staff.module

<?php

/**
 * @file
 * Written by Brian May 2007: brian@vpac.org
 * Extended (slightly) by David Colls 2008: davidc@vpac.org
 * Trivial ordering modifications by Lev Lafayette 2010: lev@vpac.org
 * Changed breadcrumb path April 1, 2011 Lev Lafayette: lev@vpac.org
 */

/**
 * Implementation of hook_init().
 */
function staff_init() {
  drupal_add_css(drupal_get_path('module', 'staff') . '/staff-style.css');
}

function staff_nl2p($string, $class='') {
$class_attr = ($class!='') ? ' class="'.$class.'"' : '';
return
    '<p'.$class_attr.'>'
     .preg_replace('#(<br\s*?/?>\s*?){2,}#', '</p>'."\n".'<p'.$class_attr.'>', nl2br($string, true))
     .'</p>';
}

/**
 * Implements hook_help.
 *
 * Displays help and module information.
 *
 * @param path 
 *   Which path of the site we're using to display help
 * @param arg 
 *   Array that holds the current path as returned from arg() function
 */
function staff_help($path, $arg) {
  switch ($path) {
    case "admin/help#staff":
      return '<p>' . t("Displays lists of staff") . '</p>';
      break;
  }
} // function staff_help

/**
 * Valid permissions for this module
 * @return array An array of valid permissions for the ldap module
 */
function staff_permission() {
  return array(
    'access staff content' => array(
      'title' => t('access staff content'),
      'description' => t('Perform administration tasks for the staff module.'),
    ),
    'administer staff content' => array(
      'title' => t('administer staff content'),
      'description' => t('Access user content for the staff module.'),
    ),
  );
} // function staff_perm()

/**
 * Implementation of hook_menu().
 */
function staff_menu() {

  $items = array();

  $items['admin/config/staff'] = array(
    'title' => 'Staff settings',
    'description' => 'LDAP configuration and security settings for staff.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('staff_admin'),
    'access arguments' => array('administer staff content'),
    'type' => MENU_NORMAL_ITEM,
  );

  $items['staff'] = array(
    'title' => 'Staff',
    'page callback' => 'staff_content',
    'access arguments' => array('access staff content'),
    'type' => MENU_NORMAL_ITEM,
  );

  return $items;
}

/**
 * Called by Drupal when user retrieves URL under /admin/config/staff.
 */
function staff_admin() {
  $form['staff_server'] = array(
    '#type' => 'textfield',
    '#title' => t('Server'),
    '#default_value' => variable_get('staff_server', 'ldap'),
    '#size' => 50,
    '#maxlength' => 50,
    '#description' => t("The LDAP server"),
  );

  $form['staff_basedn_users'] = array(
    '#type' => 'textfield',
    '#title' => t('Base DN users'),
    '#default_value' => variable_get('staff_basedn_users', 'dc=example,dc=org'),
    '#size' => 50,
    '#maxlength' => 50,
    '#description' => t("The base DN for all users"),
  );

  $form['staff_basedn_groups'] = array(
    '#type' => 'textfield',
    '#title' => t('Base DN groups'),
    '#default_value' => variable_get('staff_basedn_groups', 'dc=example,dc=org'),
    '#size' => 50,
    '#maxlength' => 50,
    '#description' => t("The base DN for all groups"),
  );

  $form['valid_groups'] = array(
    '#type' => 'textarea',
    '#title' => t('Valid Groups'),
    '#default_value' => variable_get('valid_groups', ''),
    '#rows' => 7,
    '#description' => t("Enter valid group names, one per line. No spaces or other special characters in group names."),
  );

  return system_settings_form($form);
}

/**
 * Has this account expired?
 */
function staff_get_expired($ds, $uid) {
  $groups = staff_get_groups($ds, "vpac");
  if (!isset($groups["members"][$uid])) {
    return TRUE;
  }
  else {
    return FALSE;
  }
}

