diff options
Diffstat (limited to 'apps/user_ldap/lib/User/Manager.php')
-rw-r--r-- | apps/user_ldap/lib/User/Manager.php | 238 |
1 files changed, 238 insertions, 0 deletions
diff --git a/apps/user_ldap/lib/User/Manager.php b/apps/user_ldap/lib/User/Manager.php new file mode 100644 index 00000000000..d97112e43c7 --- /dev/null +++ b/apps/user_ldap/lib/User/Manager.php @@ -0,0 +1,238 @@ +<?php +/** + * @author Arthur Schiwon <blizzz@owncloud.com> + * @author Joas Schilling <nickvergessen@owncloud.com> + * @author Jörn Friedrich Dreyer <jfd@butonic.de> + * @author Morris Jobke <hey@morrisjobke.de> + * @author Thomas Müller <thomas.mueller@tmit.eu> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\User_LDAP\User; + +use OCA\User_LDAP\LogWrapper; +use OCA\User_LDAP\FilesystemHelper; +use OCP\IAvatarManager; +use OCP\IConfig; +use OCP\IDBConnection; +use OCP\Image; +use OCP\IUserManager; + +/** + * Manager + * + * upon request, returns an LDAP user object either by creating or from run-time + * cache + */ +class Manager { + /** @var IUserTools */ + protected $access; + + /** @var IConfig */ + protected $ocConfig; + + /** @var IDBConnection */ + protected $db; + + /** @var FilesystemHelper */ + protected $ocFilesystem; + + /** @var LogWrapper */ + protected $ocLog; + + /** @var Image */ + protected $image; + + /** @param \OCP\IAvatarManager */ + protected $avatarManager; + + /** + * array['byDN'] \OCA\User_LDAP\User\User[] + * ['byUid'] \OCA\User_LDAP\User\User[] + * @var array $users + */ + protected $users = array( + 'byDN' => array(), + 'byUid' => array(), + ); + + /** + * @param IConfig $ocConfig + * @param \OCA\User_LDAP\FilesystemHelper $ocFilesystem object that + * gives access to necessary functions from the OC filesystem + * @param \OCA\User_LDAP\LogWrapper $ocLog + * @param IAvatarManager $avatarManager + * @param Image $image an empty image instance + * @param IDBConnection $db + * @throws \Exception when the methods mentioned above do not exist + */ + public function __construct(IConfig $ocConfig, + FilesystemHelper $ocFilesystem, LogWrapper $ocLog, + IAvatarManager $avatarManager, Image $image, + IDBConnection $db, IUserManager $userManager) { + + $this->ocConfig = $ocConfig; + $this->ocFilesystem = $ocFilesystem; + $this->ocLog = $ocLog; + $this->avatarManager = $avatarManager; + $this->image = $image; + $this->db = $db; + $this->userManager = $userManager; + } + + /** + * @brief binds manager to an instance of IUserTools (implemented by + * Access). It needs to be assigned first before the manager can be used. + * @param IUserTools + */ + public function setLdapAccess(IUserTools $access) { + $this->access = $access; + } + + /** + * @brief creates an instance of User and caches (just runtime) it in the + * property array + * @param string $dn the DN of the user + * @param string $uid the internal (owncloud) username + * @return \OCA\User_LDAP\User\User + */ + private function createAndCache($dn, $uid) { + $this->checkAccess(); + $user = new User($uid, $dn, $this->access, $this->ocConfig, + $this->ocFilesystem, clone $this->image, $this->ocLog, + $this->avatarManager, $this->userManager); + $this->users['byDN'][$dn] = $user; + $this->users['byUid'][$uid] = $user; + return $user; + } + + /** + * @brief checks whether the Access instance has been set + * @throws \Exception if Access has not been set + * @return null + */ + private function checkAccess() { + if(is_null($this->access)) { + throw new \Exception('LDAP Access instance must be set first'); + } + } + + /** + * returns a list of attributes that will be processed further, e.g. quota, + * email, displayname, or others. + * @param bool $minimal - optional, set to true to skip attributes with big + * payload + * @return string[] + */ + public function getAttributes($minimal = false) { + $attributes = array('dn', 'uid', 'samaccountname', 'memberof'); + $possible = array( + $this->access->getConnection()->ldapQuotaAttribute, + $this->access->getConnection()->ldapEmailAttribute, + $this->access->getConnection()->ldapUserDisplayName, + $this->access->getConnection()->ldapUserDisplayName2, + ); + foreach($possible as $attr) { + if(!is_null($attr)) { + $attributes[] = $attr; + } + } + + $homeRule = $this->access->getConnection()->homeFolderNamingRule; + if(strpos($homeRule, 'attr:') === 0) { + $attributes[] = substr($homeRule, strlen('attr:')); + } + + if(!$minimal) { + // attributes that are not really important but may come with big + // payload. + $attributes = array_merge($attributes, array( + 'jpegphoto', + 'thumbnailphoto' + )); + } + + return $attributes; + } + + /** + * Checks whether the specified user is marked as deleted + * @param string $id the ownCloud user name + * @return bool + */ + public function isDeletedUser($id) { + $isDeleted = $this->ocConfig->getUserValue( + $id, 'user_ldap', 'isDeleted', 0); + return intval($isDeleted) === 1; + } + + /** + * creates and returns an instance of OfflineUser for the specified user + * @param string $id + * @return \OCA\User_LDAP\User\OfflineUser + */ + public function getDeletedUser($id) { + return new OfflineUser( + $id, + $this->ocConfig, + $this->db, + $this->access->getUserMapper()); + } + + /** + * @brief returns a User object by it's ownCloud username + * @param string $id the DN or username of the user + * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null + */ + protected function createInstancyByUserName($id) { + //most likely a uid. Check whether it is a deleted user + if($this->isDeletedUser($id)) { + return $this->getDeletedUser($id); + } + $dn = $this->access->username2dn($id); + if($dn !== false) { + return $this->createAndCache($dn, $id); + } + return null; + } + + /** + * @brief returns a User object by it's DN or ownCloud username + * @param string $id the DN or username of the user + * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null + * @throws \Exception when connection could not be established + */ + public function get($id) { + $this->checkAccess(); + if(isset($this->users['byDN'][$id])) { + return $this->users['byDN'][$id]; + } else if(isset($this->users['byUid'][$id])) { + return $this->users['byUid'][$id]; + } + + if($this->access->stringResemblesDN($id) ) { + $uid = $this->access->dn2username($id); + if($uid !== false) { + return $this->createAndCache($id, $uid); + } + } + + return $this->createInstancyByUserName($id); + } + +} |