Class userinfo This class contains all informations and functions about user. More...
Public Member Functions | |
| loadLDAPInfo () | |
| Loads user information from LDAP. | |
| reset_acl_cache () | |
| Reset acl cache. | |
| loadACL () | |
| Load an acl. | |
| get_acl_target_objects () | |
| Returns an array containing all target objects we've permissions on. More... | |
| get_category_permissions ($dn, $category) | |
| Get permissions by category. More... | |
| is_copyable ($dn, $object) | |
| Check if the given object (dn) is copyable. More... | |
| is_cutable ($dn, $object, $class) | |
| Check if the given object (dn) is cutable. More... | |
| is_pasteable ($dn, $object) | |
| Checks if we are allowed to paste an object to the given destination ($dn) More... | |
| allow_snapshot_restore ($dn, $categories, $deleted) | |
| Checks if we are allowed to restore a snapshot for the given dn. More... | |
| allow_snapshot_create ($dn, $categories) | |
| Checks if we are allowed to create a snapshot of the given dn. More... | |
| allow_snapshot_delete ($dn, $categories) | |
| Checks if we are allowed to delete a snapshot of the given dn. More... | |
| get_permissions ($dn, $object, $attribute='', $skip_write=FALSE) | |
| Get the permissions for a specified dn. More... | |
| get_module_departments ($module, bool $skip_self_acls=FALSE) | |
| Extract all departments that are accessible. More... | |
| get_complete_category_acls ($dn, $category) | |
| Return combined acls for a given category. More... | |
| ignore_acl_for_current_user () | |
| Ignore acl for the current user. More... | |
| expired_status () | |
| Checks the posixAccount status by comparing the shadow attributes. More... | |
Static Public Member Functions | |
| static | getLdapUser (string $username) |
| Get user from LDAP directory. More... | |
| static | loginUser (string $username, string $password) |
| Verify user login against LDAP directory. More... | |
Protected Attributes | |
| $cachedAttrs = [] | |
| LDAP attributes of this user at login. | |
| $sizeLimitHandler | |
| LDAP size limit handler. | |
| $currentBase | |
| Current management base. | |
| $forcePasswordChange = FALSE | |
| Password change should be forced. | |
Detailed Description
Class userinfo This class contains all informations and functions about user.
Definition at line 40 of file class_userinfo.inc.
Member Function Documentation
◆ allow_snapshot_create()
| allow_snapshot_create | ( | $dn, | |
| $categories | |||
| ) |
Checks if we are allowed to create a snapshot of the given dn.
- Parameters
-
string $dn The source dn string $categories The acl category (e.g. user)
- Returns
- boolean TRUE if we are allowed to create a snapshot.
Definition at line 450 of file class_userinfo.inc.
◆ allow_snapshot_delete()
| allow_snapshot_delete | ( | $dn, | |
| $categories | |||
| ) |
Checks if we are allowed to delete a snapshot of the given dn.
- Parameters
-
string $dn The source dn string $categories The acl category (e.g. user)
- Returns
- boolean TRUE if we are allowed to delete a snapshot.
Definition at line 466 of file class_userinfo.inc.
References get_permissions().
◆ allow_snapshot_restore()
| allow_snapshot_restore | ( | $dn, | |
| $categories, | |||
| $deleted | |||
| ) |
Checks if we are allowed to restore a snapshot for the given dn.
- Parameters
-
string $dn The destination dn string $categories The acl category (e.g. user) boolean $deleted Is it a deleted or existing object
- Returns
- boolean TRUE if we are allowed to restore a snapshot.
Definition at line 434 of file class_userinfo.inc.
◆ expired_status()
| expired_status | ( | ) |
Checks the posixAccount status by comparing the shadow attributes.
- Returns
- const POSIX_ACCOUNT_EXPIRED - If the account is expired. POSIX_WARN_ABOUT_EXPIRATION - If the account is going to expire. POSIX_FORCE_PASSWORD_CHANGE - The password has to be changed. POSIX_DISALLOW_PASSWORD_CHANGE - The password cannot be changed right now.
shadowLastChange
|
|---- shadowMin ---> | <-- shadowMax --
| | |
|------- shadowWarning -> |
|-- shadowInactive --> DEACTIVATED
|
EXPIRED
Definition at line 802 of file class_userinfo.inc.
◆ get_acl_target_objects()
| get_acl_target_objects | ( | ) |
Returns an array containing all target objects we've permissions on.
- Returns
- Return the next id or NULL if failed
Definition at line 354 of file class_userinfo.inc.
◆ get_category_permissions()
| get_category_permissions | ( | $dn, | |
| $category | |||
| ) |
Get permissions by category.
- Parameters
-
string $dn Dn from which we want to know permissions. string $category Category for which we want the acl eg: server
- Returns
- all the permissions for the dn and category
Definition at line 368 of file class_userinfo.inc.
References get_permissions().
Referenced by get_module_departments().
◆ get_complete_category_acls()
| get_complete_category_acls | ( | $dn, | |
| $category | |||
| ) |
Return combined acls for a given category.
Return combined acls for a given category. All acls will be combined like boolean AND As example ('rwcdm' + 'rcd' + 'wrm'= 'r')
Results will be cached in $this->result_cache. $this->result_cache will be resetted if load_acls is called.
- Parameters
-
string $dn The DN string $category The category
- Returns
- string return acl combined with boolean AND
Definition at line 735 of file class_userinfo.inc.
References get_permissions().
Referenced by is_copyable(), is_cutable(), and is_pasteable().
◆ get_module_departments()
| get_module_departments | ( | $module, | |
| bool | $skip_self_acls = FALSE |
||
| ) |
Extract all departments that are accessible.
Extract all departments that are accessible (direct or 'on the way' to an accessible department)
- Parameters
-
string | array $module The module bool $skip_self_acls FALSE
- Returns
- array Return all accessible departments
Definition at line 640 of file class_userinfo.inc.
References get_category_permissions(), get_permissions(), session\get_ref(), and ignore_acl_for_current_user().
◆ get_permissions()
| get_permissions | ( | $dn, | |
| $object, | |||
$attribute = '', |
|||
$skip_write = FALSE |
|||
| ) |
Get the permissions for a specified dn.
- Parameters
-
string $dn The object dn string $object The acl category (e.g. user) string $attribute bool $skip_write Remove the write acl for this dn
Definition at line 509 of file class_userinfo.inc.
References session\get_ref(), and ignore_acl_for_current_user().
Referenced by allow_snapshot_delete(), get_category_permissions(), get_complete_category_acls(), get_module_departments(), and is_cutable().
◆ getLdapUser()
|
static |
Get user from LDAP directory.
Search the user by login or other fields authorized by the configuration
- Parameters
-
string $username The username or email to check
- Returns
- userinfo instance on SUCCESS, FALSE if not found, string error on error
Definition at line 1037 of file class_userinfo.inc.
References msgPool\ldaperror().
Referenced by LoginHTTPHeader\loginProcess(), and LoginCAS\loginProcess().
◆ ignore_acl_for_current_user()
| ignore_acl_for_current_user | ( | ) |
Ignore acl for the current user.
- Returns
- Returns TRUE if the current user is configured in IGNORE_ACL=".." in your fusiondirectory.conf FALSE otherwise
Definition at line 776 of file class_userinfo.inc.
Referenced by get_module_departments(), and get_permissions().
◆ is_copyable()
| is_copyable | ( | $dn, | |
| $object | |||
| ) |
Check if the given object (dn) is copyable.
- Parameters
-
string $dn The object dn string $object The acl category (e.g. user)
- Returns
- boolean TRUE if the given object is copyable else FALSE
Definition at line 383 of file class_userinfo.inc.
References get_complete_category_acls().
◆ is_cutable()
| is_cutable | ( | $dn, | |
| $object, | |||
| $class | |||
| ) |
Check if the given object (dn) is cutable.
- Parameters
-
string $dn The object dn string $object The acl category (e.g. user) string $class The acl class (e.g. user)
- Returns
- boolean TRUE if the given object is cutable else FALSE
Definition at line 400 of file class_userinfo.inc.
References get_complete_category_acls(), and get_permissions().
◆ is_pasteable()
| is_pasteable | ( | $dn, | |
| $object | |||
| ) |
Checks if we are allowed to paste an object to the given destination ($dn)
- Parameters
-
string $dn The destination dn string $object The acl category (e.g. user)
- Returns
- Boolean TRUE if we are allowed to paste an object.
Definition at line 417 of file class_userinfo.inc.
References get_complete_category_acls().
◆ loginUser()
|
static |
Verify user login against LDAP directory.
Checks if the specified username is in the LDAP and verifies if the password is correct by binding to the LDAP with the given credentials.
- Parameters
-
string $username The username to check string $password The password to check
- Returns
- TRUE on SUCCESS, NULL or FALSE on error
Definition at line 1106 of file class_userinfo.inc.
References LDAP\invalidCredentialsError().
The documentation for this class was generated from the following file:
- include/class_userinfo.inc
