tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Drop class Ldap\Expression and introduce LdapQuery::$nativeFilter

Browse Source 
I'm about to add support for our Data\Filter implementation, since it cannot
parse native LDAP filters and a user may have configured such, we need to
differentiate the two types of filter.

refs #10370
This commit is contained in:
Johannes Meyer 2015-11-09 13:04:02 +01:00
parent 62eb767cd5
commit 9b826e6e5f
4 changed files with 53 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/Icinga/Authentication/User/LdapUserBackend.php
View File

@ -12,7 +12,6 @@ use Icinga\Exception\ProgrammingError;
use Icinga\Repository\LdapRepository;
use Icinga\Repository\RepositoryQuery;
use Icinga\Protocol\Ldap\LdapException;
use Icinga\Protocol\Ldap\Expression;
use Icinga\User;
class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
@ -203,7 +202,7 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
$query = parent::select($columns);
$query->getQuery()->setBase($this->baseDn);
if ($this->filter) {
$query->getQuery()->where(new Expression($this->filter));
$query->getQuery()->setNativeFilter($this->filter);
}
return $query;

17
library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
View File

@ -9,7 +9,6 @@ use Icinga\Application\Logger;
use Icinga\Data\ConfigObject;
use Icinga\Exception\ConfigurationError;
use Icinga\Exception\ProgrammingError;
use Icinga\Protocol\Ldap\Expression;
use Icinga\Repository\LdapRepository;
use Icinga\Repository\RepositoryQuery;
use Icinga\User;
@ -368,11 +367,6 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
{
$query = parent::select($columns);
$query->getQuery()->setBase($this->groupBaseDn);
if ($this->groupFilter) {
// TODO(jom): This should differentiate between groups and their memberships
$query->getQuery()->where(new Expression($this->groupFilter));
}
return $query;
}
@ -529,7 +523,12 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
public function requireTable($table, RepositoryQuery $query = null)
{
$table = parent::requireTable($table, $query);
if ($table === 'group' || $table === 'group_membership') {
if ($table === 'group') {
$table = $this->groupClass;
if ($query !== null && $this->groupFilter) {
$query->getQuery()->setNativeFilter($this->groupFilter);
}
} elseif ($table === 'group_memership') {
$table = $this->groupClass;
}
@ -576,7 +575,7 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
->setBase($this->userBaseDn)
->setUsePagedResults(false);
if ($this->userFilter) {
$userQuery->where(new Expression($this->userFilter));
$userQuery->setNativeFilter($this->userFilter);
}
if (($queryValue = $userQuery->fetchDn()) === null) {
@ -590,7 +589,7 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
->where($this->groupMemberAttribute, $queryValue)
->setBase($this->groupBaseDn);
if ($this->groupFilter) {
$groupQuery->where(new Expression($this->groupFilter));
$groupQuery->setNativeFilter($this->groupFilter);
}
$groups = array();

30
library/Icinga/Protocol/Ldap/Expression.php
View File

@ -1,30 +0,0 @@
<?php
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
namespace Icinga\Protocol\Ldap;
class Expression
{
protected $value;
public function __construct($value)
{
$this->value = $value;
}
public function setValue($value)
{
$this->value = $value;
return $this;
}
public function getValue()
{
return $this->value;
}
public function __toString()
{
return (string) $this->getValue();
}
}

62
library/Icinga/Protocol/Ldap/LdapQuery.php
View File

@ -42,6 +42,13 @@ class LdapQuery extends SimpleQuery
*/
protected $unfoldAttribute;
/**
* This query's native LDAP filter
*
* @var string
*/
protected $nativeFilter;
/**
* Initialize this query
*/
@ -120,6 +127,29 @@ class LdapQuery extends SimpleQuery
return $this->unfoldAttribute;
}
/**
* Set this query's native LDAP filter
*
* @param string $filter
*
* @return $this
*/
public function setNativeFilter($filter)
{
$this->nativeFilter = $filter;
return $this;
}
/**
* Return this query's native LDAP filter
*
* @return string
*/
public function getNativeFilter()
{
return $this->nativeFilter;
}
/**
* Choose an objectClass and the columns you are interested in
*
@ -141,13 +171,7 @@ class LdapQuery extends SimpleQuery
*/
public function where($condition, $value = null)
{
// TODO: Adjust this once support for Icinga\Data\Filter is available
if ($condition instanceof Expression) {
$this->filters[] = $condition;
} else {
$this->filters[$condition] = $value;
}
$this->filters[$condition] = $value;
return $this;
}
@ -239,22 +263,24 @@ class LdapQuery extends SimpleQuery
$parts = array();
foreach ($this->filters as $key => $value) {
if ($value instanceof Expression) {
$parts[] = (string) $value;
} else {
$parts[] = sprintf(
'%s=%s',
LdapUtils::quoteForSearch($key),
LdapUtils::quoteForSearch($value, true)
);
}
$parts[] = sprintf(
'%s=%s',
LdapUtils::quoteForSearch($key),
LdapUtils::quoteForSearch($value, true)
);
}
if (count($parts) > 1) {
return '(&(' . implode(')(', $parts) . '))';
$filter = '(&(' . implode(')(', $parts) . '))';
} else {
return '(' . $parts[0] . ')';
$filter = '(' . $parts[0] . ')';
}
if ($this->nativeFilter) {
$filter = '(&(' . $this->nativeFilter . ')' . $filter . ')';
}
return $filter;
}
/**