comanage-dev - [comanage-dev] r461 - in registry/trunk/app: Config/Schema Controller Lib Model Plugin/LdapProvisioner/Config/Schema Plugin/LdapProvisioner/Controller Plugin/LdapProvisioner/Lib Plugin/LdapProvisioner/Model Plugin/LdapProvisioner/View/CoLdapProvisionerTargets View/CoPeople View/CoProvisioningTargets View/CoProvisioningTargets/json View/CoProvisioningTargets/xml View/Elements View/Layouts

Subject: COmanage Developers List

List archive

[comanage-dev] r461 - in registry/trunk/app: Config/Schema Controller Lib Model Plugin/LdapProvisioner/Config/Schema Plugin/LdapProvisioner/Controller Plugin/LdapProvisioner/Lib Plugin/LdapProvisioner/Model Plugin/LdapProvisioner/View/CoLdapProvisionerTargets View/CoPeople View/CoProvisioningTargets View/CoProvisioningTargets/json View/CoProvisioningTargets/xml View/Elements View/Layouts

From:
To:
Subject: [comanage-dev] r461 - in registry/trunk/app: Config/Schema Controller Lib Model Plugin/LdapProvisioner/Config/Schema Plugin/LdapProvisioner/Controller Plugin/LdapProvisioner/Lib Plugin/LdapProvisioner/Model Plugin/LdapProvisioner/View/CoLdapProvisionerTargets View/CoPeople View/CoProvisioningTargets View/CoProvisioningTargets/json View/CoProvisioningTargets/xml View/Elements View/Layouts
Date: Sun, 24 Feb 2013 09:00:52 -0500
Authentication-results: sfpop-ironport05.merit.edu; dkim=neutral (message not signed) header.i=none

Author: benno
Date: 2013-02-24 09:00:52 -0500 (Sun, 24 Feb 2013)
New Revision: 461

Added:
registry/trunk/app/Model/CoProvisionerPluginTarget.php
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerDn.php
registry/trunk/app/View/CoPeople/provision.ctp
registry/trunk/app/View/CoProvisioningTargets/json/
registry/trunk/app/View/CoProvisioningTargets/json/provision.ctp
registry/trunk/app/View/CoProvisioningTargets/xml/
registry/trunk/app/View/CoProvisioningTargets/xml/provision.ctp
Removed:

registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/add.ctp
Modified:
registry/trunk/app/Config/Schema/schema.xml
registry/trunk/app/Controller/CoPeopleController.php
registry/trunk/app/Controller/CoProvisioningTargetsController.php
registry/trunk/app/Lib/enum.php
registry/trunk/app/Lib/lang.php
registry/trunk/app/Model/AppModel.php
registry/trunk/app/Model/Co.php
registry/trunk/app/Model/CoPerson.php
registry/trunk/app/Model/CoProvisioningTarget.php
registry/trunk/app/Plugin/LdapProvisioner/Config/Schema/schema.xml

registry/trunk/app/Plugin/LdapProvisioner/Controller/CoLdapProvisionerTargetsController.php
registry/trunk/app/Plugin/LdapProvisioner/Lib/lang.php
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php
registry/trunk/app/Plugin/LdapProvisioner/Model/LdapProvisioner.php

registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/fields.inc
registry/trunk/app/View/CoPeople/fields.inc
registry/trunk/app/View/CoProvisioningTargets/fields.inc
registry/trunk/app/View/CoProvisioningTargets/index.ctp
registry/trunk/app/View/Elements/dropMenu.ctp
registry/trunk/app/View/Layouts/default.ctp
Log:
Initial LDAP provisioning plugin (CO-40) and supporting infrastructure
(CO-188)

Modified: registry/trunk/app/Config/Schema/schema.xml
===================================================================
--- registry/trunk/app/Config/Schema/schema.xml 2013-02-23 14:33:41 UTC (rev
460)
+++ registry/trunk/app/Config/Schema/schema.xml 2013-02-24 14:00:52 UTC (rev
461)
@@ -802,7 +802,9 @@
<field name="created" type="T" />
<field name="modified" type="T" />

- 
+ <index name="co_provisioning_targets_i1">
+ <col>co_id</col>
+ </index>
</table>

<table name="co_provisioning_queued_events">

Modified: registry/trunk/app/Controller/CoPeopleController.php
===================================================================
--- registry/trunk/app/Controller/CoPeopleController.php 2013-02-23
14:33:41 UTC (rev 460)
+++ registry/trunk/app/Controller/CoPeopleController.php 2013-02-24
14:00:52 UTC (rev 461)
@@ -100,6 +100,7 @@

$this->set('co_identifier_assignments',
$this->Co->CoIdentifierAssignment->find('all', $args));
}
+
parent::beforeRender();
}

@@ -524,6 +525,10 @@
|| $p['match_policy'] ==
EnrollmentMatchPolicyEnum::Automatic));
}

+ // (Re)provision an existing CO Person?
+ $p['provision'] = ($roles['cmadmin']
+ || ($managed && ($roles['coadmin'] ||
$roles['couadmin'])));
+
// View an existing CO Person?
$p['view'] = ($roles['cmadmin']
|| ($managed && ($roles['coadmin'] || $roles['couadmin']))
@@ -598,6 +603,26 @@
}

/**
+ * Obtain provisioning status for CO Person
+ *
+ * @param integer CO Person ID
+ * @since COmanage Registry v0.8
+ */
+
+ function provision($id) {
+ if(!$this->restful) {
+ // Pull some data for the view to be able to render
+ $this->set('co_provisioning_status',
$this->CoPerson->provisioningStatus($id));
+
+ $args = array();
+ $args['conditions']['CoPerson.id'] = $id;
+ $args['contain'][] = 'Name';
+
+ $this->set('co_person', $this->CoPerson->find('first', $args));
+ }
+ }
+
+ /**
* Regenerate a form after validation/save fails.
* - postcondition: Redirect generated
*

Modified: registry/trunk/app/Controller/CoProvisioningTargetsController.php
===================================================================
--- registry/trunk/app/Controller/CoProvisioningTargetsController.php
2013-02-23 14:33:41 UTC (rev 460)
+++ registry/trunk/app/Controller/CoProvisioningTargetsController.php
2013-02-24 14:00:52 UTC (rev 461)
@@ -84,10 +84,9 @@
foreach(array_values($plugins) as $plugin) {
$model = "Co" . $plugin . "Target";

- if(isset($this->CoProvisioningTarget->data[$model][0]['id'])) {
+ if(!empty($this->CoProvisioningTarget->data[$model]['id'])) {
$this->loadModel($plugin . "." . $model);
-
-
$this->$model->delete($this->CoProvisioningTarget->data[$model][0]['id']);
+
$this->$model->delete($this->CoProvisioningTarget->data[$model]['id']);
}
}

@@ -95,6 +94,39 @@
}

/**
+ * Perform any followups following a write operation. Note that if this
+ * method fails, it must return a warning or REST response, but that the
+ * overall transaction is still considered a success (add/edit is not
+ * rolled back).
+ * This method is intended to be overridden by model-specific controllers.
+ *
+ * @since COmanage Registry v0.8
+ * @param Array Request data
+ * @param Array Current data
+ * @return boolean true if dependency checks succeed, false otherwise.
+ */
+
+ function checkWriteFollowups($reqdata, $curdata = null) {
+ // Create an instance of the plugin provisioning target. We do this here
to avoid
+ // an inconsistent state where the co_provisioning_target is created
without a
+ // corresponding plugin record.
+
+ $pluginName = $reqdata['CoProvisioningTarget']['plugin'];
+ $modelName = 'Co'. $pluginName . 'Target';
+ $pluginModelName = $pluginName . "." . $modelName;
+
+ $target = array();
+ $target[$modelName]['co_provisioning_target_id'] =
$this->CoProvisioningTarget->id;
+
+ // Note that we have to disable validation because we want to create an
empty row.
+ $this->loadModel($pluginModelName);
+ $this->$modelName->save($target, false);
+ $this->_targetid = $this->$modelName->id;
+
+ return true;
+ }
+
+ /**
* Authorization for this Controller, called by Auth component
* - precondition: Session.Auth holds data used for authz decisions
* - postcondition: $permissions set with calculated permissions
@@ -106,6 +138,17 @@
function isAuthorized() {
$roles = $this->Role->calculateCMRoles();

+ // Is this a record we can manage?
+ $managed = false;
+
+ if(isset($roles['copersonid'])
+ && $roles['copersonid']
+ && isset($this->request->params['named']['copersonid'])
+ && $this->action == 'provision') {
+ $managed = $this->Role->isCoOrCouAdminForCoPerson($roles['copersonid'],
+
$this->request->params['named']['copersonid']);
+ }
+
// Construct the permission set for this user, which will also be passed
to the view.
$p = array();

@@ -123,6 +166,10 @@
// View all existing CO Provisioning Targets?
$p['index'] = ($roles['cmadmin'] || $roles['coadmin']);

+ // (Re)provision an existing CO Person?
+ $p['provision'] = ($roles['cmadmin']
+ || ($managed && ($roles['coadmin'] ||
$roles['couadmin'])));
+
// View an existing CO Provisioning Target?
$p['view'] = ($roles['cmadmin'] || $roles['coadmin']);

@@ -141,18 +188,111 @@
if($this->action == 'add' &&
!empty($this->request->data['CoProvisioningTarget']['plugin'])) {
// Redirect to the appropriate plugin to set up whatever it wants

- $plugin =
Inflector::underscore(Sanitize::html($this->request->data['CoProvisioningTarget']['plugin']));
+ $pluginName =
Sanitize::html($this->request->data['CoProvisioningTarget']['plugin']);
+ $modelName = 'Co'. $pluginName . 'Target';
+ $pluginModelName = $pluginName . "." . $modelName;

$target = array();
- $target['plugin'] = $plugin;
- $target['controller'] = "co_" . $plugin . "_targets";
- $target['action'] = 'add';
+ $target['plugin'] = Inflector::underscore($pluginName);
+ $target['controller'] = Inflector::tableize($modelName);
+ $target['action'] = 'edit';
+ $target[] = $this->_targetid;
$target['co'] = $this->cur_co['Co']['id'];
- $target['ptid'] = $this->CoProvisioningTarget->id;

$this->redirect($target);
} else {
parent::performRedirect();
}
}
+
+ /**
+ * Execute (re)provisioning for the specified CO Person.
+ * - precondition: CO Person ID passed via named parameter
+ * - postcondition: Provisioning queued or executed
+ *
+ * @param integer CO Provisioning Target ID
+ * @since COmanage Registry v0.8
+ */
+
+ function provision($id) {
+ if($this->restful) {
+ if(!empty($this->request->params['named']['copersonid'])) {
+ // Find the associated Provisioning Target record
+
+ $args = array();
+ $args['conditions']['CoProvisioningTarget.id'] = $id;
+ // Since beforeFilter bound all the plugins, this find will pull the
related
+ // models as well. However, to reduce the number of database queries
should a
+ // large number of plugins be installed, we'll use containable
behavior and
+ // make a second call for the plugin we want.
+ $args['contain'] = false;
+
+ $copt = $this->CoProvisioningTarget->find('first', $args);
+
+ if(!empty($copt['CoProvisioningTarget']['plugin'])) {
+ $pluginName = $copt['CoProvisioningTarget']['plugin'];
+ $modelName = 'Co'. $pluginName . 'Target';
+ $pluginModelName = $pluginName . "." . $modelName;
+
+ // We need to manually attach the model, although if we weren't
using containable
+ // the above find would have done this automatically for us (under
$this->CoProvisioningTarget).
+ $this->loadModel($pluginModelName);
+
+ $args = array();
+ $args['conditions'][$modelName.'.co_provisioning_target_id'] = $id;
+ $args['contain'] = false;
+
+ $pluginTarget = $this->$modelName->find('first', $args);
+
+ if(!empty($pluginTarget)) {
+ $args = array();
+ $args['conditions']['CoPerson.id'] =
$this->request->params['named']['copersonid'];
+ // Only pull related models relevant for provisioning
+ $args['contain'] = array(
+ 'Co',
+ 'CoGroupMember',
+ 'CoOrgIdentityLink',
+ 'CoPersonRole',
+ 'CoPersonRole.Address',
+ 'CoPersonRole.Cou',
+ 'CoPersonRole.TelephoneNumber',
+ 'EmailAddress',
+ 'Identifier',
+ 'Name'
+ );
+
+ $coPersonData =
$this->CoProvisioningTarget->Co->CoPerson->find('first', $args);
+
+ if(!empty($coPersonData)) {
+ try {
+ $this->$modelName->provision($pluginTarget,
+
ProvisioningActionEnum::CoPersonReprovisionRequested,
+ $coPersonData);
+
+
$this->CoProvisioningTarget->Co->CoPerson->HistoryRecord->record(
+ $coPersonData['CoPerson']['id'],
+ null,
+ null,
+ $this->Session->read('Auth.User.co_person_id'),
+ ActionEnum::CoPersonManuallyProvisioned,
+ _txt('rs.prov-a',
array($copt['CoProvisioningTarget']['description']))
+ );
+ }
+ catch(RuntimeException $e) {
+ $this->restResultHeader(500, $e->getMessage());
+ }
+ } else {
+ $this->restResultHeader(404, "CoPerson Not Found");
+ }
+ } else {
+ $this->restResultHeader(404, "CoProvisioningTarget Not Found");
+ }
+ } else {
+ $this->restResultHeader(404, "CoProvisioningTarget Not Found");
+ }
+ } else {
+ $this->restResultHeader(404, "CoPerson Not Found");
+ }
+ }
+ }
}

Modified: registry/trunk/app/Lib/enum.php
===================================================================
--- registry/trunk/app/Lib/enum.php 2013-02-23 14:33:41 UTC (rev 460)
+++ registry/trunk/app/Lib/enum.php 2013-02-24 14:00:52 UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry Enumerations
*
- * Copyright (C) 2010-12 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2010-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2010-12 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2010-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry
* @since COmanage Registry v0.1
@@ -25,27 +25,29 @@
class ActionEnum
{
// Codes beginning with 'X' (eg: 'XABC') are reserved for local use
- const CoPersonAddedManual = 'ACPM';
- const CoPersonAddedPetition = 'ACPP';
- const CoPersonEditedManual = 'ECPM';
- const CoPersonEditedPetition = 'ECPP';
- const CoPersonMatchedPetition = 'MCPP';
- const CoPersonRoleAddedManual = 'ACRM';
- const CoPersonRoleAddedPetition = 'ACRP';
- const CoPersonRoleDeletedManual = 'DCRM';
- const CoPersonRoleEditedManual = 'ECRM';
- const CoPersonRoleEditedPetition = 'ECRP';
- const CoPersonOrgIdLinked = 'LOCP';
- const CoPersonOrgIdUnlinked = 'UOCP';
- const EmailAddressVerified = 'EMLV';
- const IdentifierAutoAssigned = 'AIDA';
- const InvitationConfirmed = 'INVC';
- const InvitationDeclined = 'INVD';
- const InvitationSent = 'INVS';
- const OrgIdAddedManual = 'AOIM';
- const OrgIdAddedPetition = 'AOIP';
- const OrgIdEditedManual = 'EOIM';
- const OrgIdEditedPetition = 'EOIP';
+ const CoPersonAddedManual = 'ACPM';
+ const CoPersonAddedPetition = 'ACPP';
+ const CoPersonEditedManual = 'ECPM';
+ const CoPersonEditedPetition = 'ECPP';
+ const CoPersonManuallyProvisioned = 'PCPM';
+ const CoPersonMatchedPetition = 'MCPP';
+ const CoPersonProvisioned = 'PCPA';
+ const CoPersonRoleAddedManual = 'ACRM';
+ const CoPersonRoleAddedPetition = 'ACRP';
+ const CoPersonRoleDeletedManual = 'DCRM';
+ const CoPersonRoleEditedManual = 'ECRM';
+ const CoPersonRoleEditedPetition = 'ECRP';
+ const CoPersonOrgIdLinked = 'LOCP';
+ const CoPersonOrgIdUnlinked = 'UOCP';
+ const EmailAddressVerified = 'EMLV';
+ const IdentifierAutoAssigned = 'AIDA';
+ const InvitationConfirmed = 'INVC';
+ const InvitationDeclined = 'INVD';
+ const InvitationSent = 'INVS';
+ const OrgIdAddedManual = 'AOIM';
+ const OrgIdAddedPetition = 'AOIP';
+ const OrgIdEditedManual = 'EOIM';
+ const OrgIdEditedPetition = 'EOIP';
}

class AdministratorEnum
@@ -230,6 +232,35 @@
const InviteSent = 'IS';
}

+// The status of a provisioning plugin
+class ProvisionerStatusEnum
+{
+ const AutomaticMode = 'A';
+ const Disabled = 'X';
+ const ManualMode = 'M';
+}
+
+// The action for which a plugin may want to act on
+class ProvisioningActionEnum
+{
+ const CoPersonAdded = 'PA';
+ const CoPersonDeleted = 'PD';
+ const CoPersonEnteredGracePeriod = 'PG';
+ const CoPersonExpired = 'PX';
+ const CoPersonReprovisionRequested = 'PR';
+ const CoPersonUnexpired = 'PY';
+ const CoPersonUpdated = 'PU';
+}
+
+// The status of a provisioned target
+class ProvisioningStatusEnum
+{
+ const NotProvisioned = 'N';
+ const Provisioned = 'P';
+ const Queued = 'Q';
+ const Unknown = 'X';
+}
+
class RequiredEnum
{
const Required = 1;

Modified: registry/trunk/app/Lib/lang.php
===================================================================
--- registry/trunk/app/Lib/lang.php 2013-02-23 14:33:41 UTC (rev 460)
+++ registry/trunk/app/Lib/lang.php 2013-02-24 14:00:52 UTC (rev 461)
@@ -113,7 +113,9 @@
ActionEnum::CoPersonAddedPetition => 'CO Person Created
(Petition)',
ActionEnum::CoPersonEditedManual => 'CO Person Edited',
ActionEnum::CoPersonEditedPetition => 'CO Person Edited (Petition)',
+ ActionEnum::CoPersonManuallyProvisioned => 'CO Person Provisioned
(Manual)',
ActionEnum::CoPersonMatchedPetition => 'CO Person Matched
(Petition)',
+ ActionEnum::CoPersonProvisioned => 'CO Person Provisioned',
ActionEnum::CoPersonRoleAddedManual => 'CO Person Role Created
(Manual)',
ActionEnum::CoPersonRoleAddedPetition => 'CO Person Role Created
(Petition)',
ActionEnum::CoPersonRoleDeletedManual => 'CO Person Role Deleted
(Manual)',
@@ -218,7 +220,22 @@
StatusEnum::PendingApproval => 'Pending
Approval',
StatusEnum::PendingConfirmation => 'Pending
Confirmation',
StatusEnum::Suspended => 'Suspended'),
+
+ 'en.status.prov' => array(
+ ProvisionerStatusEnum::AutomaticMode => 'Automatic Mode',
+ ProvisionerStatusEnum::ManualMode => 'Manual Mode',
+ ProvisionerStatusEnum::Disabled => 'Disabled'
+ ),
+
+ 'en.status.prov.desc' => 'In automatic mode, provisioners are called
automatically as needed.<br />In manual mode, an administrator must invoke
the provisioner.',

+ 'en.status.prov.target' => array(
+ ProvisioningStatusEnum::NotProvisioned => 'Not Provisioned',
+ ProvisioningStatusEnum::Provisioned => 'Provisioned',
+ ProvisioningStatusEnum::Queued => 'Queued',
+ ProvisioningStatusEnum::Unknown => 'Unknown'
+ ),
+
// Demographics
'en.nsf.gender' => array(NSFGenderEnum::Female => 'Female',
NSFGenderEnum::Male => 'Male'),
@@ -296,6 +313,7 @@
'er.et.exists' => 'An extended type named "%1$s" already exists',
'er.et.inuse' => 'The extended type "%1$s" is in use by at least one
attribute within this CO and cannot be removed.',
'er.fields' => 'Please recheck the highlighted fields',
+ 'er.file.write' => 'Unable to open "%1$s" for writing',
'er.gr.exists' => 'A group named "%1$s" already exists within the CO',
'er.gr.init' => 'Group created, but failed to set initial
owner/member',
'er.gr.nf' => 'Group %1$s Not Found',
@@ -315,7 +333,10 @@
'er.notprov.id' => '%1$s ID Not Provided',
'er.person.noex' => 'Person does not exist',
'er.person.none' => 'No CO Person, CO Person Role, or Org Identity
specified',
+ 'er.plugin.fail' => 'Failed to load plugin "%1$s"',
'er.plugin.prov.none' => 'There are no suitable plugins available. No
provisioning targets can be added.',
+ // er.prov is a javascript string and so cannot take a parameter
+ 'er.prov' => 'Provisioning failed: ',
'er.pt.status' => 'Change of petition status from %1$s to %2$s is not
permitted',
'er.pt.resend.status' => 'Cannot resend an invitation not in Pending
Confirmation status',
'er.reply.unk' => 'Unknown Reply',
@@ -476,6 +497,7 @@
'fd.perms' => 'Permissions',
'fd.petitioner' => 'Petitioner',
'fd.plugin' => 'Plugin',
+ 'fd.prov.status.for' => 'Provisioning Status for %1$s',
'fd.req' => '* denotes required field',
'fd.required' => 'Required',
'fd.roles' => 'Roles',
@@ -551,6 +573,10 @@
'op.petition' => 'Petition',
'op.petition.create' => 'Create Petition',
'op.proceed.ok' => 'Are you sure you wish to proceed?',
+ 'op.prov' => 'Provision',
+ 'op.prov.confirm' => 'Are you sure you wish to (re)provision this record?',
+ 'op.prov.view' => 'Provisioned Services',
+ 'op.prov.wait' => 'Requesting provisioning, please wait...',
'op.remove' => 'Remove',
'op.save' => 'Save',
'op.select' => 'Select',
@@ -571,6 +597,8 @@
'rs.inv.dec-a' => 'Invitation to %1$s declined',
'rs.inv.sent' => 'Invitation sent to %1$s',
'rs.mail.verified' => 'Email Address "%1$s" verified',
+ 'rs.prov-a' => 'Provisioned %1$s',
+ 'rs.prov.ok' => 'Provisioning completed successfully',
'rs.pt.approve' => 'Petition Approved',
'rs.pt.confirm' => 'Petition Confirmed',
'rs.pt.create' => 'Petition Created',

Modified: registry/trunk/app/Model/AppModel.php
===================================================================
--- registry/trunk/app/Model/AppModel.php 2013-02-23 14:33:41 UTC (rev
460)
+++ registry/trunk/app/Model/AppModel.php 2013-02-24 14:00:52 UTC (rev
461)
@@ -118,6 +118,8 @@
*/

public function findCoForRecord($id) {
+ if($this->alias == 'CakeError') return;
+
// We need to find a corresponding CO ID, which may or may not be
directly in the model.

if(isset($this->validate['co_id'])) {
@@ -170,6 +172,18 @@
&& !empty($copr[ $this->alias ]['org_identity_id'])) {
return null;
}
+ } elseif(isset($this->validate['co_provisioning_target_id'])) {
+ // Provisioning plugins will refer to a provisioning target
+
+ $args = array();
+ $args['conditions'][$this->alias.'.id'] = $id;
+ $args['contain'][] = 'CoProvisioningTarget';
+
+ $copt = $this->find('first', $args);
+
+ if(!empty($copt['CoProvisioningTarget']['co_id'])) {
+ return $copt['CoProvisioningTarget']['co_id'];
+ }
} else {
throw new LogicException(_txt('er.co.fail'));
}

Modified: registry/trunk/app/Model/Co.php
===================================================================
--- registry/trunk/app/Model/Co.php 2013-02-23 14:33:41 UTC (rev 460)
+++ registry/trunk/app/Model/Co.php 2013-02-24 14:00:52 UTC (rev 461)
@@ -45,6 +45,8 @@
"CoPerson" => array('dependent' => true),
// A CO can have zero or more petitions
"CoPetition" => array('dependent' => true),
+ // A CO can have zero or more provisioning targets
+ "CoProvisioningTarget" => array('dependent' => true),
// A CO has zero or more COUs
"Cou" => array('dependent' => true),
// A CO has zero or more OrgIdentities, depending on if they are pooled.

Modified: registry/trunk/app/Model/CoPerson.php
===================================================================
--- registry/trunk/app/Model/CoPerson.php 2013-02-23 14:33:41 UTC (rev
460)
+++ registry/trunk/app/Model/CoPerson.php 2013-02-24 14:00:52 UTC (rev
461)
@@ -314,6 +314,84 @@
}

/**
+ * (Re)Provision a CO Person.
+ *
+ * @since COmanage Registry v0.8
+ * @param Integer CO Person ID to provision
+ * @throws InvalidArgumentException
+ */
+
+ public function provision($coPersonId) {
+ // Pull the CO Person record and related data for provisioning.
+ // For now, all provisioning modules get the whole ball of data.
+
+ $args = array();
+ $args['conditions']['CoPerson.id'] = $coPersonId;
+
+ $coperson = $this->find('first', $args);
+
+ if(!empty($coperson)) {
+ // XXX next: UI calls /provision
+ // Pull list of provisioning modules and invoke, passing $coperson
+
+// debug($coperson);
+ } else {
+ throw new InvalidArgumentException(_txt('er.cop.unk'));
+ }
+
+ // Find the CO Provisioning targets for this CO
+ }
+
+ /**
+ * Determine the current status of the provisioning targets for this CO
Person.
+ *
+ * @since COmanage Registry v0.8
+ * @param Integer CO Person ID
+ * @return Array Current status of provisioning targets
+ * @throws RuntimeException
+ */
+
+ public function provisioningStatus($coPersonId) {
+ // First, obtain the list of active provisioning targets for this
person's CO.
+
+ $args = array();
+ $args['joins'][0]['table'] = 'co_people';
+ $args['joins'][0]['alias'] = 'CoPerson';
+ $args['joins'][0]['type'] = 'INNER';
+ $args['joins'][0]['conditions'][0] =
'CoPerson.co_id=CoProvisioningTarget.co_id';
+ $args['conditions']['CoPerson.id'] = $coPersonId;
+ $args['conditions']['CoProvisioningTarget.status !='] =
ProvisionerStatusEnum::Disabled;
+ $args['contain'] = false;
+
+ $targets = $this->Co->CoProvisioningTarget->find('all', $args);
+
+ if(!empty($targets)) {
+ // Next, for each target ask the relevant plugin for the status for
this person.
+
+ // We may end up querying the same Plugin more than once, so maintain
a cache.
+ $plugins = array();
+
+ for($i = 0;$i < count($targets);$i++) {
+ $pluginModelName = $targets[$i]['CoProvisioningTarget']['plugin']
+ . ".Co" .
$targets[$i]['CoProvisioningTarget']['plugin'] . "Target";
+
+ if(!isset($plugins[ $pluginModelName ])) {
+ $plugins[ $pluginModelName ] =
ClassRegistry::init($pluginModelName, true);
+
+ if(!$plugins[ $pluginModelName ]) {
+ throw new RuntimeException(_txt('er.plugin.fail',
array($pluginModelName)));
+ }
+ }
+
+ $targets[$i]['status'] = $plugins[ $pluginModelName
]->status($targets[$i]['CoProvisioningTarget']['id'],
+
$coPersonId);
+ }
+ }
+
+ return $targets;
+ }
+
+ /**
* Retrieve list of sponsors for display in dropdown.
*
* @since COmanage Registry v0.3

Modified: registry/trunk/app/Model/CoProvisioningTarget.php
===================================================================
--- registry/trunk/app/Model/CoProvisioningTarget.php 2013-02-23 14:33:41
UTC (rev 460)
+++ registry/trunk/app/Model/CoProvisioningTarget.php 2013-02-24 14:00:52
UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry CO Provisioning Target Model
*
- * Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2012 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2012-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry
* @since COmanage Registry v0.8
@@ -48,12 +48,12 @@
'message' => 'A CO ID must be provided'
),
'description' => array(
- 'rule' => '/.*/',
+ 'rule' => 'notEmpty',
'required' => false
),
'plugin' => array(
// XXX This should be a dynamically generated list based on available
plugins
- 'rule' => '/.*/',
+ 'rule' => 'notEmpty',
'required' => true,
'message' => 'A plugin must be provided'
),
@@ -61,8 +61,9 @@
'rule' => array(
'inList',
array(
- StatusEnum::Active,
- StatusEnum::Suspended
+ ProvisionerStatusEnum::AutomaticMode,
+ ProvisionerStatusEnum::Disabled,
+ ProvisionerStatusEnum::ManualMode
)
),
'required' => true,

Modified: registry/trunk/app/Plugin/LdapProvisioner/Config/Schema/schema.xml
===================================================================
--- registry/trunk/app/Plugin/LdapProvisioner/Config/Schema/schema.xml
2013-02-23 14:33:41 UTC (rev 460)
+++ registry/trunk/app/Plugin/LdapProvisioner/Config/Schema/schema.xml
2013-02-24 14:00:52 UTC (rev 461)
@@ -5,7 +5,7 @@
Version: $Revision$
Date: $Date$

- Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
the License. You may obtain a copy of the License at
@@ -30,9 +30,10 @@
<field name="co_provisioning_target_id" type="I">
<constraint>REFERENCES cm_co_provisioning_targets(id)</constraint>
</field>
- <field name="server" type="C" size="256" />
+ <field name="serverurl" type="C" size="256" />
<field name="binddn" type="C" size="128" />
<field name="password" type="C" size="64" />
+ <field name="basedn" type="C" size="128" />
<field name="created" type="T" />
<field name="modified" type="T" />

@@ -41,4 +42,26 @@
<unique />
</index>
</table>
+
+ <table name="co_ldap_provisioner_dns">
+ <field name="id" type="I">
+ <key />
+ <autoincrement />
+ </field>
+ <field name="co_ldap_provisioner_target_id" type="I">
+ <constraint>REFERENCES cm_co_ldap_provisioner_targets(id)</constraint>
+ </field>
+ <field name="co_person_id" type="I">
+ <constraint>REFERENCES cm_co_people(id)</constraint>
+ </field>
+ <field name="dn" type="C" size="256" />
+ <field name="created" type="T" />
+ <field name="modified" type="T" />
+
+ <index name="co_ldap_provisioner_dns_i1">
+ <col>co_ldap_provisioner_target_id</col>
+ <col>co_person_id</col>
+ <unique />
+ </index>
+ </table>
</schema>
\ No newline at end of file

Modified:
registry/trunk/app/Plugin/LdapProvisioner/Controller/CoLdapProvisionerTargetsController.php
===================================================================
---
registry/trunk/app/Plugin/LdapProvisioner/Controller/CoLdapProvisionerTargetsController.php
2013-02-23 14:33:41 UTC (rev 460)
+++
registry/trunk/app/Plugin/LdapProvisioner/Controller/CoLdapProvisionerTargetsController.php
2013-02-24 14:00:52 UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry CO LDAP Provisioner Targets Controller
*
- * Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2012 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2012-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry
* @since COmanage Registry v0.8
@@ -32,7 +32,7 @@
public $paginate = array(
'limit' => 25,
'order' => array(
- 'server' => 'asc'
+ 'serverurl' => 'asc'
)
);

@@ -40,6 +40,33 @@
public $requires_co = true;

/**
+ * Perform any dependency checks required prior to a write (add/edit)
operation.
+ * This method is intended to be overridden by model-specific controllers.
+ *
+ * @since COmanage Registry v0.8
+ * @param Array Request data
+ * @param Array Current data
+ * @return boolean true if dependency checks succeed, false otherwise.
+ */
+
+ function checkWriteDependencies($reqdata, $curdata = null) {
+ // Make sure we can connect to the specified server
+
+ try {
+
$this->CoLdapProvisionerTarget->verifyLdapServer($reqdata['CoLdapProvisionerTarget']['serverurl'],
+
$reqdata['CoLdapProvisionerTarget']['binddn'],
+
$reqdata['CoLdapProvisionerTarget']['password'],
+
$reqdata['CoLdapProvisionerTarget']['basedn']);
+ }
+ catch(RuntimeException $e) {
+ $this->Session->setFlash($e->getMessage(), '', array(), 'error');
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Perform a redirect back to the controller's default view.
* - postcondition: Redirect generated
*
@@ -68,27 +95,25 @@
*/

function isAuthorized() {
- $cmr = $this->calculateCMRoles();
+ $roles = $this->Role->calculateCMRoles();

// Construct the permission set for this user, which will also be passed
to the view.
$p = array();

// Determine what operations this user can perform

- // Add a new CO Provisioning Target?
- $p['add'] = ($cmr['cmadmin'] || $cmr['coadmin']);
-
// Delete an existing CO Provisioning Target?
- $p['delete'] = ($cmr['cmadmin'] || $cmr['coadmin']);
+ $p['delete'] = ($roles['cmadmin'] || $roles['coadmin']);

+// Is edit subject to co:x munging attack?
// Edit an existing CO Provisioning Target?
- $p['edit'] = ($cmr['cmadmin'] || $cmr['coadmin']);
+ $p['edit'] = ($roles['cmadmin'] || $roles['coadmin']);

// View all existing CO Provisioning Targets?
- $p['index'] = ($cmr['cmadmin'] || $cmr['coadmin']);
+ $p['index'] = ($roles['cmadmin'] || $roles['coadmin']);

// View an existing CO Provisioning Target?
- $p['view'] = ($cmr['cmadmin'] || $cmr['coadmin']);
+ $p['view'] = ($roles['cmadmin'] || $roles['coadmin']);

$this->set('permissions', $p);
return($p[$this->action]);

Modified: registry/trunk/app/Plugin/LdapProvisioner/Lib/lang.php
===================================================================
--- registry/trunk/app/Plugin/LdapProvisioner/Lib/lang.php 2013-02-23
14:33:41 UTC (rev 460)
+++ registry/trunk/app/Plugin/LdapProvisioner/Lib/lang.php 2013-02-24
14:00:52 UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry LDAP Provisioner Plugin Language File
*
- * Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2012 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2012-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry-plugin
* @since COmanage Registry v0.8
@@ -33,8 +33,20 @@
'ct.co_ldap_provisioner_targets.1' => 'LDAP Provisioner Target',
'ct.co_ldap_provisioner_targets.pl' => 'LDAP Provisioner Targets',

+ // Error messages
+ 'er.ldapprovisioner.basedn' => 'Base DN not found',
+ 'er.ldapprovisioner.connect' => 'Failed to connect to LDAP server',
+ 'er.ldapprovisioner.dn.component' => 'DN component %1$s not available',
+ 'er.ldapprovisioner.dn.none' => 'DN not found for CO Person %1$s',
+
// Plugin texts
- 'pl.ldapprovisioner.binddn' => 'Bind DN',
- 'pl.ldapprovisioner.password' => 'Password',
- 'pl.ldapprovisioner.server' => 'Server'
+ 'pl.ldapprovisioner.basedn' => 'Base DN',
+ 'pl.ldapprovisioner.basedn.desc' => 'Base DN to provision entries
under',
+ 'pl.ldapprovisioner.binddn' => 'Bind DN',
+ 'pl.ldapprovisioner.binddn.desc' => 'DN to authenticate as to manage
entries',
+ 'pl.ldapprovisioner.info' => 'The LDAP server must be available
and the specified credentials must be valid before this configuration can be
saved.',
+ 'pl.ldapprovisioner.password' => 'Password',
+ 'pl.ldapprovisioner.password.desc' => 'Password to use for
authentication',
+ 'pl.ldapprovisioner.serverurl' => 'Server URL',
+ 'pl.ldapprovisioner.serverurl.desc' => 'URL to connect to
(<tt>ldap[s]://hostname[:port]</tt>)'
);

Modified:
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php
===================================================================
---
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php
2013-02-23 14:33:41 UTC (rev 460)
+++
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php
2013-02-24 14:00:52 UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry CO LDAP Provisioner Target Model
*
- * Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2012 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2012-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry-plugin
* @since COmanage Registry v0.8
@@ -22,7 +22,9 @@
* @version $Id$
*/

-class CoLdapProvisionerTarget extends AppModel {
+App::uses("CoProvisionerPluginTarget", "Model");
+
+class CoLdapProvisionerTarget extends CoProvisionerPluginTarget {
// Define class name for cake
public $name = "CoLdapProvisionerTarget";

@@ -32,8 +34,10 @@
// Association rules from this model to other models
public $belongsTo = array("CoProvisioningTarget");

+ public $hasMany = array("LdapProvisioner.CoLdapProvisionerDn");
+
// Default display field for cake generated views
- public $displayField = "server";
+ public $displayField = "serverurl";

// Validation rules for table elements
public $validate = array(
@@ -42,17 +46,289 @@
'required' => true,
'message' => 'A CO Provisioning Target ID must be provided'
),
- 'server' => array(
- 'rule' => '/.*/',
- 'required' => true
+ 'serverurl' => array(
+ 'rule' => array('custom', '/^ldaps?:\/\/.*/'),
+ 'required' => true,
+ 'allowEmpty' => false,
+ 'message' => 'Please enter a valid ldap or ldaps URL'
),
'binddn' => array(
- 'rule' => '/.*/',
- 'required' => false
+ 'rule' => 'notEmpty'
),
'password' => array(
- 'rule' => '/.*/',
- 'required' => false
+ 'rule' => 'notEmpty'
+ ),
+ 'basedn' => array(
+ 'rule' => 'notEmpty'
)
);
+
+ /**
+ * Query an LDAP server.
+ *
+ * @since COmanage Registry v0.8
+ * @param String Server URL
+ * @param String Bind DN
+ * @param String Password
+ * @param String Base DN
+ * @param String Search filter
+ * @param Array Attributes to return (or null for all)
+ * @return Array Search results
+ * @throws RuntimeException
+ */
+
+ protected function queryLdap($serverUrl, $bindDn, $password, $baseDn,
$filter, $attributes=array()) {
+ $ret = array();
+
+ $cxn = ldap_connect($serverUrl);
+
+ if(!$cxn) {
+ throw new RuntimeException(_txt('er.ldapprovisioner.connect'),
LDAP_CONNECT_ERROR);
+ }
+
+ // Use LDAP v3 (this could perhaps become an option at some point)
+ ldap_set_option($cxn, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+
if(!@ldap_bind($cxn,
$bindDn, $password)) {
+ throw new RuntimeException(ldap_error($cxn), ldap_errno($cxn));
+ }
+
+ // Try to search using base DN; look for any matching object under the
base DN
+
+ $s = @ldap_search($cxn, $baseDn, $filter, $attributes);
+
+ if(!$s) {
+ throw new RuntimeException(ldap_error($cxn), ldap_errno($cxn));
+ }
+
+ $ret = ldap_get_entries($cxn, $s);
+
+ ldap_unbind($cxn);
+
+ return $ret;
+ }
+
+ /**
+ * Determine the provisioning status of this target for a CO Person ID.
+ *
+ * @since COmanage Registry v0.8
+ * @param Integer CO Provisioning Target ID
+ * @param Integer CO Person ID
+ * @return Array ProvisioningStatusEnum, Timestamp of last update in epoch
seconds, Comment
+ * @throws InvalidArgumentException If $coPersonId not found
+ * @throws RuntimeException For other errors
+ */
+
+ public function status($coProvisioningTargetId, $coPersonId) {
+ $ret = array(
+ 'status' => ProvisioningStatusEnum::Unknown,
+ 'timestamp' => null,
+ 'comment' => ""
+ );
+
+ // Pull the DN for this person, if we have one. Cake appears to
correctly interpret
+ // these conditions into a JOIN.
+ $args = array();
+ $args['conditions']['CoLdapProvisionerTarget.co_provisioning_target_id']
= $coProvisioningTargetId;
+ $args['conditions']['CoLdapProvisionerDn.co_person_id'] = $coPersonId;
+
+ $dnRecord = $this->CoLdapProvisionerDn->find('first', $args);
+
+ if(!empty($dnRecord)) {
+ // Query LDAP and see if there is a record
+ try {
+ $ldapRecord =
$this->queryLdap($dnRecord['CoLdapProvisionerTarget']['serverurl'],
+
$dnRecord['CoLdapProvisionerTarget']['binddn'],
+
$dnRecord['CoLdapProvisionerTarget']['password'],
+
$dnRecord['CoLdapProvisionerDn']['dn'],
+ "(objectclass=*)",
+ array('modifytimestamp'));
+
+ if(!empty($ldapRecord)) {
+ if(!empty($ldapRecord[0]['modifytimestamp'][0])) {
+ // Timestamp is formatted 20130223145645Z and needs to be
converted
+ $ret['timestamp'] =
strtotime($ldapRecord[0]['modifytimestamp'][0]);
+ }
+
+ $ret['status'] = ProvisioningStatusEnum::Provisioned;
+ $ret['comment'] = $dnRecord['CoLdapProvisionerDn']['dn'];
+ } else {
+ $ret['status'] = ProvisioningStatusEnum::NotProvisioned;
+ $ret['comment'] = $dnRecord['CoLdapProvisionerDn']['dn'];
+ }
+ }
+ catch(RuntimeException $e) {
+ if($e->getCode() == 32) { // LDAP_NO_SUCH_OBJECT
+ $ret['status'] = ProvisioningStatusEnum::NotProvisioned;
+ $ret['comment'] = $dnRecord['CoLdapProvisionerDn']['dn'];
+ } else {
+ $ret['status'] = ProvisioningStatusEnum::Unknown;
+ $ret['comment'] = $e->getMessage();
+ }
+ }
+ } else {
+ // No DN on file
+
+ $ret['status'] = ProvisioningStatusEnum::NotProvisioned;
+ }
+
+ return $ret;
+ }
+
+ /**
+ * Provision for the specified CO Person.
+ *
+ * @since COmanage Registry v0.8
+ * @param Array CO Provisioning Target data
+ * @param ProvisioningActionEnum Registry transaction type triggering
provisioning
+ * @param Array CO Person data
+ * @return Boolean True on success
+ * @throws InvalidArgumentException If $coPersonId not found
+ * @throws RuntimeException For other errors
+ */
+
+ public function provision($coProvisioningTargetData, $op, $coPersonData) {
+ /*
+ debug($coProvisioningTargetData);
+ debug($op);
+ debug($coPersonData);
+ */
+
+ // First figure out what to do
+ $assigndn = false;
+ $delete = false;
+ $add = false;
+
+// XXX Implement or cut ticket to implement other operations
+ switch($op) {
+ case ProvisioningActionEnum::CoPersonReprovisionRequested:
+ $assigndn = true;
+ $delete = true;
+ $add = true;
+ break;
+ default:
+ throw new RuntimeException("Not Implemented");
+ break;
+ }
+
+ // Next, see if we already have a DN for this person
+
+ $dn = null;
+
+ $args = array();
+ $args['conditions']['CoLdapProvisionerDn.co_ldap_provisioner_target_id']
= $coProvisioningTargetData['CoLdapProvisionerTarget']['id'];
+ $args['conditions']['CoLdapProvisionerDn.co_person_id'] =
$coPersonData['CoPerson']['id'];
+ $args['contain'] = false;
+
+ $dnRecord = $this->CoLdapProvisionerDn->find('first', $args);
+
+ if(empty($dnRecord)) {
+ if($assigndn) {
+ // If we don't have a DN, assign one
+
+ $dn =
$this->CoLdapProvisionerDn->assignDn($coProvisioningTargetData,
$coPersonData);
+ }
+ } else {
+ $dn = $dnRecord['CoLdapProvisionerDn']['dn'];
+ }
+
+ if(!$dn) {
+ throw new RuntimeException(_txt('er.ldapprovisioner.dn.none',
array($coPersonData['CoPerson']['id'])));
+ }
+
+ // Assemble an LDAP record
+
+// XXX make this configurable, at least as per requirements for initial LIGO
use cases (cut tickets?)
+// multi-valued attributes can be set via $attributes['mail'][0]
+ $attributes = array();
+ $attributes['objectclass'][] = 'top';
+ $attributes['objectclass'][] = 'person';
+ $attributes['objectclass'][] = 'organizationalperson';
+ $attributes['objectclass'][] = 'inetorgperson';
+ // Note: RFC4519 requires sn and cn for person
+ $attributes['cn'] = generateCn($coPersonData['Name']);
+ $attributes['sn'] = $coPersonData['Name']['family'];
+ $attributes['givenname'] = $coPersonData['Name']['given'];
+ $attributes['uid'] = $coPersonData['CoPerson']['id'];
+ if(!empty($coPersonData['CoPersonRole'][0]['title'])) {
+ $attributes['title'] = $coPersonData['CoPersonRole'][0]['title'];
+ }
+ if(!empty($coPersonData['CoPersonRole'][0]['Address'][0]['line1'])) {
+ // XXX should concatenate line2, or implement CO-539 and convert
newlines to $
+ $attributes['street'] =
$coPersonData['CoPersonRole'][0]['Address'][0]['line1'];
+ }
+ if(!empty($coPersonData['CoPersonRole'][0]['Address'][0]['locality'])) {
+ $attributes['l'] =
$coPersonData['CoPersonRole'][0]['Address'][0]['locality'];
+ }
+ if(!empty($coPersonData['CoPersonRole'][0]['Address'][0]['state'])) {
+ $attributes['st'] =
$coPersonData['CoPersonRole'][0]['Address'][0]['state'];
+ }
+
if(!empty($coPersonData['CoPersonRole'][0]['Address'][0]['postal_code'])) {
+ $attributes['postalcode'] =
$coPersonData['CoPersonRole'][0]['Address'][0]['postal_code'];
+ }
+
if(!empty($coPersonData['CoPersonRole'][0]['TelephoneNumber'][0]['number'])) {
+ $attributes['telephonenumber'] =
$coPersonData['CoPersonRole'][0]['TelephoneNumber'][0]['number'];
+ }
+ if(!empty($coPersonData['EmailAddress'][0]['mail'])) {
+ $attributes['mail'] = $coPersonData['EmailAddress'][0]['mail'];
+ }
+
+ // Bind to the server
+
+ $cxn =
ldap_connect($coProvisioningTargetData['CoLdapProvisionerTarget']['serverurl']);
+
+ if(!$cxn) {
+ throw new RuntimeException(_txt('er.ldapprovisioner.connect'),
LDAP_CONNECT_ERROR);
+ }
+
+ // Use LDAP v3 (this could perhaps become an option at some point)
+ ldap_set_option($cxn, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+
if(!@ldap_bind($cxn,
+
$coProvisioningTargetData['CoLdapProvisionerTarget']['binddn'],
+
$coProvisioningTargetData['CoLdapProvisionerTarget']['password'])) {
+ throw new RuntimeException(ldap_error($cxn), ldap_errno($cxn));
+ }
+
+ if($delete) {
+ // Delete any previous entry. For now, ignore any error.
+ @ldap_delete($cxn, $dn);
+ }
+
+ if($add) {
+ // Write a new entry
+
if(!@ldap_add($cxn,
$dn, $attributes)) {
+ throw new RuntimeException(ldap_error($cxn), ldap_errno($cxn));
+ }
+ }
+
+ // Drop the connection
+ ldap_unbind($cxn);
+
+ // We rely on the LDAP server to manage last modify time
+
+ return true;
+ }
+
+ /**
+ * Test an LDAP server to verify that the connection available is valid.
+ *
+ * @since COmanage Registry v0.8
+ * @param String Server URL
+ * @param String Bind DN
+ * @param String Password
+ * @param String Base DN
+ * @return Boolean True if parameters are valid
+ * @throws RuntimeException
+ */
+
+ public function verifyLdapServer($serverUrl, $bindDn, $password, $baseDn) {
+ $results = $this->queryLdap($serverUrl, $bindDn, $password, $baseDn,
"(objectclass=*)", array("dn"));
+
+ if(count($results) < 1) {
+ throw new RuntimeException(_txt('er.ldapprovisioner.basedn'));
+ }
+
+ return true;
+ }
}

Modified: registry/trunk/app/Plugin/LdapProvisioner/Model/LdapProvisioner.php
===================================================================
--- registry/trunk/app/Plugin/LdapProvisioner/Model/LdapProvisioner.php
2013-02-23 14:33:41 UTC (rev 460)
+++ registry/trunk/app/Plugin/LdapProvisioner/Model/LdapProvisioner.php
2013-02-24 14:00:52 UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry LDAP Provisioner Model
*
- * Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2012 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2012-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry-plugin
* @since COmanage Registry v0.8
@@ -26,9 +26,9 @@
// Required by COmanage Plugins
public $cmPluginType = "provisioner";

-/*
// Expose Menu Items
public $cmPluginMenus = array(
+ /*
"cmp" => array("Plugin CMP Title" =>
array('controller' => "ldap_provisioners",
'action' => "cmp")),
@@ -46,6 +46,9 @@
"coperson" => array("Plugin My Account Title" =>
array('controller' => "ldap_records",
'action' => "view")),
+ */
);
-*/
+
+ // XXX do we need to add this?
+ public $useTable = false;
}

Modified:
registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/fields.inc
===================================================================
---
registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/fields.inc
2013-02-23 14:33:41 UTC (rev 460)
+++
registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/fields.inc
2013-02-24 14:00:52 UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry CO LDAP Provisioning Target Fields
*
- * Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2012 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2012-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry-plugin
* @since COmanage Registry v0.8
@@ -61,32 +61,51 @@
print $this->Form->hidden('co_id', array('default' =>
$cur_co['Co']['id'])) . "\n";
print $this->Form->hidden('co_provisioning_target_id', array('default' =>
$ptid)) . "\n";
?>
+<div class="ui-state-highlight ui-corner-all" style="margin-top: 20px;
padding: 0 .7em;">
+ <p>
+ <span class="ui-icon ui-icon-info" style="float: left; margin-right:
.3em;"></span>
+ <strong><?php print _txt('pl.ldapprovisioner.info'); ?></strong>
+ </p>
+</div>
+<br />
<table id="<?php print $this->action; ?>_co_ldap_provisioner_target"
class="ui-widget">
<tbody>
<tr class="line1">
<td>
- <?php print _txt('pl.ldapprovisioner.server'); ?><font
class="required">*</font>
+ <?php print _txt('pl.ldapprovisioner.serverurl'); ?><font
class="required">*</font><br />
+ <font class="desc"><?php print
_txt('pl.ldapprovisioner.serverurl.desc'); ?></font>
</td>
<td>
- <?php print ($e ? $this->Form->input('server') :
Sanitize::html($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['server']));
?>
+ <?php print ($e ? $this->Form->input('serverurl', array('size' =>
50)) :
Sanitize::html($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['serverurl']));
?>
</td>
</tr>
<tr class="line2">
<td>
- <?php print _txt('pl.ldapprovisioner.binddn'); ?>
+ <?php print _txt('pl.ldapprovisioner.binddn'); ?><font
class="required">*</font><br />
+ <font class="desc"><?php print
_txt('pl.ldapprovisioner.binddn.desc'); ?></font>
</td>
<td>
- <?php print ($e ? $this->Form->input('binddn') :
Sanitize::html($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['binddn']));
?>
+ <?php print ($e ? $this->Form->input('binddn', array('size' => 50))
:
Sanitize::html($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['binddn']));
?>
</td>
</tr>
<tr class="line1">
<td>
- <?php print _txt('pl.ldapprovisioner.password'); ?>
+ <?php print _txt('pl.ldapprovisioner.password'); ?><font
class="required">*</font><br />
+ <font class="desc"><?php print
_txt('pl.ldapprovisioner.password.desc'); ?></font>
</td>
<td>
<?php print ($e ? $this->Form->input('password') :
Sanitize::html($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['password']));
?>
</td>
</tr>
+ <tr class="line2">
+ <td>
+ <?php print _txt('pl.ldapprovisioner.basedn'); ?><font
class="required">*</font><br />
+ <font class="desc"><?php print
_txt('pl.ldapprovisioner.basedn.desc'); ?></font>
+ </td>
+ <td>
+ <?php print ($e ? $this->Form->input('basedn', array('size' => 50))
:
Sanitize::html($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['basedn']));
?>
+ </td>
+ </tr>
<tr>
<td>
<i><font class="required"><?php print _txt('fd.req');
?></font></i><br />

Modified: registry/trunk/app/View/CoPeople/fields.inc
===================================================================
--- registry/trunk/app/View/CoPeople/fields.inc 2013-02-23 14:33:41 UTC (rev
460)
+++ registry/trunk/app/View/CoPeople/fields.inc 2013-02-24 14:00:52 UTC (rev
461)
@@ -84,13 +84,17 @@
print '<a
class="autobutton"
title="' . _txt('op.id.auto') . '"
- onclick="javascript:js_confirm_autogenerate(\'' .
$this->Html->url(array('controller' => 'identifiers',
-
'action' => 'assign',
-
'copersonid' => $co_people[0]['CoPerson']['id'],
-
'co' => $cur_co['Co']['id'])) . '\')";>'
+ onclick="javascript:js_confirm_autogenerate()";>'
. _txt('op.id.auto')
. "</a>\n";
}
+
+ // Provisioning status
+ if($permissions['provision']) {
+ print $this->Html->link(_txt('op.prov.view'),
+ array('controller' => 'co_people', 'action'
=> 'provision', $co_people[0]['CoPerson']['id'], 'co' => $cur_co['Co']['id']),
+ array('class' => 'historybutton')); // XXX
This should use a different image
+ }
}

// Populate the cross reference
@@ -131,41 +135,47 @@
<br />
<br />
<script type="text/javascript">
- 
+ 

- function js_confirm_autogenerate(url)
- {
- // Generate a dialog box confirming the autogeneration of identifiers.
- // On confirmation, forward to <url>, which executes the autogeneration.
+ function js_confirm_autogenerate() {
+ // Open the dialog to confirm autogeneration of identifiers
+ $('#autogenerate-dialog').dialog('open');
+ }
+
+ $(function() {
+ // Turn on Tabs
+ var $tabs = $( "#tabs" ).tabs();

- // Set the title of the dialog
- $("#dialog").dialog("option", "title", "<?php print _txt('op.id.auto');
?>");
+ // If returning to this page via redirect, open last used tab
+ <?php if(isset($this->request->params['named']['tab'])): ?>
+ var selectedtab = "<?php
print($this->request->params['named']['tab']); ?>";
+ $tabs.tabs('select', '#tabs-' + selectedtab );
+ <?php endif; ?>

- // Set the body of the dialog
- $("#dialog-text").text('<?php print _txt('op.id.auto.confirm'); ?>');
-
- // Set the dialog buttons
- $("#dialog").dialog("option",
- "buttons",
- {
- "<?php print _txt('op.cancel'); ?>": function() {
$(this).dialog("close"); },
- "<?php print _txt('op.id.auto'); ?>": function() {
window.location=url; }
- });
-
- // Open the dialog
- $('#dialog').dialog('open');
- }
+ // Autogenerate dialog
+ $("#autogenerate-dialog").dialog({
+ autoOpen: false,
+ buttons: {
+ "<?php print _txt('op.cancel'); ?>": function() {
+ $(this).dialog("close");
+ },
+ "<?php print _txt('op.id.auto'); ?>": function() {
+ window.location="<?php print $this->Html->url(array('controller'
=> 'identifiers',
+ 'action' =>
'assign',
+ 'copersonid'
=> $co_people[0]['CoPerson']['id'],
+ 'co' =>
$cur_co['Co']['id'])); ?>"
+ }
+ },
+ modal: true,
+ show: {
+ effect: "fade"
+ },
+ hide: {
+ effect: "fade"
+ }

-$(function() {
- // Turn on Tabs
- var $tabs = $( "#tabs" ).tabs();
-
- // If returning to this page via redirect, open last used tab
- <?php if(isset($this->request->params['named']['tab'])): ?>
- var selectedtab = "<?php print($this->request->params['named']['tab']);
?>";
- $tabs.tabs('select', '#tabs-' + selectedtab );
- <?php endif; ?>
-});
+ });
+ });
</script>

<div id="<?php print $this->action; ?>_co_person" style=" float:left;
height:auto;">
@@ -806,3 +816,7 @@
</div> 
<?php endif; // if not invite ?>
</div>
+
+<div id="autogenerate-dialog" title="<?php print _txt('op.id.auto'); ?>">
+ <?php print _txt('op.id.auto.confirm'); ?>
+</div>

Modified: registry/trunk/app/View/CoProvisioningTargets/fields.inc
===================================================================
--- registry/trunk/app/View/CoProvisioningTargets/fields.inc 2013-02-23
14:33:41 UTC (rev 460)
+++ registry/trunk/app/View/CoProvisioningTargets/fields.inc 2013-02-24
14:00:52 UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry CO Provisioning Target Fields
*
- * Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2012 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2012-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry
* @since COmanage Registry v0.8
@@ -36,11 +36,11 @@

if($e) {
print $this->Html->link(_txt('op.cancel'),
- array('controller' => 'co_provisioning_targets',
'action' => 'index'),
+ array('controller' => 'co_provisioning_targets',
'action' => 'index', 'co' => $cur_co['Co']['id']),
array('class' => 'cancelbutton'));
} else {
print $this->Html->link(_txt('op.back'),
- array('controller' => 'co_provisioning_targets',
'action' => 'index'),
+ array('controller' => 'co_provisioning_targets',
'action' => 'index', 'co' => $cur_co['Co']['id']),
array('class' => 'backbutton'));
}

@@ -76,9 +76,24 @@
</td>
<td>
<?php
- print ($this->action == 'add' ? $this->Form->input('plugin') :
Sanitize::html($co_provisioning_targets[0]['CoProvisioningTarget']['plugin']));
+ switch($this->action) {
+ case 'add':
+ print $this->Form->input('plugin');
+ break;
+ case 'edit':
+ print $this->Form->input('plugin', array('disabled' => true));
+ // We need to re-include the value as hidden since it can't be
changed (but is required by the model)
+ print $this->Form->hidden('plugin',
+ array('default' =>
Sanitize::html($co_provisioning_targets[0]['CoProvisioningTarget']['plugin'])))
. "\n";
+ break;
+ default:
+ print
Sanitize::html($co_provisioning_targets[0]['CoProvisioningTarget']['plugin']);
+ break;
+ }

if($this->action == 'edit') {
+ // And render a link to the plugin target
+
$pl =
Inflector::underscore(Sanitize::html($co_provisioning_targets[0]['CoProvisioningTarget']['plugin']));
$plmodel = "Co" .
Sanitize::html($co_provisioning_targets[0]['CoProvisioningTarget']['plugin'])
. "Target";

@@ -87,7 +102,7 @@
'plugin' => $pl,
'controller' => 'co_' . $pl .
'_targets',
'action' => 'edit',
-
$co_provisioning_targets[0][$plmodel][0]['id'],
+
$co_provisioning_targets[0][$plmodel]['id'],
'co' => $cur_co['Co']['id']
),
array('class' => 'editbutton'));
@@ -97,17 +112,18 @@
</tr>
<tr class="line1">
<td>
- <?php print _txt('fd.status'); ?>
+ <?php print _txt('fd.status'); ?><br />
+ <font class="desc"><?php print _txt('en.status.prov.desc'); ?></font>
</td>
<td>
<?php
global $cm_lang, $cm_texts;
- $attrs['value'] = (isset($co_provisioning_targets) ?
$co_provisioning_targets[0]['CoProvisioningTarget']['status'] :
StatusEnum::Active);
+ $attrs['value'] = (isset($co_provisioning_targets) ?
$co_provisioning_targets[0]['CoProvisioningTarget']['status'] :
ProvisionerStatusEnum::AutomaticMode);
$attrs['empty'] = false;

if($e) {
print $this->Form->select('status',
- $cm_texts[ $cm_lang ]['en.status'],
+ $cm_texts[ $cm_lang
]['en.status.prov'],
$attrs);

if($this->Form->isFieldError('status')) {

Modified: registry/trunk/app/View/CoProvisioningTargets/index.ctp
===================================================================
--- registry/trunk/app/View/CoProvisioningTargets/index.ctp 2013-02-23
14:33:41 UTC (rev 460)
+++ registry/trunk/app/View/CoProvisioningTargets/index.ctp 2013-02-24
14:00:52 UTC (rev 461)
@@ -2,7 +2,7 @@
/**
* COmanage Registry CO Provisioning Target Index View
*
- * Copyright (C) 2012 University Corporation for Advanced Internet
Development, Inc.
+ * Copyright (C) 2012-13 University Corporation for Advanced Internet
Development, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with
* the License. You may obtain a copy of the License at
@@ -14,7 +14,7 @@
* KIND, either express or implied. See the License for the specific
language governing
* permissions and limitations under the License.
*
- * @copyright Copyright (C) 2012 University Corporation for Advanced
Internet Development, Inc.
+ * @copyright Copyright (C) 2012-13 University Corporation for Advanced
Internet Development, Inc.
* @link http://www.internet2.edu/comanage COmanage Project
* @package registry
* @since COmanage Registry v0.8
@@ -69,7 +69,7 @@
</td>
<td><?php print Sanitize::html($c['CoProvisioningTarget']['plugin']);
?></td>
<td>
- <?php print _txt('en.status', null,
$c['CoProvisioningTarget']['status']); ?>
+ <?php print _txt('en.status.prov', null,
$c['CoProvisioningTarget']['status']); ?>
</td>
<td>
<?php

Modified: registry/trunk/app/View/Elements/dropMenu.ctp
===================================================================
--- registry/trunk/app/View/Elements/dropMenu.ctp 2013-02-23 14:33:41
UTC (rev 460)
+++ registry/trunk/app/View/Elements/dropMenu.ctp 2013-02-24 14:00:52
UTC (rev 461)
@@ -87,6 +87,7 @@

if(isset($permissions['menu']['orgidentities']) &&
$permissions['menu']['orgidentities']) {
$args = array();
+ $args['plugin'] = null;
$args['controller'] = 'org_identities';
$args['action'] = 'index';

@@ -101,33 +102,36 @@

if(isset($permissions['menu']['cos']) &&
$permissions['menu']['cos']) {
print "<li>";
- $args = array(
- 'controller' => 'co_people',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_people';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print $this->Html->link(_txt('me.population'), $args);
print "</li>";
}

if(isset($permissions['menu']['createpetition']) &&
$permissions['menu']['createpetition']) {
print "<li>";
- $args = array(
- 'controller' => 'co_enrollment_flows',
- 'action' => 'select',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_enrollment_flows';
+ $args['action'] = 'select';
+ $args['co'] = $menuCoId;
+
print $this->Html->link(_txt('op.petition.create'),
$args);
print "</li>";
}

if(isset($permissions['menu']['petitions']) &&
$permissions['menu']['petitions']) {
print "<li>";
- $args = array(
- 'controller' => 'co_petitions',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_petitions';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print $this->Html->link(_txt('ct.co_petitions.pl'),
$args);
print "</li>";
}
@@ -139,11 +143,12 @@

if(isset($permissions['menu']['cogroups']) &&
$permissions['menu']['cogroups']) {
print "<li>";
- $args = array(
- 'controller' => 'co_groups',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_groups';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print $this->Html->link(_txt('ct.co_groups.pl'), $args);
print "</li>";
}
@@ -158,66 +163,72 @@

if(isset($permissions['menu']['coef']) &&
$permissions['menu']['coef']) {
print "<li>";
- $args = array(
- 'controller' => 'co_enrollment_flows',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_enrollment_flows';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print
$this->Html->link(_txt('ct.co_enrollment_flows.pl'), $args);
print "</li>";
}

if(isset($permissions['menu']['cous']) &&
$permissions['menu']['cous']) {
print "<li>";
- $args = array(
- 'controller' => 'cous',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'cous';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print $this->Html->link(_txt('ct.cous.pl'), $args);
print "</li>";
}

if(isset($permissions['menu']['extattrs']) &&
$permissions['menu']['extattrs']) {
print "<li>";
- $args = array(
- 'controller' => 'co_extended_attributes',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_extended_attributes';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print
$this->Html->link(_txt('ct.co_extended_attributes.pl'), $args);
print "</li>";
}

if(isset($permissions['menu']['exttypes']) &&
$permissions['menu']['exttypes']) {
print "<li>";
- $args = array(
- 'controller' => 'co_extended_types',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_extended_types';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print
$this->Html->link(_txt('ct.co_extended_types.pl'), $args);
print "</li>";
}

if(isset($permissions['menu']['idassign']) &&
$permissions['menu']['idassign']) {
print "<li>";
- $args = array(
- 'controller' => 'co_identifier_assignments',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_identifier_assignments';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print
$this->Html->link(_txt('ct.co_identifier_assignments.pl'), $args);
print "</li>";
}

if(isset($permissions['menu']['coprovtargets']) &&
$permissions['menu']['coprovtargets']) {
print "<li>";
- $args = array(
- 'controller' => 'co_provisioning_targets',
- 'action' => 'index',
- 'co' => $menuCoId
- );
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'co_provisioning_targets';
+ $args['action'] = 'index';
+ $args['co'] = $menuCoId;
+
print
$this->Html->link(_txt('ct.co_provisioning_targets.pl'), $args);
print "</li>";
}
@@ -248,26 +259,32 @@
<ul>
<li>
<?php
- $params = array('controller' => 'cos',
- 'action' => 'index'
- );
- print $this->Html->link(_txt('ct.cos.pl'), $params);
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'cos';
+ $args['action'] = 'index';
+
+ print $this->Html->link(_txt('ct.cos.pl'), $args);
?>
</li>
<li>
<?php
- $params = array('controller' => 'organizations',
- 'action' => 'index'
- );
- print $this->Html->link(_txt('ct.organizations.pl'), $params);
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'organizations';
+ $args['action'] = 'index';
+
+ print $this->Html->link(_txt('ct.organizations.pl'), $args);
?>
</li>
<li>
<?php
- $params = array('controller' =>
'cmp_enrollment_configurations',
- 'action' => 'select'
- );
- print
$this->Html->link(_txt('ct.cmp_enrollment_configurations.pl'), $params);
+ $args = array();
+ $args['plugin'] = null;
+ $args['controller'] = 'cmp_enrollment_configurations';
+ $args['action'] = 'select';
+
+ print
$this->Html->link(_txt('ct.cmp_enrollment_configurations.pl'), $args);
?>
</li>
<?php render_plugin_menus($this->Html, $plugins, 'cmp',
$menuCoId); ?>
@@ -300,6 +317,7 @@
foreach ($mycos as $co) {
print "<li>";
$args = array(
+ 'plugin' => 'null',
'controller' => 'co_people',
'action' => 'edit',
$co['co_person_id'],
@@ -321,6 +339,7 @@
foreach ($mycos as $co) {
print "<li>";
$args = array(
+ 'plugin' => null,
'controller' => 'co_nsf_demographics',
'action' => 'editself',
'co' => $co['co_id']

Modified: registry/trunk/app/View/Layouts/default.ctp
===================================================================
--- registry/trunk/app/View/Layouts/default.ctp 2013-02-23 14:33:41 UTC (rev
460)
+++ registry/trunk/app/View/Layouts/default.ctp 2013-02-24 14:00:52 UTC (rev
461)
@@ -252,7 +252,8 @@
$(".provisionbutton").button({
icons: {
primary: 'ui-icon-gear'
- }
+ },
+ text: false
});

$(".unlinkbutton").button({

[comanage-dev] r461 - in registry/trunk/app: Config/Schema Controller Lib Model Plugin/LdapProvisioner/Config/Schema Plugin/LdapProvisioner/Controller Plugin/LdapProvisioner/Lib Plugin/LdapProvisioner/Model Plugin/LdapProvisioner/View/CoLdapProvisionerTargets View/CoPeople View/CoProvisioningTargets View/CoProvisioningTargets/json View/CoProvisioningTargets/xml View/Elements View/Layouts, svnlog, 02/24/2013

List archive