Context Navigation

source: trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/User.pm @ 2265

Visit:

Last change on this file since 2265 was 2265, checked in by nanardon, 5 years ago
Fix address change propagation
Property svn:keywords set to `Id Rev`
File size: 80.8 KB

Rev	Line
[29]	1	package LATMOS::Accounts::Bases::Sql::User;
[19]	2
	3	use 5.010000;
	4	use strict;
	5	use warnings;
[1329]	6	use overload '""' => 'stringify';
[19]	7
[175]	8	use LATMOS::Accounts::Utils;
[390]	9	use LATMOS::Accounts::Log;
[1079]	10	use POSIX qw(strftime);
[1500]	11	use Date::Parse qw(str2time);
	12	use DateTime;
	13	use DateTime::TimeZone;
[29]	14	use base qw(LATMOS::Accounts::Bases::Sql::objects);
[1549]	15	use LATMOS::Accounts::I18N;
[1623]	16	use Date::Calc;
[1640]	17	use LATMOS::Accounts::Mail;
[19]	18
[2175]	19	our $VERSION = (q$Rev: 2158 $ =~ /^Rev: (\d+) /)[0];
[19]	20
	21	=head1 NAME
	22
	23	LATMOS::Ad - Perl extension for blah blah blah
	24
	25	=head1 DESCRIPTION
	26
	27	Account base access over standard unix file format.
	28
	29	=head1 FUNCTIONS
	30
	31	=cut
	32
[1071]	33	=head2 new(%config)
[19]	34
	35	Create a new LATMOS::Ad object for windows AD $domain.
	36
	37	domain / server: either the Ad domain or directly the server
	38
	39	ldap_args is an optionnal list of arguments to pass to L<Net::LDAP>.
	40
	41	=cut
	42
[1014]	43	sub _object_table { 'user' }
[19]	44
[1014]	45	sub _key_field { 'name' }
[29]	46
[1014]	47	sub _has_extended_attributes { 1 }
[74]	48
[1329]	49	sub stringify {
	50	my ($self) = @_;
	51
	52	return join(' ', grep { $_ }
	53	(
	54	$self->get_field('givenName'),
	55	$self->get_field('sn')
	56	)
	57	)
	58	\|\| $self->get_field('description')
	59	\|\| $self->id;
	60	}
	61
[1992]	62	sub GetOtypeDef {
	63	my ($class) = @_;
	64
	65	{
	66	address => 'user',
	67	employment => 'user',
	68	},
	69	}
	70
[861]	71	sub _get_attr_schema {
	72	my ($class, $base) = @_;
[92]	73
[1315]	74	my $subsetaddress = sub {
	75	my ($self, $data) = @_;
	76	my $fmainaddress = $self->object->_get_c_field('mainaddress');
	77
	78	# set address attribute => create address object on the fly
	79	# except if attr is empty !
	80	if (!$fmainaddress && $data) {
	81	$fmainaddress = $self->object->id . '-' . join('', map { ('a'..'z')[rand(26)] }
	82	(0..4));
	83	$self->base->_create_c_object(
	84	'address', $fmainaddress,
	85	user => $self->object->id,
	86	isMainAddress => 1, ) or do {
	87	$self->base->log(LA_ERR,
	88	"Cannot create main address for user %s", $self->object->id);
	89	return;
	90	};
	91	}
	92	if ($fmainaddress &&
	93	(my $address = $self->base->get_object('address', $fmainaddress))) {
	94	if ($address->attribute($self->name) &&
	95	!$address->attribute($self->name)->ro) {
	96	return $address->set_c_fields($self->name => $data) \|\|0;
	97	}
	98	}
	99	};
	100
[1524]	101	my $attrs = {
[1315]	102	exported => {
	103	post => sub {
	104	my ($self, $value) = @_;
	105	my $attr = $self->name;
	106
	107	if (my $obj = $self->base->
	108	get_object('revaliases', $self->object->id)) {
	109	my $ares = $obj->set_c_fields(
	110	($attr eq 'exported' ? 'exported' : 'unexported') => $value
	111	);
	112	if (!defined($ares)) {
	113	$self->base->log(LA_ERR,
	114	'Cannot set revaliases exported attribute for user %s',
	115	$self->object->id);
	116	}
	117	}
	118	my $must_expire = $self->name eq 'exported'
	119	? ($value ? 0 : 1 )
	120	: ($value ? 1 : 0 );
	121
[1500]	122	foreach my $al (grep { $_ } $self->object->get_attributes('aliases'), $self->object->id) {
[1315]	123	my $obj = $self->base->get_object('aliases', $al) or next;
	124	$obj->_set_c_fields(
[1470]	125	exported => $value,
[1315]	126	);
	127	}
[2265]	128	foreach my $al ($self->object->get_attributes('_otheraddress')) {
[1498]	129	my $obj = $self->base->get_object('address', $al) or next;
	130	$obj->_set_c_fields(
	131	exported => $value,
	132	);
	133	}
[1315]	134	},
	135	},
[910]	136	uidNumber => {
	137	inline => 1,
	138	iname => 'uidnumber',
	139	uniq => 1,
	140	mandatory => 1,
	141	formopts => { length => 7 },
[1550]	142	label => l('UID'),
[910]	143	},
[1297]	144	uidnumber => { inline => 1, hide => 1, monitored => 1 },
[1280]	145	gidNumber => {
[861]	146	inline => 1,
	147	iname => 'gidnumber',
	148	mandatory => 1,
	149	can_values => sub {
[1347]	150	map { $_->id, $_->get_attributes('gidNumber') }
	151	map { $base->get_object('group', $_) }
	152	$base->list_objects('group')
	153	},
	154	can_values => sub {
[1315]	155	my $sth = $base->db->prepare_cached(
	156	q{
[1347]	157	select name, gidnumber from "group" where exported = true
[1315]	158	}
	159	);
	160	$sth->execute();
	161	my @res;
	162	while (my $res = $sth->fetchrow_hashref) {
[1347]	163	push(@res, $res->{name});
[1315]	164	push(@res, $res->{gidnumber});
	165	}
	166	return @res;
[861]	167	},
	168	display => sub {
	169	my ($self, $val) = @_;
[1918]	170	if ($val =~ /^\d+$/) {
	171	my ($gr) = $self->base->search_objects('group', "gidNumber=$val")
	172	or return;
	173	return $gr;
	174	} else {
	175	my ($gr) = $self->base->search_objects('group', "name=$val")
	176	or return;
	177	return $gr;
	178	}
[861]	179	},
[1347]	180	input => sub {
	181	my ($val) = @_;
	182	$val =~ /^\d+$/ and return $val;
	183	my ($gr) = $base->search_objects('group', "name=$val") or return;
	184	return $base->get_object('group', $gr)->get_attributes('gidNumber');
	185	},
[1917]	186	#reference => 'group',
[1550]	187	label => l('GID'),
[861]	188	},
[1550]	189	loginShell => {
[1551]	190	mandatory => 1,
[1550]	191	label => l('Shell'),
	192	},
[861]	193	gidnumber => { inline => 1, hide => 1,
	194	can_values => sub {
[1347]	195	map { $_->id, $_->get_attributes('gidNumber') }
[861]	196	map { $base->get_object('group', $_) }
	197	$base->list_objects('group')
	198	},
[1347]	199	display => sub {
	200	my ($self, $val) = @_;
	201	my ($gr) = $self->base->search_objects('group', "gidNumber=$val")
	202	or return;
	203	return $gr;
	204	},
	205	input => sub {
	206	my ($val) = @_;
	207	$val =~ /^\d+$/ and return $val;
	208	my ($gr) = $base->search_objects('group', "name=$val") or return;
	209	return $base->get_object('group', $gr)->get_attributes('gidNumber');
	210	},
[861]	211	mandatory => 1,
	212	reference => 'group',
[1297]	213	monitored => 1,
[861]	214	},
	215	locked => {
	216	formtype => 'CHECKBOX',
	217	formopts => { rawvalue => 1, },
[1297]	218	monitored => 1,
[1550]	219	label => l('Locked'),
[861]	220	},
[1506]	221	expire => {
	222	inline => 1,
	223	formtype => 'DATETIME',
	224	monitored => 1,
[1620]	225	label => l('Expire on'),
[1506]	226	},
	227	endcircuit => {
	228	inline => 1,
	229	formtype => 'DATE',
	230	monitored => 1,
[1550]	231	label => l('End of entrance'),
[1506]	232	},
[1566]	233	_endEmployment => {
[1500]	234	formtype => 'DATETIME',
	235	managed => 1,
	236	ro => 1,
[1566]	237	hide => 1,
[1500]	238	get => sub {
	239	my ($attr) = @_;
	240	my $self = $attr->object;
[1592]	241	$self->_computeEndEmployment($self->base->config('employment_delay') \|\| 0);
[1500]	242	},
[1550]	243	label => l('End of employment'),
[1500]	244	},
[1566]	245	endEmployment => {
[1514]	246	formtype => 'DATETIME',
[1566]	247	ro => 1,
	248	label => l('End of employment'),
	249	},
[1748]	250	_departure => {
	251	formtype => 'DATETIME',
	252	managed => 1,
	253	ro => 1,
	254	hide => 1,
	255	get => sub {
	256	my ($attr) = @_;
	257	my $self = $attr->object;
[2141]	258	$self->_computeEndEmployment($self->base->config('employment_delay') \|\| 0, 1, 1);
[1748]	259	},
	260	label => l('Start of employment'),
	261	},
	262	departure => {
	263	formtype => 'DATETIME',
	264	ro => 1,
[1863]	265	label => l('Leaving'),
[1748]	266	},
[1566]	267	_endStrictEmployment => {
	268	formtype => 'DATETIME',
[1514]	269	managed => 1,
	270	ro => 1,
[1566]	271	hide => 1,
[1514]	272	get => sub {
	273	my ($attr) = @_;
	274	my $self = $attr->object;
[1526]	275	$self->_computeEndEmployment();
[1522]	276	},
	277	},
[1566]	278	endStrictEmployment => {
[1522]	279	formtype => 'DATETIME',
[1566]	280	ro => 1,
	281	},
	282	_endCurrentEmployment => {
	283	formtype => 'DATETIME',
[1522]	284	managed => 1,
	285	ro => 1,
[1566]	286	hide => 1,
[1522]	287	get => sub {
	288	my ($attr) = @_;
	289	my $self = $attr->object;
[1514]	290
	291	my $list_empl = $self->base->db->prepare_cached(q{
	292	SELECT * FROM employment WHERE "user" = ? and
[1522]	293	firstday <= now() and
[1514]	294	(lastday is null or lastday >= now() - '1 days'::interval)
	295	order by firstday asc
	296	});
	297	$list_empl->execute($self->id);
	298	my $end;
	299	while (my $res = $list_empl->fetchrow_hashref) {
	300	if (!$res->{lastday}) {
	301	# Ultimate employment.
	302	$list_empl->finish;
	303	return undef;
[1522]	304	} else {
[1514]	305	$end = DateTime->from_epoch(epoch => str2time($res->{lastday}));
	306	$end->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
	307	$end->add(hours => 23, minutes => 59, seconds => 59);
	308	}
[1522]	309	last;
[1514]	310	}
[1522]	311	$list_empl->finish;
	312
[1514]	313	return $end ? $end->iso8601 : undef
	314	},
	315	},
[1566]	316	endCurrentEmployment => {
[1511]	317	formtype => 'DATETIME',
[1566]	318	ro => 1,
	319	},
	320	_endLastEmployment => {
	321	formtype => 'DATETIME',
[1511]	322	managed => 1,
	323	ro => 1,
[1566]	324	hide => 1,
[1511]	325	get => sub {
	326	my ($attr) = @_;
	327	my $self = $attr->object;
	328
	329	my $list_empl = $self->base->db->prepare_cached(q{
	330	SELECT * FROM employment WHERE "user" = ?
	331	order by lastday desc nulls first
	332	});
	333	$list_empl->execute($self->id);
	334	my $res = $list_empl->fetchrow_hashref;
	335	$list_empl->finish;
	336	my $end;
	337	if ($res && $res->{lastday}) {
	338	$end = DateTime->from_epoch(epoch => str2time($res->{lastday}));
	339	$end->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
	340	$end->add(hours => 23, minutes => 59, seconds => 59);
	341	}
	342	return $end ? $end->iso8601 : undef
	343	},
[1550]	344	label => l('End of any employment'),
[1511]	345	},
[1566]	346	endLastEmployment => {
	347	formtype => 'DATETIME',
	348	ro => 1,
	349	label => l('End of any employment'),
	350	},
[1590]	351	_startEmployment => {
	352	formtype => 'DATETIME',
	353	managed => 1,
	354	ro => 1,
	355	hide => 1,
	356	get => sub {
	357	my ($attr) = @_;
	358	my $self = $attr->object;
[1592]	359	$self->_computeStartEmployment($self->base->config('employment_delay') \|\| 0);
[1590]	360	},
	361	label => l('Start of employment'),
	362	},
	363	startEmployment => {
	364	formtype => 'DATETIME',
	365	ro => 1,
	366	label => l('Start of employment'),
	367	},
[1748]	368	_arrival => {
	369	formtype => 'DATETIME',
	370	managed => 1,
	371	ro => 1,
	372	hide => 1,
	373	get => sub {
	374	my ($attr) = @_;
	375	my $self = $attr->object;
[1757]	376	$self->_computeStartEmployment($self->base->config('employment_delay') \|\| 0, 1, 1);
[1748]	377	},
	378	label => l('Start of employment'),
	379	},
	380	arrival => {
	381	formtype => 'DATETIME',
	382	ro => 1,
	383	label => l('Arrival'),
	384	},
[1590]	385	_startStrictEmployment => {
	386	formtype => 'DATETIME',
	387	managed => 1,
	388	ro => 1,
	389	hide => 1,
	390	get => sub {
	391	my ($attr) = @_;
	392	my $self = $attr->object;
	393	$self->_computeStartEmployment();
	394	},
	395	},
	396	startStrictEmployment => {
	397	formtype => 'DATETIME',
	398	ro => 1,
	399	},
	400	_startCurrentEmployment => {
	401	formtype => 'DATETIME',
	402	managed => 1,
	403	ro => 1,
	404	hide => 1,
	405	get => sub {
	406	my ($attr) = @_;
	407	my $self = $attr->object;
	408
	409	my $list_empl = $self->base->db->prepare_cached(q{
	410	SELECT * FROM employment WHERE "user" = ? and
	411	firstday <= now() and
	412	(lastday is null or lastday >= now() - '1 days'::interval)
	413	order by firstday asc
	414	});
	415	$list_empl->execute($self->id);
	416	my $start;
	417	while (my $res = $list_empl->fetchrow_hashref) {
	418	$start = DateTime->from_epoch(epoch => str2time($res->{firstday}));
	419	$start->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
	420	last;
	421	}
	422	$list_empl->finish;
	423
	424	return $start ? $start->iso8601 : undef
	425	},
	426	},
	427	startCurrentEmployment => {
	428	formtype => 'DATETIME',
	429	ro => 1,
	430	},
	431	_startFirstEmployment => {
	432	formtype => 'DATETIME',
	433	managed => 1,
	434	ro => 1,
	435	hide => 1,
	436	get => sub {
	437	my ($attr) = @_;
	438	my $self = $attr->object;
	439
	440	my $list_empl = $self->base->db->prepare_cached(q{
	441	SELECT * FROM employment WHERE "user" = ?
	442	order by firstday asc
	443	});
	444	$list_empl->execute($self->id);
	445	my $res = $list_empl->fetchrow_hashref;
	446	$list_empl->finish;
	447	my $start;
	448	if ($res && $res->{firstday}) {
	449	$start = DateTime->from_epoch(epoch => str2time($res->{firstday}));
	450	$start->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
	451	}
	452	return $start ? $start->iso8601 : undef
	453	},
	454	label => l('Start of any employment'),
	455	},
	456	startFirstEmployment => {
	457	formtype => 'DATETIME',
	458	ro => 1,
	459	label => l('Start of any employment'),
	460	},
[1623]	461	employmentLength => {
	462	ro => 1,
[2221]	463	auto => 1,
	464	},
	465	_employmentLength => {
	466	ro => 1,
[1623]	467	managed => 1,
[2221]	468	hide => 1,
[1623]	469	get => sub {
	470	my ($self) = @_;
	471	my $lastday = $self->object->get_attributes('endEmployment') \|\| DateTime->now->ymd('-');
	472	my $firstday = $self->object->get_attributes('startEmployment') or return;
	473
	474	my @fd = split('-', DateTime->from_epoch(epoch => str2time($firstday))->ymd('-'));
	475	my @ld = split('-', DateTime->from_epoch(epoch => str2time($lastday))->ymd('-'));
	476
	477	return Date::Calc::Delta_Days(@fd, @ld) +1;
	478	},
	479	label => l('Work duration'),
	480	},
	481	employmentLengthText => {
	482	ro => 1,
[2221]	483	auto => 1,
	484	},
	485	_employmentLengthText => {
	486	ro => 1,
[1623]	487	managed => 1,
[2221]	488	hide => 1,
[1623]	489	get => sub {
	490	my ($self) = @_;
	491	my $firstday = $self->object->get_attributes('startEmployment') or return;
	492	my $lastday = $self->object->get_attributes('endEmployment')\|\| DateTime->now->ymd('-');
	493	{
	494	my $dtlast = DateTime->from_epoch(epoch => str2time($lastday));
	495	$dtlast->add(days => 1);
	496	$lastday = $dtlast->ymd('-');
	497	}
	498
	499	my @fd = split('-', DateTime->from_epoch(epoch => str2time($firstday))->ymd('-'));
	500	my @ld = split('-', DateTime->from_epoch(epoch => str2time($lastday))->ymd('-'));
	501
	502	my ($Dy,$Dm,$Dd) = Date::Calc::N_Delta_YMD(@fd, @ld);
	503	return join(', ',
	504	($Dy ? l('%d years', $Dy) : ()),
	505	($Dm ? l('%d months', $Dm) : ()),
	506	($Dd ? l('%d days', $Dd) : ()),
	507	);
	508	},
	509	label => l('Work duration'),
	510	},
[1117]	511	cn => {
	512	inline => 1, ro => 1,
	513	get => sub {
	514	my ($self) = @_;
	515	return join(' ', grep { $_ }
	516	(
	517	$self->object->_get_c_field('givenName'),
	518	$self->object->_get_c_field('sn')
	519	)
	520	)
	521	\|\| $self->object->_get_c_field('description')
	522	\|\| $self->object->id;
	523	},
	524	},
[938]	525	memberOf => {
[1329]	526	reference => 'group',
[938]	527	multiple => 1, delayed => 1,
	528	get => sub {
	529	my ($self) = @_;
	530	my $obj = $self->object;
	531	my $sth = $obj->db->prepare_cached(
	532	q{
	533	select name from "group" join
	534	group_attributes on group_attributes.okey = "group".ikey
[1865]	535	where value = ? and attr = ? and internobject = false
[1353]	536	} . ($self->base->{wexported} ? '' : ' and "group".exported = true')
[938]	537	);
	538	$sth->execute($obj->id, 'memberUID');
	539	my @res;
	540	while (my $res = $sth->fetchrow_hashref) {
	541	push(@res, $res->{name});
	542	}
	543	return \@res;
[1315]	544	},
	545	set => sub {
	546	my ($self, $values) = @_;
	547	my %old = map { $_ => 'o' } @{ $self->get };
	548	foreach my $group (grep { $_ } ref $values ? @{ $values } : $values) {
	549	if ($old{$group}) {
	550	$old{$group} = undef; # no change
	551	} else {
	552	$old{$group} = 'n';
	553	}
	554	}
	555
	556	my $res = 0;
	557	foreach my $group (keys %old) {
	558	$old{$group} or next; # no change
	559
	560	my $ogroup = $self->base->get_object('group', $group) or next;
	561	($ogroup->_get_c_field('sutype') \|\| '') =~ /^(jobtype\|contrattype)$/ and next;
	562
	563	if ($old{$group} eq 'n') {
	564	$res += $ogroup->_addAttributeValue('memberUID', $self->object->id);
	565	} else {
	566	if (($self->object->_get_c_field('department') \|\| '') eq $ogroup->id) {
	567	$self->base->log(LA_WARN,
	568	"Don't removing user %s from group %s: is its department",
	569	$self->object->id, $ogroup->id);
	570	next;
	571	}
	572	$res += $ogroup->_delAttributeValue('memberUID', $self->object->id);
	573	}
	574	}
	575	return $res;
	576	},
[1550]	577	label => l('Member of'),
[938]	578	},
[1315]	579	forward => {
	580	managed => 1,
[1857]	581	multiple => 1,
[1315]	582	get => sub {
	583	my ($self) = @_;
	584	my $sth = $self->base->db->prepare(q{
[1865]	585	select forward from aliases where name = ? and internobject = false
[1315]	586	} . ($self->base->{wexported} ? '' : ' and exported = true'));
	587	$sth->execute($self->object->id);
	588	my $res = $sth->fetchrow_hashref;
	589	$sth->finish;
	590	return $res->{forward}
	591	},
	592	set => sub {
	593	my ($self, $data) = @_;
	594	if ($data) {
[1845]	595	my @datas = ref $data ? @$data : split(/\s,\s/, $data);
[1315]	596	if (my $f = $self->base->get_object('aliases', $self->object->id)) {
[1844]	597	return $f->_set_c_fields(
[1845]	598	forward => \@datas,
[1844]	599	comment => undef,
	600	description => 'Forward for user ' . $self->object->id,
	601	);
[1315]	602	} else {
	603	if ($self->base->_create_c_object(
	604	'aliases', $self->object->id,
[1845]	605	forward => \@datas,
[1315]	606	description => 'automatically created for ' . $self->object->id,
	607	)) {
	608	return 1;
	609	} else {
	610	$self->base->log(LA_ERR, "Cannot add forward for %s",
[1498]	611	$self->object->id);
[1315]	612	}
	613	}
[1666]	614	} elsif ($self->base->get_object('aliases', $self->object->id)) {
[1372]	615	if (my $res = $self->base->_delete_object('aliases', $self->object->id)) {
[1315]	616	return $res;
	617	} else {
	618	$self->base->log(LA_ERR, "Cannot remove forward for %s",
[1395]	619	$self->object->id);
[1315]	620	}
[1666]	621	} else {
	622	return 1;
[1315]	623	}
	624	return;
	625	},
[1550]	626	label => l('Forward'),
[1315]	627	},
[861]	628	aliases => {
[1385]	629	#reference => 'aliases',
[1418]	630	delayed => 1,
[861]	631	formtype => 'TEXT',
	632	multiple => 1,
[1315]	633	get => sub {
	634	my ($self) = @_;
	635	my $sth = $self->base->db->prepare(q{
[1865]	636	select name from aliases where internobject = false and lower($1) =
[1460]	637	lower(array_to_string("forward", ','))
[1315]	638	} . ($self->base->{wexported} ? '' : 'and exported = true'));
	639	$sth->execute($self->object->id);
	640	my @values;
	641	while (my $res = $sth->fetchrow_hashref) {
	642	push(@values, $res->{name});
	643	}
	644	return \@values;
	645	},
	646	set => sub {
	647	my ($self, $data) = @_;
[1418]	648
[1315]	649	my $res = 0;
	650	my %aliases = map { $_ => 1 } grep { $_ } (ref $data ? @{$data} : $data);
	651	foreach ($self->object->_get_attributes('aliases')) {
	652	$aliases{$_} \|\|= 0;
	653	$aliases{$_} +=2;
	654	}
	655	foreach (keys %aliases) {
	656	if ($aliases{$_} == 2) {
	657	if ($self->base->_delete_object('aliases', $_)) {
	658	$res++
	659	} else {
	660	$self->base->log(LA_ERR,
	661	"Cannot remove aliases %s from user %s", $_,
	662	$self->object->id);
	663	}
	664	} elsif ($aliases{$_} == 1) {
	665	if ($self->base->_create_c_object(
	666	'aliases', $_,
	667	forward => [ $self->object->id ],
	668	description => 'automatically created for ' . $self->object->id,
	669	)) {
	670	$res++
	671	} else {
	672	$self->base->log(LA_ERR, 'Cannot set forward %s to user %s',
	673	$_, $self->object->id);
	674	return;
	675	}
	676	} # 3 no change
	677	}
	678	$res
	679	},
[1550]	680	label => l('Aliases'),
[861]	681	},
	682	revaliases => {
	683	formtype => 'TEXT',
[1418]	684	get => sub {
	685	my ($self) = @_;
	686
	687	if (my $obj = $self->base->
	688	get_object('revaliases', $self->object->id)) {
	689	return $obj->get_attributes('as');
	690	} else {
	691	return;
	692	}
	693	},
[1315]	694	set => sub {
	695	my ($self, $data) = @_;
	696
	697	my $res = 0;
	698	if ($data) {
	699	if (my $obj = $self->base->
	700	get_object('revaliases', $self->object->id)) {
	701	my $ares = $obj->set_c_fields(
	702	'as' => $data,
[1404]	703	'exported' => ($self->object->get_attributes('exported') \|\| 0),
[1315]	704	);
	705	if (defined($ares)) {
	706	$res+=$ares;
	707	} else {
	708	$self->base->log(LA_ERR, 'Cannot set revaliases for user %s',
	709	$self->object->id);
	710	}
	711	} else {
	712	if ($self->base->_create_c_object(
	713	'revaliases',
	714	$self->object->id, as => $data,
[1392]	715	'exported' => ($self->object->get_attributes('exported') \|\| 0),
[1315]	716	description => 'automatically created for ' . $self->object->id,
	717	)) {
	718	$res++;
	719	} else {
	720	$self->base->log(LA_ERR, 'Cannot set revaliases for user %s',
	721	$self->object->id);
	722	}
	723	}
	724	} else {
	725	$self->base->_delete_object('revaliases', $self->object->id);
	726	$res++;
	727	}
	728
	729	$res
	730	},
[861]	731	},
	732	manager => {
[1365]	733	reference => 'user',
	734	ro => 1,
	735	get => sub {
	736	my ($self) = @_;
	737	if (my $manager = $self->object->_get_c_field('managerContact')) {
	738	return $manager;
	739	} elsif (my $department = $self->object->_get_c_field('department')) {
	740	my $obj = $self->base->get_object('group', $department);
	741	return $obj->_get_c_field('managedBy');
	742	} else {
	743	return;
	744	}
[861]	745	},
[1550]	746	label => l('Responsible'),
[861]	747	},
	748	department => {
	749	reference => 'group',
	750	can_values => sub {
	751	$base->search_objects('group', 'sutype=dpmt')
[1280]	752	},
[1297]	753	monitored => 1,
[1550]	754	label => l('Department'),
[861]	755	},
	756	contratType => {
	757	reference => 'group',
	758	can_values => sub {
	759	$base->search_objects('group', 'sutype=contrattype')
[1280]	760	},
[1297]	761	monitored => 1,
[1550]	762	label => l('Type of contract'),
[861]	763	},
	764	site => {
	765	reference => 'site',
	766	can_values => sub {
	767	$base->search_objects('site')
[1315]	768	},
	769	get => sub {
	770	my ($self) = @_;
[2265]	771	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	772	$self->base->get_object('address', $fmainaddress)
	773	->_get_c_field($self->name);
	774	} else {
	775	return;
	776	}
	777	},
	778	set => $subsetaddress,
[1550]	779	label => l('Site'),
[861]	780	},
[1315]	781	co => {
	782	get => sub {
	783	my ($self) = @_;
[2265]	784	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	785	$self->base->get_object('address', $fmainaddress)
	786	->_get_c_field($self->name);
	787	} else {
	788	return;
	789	}
	790	},
	791	set => $subsetaddress,
	792	},
	793	l => {
	794	get => sub {
	795	my ($self) = @_;
[2265]	796	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	797	$self->base->get_object('address', $fmainaddress)
	798	->_get_c_field($self->name);
	799	} else {
	800	return;
	801	}
	802	},
	803	set => $subsetaddress,
[1550]	804	label => l('City'),
[1315]	805	},
	806	postalCode => {
	807	get => sub {
	808	my ($self) = @_;
[2265]	809	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	810	$self->base->get_object('address', $fmainaddress)
	811	->_get_c_field($self->name);
	812	} else {
	813	return;
	814	}
	815	},
	816	set => $subsetaddress,
[1550]	817	label => l('Postal code'),
[1315]	818	},
	819	streetAddress => {
	820	formtype => 'TEXTAREA',
	821	get => sub {
	822	my ($self) = @_;
[2265]	823	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	824	$self->base->get_object('address', $fmainaddress)
	825	->_get_c_field($self->name);
	826	} else {
	827	return;
	828	}
	829	},
	830	set => $subsetaddress,
[1550]	831	label => l('Street'),
[1315]	832	},
	833	postOfficeBox => {
	834	get => sub {
	835	my ($self) = @_;
[2265]	836	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	837	$self->base->get_object('address', $fmainaddress)
	838	->_get_c_field($self->name);
	839	} else {
	840	return;
	841	}
	842	},
	843	set => $subsetaddress,
[1550]	844	label => l('Post office box'),
[1315]	845	},
	846	st => {
	847	get => sub {
	848	my ($self) = @_;
[2265]	849	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	850	$self->base->get_object('address', $fmainaddress)
	851	->_get_c_field($self->name);
	852	} else {
	853	return;
	854	}
	855	},
	856	set => $subsetaddress,
	857	},
	858	facsimileTelephoneNumber => {
	859	get => sub {
	860	my ($self) = @_;
[2265]	861	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	862	$self->base->get_object('address', $fmainaddress)
	863	->_get_c_field($self->name);
	864	} else {
	865	return;
	866	}
	867	},
	868	set => $subsetaddress,
[1550]	869	label => l('Fax number'),
[1315]	870	},
	871	o => {
	872	ro => 1,
	873	iname => 'company',
[1550]	874	label => l('Company'),
[1315]	875	},
[1550]	876	ou => {
	877	iname => 'department',
	878	ro => 1,
	879	label => l('Department'),
	880	},
[1315]	881	telephoneNumber => {
	882	get => sub {
	883	my ($self) = @_;
[2265]	884	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	885	$self->base->get_object('address', $fmainaddress)
	886	->_get_c_field($self->name);
	887	} else {
	888	return;
	889	}
	890	},
	891	set => $subsetaddress,
[1550]	892	label => l('Phone number'),
[1315]	893	},
	894	physicalDeliveryOfficeName => {
	895	get => sub {
	896	my ($self) = @_;
[2265]	897	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	898	$self->base->get_object('address', $fmainaddress)
	899	->_get_c_field($self->name);
	900	} else {
	901	return;
	902	}
	903	},
	904	set => $subsetaddress,
[1550]	905	label => l('Office'),
[1315]	906	},
[1557]	907	uid => {
	908	iname => 'name',
[1559]	909	ro => 1,
[1557]	910	label => l('Login'),
	911	},
[861]	912	cn => { iname => 'name', ro => 1 },
[938]	913	gecos => {
[2219]	914	ro => 1,
	915	auto => 1,
	916	},
	917	_gecos => {
[1570]	918	managed => 1,
[2219]	919	hide => 1,
[938]	920	ro => 1,
	921	get => sub {
	922	my ($self) = @_;
	923	my $obj = $self->object;
[1887]	924
[2228]	925	my $fmt = $self->base->config('gecosformat') \|\|
	926	'%{_displayName},%{l}-%{physicalDeliveryOfficeName},%{telephoneNumber},%{?endcircuit:%{endcircuit}}%{?!endcircuit:%{expireText}}';
[2219]	927	my $gecos = $obj->queryformat($fmt);
[938]	928	return to_ascii($gecos);
	929	},
[1550]	930	label => l('GECOS'),
[938]	931	},
[2219]	932	displayName => {
	933	ro => 1,
	934	auto => 1,
	935	},
	936	_displayName => {
[938]	937	ro => 1, managed => 1,
[2219]	938	hide => 1,
[938]	939	get => sub {
	940	my ($self) = @_;
	941	return join(' ', grep { $_ }
	942	(
	943	$self->object->_get_c_field('givenName'),
	944	$self->object->_get_c_field('sn')
	945	)
	946	)
	947	\|\| $self->object->_get_c_field('description')
[1075]	948	\|\| $self->object->id;
[938]	949	},
[1550]	950	label => l('Name'),
[938]	951	},
[2219]	952	sAMAccountName => {
	953	auto => 1,
	954	},
	955	_sAMAccountName => {
	956	ro => 1,
	957	hide => 1,
[2045]	958	managed => 1,
	959	iname => 'name',
[2047]	960	get => sub {
	961	my ($self) = @_;
	962	substr($self->object->id, 0, 19)
	963	},
[2045]	964	},
[938]	965	accountExpires => {
	966	ro => 1,
[2221]	967	auto => 1,
	968	},
	969	_accountExpires => {
	970	ro => 1,
[938]	971	managed => 1,
[2221]	972	hide => 1,
[938]	973	get => sub {
	974	my ($self) = @_;
	975	my $obj = $self->object;
	976	my $sth = $obj->db->prepare_cached(
	977	sprintf(
[2156]	978	q{select extract(epoch from %s) + 11644474161 as expire
[938]	979	from %s where %s = ?},
[2156]	980	$base->config('endCircuitdontExpire') ? 'expire' : 'COALESCE(endcircuit, expire)',
[1014]	981	$obj->db->quote_identifier($obj->_object_table),
	982	$obj->db->quote_identifier($obj->_key_field),
[938]	983	)
	984	);
	985	$sth->execute($obj->id);
	986	my $res = $sth->fetchrow_hashref;
	987	$sth->finish;
	988	return $res->{expire} ? sprintf("%.f", $res->{expire} * 1E7) : '9223372036854775807';
	989	}
	990	},
	991	shadowExpire => {
	992	ro => 1,
[2221]	993	auto => 1,
	994	},
	995	_shadowExpire => {
	996	ro => 1,
	997	hide => 1,
[938]	998	managed => 1,
	999	get => sub {
	1000	my ($self) = @_;
	1001	my $obj = $self->object;
	1002	my $sth = $obj->db->prepare_cached(
	1003	sprintf(
[2156]	1004	q{select justify_hours(%s - '1/1/1970'::timestamp) as expire
[938]	1005	from %s where %s = ?},
[2156]	1006	$base->config('endCircuitdontExpire') ? 'expire' : 'COALESCE(endcircuit, expire)',
[1014]	1007	$obj->db->quote_identifier($obj->_object_table),
	1008	$obj->db->quote_identifier($obj->_key_field),
[938]	1009	)
	1010	);
	1011	$sth->execute($obj->id);
	1012	my $res = $sth->fetchrow_hashref;
	1013	$sth->finish;
	1014	return -1 unless($res->{expire});
	1015	$res->{expire} =~ /(\d+) days\s*(\w)?/;
[1625]	1016	# Add one day is time is not 00H00
[938]	1017	return $1 + ($2 ? 1 : 0);
	1018	}
	1019	},
[861]	1020	directReports => {
[2262]	1021	auto => 1,
	1022	ro => 1,
	1023	},
	1024	_directReports => {
[861]	1025	reference => 'user',
	1026	ro => 1,
[2262]	1027	hide => 1,
[861]	1028	delayed => 1,
[938]	1029	get => sub {
	1030	my ($self) = @_;
	1031	my $obj = $self->object;
	1032	my $sth = $obj->db->prepare_cached(
	1033	q{
[1365]	1034	SELECT
	1035	"user".name FROM
	1036	public."user",
	1037	public.user_attributes_groups,
	1038	public.group_attributes_users,
	1039	public.group_attributes_base gb,
	1040	public."group"
	1041	WHERE
	1042	"user".ikey = user_attributes_groups.okey AND
	1043	user_attributes_groups.value = "group".name AND
	1044	group_attributes_users.okey = gb.okey AND
	1045	"group".ikey = group_attributes_users.okey AND
	1046	gb.attr = 'sutype' AND
	1047	gb.value = 'dpmt' AND
	1048	group_attributes_users.attr = 'managedBy' AND
	1049	group_attributes_users.value = ?
	1050	} . ($self->base->{wexported} ? '' : ' and "user".exported = true') . q{
	1051	and "user".ikey not in
	1052	(select okey from user_attributes_users
	1053	where attr = 'manager' and value != ? )
	1054	union
	1055	select "user".name FROM public."user",
	1056	user_attributes_users where
	1057	user_attributes_users.attr = 'manager' and user_attributes_users.value = ?
	1058	and "user".ikey = user_attributes_users.okey
	1059	} . ($self->base->{wexported} ? '' : ' and "user".exported = true')
[938]	1060	);
[1365]	1061	$sth->execute($obj->id, $obj->id, $obj->id);
[938]	1062	my @res;
	1063	while (my $res = $sth->fetchrow_hashref) {
	1064	push(@res, $res->{name});
	1065	}
	1066	return \@res;
	1067	},
[861]	1068	},
	1069	managedObjects => { ro => 1, reference => 'group', },
[1315]	1070	otheraddress => {
[2265]	1071	auto => 1,
	1072	multiple => 1,
	1073	reference => 'address',
	1074	},
	1075	_otheraddress => {
[1315]	1076	ro => 1,
[2264]	1077	multiple => 1,
[1315]	1078	reference => 'address',
	1079	get => sub {
	1080	my ($self) = @_;
	1081	my $sth = $self->base->db->prepare_cached(q{
	1082	select name from address left join address_attributes
	1083	on address.ikey = address_attributes.okey and
	1084	address_attributes.attr = 'isMainAddress'
	1085	where "user" = ?
[2139]	1086	} . ($self->base->{wexported} ? '' : ' and "address".exported = true') . q{
[1315]	1087	order by address_attributes.attr
[2139]	1088	} );
[1315]	1089	$sth->execute($self->object->id);
	1090	my @values;
	1091	while (my $res = $sth->fetchrow_hashref) {
	1092	push(@values, $res->{name});
	1093	}
	1094	return \@values;
	1095	},
	1096	},
[2265]	1097	mainaddress => {
	1098	auto => 1,
	1099	reference => 'address',
	1100	},
[2262]	1101	_mainaddress => {
	1102	hide => 1,
[1315]	1103	ro => 1,
	1104	reference => 'address',
	1105	get => sub {
	1106	my ($self) = @_;
	1107	my $sth = $self->base->db->prepare_cached(q{
	1108	select name from address join address_attributes on ikey = okey
	1109	where "user" = ? and attr = 'isMainAddress'
[2136]	1110	} . ($self->base->{wexported} ? '' : ' and "address".exported = true'));
[1315]	1111	$sth->execute($self->object->id);
	1112	my $res = $sth->fetchrow_hashref;
	1113	$sth->finish;
	1114	return $res->{name};
	1115	},
	1116	},
[2264]	1117	postalAddress => {
	1118	auto => 1,
	1119	},
[2262]	1120	_postalAddress => {
	1121	hide => 1,
[1315]	1122	ro => 1,
	1123	get => sub {
	1124	my ($self) = @_;
[2265]	1125	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
[1315]	1126	$self->base->get_object('address', $fmainaddress)
[2265]	1127	->_get_c_field('postalAddress');
[1315]	1128	} else {
	1129	return;
	1130	}
	1131	},
[1550]	1132	label => l('Postal Address'),
[1315]	1133	},
[1550]	1134	facsimileTelephoneNumber => {
	1135	ro => 1,
	1136	label => l('Fax number'),
	1137	},
[861]	1138	allsite => {
	1139	ro => 1,
	1140	reference => 'site',
	1141	},
	1142	managerContact => {
[1365]	1143	delayed => 1,
	1144	can_values => sub {
	1145	my %uniq = map { $_ => 1 } grep { $_ }
[1912]	1146	(($_[1] ? $_[1]->get_attributes('managerContact') : ()),
	1147	$base->search_objects('user', 'active=1'));
[1365]	1148	sort keys %uniq;
	1149	},
[861]	1150	reference => 'user',
[1365]	1151	monitored => 1,
	1152	iname => 'manager',
[1550]	1153	label => l('Manager'),
[861]	1154	},
[1887]	1155	expireTextEC => {
[938]	1156	ro => 1,
[2221]	1157	auto => 1,
	1158	},
	1159	_expireTextEC => {
	1160	ro => 1,
[1887]	1161	managed => 1,
[2221]	1162	hide => 1,
[938]	1163	get => sub {
	1164	my ($self) = @_;
	1165	my $obj = $self->object;
	1166	my $sth = $obj->db->prepare_cached(
	1167	sprintf(
[2156]	1168	q{select to_char(%s, 'YYYY/MM/DD') as expire
[938]	1169	from %s where %s = ?},
[2156]	1170	$base->config('endCircuitdontExpire') ? 'expire' : 'COALESCE(endcircuit, expire)',
[1014]	1171	$obj->db->quote_identifier($obj->_object_table),
	1172	$obj->db->quote_identifier($obj->_key_field),
[938]	1173	)
	1174	);
[1401]	1175	$sth->execute($obj->id) or $obj->db->rollback;
[938]	1176	my $res = $sth->fetchrow_hashref;
	1177	$sth->finish;
	1178	return $res->{expire}
	1179	},
	1180	},
[1887]	1181	expireText => {
	1182	ro => 1,
[2221]	1183	auto => 1,
	1184	},
	1185	_expireText => {
	1186	ro => 1,
	1187	hide => 1,
[1887]	1188	managed => 1,
	1189	get => sub {
	1190	my ($self) = @_;
	1191	my $obj = $self->object;
	1192	my $sth = $obj->db->prepare_cached(
	1193	sprintf(
	1194	q{select to_char(expire, 'YYYY/MM/DD') as expire
	1195	from %s where %s = ?},
	1196	$obj->db->quote_identifier($obj->_object_table),
	1197	$obj->db->quote_identifier($obj->_key_field),
	1198	)
	1199	);
	1200	$sth->execute($obj->id) or $obj->db->rollback;
	1201	my $res = $sth->fetchrow_hashref;
	1202	$sth->finish;
	1203	return $res->{expire}
	1204	},
	1205	},
[1315]	1206	krb5ValidEnd => {
	1207	ro => 1,
[2221]	1208	auto => 1,
	1209	},
	1210	_krb5ValidEnd => {
	1211	ro => 1,
[1315]	1212	managed => 1,
[2221]	1213	hide => 1,
[1315]	1214	get => sub {
	1215	my ($self) = @_;
	1216	my $sth = $self->object->db->prepare_cached(
	1217	sprintf(
[1348]	1218	q{select date_part('epoch', COALESCE(endcircuit, expire))::int as expire
[1315]	1219	from %s where %s = ?},
	1220	$self->object->db->quote_identifier($self->object->_object_table),
	1221	$self->object->db->quote_identifier($self->object->_key_field),
	1222	)
	1223	);
[1401]	1224	$sth->execute($self->object->id) or $self->object->db->rollback;
[1315]	1225	my $res = $sth->fetchrow_hashref;
	1226	$sth->finish;
	1227	return $res->{expire}
	1228	},
	1229	},
[861]	1230	cells => {
	1231	ro => 1,
	1232	reference => 'group',
	1233	},
	1234	departments => {
	1235	reference => 'group',
	1236	delayed => 1,
	1237	ro => 1,
[1550]	1238	label => l('Departments'),
[861]	1239	},
	1240	arrivalDate => { },
[1550]	1241	expired => {
[1551]	1242	ro => 1,
[1550]	1243	label => l('Expired'),
	1244	},
	1245	active => {
[1551]	1246	ro => 1,
[1550]	1247	label => l('Active'),
	1248	},
[1796]	1249	status => {
	1250	ro => 1,
	1251	label => l('Statut du compte'),
	1252	},
[938]	1253	pwdAccountLockedTime => {
[2221]	1254	auto => 1,
	1255	ro => 1,
	1256	},
	1257	_pwdAccountLockedTime => {
[938]	1258	managed => 1,
	1259	ro => 1,
[2221]	1260	hide => 1,
[938]	1261	get => sub {
	1262	my ($self) = @_;
	1263	my $obj = $self->object;
	1264	if ($obj->_get_c_field('locked')) {
	1265	return '000001010000Z';
	1266	} else {
	1267	my $sth = $obj->db->prepare_cached(
	1268	sprintf(
[2156]	1269	q{select to_char(%s AT TIME ZONE 'Z', 'YYYYMMDDHH24MISSZ') as expire
[938]	1270	from %s where %s = ? and expire < now()},
[2156]	1271	$base->config('endCircuitdontExpire') ? 'expire' : 'COALESCE(endcircuit, expire)',
[1014]	1272	$obj->db->quote_identifier($obj->_object_table),
	1273	$obj->db->quote_identifier($obj->_key_field),
[938]	1274	)
	1275	);
	1276	$sth->execute($obj->id);
	1277	my $res = $sth->fetchrow_hashref;
	1278	$sth->finish;
	1279	return $res->{expire}
	1280	}
	1281	},
	1282	},
[933]	1283	userPassword => { readable => 0, },
[1550]	1284	wWWHomePage => {
	1285	label => l('Web Page'),
[1953]	1286	formopts => { length => 35 },
[1550]	1287	},
[1315]	1288	title => { },
[1550]	1289	snNative => {
	1290	label => l('Native name'),
	1291	},
	1292	givenNameNative => {
	1293	label => l('Native first name'),
	1294	},
	1295	sn => {
	1296	label => l('Name'),
	1297	},
[1315]	1298	shadowWarning => { },
	1299	shadowMin => { },
	1300	shadowMax => { },
	1301	shadowLastChange => { },
	1302	shadowInactive => { },
	1303	shadowFlag => { },
	1304	otherTelephone => { },
[1557]	1305	nickname => {
	1306	label => l('Nickname'),
	1307	},
[1315]	1308	mobile => { },
[1550]	1309	mail => {
	1310	label => l('Email'),
	1311	},
[1847]	1312	otherEmail => {
	1313	label => l('External mail'),
[1842]	1314	},
[1315]	1315	labeledURI => { },
	1316	jobType => { },
	1317	ipPhone => { },
[1550]	1318	initials => {
	1319	label => l('Initials'),
[2049]	1320	checkinput => sub {
	1321	$_[0] or return;
	1322	return(length($_[0]) <= 6)
	1323	}
[1550]	1324	},
[1315]	1325	homePhone => { },
[1550]	1326	homeDirectory => {
	1327	label => l('Home directory'),
	1328	},
[1557]	1329	halReference => {
	1330	label => l('HAL id'),
	1331	},
[1315]	1332	grade => { },
[1550]	1333	givenName => {
[1551]	1334	label => l('First name'),
[1550]	1335	},
[1315]	1336	encryptedPassword => { },
[1550]	1337	description => {
	1338	label => l('Description'),
	1339	},
	1340	company => {
	1341	label => l('Company'),
	1342	},
[1860]	1343	employer => {
	1344	label => l('Employer'),
	1345	},
[1550]	1346	comment => {
	1347	label => l('Comment'),
	1348	},
[1315]	1349	college => { },
[1366]	1350	passwordLastSet => {
	1351	ro => 1,
[1550]	1352	label => l('Password set'),
[1366]	1353	},
[1752]	1354	oldPassword => {
	1355	multiple => 1,
	1356	},
	1357	bannedPassword => {
	1358	multiple => 1,
	1359	},
[1953]	1360	sshPublicKey => {
	1361	multiple => 1,
	1362	formopts => { length => 45 },
	1363	},
[2189]	1364	sshPublicKeyFilter => {
	1365	multiple => 1,
	1366	formopts => { length => 45 },
	1367	},
[2193]	1368	delUnknownSshKey => {
	1369	formtype => 'CHECKBOX',
	1370	},
[2189]	1371	_authorizedKeys => {
	1372	multiple => 1,
	1373	ro => 1,
	1374	managed => 1,
	1375	hide => 1,
	1376	get => sub {
	1377	my ($attr) = @_;
	1378	my $self = $attr->object;
	1379
	1380	my @keys = $self->_get_attributes('sshPublicKey');
	1381
	1382	my @filters = $self->_get_attributes('sshPublicKeyFilter');
[2199]	1383	my $delUnknownSshKey = $self->_get_attributes('delUnknownSshKey');
[2189]	1384
[2192]	1385	my %users = ( $self->id => 1 );
	1386
[2189]	1387	if (@filters) {
	1388	foreach my $user ($self->base->search_objects('user', @filters, 'oalias=NULL')) {
	1389	my $ouser = $self->base->get_object('user', $user) or next;
[2192]	1390	$users{ $user } and next;
	1391	$users{ $user } = 1;
[2189]	1392	push(@keys, $ouser->_get_attributes('sshPublicKey'));
	1393	}
	1394	}
	1395
[2199]	1396	return @keys
	1397	? \@keys
	1398	: (@filters \|\| $delUnknownSshKey
	1399	? [ '# No key (' . DateTime->now->iso8601 . ')' ]
	1400	: undef);
[2189]	1401	},
	1402	},
	1403	authorizedKeys => {
	1404	multiple => 1,
	1405	ro => 1,
	1406	},
[1489]	1407	currentEmployment => {
	1408	managed => 1,
	1409	ro => 1,
	1410	reference => 'employment',
	1411	get => sub {
	1412	my ($attr) = @_;
	1413	my $self = $attr->object;
	1414
[2030]	1415	my $now = DateTime->now()->iso8601 . 'Z';
[2028]	1416
[1489]	1417	my $sth = $self->base->db->prepare_cached(
	1418	q{
[2028]	1419	select name from employment where firstday <= ?::timestamp and
	1420	(lastday is null or lastday >= ?::timestamp - '1 days'::interval) and "user" = ?
[1489]	1421	limit 1
	1422	}
	1423	);
[2028]	1424	$sth->execute($now, $now, $self->id);
[1498]	1425	my $res = $sth->fetchrow_hashref;
	1426	$sth->finish;
	1427	if ($res) {
[1489]	1428	return $res->{name}
	1429	} else {
	1430	return;
	1431	}
[1551]	1432	},
[1489]	1433	},
[1524]	1434	nextEmployment => {
	1435	managed => 1,
	1436	ro => 1,
	1437	reference => 'employment',
	1438	get => sub {
	1439	my ($attr) = @_;
	1440	my $self = $attr->object;
	1441
[2030]	1442	my $now = DateTime->now()->iso8601 . 'Z';
[2028]	1443
[1524]	1444	my $sth = $self->base->db->prepare_cached(
	1445	q{
[2031]	1446	select name from employment where firstday > ?::timestamp and "user" = ?
[1645]	1447	order by firstday asc
[1524]	1448	limit 1
	1449	}
	1450	);
[2028]	1451	$sth->execute($now, $self->id);
[1524]	1452	my $res = $sth->fetchrow_hashref;
	1453	$sth->finish;
	1454	if ($res) {
	1455	return $res->{name}
	1456	} else {
	1457	return;
	1458	}
	1459	}
	1460	},
[2146]	1461	activeEmployment => {
	1462	managed => 1,
	1463	ro => 1,
	1464	reference => 'employment',
	1465	multiple => 1,
	1466	get => sub {
	1467	my ($attr) = @_;
	1468	my $self = $attr->object;
	1469
	1470	my $now = DateTime->now()->iso8601 . 'Z';
	1471
	1472	my $sth = $self->base->db->prepare_cached(
	1473	q{
	1474	select name from employment where (lastday > ?::timestamp or lastday IS NULL) and "user" = ?
	1475	order by firstday asc
	1476	limit 1
	1477	}
	1478	);
	1479	$sth->execute($now, $self->id);
	1480	my @Res;
	1481	while (my $res = $sth->fetchrow_hashref) {
	1482	push(@Res, $res->{name});
	1483	}
	1484
	1485	return \@Res;
	1486	}
	1487	},
[1645]	1488	prevEmployment => {
	1489	managed => 1,
	1490	ro => 1,
	1491	reference => 'employment',
	1492	get => sub {
	1493	my ($attr) = @_;
	1494	my $self = $attr->object;
	1495
[2030]	1496	my $now = DateTime->now()->iso8601 . 'Z';
[2028]	1497
[1645]	1498	my $sth = $self->base->db->prepare_cached(
	1499	q{
	1500	select name from employment where
[2031]	1501	(lastday is not null and lastday <= ?::timestamp - '1 days'::interval) and "user" = ?
[1645]	1502	order by firstday desc
	1503	limit 1
	1504	}
	1505	);
[2028]	1506	$sth->execute($now, $self->id);
[1645]	1507	my $res = $sth->fetchrow_hashref;
	1508	$sth->finish;
	1509	if ($res) {
	1510	return $res->{name}
	1511	} else {
	1512	return;
	1513	}
	1514	}
	1515	},
[1500]	1516	appliedEmployement => {
[1566]	1517	hide => 1,
[1500]	1518	reference => 'employment',
	1519	},
[1854]	1520	contratTypeHistory => {
	1521	reference => 'group',
	1522	can_values => sub {
	1523	$base->search_objects('group', 'sutype=contrattype')
	1524	},
	1525	multiple => 1,
	1526	},
[1856]	1527	employmentHistory => {
	1528	reference => 'employment',
	1529	multiple => 1,
	1530	ro => 1,
	1531	},
[1589]	1532	hosted => {
	1533	formtype => 'CHECKBOX',
	1534	label => l('Hosted'),
	1535	},
[2147]	1536	assigned => {
	1537	formtype => 'CHECKBOX',
	1538	label => l('Assigned'),
	1539	},
[2114]	1540	createRequestId => {
	1541	label => l('Account Request id')
[2116]	1542	},
[2114]	1543	requestId => {
[2147]	1544	label => l('Request id'),
	1545	},
	1546	nationality => {
	1547	label => l('Nationality'),
	1548	},
	1549	nativeCountry => {
	1550	label => l('Native country'),
	1551	},
[2196]	1552	firstAidTrainingValidity => {
	1553	formtype => 'DATE',
	1554	label => l('ValiditÃ© formation SST'),
	1555	},
[1524]	1556	};
	1557
[1577]	1558	my $employmentro = sub {
	1559	my $setting = $base->config('employment_lock_user') \|\| 'any';
[1524]	1560
[1577]	1561	for ($setting) {
	1562	/^always$/ and return 1;
	1563	/^never$/ and return 0;
[1524]	1564
[1865]	1565	$_[0] or return 0;
[1524]	1566
[1577]	1567	/^any$/i and return $_[0]->listEmployment ? 1 : 0;
	1568	/^active/i and do {
	1569	return $_[0]->_get_c_field('currentEmployment')
	1570	? 1
	1571	: $_[0]->_get_c_field('nextEmployment') ? 1 : 0;
	1572	};
	1573	/(\S+)=(\S+)/ and do {
	1574	my $attr = $_[0]->_get_c_field($1);
	1575	if (defined($attr)) {
	1576	if ($2 eq '*') {
	1577	return 1;
	1578	} elsif($2 eq $attr) {
	1579	return 1;
[1524]	1580	} else {
	1581	return 0;
	1582	}
[1577]	1583	} else {
	1584	return 0;
	1585	}
	1586	};
	1587	}
	1588	return $_[0]->listEmployment ? 1 : 0; # default is any!
	1589	};
	1590
[2147]	1591	foreach (_reported_atributes(), qw(department managerContact contratTypeHistory)) {
[1577]	1592	$attrs->{$_}{ro} = $employmentro;
[1524]	1593	}
	1594
[1577]	1595	$attrs->{expire}{ro} = sub {
	1596	my $expireOn = $base->config('expireOn') \|\| '';
	1597	if ($expireOn eq 'never') {
	1598	return 0;
	1599	}
	1600
	1601	$employmentro->($_[0]);
	1602	};
	1603
[1524]	1604	$class->SUPER::_get_attr_schema($base, $attrs)
[95]	1605	}
	1606
[1865]	1607	sub CreateAlias {
	1608	my ($class, $base, $name, $for) = @_;
	1609
	1610	my $stAddAlias = $base->db->prepare_cached(
[1907]	1611	q{INSERT INTO "user" (name, uidnumber, gidnumber, oalias, oaliascache) values
	1612	(?, -nextval('ikey_seq'), ?, ?, ?)}
[1865]	1613	);
	1614
[1910]	1615	my $ref = $base->_derefObject($class->type, $for);
	1616	my $res = $stAddAlias->execute($name, -1, $for, $ref ? $ref->id : undef);
[1865]	1617	return $res ? 1 : 0;
	1618	}
	1619
[861]	1620	sub _get_state {
	1621	my ($self, $state) = @_;
	1622	for ($state) {
	1623	/^expired$/ and do {
	1624	my $attribute = $self->attribute('expire');
	1625	$attribute->check_acl('r') or return;
	1626	my $sth = $self->db->prepare_cached(
	1627	q{ select coalesce(expire < now(), false) as exp from "user"
	1628	where "user".name = ?}
	1629	);
	1630	$sth->execute($self->id);
	1631	my $res = $sth->fetchrow_hashref;
	1632	$sth->finish;
	1633	return $res->{exp} ? 1 : 0;
	1634	};
	1635	}
	1636	}
	1637
[1628]	1638	sub set_fields {
	1639	my ($self, %data) = @_;
	1640
	1641	my $old;
	1642	if (exists($data{department})) {
	1643	$old = $self->_get_attributes('department');
	1644	}
[1941]	1645
[1628]	1646	if (($data{department} \|\| '') eq ($old \|\| '')) {
	1647	# We do not remove the group, there is no change
	1648	$old = undef;
	1649	}
	1650
[1941]	1651	if ($old) {
	1652	# If the department is no longer a department
	1653	# we do nothing
	1654	my @names = $self->base->search_objects('group', 'name=' . $old, 'sutype=dpmt');
	1655	if (! @names) {
	1656	$old = undef;
	1657	}
	1658	}
	1659
[1628]	1660	my $res = $self->SUPER::set_fields(%data) or return;
	1661
	1662	if ($self->base->config('remove_old_dpmt') && $old) {
	1663	$self->base->log(LA_DEBUG,
	1664	"Removing %s from group %s (department change to %s)",
	1665	$self->id,
	1666	$old,
	1667	$data{department} \|\| '');
	1668	$self->_delAttributeValue('memberOf', $old) or return;
	1669	$res++;
	1670	}
	1671
	1672	$res
	1673	}
	1674
[1498]	1675	=head2 listEmployment
	1676
	1677	Return the ordered list of contract
	1678
	1679	=cut
	1680
	1681	sub listEmployment {
	1682	my ($self) = @_;
	1683
	1684	my $sth = $self->base->db->prepare_cached(
	1685	q{
	1686	select name from employment where "user" = ?
	1687	order by lastday desc NULLS first
	1688	}
	1689	);
	1690	$sth->execute($self->id);
	1691	my @list = ();
	1692	while (my $res = $sth->fetchrow_hashref) {
	1693	push(@list, $res->{name});
	1694	}
	1695
	1696	@list
	1697	}
	1698
[2147]	1699	sub _reported_atributes { qw(contratType endcircuit hosted assigned requestId company employer) }
[1945]	1700
	1701	=head2 applyCurrentEmployment
	1702
	1703	Search the current employment is any and apply paramter to user
	1704
	1705	=cut
	1706
	1707	sub applyCurrentEmployment {
	1708	my ($self) = @_;
	1709
[1950]	1710	# Get current employment name
[1947]	1711	my $currentempl = $self->get_attributes('currentEmployment') \|\| '';
[1945]	1712
	1713	$self->base->log(
	1714	LA_DEBUG,
	1715	"Applying Employement %s to user %s",
[1947]	1716	$currentempl \|\| '(none)',
[1945]	1717	$self->id
	1718	);
	1719
[1947]	1720	if (my $currentemployment = $self->base->get_object('employment', $currentempl)) {
[1950]	1721
	1722	# If an employement apply we set the value to the user object
	1723
[1947]	1724	$self->computeEmploymentDate;
[1945]	1725
[1947]	1726	my %attrsets = (
	1727	appliedEmployement => $currentemployment->id,
	1728	);
	1729	foreach my $attr (_reported_atributes(), qw(department managerContact)) {
	1730	my $uval = $self->get_attributes($attr) \|\| '';
	1731	my $cval = $currentemployment->get_attributes($attr) \|\| '';
[1945]	1732
[2074]	1733	if ($attr eq 'managerContact') {
	1734	if (!$cval) {
	1735	my $dpmt = $currentemployment->get_attributes('department') or last;
	1736	my $odmpt = $currentemployment->base->get_object('group', $dpmt) or last;
	1737	$cval = $odmpt->get_attributes('managedBy');
[1945]	1738	}
	1739	}
	1740
[1947]	1741	if ($uval ne $cval) {
[1948]	1742	my $oattr = $currentemployment->base->attribute('user', $attr);
[1947]	1743	$attrsets{$oattr->iname} = $cval;
	1744	}
[1945]	1745	}
	1746
[1947]	1747	if (keys %attrsets) {
	1748	if (my $res = $self->set_fields(%attrsets)) {
	1749	$self->ReportChange('Update', 'Attr %s updated to match Employment %s', join(', ', sort keys %attrsets), $currentemployment->id);
	1750	return $res;
	1751	}
	1752	} else {
	1753	return 1;
[1945]	1754	}
	1755	} else {
[1950]	1756	# No current employment, resetting values:
	1757
[1947]	1758	return $self->_resetEmployment;
[1945]	1759	}
[1947]	1760
[1945]	1761	}
	1762
[1950]	1763	# Reset attribute value set by employment
[1964]	1764	# except managerContact and expire
[1950]	1765
[1945]	1766	sub _resetEmployment {
	1767	my ($self) = @_;
	1768
	1769	$self->computeEmploymentDate;
	1770
	1771	my %changes = (
	1772	appliedEmployement => undef,
	1773	);
	1774
[2147]	1775	my @attributesToReset = (_reported_atributes(), qw(department));
[1945]	1776
	1777	foreach my $attr (@attributesToReset) {
	1778	my $default = $self->base->config("unemployment.$attr") \|\| '';
	1779	my $old = $self->_get_attributes($attr) \|\| '';
[2075]	1780
[1945]	1781	if ($old ne $default) {
	1782	$changes{$attr} = $default \|\| undef;
	1783	}
	1784	}
[2070]	1785
	1786	if(!$self->get_attributes('managerContact')) {
	1787	if (my $next = $self->_get_attributes('nextEmployment')) {
	1788	my $onext = $self->base->get_object('employment', $next);
	1789	$changes{'manager'} = $onext->_get_attributes('managerContact');
	1790	}
	1791	}
	1792
[2144]	1793	# Managing expire:
	1794	# If we found next status apply, keep it for expiration
	1795	# Otherwise we reset to previous end of status
	1796
	1797	if (my $expire = $self->_computeEndEmployment($self->base->config('employment_delay') \|\| 0)) {
	1798	$changes{ 'expire' } = $expire;
[2158]	1799	} elsif (my $prevEmployment = $self->_get_attributes('prevEmployment')) {
	1800	my $oprev = $self->base->get_object('employment', $prevEmployment);
[2155]	1801	$changes{ 'expire' } = $oprev->_get_attributes('lastday');
	1802	} elsif (($self->base->config('unemployed_expire') \|\|'') ne 'no') {
	1803	if (my $def = $self->base->{defattr}{'user.expire'}) {
	1804	$changes{ 'expire' } = $def;
	1805	}
[2144]	1806	}
	1807
[2155]	1808
[1949]	1809	if (%changes) {
	1810	if ($self->set_fields(%changes)) {
	1811	$self->base->log(LA_NOTICE, "Updating user %s to match unemployment", $self->id);
	1812	$self->ReportChange('Update', 'Update %s to match unemployment', join(', ', sort keys %changes));
	1813	return 1;
	1814	} else {
	1815	return 0;
	1816	}
	1817	} else {
[1945]	1818	return 1;
	1819	}
	1820
	1821	}
	1822
[1636]	1823	=head2 computeEmploymentDate
	1824
	1825	Compute and copy to user start and end employment date
	1826
	1827	=cut
	1828
	1829	sub computeEmploymentDate {
	1830	my ($self) = @_;
	1831
	1832	my $currentemployment = $self->get_attributes('currentEmployment') \|\| '';
	1833
[1649]	1834	my $expire = str2time($self->_get_attributes('expire') \|\| '1970-01-01T00:00:00');
[1636]	1835
	1836	my %changes;
	1837	my @employmentDate = qw(
	1838	endEmployment endStrictEmployment endCurrentEmployment endLastEmployment
	1839	startEmployment startStrictEmployment startCurrentEmployment startFirstEmployment
[1748]	1840	arrival departure
[1636]	1841	);
	1842	foreach (@employmentDate) {
	1843	my $old = $self->_get_attributes($_) \|\| '';
	1844	my $new = $self->_get_attributes("_$_") \|\| '';
	1845	if ($old ne $new) {
	1846	$changes{$_} = $new \|\| undef;
	1847	}
	1848	}
	1849
	1850	# If there is no current employment we try to find any to not let expire
	1851	# unset
	1852
	1853	my $expireOn = $self->base->config('expireOn') \|\| '';
	1854	if (!grep { $_ eq $expireOn } (@employmentDate, '', 'never')) {
	1855	$self->base->log(LA_ERR, "expireOn set to invalid parameter %s, using endEmployment instead", $expireOn);
	1856	$expireOn = undef;
	1857	}
	1858	$expireOn \|\|= 'endEmployment';
	1859
[1647]	1860	# We check if matching start exists to know if using end* for expiration is
	1861	# safe, even undef
	1862	my %end2start = (
	1863	endEmployment => 'startEmployment',
	1864	endStrictEmployment => 'startStrictEmployment',
	1865	endCurrentEmployment => 'startCurrentEmployment',
	1866	endLastEmployment => 'startFirstEmployment',
	1867	);
	1868
[1921]	1869	# TODO rework this, working code but bloat
[1636]	1870	if ($expireOn ne 'never') {
[1748]	1871	my $endemploy = '';
[1649]	1872	if ($self->_get_attributes("_$end2start{$expireOn}")) {
[1836]	1873	$endemploy = $self->_get_attributes("_$expireOn") \|\| '';
	1874	$endemploy \|\|= 'UNCHANGED' unless($currentemployment);
[1649]	1875	} elsif (($self->base->config('unemployed_expire') \|\|'') eq 'no') {
[1748]	1876	$endemploy = '';
[1649]	1877	} else {
[1921]	1878	# No expiration date apply, don't touch
	1879	$endemploy = 'UNCHANGED';
[1649]	1880	}
[1636]	1881
[1649]	1882	if ($endemploy ne 'UNCHANGED') {
	1883	my $nextexpire = str2time( $endemploy \|\| '1970-01-01T00:00:00' );
[1636]	1884
[1649]	1885	if ($expire != $nextexpire) {
	1886	$changes{expire} = $endemploy;
	1887	}
[1636]	1888	}
	1889	}
	1890
	1891	if (keys %changes) {
[1922]	1892	$self->base->log(LA_DEBUG, 'Applying employment state to user %s for field %s', $self->id, join(', ', keys %changes));
[1636]	1893	$self->ReportChange('Update', 'Update %s to match employment', join(', ', sort keys %changes));
[1922]	1894	if (exists($changes{expire})) {
	1895	$self->ReportChange('Update', 'Expire update to %s to match employment', ($changes{expire} \|\| '(none)'));
	1896	$self->base->log(LA_DEBUG, 'New expiration is %s for user %s', ($changes{expire} \|\| '(none)'), $self->id);
	1897	}
[1636]	1898	$self->set_fields(%changes);
[1922]	1899	} else {
	1900	$self->base->log(LA_DEBUG, 'No employment change for user %s', $self->id);
[1636]	1901	}
	1902
[1854]	1903	$self->_computeEmploymentHistory();
	1904
[1636]	1905	return 1;
	1906	}
	1907
[1590]	1908	sub _computeStartEmployment {
[1757]	1909	my ($self, $delay, $any, $workday) = @_;
[1590]	1910
[1623]	1911	$delay \|\|= 0;
[1750]	1912	my $start;
	1913	my $nstart;
[1623]	1914
[1750]	1915	if (my $next = $self->_get_attributes('nextEmployment')) {
	1916	my $onext = $self->base->get_object('employment', $next);
	1917	$nstart = DateTime->from_epoch(epoch => str2time($onext->_get_attributes('firstday')));
	1918	$nstart->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
	1919	}
	1920
[1590]	1921	my $list_empl = $self->base->db->prepare_cached(q{
[1734]	1922	SELECT *, (lastday is null or lastday >= now() - '1days'::interval) as "current" FROM employment
[1645]	1923	WHERE "user" = ? and firstday < now()
[1590]	1924	order by firstday desc
	1925	});
	1926	$list_empl->execute($self->id);
[1750]	1927
	1928	while (my $res = $list_empl->fetchrow_hashref) {
	1929	if ($res->{current}) {
	1930	} elsif ($nstart) {
[1590]	1931	my $prevend = DateTime->from_epoch(epoch => str2time($res->{lastday}));
[1623]	1932	$prevend->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
[1750]	1933	my $tstart = $nstart->clone;
[1623]	1934	$tstart->subtract(days => $delay + 1);
[1590]	1935	if ($tstart->ymd gt $prevend->ymd) {
	1936	last;
	1937	}
[1751]	1938	} elsif ((!$res->{current}) && (!$any)) {
[1748]	1939	last;
[1590]	1940	}
[1750]	1941	$nstart = DateTime->from_epoch(epoch => str2time($res->{firstday}));
	1942	$nstart->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
	1943	$start = $nstart->clone;
[1590]	1944	}
	1945	$list_empl->finish;
	1946
[1750]	1947	$start \|\|= $nstart if ($any);
[1748]	1948
[1757]	1949	if ($start) {
	1950	if ($workday) {
	1951	my $day_of_week = $start->day_of_week;
	1952	$start->add(days =>
	1953	$day_of_week == 6 ? 2 :
	1954	$day_of_week == 7 ? 1 : 0
	1955	);
	1956	}
	1957	}
	1958
[1590]	1959	return $start ? $start->iso8601 : undef
	1960	}
	1961
[1526]	1962	sub _computeEndEmployment {
[2141]	1963	my ($self, $delay, $any, $workday) = @_;
[1522]	1964
[1623]	1965	$delay \|\|= 0;
[1750]	1966	my $end;
	1967	my $pend;
[1623]	1968
[1750]	1969	if (my $prev = $self->_get_attributes('prevEmployment')) {
	1970	my $oprev = $self->base->get_object('employment', $prev);
	1971	$pend = DateTime->from_epoch(epoch => str2time($oprev->_get_attributes('lastday')));
	1972	$pend->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
[1751]	1973	$pend->add(hours => 23, minutes => 59, seconds => 59);
[1750]	1974	}
	1975
[1522]	1976	my $list_empl = $self->base->db->prepare_cached(q{
[1590]	1977	SELECT *, firstday <= now() as "current" FROM employment WHERE "user" = ? and
	1978	(lastday is null or lastday >= now() - '1 days'::interval)
[1522]	1979	order by firstday asc
	1980	});
	1981	$list_empl->execute($self->id);
[1827]	1982	while (my $res = $list_empl->fetchrow_hashref) {
[1522]	1983	if (!$res->{lastday}) {
	1984	# Ultimate employment.
	1985	$list_empl->finish;
	1986	return undef;
	1987	}
[1750]	1988	if ($res->{current}) {
[1751]	1989	} elsif ($end) {
[1522]	1990	my $nextstart = DateTime->from_epoch(epoch => str2time($res->{firstday}));
[1623]	1991	$nextstart->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
[1751]	1992	my $tend = $end->clone;
[1623]	1993	$tend->add(days => $delay + 1);
[1522]	1994	if ($tend->ymd lt $nextstart->ymd) {
	1995	last;
	1996	}
[1827]	1997	} elsif ($pend) {
	1998	my $nextstart = DateTime->from_epoch(epoch => str2time($res->{firstday}));
	1999	$nextstart->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
	2000	my $tend = $pend->clone;
	2001	$tend->add(days => $delay + 1);
	2002	if ($tend->ymd lt $nextstart->ymd) {
	2003	last;
	2004	}
	2005	$end = $tend
[2141]	2006	} elsif ((!$res->{current}) && (!$any)) {
	2007	last;
[1522]	2008	}
[1751]	2009	$end = DateTime->from_epoch(epoch => str2time($res->{lastday}));
	2010	$end->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
	2011	$end->add(hours => 23, minutes => 59, seconds => 59);
[1522]	2012	}
	2013	$list_empl->finish;
	2014
[2141]	2015	$end \|\|= $pend if($any);
	2016
[1757]	2017	if ($end) {
	2018	if ($workday) {
	2019	my $day_of_week = $end->day_of_week;
	2020	$end->subtract(days =>
	2021	$day_of_week == 7 ? 2 :
	2022	$day_of_week == 6 ? 1 : 0
	2023	);
	2024	}
	2025	}
	2026
[1522]	2027	return $end ? $end->iso8601 : undef
	2028	}
	2029
[1855]	2030	# Compute a summary of employement and store the value
	2031	# into an attribute
	2032
[1854]	2033	sub _computeEmploymentHistory {
	2034	my ($self) = @_;
	2035
	2036	my %changes;
	2037
[1856]	2038	{
	2039	my $sth = $self->db->prepare_cached(q{
	2040	select employment.name from employment
	2041	where "user" = ? and employment.firstday < now()
	2042	});
	2043	$sth->execute($self->id);
	2044	my @values;
	2045	while (my $res = $sth->fetchrow_hashref) {
	2046	push(@values, $res->{name});
	2047	}
	2048	$changes{"employmentHistory"} = \@values;
	2049	}
	2050
[1854]	2051	foreach my $attribute (qw(contratType)) {
	2052	my $sth = $self->db->prepare_cached(q{
	2053	select employment_attributes.value from employment
	2054	join employment_attributes
	2055	on employment.ikey = employment_attributes.okey
	2056	where "user" = ? and employment_attributes.attr = ?
	2057	and employment.firstday < now()
	2058	group by employment_attributes.value
	2059	});
	2060	$sth->execute($self->id, $attribute);
	2061	my @values;
	2062	while (my $res = $sth->fetchrow_hashref) {
	2063	push(@values, $res->{value});
	2064	}
	2065	$changes{$attribute . "History"} = \@values;
	2066	}
	2067
	2068	$self->set_fields(%changes);
	2069	}
	2070
[1752]	2071	=head2 storeBannedPassword($epassword)
	2072
	2073	Add an encrypted password to untrust list
	2074
	2075	=cut
	2076
	2077	sub storeBannedPassword {
	2078	my ($self, $EncPass) = @_;
	2079
	2080	my @banned = sort { $b cmp $a } $self->_get_attributes('bannedPassword');
	2081	my $now = DateTime->now;
	2082	unshift(@banned, $now->iso8601 . ';' . $EncPass);
	2083	$self->set_fields('bannedPassword', [ grep { $_ } @banned ]);
	2084
	2085	}
	2086
	2087	=head2 banCurrentPassword
	2088
	2089	Store the current password as banned
	2090
	2091	=cut
	2092
	2093	sub banCurrentPassword {
	2094	my ($self) = @_;
	2095
	2096	my $old = $self->get_field('userPassword') or return;
	2097	$self->storeBannedPassword($old);
	2098	}
	2099
	2100	sub check_password {
	2101	my ( $self, $password ) = @_;
	2102
[1754]	2103	my $res = $self->SUPER::check_password($password);
	2104	if ($res !~ /^ok$/) {
[1752]	2105	return $res;
	2106	}
	2107
	2108	foreach my $banned ($self->_get_attributes('bannedPassword')) {
	2109	my ($date, $oldPassword) = $banned =~ /^([^;]);(.)/;
[1754]	2110	if (crypt($password, $oldPassword) eq $oldPassword) {
[1752]	2111	return "Banned password, cannot be used anymore";
	2112	}
	2113	}
	2114
[1754]	2115	return 'ok';
[1752]	2116	}
	2117
	2118	sub _set_password {
	2119	my ($self, $clear_pass) = @_;
	2120	if (my $attr = $self->base->attribute($self->type, 'userPassword')) {
	2121	my $field = $attr->iname;
	2122
	2123	# Storing as old password
	2124	my @olds = sort { $b cmp $a } $self->_get_attributes('oldPassword');
[1767]	2125	if (my $old = $self->get_field('userPassword')) {
	2126	my $now = DateTime->now;
	2127	unshift(@olds, $now->iso8601 . ';' . $old);
	2128	$self->set_fields('oldPassword', [ grep { $_ } @olds[0 .. 14] ]);
	2129	}
[1752]	2130
[2041]	2131	my $res = $self->set_fields($field, $self->base->passCrypt($clear_pass));
[1752]	2132	if ($res) {
	2133	if ($self->base->get_global_value('rsa_public_key')) {
	2134	$self->setCryptPassword($clear_pass) or return;
	2135	}
	2136	}
	2137
	2138	$self->set_fields('passwordLastSet', DateTime->now->datetime);
	2139	$self->base->log(LA_NOTICE,
	2140	'Mot de passe changÃ© pour %s',
	2141	$self->id
	2142	);
	2143
	2144
	2145	return $res;
	2146	} else {
	2147	$self->log(LA_WARN,
	2148	"Cannot set password: userPassword attributes is unsupported");
	2149	}
	2150	}
	2151
	2152	=head2 setCryptPassword($clear_pass)
	2153
	2154	Store password encrypted using RSA encryption.
	2155
	2156	=cut
	2157
	2158	sub setCryptPassword {
	2159	my ($self, $clear_pass) = @_;
	2160	if (my $serialize = $self->base->get_global_value('rsa_public_key')) {
	2161	my $public = Crypt::RSA::Key::Public->new;
	2162	$public = $public->deserialize(String => [ $serialize ]);
	2163	my $rsa = new Crypt::RSA ES => 'PKCS1v15';
	2164	my $rsa_password = $rsa->encrypt (
	2165	Message => $clear_pass,
	2166	Key => $public,
	2167	Armour => 1,
	2168	) \|\| die $rsa->errstr();
	2169	if (!$self->_set_c_fields('encryptedPassword', $rsa_password)) {
	2170	$self->log(LA_ERR,
	2171	"Cannot set 'encryptedPassword' attribute for object %s/%s",
	2172	$self->type, $self->id,
	2173	);
	2174	return;
	2175	}
	2176	}
	2177	$self->ReportChange('Password', 'Password stored using internal key');
	2178	return 1;
	2179	}
	2180
[1935]	2181	=head2 _InjectCryptPasswd($cryptpasswd)
[1752]	2182
[1935]	2183	Inject a password encrypted using standard UNIX method.
	2184
	2185	The passwrod will be used to authenticate user inside the application but it
	2186	will not be transmit to any other database.
	2187
	2188	=cut
	2189
	2190	sub _InjectCryptPasswd {
	2191	my ($self, $cryptpasswd) = @_;
	2192
	2193	if (my $current = $self->get_field('userPassword')) {
	2194	if ($cryptpasswd eq $current) {
	2195	return 1;
	2196	}
	2197	}
	2198	my $res = $self->set_fields('userPassword', $cryptpasswd);
	2199
	2200	if ($res) {
	2201	$self->base->log(LA_NOTICE, 'Crypted password injected for %s', $self->id);
	2202	return 1;
	2203	} else {
	2204	$self->base->log(LA_ERR, 'Cannot inject crypted password for %s', $self->id);
	2205	return 0;
	2206	}
	2207	}
	2208
[1640]	2209	=head2 GenPasswordResetId
	2210
	2211	Return a new id allowing passowrd reset
	2212
	2213	=cut
	2214
	2215	sub GenPasswordResetId {
	2216	my ($self) = @_;
	2217
	2218	my $id = LATMOS::Accounts::Utils::genpassword(length => 32);
	2219
	2220	my $sth = $self->base->db->prepare_cached(q{
	2221	INSERT INTO passwordreset (id, "user") values (?,?)
	2222	});
	2223
	2224	if ($sth->execute($id, $self->id)) {
	2225	return $id;
	2226	} else {
	2227	return;
	2228	}
	2229	}
	2230
	2231	=head2 SendPasswordReset($url)
	2232
	2233	Generate a password reset Id and the to the user.
	2234
	2235	C<$url> is the URL where the password can changed (printf forward, the %s is
	2236	replaced by the request id)
	2237
	2238	=cut
	2239
	2240	sub SendPasswordReset {
	2241	my ($self, $url) = @_;
	2242
	2243	my $id = $self->GenPasswordResetId;
	2244
[1642]	2245	my $mail = $self->_get_attributes('mail') or do {
[1640]	2246	$self->base->log(LA_ERR, "Cannot sent reset password mail: no mail found");
	2247	return;
	2248	};
	2249
[2055]	2250	my $MailSubject = $self->base->la->val('_default_', 'mailSubject', 'LATMOS::Accounts');
[1958]	2251
[1640]	2252	my %mail = (
[1958]	2253	Subject => "$MailSubject: pasword reset",
	2254	'X-LATMOS-Reason' => 'Password Reset',
[1640]	2255	to => $mail,
	2256	);
	2257
[1847]	2258	if (my $otherEmail = $self->_get_attributes('otherEmail')) {
	2259	$mail{cc} = $otherEmail;
[1846]	2260	}
	2261
[1640]	2262	my $vars = {
	2263	url => sprintf($url, $id),
	2264	};
	2265	$vars->{id} = $id;
	2266	$vars->{obj} = $self;
	2267
	2268	my $lamail = LATMOS::Accounts::Mail->new(
	2269	$self->base->la,
	2270	'passwordreset.mail',
	2271	);
	2272
	2273	if ($lamail->process(\%mail, $vars)) {
	2274	$self->base->log(LA_NOTICE,
	2275	"Reset password sent to %s for user %s",
	2276	$mail{to},
	2277	$self->id,
	2278	);
[1641]	2279	return 1;
	2280	} else {
	2281	return;
[1640]	2282	}
[1641]	2283
[1640]	2284	}
	2285
	2286	=head2 CheckPasswordResetId($id)
	2287
	2288	Return True if the reset password ID can be found and is less than one day old
	2289
	2290	=cut
	2291
	2292	sub CheckPasswordResetId {
	2293	my ($self, $id) = @_;
	2294
	2295	my $sth = $self->base->db->prepare_cached(q{
	2296	SELECT * FROM passwordreset WHERE
	2297	"user" = ? and
	2298	id = ? and
	2299	"create" >= now() - '1 days'::interval
	2300	});
	2301	$sth->execute($self->id, $id);
	2302
	2303	my $res = $sth->fetchrow_hashref;
	2304	$sth->finish;
	2305
	2306	return $res ? 1 : 0;
	2307	}
	2308
[1641]	2309	=head2 DeletePasswordId($id)
	2310
	2311	Delete password reset C<$id> and all expired request
	2312
	2313	=cut
	2314
	2315	sub DeletePasswordId {
	2316	my ($self, $id) = @_;
	2317
	2318	my $sth = $self->base->db->prepare_cached(q{
	2319	DELETE FROM passwordreset WHERE
	2320	"user" = ? AND (id = ? or "create" < now() - '1 days'::interval)
	2321	});
	2322
	2323	$sth->execute($self->id, $id);
	2324	}
	2325
[19]	2326	1;
	2327
	2328	__END__
	2329
	2330	=head1 SEE ALSO
	2331
	2332	=head1 AUTHOR
	2333
	2334	Olivier Thauvin, E<lt>olivier.thauvin@latmos.ipsl.frE<gt>
	2335
	2336	=head1 COPYRIGHT AND LICENSE
	2337
	2338	Copyright (C) 2008, 2009 CNRS SA/CETP/LATMOS
	2339
	2340	This library is free software; you can redistribute it and/or modify
	2341	it under the same terms as Perl itself, either Perl version 5.10.0 or,
	2342	at your option, any later version of Perl 5 you may have available.
	2343
	2344	=cut

Note: See TracBrowser for help on using the repository browser.

Download in other formats: