{
|
||||
members = [NSMutableArray new];
|
||||
uids = [NSMutableArray array];
|
||||
dns = [NSMutableArray array];
|
||||
logins = [NSMutableArray array];
|
||||
|
||||
// We check if it's a static group
|
||||
// Fetch "members" - we get DNs
|
||||
d = [entry asDictionary];
|
||||
o = [d objectForKey: @"member"];
|
||||
CHECK_CLASS(o);
|
||||
if (o) [dns addObjectsFromArray: o];
|
||||
|
||||
// Fetch "uniqueMembers" - we get DNs
|
||||
o = [d objectForKey: @"uniquemember"];
|
||||
CHECK_CLASS(o);
|
||||
if (o) [dns addObjectsFromArray: o];
|
||||
|
||||
// Fetch "memberUid" - we get UID (like login names)
|
||||
o = [d objectForKey: @"memberuid"];
|
||||
CHECK_CLASS(o);
|
||||
if (o) [uids addObjectsFromArray: o];
|
||||
|
||||
c = [dns count] + [uids count];
|
||||
|
||||
// We deal with a static group, let's add the members
|
||||
if (c)
|
||||
{
|
||||
um = [SOGoUserManager sharedUserManager];
|
||||
|
||||
// We add members for whom we have their associated DN
|
||||
for (i = 0; i < [dns count]; i++)
|
||||
{
|
||||
pool = [NSAutoreleasePool new];
|
||||
dn = [dns objectAtIndex: i];
|
||||
login = [um getLoginForDN: [dn lowercaseString]];
|
||||
user = [SOGoUser userWithLogin: login roles: nil];
|
||||
if (user)
|
||||
{
|
||||
[logins addObject: login];
|
||||
[members addObject: user];
|
||||
}
|
||||
[pool release];
|
||||
}
|
||||
|
||||
// We add members for whom we have their associated login name
|
||||
for (i = 0; i < [uids count]; i++)
|
||||
{
|
||||
pool = [NSAutoreleasePool new];
|
||||
login = [uids objectAtIndex: i];
|
||||
user = [SOGoUser userWithLogin: login roles: nil];
|
||||
|
||||
if (user)
|
||||
{
|
||||
[logins addObject: [user loginInDomain]];
|
||||
[members addObject: user];
|
||||
}
|
||||
[pool release];
|
||||
}
|
||||
|
||||
|
||||
// We are done fetching members, let's cache the members of the group
|
||||
// (ie., their UIDs) in memcached to speed up -hasMemberWithUID.
|
||||
[[SOGoCache sharedCache] setValue: [logins componentsJoinedByString: @","]
|
||||
forKey: [NSString stringWithFormat: @"%@+%@", uid, _domain]];
|
||||
}
|
||||
else
|
||||
{
|
||||
// We deal with a dynamic group, let's search all users for whom
|
||||
// memberOf is equal to our group's DN.
|
||||
// We also need to look for labelelURI?
|
||||
}
|
||||
}
|
||||
|
||||
return members;
|
||||
}
|
||||
|
||||
//
|
||||
//
|
||||
//
|
||||
- (BOOL) groupWithUIDHasMemberWithUID: (NSString *) uid
|
||||
memberUid: (NSString *) memberUid
|
||||
{
|
||||
|
||||
BOOL rc;
|
||||
NSString *key, *value;;
|
||||
NSArray *a;
|
||||
|
||||
rc = NO;
|
||||
|
||||
if ([uid hasPrefix: @"@"])
|
||||
uid = [uid substringFromIndex: 1];
|
||||
|
||||
key = [NSString stringWithFormat: @"%@+%@", uid, _domain];
|
||||
value = [[SOGoCache sharedCache] valueForKey: key];
|
||||
|
||||
// If the value isn't in memcached, that probably means -members was never called.
|
||||
// We call it only once here.