/**
 * Create a link to the photo to this user
 */
function staff_do_photo_link($ds, $entry, $uid, $privacy) {
  if (!isset($uid)) {
    return "";
  }
  $path="sites/default/files/nonpicture-03.png";
  if (isset($privacy["public_photo"]["members"][$uid])) {
    $photo = @ldap_get_values_len($ds, $entry, "jpegPhoto");
	 if ($photo !== FALSE and $photo["count"] > 0) {
	   $path = "staff/uid/" . $uid . ".jpg";
    }
  }
  return "<img src='" . url($path) . "' alt='Staff Photograph'/>";
}

/**
 * Display attributes of a single staff member not in a list
 */
function staff_do_user($ds, $entry, $uid, $expired, $privacy) {
  $content = "";
  $content .= staff_do_photo_link($ds, $entry, $uid, $privacy);

  if (!$expired) {
    $keys = array(
      "cn" => "Name",
      "title" => "Title",
    );

    if (isset($privacy["public_telephonenumber"]["members"][$uid])) {
      $keys["telephonenumber"] = "Phone";
    }
    if (isset($privacy["public_mobile"]["members"][$uid])) {
      $keys["mobile"] = "Mobile Phone";
    }
    $keys["facsimiletelephonenumber"] = "Fax";

    if (isset($privacy["public_email"]["members"][$uid])) {
      $keys["mail"] = "Email";
    }

    $description = "";
    $values = @ldap_get_values($ds, $entry, "description");
    for ($i = 0; $i < $values["count"]; $i = $i + 1) {
      $description .= $values[$i];
    }
  }
  else {
    $keys = array(
      "cn" => "Name",
    );
    $description = NULL;
  }

  $content .= "<table>";
  foreach ($keys as $ldap => $label) {
    $values = @ldap_get_values($ds, $entry, $ldap);
    if ($values === FALSE or $values["count"] == 0) {
      continue;
    }

    $content .= "<tr>";
    $content .= '<td class="label">' . htmlspecialchars($label) . "</td><td>";
    $nl = "";
    for ($i = 0; $i < $values["count"]; $i = $i + 1) {
      if ($ldap == "cn") {
        if (isset($uid)) {
          $url = "staff/uid/$uid";
          $content .= $nl . l($values[$i], $url);
        }
        else {
          $content .= $nl . htmlspecialchars($values[0]);
        }
      }
      elseif ($ldap == "mail") {
        $url = "mailto:$values[$i]";
        $content .= $nl . l($values[$i], $url);
      }
      else {
        $content .= $nl . htmlspecialchars($values[$i]);
      }
      $nl = "<br/>";
    }
    $content .= "</td>";
    $content .= "</tr>";
  }

  if ($expired) {
       $content .= '<td class="label">Status</td><td>Expired</td>';
  }
  $content .= "</table>";

  if ($description) {
    $content .= staff_nl2p(htmlspecialchars($description), "staff-end");
  }

  return $content;
}


/**
 * Display attributes of a single staff member in a compact list format
 * The compact format does not include a photo and shows all details on one line
 */
function staff_do_list_user_compact($ds, $entry, $uid, $privacy) {
  $keys = array(
    "cn" => "Name",
    "title" => "Title",
  );
  if (isset($privacy["public_telephonenumber"]["members"][$uid])) {
    $keys["telephonenumber"] = "Phone";
  }
  if (isset($privacy["public_mobile"]["members"][$uid])) {
    $keys["mobile"] = "Mobile Phone";
  }
  if (isset($privacy["public_email"]["members"][$uid])) {
    $keys["mail"] = "Email";
  }

  $content = "";

  $nl = "";
  foreach ($keys as $ldap => $label) {
    $values = @ldap_get_values($ds, $entry, $ldap);
    if ($values === FALSE or $values["count"] == 0) {
      continue;
    }

    for ($i = 0; $i < $values["count"]; $i = $i + 1) {
      if ($ldap == "cn") {
        if (isset($uid)) {
          $url = "staff/uid/$uid";
          $content .= $nl . l($values[$i], $url);
        }
        else {
          $content .= $nl . htmlspecialchars($values[0]);
        }
      }
      elseif ($ldap == "mail") {
        $url = "mailto:$values[$i]";
        $content .= $nl . l($values[$i], $url);
      }
      else {
        $content .= $nl . htmlspecialchars($values[$i]);
      }
      $nl = ", ";
    }
  }

  return $content;
}

/**
 * Display attributes of a single staff member in an expanded list format
 * The expanded format includes a photo and further details
 */
function staff_do_list_user_long($ds, $entry, $uid, $privacy) {
  $keys = array(
    "cn" => "Name",
    "title" => "Title",
  );
  if (isset($privacy["public_telephonenumber"]["members"][$uid])) {
    $keys["telephonenumber"] = "Phone";
  }
  if (isset($privacy["public_mobile"]["members"][$uid])) {
    $keys["mobile"] = "Mobile Phone";
  }
  if (isset($privacy["public_email"]["members"][$uid])) {
    $keys["mail"] = "Email";
  }

  $content = "";

  $nl = "<br/>";
  foreach ($keys as $ldap => $label) {
    $values = @ldap_get_values($ds, $entry, $ldap);
    if ($values === FALSE or $values["count"] == 0) {
      continue;
    }

    for ($i = 0; $i < $values["count"]; $i = $i + 1) {
      if ($ldap == "cn") {
        if (isset($uid)) {
          $url = "staff/uid/$uid";
          $content .= staff_do_photo_link($ds, $entry, $uid, $privacy);
          $content .= l($values[$i], $url);
        }
        else {
          $content .= $nl . htmlspecialchars($values[0]);
        }
      }
      elseif ($ldap == "mail") {
        $url = "mailto:$values[$i]";
        $content .= $nl . l($values[$i], $url);
      }
      else {
        $content .= $nl . htmlspecialchars($values[$i]);
      }
    }
  }

  return $content;
}

/**
 * Display a list of staff
 */
function staff_do_list($ds, $sr, $type, $privacy) {
  $content = "";
  $content_class = ($type == "list_compact")
      ? "staff-list-compact"
      : "staff-list-long";
  $content .= "<ul class='$content_class'>";

  $entry = ldap_first_entry($ds, $sr);

  $odd = TRUE;
  while ($entry !== FALSE) {
    $values = @ldap_get_values($ds, $entry, "uid");
    if ($values !== FALSE and $values["count"] > 0) {
      $uid = $values[0];
    }

    if (!staff_get_expired($ds, $uid)) {
      $content .= "<li class=" . ($odd ? "odd" : "even") . ">";
      $content .= ($type == "list_compact")
            ? staff_do_list_user_compact($ds, $entry, $uid, $privacy)
            : staff_do_list_user_long($ds, $entry, $uid, $privacy);
      $content .= "</li>";
    }
    $odd = !$odd;
    $entry = ldap_next_entry($ds, $entry);
  }
  $content .= "</ul>";
  return $content;
}

/**
 * Display a single staff member
 */
function staff_do_single($ds, $sr, $privacy) {
  $entry = ldap_first_entry($ds, $sr);
  $content = "";

  while ($entry !== FALSE) {
    $values = @ldap_get_values($ds, $entry, "uid");
    if ($values !== FALSE and $values["count"] > 0) {
      $uid = $values[0];
    }

    $expired = staff_get_expired($ds, $uid);
    $content .= "<div class='staff-single'>";
    $content .= staff_do_user($ds, $entry, $uid, $expired, $privacy);
    $content .= "</div>";
    $entry = ldap_next_entry($ds, $entry);
  }
  return $content;
}

/**
 * Display a single photo
 */
function staff_do_photo($ds, $sr, $privacy) {
  $entry = ldap_first_entry($ds, $sr);

  $uid = NULL;
  $values = @ldap_get_values($ds, $entry, "uid");
  if ($values !== FALSE and $values["count"] > 0) {
    $uid = $values[0];
  }
  if (!isset($privacy["public_photo"]["members"][$uid])) {
    drupal_set_message(check_plain("Unable to retrieve user (privacy)"), "error");
    return "";
  }

  if ($entry !== FALSE) {
    $values = @ldap_get_values_len($ds, $entry, "jpegPhoto");
  }
  else {
    drupal_set_message(check_plain("Unable to retrieve user: " . ldap_error($ds)), "error");
    return "";
  }

  if ($values !== FALSE && $values["count"] != 0) {
    header('Content-type: image/jpeg');
    print $values[0];
    exit();
  }
  else {
    drupal_set_message(check_plain("Unable to retrieve jpegPhoto: " . ldap_error($ds)), "error");
    return "";
  }
}


/**
 * Get all groups with the name $group. 
 * Usually should only return one result.
 */
function staff_get_groups($ds, $group) {
  $result = array(
    'descriptions' => array(),
    'groups' => array(),
    'members' => array(),
  );

  // security issue: $group is untrusted
  // this is checked in staff_content()
  $search = "(&(objectClass=posixGroup)(cn=$group))";
  $basedn = variable_get('staff_basedn_groups', 'dc=example,dc=org');
  $sr = @ldap_search($ds, $basedn, $search, array("description", "gidNumber", "memberUid"));
  if ($sr === FALSE) {
    drupal_set_message(check_plain("Unable to search the LDAP server $basedn for $search: " . ldap_error($ds)),
                       "error");
    return;
  }

  $entry = ldap_first_entry($ds, $sr);
  while ($entry !== FALSE) {
    $values = @ldap_get_values($ds, $entry, "description");
    for ($i = 0; $i < $values["count"]; $i = $i + 1) {
      $id = $values[$i];
      $result["descriptions"][] = $values[$i];
    }

    $values = @ldap_get_values($ds, $entry, "gidNumber");
    for ($i = 0; $i < $values["count"]; $i = $i + 1) {
      $id = $values[$i];
      $result["groups"][$id] = 1;
    }
    $values = @ldap_get_values($ds, $entry, "memberUid");
    for ($i = 0; $i < $values["count"]; $i = $i + 1) {
      $id = $values[$i];
      $result["members"][$id] = 1;
    }
    $entry = ldap_next_entry($ds, $entry);
  }
  return ($result);
}

/**
 * retrieve list of type $type when [$key] = $value
 * $key can be "name", "cn", "uid", or "".
 * $type can be "list" or "photo"
 *
 * If $type is "photo" and multiple results present, display error.
 * If $type is "photo" and multiple results present, use list display.
 * If $type is "photo" and only one result present, use singular display.
 */
function staff_get_list($ds, $key, $type, $value) {
  $photo = FALSE;
  $term = NULL;
  $content = "";

  if ($type == "photo") {
    $photo = TRUE;
  }

  $privacy = array(
    'public_photo' => staff_get_groups($ds, "public_photo"),
    'public_email' => staff_get_groups($ds, "public_email"),
    'public_telephonenumber' => staff_get_groups($ds, "public_telephonenumber"),
    'public_mobile' => staff_get_groups($ds, "public_mobile"),
  );

  $request = NULL;
  $search = "(&(objectClass=inetOrgPerson)(!(uid=administrator))(!(uid=root))";
  if ($key == "name") {
    $request = "single";
    $name = str_replace("_", " ", $value);
    $search .= "(cn=$name)";
  }
  elseif ($key == "uid") {
    $request = "single";
    $search .= "(uid=$value)";
  }
  elseif ($key == "group") {
    $request = "list";
    $group = $value;
    $groups = staff_get_groups($ds, $group);

    $search .= "(|";
    foreach ($groups["groups"] as $id => $dummy) {
      $search .= "(gidNumber=$id)";
    }
    foreach ($groups["members"] as $id => $dummy) {
      $search .= "(uid=$id)";
    }
    $search .= ")";

    $content .= '<div class="staff-list">';

    // Note: if multiple matches found, this will only display
    // first description of first group.
    $content .= "<h3>Staff list for " . htmlspecialchars($groups['descriptions'][0]) . "</h3>";
  }
  else {
    $request = "list";
    $search .= "";
    $content .= "<h3>Staff list for VPAC Staff</h3>";
  }
  $search .= ")";

  $attributes = array(
    "jpegPhoto",
    "shadowExpire",
    "uid",
    "description",
    "cn",
    "title",
    "telephonenumber",
    "mobile",
    "facsimiletelephonenumber",
    "mail",
  );

  $basedn = variable_get('staff_basedn_users', 'dc=example,dc=org');
  $sr = @ldap_search($ds, $basedn, $search, $attributes);

  if ($sr) {
    ldap_sort($ds, $sr, "cn");

    $count = ldap_count_entries($ds, $sr);

    if ($photo and $count == 0) {
      $content .= "<p>Photo not found</p>";
    }
    elseif ($photo and $count == 1) {
      $content .= staff_do_photo($ds, $sr, $privacy);
    }
    elseif ($photo) {
      $content .= "<p>Too many entries found ($count)</p>";
    }
    elseif ($count == 0) {
      $content .= "<p>No results found</p>";
    }
    elseif ($request == "single" && $count == 1) {
      $content .= staff_do_single($ds, $sr, $privacy);
    }
    else {
      $content .= "<p>Staff are listed alphabetically by first name.</p>";
      $content .= staff_do_list($ds, $sr, $type, $privacy);
    }
  }
  else {
    drupal_set_message(check_plain("Unable to search the LDAP server '$search': " . ldap_error($ds)), "error");
  }

  // class="staff-list"
  if ($key == "group") {
    $content .= '</div>';
  }

  return $content;
}

/**
 * Test whether we can display the specified group
 */
function is_valid_group($group_name) {
  $valid_groups = variable_get('valid_groups', '');
  $valid_array = mb_split("[\n\r ]", $valid_groups);

  $valid = FALSE;
  for ($i = 0; !$valid && $i < count($valid_array); $i++) {
    $valid = $group_name === $valid_array[$i];
  }

  return $valid;
}

/**
 * Called by Drupal when user retrieves URL under /staff.
 */
function staff_content() {
  $ds = FALSE;
  $r = FALSE;
  $sr = FALSE;

  $content = "";
  $server = variable_get('staff_server', 'ldap');
  $ds = ldap_connect($server); // must be a valid LDAP server!

  if ($ds) {
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
    $r = @ldap_bind($ds); // this is an "anonymous" bind, typically
    // read-only access
  }
  else {
    drupal_set_message(check_plain("Unable to connect to LDAP server $server"), "error");
  }

  $breadcrumb = array();
  $breadcrumb[] = l(t('Home'), '<front>');
  $breadcrumb[] = l(t('About Us'), 'about');
  $breadcrumb[] = l(t('Our Team'), 'about/ourteam');

  if ($r) {
    $type = NULL;
    $term = NULL;
    if (preg_match('/^([0-9a-zA-Z_ ]+)\.jpg$/', arg(2), $matches)) {
      $term = $matches[1];
      $type = "photo";
    }
    elseif (preg_match('/^[0-9a-zA-Z_ ]+$/', arg(2))) {
      $term = arg(2);
      $type = "list_long";
    }

    if (arg(1) == "name") {
      $content = staff_get_list($ds, "name", $type, $term);
    }
    elseif (arg(1) == "uid") {
      $content = staff_get_list($ds, "uid", $type, $term);
    }
    elseif (arg(1) == "group" && is_valid_group(arg(2))) {
      $content = staff_get_list($ds, "group", $type, $term);
    }
    elseif (arg(1) == "all") {
      $content .= staff_get_list($ds, "group", "list_compact", "vpac");
    }
    else {
      $content .= '<div class="staff-error">';
      $content .= "The staff search you requested is invalid. ";
      $content .= 'Please return to the <a href="/staff">staff page</a> to try another search.';
      $content .= '</div>';
    }
  }

  ldap_close($ds);

  drupal_set_breadcrumb($breadcrumb);

  return $content;
}

# vim:syntax=php:ts=3