Context Navigation

source: trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/User.pm @ 2267

Visit:

Last change on this file since 2267 was 2267, checked in by nanardon, 5 years ago
Add a way to dump object and all related objects
Property svn:keywords set to `Id Rev`
File size: 80.8 KB

Line
1	package LATMOS::Accounts::Bases::Sql::User;
2
3	use 5.010000;
4	use strict;
5	use warnings;
6	use overload '""' => 'stringify';
7
8	use LATMOS::Accounts::Utils;
9	use LATMOS::Accounts::Log;
10	use POSIX qw(strftime);
11	use Date::Parse qw(str2time);
12	use DateTime;
13	use DateTime::TimeZone;
14	use base qw(LATMOS::Accounts::Bases::Sql::objects);
15	use LATMOS::Accounts::I18N;
16	use Date::Calc;
17	use LATMOS::Accounts::Mail;
18
19	our $VERSION = (q$Rev: 2158 $ =~ /^Rev: (\d+) /)[0];
20
21	=head1 NAME
22
23	LATMOS::Ad - Perl extension for blah blah blah
24
25	=head1 DESCRIPTION
26
27	Account base access over standard unix file format.
28
29	=head1 FUNCTIONS
30
31	=cut
32
33	=head2 new(%config)
34
35	Create a new LATMOS::Ad object for windows AD $domain.
36
37	domain / server: either the Ad domain or directly the server
38
39	ldap_args is an optionnal list of arguments to pass to L<Net::LDAP>.
40
41	=cut
42
43	sub _object_table { 'user' }
44
45	sub _key_field { 'name' }
46
47	sub _has_extended_attributes { 1 }
48
49	sub stringify {
50	my ($self) = @_;
51
52	return join(' ', grep { $_ }
53	(
54	$self->get_field('givenName'),
55	$self->get_field('sn')
56	)
57	)
58	\|\| $self->get_field('description')
59	\|\| $self->id;
60	}
61
62	sub GetOtypeDef {
63	my ($class) = @_;
64
65	{
66	address => 'user',
67	employment => 'user',
68	nethost => [ 'owner', 'user' ],
69	},
70	}
71
72	sub _get_attr_schema {
73	my ($class, $base) = @_;
74
75	my $subsetaddress = sub {
76	my ($self, $data) = @_;
77	my $fmainaddress = $self->object->_get_c_field('mainaddress');
78
79	# set address attribute => create address object on the fly
80	# except if attr is empty !
81	if (!$fmainaddress && $data) {
82	$fmainaddress = $self->object->id . '-' . join('', map { ('a'..'z')[rand(26)] }
83	(0..4));
84	$self->base->_create_c_object(
85	'address', $fmainaddress,
86	user => $self->object->id,
87	isMainAddress => 1, ) or do {
88	$self->base->log(LA_ERR,
89	"Cannot create main address for user %s", $self->object->id);
90	return;
91	};
92	}
93	if ($fmainaddress &&
94	(my $address = $self->base->get_object('address', $fmainaddress))) {
95	if ($address->attribute($self->name) &&
96	!$address->attribute($self->name)->ro) {
97	return $address->set_c_fields($self->name => $data) \|\|0;
98	}
99	}
100	};
101
102	my $attrs = {
103	exported => {
104	post => sub {
105	my ($self, $value) = @_;
106	my $attr = $self->name;
107
108	if (my $obj = $self->base->
109	get_object('revaliases', $self->object->id)) {
110	my $ares = $obj->set_c_fields(
111	($attr eq 'exported' ? 'exported' : 'unexported') => $value
112	);
113	if (!defined($ares)) {
114	$self->base->log(LA_ERR,
115	'Cannot set revaliases exported attribute for user %s',
116	$self->object->id);
117	}
118	}
119	my $must_expire = $self->name eq 'exported'
120	? ($value ? 0 : 1 )
121	: ($value ? 1 : 0 );
122
123	foreach my $al (grep { $_ } $self->object->get_attributes('aliases'), $self->object->id) {
124	my $obj = $self->base->get_object('aliases', $al) or next;
125	$obj->_set_c_fields(
126	exported => $value,
127	);
128	}
129	foreach my $al ($self->object->get_attributes('_otheraddress')) {
130	my $obj = $self->base->get_object('address', $al) or next;
131	$obj->_set_c_fields(
132	exported => $value,
133	);
134	}
135	},
136	},
137	uidNumber => {
138	inline => 1,
139	iname => 'uidnumber',
140	uniq => 1,
141	mandatory => 1,
142	formopts => { length => 7 },
143	label => l('UID'),
144	},
145	uidnumber => { inline => 1, hide => 1, monitored => 1 },
146	gidNumber => {
147	inline => 1,
148	iname => 'gidnumber',
149	mandatory => 1,
150	can_values => sub {
151	map { $_->id, $_->get_attributes('gidNumber') }
152	map { $base->get_object('group', $_) }
153	$base->list_objects('group')
154	},
155	can_values => sub {
156	my $sth = $base->db->prepare_cached(
157	q{
158	select name, gidnumber from "group" where exported = true
159	}
160	);
161	$sth->execute();
162	my @res;
163	while (my $res = $sth->fetchrow_hashref) {
164	push(@res, $res->{name});
165	push(@res, $res->{gidnumber});
166	}
167	return @res;
168	},
169	display => sub {
170	my ($self, $val) = @_;
171	if ($val =~ /^\d+$/) {
172	my ($gr) = $self->base->search_objects('group', "gidNumber=$val")
173	or return;
174	return $gr;
175	} else {
176	my ($gr) = $self->base->search_objects('group', "name=$val")
177	or return;
178	return $gr;
179	}
180	},
181	input => sub {
182	my ($val) = @_;
183	$val =~ /^\d+$/ and return $val;
184	my ($gr) = $base->search_objects('group', "name=$val") or return;
185	return $base->get_object('group', $gr)->get_attributes('gidNumber');
186	},
187	#reference => 'group',
188	label => l('GID'),
189	},
190	loginShell => {
191	mandatory => 1,
192	label => l('Shell'),
193	},
194	gidnumber => { inline => 1, hide => 1,
195	can_values => sub {
196	map { $_->id, $_->get_attributes('gidNumber') }
197	map { $base->get_object('group', $_) }
198	$base->list_objects('group')
199	},
200	display => sub {
201	my ($self, $val) = @_;
202	my ($gr) = $self->base->search_objects('group', "gidNumber=$val")
203	or return;
204	return $gr;
205	},
206	input => sub {
207	my ($val) = @_;
208	$val =~ /^\d+$/ and return $val;
209	my ($gr) = $base->search_objects('group', "name=$val") or return;
210	return $base->get_object('group', $gr)->get_attributes('gidNumber');
211	},
212	mandatory => 1,
213	reference => 'group',
214	monitored => 1,
215	},
216	locked => {
217	formtype => 'CHECKBOX',
218	formopts => { rawvalue => 1, },
219	monitored => 1,
220	label => l('Locked'),
221	},
222	expire => {
223	inline => 1,
224	formtype => 'DATETIME',
225	monitored => 1,
226	label => l('Expire on'),
227	},
228	endcircuit => {
229	inline => 1,
230	formtype => 'DATE',
231	monitored => 1,
232	label => l('End of entrance'),
233	},
234	_endEmployment => {
235	formtype => 'DATETIME',
236	managed => 1,
237	ro => 1,
238	hide => 1,
239	get => sub {
240	my ($attr) = @_;
241	my $self = $attr->object;
242	$self->_computeEndEmployment($self->base->config('employment_delay') \|\| 0);
243	},
244	label => l('End of employment'),
245	},
246	endEmployment => {
247	formtype => 'DATETIME',
248	ro => 1,
249	label => l('End of employment'),
250	},
251	_departure => {
252	formtype => 'DATETIME',
253	managed => 1,
254	ro => 1,
255	hide => 1,
256	get => sub {
257	my ($attr) = @_;
258	my $self = $attr->object;
259	$self->_computeEndEmployment($self->base->config('employment_delay') \|\| 0, 1, 1);
260	},
261	label => l('Start of employment'),
262	},
263	departure => {
264	formtype => 'DATETIME',
265	ro => 1,
266	label => l('Leaving'),
267	},
268	_endStrictEmployment => {
269	formtype => 'DATETIME',
270	managed => 1,
271	ro => 1,
272	hide => 1,
273	get => sub {
274	my ($attr) = @_;
275	my $self = $attr->object;
276	$self->_computeEndEmployment();
277	},
278	},
279	endStrictEmployment => {
280	formtype => 'DATETIME',
281	ro => 1,
282	},
283	_endCurrentEmployment => {
284	formtype => 'DATETIME',
285	managed => 1,
286	ro => 1,
287	hide => 1,
288	get => sub {
289	my ($attr) = @_;
290	my $self = $attr->object;
291
292	my $list_empl = $self->base->db->prepare_cached(q{
293	SELECT * FROM employment WHERE "user" = ? and
294	firstday <= now() and
295	(lastday is null or lastday >= now() - '1 days'::interval)
296	order by firstday asc
297	});
298	$list_empl->execute($self->id);
299	my $end;
300	while (my $res = $list_empl->fetchrow_hashref) {
301	if (!$res->{lastday}) {
302	# Ultimate employment.