|
||||
if (!value)
|
||||
{
|
||||
[self membersForGroupWithUID: uid];
|
||||
value = [[SOGoCache sharedCache] valueForKey: key];
|
||||
}
|
||||
|
||||
a = [value componentsSeparatedByString: @","];
|
||||
rc = [a containsObject: memberUid];
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
@end
|
||||
|
|
|
@ -31,7 +31,6 @@
|
|||
|
||||
@class NGImap4Connection;
|
||||
|
||||
@class SOGoGroup;
|
||||
@class SOGoObject;
|
||||
@class SOGoUser;
|
||||
@class SOGoUserDefaults;
|
||||
|
@ -67,13 +66,6 @@
|
|||
withName: (NSString *) userName;
|
||||
- (id) userNamed: (NSString *) name;
|
||||
|
||||
- (void) registerGroup: (SOGoGroup *) group
|
||||
withName: (NSString *) groupName
|
||||
inDomain: (NSString *) domainName;
|
||||
|
||||
- (id) groupNamed: (NSString *) groupName
|
||||
inDomain: (NSString *) domainName;
|
||||
|
||||
- (void) registerIMAP4Connection: (NGImap4Connection *) connection
|
||||
forKey: (NSString *) key;
|
||||
- (NGImap4Connection *) imap4ConnectionForKey: (NSString *) key;
|
||||
|
|
|
@ -260,22 +260,6 @@ static memcached_st *handle = NULL;
|
|||
return [users objectForKey: name];
|
||||
}
|
||||
|
||||
- (void) registerGroup: (SOGoGroup *) group
|
||||
withName: (NSString *) groupName
|
||||
inDomain: (NSString *) domainName
|
||||
|
||||
{
|
||||
if (group)
|
||||
[groups setObject: group forKey: [NSString stringWithFormat: @"%@+%@", groupName, domainName]];
|
||||
}
|
||||
|
||||
- (id) groupNamed: (NSString *) groupName
|
||||
inDomain: (NSString *) domainName
|
||||
|
||||
{
|
||||
return [groups objectForKey: [NSString stringWithFormat: @"%@+%@", groupName, domainName]];
|
||||
}
|
||||
|
||||
- (void) registerIMAP4Connection: (NGImap4Connection *) connection
|
||||
forKey: (NSString *) key
|
||||
{
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
#import "SOGoCache.h"
|
||||
#import "SOGoContentObject.h"
|
||||
#import "SOGoDomainDefaults.h"
|
||||
#import "SOGoGroup.h"
|
||||
#import "SOGoSource.h"
|
||||
#import "SOGoParentFolder.h"
|
||||
#import "SOGoPermissions.h"
|
||||
#import "SOGoUser.h"
|
||||
|
@ -933,17 +933,19 @@ static NSArray *childRecordFields = nil;
|
|||
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: theIdentifier];
|
||||
|
||||
if ([[dict objectForKey: @"isGroup"] boolValue])
|
||||
if (dict && [[dict objectForKey: @"isGroup"] boolValue])
|
||||
{
|
||||
SOGoGroup *aGroup;
|
||||
id <SOGoSource> source;
|
||||
|
||||
aGroup = [SOGoGroup groupWithIdentifier: theIdentifier
|
||||
inDomain: [[context activeUser] domain]];
|
||||
allUsers = [NSMutableArray arrayWithArray: [aGroup members]];
|
||||
source = [[SOGoUserManager sharedUserManager] sourceWithID: [dict objectForKey: @"SOGoSource"]];
|
||||
if ([source conformsToProtocol:@protocol(MembershipAwareSource)])
|
||||
{
|
||||
allUsers = [NSMutableArray arrayWithArray: [(id<MembershipAwareSource>)(source) membersForGroupWithUID: [dict objectForKey: @"c_uid"]]];
|
||||
|
||||
// We remove the active user from the group (if present) in order to
|
||||
// not subscribe him to their own resource!
|
||||
[allUsers removeObject: [context activeUser]];
|
||||
// We remove the active user from the group (if present) in order to
|
||||
// not subscribe him to their own resource!
|
||||
[allUsers removeObject: [context activeUser]];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -1622,13 +1624,10 @@ static NSArray *childRecordFields = nil;
|
|||
{
|
||||
int count, max;
|
||||
NSDictionary *record;
|
||||
NSString *currentUID, *domain;
|
||||
SOGoGroup *group;
|
||||
NSString *currentUID;
|
||||
NSMutableArray *acls;
|
||||
|
||||
acls = [NSMutableArray array];
|
||||
#warning should it be the domain of the ownerUser instead?
