r80673 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r80672‎ \| r80673 \| r80674 >
Date:	01:10, 21 January 2011
Author:	laner
Status:	deferred
Tags:
Comment:	Adding missing file
Modified paths:	/trunk/extensions/OpenStackManager/OpenStackNovaRole.php (added) (history)

Diff [purge]

Index: trunk/extensions/OpenStackManager/OpenStackNovaRole.php
—	—	@@ -0,0 +1,201 @@
	2	+<?php
	3	+
	4	+class OpenStackNovaRole {
	5	+
	6	+ var $rolename;
	7	+ var $roleDN;
	8	+ var $roleInfo;
	9	+ var $global;
	10	+
	11	+ function __construct( $rolename, $project=null ) {
	12	+ $this->rolename = $rolename;
	13	+ $this->project = $project;
	14	+ if ( $this->project ) {
	15	+ $this->global = false;
	16	+ } else {
	17	+ $this->global = true;
	18	+ }
	19	+ $this->connect();
	20	+ $this->fetchRoleInfo();
	21	+ }
	22	+
	23	+ function connect() {
	24	+ global $wgAuth;
	25	+ global $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword;
	26	+ global $wgOpenStackManagerLDAPDomain;
	27	+
	28	+ $wgAuth->connect( $wgOpenStackManagerLDAPDomain );
	29	+ $wgAuth->bindAs( $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword );
	30	+ }
	31	+
	32	+ function fetchRoleInfo() {
	33	+ global $wgAuth;
	34	+ global $wgOpenStackManagerLDAPProjectBaseDN;
	35	+ global $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword;
	36	+ global $wgOpenStackManagerLDAPGlobalRoles;
	37	+
	38	+ if ( $this->global ) {
	39	+ if ( isset ( $wgOpenStackManagerLDAPGlobalRoles["$this->rolename"] ) ) {
	40	+ $dn = $wgOpenStackManagerLDAPGlobalRoles["$this->rolename"];
	41	+ } else {
	42	+ # This condition would be a bug...
	43	+ $dn = '';
	44	+ }
	45	+ } else {
	46	+ $dn = $this->project->projectDN;
	47	+ }
	48	+ wfSuppressWarnings();
	49	+ $result = ldap_search( $wgAuth->ldapconn, $dn, '(cn=' . $this->rolename . ')' );
	50	+ $this->roleInfo = ldap_get_entries( $wgAuth->ldapconn, $result );
	51	+ wfRestoreWarnings();
	52	+ $this->roleDN = $this->roleInfo[0]['dn'];
	53	+ }
	54	+
	55	+ function getRoleName() {
	56	+ return $this->rolename;
	57	+ }
	58	+
	59	+ function getMembers() {
	60	+ $members = array();
	61	+ if ( isset( $this->roleInfo[0]['member'] ) ) {
	62	+ $memberdns = $this->roleInfo[0]['member'];
	63	+ array_shift( $memberdns );
	64	+ foreach ( $memberdns as $memberdn ) {
	65	+ $member = explode( '=', $memberdn );
	66	+ $member = explode( ',', $member[1] );
	67	+ $member = $member[0];
	68	+ $members[] = $member;
	69	+ }
	70	+ }
	71	+
	72	+ return $members;
	73	+ }
	74	+
	75	+ function deleteMember( $username ) {
	76	+ global $wgAuth;
	77	+
	78	+ if ( isset( $this->roleInfo[0]['member'] ) ) {
	79	+ $members = $this->roleInfo[0]['member'];
	80	+ array_shift( $members );
	81	+ $user = new OpenStackNovaUser( $username );
	82	+ if ( ! $user->userDN ) {
	83	+ $wgAuth->printDebug( "Failed to find userDN in deleteMember", NONSENSITIVE );
	84	+ return false;
	85	+ }
	86	+ $index = array_search( $user->userDN, $members );
	87	+ if ( $index === false ) {
	88	+ $wgAuth->printDebug( "Failed to find userDN in member list", NONSENSITIVE );
	89	+ return false;
	90	+ }
	91	+ unset( $members[$index] );
	92	+ $values['member'] = array();
	93	+ foreach ( $members as $member ) {
	94	+ $values['member'][] = $member;
	95	+ }
	96	+ wfSuppressWarnings();
	97	+ $success = ldap_modify( $wgAuth->ldapconn, $this->roleDN, $values );
	98	+ wfRestoreWarnings();
	99	+ if ( $success ) {
	100	+ $wgAuth->printDebug( "Successfully removed $user->userDN from $this->roleDN", NONSENSITIVE );
	101	+ return true;
	102	+ } else {
	103	+ $wgAuth->printDebug( "Failed to remove $user->userDN from $this->roleDN", NONSENSITIVE );
