|
1
|
|
|
<?php |
|
2
|
|
|
namespace SOG\Dashboard; |
|
3
|
|
|
|
|
4
|
|
|
use Silex\Application; |
|
5
|
|
|
use Silex\ControllerCollection; |
|
6
|
|
|
use Silex\ControllerProviderInterface; |
|
7
|
|
|
use Symfony\Component\HttpFoundation\Request; |
|
8
|
|
|
use Zend\Ldap\Exception\LdapException; |
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* This controller provider implements several group related functionality, such as adding owners, members and so on. |
|
12
|
|
|
* |
|
13
|
|
|
* Class GroupControllerProvider |
|
14
|
|
|
* @package SOG\Dashboard |
|
15
|
|
|
*/ |
|
16
|
|
|
class GroupControllerProvider implements ControllerProviderInterface |
|
17
|
|
|
{ |
|
18
|
|
|
/** |
|
19
|
|
|
* @var Application Reference to the application container |
|
20
|
|
|
*/ |
|
21
|
|
|
private $app; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* @var string The DN of the group we deal with in this request |
|
25
|
|
|
*/ |
|
26
|
|
|
private $group_dn; |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* @var string The DN of the user we deal with in this request |
|
30
|
|
|
*/ |
|
31
|
|
|
private $user_dn; |
|
32
|
|
|
|
|
33
|
|
|
/** |
|
34
|
|
|
* @var string The ou value of the group |
|
35
|
|
|
*/ |
|
36
|
|
|
private $ou; |
|
37
|
|
|
|
|
38
|
|
|
/** |
|
39
|
|
|
* @var string The uid value of the user |
|
40
|
|
|
*/ |
|
41
|
|
|
private $uid; |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* {@inheritdoc} |
|
45
|
|
|
*/ |
|
46
|
|
|
public function connect(Application $app) |
|
47
|
|
|
{ |
|
48
|
|
|
$this->app = $app; |
|
49
|
|
|
|
|
50
|
|
|
/** @var ControllerCollection $controllers */ |
|
51
|
|
|
$controllers = $app['controllers_factory']; |
|
52
|
|
|
|
|
53
|
|
|
$app['notify_owners'] = $app->protect(function ($group_ou, $subject, $text) use ($app) { |
|
54
|
|
|
$owners = $app['ldap']->getOwnerDetails($group_ou, ['mail', 'cn']); |
|
55
|
|
|
if (empty($owners)) { |
|
56
|
|
|
// provide a fallback email |
|
57
|
|
|
$to = ['[email protected]' => 'IT Support']; |
|
58
|
|
|
} else { |
|
59
|
|
|
$to = []; |
|
60
|
|
|
foreach ($owners as $owner) { |
|
61
|
|
|
$to[$owner['mail'][0]] = $owner['cn'][0]; |
|
62
|
|
|
} |
|
63
|
|
|
} |
|
64
|
|
|
|
|
65
|
|
|
$message = \Swift_Message::newInstance() |
|
66
|
|
|
->setSubject($subject) |
|
67
|
|
|
->setFrom([$app['mailer.from']]) |
|
68
|
|
|
->setTo($to) |
|
69
|
|
|
->setBody($text, 'text/html'); |
|
70
|
|
|
return $app['mailer']->send($message); |
|
71
|
|
|
}); |
|
72
|
|
|
|
|
73
|
|
|
$controllers->post('/owner/add', [$this, 'ownerAdd']) |
|
74
|
|
|
->before([$this, 'setDNs']) |
|
75
|
|
|
->before([$this, 'ensureNotOwn']) |
|
76
|
|
|
->before([$this, 'ensureGroupAdmin']); |
|
77
|
|
|
$controllers->post('/owner/remove', [$this, 'ownerRemove']) |
|
78
|
|
|
->before([$this, 'setDNs']) |
|
79
|
|
|
->before([$this, 'ensureNotOwn']) |
|
80
|
|
|
->before([$this, 'ensureGroupAdmin']); |
|
81
|
|
|
|
|
82
|
|
|
// TODO: implement request/accept/drop membership things and the manage-members route here |
|
83
|
|
|
|
|
84
|
|
|
return $controllers; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
/** |
|
88
|
|
|
* Ensure you're not editing your own position in the group, such as demoting yourself to regular user. |
|
89
|
|
|
* To be used as before middleware. |
|
90
|
|
|
* |
|
91
|
|
|
* @param Request $request |
|
92
|
|
|
* @return null|RefererRedirectResponse |
|
93
|
|
|
*/ |
|
94
|
|
|
public function ensureNotOwn(Request $request) |
|
95
|
|
|
{ |
|
96
|
|
|
/** @var \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token */ |
|
97
|
|
|
$token = $this->app['security.token_storage']->getToken(); |
|
98
|
|
|
$user = $token->getUser(); |
|
99
|
|
|
if ($user->getAttributes()['uid'][0] === $this->uid) { |
|
100
|
|
|
$this->app['session']->getFlashBag() |
|
101
|
|
|
->add('error', 'Du kannst dich nicht selbst bearbeiten.'); |
|
102
|
|
|
return new RefererRedirectResponse($request); |
|
103
|
|
|
} |
|
104
|
|
|
return null; |
|
105
|
|
|
} |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* Ensure you are indeed an admin of the group you are about to modify. |
|
109
|
|
|
* To be used as before middleware. |
|
110
|
|
|
* |
|
111
|
|
|
* @param Request $request |
|
112
|
|
|
* @return null|RefererRedirectResponse |
|
113
|
|
|
*/ |
|
114
|
|
|
public function ensureGroupAdmin(Request $request) |
|
115
|
|
|
{ |
|
116
|
|
|
/** @var \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token */ |
|
117
|
|
|
$token = $this->app['security.token_storage']->getToken(); |
|
118
|
|
|
$user = $token->getUser(); |
|
119
|
|
View Code Duplication |
if (in_array($this->ou, $user->getOwnerships()) === false) { |
|
|
|
|
|
|
120
|
|
|
$this->app['session']->getFlashBag() |
|
121
|
|
|
->add('error', 'Du kannst nur Gruppen bearbeiten, von denen du Koordinator bist.'); |
|
122
|
|
|
return new RefererRedirectResponse($request); |
|
123
|
|
|
} |
|
124
|
|
|
return null; |
|
125
|
|
|
} |
|
126
|
|
|
|
|
127
|
|
|
/** |
|
128
|
|
|
* Adds the current user to the current group as owner. |
|
129
|
|
|
* |
|
130
|
|
|
* @param Request $request |
|
131
|
|
|
* @return RefererRedirectResponse |
|
132
|
|
|
*/ |
|
133
|
|
View Code Duplication |
public function ownerAdd(Request $request) |
|
|
|
|
|
|
134
|
|
|
{ |
|
135
|
|
|
$this->app['ldap']->addToGroup($this->user_dn, $this->group_dn, 'owner'); |
|
136
|
|
|
$this->app['session']->getFlashBag() |
|
137
|
|
|
->add('success', 'Das Mitglied wurde erfolgreich als zusätzlicher Koordinator hinzugefügt.'); |
|
138
|
|
|
return new RefererRedirectResponse($request); |
|
139
|
|
|
} |
|
140
|
|
|
|
|
141
|
|
|
/** |
|
142
|
|
|
* Removes the current user from the current group as owner. |
|
143
|
|
|
* |
|
144
|
|
|
* @param Request $request |
|
145
|
|
|
* @return RefererRedirectResponse |
|
146
|
|
|
*/ |
|
147
|
|
View Code Duplication |
public function ownerRemove(Request $request) |
|
|
|
|
|
|
148
|
|
|
{ |
|
149
|
|
|
$this->app['ldap']->removeFromGroup($this->user_dn, $this->group_dn, 'owner'); |
|
150
|
|
|
$this->app['session']->getFlashBag() |
|
151
|
|
|
->add('success', 'Das Mitglied wurde erfolgreich als Koordinator ausgetragen.'); |
|
152
|
|
|
return new RefererRedirectResponse($request); |
|
153
|
|
|
} |
|
154
|
|
|
|
|
155
|
|
|
/** |
|
156
|
|
|
* Sets the full DNs from the given Request object on the controller instance. |
|
157
|
|
|
* |
|
158
|
|
|
* @param Request $request |
|
159
|
|
|
* @return array Full DNs for the owner and group |
|
160
|
|
|
*/ |
|
161
|
|
|
public function setDNs(Request $request) |
|
162
|
|
|
{ |
|
163
|
|
|
$this->uid = $request->request->get('uid'); |
|
164
|
|
|
$this->ou = $request->request->get('ou'); |
|
165
|
|
View Code Duplication |
if (is_null($this->uid) || is_null($this->ou)) { |
|
|
|
|
|
|
166
|
|
|
$this->app['session']->getFlashBag() |
|
167
|
|
|
->add('error', 'Ein Fehler ist aufgetreten.'); |
|
168
|
|
|
return new RefererRedirectResponse($request); |
|
169
|
|
|
} |
|
170
|
|
|
$groupDN = sprintf('ou=%s,ou=groups,o=sog-de,dc=sog', $this->ou); |
|
171
|
|
|
|
|
172
|
|
|
try { |
|
173
|
|
|
$userDN = $this->app['ldap']->findUserDN($this->uid); |
|
174
|
|
|
} catch (LdapException $ex) { |
|
175
|
|
|
return new RefererRedirectResponse($request); |
|
176
|
|
|
} |
|
177
|
|
|
|
|
178
|
|
|
$this->group_dn = $groupDN; |
|
179
|
|
|
$this->user_dn = $userDN; |
|
180
|
|
|
return null; |
|
181
|
|
|
} |
|
182
|
|
|
|
|
183
|
|
|
} |
studieren-ohne-grenzen /
dashboard
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.