|
||||
domain = [[context activeUser] domain];
|
||||
|
||||
max = [records count];
|
||||
for (count = 0; count < max; count++)
|
||||
|
@ -1637,17 +1636,14 @@ static NSArray *childRecordFields = nil;
|
|||
currentUID = [record valueForKey: @"c_uid"];
|
||||
if ([currentUID hasPrefix: @"@"])
|
||||
{
|
||||
group = [[SOGoCache sharedCache] groupNamed: currentUID inDomain: domain];
|
||||
|
||||
if (!group)
|
||||
{
|
||||
group = [SOGoGroup groupWithIdentifier: currentUID
|
||||
inDomain: domain];
|
||||
[[SOGoCache sharedCache] registerGroup: group withName: currentUID inDomain: domain];
|
||||
}
|
||||
|
||||
if (group && [group hasMemberWithUID: uid])
|
||||
[acls addObject: [record valueForKey: @"c_role"]];
|
||||
NSString *dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: currentUID];
|
||||
if (dict)
|
||||
{
|
||||
id <SOGoSource> source = [[SOGoUserManager sharedUserManager] sourceWithID: [dict objectForKey: @"SOGoSource"]];
|
||||
if ([source conformsToProtocol:@protocol(MembershipAwareSource)] &&
|
||||
[(id<MembershipAwareSource>)(source) groupWithUIDHasMemberWithUID: currentUID memberUid: uid])
|
||||
[acls addObject: [record valueForKey: @"c_role"]];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1754,39 +1750,45 @@ static NSArray *childRecordFields = nil;
|
|||
forObjectAtPath: (NSArray *) objectPathArray
|
||||
{
|
||||
EOQualifier *qualifier;
|
||||
NSString *uid, *uids, *qs, *objectPath, *domain;
|
||||
NSString *uid, *uids, *qs, *objectPath;
|
||||
NSMutableArray *usersAndGroups, *groupsMembers;
|
||||
NSMutableDictionary *aclsForObject;
|
||||
SOGoGroup *group;
|
||||
|
||||
unsigned int i;
|
||||
|
||||
if ([users count] > 0)
|
||||
{
|
||||
domain = [[context activeUser] domain];
|
||||
usersAndGroups = [NSMutableArray arrayWithArray: users];
|
||||
groupsMembers = [NSMutableArray array];
|
||||
for (i = 0; i < [usersAndGroups count]; i++)
|
||||
{
|
||||
NSDictionary *dict;
|
||||
|
||||
uid = [usersAndGroups objectAtIndex: i];
|
||||
group = [SOGoGroup groupWithIdentifier: uid inDomain: domain];
|
||||
if (group)
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: uid];
|
||||
if (dict && [[dict objectForKey: @"isGroup"] boolValue])
|
||||
{
|
||||
NSArray *members;
|
||||
SOGoUser *user;
|
||||
unsigned int j;
|
||||
|
||||
// Fetch members to remove them from the cache along the group
|
||||
members = [group members];
|
||||
for (j = 0; j < [members count]; j++)
|
||||
id <SOGoSource> source;
|
||||
source = [[SOGoUserManager sharedUserManager] sourceWithID: [dict objectForKey: @"SOGoSource"]];
|
||||
if ([source conformsToProtocol:@protocol(MembershipAwareSource)])
|
||||
{
|
||||
user = [members objectAtIndex: j];
|
||||
[groupsMembers addObject: [user login]];
|
||||
}
|
||||
NSArray *members;
|
||||
SOGoUser *user;
|
||||
unsigned int j;
|
||||
|
||||
if (![uid hasPrefix: @"@"])
|
||||
// Prefix the UID with the character "@" when dealing with a group
|
||||
[usersAndGroups replaceObjectAtIndex: i
|
||||
withObject: [NSString stringWithFormat: @"@%@", uid]];
|
||||
// Fetch members to remove them from the cache along the group
|
||||
members = [(id<MembershipAwareSource>)(source) membersForGroupWithUID: uid];
|
||||
for (j = 0; j < [members count]; j++)
|
||||
{
|
||||
user = [members objectAtIndex: j];
|
||||
[groupsMembers addObject: [user login]];
|
||||
}
|
||||
|
||||
if (![uid hasPrefix: @"@"])
|
||||
// Prefix the UID with the character "@" when dealing with a group
|
||||
[usersAndGroups replaceObjectAtIndex: i
|
||||
withObject: [NSString stringWithFormat: @"@%@", uid]];
|
||||
}
|
||||
}
|
||||
}
|
||||
objectPath = [objectPathArray componentsJoinedByString: @"/"];
|
||||
|
@ -1846,9 +1848,8 @@ static NSArray *childRecordFields = nil;
|
|||
forUser: (NSString *) uid
|
||||
forObjectAtPath: (NSArray *) objectPathArray
|
||||
{
|
||||
NSString *objectPath, *aUID, *domain;
|
||||
NSString *objectPath, *aUID;
|
||||
NSMutableArray *newRoles;
|
||||
SOGoGroup *group;
|
||||
|
||||
objectPath = [objectPathArray componentsJoinedByString: @"/"];
|
||||
|
||||
|
@ -1858,10 +1859,9 @@ static NSArray *childRecordFields = nil;
|
|||
aUID = uid;
|
||||
if (![uid hasPrefix: @"@"])
|
||||
{
|
||||
// Prefix the UID with the character "@" when dealing with a group
|
||||
domain = [[context activeUser] domain];
|
||||
group = [SOGoGroup groupWithIdentifier: uid inDomain: domain];
|
||||
if (group)
|
||||
NSDictionary *dict;
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: uid];
|
||||
if ([[dict objectForKey: @"isGroup"] boolValue])
|
||||
{
|
||||
aUID = [NSString stringWithFormat: @"@%@", uid];
|
||||
// Remove all roles when defining ACLs for a group
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
/* SOGoGroup.h - this file is part of SOGo
|
||||
*
|
||||
* Copyright (C) 2009-2012 Inverse inc.
|
||||
*
|
||||
* Author: Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||
*
|
||||
* This file is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2, or (at your option)
|
||||
* any later version.
|
||||
*
|
||||
* This file is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; see the file COPYING. If not, write to
|
||||
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
* Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef __SOGOGROUP_H__
|
||||
#define __SOGOGROUP_H__
|
||||
|
||||
#import <Foundation/NSObject.h>
|
||||
|
||||
@class LDAPSource;
|
||||
@class NSArray;
|
||||
@class NSMutableArray;
|
||||
@class NSString;
|
||||
@class NGLdapEntry;
|
||||
|
||||
@protocol SOGoSource;
|
||||
|
||||
@interface SOGoGroup : NSObject
|
||||
{
|
||||
@private
|
||||
NSString *_identifier;
|
||||
NSString *_domain;
|
||||
NGLdapEntry *_entry;
|
||||
NSObject <SOGoSource> *_source;
|
||||
NSMutableArray *_members;
|
||||
}
|
||||
|
||||
+ (id) groupWithIdentifier: (NSString *) theID
|
||||
inDomain: (NSString *) domain;
|
||||
+ (id) groupWithEmail: (NSString *) theEmail
|
||||
inDomain: (NSString *) domain;
|
||||
+ (id) groupWithValue: (NSString *) theValue
|
||||
andSourceSelector: (SEL) theSelector
|
||||
inDomain: (NSString *) domain;
|
||||
|
||||
- (NSArray *) members;
|
||||
|
||||
- (BOOL) hasMemberWithUID: (NSString *) memberUID;
|
||||
|
||||
@end
|
||||
|
||||
#endif // __SOGOGROUP_H__
|
|
@ -1,370 +0,0 @@
|
|||
/* SOGoGroup.m - this file is part of SOGo
|
||||
*
|
||||
* Copyright (C) 2009-2014 Inverse inc.
|
||||
*
|
||||
* This file is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2, or (at your option)
|
||||
* any later version.