303	$list_empl->finish;
304	return undef;
305	} else {
306	$end = DateTime->from_epoch(epoch => str2time($res->{lastday}));
307	$end->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
308	$end->add(hours => 23, minutes => 59, seconds => 59);
309	}
310	last;
311	}
312	$list_empl->finish;
313
314	return $end ? $end->iso8601 : undef
315	},
316	},
317	endCurrentEmployment => {
318	formtype => 'DATETIME',
319	ro => 1,
320	},
321	_endLastEmployment => {
322	formtype => 'DATETIME',
323	managed => 1,
324	ro => 1,
325	hide => 1,
326	get => sub {
327	my ($attr) = @_;
328	my $self = $attr->object;
329
330	my $list_empl = $self->base->db->prepare_cached(q{
331	SELECT * FROM employment WHERE "user" = ?
332	order by lastday desc nulls first
333	});
334	$list_empl->execute($self->id);
335	my $res = $list_empl->fetchrow_hashref;
336	$list_empl->finish;
337	my $end;
338	if ($res && $res->{lastday}) {
339	$end = DateTime->from_epoch(epoch => str2time($res->{lastday}));
340	$end->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
341	$end->add(hours => 23, minutes => 59, seconds => 59);
342	}
343	return $end ? $end->iso8601 : undef
344	},
345	label => l('End of any employment'),
346	},
347	endLastEmployment => {
348	formtype => 'DATETIME',
349	ro => 1,
350	label => l('End of any employment'),
351	},
352	_startEmployment => {
353	formtype => 'DATETIME',
354	managed => 1,
355	ro => 1,
356	hide => 1,
357	get => sub {
358	my ($attr) = @_;
359	my $self = $attr->object;
360	$self->_computeStartEmployment($self->base->config('employment_delay') \|\| 0);
361	},
362	label => l('Start of employment'),
363	},
364	startEmployment => {
365	formtype => 'DATETIME',
366	ro => 1,
367	label => l('Start of employment'),
368	},
369	_arrival => {
370	formtype => 'DATETIME',
371	managed => 1,
372	ro => 1,
373	hide => 1,
374	get => sub {
375	my ($attr) = @_;
376	my $self = $attr->object;
377	$self->_computeStartEmployment($self->base->config('employment_delay') \|\| 0, 1, 1);
378	},
379	label => l('Start of employment'),
380	},
381	arrival => {
382	formtype => 'DATETIME',
383	ro => 1,
384	label => l('Arrival'),
385	},
386	_startStrictEmployment => {
387	formtype => 'DATETIME',
388	managed => 1,
389	ro => 1,
390	hide => 1,
391	get => sub {
392	my ($attr) = @_;
393	my $self = $attr->object;
394	$self->_computeStartEmployment();
395	},
396	},
397	startStrictEmployment => {
398	formtype => 'DATETIME',
399	ro => 1,
400	},
401	_startCurrentEmployment => {
402	formtype => 'DATETIME',
403	managed => 1,
404	ro => 1,
405	hide => 1,
406	get => sub {
407	my ($attr) = @_;
408	my $self = $attr->object;
409
410	my $list_empl = $self->base->db->prepare_cached(q{
411	SELECT * FROM employment WHERE "user" = ? and
412	firstday <= now() and
413	(lastday is null or lastday >= now() - '1 days'::interval)
414	order by firstday asc
415	});
416	$list_empl->execute($self->id);
417	my $start;
418	while (my $res = $list_empl->fetchrow_hashref) {
419	$start = DateTime->from_epoch(epoch => str2time($res->{firstday}));
420	$start->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
421	last;
422	}
423	$list_empl->finish;
424
425	return $start ? $start->iso8601 : undef
426	},
427	},
428	startCurrentEmployment => {
429	formtype => 'DATETIME',
430	ro => 1,
431	},
432	_startFirstEmployment => {
433	formtype => 'DATETIME',
434	managed => 1,
435	ro => 1,
436	hide => 1,
437	get => sub {
438	my ($attr) = @_;
439	my $self = $attr->object;
440
441	my $list_empl = $self->base->db->prepare_cached(q{
442	SELECT * FROM employment WHERE "user" = ?
443	order by firstday asc
444	});
445	$list_empl->execute($self->id);
446	my $res = $list_empl->fetchrow_hashref;
447	$list_empl->finish;
448	my $start;
449	if ($res && $res->{firstday}) {
450	$start = DateTime->from_epoch(epoch => str2time($res->{firstday}));
451	$start->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
452	}
453	return $start ? $start->iso8601 : undef
454	},
455	label => l('Start of any employment'),
456	},
457	startFirstEmployment => {
458	formtype => 'DATETIME',
459	ro => 1,
460	label => l('Start of any employment'),
461	},
462	employmentLength => {
463	ro => 1,
464	auto => 1,
465	},
466	_employmentLength => {
467	ro => 1,
468	managed => 1,
469	hide => 1,
470	get => sub {
471	my ($self) = @_;
472	my $lastday = $self->object->get_attributes('endEmployment') \|\| DateTime->now->ymd('-');
473	my $firstday = $self->object->get_attributes('startEmployment') or return;
474
475	my @fd = split('-', DateTime->from_epoch(epoch => str2time($firstday))->ymd('-'));
476	my @ld = split('-', DateTime->from_epoch(epoch => str2time($lastday))->ymd('-'));
477
478	return Date::Calc::Delta_Days(@fd, @ld) +1;
479	},
480	label => l('Work duration'),
481	},
482	employmentLengthText => {
483	ro => 1,
484	auto => 1,
485	},
486	_employmentLengthText => {
487	ro => 1,
488	managed => 1,
489	hide => 1,
490	get => sub {
491	my ($self) = @_;
492	my $firstday = $self->object->get_attributes('startEmployment') or return;
493	my $lastday = $self->object->get_attributes('endEmployment')\|\| DateTime->now->ymd('-');
494	{
495	my $dtlast = DateTime->from_epoch(epoch => str2time($lastday));
496	$dtlast->add(days => 1);
497	$lastday = $dtlast->ymd('-');
498	}
499
500	my @fd = split('-', DateTime->from_epoch(epoch => str2time($firstday))->ymd('-'));
501	my @ld = split('-', DateTime->from_epoch(epoch => str2time($lastday))->ymd('-'));
502
503	my ($Dy,$Dm,$Dd) = Date::Calc::N_Delta_YMD(@fd, @ld);
504	return join(', ',
505	($Dy ? l('%d years', $Dy) : ()),
506	($Dm ? l('%d months', $Dm) : ()),
507	($Dd ? l('%d days', $Dd) : ()),
508	);
509	},
510	label => l('Work duration'),
511	},
512	cn => {
513	inline => 1, ro => 1,
514	get => sub {
515	my ($self) = @_;
516	return join(' ', grep { $_ }
517	(
518	$self->object->_get_c_field('givenName'),
519	$self->object->_get_c_field('sn')
520	)
521	)
522	\|\| $self->object->_get_c_field('description')
523	\|\| $self->object->id;
524	},
525	},
526	memberOf => {
527	reference => 'group',
528	multiple => 1, delayed => 1,
529	get => sub {
530	my ($self) = @_;
531	my $obj = $self->object;
532	my $sth = $obj->db->prepare_cached(
533	q{
534	select name from "group" join
535	group_attributes on group_attributes.okey = "group".ikey
536	where value = ? and attr = ? and internobject = false
537	} . ($self->base->{wexported} ? '' : ' and "group".exported = true')
538	);
539	$sth->execute($obj->id, 'memberUID');
540	my @res;
541	while (my $res = $sth->fetchrow_hashref) {
542	push(@res, $res->{name});
543	}
544	return \@res;
545	},
546	set => sub {
547	my ($self, $values) = @_;
548	my %old = map { $_ => 'o' } @{ $self->get };
549	foreach my $group (grep { $_ } ref $values ? @{ $values } : $values) {
550	if ($old{$group}) {
551	$old{$group} = undef; # no change
552	} else {
553	$old{$group} = 'n';
554	}
555	}
556
557	my $res = 0;
558	foreach my $group (keys %old) {
559	$old{$group} or next; # no change
560
561	my $ogroup = $self->base->get_object('group', $group) or next;
562	($ogroup->_get_c_field('sutype') \|\| '') =~ /^(jobtype\|contrattype)$/ and next;
563
564	if ($old{$group} eq 'n') {
565	$res += $ogroup->_addAttributeValue('memberUID', $self->object->id);
566	} else {
567	if (($self->object->_get_c_field('department') \|\| '') eq $ogroup->id) {
568	$self->base->log(LA_WARN,
569	"Don't removing user %s from group %s: is its department",
570	$self->object->id, $ogroup->id);
571	next;
572	}
573	$res += $ogroup->_delAttributeValue('memberUID', $self->object->id);
574	}
575	}
576	return $res;
577	},
578	label => l('Member of'),
579	},
580	forward => {
581	managed => 1,
582	multiple => 1,
583	get => sub {
584	my ($self) = @_;
