Fix disable/enable user action; refactoring sync user; Partner default access to sfp/smb

SE/se-lib/Route/Users.php

@@ -0,0 +1,135 @@
+<?php
+
+Lib::loadClass('RouteBase');
+Lib::loadClass('UserStorageFactory');
+Lib::loadClass('ProcesHelper');
+Lib::loadClass('SyncUsers');
+
+class Route_Users extends RouteBase {
+
+	public function handleAuth() {
+		if (!User::logged()) {
+			throw new HttpException('Unauthorized', 401);
+		}
+	}
+
+	public function defaultAction() {
+		SE_Layout::gora();
+		SE_Layout::menu();
+		$this->menu();
+		SE_Layout::dol();
+	}
+
+	public function menu() {
+		$usrLogin = User::getLogin();
+		?>
+<ul>
+	<li><a href="index.php?_route=Users&_task=syncUser&usrLogin=<?php echo $usrLogin; ?>">Sync user <?php echo $usrLogin; ?></a></li>
+</ul>
+<?php
+	}
+
+	public function syncUserAction() {
+		SE_Layout::gora();
+		SE_Layout::menu();
+		$usrLogin = V::get('usrLogin', '', $_GET);
+		echo '<div class="container">';
+		try {
+			if (empty($usrLogin)) throw new Exception("Empty user login");
+
+			$usrStorageDB = UserStorageFactory::getStorage('DB');
+			$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
+			if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
+			if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");
+
+			echo '<h4>' . "Synchronizacja użytkownika <code>{$usrLogin}</code>" . '</h4>';
+			$usrFrom = $usrStorageDB->getUser($usrLogin);
+			DBG::_('DBG_SU', '>1', 'User from:', $usrFrom, __CLASS__, __FUNCTION__, __LINE__);
+			if ($usrFrom) {
+				$zasobPermsTblId = ProcesHelper::getZasobTableID('CRM_AUTH_PROFILE');
+				if ($zasobPermsTblId > 0) {
+					// TODO: ?_route=Users&_task=addGroup&usrLogin={$usrFrom->login}
+					?>
+					<p>Ustal stanowisko:
+						<a href="index.php?MENU_INIT=USER_ADD_GROUP&usrLogin=<?php echo $usrFrom->login; ?>">ustal stanowisko</a>
+					</p>
+<?php
+				}
+				$zasobUsersTblId = ProcesHelper::getZasobTableID('ADMIN_USERS');
+				if ($zasobUsersTblId > 0) {
+					// /index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=4095#EDIT/4527
+					?>
+					<p>Edytuj:
+						<a href="index.php?MENU_INIT=VIEWTABLE_AJAX&ZASOB_ID=<?php echo $zasobUsersTblId; ?>#EDIT/<?php echo $usrFrom->primaryKey; ?>">edytuj</a>
+					</p>
+<?php
+				}
+			}
+
+			$this->syncUser($usrLogin, $usrStorageDB, $usrStorageLdap);
+		} catch (Exception $e) {
+			?>
+<div class="alert alert-danger"><?php echo $e->getMessage(); ?></div>
+<?php
+		}
+		echo '</div>';// .container
+		SE_Layout::dol();
+	}
+
+	public function syncUser($userName, $usrStorageDB, $usrStorageLdap) {
+		if (empty($userName)) throw new Exception("Empty user login");
+		if (!$usrStorageDB) throw new Exception("Error storage DB not exists");
+		if (!$usrStorageLdap) throw new Exception("Error storage Ldap not exists");
+
+		$synUsers = new SyncUsers($usrStorageDB, $usrStorageLdap);
+
+		$syncTodoList = $synUsers->getSyncUserTodoList($userName, $syncGroups = true, $syncDisabled = true);
+		?>
+		<?php if (empty($syncTodoList)) : ?>
+			<div class="alert alert-info">Brak zadań do wykonania - użytkownik zsynchronizowany</div>
+		<?php else : ?>
+			<div class="well">
+				<p>Lista zadań do wykonania:</p>
+				<ul>
+					<?php foreach ($syncTodoList as $vTask) : ?>
+						<li><?php echo $vTask; ?></li>
+					<?php endforeach; ?>
+				</ul>
+			</div>
+		<?php endif; ?>
+		<?php
+
+		if ('1' == V::get('_runSync', '', $_POST)) {
+			$synced = $synUsers->syncUser($userName, $syncGroups = true, $syncDisabled = true);
+			if (!$synced) {
+				?>
+				<div class="alert alert-danger">
+					Nie udało się zsynchronizować uprawnień użytkownika <?php echo $userName; ?>.
+				</div>
+				<?php
+				$errorsList = $synUsers->getErrorsMsgListWithDbg();
+				if (!empty($errorsList)) {
+					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">';
+						echo "Błędy:\n" . implode("\n", $errorsList);
+					echo '</pre>';
+				}
+			}
+			else {
+				?>
+				<div class="alert alert-success">
+					Synchronizacja uprawnień użytkownika <?php echo $userName; ?> zakończona powodzeniem.
+				</div>
+				<?php
+			}
+		}
+		else {
+			?>
+			<form action="" method="POST">
+				<input type="hidden" name="_runSync" value="1">
+				<input type="submit" value="Synchronizuj" class="btn btn-primary btn-big">
+			</form>
+			<?php
+		}
+	}
+
+}

SE/se-lib/SyncUsers.php

@@ -16,63 +16,69 @@ class SyncUsers {
 	 * 
 	 * @return bool or -int if error @see getSyncUserErrorMsg($errCode);
 	 */
-	public function syncUser($usrLogin, $syncGroups = false, $syncDisabled = false) {
+	public function syncUser($usrLogin) {
+		$syncGroups = true;
+		$syncDisabled = true;
 		$usrFrom = $this->_fromStorage->getUser($usrLogin);
 		$usrTo = $this->_toStorage->getUser($usrLogin);
+		if (!$usrFrom) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie danych");
 
-		if (V::get('DBG_SU', 0, $_GET, 'int') > 0) {
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">usrFrom (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($usrFrom);echo'</pre>';
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">usrTo (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($usrTo);echo'</pre>';
-		}
+		DBG::_('DBG_SU', '>0', 'usrFrom', $usrFrom, __CLASS__, __FUNCTION__, __LINE__);
+		DBG::_('DBG_SU', '>0', 'usrTo', $usrTo, __CLASS__, __FUNCTION__, __LINE__);
 