|
||||
*
|
||||
* This file is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; see the file COPYING. If not, write to
|
||||
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
* Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/*
|
||||
Here are some group samples:
|
||||
|
||||
[ POSIX group ]
|
||||
|
||||
dn: cn=it-staff,ou=Group,dc=zzz,dc=xxx,dc=yyy
|
||||
objectClass: posixGroup
|
||||
objectClass: top
|
||||
cn: it-staff
|
||||
userPassword: {crypt}x
|
||||
gidNumber: 8000
|
||||
memberUid: lsa
|
||||
memberUid: mrm
|
||||
memberUid: ij
|
||||
memberUid: no
|
||||
memberUid: ld
|
||||
memberUid: db
|
||||
memberUid: rgl
|
||||
memberUid: ja
|
||||
memberUid: hbt
|
||||
memberUid: hossein
|
||||
|
||||
dn: cn=inverse,ou=groups,dc=inverse,dc=ca
|
||||
objectClass: groupOfUniqueNames
|
||||
objectClass: top
|
||||
objectClass: extensibleObject
|
||||
uniqueMember: uid=flachapelle,ou=users,dc=inverse,dc=ca
|
||||
uniqueMember: uid=lmarcotte,ou=users,dc=inverse,dc=ca
|
||||
uniqueMember: uid=wsourdeau,ou=users,dc=inverse,dc=ca
|
||||
cn: inverse
|
||||
mail: inverse@inverse.ca
|
||||
|
||||
*/
|
||||
|
||||
#include "SOGoGroup.h"
|
||||
|
||||
|
||||
#include "SOGoCache.h"
|
||||
#include "SOGoSource.h"
|
||||
#include "SOGoSystemDefaults.h"
|
||||
#include "SOGoUserManager.h"
|
||||
#include "SOGoUser.h"
|
||||
|
||||
#import <NGLdap/NGLdapEntry.h>
|
||||
|
||||
#define CHECK_CLASS(o) ({ \
|
||||
if ([o isKindOfClass: [NSString class]]) \
|
||||
o = [NSArray arrayWithObject: o]; \
|
||||
})
|
||||
|
||||
@implementation SOGoGroup
|
||||
|
||||
- (id) initWithIdentifier: (NSString *) theID
|
||||
domain: (NSString *) theDomain
|
||||
source: (NSObject <SOGoSource> *) theSource
|
||||
entry: (NGLdapEntry *) theEntry
|
||||
{
|
||||
self = [super init];
|
||||
|
||||
if (self)
|
||||
{
|
||||
ASSIGN(_identifier, theID);
|
||||
ASSIGN(_domain, theDomain);
|
||||
ASSIGN(_source, theSource);
|
||||
ASSIGN(_entry, theEntry);
|
||||
_members = nil;
|
||||
}
|
||||
|
||||
return self;
|
||||
}
|
||||
|
||||
- (void) dealloc
|
||||
{
|
||||
RELEASE(_identifier);
|
||||
RELEASE(_domain);
|
||||
RELEASE(_source);
|
||||
RELEASE(_entry);
|
||||
RELEASE(_members);
|
||||
|
||||
[super dealloc];
|
||||
}
|
||||
|
||||
+ (id) groupWithIdentifier: (NSString *) theID
|
||||
inDomain: (NSString *) domain
|
||||
{
|
||||
NSRange r;
|
||||
NSString *uid, *inDomain;
|
||||
SOGoSystemDefaults *sd;
|
||||
|
||||
uid = [theID hasPrefix: @"@"] ? [theID substringFromIndex: 1] : theID;
|
||||
inDomain = domain;
|
||||
|
||||
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||
if ([sd enableDomainBasedUID])
|
||||
{
|
||||
/* Split domain from uid */
|
||||
r = [uid rangeOfString: @"@" options: NSBackwardsSearch];
|
||||
if (r.location != NSNotFound)
|
||||
{
|
||||
if (!domain)
|
||||
inDomain = [uid substringFromIndex: r.location + 1];
|
||||
uid = [uid substringToIndex: r.location];
|
||||
}
|
||||
}
|
||||
|
||||
return [SOGoGroup groupWithValue: uid
|
||||
andSourceSelector: @selector (lookupGroupEntryByUID:inDomain:)
|
||||
inDomain: inDomain];
|
||||
}
|
||||
|
||||
+ (id) groupWithEmail: (NSString *) theEmail
|
||||
inDomain: (NSString *) domain
|
||||
{
|
||||
return [SOGoGroup groupWithValue: theEmail
|
||||
andSourceSelector: @selector (lookupGroupEntryByEmail:inDomain:)
|
||||
inDomain: domain];
|
||||
}
|
||||
|
||||
//
|
||||
// Returns nil if theValue doesn't match to a group
|
||||
// (so its objectClass isn't a group)
|
||||
//
|
||||
+ (id) groupWithValue: (NSString *) theValue
|
||||
andSourceSelector: (SEL) theSelector
|
||||
inDomain: (NSString *) domain
|
||||
{
|
||||
NSArray *allSources;
|
||||
NGLdapEntry *entry;
|
||||
NSObject <SOGoSource, SOGoDNSource> *source;
|
||||
id o;
|
||||
NSEnumerator *gclasses;
|
||||
NSString *gclass;
|
||||
|
||||
int i;
|
||||
|
||||
// Don't bother looking in all sources if the
|
||||
// supplied value is nil.