585	my $sth = $self->base->db->prepare(q{
586	select forward from aliases where name = ? and internobject = false
587	} . ($self->base->{wexported} ? '' : ' and exported = true'));
588	$sth->execute($self->object->id);
589	my $res = $sth->fetchrow_hashref;
590	$sth->finish;
591	return $res->{forward}
592	},
593	set => sub {
594	my ($self, $data) = @_;
595	if ($data) {
596	my @datas = ref $data ? @$data : split(/\s,\s/, $data);
597	if (my $f = $self->base->get_object('aliases', $self->object->id)) {
598	return $f->_set_c_fields(
599	forward => \@datas,
600	comment => undef,
601	description => 'Forward for user ' . $self->object->id,
602	);
603	} else {
604	if ($self->base->_create_c_object(
605	'aliases', $self->object->id,
606	forward => \@datas,
607	description => 'automatically created for ' . $self->object->id,
608	)) {
609	return 1;
610	} else {
611	$self->base->log(LA_ERR, "Cannot add forward for %s",
612	$self->object->id);
613	}
614	}
615	} elsif ($self->base->get_object('aliases', $self->object->id)) {
616	if (my $res = $self->base->_delete_object('aliases', $self->object->id)) {
617	return $res;
618	} else {
619	$self->base->log(LA_ERR, "Cannot remove forward for %s",
620	$self->object->id);
621	}
622	} else {
623	return 1;
624	}
625	return;
626	},
627	label => l('Forward'),
628	},
629	aliases => {
630	#reference => 'aliases',
631	delayed => 1,
632	formtype => 'TEXT',
633	multiple => 1,
634	get => sub {
635	my ($self) = @_;
636	my $sth = $self->base->db->prepare(q{
637	select name from aliases where internobject = false and lower($1) =
638	lower(array_to_string("forward", ','))
639	} . ($self->base->{wexported} ? '' : 'and exported = true'));
640	$sth->execute($self->object->id);
641	my @values;
642	while (my $res = $sth->fetchrow_hashref) {
643	push(@values, $res->{name});
644	}
645	return \@values;
646	},
647	set => sub {
648	my ($self, $data) = @_;
649
650	my $res = 0;
651	my %aliases = map { $_ => 1 } grep { $_ } (ref $data ? @{$data} : $data);
652	foreach ($self->object->_get_attributes('aliases')) {
653	$aliases{$_} \|\|= 0;
654	$aliases{$_} +=2;
655	}
656	foreach (keys %aliases) {
657	if ($aliases{$_} == 2) {
658	if ($self->base->_delete_object('aliases', $_)) {
659	$res++
660	} else {
661	$self->base->log(LA_ERR,
662	"Cannot remove aliases %s from user %s", $_,
663	$self->object->id);
664	}
665	} elsif ($aliases{$_} == 1) {
666	if ($self->base->_create_c_object(
667	'aliases', $_,
668	forward => [ $self->object->id ],
669	description => 'automatically created for ' . $self->object->id,
670	)) {
671	$res++
672	} else {
673	$self->base->log(LA_ERR, 'Cannot set forward %s to user %s',
674	$_, $self->object->id);
675	return;
676	}
677	} # 3 no change
678	}
679	$res
680	},
681	label => l('Aliases'),
682	},
683	revaliases => {
684	formtype => 'TEXT',
685	get => sub {
686	my ($self) = @_;
687
688	if (my $obj = $self->base->
689	get_object('revaliases', $self->object->id)) {
690	return $obj->get_attributes('as');
691	} else {
692	return;
693	}
694	},
695	set => sub {
696	my ($self, $data) = @_;
697
698	my $res = 0;
699	if ($data) {
700	if (my $obj = $self->base->
701	get_object('revaliases', $self->object->id)) {
702	my $ares = $obj->set_c_fields(
703	'as' => $data,
704	'exported' => ($self->object->get_attributes('exported') \|\| 0),
705	);
706	if (defined($ares)) {
707	$res+=$ares;
708	} else {
709	$self->base->log(LA_ERR, 'Cannot set revaliases for user %s',
710	$self->object->id);
711	}
712	} else {
713	if ($self->base->_create_c_object(
714	'revaliases',
715	$self->object->id, as => $data,
716	'exported' => ($self->object->get_attributes('exported') \|\| 0),
717	description => 'automatically created for ' . $self->object->id,
718	)) {
719	$res++;
720	} else {
721	$self->base->log(LA_ERR, 'Cannot set revaliases for user %s',
722	$self->object->id);
723	}
724	}
725	} else {
726	$self->base->_delete_object('revaliases', $self->object->id);
727	$res++;
728	}
729
730	$res
731	},
732	},
733	manager => {
734	reference => 'user',
735	ro => 1,
736	get => sub {
737	my ($self) = @_;
738	if (my $manager = $self->object->_get_c_field('managerContact')) {
739	return $manager;
740	} elsif (my $department = $self->object->_get_c_field('department')) {
741	my $obj = $self->base->get_object('group', $department);
742	return $obj->_get_c_field('managedBy');
743	} else {
744	return;
745	}
746	},
747	label => l('Responsible'),
748	},
749	department => {
750	reference => 'group',
751	can_values => sub {
752	$base->search_objects('group', 'sutype=dpmt')
753	},
754	monitored => 1,
755	label => l('Department'),
756	},
757	contratType => {
758	reference => 'group',
759	can_values => sub {
760	$base->search_objects('group', 'sutype=contrattype')
761	},
762	monitored => 1,
763	label => l('Type of contract'),
764	},
765	site => {
766	reference => 'site',
767	can_values => sub {
768	$base->search_objects('site')
769	},
770	get => sub {
771	my ($self) = @_;
772	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
773	$self->base->get_object('address', $fmainaddress)
774	->_get_c_field($self->name);
775	} else {
776	return;
777	}
778	},
779	set => $subsetaddress,
780	label => l('Site'),
781	},
782	co => {
783	get => sub {
784	my ($self) = @_;
785	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
786	$self->base->get_object('address', $fmainaddress)
787	->_get_c_field($self->name);
788	} else {
789	return;
790	}
791	},
792	set => $subsetaddress,
793	},
794	l => {
795	get => sub {
796	my ($self) = @_;
797	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
798	$self->base->get_object('address', $fmainaddress)
799	->_get_c_field($self->name);
800	} else {
801	return;
802	}
803	},
804	set => $subsetaddress,
805	label => l('City'),
806	},
807	postalCode => {
808	get => sub {
809	my ($self) = @_;
810	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
811	$self->base->get_object('address', $fmainaddress)
812	->_get_c_field($self->name);
813	} else {
814	return;
815	}
816	},
817	set => $subsetaddress,
818	label => l('Postal code'),
819	},
820	streetAddress => {
821	formtype => 'TEXTAREA',
822	get => sub {
823	my ($self) = @_;
824	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
825	$self->base->get_object('address', $fmainaddress)
826	->_get_c_field($self->name);
827	} else {
828	return;
829	}
830	},
831	set => $subsetaddress,
832	label => l('Street'),
833	},
834	postOfficeBox => {
835	get => sub {
836	my ($self) = @_;
837	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
838	$self->base->get_object('address', $fmainaddress)
839	->_get_c_field($self->name);
840	} else {
841	return;
842	}
843	},
844	set => $subsetaddress,
845	label => l('Post office box'),
846	},
847	st => {
848	get => sub {
849	my ($self) = @_;
850	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
851	$self->base->get_object('address', $fmainaddress)
852	->_get_c_field($self->name);
853	} else {
854	return;
855	}
856	},
857	set => $subsetaddress,
858	},
859	facsimileTelephoneNumber => {
860	get => sub {
861	my ($self) = @_;
862	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
863	$self->base->get_object('address', $fmainaddress)
864	->_get_c_field($self->name);
865	} else {
866	return;
867	}
868	},
869	set => $subsetaddress,
870	label => l('Fax number'),
871	},
872	o => {
873	ro => 1,
874	iname => 'company',
875	label => l('Company'),
876	},
877	ou => {
878	iname => 'department',
879	ro => 1,
880	label => l('Department'),
881	},
882	telephoneNumber => {
883	get => sub {
884	my ($self) = @_;
885	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
886	$self->base->get_object('address', $fmainaddress)
887	->_get_c_field($self->name);
888	} else {
