From 9b826e6e5fbbd649bcec67a4f4ca153b09f98828 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Mon, 9 Nov 2015 13:04:02 +0100
Subject: [PATCH] Drop class Ldap\Expression and introduce
 LdapQuery::$nativeFilter

I'm about to add support for our Data\Filter implementation, since it cannot
parse native LDAP filters and a user may have configured such, we need to
differentiate the two types of filter.

refs #10370
---
 .../Authentication/User/LdapUserBackend.php   |  3 +-
 .../UserGroup/LdapUserGroupBackend.php        | 17 +++--
 library/Icinga/Protocol/Ldap/Expression.php   | 30 ---------
 library/Icinga/Protocol/Ldap/LdapQuery.php    | 62 +++++++++++++------
 4 files changed, 53 insertions(+), 59 deletions(-)
 delete mode 100644 library/Icinga/Protocol/Ldap/Expression.php

diff --git a/library/Icinga/Authentication/User/LdapUserBackend.php b/library/Icinga/Authentication/User/LdapUserBackend.php
index b5bd51f45..b26b8aad7 100644
--- a/library/Icinga/Authentication/User/LdapUserBackend.php
+++ b/library/Icinga/Authentication/User/LdapUserBackend.php
@@ -12,7 +12,6 @@ use Icinga\Exception\ProgrammingError;
 use Icinga\Repository\LdapRepository;
 use Icinga\Repository\RepositoryQuery;
 use Icinga\Protocol\Ldap\LdapException;
-use Icinga\Protocol\Ldap\Expression;
 use Icinga\User;
 
 class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
@@ -203,7 +202,7 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
         $query = parent::select($columns);
         $query->getQuery()->setBase($this->baseDn);
         if ($this->filter) {
-            $query->getQuery()->where(new Expression($this->filter));
+            $query->getQuery()->setNativeFilter($this->filter);
         }
 
         return $query;
diff --git a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
index 9a4ab53c0..4c11d1a68 100644
--- a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
@@ -9,7 +9,6 @@ use Icinga\Application\Logger;
 use Icinga\Data\ConfigObject;
 use Icinga\Exception\ConfigurationError;
 use Icinga\Exception\ProgrammingError;
-use Icinga\Protocol\Ldap\Expression;
 use Icinga\Repository\LdapRepository;
 use Icinga\Repository\RepositoryQuery;
 use Icinga\User;
@@ -368,11 +367,6 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
     {
         $query = parent::select($columns);
         $query->getQuery()->setBase($this->groupBaseDn);
-        if ($this->groupFilter) {
-            // TODO(jom): This should differentiate between groups and their memberships
-            $query->getQuery()->where(new Expression($this->groupFilter));
-        }
-
         return $query;
     }
 
@@ -529,7 +523,12 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
     public function requireTable($table, RepositoryQuery $query = null)
     {
         $table = parent::requireTable($table, $query);
-        if ($table === 'group' || $table === 'group_membership') {
+        if ($table === 'group') {
+            $table = $this->groupClass;
+            if ($query !== null && $this->groupFilter) {
+                $query->getQuery()->setNativeFilter($this->groupFilter);
+            }
+        } elseif ($table === 'group_memership') {
             $table = $this->groupClass;
         }
 
@@ -576,7 +575,7 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
                 ->setBase($this->userBaseDn)
                 ->setUsePagedResults(false);
             if ($this->userFilter) {
-                $userQuery->where(new Expression($this->userFilter));
+                $userQuery->setNativeFilter($this->userFilter);
             }
 
             if (($queryValue = $userQuery->fetchDn()) === null) {
@@ -590,7 +589,7 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
             ->where($this->groupMemberAttribute, $queryValue)
             ->setBase($this->groupBaseDn);
         if ($this->groupFilter) {
-            $groupQuery->where(new Expression($this->groupFilter));
+            $groupQuery->setNativeFilter($this->groupFilter);
         }
 
         $groups = array();
diff --git a/library/Icinga/Protocol/Ldap/Expression.php b/library/Icinga/Protocol/Ldap/Expression.php
deleted file mode 100644
index 403e1fd04..000000000
--- a/library/Icinga/Protocol/Ldap/Expression.php
+++ /dev/null
@@ -1,30 +0,0 @@
-<?php
-/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
-
-namespace Icinga\Protocol\Ldap;
-
-class Expression
-{
-    protected $value;
-
-    public function __construct($value)
-    {
-        $this->value = $value;
-    }
-
-    public function setValue($value)
-    {
-        $this->value = $value;
-        return $this;
-    }
-
-    public function getValue()
-    {
-        return $this->value;
-    }
-
-    public function __toString()
-    {
-        return (string) $this->getValue();
-    }
-}
diff --git a/library/Icinga/Protocol/Ldap/LdapQuery.php b/library/Icinga/Protocol/Ldap/LdapQuery.php
index 2832908ea..3696062ef 100644
--- a/library/Icinga/Protocol/Ldap/LdapQuery.php
+++ b/library/Icinga/Protocol/Ldap/LdapQuery.php
@@ -42,6 +42,13 @@ class LdapQuery extends SimpleQuery
      */
     protected $unfoldAttribute;
 
+    /**
+     * This query's native LDAP filter
+     *
+     * @var string
+     */
+    protected $nativeFilter;
+
     /**
      * Initialize this query
      */
@@ -120,6 +127,29 @@ class LdapQuery extends SimpleQuery
         return $this->unfoldAttribute;
     }
 
+    /**
+     * Set this query's native LDAP filter
+     *
+     * @param   string  $filter
+     *
+     * @return  $this
+     */
+    public function setNativeFilter($filter)
+    {
+        $this->nativeFilter = $filter;
+        return $this;
+    }
+
+    /**
+     * Return this query's native LDAP filter
+     *
+     * @return  string
+     */
+    public function getNativeFilter()
+    {
+        return $this->nativeFilter;
+    }
+
     /**
      * Choose an objectClass and the columns you are interested in
      *
@@ -141,13 +171,7 @@ class LdapQuery extends SimpleQuery
      */
     public function where($condition, $value = null)
     {
-        // TODO: Adjust this once support for Icinga\Data\Filter is available
-        if ($condition instanceof Expression) {
-            $this->filters[] = $condition;
-        } else {
-            $this->filters[$condition] = $value;
-        }
-
+        $this->filters[$condition] = $value;
         return $this;
     }
 
@@ -239,22 +263,24 @@ class LdapQuery extends SimpleQuery
 
         $parts = array();
         foreach ($this->filters as $key => $value) {
-            if ($value instanceof Expression) {
-                $parts[] = (string) $value;
-            } else {
-                $parts[] = sprintf(
-                    '%s=%s',
-                    LdapUtils::quoteForSearch($key),
-                    LdapUtils::quoteForSearch($value, true)
-                );
-            }
+            $parts[] = sprintf(
+                '%s=%s',
+                LdapUtils::quoteForSearch($key),
+                LdapUtils::quoteForSearch($value, true)
+            );
         }
 
         if (count($parts) > 1) {
-            return '(&(' . implode(')(', $parts) . '))';
+            $filter = '(&(' . implode(')(', $parts) . '))';
         } else {
-            return '(' . $parts[0] . ')';
+            $filter = '(' . $parts[0] . ')';
         }
+
+        if ($this->nativeFilter) {
+            $filter = '(&(' . $this->nativeFilter . ')' . $filter . ')';
+        }
+
+        return $filter;
     }
 
     /**