|
||||
if (!theValue)
|
||||
return nil;
|
||||
|
||||
allSources = [[SOGoUserManager sharedUserManager]
|
||||
sourceIDsInDomain: domain];
|
||||
entry = nil;
|
||||
o = nil;
|
||||
|
||||
for (i = 0; i < [allSources count]; i++)
|
||||
{
|
||||
source = (NSObject <SOGoSource, SOGoDNSource> *) [[SOGoUserManager sharedUserManager] sourceWithID: [allSources objectAtIndex: i]];
|
||||
|
||||
// Our different sources might not all implements groups support
|
||||
if ([source respondsToSelector: theSelector])
|
||||
entry = [source performSelector: theSelector
|
||||
withObject: theValue
|
||||
withObject: domain];
|
||||
if (entry)
|
||||
break;
|
||||
|
||||
entry = nil;
|
||||
}
|
||||
|
||||
if (entry)
|
||||
{
|
||||
NSArray *classes;
|
||||
|
||||
// We check to see if it's a group
|
||||
classes = [[entry asDictionary] objectForKey: @"objectclass"];
|
||||
|
||||
if (classes)
|
||||
{
|
||||
/* LDAP records returned as dictionaries may contain NSString or
|
||||
NSArray values, depending on whether the amount of values
|
||||
assigned to a key is 1 or more. Since this can occur with
|
||||
"objectclass" too, we need to check whether "classes" is actually
|
||||
an NSString instance... */
|
||||
if ([classes isKindOfClass: [NSString class]])
|
||||
classes = [NSArray arrayWithObject:
|
||||
[(NSString *) classes lowercaseString]];
|
||||
else
|
||||
{
|
||||
int i, c;
|
||||
|
||||
classes = [NSMutableArray arrayWithArray: classes];
|
||||
c = [classes count];
|
||||
for (i = 0; i < c; i++)
|
||||
[(id)classes replaceObjectAtIndex: i
|
||||
withObject: [[classes objectAtIndex: i] lowercaseString]];
|
||||
}
|
||||
}
|
||||
|
||||
gclasses = [[source groupObjectClasses] objectEnumerator];
|
||||
while ((gclass = [gclasses nextObject]))
|
||||
if ([classes containsObject: gclass])
|
||||
{
|
||||
// Found a group, let's return it.
|
||||
o = [[self alloc] initWithIdentifier: theValue
|
||||
domain: domain
|
||||
source: source
|
||||
entry: entry];
|
||||
AUTORELEASE(o);
|
||||
}
|
||||
}
|
||||
|
||||
return o;
|
||||
}
|
||||
|
||||
//
|
||||
// This method actually try to obtain all members
|
||||
// from either dynamic of static groups.
|
||||
//
|
||||
- (NSArray *) members
|
||||
{
|
||||
NSMutableArray *dns, *uids, *logins;
|
||||
NSString *dn, *login;
|
||||
SOGoUserManager *um;
|
||||
NSDictionary *d;
|
||||
SOGoUser *user;
|
||||
NSArray *o;
|
||||
NSAutoreleasePool *pool;
|
||||
int i, c;
|
||||
|
||||
if (!_members)
|
||||
{
|
||||
_members = [NSMutableArray new];
|
||||
uids = [NSMutableArray array];
|
||||
dns = [NSMutableArray array];
|
||||
logins = [NSMutableArray array];
|
||||
|
||||
// We check if it's a static group
|
||||
// Fetch "members" - we get DNs
|
||||
d = [_entry asDictionary];
|
||||
o = [d objectForKey: @"member"];
|
||||
CHECK_CLASS(o);
|
||||
if (o) [dns addObjectsFromArray: o];
|
||||
|
||||
// Fetch "uniqueMembers" - we get DNs
|
||||
o = [d objectForKey: @"uniquemember"];