889	return;
890	}
891	},
892	set => $subsetaddress,
893	label => l('Phone number'),
894	},
895	physicalDeliveryOfficeName => {
896	get => sub {
897	my ($self) = @_;
898	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
899	$self->base->get_object('address', $fmainaddress)
900	->_get_c_field($self->name);
901	} else {
902	return;
903	}
904	},
905	set => $subsetaddress,
906	label => l('Office'),
907	},
908	uid => {
909	iname => 'name',
910	ro => 1,
911	label => l('Login'),
912	},
913	cn => { iname => 'name', ro => 1 },
914	gecos => {
915	ro => 1,
916	auto => 1,
917	},
918	_gecos => {
919	managed => 1,
920	hide => 1,
921	ro => 1,
922	get => sub {
923	my ($self) = @_;
924	my $obj = $self->object;
925
926	my $fmt = $self->base->config('gecosformat') \|\|
927	'%{_displayName},%{l}-%{physicalDeliveryOfficeName},%{telephoneNumber},%{?endcircuit:%{endcircuit}}%{?!endcircuit:%{expireText}}';
928	my $gecos = $obj->queryformat($fmt);
929	return to_ascii($gecos);
930	},
931	label => l('GECOS'),
932	},
933	displayName => {
934	ro => 1,
935	auto => 1,
936	},
937	_displayName => {
938	ro => 1, managed => 1,
939	hide => 1,
940	get => sub {
941	my ($self) = @_;
942	return join(' ', grep { $_ }
943	(
944	$self->object->_get_c_field('givenName'),
945	$self->object->_get_c_field('sn')
946	)
947	)
948	\|\| $self->object->_get_c_field('description')
949	\|\| $self->object->id;
950	},
951	label => l('Name'),
952	},
953	sAMAccountName => {
954	auto => 1,
955	},
956	_sAMAccountName => {
957	ro => 1,
958	hide => 1,
959	managed => 1,
960	iname => 'name',
961	get => sub {
962	my ($self) = @_;
963	substr($self->object->id, 0, 19)
964	},
965	},
966	accountExpires => {
967	ro => 1,
968	auto => 1,
969	},
970	_accountExpires => {
971	ro => 1,
972	managed => 1,
973	hide => 1,
974	get => sub {
975	my ($self) = @_;
976	my $obj = $self->object;
977	my $sth = $obj->db->prepare_cached(
978	sprintf(
979	q{select extract(epoch from %s) + 11644474161 as expire
980	from %s where %s = ?},
981	$base->config('endCircuitdontExpire') ? 'expire' : 'COALESCE(endcircuit, expire)',
982	$obj->db->quote_identifier($obj->_object_table),
983	$obj->db->quote_identifier($obj->_key_field),
984	)
985	);
986	$sth->execute($obj->id);
987	my $res = $sth->fetchrow_hashref;
988	$sth->finish;
989	return $res->{expire} ? sprintf("%.f", $res->{expire} * 1E7) : '9223372036854775807';
990	}
991	},
992	shadowExpire => {
993	ro => 1,
994	auto => 1,
995	},
996	_shadowExpire => {
997	ro => 1,
998	hide => 1,
999	managed => 1,
1000	get => sub {
1001	my ($self) = @_;
1002	my $obj = $self->object;
1003	my $sth = $obj->db->prepare_cached(
1004	sprintf(
1005	q{select justify_hours(%s - '1/1/1970'::timestamp) as expire
1006	from %s where %s = ?},
1007	$base->config('endCircuitdontExpire') ? 'expire' : 'COALESCE(endcircuit, expire)',
1008	$obj->db->quote_identifier($obj->_object_table),
1009	$obj->db->quote_identifier($obj->_key_field),
1010	)
1011	);
1012	$sth->execute($obj->id);
1013	my $res = $sth->fetchrow_hashref;
1014	$sth->finish;
1015	return -1 unless($res->{expire});
1016	$res->{expire} =~ /(\d+) days\s*(\w)?/;
1017	# Add one day is time is not 00H00
1018	return $1 + ($2 ? 1 : 0);
1019	}
1020	},
1021	directReports => {
1022	auto => 1,
1023	ro => 1,
1024	},
1025	_directReports => {
1026	reference => 'user',
1027	ro => 1,
1028	hide => 1,
1029	delayed => 1,
1030	get => sub {
1031	my ($self) = @_;
1032	my $obj = $self->object;
1033	my $sth = $obj->db->prepare_cached(
1034	q{
1035	SELECT
1036	"user".name FROM
1037	public."user",
1038	public.user_attributes_groups,
1039	public.group_attributes_users,
1040	public.group_attributes_base gb,
1041	public."group"
1042	WHERE
1043	"user".ikey = user_attributes_groups.okey AND
1044	user_attributes_groups.value = "group".name AND
1045	group_attributes_users.okey = gb.okey AND
1046	"group".ikey = group_attributes_users.okey AND
1047	gb.attr = 'sutype' AND
1048	gb.value = 'dpmt' AND
1049	group_attributes_users.attr = 'managedBy' AND
1050	group_attributes_users.value = ?
1051	} . ($self->base->{wexported} ? '' : ' and "user".exported = true') . q{
1052	and "user".ikey not in
1053	(select okey from user_attributes_users
1054	where attr = 'manager' and value != ? )
1055	union
1056	select "user".name FROM public."user",
1057	user_attributes_users where
1058	user_attributes_users.attr = 'manager' and user_attributes_users.value = ?
1059	and "user".ikey = user_attributes_users.okey
1060	} . ($self->base->{wexported} ? '' : ' and "user".exported = true')
1061	);
1062	$sth->execute($obj->id, $obj->id, $obj->id);
1063	my @res;
1064	while (my $res = $sth->fetchrow_hashref) {
1065	push(@res, $res->{name});
1066	}
1067	return \@res;
1068	},
1069	},
1070	managedObjects => { ro => 1, reference => 'group', },
1071	otheraddress => {
1072	auto => 1,
1073	multiple => 1,
1074	reference => 'address',
1075	},
1076	_otheraddress => {
1077	ro => 1,
1078	multiple => 1,
1079	reference => 'address',
1080	get => sub {
1081	my ($self) = @_;
1082	my $sth = $self->base->db->prepare_cached(q{
1083	select name from address left join address_attributes
1084	on address.ikey = address_attributes.okey and
1085	address_attributes.attr = 'isMainAddress'
1086	where "user" = ?
1087	} . ($self->base->{wexported} ? '' : ' and "address".exported = true') . q{
1088	order by address_attributes.attr
1089	} );
1090	$sth->execute($self->object->id);
1091	my @values;
1092	while (my $res = $sth->fetchrow_hashref) {
1093	push(@values, $res->{name});
1094	}
1095	return \@values;
1096	},
1097	},
1098	mainaddress => {
1099	auto => 1,
1100	reference => 'address',
1101	},
1102	_mainaddress => {
1103	hide => 1,
1104	ro => 1,
1105	reference => 'address',
1106	get => sub {
1107	my ($self) = @_;
1108	my $sth = $self->base->db->prepare_cached(q{
1109	select name from address join address_attributes on ikey = okey
1110	where "user" = ? and attr = 'isMainAddress'
1111	} . ($self->base->{wexported} ? '' : ' and "address".exported = true'));
1112	$sth->execute($self->object->id);
1113	my $res = $sth->fetchrow_hashref;
1114	$sth->finish;
1115	return $res->{name};
1116	},
1117	},
1118	postalAddress => {
1119	auto => 1,
1120	},
1121	_postalAddress => {
1122	hide => 1,
1123	ro => 1,
1124	get => sub {
1125	my ($self) = @_;
1126	if (my $fmainaddress = $self->object->_get_c_field('_mainaddress')) {
1127	$self->base->get_object('address', $fmainaddress)
1128	->_get_c_field('postalAddress');
1129	} else {
1130	return;
1131	}
1132	},
1133	label => l('Postal Address'),
1134	},
1135	facsimileTelephoneNumber => {
1136	ro => 1,
1137	label => l('Fax number'),
1138	},
1139	allsite => {
1140	ro => 1,
1141	reference => 'site',
1142	},
1143	managerContact => {
1144	delayed => 1,
1145	can_values => sub {
1146	my %uniq = map { $_ => 1 } grep { $_ }
1147	(($_[1] ? $_[1]->get_attributes('managerContact') : ()),
1148	$base->search_objects('user', 'active=1'));
1149	sort keys %uniq;
1150	},
1151	reference => 'user',
1152	monitored => 1,
1153	iname => 'manager',
1154	label => l('Manager'),
1155	},
1156	expireTextEC => {
1157	ro => 1,
1158	auto => 1,
1159	},
1160	_expireTextEC => {
1161	ro => 1,
1162	managed => 1,
1163	hide => 1,
1164	get => sub {
1165	my ($self) = @_;
1166	my $obj = $self->object;
1167	my $sth = $obj->db->prepare_cached(
1168	sprintf(
1169	q{select to_char(%s, 'YYYY/MM/DD') as expire
1170	from %s where %s = ?},
1171	$base->config('endCircuitdontExpire') ? 'expire' : 'COALESCE(endcircuit, expire)',
1172	$obj->db->quote_identifier($obj->_object_table),
1173	$obj->db->quote_identifier($obj->_key_field),
1174	)
1175	);
1176	$sth->execute($obj->id) or $obj->db->rollback;
1177	my $res = $sth->fetchrow_hashref;