	104	+ return false;
	105	+ }
	106	+ } else {
	107	+ return false;
	108	+ }
	109	+ }
	110	+
	111	+ function addMember( $username ) {
	112	+ global $wgAuth;
	113	+
	114	+ $members = array();
	115	+ if ( isset( $this->roleInfo[0]['member'] ) ) {
	116	+ $members = $this->roleInfo[0]['member'];
	117	+ array_shift( $members );
	118	+ }
	119	+ $user = new OpenStackNovaUser( $username );
	120	+ if ( ! $user->userDN ) {
	121	+ $wgAuth->printDebug( "Failed to find userDN in addMember", NONSENSITIVE );
	122	+ return false;
	123	+ }
	124	+ $members[] = $user->userDN;
	125	+ $values['member'] = $members;
	126	+ wfSuppressWarnings();
	127	+ $success = ldap_modify( $wgAuth->ldapconn, $this->roleDN, $values );
	128	+ wfRestoreWarnings();
	129	+ if ( $success ) {
	130	+ $wgAuth->printDebug( "Successfully added $user->userDN to $this->roleDN", NONSENSITIVE );
	131	+ return true;
	132	+ } else {
	133	+ $wgAuth->printDebug( "Failed to add $user->userDN to $this->roleDN", NONSENSITIVE );
	134	+ return false;
	135	+ }
	136	+ }
	137	+
	138	+ static function getProjectRoleByName( $rolename, $project ) {
	139	+ $role = new OpenStackNovaRole( $rolename, $project );
	140	+ if ( $role->roleInfo ) {
	141	+ return $role;
	142	+ } else {
	143	+ return null;
	144	+ }
	145	+ }
	146	+
	147	+ static function getGlobalRoleByName( $rolename ) {
	148	+ $role = new OpenStackNovaRole( $rolename );
	149	+ if ( $role->roleInfo ) {
	150	+ return $role;
	151	+ } else {
	152	+ return null;
	153	+ }
	154	+ }
	155	+
	156	+ static function getAllGlobalRoles() {
	157	+ global $wgAuth;
	158	+ global $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword;
	159	+ global $wgOpenStackManagerLDAPDomain;
	160	+ global $wgOpenStackManagerLDAPGlobalRoles;
	161	+
	162	+ $wgAuth->connect( $wgOpenStackManagerLDAPDomain );
	163	+ $wgAuth->bindAs( $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword );
	164	+
	165	+ $roles = array();
	166	+ foreach ( array_keys( $wgOpenStackManagerLDAPGlobalRoles ) as $rolename ) {
	167	+ $role = new OpenStackNovaRole( $rolename );
	168	+ array_push( $roles, $role );
	169	+ }
	170	+
	171	+ return $roles;
	172	+ }
	173	+
	174	+ static function createRole( $rolename, $project ) {
	175	+ global $wgAuth;
	176	+ global $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword;
	177	+ global $wgOpenStackManagerLDAPProjectBaseDN;
	178	+ global $wgOpenStackManagerLDAPDomain;
	179	+
	180	+ $wgAuth->connect( $wgOpenStackManagerLDAPDomain );
	181	+ $wgAuth->bindAs( $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword );
	182	+
	183	+ $role = array();
	184	+ $role['objectclass'][] = 'groupofnames';
	185	+ $role['cn'] = $rolename;
	186	+ $roledn = 'cn=' . $rolename . ',' . $project->projectDN;
	187	+ wfSuppressWarnings();
	188	+ $success = ldap_add( $wgAuth->ldapconn, $roledn, $role );
	189	+ wfRestoreWarnings();
	190	+ # TODO: If role addition fails, find a way to fail gracefully
	191	+ # Though, if the project was added successfully, it is unlikely
	192	+ # that role addition will fail.
	193	+ if ( $success ) {
	194	+ $wgAuth->printDebug( "Successfully added role $rolename", NONSENSITIVE );
	195	+ return true;
	196	+ } else {
	197	+ $wgAuth->printDebug( "Failed to add role $rolename", NONSENSITIVE );
	198	+ return false;
	199	+ }
	200	+ }
	201	+
	202	+}
Property changes on: trunk/extensions/OpenStackManager/OpenStackNovaRole.php
___________________________________________________________________
Added: svn:eol-style
1	203	+ native

Status & tagging log

00:02, 27 January 2011 Reedy (talk | contribs) changed the status of r80673 [removed: new added: deferred]