|
||||
CHECK_CLASS(o);
|
||||
if (o) [dns addObjectsFromArray: o];
|
||||
|
||||
// Fetch "memberUid" - we get UID (like login names)
|
||||
o = [d objectForKey: @"memberuid"];
|
||||
CHECK_CLASS(o);
|
||||
if (o) [uids addObjectsFromArray: o];
|
||||
|
||||
c = [dns count] + [uids count];
|
||||
|
||||
// We deal with a static group, let's add the members
|
||||
if (c)
|
||||
{
|
||||
um = [SOGoUserManager sharedUserManager];
|
||||
|
||||
// We add members for whom we have their associated DN
|
||||
for (i = 0; i < [dns count]; i++)
|
||||
{
|
||||
pool = [NSAutoreleasePool new];
|
||||
dn = [dns objectAtIndex: i];
|
||||
login = [um getLoginForDN: [dn lowercaseString]];
|
||||
user = [SOGoUser userWithLogin: login roles: nil];
|
||||
if (user)
|
||||
{
|
||||
[logins addObject: login];
|
||||
[_members addObject: user];
|
||||
}
|
||||
[pool release];
|
||||
}
|
||||
|
||||
// We add members for whom we have their associated login name
|
||||
for (i = 0; i < [uids count]; i++)
|
||||
{
|
||||
pool = [NSAutoreleasePool new];
|
||||
login = [uids objectAtIndex: i];
|
||||
user = [SOGoUser userWithLogin: login roles: nil];
|
||||
|
||||
if (user)
|
||||
{
|
||||
[logins addObject: [user loginInDomain]];
|
||||
[_members addObject: user];
|
||||
}
|
||||
[pool release];
|
||||
}
|
||||
|
||||
|
||||
// We are done fetching members, let's cache the members of the group
|
||||
// (ie., their UIDs) in memcached to speed up -hasMemberWithUID.
|
||||
[[SOGoCache sharedCache] setValue: [logins componentsJoinedByString: @","]
|
||||
forKey: [NSString stringWithFormat: @"%@+%@", _identifier, _domain]];
|
||||
}
|
||||
else
|
||||
{
|
||||
// We deal with a dynamic group, let's search all users for whom
|
||||
// memberOf is equal to our group's DN.
|
||||
// We also need to look for labelelURI?
|
||||
}
|
||||
}
|
||||
|
||||
return _members;
|
||||
}
|
||||
|
||||
//
|
||||
//
|
||||
//
|
||||
- (BOOL) hasMemberWithUID: (NSString *) memberUID
|
||||
{
|
||||
|
||||
BOOL rc;
|
||||
|
||||
rc = NO;
|
||||
|
||||
// If _members is initialized, we use it as it's very accurate.
|
||||
// Otherwise, we fallback on memcached in order to avoid
|
||||
// decomposing the group all the time just to see if a user
|
||||
// is a member of it.
|
||||
if (_members)
|
||||
{
|
||||
NSString *currentUID;
|
||||
|
||||
int count, max;
|
||||
max = [_members count];
|
||||
for (count = 0; !rc && count < max; count++)
|
||||
{
|
||||
currentUID = [[_members objectAtIndex: count] login];
|
||||
rc = [memberUID isEqualToString: currentUID];
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
NSString *key, *value;;
|
||||
NSArray *a;
|
||||
|
||||
key = [NSString stringWithFormat: @"%@+%@", _identifier, _domain];
|
||||
value = [[SOGoCache sharedCache] valueForKey: key];
|
||||
|
||||
|
||||
// If the value isn't in memcached, that probably means -members was never called.
|
||||
// We call it only once here.