1178	$sth->finish;
1179	return $res->{expire}
1180	},
1181	},
1182	expireText => {
1183	ro => 1,
1184	auto => 1,
1185	},
1186	_expireText => {
1187	ro => 1,
1188	hide => 1,
1189	managed => 1,
1190	get => sub {
1191	my ($self) = @_;
1192	my $obj = $self->object;
1193	my $sth = $obj->db->prepare_cached(
1194	sprintf(
1195	q{select to_char(expire, 'YYYY/MM/DD') as expire
1196	from %s where %s = ?},
1197	$obj->db->quote_identifier($obj->_object_table),
1198	$obj->db->quote_identifier($obj->_key_field),
1199	)
1200	);
1201	$sth->execute($obj->id) or $obj->db->rollback;
1202	my $res = $sth->fetchrow_hashref;
1203	$sth->finish;
1204	return $res->{expire}
1205	},
1206	},
1207	krb5ValidEnd => {
1208	ro => 1,
1209	auto => 1,
1210	},
1211	_krb5ValidEnd => {
1212	ro => 1,
1213	managed => 1,
1214	hide => 1,
1215	get => sub {
1216	my ($self) = @_;
1217	my $sth = $self->object->db->prepare_cached(
1218	sprintf(
1219	q{select date_part('epoch', COALESCE(endcircuit, expire))::int as expire
1220	from %s where %s = ?},
1221	$self->object->db->quote_identifier($self->object->_object_table),
1222	$self->object->db->quote_identifier($self->object->_key_field),
1223	)
1224	);
1225	$sth->execute($self->object->id) or $self->object->db->rollback;
1226	my $res = $sth->fetchrow_hashref;
1227	$sth->finish;
1228	return $res->{expire}
1229	},
1230	},
1231	cells => {
1232	ro => 1,
1233	reference => 'group',
1234	},
1235	departments => {
1236	reference => 'group',
1237	delayed => 1,
1238	ro => 1,
1239	label => l('Departments'),
1240	},
1241	arrivalDate => { },
1242	expired => {
1243	ro => 1,
1244	label => l('Expired'),
1245	},
1246	active => {
1247	ro => 1,
1248	label => l('Active'),
1249	},
1250	status => {
1251	ro => 1,
1252	label => l('Statut du compte'),
1253	},
1254	pwdAccountLockedTime => {
1255	auto => 1,
1256	ro => 1,
1257	},
1258	_pwdAccountLockedTime => {
1259	managed => 1,
1260	ro => 1,
1261	hide => 1,
1262	get => sub {
1263	my ($self) = @_;
1264	my $obj = $self->object;
1265	if ($obj->_get_c_field('locked')) {
1266	return '000001010000Z';
1267	} else {
1268	my $sth = $obj->db->prepare_cached(
1269	sprintf(
1270	q{select to_char(%s AT TIME ZONE 'Z', 'YYYYMMDDHH24MISSZ') as expire
1271	from %s where %s = ? and expire < now()},
1272	$base->config('endCircuitdontExpire') ? 'expire' : 'COALESCE(endcircuit, expire)',
1273	$obj->db->quote_identifier($obj->_object_table),
1274	$obj->db->quote_identifier($obj->_key_field),
1275	)
1276	);
1277	$sth->execute($obj->id);
1278	my $res = $sth->fetchrow_hashref;
1279	$sth->finish;
1280	return $res->{expire}
1281	}
1282	},
1283	},
1284	userPassword => { readable => 0, },
1285	wWWHomePage => {
1286	label => l('Web Page'),
1287	formopts => { length => 35 },
1288	},
1289	title => { },
1290	snNative => {
1291	label => l('Native name'),
1292	},
1293	givenNameNative => {
1294	label => l('Native first name'),
1295	},
1296	sn => {
1297	label => l('Name'),
1298	},
1299	shadowWarning => { },
1300	shadowMin => { },
1301	shadowMax => { },
1302	shadowLastChange => { },
1303	shadowInactive => { },
1304	shadowFlag => { },
1305	otherTelephone => { },
1306	nickname => {
1307	label => l('Nickname'),
1308	},
1309	mobile => { },
1310	mail => {
1311	label => l('Email'),
1312	},
1313	otherEmail => {
1314	label => l('External mail'),
1315	},
1316	labeledURI => { },
1317	jobType => { },
1318	ipPhone => { },
1319	initials => {
1320	label => l('Initials'),
1321	checkinput => sub {
1322	$_[0] or return;
1323	return(length($_[0]) <= 6)
1324	}
1325	},
1326	homePhone => { },
1327	homeDirectory => {
1328	label => l('Home directory'),
1329	},
1330	halReference => {
1331	label => l('HAL id'),
1332	},
1333	grade => { },
1334	givenName => {
1335	label => l('First name'),
1336	},
1337	encryptedPassword => { },
1338	description => {
1339	label => l('Description'),
1340	},
1341	company => {
1342	label => l('Company'),
1343	},
1344	employer => {
1345	label => l('Employer'),
1346	},
1347	comment => {
1348	label => l('Comment'),
1349	},
1350	college => { },
1351	passwordLastSet => {
1352	ro => 1,
1353	label => l('Password set'),
1354	},
1355	oldPassword => {
1356	multiple => 1,
1357	},
1358	bannedPassword => {
1359	multiple => 1,
1360	},
1361	sshPublicKey => {
1362	multiple => 1,
1363	formopts => { length => 45 },
1364	},
1365	sshPublicKeyFilter => {
1366	multiple => 1,
1367	formopts => { length => 45 },
1368	},
1369	delUnknownSshKey => {
1370	formtype => 'CHECKBOX',
1371	},
1372	_authorizedKeys => {
1373	multiple => 1,
1374	ro => 1,
1375	managed => 1,
1376	hide => 1,
1377	get => sub {
1378	my ($attr) = @_;
1379	my $self = $attr->object;
1380
1381	my @keys = $self->_get_attributes('sshPublicKey');
1382
1383	my @filters = $self->_get_attributes('sshPublicKeyFilter');
1384	my $delUnknownSshKey = $self->_get_attributes('delUnknownSshKey');
1385
1386	my %users = ( $self->id => 1 );
1387
1388	if (@filters) {
1389	foreach my $user ($self->base->search_objects('user', @filters, 'oalias=NULL')) {
1390	my $ouser = $self->base->get_object('user', $user) or next;
1391	$users{ $user } and next;
1392	$users{ $user } = 1;
1393	push(@keys, $ouser->_get_attributes('sshPublicKey'));
1394	}
1395	}
1396
1397	return @keys
1398	? \@keys
1399	: (@filters \|\| $delUnknownSshKey
1400	? [ '# No key (' . DateTime->now->iso8601 . ')' ]
1401	: undef);
1402	},
1403	},
1404	authorizedKeys => {
1405	multiple => 1,
1406	ro => 1,
1407	},
1408	currentEmployment => {
1409	managed => 1,
1410	ro => 1,
1411	reference => 'employment',
1412	get => sub {
1413	my ($attr) = @_;
1414	my $self = $attr->object;
1415
1416	my $now = DateTime->now()->iso8601 . 'Z';
1417
1418	my $sth = $self->base->db->prepare_cached(
1419	q{
1420	select name from employment where firstday <= ?::timestamp and
1421	(lastday is null or lastday >= ?::timestamp - '1 days'::interval) and "user" = ?
1422	limit 1
1423	}
1424	);
1425	$sth->execute($now, $now, $self->id);
1426	my $res = $sth->fetchrow_hashref;
1427	$sth->finish;
1428	if ($res) {
1429	return $res->{name}
1430	} else {
1431	return;
1432	}
1433	},
1434	},
1435	nextEmployment => {
1436	managed => 1,
1437	ro => 1,
1438	reference => 'employment',
1439	get => sub {
1440	my ($attr) = @_;
1441	my $self = $attr->object;
1442
1443	my $now = DateTime->now()->iso8601 . 'Z';
1444
1445	my $sth = $self->base->db->prepare_cached(
1446	q{
1447	select name from employment where firstday > ?::timestamp and "user" = ?
1448	order by firstday asc
1449	limit 1
1450	}
1451	);
1452	$sth->execute($now, $self->id);
1453	my $res = $sth->fetchrow_hashref;
1454	$sth->finish;
1455	if ($res) {
1456	return $res->{name}
1457	} else {
1458	return;
1459	}
1460	}
1461	},
1462	activeEmployment => {
1463	managed => 1,
1464	ro => 1,
1465	reference => 'employment',
1466	multiple => 1,
1467	get => sub {
1468	my ($attr) = @_;
1469	my $self = $attr->object;
1470
1471	my $now = DateTime->now()->iso8601 . 'Z';
1472
1473	my $sth = $self->base->db->prepare_cached(
1474	q{
1475	select name from employment where (lastday > ?::timestamp or lastday IS NULL) and "user" = ?
1476	order by firstday asc
1477	limit 1
1478	}
1479	);
1480	$sth->execute($now, $self->id);
1481	my @Res;
1482	while (my $res = $sth->fetchrow_hashref) {
1483	push(@Res, $res->{name});
1484	}
1485
1486	return \@Res;
1487	}
1488	},
1489	prevEmployment => {
1490	managed => 1,
1491	ro => 1,
1492	reference => 'employment',
1493	get => sub {
1494	my ($attr) = @_;
1495	my $self = $attr->object;
1496
1497	my $now = DateTime->now()->iso8601 . 'Z';
1498
1499	my $sth = $self->base->db->prepare_cached(
1500	q{
1501	select name from employment where
1502	(lastday is not null and lastday <= ?::timestamp - '1 days'::interval) and "user" = ?
1503	order by firstday desc
1504	limit 1
1505	}
1506	);
1507	$sth->execute($now, $self->id);
1508	my $res = $sth->fetchrow_hashref;
1509	$sth->finish;
1510	if ($res) {
1511	return $res->{name}
1512	} else {
1513	return;
1514	}
1515	}
1516	},
1517	appliedEmployement => {
1518	hide => 1,
1519	reference => 'employment',
1520	},
1521	contratTypeHistory => {
1522	reference => 'group',
1523	can_values => sub {
1524	$base->search_objects('group', 'sutype=contrattype')
1525	},
1526	multiple => 1,
1527	},
1528	employmentHistory => {
1529	reference => 'employment',
1530	multiple => 1,
1531	ro => 1,
1532	},
1533	hosted => {
1534	formtype => 'CHECKBOX',
1535	label => l('Hosted'),
1536	},
1537	assigned => {
1538	formtype => 'CHECKBOX',
1539	label => l('Assigned'),
1540	},
1541	createRequestId => {
1542	label => l('Account Request id')
1543	},
1544	requestId => {
1545	label => l('Request id'),
1546	},
1547	nationality => {
1548	label => l('Nationality'),
1549	},
1550	nativeCountry => {
1551	label => l('Native country'),
1552	},
1553	firstAidTrainingValidity => {
1554	formtype => 'DATE',
1555	label => l('ValiditÃ© formation SST'),
1556	},
1557	};
1558
1559	my $employmentro = sub {
1560	my $setting = $base->config('employment_lock_user') \|\| 'any';
1561
1562	for ($setting) {
1563	/^always$/ and return 1;
1564	/^never$/ and return 0;
1565
1566	$_[0] or return 0;
1567
1568	/^any$/i and return $_[0]->listEmployment ? 1 : 0;
1569	/^active/i and do {
1570	return $_[0]->_get_c_field('currentEmployment')
1571	? 1
1572	: $_[0]->_get_c_field('nextEmployment') ? 1 : 0;
1573	};
1574	/(\S+)=(\S+)/ and do {
1575	my $attr = $_[0]->_get_c_field($1);
1576	if (defined($attr)) {
1577	if ($2 eq '*') {
1578	return 1;
1579	} elsif($2 eq $attr) {
1580	return 1;
1581	} else {
1582	return 0;
1583	}
1584	} else {
1585	return 0;
1586	}
1587	};
1588	}
1589	return $_[0]->listEmployment ? 1 : 0; # default is any!
1590	};
1591
1592	foreach (_reported_atributes(), qw(department managerContact contratTypeHistory)) {
1593	$attrs->{$_}{ro} = $employmentro;
1594	}
1595
1596	$attrs->{expire}{ro} = sub {
1597	my $expireOn = $base->config('expireOn') \|\| '';
1598	if ($expireOn eq 'never') {
1599	return 0;
1600	}
1601
1602	$employmentro->($_[0]);
1603	};
1604
1605	$class->SUPER::_get_attr_schema($base, $attrs)
1606	}
1607
1608	sub CreateAlias {
1609	my ($class, $base, $name, $for) = @_;
1610
1611	my $stAddAlias = $base->db->prepare_cached(
1612	q{INSERT INTO "user" (name, uidnumber, gidnumber, oalias, oaliascache) values
1613	(?, -nextval('ikey_seq'), ?, ?, ?)}
1614	);
1615
1616	my $ref = $base->_derefObject($class->type, $for);
1617	my $res = $stAddAlias->execute($name, -1, $for, $ref ? $ref->id : undef);
1618	return $res ? 1 : 0;
1619	}
1620
1621	sub _get_state {
1622	my ($self, $state) = @_;
1623	for ($state) {
1624	/^expired$/ and do {
1625	my $attribute = $self->attribute('expire');
1626	$attribute->check_acl('r') or return;
1627	my $sth = $self->db->prepare_cached(
1628	q{ select coalesce(expire < now(), false) as exp from "user"
1629	where "user".name = ?}
1630	);
1631	$sth->execute($self->id);
1632	my $res = $sth->fetchrow_hashref;
1633	$sth->finish;
1634	return $res->{exp} ? 1 : 0;
1635	};
1636	}
1637	}
1638
1639	sub set_fields {
1640	my ($self, %data) = @_;
1641
1642	my $old;
1643	if (exists($data{department})) {
1644	$old = $self->_get_attributes('department');
1645	}
1646
1647	if (($data{department} \|\| '') eq ($old \|\| '')) {
1648	# We do not remove the group, there is no change
1649	$old = undef;
1650	}
1651
1652	if ($old) {
1653	# If the department is no longer a department
1654	# we do nothing
1655	my @names = $self->base->search_objects('group', 'name=' . $old, 'sutype=dpmt');
1656	if (! @names) {
1657	$old = undef;
1658	}
1659	}
1660
1661	my $res = $self->SUPER::set_fields(%data) or return;
1662
1663	if ($self->base->config('remove_old_dpmt') && $old) {
1664	$self->base->log(LA_DEBUG,
1665	"Removing %s from group %s (department change to %s)",
1666	$self->id,
1667	$old,
1668	$data{department} \|\| '');
1669	$self->_delAttributeValue('memberOf', $old) or return;
1670	$res++;
1671	}
1672
1673	$res
1674	}
1675
1676	=head2 listEmployment
1677
1678	Return the ordered list of contract
1679
1680	=cut
1681
1682	sub listEmployment {
1683	my ($self) = @_;
1684
1685	my $sth = $self->base->db->prepare_cached(
1686	q{
1687	select name from employment where "user" = ?
1688	order by lastday desc NULLS first
1689	}
1690	);
1691	$sth->execute($self->id);
1692	my @list = ();
1693	while (my $res = $sth->fetchrow_hashref) {
1694	push(@list, $res->{name});
1695	}
1696
1697	@list
1698	}
1699
1700	sub _reported_atributes { qw(contratType endcircuit hosted assigned requestId company employer) }
1701
1702	=head2 applyCurrentEmployment
1703
1704	Search the current employment is any and apply paramter to user
1705
1706	=cut
1707
1708	sub applyCurrentEmployment {
1709	my ($self) = @_;
1710
1711	# Get current employment name
1712	my $currentempl = $self->get_attributes('currentEmployment') \|\| '';
1713
1714	$self->base->log(
1715	LA_DEBUG,
1716	"Applying Employement %s to user %s",
1717	$currentempl \|\| '(none)',
1718	$self->id
1719	);
1720
1721	if (my $currentemployment = $self->base->get_object('employment', $currentempl)) {
1722
1723	# If an employement apply we set the value to the user object
1724
1725	$self->computeEmploymentDate;
1726
1727	my %attrsets = (
1728	appliedEmployement => $currentemployment->id,
1729	);
1730	foreach my $attr (_reported_atributes(), qw(department managerContact)) {
1731	my $uval = $self->get_attributes($attr) \|\| '';
1732	my $cval = $currentemployment->get_attributes($attr) \|\| '';
1733
1734	if ($attr eq 'managerContact') {
1735	if (!$cval) {
1736	my $dpmt = $currentemployment->get_attributes('department') or last;
1737	my $odmpt = $currentemployment->base->get_object('group', $dpmt) or last;
1738	$cval = $odmpt->get_attributes('managedBy');
1739	}
1740	}
1741
1742	if ($uval ne $cval) {
1743	my $oattr = $currentemployment->base->attribute('user', $attr);
1744	$attrsets{$oattr->iname} = $cval;
1745	}
1746	}
1747
1748	if (keys %attrsets) {
1749	if (my $res = $self->set_fields(%attrsets)) {
1750	$self->ReportChange('Update', 'Attr %s updated to match Employment %s', join(', ', sort keys %attrsets), $currentemployment->id);
1751	return $res;
1752	}
1753	} else {
1754	return 1;
1755	}
1756	} else {
1757	# No current employment, resetting values:
1758
1759	return $self->_resetEmployment;
1760	}
1761
1762	}
1763
1764	# Reset attribute value set by employment
1765	# except managerContact and expire
1766
1767	sub _resetEmployment {
1768	my ($self) = @_;
1769
1770	$self->computeEmploymentDate;
1771
1772	my %changes = (
1773	appliedEmployement => undef,
1774	);
1775
1776	my @attributesToReset = (_reported_atributes(), qw(department));
1777
1778	foreach my $attr (@attributesToReset) {
1779	my $default = $self->base->config("unemployment.$attr") \|\| '';
1780	my $old = $self->_get_attributes($attr) \|\| '';
1781
1782	if ($old ne $default) {
1783	$changes{$attr} = $default \|\| undef;
1784	}
1785	}
1786
1787	if(!$self->get_attributes('managerContact')) {
1788	if (my $next = $self->_get_attributes('nextEmployment')) {
1789	my $onext = $self->base->get_object('employment', $next);
1790	$changes{'manager'} = $onext->_get_attributes('managerContact');
1791	}
1792	}
1793
1794	# Managing expire:
1795	# If we found next status apply, keep it for expiration
1796	# Otherwise we reset to previous end of status
1797
1798	if (my $expire = $self->_computeEndEmployment($self->base->config('employment_delay') \|\| 0)) {
1799	$changes{ 'expire' } = $expire;
1800	} elsif (my $prevEmployment = $self->_get_attributes('prevEmployment')) {
1801	my $oprev = $self->base->get_object('employment', $prevEmployment);
1802	$changes{ 'expire' } = $oprev->_get_attributes('lastday');
1803	} elsif (($self->base->config('unemployed_expire') \|\|'') ne 'no') {
1804	if (my $def = $self->base->{defattr}{'user.expire'}) {
1805	$changes{ 'expire' } = $def;
1806	}
1807	}