-		if (!$usrFrom) {
-			$this->setError(1, "User {$usrLogin} not exists in fromStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
+		if (!$usrTo) {
+			$this->_toStorage->createUser($usrFrom);
+			$usrTo = $this->_toStorage->getUser($usrLogin);
+			if (!$usrTo) throw new Exception("Nie udało się utworzyć użytkownika '{$usrLogin}' w bazie LDAP");
+			$this->syncExistingUser($usrLogin, $usrFrom, $usrTo);
+		}
+		else {// $usrFrom && $usrTo
+			$this->syncExistingUser($usrLogin, $usrFrom, $usrTo);
 		}
-		else if (!$usrTo) {
-
-			$created = $this->_toStorage->createUser($usrFrom);
-
-			if (!$created) {
-				$errors = $this->_toStorage->getRawErrorsList();
-				foreach ($errors as $vErr) {
-					$this->setError($vErr->code, $vErr->msg, $vErr->dbgMsg);
-				}
-				$this->setError(1, "Error: create user {$usrLogin} from fromStorage to toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-				return false;
-			}
 
+		$usrFromDisabeld = null;
+		$usrToDisabeld = null;
+		{// $syncDisabled
+			$usrFrom = $this->_fromStorage->getUser($usrLogin);
 			$usrTo = $this->_toStorage->getUser($usrLogin);
-			if (!$usrTo) {
-				return false;
-			}
-			$synced = $this->syncExistingUser($usrLogin, $usrFrom, $usrTo);
-			if (!$synced) {
-				return false;
-			}
+			if (!$usrFrom) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie danych");
+			if (!$usrTo) throw new Exception("Użytkownik '{$usrLogin}' nie istnieje w bazie LDAP");
 
-		}
-		else {// $usrFrom && $usrTo
-			$synced = $this->syncExistingUser($usrLogin, $usrFrom, $usrTo);
-			if (!$synced) {
-				return false;
+			$usrFromDisabeld = $this->_fromStorage->isDisabled($usrFrom);
+			$usrToDisabeld = $this->_toStorage->isDisabled($usrTo);
+			if (null === $usrFromDisabeld) throw new Exception("Nieznany status blokady dla użytkownika '{$usrLogin}' w bazie danych");
+			if (null === $usrToDisabeld) throw new Exception("Nieznany status blokady dla użytkownika '{$usrLogin}' w bazie LDAP");
+
+			if ($usrFromDisabeld !== $usrToDisabeld) {
+				if (!$this->_toStorage->setDisabled($usrLogin, $usrFromDisabeld)) {
+					throw new Exception("Nie udało się ustawić statusu blokady dla użytkownika '{$usrLogin}'");
+				}
 			}
 		}
 
-		if ($syncGroups) {
-			$synced = $this->syncUserGroups($usrLogin);
-			if (!$synced) {
-				$this->setError(1, "Error: sync groups for user '{$usrLogin}' from fromStorage to toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-				return false;
+		{// $syncGroups
+			$groupsFrom = $this->_fromStorage->getUserGroups($usrLogin);
+			$groupsTo = $this->_toStorage->getUserGroups($usrLogin);
+			$groupsTodo = $this->getSyncUserGroupsTodoList($usrLogin);
+			DBG::_('DBG_SU', '>0', 'groupsTodo', $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);
+			DBG::_('DBG_SU', '>0', 'groupsFrom', $groupsFrom, __CLASS__, __FUNCTION__, __LINE__);
+			DBG::_('DBG_SU', '>0', 'groupsTo', $groupsTo, __CLASS__, __FUNCTION__, __LINE__);
+
+			if (!empty($groupsTodo)) {
+				foreach ($groupsTodo as $kGroupID => $vBool) {
+					if ($vBool) {
+						$this->_toStorage->addUserGroup($usrLogin, $groupsFrom[$kGroupID]);
+					}
+					else {
+						$this->_toStorage->removeUserGroup($usrLogin, $groupsTo[$kGroupID]);
+					}
+				}
 			}
-		}
 
-		if ($syncDisabled) {
-			$synced = $this->syncDisabled($usrLogin);
-			if (!$synced) {
-				$this->setError(1, "Error: sync groups for user '{$usrLogin}' from fromStorage to toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
+			if ($this->hasErrors()) {
 				return false;
 			}
+			return true;
 		}
 
 		$this->_fromStorage->setSyncUserDate($usrLogin);
@@ -101,13 +107,13 @@ class SyncUsers {
 			foreach ($errors as $vErr) {
 				$this->setError($vErr->code, $vErr->msg, $vErr->dbgMsg);
 			}
-			$this->setError(1, "TODO: update user {$usrLogin} from fromStorage to toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
+			throw new Exception("TODO: update user {$usrLogin} from Database to Ldap");
 		}
-		return true;
 	}
 
-	public function getSyncUserTodoList($usrLogin, $syncGroups = false, $syncDisabled = false) {
+	public function getSyncUserTodoList($usrLogin) {
+		$syncGroups = true;
+		$syncDisabled = true;
 		$syncTodoList = array();
 		$usrFrom = $this->_fromStorage->getUser($usrLogin);
 		$usrTo = $this->_toStorage->getUser($usrLogin);
@@ -136,10 +142,9 @@ class SyncUsers {
 			}
 		}
 
+		$usrFromDisabeld = $this->_fromStorage->isDisabled($usrFrom);
+		$usrToDisabeld = $this->_toStorage->isDisabled($usrTo);
 		if ($syncDisabled) {
-			
-			$usrFromDisabeld = $this->_fromStorage->isDisabled($usrFrom);
-			$usrToDisabeld = $this->_toStorage->isDisabled($usrTo);
 
 			if ($usrFromDisabeld === null || $usrToDisabeld === null) {
 				$syncTodoList[] = "Error: isDisabled '{$usrLogin}' not set in fromStorage or toStorage";
@@ -147,25 +152,13 @@ class SyncUsers {
 			}
 
 			if ($usrFromDisabeld !== $usrToDisabeld) {
-				$syncTodoList[] = "Set isDisabled '{$usrLogin}' to " . (($usrFromDisabeld)? '1' : '0');
+				$syncTodoList[] = "Set isDisabled '{$usrLogin}' to " . (($usrFromDisabeld)? 'true' : 'false');
 			}
 		}
 
-		if ($syncGroups) {
-			$groupsFrom = $this->_fromStorage->getUserGroups($usrLogin);
-			$groupsTo = $this->_toStorage->getUserGroups($usrLogin);
-
-			$groupsTodo = array();
-			foreach ($groupsTo as $kUid => $vName) {
-				$groupsTodo[$kUid] = false;
-			}
-			foreach ($groupsFrom as $kUid => $vGroup) {
-				if (isset($groupsTodo[$kUid])) {
-					unset($groupsTodo[$kUid]);
-				} else {
-					$groupsTodo[$kUid] = true;
-				}
-			}
+		{// $syncGroups
+			$groupsTodo = $this->getSyncUserGroupsTodoList($usrLogin);
+			DBG::_('DBG_SU', '>0', "groupsTodo usrFromDisabeld(" . (($usrFromDisabeld)? 'true' : 'false') . ")", $groupsTodo, __CLASS__, __FUNCTION__, __LINE__);
 
 			if (!empty($groupsTodo)) {
 				foreach ($groupsTodo as $kGroupID => $vBool) {
@@ -181,186 +174,33 @@ class SyncUsers {
 		return $syncTodoList;
 	}
 
-	public function syncDisabled($usrLogin, $usrFrom = null, $usrTo = null) {
-		if (!$usrFrom) $usrFrom = $this->_fromStorage->getUser($usrLogin);
-		if (!$usrTo) $usrTo = $this->_toStorage->getUser($usrLogin);
-		if (!$usrFrom || !$usrTo) {
-			$this->setError(1, "Error: user '{$usrLogin}' not exists in fromStorage or toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
-		}
-
+	/**
+	 * @returns array $groupsTodo - groups todo list:
+	 *   'com.apple.access_mail' => true - add to this group
+	 *   'com.apple.access_mail' => false - remove from this group
+	 */
+	public function getSyncUserGroupsTodoList($usrLogin) {
+		$groupsTodo = array();// `guid` => true (add), false (remove)
+		$usrFrom = $this->_fromStorage->getUser($usrLogin);
 		$usrFromDisabeld = $this->_fromStorage->isDisabled($usrFrom);
-		$usrToDisabeld = $this->_toStorage->isDisabled($usrTo);
-
-		if ($usrFromDisabeld === null || $usrToDisabeld === null) {
-			$this->setError(1, "Error: isDisabled '{$usrLogin}' not set in fromStorage or toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
-		}
-
-		if ($usrFromDisabeld !== $usrToDisabeld) {
-			$synced = $this->_toStorage->setDisabled($usrLogin, $usrFromDisabeld);
-			if (!$synced) {
-				$this->setError(1, "Error: sync isDisabled '{$usrLogin}' failed ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-				return false;
-			}
-		}
-
-		return true;
-	}
-
-	public function syncUserGroups($usrLogin, $usrFrom = null, $usrTo = null) {
-		if (!$usrFrom) $usrFrom = $this->_fromStorage->getUser($usrLogin);
-		if (!$usrTo) $usrTo = $this->_toStorage->getUser($usrLogin);
-		if (!$usrFrom || !$usrTo) {
-			$this->setError(1, "Error: user '{$usrLogin}' not exists in fromStorage or toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
-		}
-
 		$groupsFrom = $this->_fromStorage->getUserGroups($usrLogin);
 		$groupsTo = $this->_toStorage->getUserGroups($usrLogin);
-
-		if (V::get('DBG_SU', 0, $_GET, 'int') > 0) {
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">groupsFrom (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($groupsFrom);echo'</pre>';
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">groupsTo (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($groupsTo);echo'</pre>';
-		}
-
-		/**
-		 * $groupsTodo - groups todo list:
-		 *   'com.apple.access_mail' => true - add to this group
-		 *   'com.apple.access_mail' => false - remove from this group
-		 */
-		$groupsTodo = array();
 		foreach ($groupsTo as $kUid => $vName) {
 			$groupsTodo[$kUid] = false;
 		}
-		foreach ($groupsFrom as $kUid => $vGroup) {
-			if (isset($groupsTodo[$kUid])) {
-				unset($groupsTodo[$kUid]);
-			} else {
-				$groupsTodo[$kUid] = true;
-			}
-		}
-
-		if (V::get('DBG_SU', 0, $_GET, 'int') > 0) {
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">groupsTodo (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($groupsTodo);echo'</pre>';
-		}
-
-		if (!empty($groupsTodo)) {
-			foreach ($groupsTodo as $kGroupID => $vBool) {
-				if ($vBool) {
-					$added = $this->_toStorage->addUserGroup($usrLogin, $groupsFrom[$kGroupID]);
-					if (!$added) {
-						$this->setError(1, "Error: user '{$usrLogin}' add to group '{$kGroupID}' in toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-					}
-				}
-				else {
-					$removed = $this->_toStorage->removeUserGroup($usrLogin, $groupsTo[$kGroupID]);
-					if (!$removed) {
-						$this->setError(1, "Error: user '{$usrLogin}' remove from group '{$kGroupID}/{$groupsTo[$kGroupID]->name}' in toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-					}
-				}
-			}
-		}
-
-		if ($this->hasErrors()) {
-			return false;
-		}
-		return true;
-	}
-
-	public function getSyncGroupTodoList($groupID, $syncNestedGroups = false) {
-		$syncTodoList = array();
-		$groupFrom = $this->_fromStorage->getGroup($groupID);
-		$groupTo = $this->_toStorage->getGroup($groupID);
-
-		if (!$groupFrom) {
-			$syncTodoList[] = "Group {$groupID} not exists in fromStorage";
-			return $syncTodoList;
-		}
-		else if (!$groupTo) {
-			$syncTodoList[] = "Create group {$groupID} in toStorage";
-			return $syncTodoList;
-		}
-		else {
-			$updateData = array();
-			if (empty($groupTo->realName) && $groupFrom->realName != $groupTo->realName) {
-				$updateData['realName'] = $groupFrom->realName;
-			}
-			foreach ($updateData as $key => $val) {
-				$syncTodoList[] = "Update {$key}: {$val}";
-			}
-		}
 
-		if ($syncNestedGroups) {
-			if (!empty($groupTo->nestedGroups) || !empty($groupFrom->nestedGroups)) {
-				$groupsTodo = array();
-				if (!empty($groupTo->nestedGroups)) {
-					foreach ($groupTo->nestedGroups as $kUid => $vGroup) {
-						$groupsTodo[$kUid] = false;
-					}
-				}
-				if (!empty($groupFrom->nestedGroups)) {
-					foreach ($groupFrom->nestedGroups as $kUid => $vGroup) {
-						if (isset($groupsTodo[$kUid])) {
-							unset($groupsTodo[$kUid]);
-						} else {
-							$groupsTodo[$kUid] = true;
-						}
-					}
-				}
-
-				if (!empty($groupsTodo)) {
-					foreach ($groupsTodo as $kGroupID => $vBool) {
-						if ($vBool) {
-							$syncTodoList[] = "Add group '{$kGroupID}' to group '{$groupID}' in toStorage";
-						}
-						else {
-							$syncTodoList[] = "Remove group '{$kGroupID}' from group '{$groupID}' in toStorage";
-						}
-					}
-				}
-			}
-
-			$fromParentGroups = $groupFrom->getParentGroups();
-			$toParentGroups = $groupTo->getParentGroups();
-
-			{
-				$groupsTodo = array();
-				if (!empty($toParentGroups)) {
-					foreach ($toParentGroups as $kUid => $vGroup) {
-						$groupsTodo[$kUid] = false;
-					}
-				}
-				if (!empty($fromParentGroups)) {
-					foreach ($fromParentGroups as $kUid => $vGroup) {
-						if (isset($groupsTodo[$kUid])) {
-							unset($groupsTodo[$kUid]);
-						} else {
-							$groupsTodo[$kUid] = true;
-						}
-					}
-				}
-
-				if (!empty($groupsTodo)) {
-					foreach ($groupsTodo as $kGroupID => $vBool) {
-						if ($vBool) {
-							$syncTodoList[] = "Add parent group '{$kGroupID}' to group '{$groupID}' in toStorage";// == add $groupID to $kGroupID
-						}
-						else {
-							$groupTest = $this->_fromStorage->getGroup($kGroupID);
-							if ($groupTest) {
-								$syncTodoList[] = "Remove parent group '{$kGroupID}' from group '{$groupID}' in toStorage";// == remove $groupID from $kGroupID
-							} else {
-								//$syncTodoList[] = "Keep parent group '{$kGroupID}' in group '{$groupID}' in toStorage, because that group dont exists in fromStorage";
-							}
-						}
-					}
+		if (true === $usrFromDisabeld) {
+			// remove all groups
+		} else {
+			foreach ($groupsFrom as $kUid => $vGroup) {
+				if (isset($groupsTodo[$kUid])) {
+					unset($groupsTodo[$kUid]);
+				} else {
+					$groupsTodo[$kUid] = true;
 				}
 			}
-
 		}
-
-		return $syncTodoList;
+		return $groupsTodo;
 	}
 
 	/**
@@ -372,10 +212,8 @@ class SyncUsers {
 		$groupFrom = $this->_fromStorage->getGroup($groupID);
 		$groupTo = $this->_toStorage->getGroup($groupID);
 
-		if (V::get('DBG_SU', 0, $_GET, 'int') > 0) {
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">groupFrom (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($groupFrom);echo'</pre>';
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">groupTo (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($groupTo);echo'</pre>';
-		}
+		DBG::_('DBG_SU', '>0', 'groupFrom', $groupFrom, __CLASS__, __FUNCTION__, __LINE__);
+		DBG::_('DBG_SU', '>0', 'groupTo', $groupTo, __CLASS__, __FUNCTION__, __LINE__);
 
 		if (!$groupFrom) {
 			$this->setError(1, "Group {$groupID} not exists in fromStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
@@ -383,16 +221,7 @@ class SyncUsers {
 		}
 		else if (!$groupTo) {
 
-			$created = $this->_toStorage->createGroup($groupFrom);
-
-			if (!$created) {
-				$errors = $this->_toStorage->getRawErrorsList();
-				foreach ($errors as $vErr) {
-					$this->setError($vErr->code, $vErr->msg, $vErr->dbgMsg);
-				}
-				$this->setError(1, "Error: create group {$groupID} from fromStorage to toStorage", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-				return false;
-			}
+			$this->_toStorage->createGroup($groupFrom);
 
 			$groupTo = $this->_toStorage->getGroup($groupID);
 			$synced = $this->syncExistingGroup($groupID, $groupFrom, $groupTo, $syncNestedGroups);

SE/se-lib/UserStorageBase.php

@@ -16,7 +16,7 @@ class UserStorageBase {
 	 *   $usr->homeEmail
 	 *   $usr->homePhone
 	 *   $usr->employeeType			'Pracownik','Kandydat','Partner','Anonymous'
-	 *   $usr->isDisabled				1, 0 or null if not set
+	 *   $usr->isDisabled				true, false or null if not set
 	 */
 	public function getUser($usrLogin) {}
 

SE/se-lib/UserStorageDB.php

@@ -23,7 +23,7 @@ class UserStorageDB extends UserStorageBase {
 	 *   $usr->homeEmail
 	 *   $usr->homePhone
 	 *   $usr->employeeType			'Pracownik','Kandydat','Partner'
-	 *   $usr->isDisabled				1, 0 or null if not set
+	 *   $usr->isDisabled				true, false or null if not set
 	 */
 	public function getUser($usrLogin) {
 		if (!$this->_db) return false;
@@ -66,7 +66,7 @@ class UserStorageDB extends UserStorageBase {
 		$user->homeEmail = $r->homeEmail;
 		$user->homePhone = $r->homePhone;
 		$user->employeeType = $r->employeeType;
-		$user->isDisabled = (int)$r->isDisabled;
+		$user->isDisabled = ((int)$r->isDisabled)? true : false;
 		return $user;
 	}
 
@@ -430,6 +430,9 @@ class UserStorageDB extends UserStorageBase {
 			$groups['com.apple.access_afp'] = $this->_buildGroupLocal('com.apple.access_afp');
 			$groups['com.apple.access_vpn'] = $this->_buildGroupLocal('com.apple.access_vpn');
 			$groups['com.apple.access_chat'] = $this->_buildGroupLocal('com.apple.access_chat');
+		} else if ($usrDB->employeeType == 'Partner') {
+			$groups['com.apple.access_smb'] = $this->_buildGroupLocal('com.apple.access_smb');
+			$groups['com.apple.access_afp'] = $this->_buildGroupLocal('com.apple.access_afp');
 		}
 
 		$groupsAll = $this->_getUserGroupsAll($usrLogin);

SE/se-lib/UserStorageMacOSX.php

@@ -3,6 +3,8 @@
 Lib::loadClass('UserStorageBase');
 Lib::loadClass('ObjectUserLdap');
 Lib::loadClass('ObjectGroupLdap');
+Lib::loadClass('UsersLdapHelper');
+Lib::loadClass('LDAP');
 
 /**
  * Test remove user:
@@ -31,13 +33,11 @@ class UserStorageMacOSX extends UserStorageBase {
 	 * @return ObjectUserLdap
 	 */
 	public function getUser($userName) {
-		Lib::loadClass('UsersLdapHelper');
 		$usrLdap = UsersLdapHelper::getUser($userName, true);
 		if (empty($usrLdap[0])) return null;
 
 		$user = $this->_buildUserFromLdap($usrLdap[0]);
 
-
 		return $user;
 	}
 
@@ -66,7 +66,6 @@ class UserStorageMacOSX extends UserStorageBase {
 		if ($groupID <= 0) return false;
 
 		$group = null;
-		Lib::loadClass('UsersLdapHelper');
 		$groups = UsersLdapHelper::getGroupsByID($groupID);
 		if (count($groups) == 1) {
 			$group = reset($groups);
@@ -81,7 +80,6 @@ class UserStorageMacOSX extends UserStorageBase {
 	}
 
 	public function getParentGroups(ObjectGroup $group) {
-		Lib::loadClass('UsersLdapHelper');
 		$parentGroups = array();
 		$parentGroupsLdap = UsersLdapHelper::getParentGroupsByAppleUID($group->getLdapUID());
 		foreach ($parentGroupsLdap as $groupLdap) {
@@ -97,29 +95,10 @@ class UserStorageMacOSX extends UserStorageBase {
 	 * @return bool
 	 */
 	public function isDisabled($usr) {
-		if (null == $usr->isDisabled) {
-			//$cmd = "sudo pwpolicy -u {$usr->login} -getpolicy";
-			$cmd = "sudo pwpolicy -u {$usr->login} --get-effective-policy";// BUG wersja 10.9.3 opcja -getpolicy pokazuje tylko włączone opcje, nie pokaże "isDisabled=0"
-			$cmdOut = null; $cmdRet = null;
-			exec($cmd, $cmdOut, $cmdRet);
-			if(V::get('DBG_SU', 0, $_GET, 'int') > 1){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">cmd('.$cmd.') ret('.$cmdRet.') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($cmdOut);echo'</pre>';}
-			foreach ($cmdOut as $vLine) {
-				if (false !== strpos($vLine, 'isDisabled=')) {
-					if (false !== strpos($vLine, 'isDisabled=0')) {
-						$usr->isDisabled = 0;
-					}
-					else if (false !== strpos($vLine, 'isDisabled=1')) {
-						$usr->isDisabled = 1;
-					}
-					else if (false !== strpos($vLine, 'isDisabled=false')) {
-						$usr->isDisabled = 0;
-					}
-					else if (false !== strpos($vLine, 'isDisabled=true')) {
-						$usr->isDisabled = 1;
-					}
-					break;
-				}
-			}
+		if (null === $usr->isDisabled) {
+			$allGroups = $this->_fetchAllUserGroups($usr->login);
+			$usr->isDisabled = in_array('com.apple.access_disabled', $allGroups);
+			DBG::_('DBG_SU', '>1', "usr->isDisabled(" . (($usr->isDisabled)? 'true' : 'false') . ") ", null, __CLASS__, __FUNCTION__, __LINE__);
 		}
 		return $usr->isDisabled;
 	}
@@ -128,14 +107,16 @@ class UserStorageMacOSX extends UserStorageBase {
 	 * @return bool
 	 */
 	public function setDisabled($usrLogin, $isDisabled) {
+		// pwpolicy -a diradmin -u t1 -disableuser
+		// pwpolicy -a diradmin -u t1 -enableuser
 		if (empty($usrLogin) || null === $isDisabled) {
 			return false;
 		}
-		$cmdDisabled = ($isDisabled)? '1' : '0';
-		$cmd = "pwpolicy -a {$this->_rootUser} -p {$this->_rootPass} -u {$usrLogin} -setpolicy \"isDisabled={$cmdDisabled}\" 2>&1 ";
+		$cmdDisabled = ($isDisabled)? ' -disableuser' : ' -enableuser';
+		$cmd = "pwpolicy -a {$this->_rootUser} -p {$this->_rootPass} -u {$usrLogin} {$cmdDisabled} 2>&1 ";
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
-		if(V::get('DBG_SU', 0, $_GET, 'int') > 1){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">cmd('.str_replace($this->_rootPass, '***', $cmd).') ret('.$cmdRet.') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($cmdOut);echo'</pre>';}
+		DBG::_('DBG_SU', '>1', "cmd(" . str_replace($this->_rootPass, '***', $cmd) . ") ret({$cmdRet}) ", $cmdOut, __CLASS__, __FUNCTION__, __LINE__);
 		if ($cmdRet !== 0) {
 			return false;
 		}
@@ -147,15 +128,11 @@ class UserStorageMacOSX extends UserStorageBase {
 	 *   $usr->employeeType: Pracownik, Kandydat, Partner, Anonymous
 	 *     Pracownik - all access
 	 *     Kandydat  - no access
-	 *     Partner   - access: smb/afp? calendar? addressbook?
+	 *     Partner   - access: smb/afp, TODO: calendar?, addressbook?
 	 *     Anonymous - no access
 	 */
 	public function createUser($usr) {
-	//public function createUser($login, $type, $name = '', $email = '', $pass = '') {
-
-		if (V::get('DBG_SU', 0, $_GET, 'int') > 1) {
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">usr (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($usr);echo'</pre>';
-		}
+		DBG::_('DBG_SU', '>1', 'usr', $usr, __CLASS__, __FUNCTION__, __LINE__);
 
 		$cmdDsclAuth = "dscl -u {$this->_rootUser} -P {$this->_rootPass} /LDAPv3/127.0.0.1 ";
 		$login = $this->_cleanUid($usr->login);
@@ -178,8 +155,7 @@ class UserStorageMacOSX extends UserStorageBase {
 		}
 
 		if ($uniqueID <= 0) {
-			$this->setError(1, "Error: dscl auth - check login and password in ldap config", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
+			throw new Exception("Error: dscl auth - check login and password in ldap config");
 		}
 		if (empty($name)) {
 			$name = $login;
@@ -206,17 +182,14 @@ class UserStorageMacOSX extends UserStorageBase {
 			$cmdOut = null; $cmdRet = null;
 			exec($cmd, $cmdOut, $cmdRet);
 			if ($cmdRet != 0) {
-				$this->setError(1, "cmd failed: " . str_replace($cmdDsclAuth, "dscl __auth__ ", $cmd), '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-				return false;
+				DBG::_('DBG_SU', '>1', "cmd failed: " . str_replace($cmdDsclAuth, "dscl __auth__ ", $cmd), $cmdOut, __CLASS__, __FUNCTION__, __LINE__);
+				throw new Exception("Wystąpił błąd podczas tworzenia użytwkonika '{$usrLogin}' w bazie Ldap");
 			}
 		}
-
-		return true;
 	}
 
 	private function _getAdminLdap() {
 		if (!$this->_ldapRoot) {
-			Lib::loadClass('LDAP');
 			$this->_ldapRoot = LDAP::getInstance();
 			if (!$this->_ldapRoot->bindDiradmin($errorMsg)) {
 				// $errorMsg?
@@ -307,7 +280,7 @@ class UserStorageMacOSX extends UserStorageBase {
 					}
 					break;
 				default:
-					$this->setError(1, "TODO: update group {$group->primaryKey} field {$fldName} to value '{$val}'", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
+					$this->setError(1, "Błąd podczas aktulizacji grupy '{$group->primaryKey}' - pole '{$fldName}' watość '{$val}'", '#L' . __LINE__);
 			}
 		}
 		return true;
@@ -335,7 +308,6 @@ class UserStorageMacOSX extends UserStorageBase {
 	 */
 	public function getUserGroups($usrLogin, $fetchNested = false) {
 		$groups = array();
-		Lib::loadClass('UsersLdapHelper');
 		$groupsNetwork = $this->_getUserGroupsNetwork($usrLogin);
 		$groupsLocal = $this->_getUserGroupsLocal($usrLogin);
 
@@ -352,10 +324,8 @@ class UserStorageMacOSX extends UserStorageBase {
 			}
 		}
 
-		if (V::get('DBG_SU', 0, $_GET, 'int') > 2) {
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">groupsNetwork (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($groupsNetwork);echo'</pre>';
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">groupsLocal (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($groupsLocal);echo'</pre>';
-		}
+		DBG::_('DBG_SU', '>2', "groupsNetwork", $groupsNetwork, __CLASS__, __FUNCTION__, __LINE__);
+		DBG::_('DBG_SU', '>2', "groupsLocal", $groupsLocal, __CLASS__, __FUNCTION__, __LINE__);
 		return $groups;
 	}
 
@@ -384,7 +354,6 @@ class UserStorageMacOSX extends UserStorageBase {
 	private function _fetchNestedGroupsByAppleUids($appleUids) {
 		$groups = array();
 		if (!is_array($appleUids)) $appleUids = array($appleUids);
-		Lib::loadClass('UsersLdapHelper');
 		$groupsLdap = UsersLdapHelper::getGroupsByAppleUids($appleUids);
 		foreach ($groupsLdap as $vGroupLdap) {
 			$group = $this->_buildGroupFromLdap($vGroupLdap, $fetchNested = false);
@@ -401,7 +370,6 @@ class UserStorageMacOSX extends UserStorageBase {
 	 */
 	private function _getUserGroupsNetwork($usrLogin) {
 		$groups = array();
-		Lib::loadClass('UsersLdapHelper');
 		$groupsNetwork = UsersLdapHelper::getUserGroups($usrLogin, 0);
 		foreach ($groupsNetwork as $vGroupNetwork) {
 			$groups[$vGroupNetwork->cn] = $this->_buildGroupFromLdap($vGroupNetwork);
@@ -416,20 +384,32 @@ class UserStorageMacOSX extends UserStorageBase {
 	private function _getUserGroupsLocal($usrLogin) {
 		$groups = array();
 
+		$allGroups = $this->_fetchAllUserGroups($usrLogin);
+		foreach ($allGroups as $groupName) {
+			if ($this->_isGroupLocal($groupName)) {
+				$groups[$groupName] = $this->_buildGroupLocal($groupName);
+			}
+		}
+		DBG::_('DBG_SU', '>1', "User '{$usrLogin}' GroupsLocal:", $groups, __CLASS__, __FUNCTION__, __LINE__);
+
+		return $groups;
+	}
+
+	private function _fetchAllUserGroups($usrLogin) {
+		$groups = array();
+
 		$cmd = "groups {$usrLogin}";
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
 		if ($cmdRet == 0 && !empty($cmdOut[0])) {
 			$groupsCmd = explode(' ', $cmdOut[0]);
-			foreach ($groupsCmd as $group) {
-				if ($this->_isGroupLocal($group)) {
-					$groups[$group] = $this->_buildGroupLocal($group);
+			foreach ($groupsCmd as $groupName) {
+				if (!empty($groupName)) {
+					$groups[] = $groupName;
 				}
 			}
 		}
-		if (V::get('DBG_SU', 0, $_GET, 'int') > 1) {
-			echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">groups (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($groups);echo'</pre>';
-		}
+		DBG::_('DBG_SU', '>1', "User '{$usrLogin}' all groups:", $groups, __CLASS__, __FUNCTION__, __LINE__);
 
 		return $groups;
 	}
@@ -508,8 +488,7 @@ class UserStorageMacOSX extends UserStorageBase {
 	public function createGroup(ObjectGroup $group) {
 		// TEST: $ dscl /LDAPv3/127.0.0.1 -list /Groups PrimaryGroupID
 		if ($group->zasobID <= 0) {
-			$this->setError(1, "Error: create group {$group->primaryKey} {$group->realName} - missing zasobID", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
+			throw new Exception("Nie udało się utworzyć grupy sieciowej '{$group->primaryKey}' '{$group->realName}' - brak numery zasobu");
 		}
 		$groupName = $this->_generateGroupName($group->zasobID, $group->realName);
 		$groupUidGenerated = $this->_generateGroupUid($group->zasobID, $group->realName);
@@ -530,15 +509,14 @@ class UserStorageMacOSX extends UserStorageBase {
 		$cmd = "dseditgroup -o create -n /LDAPv3/127.0.0.1 -u {$this->_rootUser} -P {$this->_rootPass} -r \"{$groupName}\" {$groupUidGenerated}";
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
-		if(V::get('DBG_SU', 0, $_GET, 'int') > 1){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">create group cmd('.str_replace($this->_rootPass, '***', $cmd).') ret('.$cmdRet.') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($cmdOut);echo'</pre>';}
+		DBG::_('DBG_SU', '>1', "create group cmd(" . str_replace($this->_rootPass, '***', $cmd) . ") ret({$cmdRet})", $cmdOut, __CLASS__, __FUNCTION__, __LINE__);
 		if ($cmdRet !== 0) {
-			return false;
+			throw new Exception("Nie udało się utworzyć grupy sieciowej '{$group->primaryKey}' '{$group->realName}'");
 		}
 		//$command8 = "dscl -u {$user} -P {$pass} /LDAPv3/127.0.0.1 -append /Groups/{$groupUid} GroupMembership {$ACCOUNT} ";
 		//$command8 = "dscl -u {$user} -P {$pass} /LDAPv3/127.0.0.1 -delete /Groups/{$groupUid} GroupMembership {$ACCOUNT} ";
 		//$command1 = "dscl -u {$user} -P {$pass} /LDAPv3/127.0.0.1 -create /Groups/{$groupUid} PrimaryGroupID {$PrimaryGroupID} ";
 		//$command2 = "dscl -u {$user} -P {$pass} /LDAPv3/127.0.0.1 -create /Groups/{$groupUid} RealName \"{$groupName}\" ";
-		return true;
 	}
 
 	private function _isGroupLocal($groupUid) {
@@ -585,10 +563,8 @@ class UserStorageMacOSX extends UserStorageBase {
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
 		if ($cmdRet != 0) {
-			$this->setError(1, "Error: add user '{$usrLogin}' to network group '{$groupUid}' ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
+			throw new Exception("Nie udało się dodać usera '{$usrLogin}' do grupy lokalnej '{$groupUid}'");
 		}
-		return true;
 	}
 
 	/**
@@ -611,12 +587,10 @@ class UserStorageMacOSX extends UserStorageBase {
 
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
-		if(V::get('DBG_SU', 0, $_GET, 'int') > 1){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">cmd('.$cmd.') ret('.$cmdRet.') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($cmdOut);echo'</pre>';}
+		DBG::_('DBG_SU', '>1', "cmd({$cmd}) ret({$cmdRet})", $cmdOut, __CLASS__, __FUNCTION__, __LINE__);
 		if ($cmdRet != 0) {
-			$this->setError(1, "Error: remove user '{$usrLogin}' from local group '{$groupUid}' ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			//return false;
+			throw new Exception("Nie udało się dodać usera '{$usrLogin}' z grupy lokalnej '{$groupUid}'");
 		}
-		return true;
 	}
 
 	public function findGroupUidDscl($groupUid) {// not used @see findGroupUid
@@ -643,7 +617,6 @@ class UserStorageMacOSX extends UserStorageBase {
 	public function findGroupUidLdap($groupUid) {
 		$groupRealUid = null;
 
-		Lib::loadClass('UsersLdapHelper');
 		$groups = UsersLdapHelper::getGroupsByID($groupUid);
 		if (count($groups) == 1) {
 			$groupRealUid = reset($groups)->cn;
@@ -678,19 +651,12 @@ class UserStorageMacOSX extends UserStorageBase {
 
 		if (!$groupRealUid) {
 			if ($group->type == 'network') {
-				$this->setError(1, "Error: access denied to create network group {$group->primaryKey}", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-				return false;
-			}
-			else if ($group->type == 'local') {
-				$this->setError(1, "Error: access denied to create local group {$group->primaryKey}", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-				return false;
+				throw new Exception("Brak dostępu do utworzenia grupy sieciowej '{$group->primaryKey}'");
+			} else if ($group->type == 'local') {
+				throw new Exception("Brak dostępu do utworzenia grupy lokalnej '{$group->primaryKey}'");
 			}
 
-			$created = $this->createGroup($group);
-			if (!$created) {
-				$this->setError(1, "Error: create group {$group->primaryKey} {$group->realName}", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-				return false;
-			}
+			$this->createGroup($group);
 		}
 
 		$cmdDsclAuth = "dscl -u {$this->_rootUser} -P {$this->_rootPass} /LDAPv3/127.0.0.1 ";
@@ -698,10 +664,8 @@ class UserStorageMacOSX extends UserStorageBase {
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
 		if ($cmdRet != 0) {// TODO: may return 62 - user already in this group
-			$this->setError(1, "Error: add user '{$usrLogin}' to network group '{$groupRealUid}' ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			return false;
+			throw new Exception("Nie udało się dodać usera '{$usrLogin}' do grupy sieciowej '{$groupUid}'");
 		}
-		return true;
 	}
 
 	/**
@@ -718,11 +682,10 @@ class UserStorageMacOSX extends UserStorageBase {
 		$cmd = "{$cmdDsclAuth} -delete /Groups/{$groupUid} GroupMembership {$usrLogin} ";
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
+		DBG::_('DBG_SU', '>1', "cmd({$cmd}) ret({$cmdRet})", $cmdOut, __CLASS__, __FUNCTION__, __LINE__);
 		if ($cmdRet != 0) {
-			$this->setError(1, "Error: remove user '{$usrLogin}' from network group '{$groupUid}' ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
-			//return false;// TODO: test
+			throw new Exception("Nie udało się dodać usera '{$usrLogin}' z grupy sieciowej '{$groupUid}'");
 		}
-		return true;
 	}
 
 	/**
@@ -736,11 +699,9 @@ class UserStorageMacOSX extends UserStorageBase {
 		// $groupUid, $groupName
 		if ($group->type == 'local') {
 			return $this->_addUserGroupLocal($usrLogin, $group);
-		}
-		else {
+		} else {
 			return $this->_addUserGroupNetwork($usrLogin, $group);
 		}
-		return false;
 	}
 
 	/**
@@ -753,11 +714,9 @@ class UserStorageMacOSX extends UserStorageBase {
 	public function removeUserGroup($usrLogin, $group) {
 		if ($group->type == 'local') {
 			return $this->_removeUserGroupLocal($usrLogin, $group);
-		}
-		else {
+		} else {
 			return $this->_removeUserGroupNetwork($usrLogin, $group);
 		}
-		return false;
 	}
 
 	public function addNestedGroup($groupID, $nestedGroupID) {
@@ -778,8 +737,8 @@ class UserStorageMacOSX extends UserStorageBase {
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
 		if ($cmdRet != 0) {
-			if(V::get('DBG_SU', 0, $_GET, 'int') > 1){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">cmd('.str_replace($this->_rootPass, '***', $cmd).') ret('.$cmdRet.') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($cmdOut);echo'</pre>';}
-			$this->setError(1, "Error: add nested group '{$groupToAdd}' to group '{$groupName}' ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
+			DBG::_('DBG_SU', '>1', "cmd(" . str_replace($this->_rootPass, '***', $cmd) . ") ret({$cmdRet})", $cmdOut, __CLASS__, __FUNCTION__, __LINE__);
+			$this->setError(1, "Nie udało się dodać grupy nadrzędnej '{$groupToAdd}' do grupy '{$groupName}' ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
 			return false;
 		}
 		return true;
@@ -803,8 +762,8 @@ class UserStorageMacOSX extends UserStorageBase {
 		$cmdOut = null; $cmdRet = null;
 		exec($cmd, $cmdOut, $cmdRet);
 		if ($cmdRet != 0) {
-			if(V::get('DBG_SU', 0, $_GET, 'int') > 1){echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;">cmd('.str_replace($this->_rootPass, '***', $cmd).') ret('.$cmdRet.') (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($cmdOut);echo'</pre>';}
-			$this->setError(1, "Error: remove nested group '{$groupToRemove}' from group '{$groupName}' ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
+			DBG::_('DBG_SU', '>1', "cmd(" . str_replace($this->_rootPass, '***', $cmd) . ") ret({$cmdRet})", $cmdOut, __CLASS__, __FUNCTION__, __LINE__);
+			$this->setError(1, "Nie udało się usunąć grupy podrzędnej '{$groupToRemove}' z grupy '{$groupName}' ", '(' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . ')');
 			return false;
 		}
 		return true;

SE/superedit-SYNC_LDAP_PERMS.php

@@ -40,75 +40,12 @@ function SYNC_LDAP_PERMS() {
 
 	$DBG = ('1' == V::get('DBG_SLP', '', $_GET));
 
-	if ('' !== ($userName = V::get('syncUsr', '', $_GET))) {
-		Lib::loadClass('UserStorageFactory');
-		$usrStorageDB = UserStorageFactory::getStorage('DB');
-		$usrStorageLdap = UserStorageFactory::getStorage('MacOSX');
-
-		if (!$usrStorageDB || !$usrStorageLdap) {
-			echo '<p>Error storage not exists</p>';
-		}
-		else {
-
-			echo '<h4>Synchronizacja użytkownika '.$userName.'</h4>';
-			$usrFrom = $usrStorageDB->getUser($userName);
-			if ($usrFrom) {
-				Lib::loadClass('ProcesHelper');
-				$zasobUprawnienia = ProcesHelper::getZasobTableID('CRM_AUTH_PROFILE');
-				if ($zasobUprawnienia > 0) {
-					echo '<p>' . "Ustal stanowisko: ";
-					echo '<a href="index.php?MENU_INIT=USER_ADD_GROUP&usrLogin='.$usrFrom->login.'">ustal stanowisko</a>';
-					echo '</p>';
-				}
-			}
-
-			Lib::loadClass('SyncUsers');
-			$synUsers = new SyncUsers($usrStorageDB, $usrStorageLdap);
-
-			$syncTodoList = $synUsers->getSyncUserTodoList($userName, $syncGroups = true, $syncDisabled = true);
-			?>
-			<?php if (empty($syncTodoList)) : ?>
-				<div class="alert alert-info">Brak zadań do wykonania - użytkownik zsynchronizowany</div>
-			<?php else : ?>
-				<div class="well">
-					<p>Lista zadań do wykonania:</p>
-					<ul>
-						<?php foreach ($syncTodoList as $vTask) : ?>
-							<li><?php echo $vTask; ?></li>
-						<?php endforeach; ?>
-					</ul>
-				</div>
-			<?php endif; ?>
-			<?php
-
-			if ('1' == V::get('_runSync', '', $_POST)) {
-				$synced = $synUsers->syncUser($userName, $syncGroups = true, $syncDisabled = true);
-				if (!$synced) {
-					?>
-					<div class="alert alert-danger">
-						Nie udało się zsynchronizować uprawnień użytkownika <?php echo $userName; ?>.
-					</div>
-					<?php
-					echo'<pre style="max-height:200px;overflow:auto;border:1px solid red;text-align:left;display:none;">errors: (' . __CLASS__ . '::' . __FUNCTION__ . ':' . __LINE__ . '): ';print_r($synUsers->getErrorsMsgListWithDbg());echo'</pre>';
-				}
-				else {
-					?>
-					<div class="alert alert-success">
-						Synchronizacja uprawnień użytkownika <?php echo $userName; ?> zakończona powodzeniem.
-					</div>
-					<?php
-				}
-			}
-			else {
-				?>
-				<form action="" method="POST">
-					<input type="hidden" name="_runSync" value="1">
-					<input type="submit" value="Synchronizuj" class="btn btn-primary btn-big">
-				</form>
-				<?php
-			}
-		}
-
+	if ('' !== ($usrLogin = V::get('syncUsr', '', $_GET))) {
+		?>
+<div class="alert alert-info">
+	Narzędzie zostało przeniesione do <a class="btn btn-primary" href="index.php?_route=Users&_task=syncUser&usrLogin=<?php echo $usrLogin; ?>">Sync user '<?php echo $usrLogin; ?>'</a>
+</div>
+<?php
 		return;
 	}