|
||||
if (!value)
|
||||
{
|
||||
[self members];
|
||||
value = [[SOGoCache sharedCache] valueForKey: key];
|
||||
}
|
||||
|
||||
a = [value componentsSeparatedByString: @","];
|
||||
rc = [a containsObject: memberUID];
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
@end
|
|
@ -118,4 +118,10 @@
|
|||
- (void) updateBaseDNFromLogin: (NSString *) theLogin;
|
||||
@end
|
||||
|
||||
@protocol MembershipAwareSource <SOGoSource>
|
||||
- (NSArray *) membersForGroupWithUID: (NSString *) uid;
|
||||
- (BOOL) groupWithUIDHasMemberWithUID: (NSString *) uid
|
||||
memberUid: (NSString *) memberUid;
|
||||
@end
|
||||
|
||||
#endif /* SOGOSOURCE_H */
|
||||
|
|
|
@ -27,7 +27,6 @@
|
|||
#import <SOGo/NSDictionary+Utilities.h>
|
||||
#import <SOGo/NSString+Utilities.h>
|
||||
#import <SOGo/SOGoDomainDefaults.h>
|
||||
#import <SOGo/SOGoGroup.h>
|
||||
#import <SOGo/SOGoUser.h>
|
||||
#import <SOGo/SOGoUserManager.h>
|
||||
|
||||
|
@ -120,10 +119,10 @@
|
|||
- (BOOL) _initRights
|
||||
{
|
||||
BOOL response;
|
||||
NSString *newUID, *domain;
|
||||
NSString *newUID;
|
||||
SOGoUserManager *um;
|
||||
SOGoObject *clientObject;
|
||||
SOGoGroup *group;
|
||||
NSDictionary *dict;
|
||||
|
||||
response = NO;
|
||||
|
||||
|
@ -140,9 +139,8 @@
|
|||
{
|
||||
if (![newUID hasPrefix: @"@"])
|
||||
{
|
||||
domain = [[context activeUser] domain];
|
||||
group = [SOGoGroup groupWithIdentifier: newUID inDomain: domain];
|
||||
if (group)
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: newUID];
|
||||
if (dict && [[dict objectForKey: @"isGroup"] boolValue])
|
||||
newUID = [NSString stringWithFormat: @"@%@", newUID];
|
||||
}
|
||||
ASSIGN (uid, newUID);
|
||||
|
@ -158,10 +156,9 @@
|
|||
- (BOOL) _initRightsForUserID:(NSString *) newUID
|
||||
{
|
||||
BOOL response;
|
||||
NSString *domain;
|
||||
SOGoUserManager *um;
|
||||
SOGoObject *clientObject;
|
||||
SOGoGroup *group;
|
||||
NSDictionary *dict;
|
||||
|
||||
response = NO;
|
||||
|
||||
|
@ -174,11 +171,11 @@
|
|||
if ([newUID isEqualToString: defaultUserID] || [newUID isEqualToString: @"anonymous"]
|
||||
|| [[um getEmailForUID: newUID] length] > 0)
|
||||
{
|
||||
#warning Duplicated code from _initRights
|
||||
if (![newUID hasPrefix: @"@"])
|
||||
{
|
||||
domain = [[context activeUser] domain];
|
||||
group = [SOGoGroup groupWithIdentifier: newUID inDomain: domain];
|
||||
if (group)
|
||||
dict = [[SOGoUserManager sharedUserManager] contactInfosForUserWithUIDorEmail: newUID];
|
||||
if (dict && [[dict objectForKey: @"isGroup"] boolValue])
|
||||
newUID = [NSString stringWithFormat: @"@%@", newUID];
|
||||
}
|
||||
ASSIGN (uid, newUID);
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
#import <SOGo/NSArray+Utilities.h>
|
||||
#import <SOGo/NSCalendarDate+SOGo.h>
|
||||
#import <SOGo/NSDictionary+Utilities.h>
|
||||
#import <SOGo/LDAPSource.h>
|
||||
#import <SOGo/SOGoGroup.h>
|
||||
#import <SOGo/SOGoSource.h>
|
||||
#import <SOGo/SOGoUser.h>
|
||||
#import <SOGo/SOGoUserDefaults.h>
|
||||
|
@ -409,13 +407,9 @@
|
|||
|
||||
if ([[dict objectForKey: @"isGroup"] boolValue])
|
||||
{
|
||||
if ([source isKindOfClass: [LDAPSource class]] && [(LDAPSource *) source groupExpansionEnabled])
|
||||
if ([source conformsToProtocol:@protocol(MembershipAwareSource)])
|
||||
{
|
||||
SOGoGroup *aGroup;
|
||||
|
||||
aGroup = [SOGoGroup groupWithIdentifier: [contact nameInContainer]
|
||||
inDomain: [[context activeUser] domain]];
|
||||
allUsers = [aGroup members]; // array of SOGoUser objects
|
||||
allUsers = [(id<MembershipAwareSource>)(source) membersForGroupWithUID: [dict objectForKey: @"c_uid"]];
|
||||
max = [allUsers count];
|
||||
allUsersData = [NSMutableArray arrayWithCapacity: max];
|
||||
for (i = 0; i < max; i++)
|
||||
|
|
Loading…
Reference in New Issue