1808
1809
1810	if (%changes) {
1811	if ($self->set_fields(%changes)) {
1812	$self->base->log(LA_NOTICE, "Updating user %s to match unemployment", $self->id);
1813	$self->ReportChange('Update', 'Update %s to match unemployment', join(', ', sort keys %changes));
1814	return 1;
1815	} else {
1816	return 0;
1817	}
1818	} else {
1819	return 1;
1820	}
1821
1822	}
1823
1824	=head2 computeEmploymentDate
1825
1826	Compute and copy to user start and end employment date
1827
1828	=cut
1829
1830	sub computeEmploymentDate {
1831	my ($self) = @_;
1832
1833	my $currentemployment = $self->get_attributes('currentEmployment') \|\| '';
1834
1835	my $expire = str2time($self->_get_attributes('expire') \|\| '1970-01-01T00:00:00');
1836
1837	my %changes;
1838	my @employmentDate = qw(
1839	endEmployment endStrictEmployment endCurrentEmployment endLastEmployment
1840	startEmployment startStrictEmployment startCurrentEmployment startFirstEmployment
1841	arrival departure
1842	);
1843	foreach (@employmentDate) {
1844	my $old = $self->_get_attributes($_) \|\| '';
1845	my $new = $self->_get_attributes("_$_") \|\| '';
1846	if ($old ne $new) {
1847	$changes{$_} = $new \|\| undef;
1848	}
1849	}
1850
1851	# If there is no current employment we try to find any to not let expire
1852	# unset
1853
1854	my $expireOn = $self->base->config('expireOn') \|\| '';
1855	if (!grep { $_ eq $expireOn } (@employmentDate, '', 'never')) {
1856	$self->base->log(LA_ERR, "expireOn set to invalid parameter %s, using endEmployment instead", $expireOn);
1857	$expireOn = undef;
1858	}
1859	$expireOn \|\|= 'endEmployment';
1860
1861	# We check if matching start exists to know if using end* for expiration is
1862	# safe, even undef
1863	my %end2start = (
1864	endEmployment => 'startEmployment',
1865	endStrictEmployment => 'startStrictEmployment',
1866	endCurrentEmployment => 'startCurrentEmployment',
1867	endLastEmployment => 'startFirstEmployment',
1868	);
1869
1870	# TODO rework this, working code but bloat
1871	if ($expireOn ne 'never') {
1872	my $endemploy = '';
1873	if ($self->_get_attributes("_$end2start{$expireOn}")) {
1874	$endemploy = $self->_get_attributes("_$expireOn") \|\| '';
1875	$endemploy \|\|= 'UNCHANGED' unless($currentemployment);
1876	} elsif (($self->base->config('unemployed_expire') \|\|'') eq 'no') {
1877	$endemploy = '';
1878	} else {
1879	# No expiration date apply, don't touch
1880	$endemploy = 'UNCHANGED';
1881	}
1882
1883	if ($endemploy ne 'UNCHANGED') {
1884	my $nextexpire = str2time( $endemploy \|\| '1970-01-01T00:00:00' );
1885
1886	if ($expire != $nextexpire) {
1887	$changes{expire} = $endemploy;
1888	}
1889	}
1890	}
1891
1892	if (keys %changes) {
1893	$self->base->log(LA_DEBUG, 'Applying employment state to user %s for field %s', $self->id, join(', ', keys %changes));
1894	$self->ReportChange('Update', 'Update %s to match employment', join(', ', sort keys %changes));
1895	if (exists($changes{expire})) {
1896	$self->ReportChange('Update', 'Expire update to %s to match employment', ($changes{expire} \|\| '(none)'));
1897	$self->base->log(LA_DEBUG, 'New expiration is %s for user %s', ($changes{expire} \|\| '(none)'), $self->id);
1898	}
1899	$self->set_fields(%changes);
1900	} else {
1901	$self->base->log(LA_DEBUG, 'No employment change for user %s', $self->id);
1902	}
1903
1904	$self->_computeEmploymentHistory();
1905
1906	return 1;
1907	}
1908
1909	sub _computeStartEmployment {
1910	my ($self, $delay, $any, $workday) = @_;
1911
1912	$delay \|\|= 0;
1913	my $start;
1914	my $nstart;
1915
1916	if (my $next = $self->_get_attributes('nextEmployment')) {
1917	my $onext = $self->base->get_object('employment', $next);
1918	$nstart = DateTime->from_epoch(epoch => str2time($onext->_get_attributes('firstday')));
1919	$nstart->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
1920	}
1921
1922	my $list_empl = $self->base->db->prepare_cached(q{
1923	SELECT *, (lastday is null or lastday >= now() - '1days'::interval) as "current" FROM employment
1924	WHERE "user" = ? and firstday < now()
1925	order by firstday desc
1926	});
1927	$list_empl->execute($self->id);
1928
1929	while (my $res = $list_empl->fetchrow_hashref) {
1930	if ($res->{current}) {
1931	} elsif ($nstart) {
1932	my $prevend = DateTime->from_epoch(epoch => str2time($res->{lastday}));
1933	$prevend->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
1934	my $tstart = $nstart->clone;
1935	$tstart->subtract(days => $delay + 1);
1936	if ($tstart->ymd gt $prevend->ymd) {
1937	last;
1938	}
1939	} elsif ((!$res->{current}) && (!$any)) {
1940	last;
1941	}
1942	$nstart = DateTime->from_epoch(epoch => str2time($res->{firstday}));
1943	$nstart->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
1944	$start = $nstart->clone;
1945	}
1946	$list_empl->finish;
1947
1948	$start \|\|= $nstart if ($any);
1949
1950	if ($start) {
1951	if ($workday) {
1952	my $day_of_week = $start->day_of_week;
1953	$start->add(days =>
1954	$day_of_week == 6 ? 2 :
1955	$day_of_week == 7 ? 1 : 0
1956	);
1957	}
1958	}
1959
1960	return $start ? $start->iso8601 : undef
1961	}
1962
1963	sub _computeEndEmployment {
1964	my ($self, $delay, $any, $workday) = @_;
1965
1966	$delay \|\|= 0;
1967	my $end;
1968	my $pend;
1969
1970	if (my $prev = $self->_get_attributes('prevEmployment')) {
1971	my $oprev = $self->base->get_object('employment', $prev);
1972	$pend = DateTime->from_epoch(epoch => str2time($oprev->_get_attributes('lastday')));
1973	$pend->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
1974	$pend->add(hours => 23, minutes => 59, seconds => 59);
1975	}
1976
1977	my $list_empl = $self->base->db->prepare_cached(q{
1978	SELECT *, firstday <= now() as "current" FROM employment WHERE "user" = ? and
1979	(lastday is null or lastday >= now() - '1 days'::interval)
1980	order by firstday asc
1981	});
1982	$list_empl->execute($self->id);
1983	while (my $res = $list_empl->fetchrow_hashref) {
1984	if (!$res->{lastday}) {
1985	# Ultimate employment.
1986	$list_empl->finish;
1987	return undef;
1988	}
1989	if ($res->{current}) {
1990	} elsif ($end) {
1991	my $nextstart = DateTime->from_epoch(epoch => str2time($res->{firstday}));
1992	$nextstart->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
1993	my $tend = $end->clone;
1994	$tend->add(days => $delay + 1);
1995	if ($tend->ymd lt $nextstart->ymd) {
1996	last;
1997	}
1998	} elsif ($pend) {
1999	my $nextstart = DateTime->from_epoch(epoch => str2time($res->{firstday}));
2000	$nextstart->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
2001	my $tend = $pend->clone;
2002	$tend->add(days => $delay + 1);
2003	if ($tend->ymd lt $nextstart->ymd) {
2004	last;
2005	}
2006	$end = $tend
2007	} elsif ((!$res->{current}) && (!$any)) {
2008	last;
2009	}
2010	$end = DateTime->from_epoch(epoch => str2time($res->{lastday}));
2011	$end->set_time_zone( DateTime::TimeZone->new( name => 'local' ) );
2012	$end->add(hours => 23, minutes => 59, seconds => 59);
2013	}
2014	$list_empl->finish;
2015
2016	$end \|\|= $pend if($any);
2017
2018	if ($end) {
2019	if ($workday) {
2020	my $day_of_week = $end->day_of_week;
2021	$end->subtract(days =>
2022	$day_of_week == 7 ? 2 :
2023	$day_of_week == 6 ? 1 : 0
2024	);
2025	}
2026	}
2027
2028	return $end ? $end->iso8601 : undef
2029	}
2030
2031	# Compute a summary of employement and store the value
2032	# into an attribute
2033
2034	sub _computeEmploymentHistory {
2035	my ($self) = @_;
2036
2037	my %changes;
2038
2039	{
2040	my $sth = $self->db->prepare_cached(q{
2041	select employment.name from employment
2042	where "user" = ? and employment.firstday < now()
2043	});
2044	$sth->execute($self->id);
2045	my @values;
2046	while (my $res = $sth->fetchrow_hashref) {
2047	push(@values, $res->{name});
2048	}
2049	$changes{"employmentHistory"} = \@values;
2050	}
2051
2052	foreach my $attribute (qw(contratType)) {
2053	my $sth = $self->db->prepare_cached(q{
2054	select employment_attributes.value from employment
2055	join employment_attributes
2056	on employment.ikey = employment_attributes.okey
2057	where "user" = ? and employment_attributes.attr = ?
2058	and employment.firstday < now()
2059	group by employment_attributes.value
2060	});
2061	$sth->execute($self->id, $attribute);
2062	my @values;
2063	while (my $res = $sth->fetchrow_hashref) {
2064	push(@values, $res->{value});
2065	}
2066	$changes{$attribute . "History"} = \@values;
2067	}
2068
2069	$self->set_fields(%changes);
2070	}
2071
2072	=head2 storeBannedPassword($epassword)
2073
2074	Add an encrypted password to untrust list
2075
2076	=cut
2077
2078	sub storeBannedPassword {
2079	my ($self, $EncPass) = @_;
2080
2081	my @banned = sort { $b cmp $a } $self->_get_attributes('bannedPassword');
2082	my $now = DateTime->now;
2083	unshift(@banned, $now->iso8601 . ';' . $EncPass);
2084	$self->set_fields('bannedPassword', [ grep { $_ } @banned ]);
2085
2086	}
2087
2088	=head2 banCurrentPassword
2089
2090	Store the current password as banned
2091
2092	=cut
2093
2094	sub banCurrentPassword {
2095	my ($self) = @_;
2096
2097	my $old = $self->get_field('userPassword') or return;
2098	$self->storeBannedPassword($old);
2099	}
2100
2101	sub check_password {
2102	my ( $self, $password ) = @_;
2103
2104	my $res = $self->SUPER::check_password($password);
2105	if ($res !~ /^ok$/) {
2106	return $res;
2107	}
2108
2109	foreach my $banned ($self->_get_attributes('bannedPassword')) {
2110	my ($date, $oldPassword) = $banned =~ /^([^;]);(.)/;
2111	if (crypt($password, $oldPassword) eq $oldPassword) {
2112	return "Banned password, cannot be used anymore";
2113	}
2114	}
2115
2116	return 'ok';
2117	}
2118
2119	sub _set_password {
2120	my ($self, $clear_pass) = @_;
2121	if (my $attr = $self->base->attribute($self->type, 'userPassword')) {
2122	my $field = $attr->iname;
2123
2124	# Storing as old password
2125	my @olds = sort { $b cmp $a } $self->_get_attributes('oldPassword');
2126	if (my $old = $self->get_field('userPassword')) {
2127	my $now = DateTime->now;
2128	unshift(@olds, $now->iso8601 . ';' . $old);
2129	$self->set_fields('oldPassword', [ grep { $_ } @olds[0 .. 14] ]);
2130	}
2131
2132	my $res = $self->set_fields($field, $self->base->passCrypt($clear_pass));
2133	if ($res) {
2134	if ($self->base->get_global_value('rsa_public_key')) {
2135	$self->setCryptPassword($clear_pass) or return;
2136	}
2137	}
2138
2139	$self->set_fields('passwordLastSet', DateTime->now->datetime);
2140	$self->base->log(LA_NOTICE,
2141	'Mot de passe changÃ© pour %s',
2142	$self->id
2143	);
2144
2145
2146	return $res;
2147	} else {
2148	$self->log(LA_WARN,
2149	"Cannot set password: userPassword attributes is unsupported");
2150	}
2151	}
2152
2153	=head2 setCryptPassword($clear_pass)
2154
2155	Store password encrypted using RSA encryption.
2156
2157	=cut
2158
2159	sub setCryptPassword {
2160	my ($self, $clear_pass) = @_;
2161	if (my $serialize = $self->base->get_global_value('rsa_public_key')) {
2162	my $public = Crypt::RSA::Key::Public->new;
2163	$public = $public->deserialize(String => [ $serialize ]);
2164	my $rsa = new Crypt::RSA ES => 'PKCS1v15';
2165	my $rsa_password = $rsa->encrypt (
2166	Message => $clear_pass,
2167	Key => $public,
2168	Armour => 1,
2169	) \|\| die $rsa->errstr();
2170	if (!$self->_set_c_fields('encryptedPassword', $rsa_password)) {
2171	$self->log(LA_ERR,
2172	"Cannot set 'encryptedPassword' attribute for object %s/%s",
2173	$self->type, $self->id,
2174	);
2175	return;
2176	}
2177	}
2178	$self->ReportChange('Password', 'Password stored using internal key');
2179	return 1;
2180	}
2181
2182	=head2 _InjectCryptPasswd($cryptpasswd)
2183
2184	Inject a password encrypted using standard UNIX method.
2185
2186	The passwrod will be used to authenticate user inside the application but it
2187	will not be transmit to any other database.
2188
2189	=cut
2190
2191	sub _InjectCryptPasswd {
2192	my ($self, $cryptpasswd) = @_;
2193
2194	if (my $current = $self->get_field('userPassword')) {
2195	if ($cryptpasswd eq $current) {
2196	return 1;
2197	}
2198	}
2199	my $res = $self->set_fields('userPassword', $cryptpasswd);
2200
2201	if ($res) {
2202	$self->base->log(LA_NOTICE, 'Crypted password injected for %s', $self->id);
2203	return 1;
2204	} else {
2205	$self->base->log(LA_ERR, 'Cannot inject crypted password for %s', $self->id);
2206	return 0;
2207	}
2208	}
2209
2210	=head2 GenPasswordResetId
2211
2212	Return a new id allowing passowrd reset
2213
2214	=cut
2215
2216	sub GenPasswordResetId {
2217	my ($self) = @_;
2218
2219	my $id = LATMOS::Accounts::Utils::genpassword(length => 32);
2220
2221	my $sth = $self->base->db->prepare_cached(q{
2222	INSERT INTO passwordreset (id, "user") values (?,?)
2223	});
2224
2225	if ($sth->execute($id, $self->id)) {
2226	return $id;
2227	} else {
2228	return;
2229	}
2230	}
2231
2232	=head2 SendPasswordReset($url)
2233
2234	Generate a password reset Id and the to the user.
2235
2236	C<$url> is the URL where the password can changed (printf forward, the %s is
2237	replaced by the request id)
2238
2239	=cut
2240
2241	sub SendPasswordReset {
2242	my ($self, $url) = @_;
2243
2244	my $id = $self->GenPasswordResetId;
2245
2246	my $mail = $self->_get_attributes('mail') or do {
2247	$self->base->log(LA_ERR, "Cannot sent reset password mail: no mail found");
2248	return;
2249	};
2250
2251	my $MailSubject = $self->base->la->val('_default_', 'mailSubject', 'LATMOS::Accounts');
2252
2253	my %mail = (
2254	Subject => "$MailSubject: pasword reset",
2255	'X-LATMOS-Reason' => 'Password Reset',
2256	to => $mail,
2257	);
2258
2259	if (my $otherEmail = $self->_get_attributes('otherEmail')) {
2260	$mail{cc} = $otherEmail;
2261	}
2262
2263	my $vars = {
2264	url => sprintf($url, $id),
2265	};
2266	$vars->{id} = $id;
2267	$vars->{obj} = $self;
2268
2269	my $lamail = LATMOS::Accounts::Mail->new(
2270	$self->base->la,
2271	'passwordreset.mail',
2272	);
2273
2274	if ($lamail->process(\%mail, $vars)) {
2275	$self->base->log(LA_NOTICE,
2276	"Reset password sent to %s for user %s",
2277	$mail{to},
2278	$self->id,
2279	);
2280	return 1;
2281	} else {
2282	return;
2283	}
2284
2285	}
2286
2287	=head2 CheckPasswordResetId($id)
2288
2289	Return True if the reset password ID can be found and is less than one day old
2290
2291	=cut
2292
2293	sub CheckPasswordResetId {
2294	my ($self, $id) = @_;
2295
2296	my $sth = $self->base->db->prepare_cached(q{
2297	SELECT * FROM passwordreset WHERE
2298	"user" = ? and
2299	id = ? and
2300	"create" >= now() - '1 days'::interval
2301	});
2302	$sth->execute($self->id, $id);
2303
2304	my $res = $sth->fetchrow_hashref;
2305	$sth->finish;
2306
2307	return $res ? 1 : 0;
2308	}
2309
2310	=head2 DeletePasswordId($id)
2311
2312	Delete password reset C<$id> and all expired request
2313
2314	=cut
2315
2316	sub DeletePasswordId {
2317	my ($self, $id) = @_;
2318
2319	my $sth = $self->base->db->prepare_cached(q{
2320	DELETE FROM passwordreset WHERE
2321	"user" = ? AND (id = ? or "create" < now() - '1 days'::interval)
2322	});
2323
2324	$sth->execute($self->id, $id);
2325	}
2326
2327	1;
2328
2329	__END__
2330
2331	=head1 SEE ALSO
2332
2333	=head1 AUTHOR
2334
2335	Olivier Thauvin, E<lt>olivier.thauvin@latmos.ipsl.frE<gt>
2336
2337	=head1 COPYRIGHT AND LICENSE
2338
2339	Copyright (C) 2008, 2009 CNRS SA/CETP/LATMOS
2340
2341	This library is free software; you can redistribute it and/or modify
2342	it under the same terms as Perl itself, either Perl version 5.10.0 or,
2343	at your option, any later version of Perl 5 you may have available.
2344
2345	=cut

Note: See TracBrowser for help on using the repository browser.

Download in other formats: