summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Hoffend <dh@dotlan.net>2015-02-15 00:55:35 (GMT)
committerDaniel Hoffend <dh@dotlan.net>2015-02-15 00:55:35 (GMT)
commitdd85c2fa666b7d81d901aa1dc0e371bdf509ad4e (patch)
tree1d2a2ee5c865b7a0eb1379dd372fd4afcb83c58d
parent020258dd61f11fce9905177aa021238e3828cd8e (diff)
downloadroundcubemail-plugins-kolab-dd85c2fa666b7d81d901aa1dc0e371bdf509ad4e.tar.gz
Load plugins and settings based on user-dn
-rw-r--r--plugins/kolab_auth/config.inc.php.dist29
-rw-r--r--plugins/kolab_auth/kolab_auth.php182
2 files changed, 174 insertions, 37 deletions
diff --git a/plugins/kolab_auth/config.inc.php.dist b/plugins/kolab_auth/config.inc.php.dist
index 8c01d56..da76996 100644
--- a/plugins/kolab_auth/config.inc.php.dist
+++ b/plugins/kolab_auth/config.inc.php.dist
@@ -57,6 +57,35 @@ $config['kolab_auth_admin_rights'] = array(
'*' => 'entry:read',
);
+// Enable plugins on LDAP dn basis. This can be used to enable plugins based
+// only on certain LDAP trees. This can useful in multi domain (ldap) environments
+// or if you organize your member in Organizational Units rather then roles.
+$config['kolab_auth_dn_plugins'] = Array(
+ 'dc=example,dc=org' => Array(
+ 'acl',
+ ),
+ 'dc=example,dc=net' => Array(
+ 'converse',
+ ),
+ );
+
+// Settings on a user dn basis. In this example, the 'htmleditor' setting
+// is enabled(1) for people that are stored within the LDAP base dn
+// 'ou=Developer,ou=People,dc=example,dc=org' and it cannot be overridden.
+// Sample use-case: disable htmleditor for normal people, do not allow the
+// setting to be controlled through the preferences, enable the html editor
+// for professional users and allow them to override the setting in the
+// preferences.
+$config['kolab_auth_dn_settings'] = Array(
+ 'ou=Developer,ou=People,dc=example,dc=org' => Array(
+ 'htmleditor' => Array(
+ 'mode' => 'override',
+ 'value' => 1,
+ 'allow_override' => true
+ ),
+ ),
+ );
+
// Enable plugins on a role-by-role basis. In this example, the 'acl' plugin
// is enabled for people with a 'cn=professional-user,dc=mykolab,dc=ch' role.
//
diff --git a/plugins/kolab_auth/kolab_auth.php b/plugins/kolab_auth/kolab_auth.php
index 033d5b1..a26bc18 100644
--- a/plugins/kolab_auth/kolab_auth.php
+++ b/plugins/kolab_auth/kolab_auth.php
@@ -107,6 +107,7 @@ class kolab_auth extends rcube_plugin
}
// load per-user settings
+ $this->load_user_dn_plugins_and_settings();
$this->load_user_role_plugins_and_settings();
return $args;
@@ -156,6 +157,103 @@ class kolab_auth extends rcube_plugin
/**
* Modifies list of plugins and settings according to
+ * specified LDAP DNs
+ */
+ public function load_user_dn_plugins_and_settings()
+ {
+ if (empty($_SESSION['kolab_dn'])) {
+ return;
+ }
+
+ $rcmail = rcube::get_instance();
+
+ // Example 'kolab_auth_dn_plugins' =
+ //
+ // Array(
+ // '<dn>' => Array('plugin1', 'plugin2'),
+ // );
+ //
+ // NOTE that <dn> may in fact be something like: 'ou=People,%dc'
+
+ $dn_plugins = $rcmail->config->get('kolab_auth_dn_plugins');
+
+ // Example $rcmail_config['kolab_auth_dn_settings'] =
+ //
+ // Array(
+ // '<dn>' => Array(
+ // '$setting' => Array(
+ // 'mode' => '(override|merge)', (default: override)
+ // 'value' => <>,
+ // 'allow_override' => (true|false) (default: false)
+ // ),
+ // ),
+ // );
+ //
+ // NOTE that <dn> may in fact be something like: 'ou=People,%dc'
+
+ $dn_settings = $rcmail->config->get('kolab_auth_dn_settings');
+
+ if(empty($dn_plugins) && empty($dn_settings)) {
+ return;
+ }
+
+ if (!empty($dn_plugins)) {
+ foreach ($dn_plugins as $dn => $plugins) {
+ $dn = self::parse_ldap_vars($dn);
+ if (!empty($dn_plugins[$dn])) {
+ $dn_plugins[$dn] = array_unique(array_merge((array)$dn_plugins[$dn], $plugins));
+ } else {
+ $dn_plugins[$dn] = $plugins;
+ }
+ }
+ }
+
+ if (!empty($dn_settings)) {
+ foreach ($dn_settings as $dn => $settings) {
+ $dn = self::parse_ldap_vars($dn);
+ if (!empty($dn_settings[$dn])) {
+ $dn_settings[$dn] = array_merge((array)$dn_settings[$dn], $settings);
+ } else {
+ $dn_settings[$dn] = $settings;
+ }
+ }
+ }
+
+ // go apply settings
+ if (is_array($dn_settings)) {
+ foreach($dn_settings AS $dn => $settings) {
+ // contine foreach of settings are empty
+ if (empty($settings) || !is_array($settings)) {
+ continue;
+ }
+
+ // the end of the user's dn doesn't match the search dn
+ if (substr($_SESSION['kolab_dn'],strlen($dn)*-1) != $dn) {
+ continue;
+ }
+
+ $this->apply_loaded_settings($settings);
+ }
+ }
+
+ // load plugins if user dn matches search dn
+ if (is_array($dn_plugins)) {
+ foreach($dn_plugins AS $dn => $plugins) {
+ // the end of the user's dn doesn't match the search dn
+ if (substr($_SESSION['kolab_dn'],strlen($dn)*-1) != $dn) {
+ continue;
+ }
+
+ foreach ((array)$plugins as $plugin) {
+ $this->api->load_plugin($plugin);
+ }
+ }
+ }
+ }
+
+
+ /**
+ * Modifies list of plugins and settings according to
* specified LDAP roles
*/
public function load_user_role_plugins_and_settings()
@@ -216,54 +314,64 @@ class kolab_auth extends rcube_plugin
foreach ($_SESSION['user_roledns'] as $role_dn) {
if (!empty($role_settings[$role_dn]) && is_array($role_settings[$role_dn])) {
- foreach ($role_settings[$role_dn] as $setting_name => $setting) {
- if (!isset($setting['mode'])) {
- $setting['mode'] = 'override';
- }
+ $this->apply_loaded_settings($role_settings[$role_dn]);
+ }
- if ($setting['mode'] == "override") {
- $rcmail->config->set($setting_name, $setting['value']);
- } elseif ($setting['mode'] == "merge") {
- $orig_setting = $rcmail->config->get($setting_name);
+ if (!empty($role_plugins[$role_dn])) {
+ foreach ((array)$role_plugins[$role_dn] as $plugin) {
+ $this->api->load_plugin($plugin);
+ }
+ }
+ }
+ }
- if (!empty($orig_setting)) {
- if (is_array($orig_setting)) {
- $rcmail->config->set($setting_name, array_merge($orig_setting, $setting['value']));
- }
- } else {
- $rcmail->config->set($setting_name, $setting['value']);
- }
- }
+ /**
+ * apply settings that have been loaded
+ */
+ private function apply_loaded_settings(array $settings)
+ {
+ $rcmail = rcube::get_instance();
- $dont_override = (array) $rcmail->config->get('dont_override');
+ foreach ($settings as $setting_name => $setting) {
+ if (!isset($setting['mode'])) {
+ $setting['mode'] = 'override';
+ }
- if (empty($setting['allow_override'])) {
- $rcmail->config->set('dont_override', array_merge($dont_override, array($setting_name)));
- }
- else {
- if (in_array($setting_name, $dont_override)) {
- $_dont_override = array();
- foreach ($dont_override as $_setting) {
- if ($_setting != $setting_name) {
- $_dont_override[] = $_setting;
- }
- }
- $rcmail->config->set('dont_override', $_dont_override);
- }
+ if ($setting['mode'] == "override") {
+ $rcmail->config->set($setting_name, $setting['value']);
+ } elseif ($setting['mode'] == "merge") {
+ $orig_setting = $rcmail->config->get($setting_name);
+
+ if (!empty($orig_setting)) {
+ if (is_array($orig_setting)) {
+ $rcmail->config->set($setting_name, array_merge($orig_setting, $setting['value']));
}
+ } else {
+ $rcmail->config->set($setting_name, $setting['value']);
+ }
+ }
+
+ $dont_override = (array) $rcmail->config->get('dont_override');
- if ($setting_name == 'skin') {
- if ($rcmail->output->type == 'html') {
- $rcmail->output->set_skin($setting['value']);
- $rcmail->output->set_env('skin', $setting['value']);
+ if (empty($setting['allow_override'])) {
+ $rcmail->config->set('dont_override', array_merge($dont_override, array($setting_name)));
+ }
+ else {
+ if (in_array($setting_name, $dont_override)) {
+ $_dont_override = array();
+ foreach ($dont_override as $_setting) {
+ if ($_setting != $setting_name) {
+ $_dont_override[] = $_setting;
}
}
+ $rcmail->config->set('dont_override', $_dont_override);
}
}
- if (!empty($role_plugins[$role_dn])) {
- foreach ((array)$role_plugins[$role_dn] as $plugin) {
- $this->api->load_plugin($plugin);
+ if ($setting_name == 'skin') {
+ if ($rcmail->output->type == 'html') {
+ $rcmail->output->set_skin($setting['value']);
+ $rcmail->output->set_env('skin', $setting['value']);
}
}
}