![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
85d15b30cc928818cdd71d3795330da36d6402bc
1 <?php
3 class acl extends plugin
4 {
5 /* Definitions */
6 var $plHeadline= "Access control";
7 var $plDescription= "This does something";
9 /* attribute list for save action */
10 var $attributes= array('gosaAclEntry');
11 var $objectclasses= array('gosaAcl');
13 /* Helpers */
14 var $dialogState= "head";
15 var $gosaAclEntry= array();
16 var $aclType= "";
17 var $aclObject= "";
18 var $aclContents= array();
19 var $target= "group";
20 var $aclTypes= array();
21 var $aclObjects= array();
22 var $aclMyObjects= array();
23 var $users= array();
24 var $roles= array();
25 var $groups= array();
26 var $recipients= array();
27 var $isContainer= FALSE;
28 var $currentIndex= 0;
29 var $wasNewEntry= FALSE;
30 var $ocMapping= array();
31 var $savedAclContents= array();
32 var $myAclObjects = array();
34 function acl (&$config, $parent, $dn= NULL)
35 {
36 /* Include config object */
37 plugin::plugin($config, $dn);
39 /* Load ACL's */
40 $this->gosaAclEntry= array();
41 if (isset($this->attrs['gosaAclEntry'])){
42 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
43 $acl= $this->attrs['gosaAclEntry'][$i];
44 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
45 }
46 }
47 ksort($this->gosaAclEntry);
49 /* Save parent - we've to know more about it than other plugins... */
50 $this->parent= &$parent;
52 /* Container? */
53 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
54 $this->isContainer= TRUE;
55 }
57 /* Users */
58 $ui= get_userinfo();
59 $tag= $ui->gosaUnitTag;
60 $ldap= $config->get_ldap_link();
61 $ldap->cd($config->current['BASE']);
62 if ($tag == ""){
63 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
64 } else {
65 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
66 }
67 while ($attrs= $ldap->fetch()){
68 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
69 }
70 ksort($this->users);
72 /* Groups */
73 $ldap->cd($config->current['BASE']);
74 if ($tag == ""){
75 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
76 } else {
77 $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
78 }
79 while ($attrs= $ldap->fetch()){
80 $dsc= "";
81 if (isset($attrs['description'][0])){
82 $dsc= $attrs['description'][0];
83 }
84 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
85 }
86 ksort($this->groups);
88 /* Roles */
89 $ldap->cd($config->current['BASE']);
90 if ($tag == ""){
91 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
92 } else {
93 $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
94 }
95 while ($attrs= $ldap->fetch()){
96 $dsc= "";
97 if (isset($attrs['description'][0])){
98 $dsc= $attrs['description'][0];
99 }
101 $role_id = $attrs['dn'];
103 $this->roles[$role_id]['acls'] =array();
104 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
105 $acl= $attrs['gosaAclTemplate'][$i];
106 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
107 }
108 $this->roles[$role_id]['description'] = $dsc;
109 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
110 }
112 /* Objects */
113 $tmp= session::get('plist');
114 $plist= $tmp->info;
115 $cats = array();
116 if (isset($this->parent) && $this->parent !== NULL){
117 $oc= array();
118 foreach ($this->parent->by_object as $key => $obj){
119 $oc= array_merge($oc, $obj->objectclasses);
120 if(isset($obj->acl_category)){
121 $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
122 }
123 }
124 if (in_array_ics('organizationalUnit', $oc)){
125 $this->isContainer= TRUE;
126 }
127 } else {
128 $oc= $this->attrs['objectClass'];
129 }
131 /* Extract available categories from plugin info list */
132 foreach ($plist as $class => $acls){
134 /* Only feed categories */
135 if (isset($acls['plCategory'])){
137 /* Walk through supplied list and feed only translated categories */
138 foreach($acls['plCategory'] as $idx => $data){
140 /* Non numeric index means -> base object containing more informations */
141 if (preg_match('/^[0-9]+$/', $idx)){
142 if (!isset($this->ocMapping[$data])){
143 $this->ocMapping[$data]= array();
144 $this->ocMapping[$data][]= '0';
145 }
147 if(isset($cats[$data])){
148 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
149 }
150 $this->ocMapping[$data][]= $class;
151 } else {
152 if (!isset($this->ocMapping[$idx])){
153 $this->ocMapping[$idx]= array();
154 $this->ocMapping[$idx][]= '0';
155 }
156 $this->ocMapping[$idx][]= $class;
157 $this->aclObjects[$idx]= $data['description'];
159 /* Additionally filter the classes we're interested in in "self edit" mode */
160 if (is_array($data['objectClass'])){
161 foreach($data['objectClass'] as $objectClass){
162 if (in_array_ics($objectClass, $oc)){
163 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
164 break;
165 }
166 }
167 } else {
168 if (in_array_ics($data['objectClass'], $oc)){
169 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
170 }
171 }
172 }
174 }
175 }
176 }
177 $this->aclObjects['all']= '* '._("All categories");
178 $this->ocMapping['all']= array('0' => 'all');
180 /* Sort categories */
181 asort($this->aclObjects);
183 /* Fill acl types */
184 if ($this->isContainer){
185 $this->aclTypes= array("reset" => _("Reset ACLs"),
186 "one" => _("One level"),
187 "base" => _("Current object"),
188 "sub" => _("Complete subtree"),
189 "psub" => _("Complete subtree (permanent)"),
190 "role" => _("Use ACL defined in role"));
191 } else {
192 $this->aclTypes= array("base" => _("Current object"),
193 "role" => _("Use ACL defined in role"));
194 }
195 asort($this->aclTypes);
196 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
197 asort($this->targets);
199 /* Finally - we want to get saved... */
200 $this->is_account= TRUE;
201 }
204 function execute()
205 {
206 /* Call parent execute */
207 plugin::execute();
209 $tmp= session::get('plist');
210 $plist= $tmp->info;
212 /* Handle posts */
213 if (isset($_POST['new_acl'])){
214 $this->dialogState= 'create';
215 $this->dialog= TRUE;
216 $this->currentIndex= count($this->gosaAclEntry);
217 $this->loadAclEntry(TRUE);
218 }
220 $new_acl= array();
221 $aclDialog= FALSE;
222 $firstedit= FALSE;
223 foreach($_POST as $name => $post){
225 /* Actions... */
226 if (preg_match('/^acl_edit_.*_x/', $name)){
227 $this->dialogState= 'create';
228 $firstedit= TRUE;
229 $this->dialog= TRUE;
230 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
231 $this->loadAclEntry();
232 continue;
233 }
234 if (preg_match('/^acl_del_.*_x/', $name)){
235 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
236 continue;
237 }
239 if (preg_match('/^cat_edit_.*_x/', $name)){
240 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
241 $this->dialogState= 'edit';
242 foreach ($this->ocMapping[$this->aclObject] as $oc){
243 if (isset($this->aclContents[$oc])){
244 $this->savedAclContents[$oc]= $this->aclContents[$oc];
245 }
246 }
247 continue;
248 }
249 if (preg_match('/^cat_del_.*_x/', $name)){
250 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
251 foreach ($this->ocMapping[$idx] as $key){
252 unset($this->aclContents["$idx/$key"]);
253 }
254 continue;
255 }
257 /* Sorting... */
258 if (preg_match('/^sortup_.*_x/', $name)){
259 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
260 if ($index > 0){
261 $tmp= $this->gosaAclEntry[$index];
262 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
263 $this->gosaAclEntry[$index-1]= $tmp;
264 }
265 continue;
266 }
267 if (preg_match('/^sortdown_.*_x/', $name)){
268 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
269 if ($index < count($this->gosaAclEntry)-1){
270 $tmp= $this->gosaAclEntry[$index];
271 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
272 $this->gosaAclEntry[$index+1]= $tmp;
273 }
274 continue;
275 }
277 /* ACL saving... */
278 if (preg_match('/^acl_.*_[^xy]$/', $name)){
279 $aclDialog= TRUE;
280 list($dummy, $object, $attribute, $value)= split('_', $name);
282 /* Skip for detection entry */
283 if ($object == 'dummy') {
284 continue;
285 }
287 /* Ordinary ACLs */
288 if (!isset($new_acl[$object])){
289 $new_acl[$object]= array();
290 }
291 if (isset($new_acl[$object][$attribute])){
292 $new_acl[$object][$attribute].= $value;
293 } else {
294 $new_acl[$object][$attribute]= $value;
295 }
296 }
298 if(isset($_POST['selected_role'])){
299 $this->aclContents = "";
300 $this->aclContents = base64_decode($_POST['selected_role']);
301 }
302 }
304 /* Only be interested in new acl's, if we're in the right _POST place */
305 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
307 foreach ($this->ocMapping[$this->aclObject] as $oc){
308 unset($this->aclContents[$oc]);
309 unset($this->aclContents[$this->aclObject.'/'.$oc]);
310 if (isset($new_acl[$oc])){
311 $this->aclContents[$oc]= $new_acl[$oc];
312 }
313 if (isset($new_acl[$this->aclObject.'/'.$oc])){
314 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
315 }
316 }
317 }
319 /* Save new acl in case of base edit mode */
320 if ($this->aclType == 'base' && !$firstedit){
321 $this->aclContents= $new_acl;
322 }
324 /* Cancel new acl? */
325 if (isset($_POST['cancel_new_acl'])){
326 $this->dialogState= 'head';
327 $this->dialog= FALSE;
328 if ($this->wasNewEntry){
329 unset ($this->gosaAclEntry[$this->currentIndex]);
330 }
331 }
333 /* Store ACL in main object? */
334 if (isset($_POST['submit_new_acl'])){
335 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
336 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
337 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
338 $this->dialogState= 'head';
339 $this->dialog= FALSE;
340 }
342 /* Cancel edit acl? */
343 if (isset($_POST['cancel_edit_acl'])){
344 $this->dialogState= 'create';
345 foreach ($this->ocMapping[$this->aclObject] as $oc){
346 if (isset($this->savedAclContents[$oc])){
347 $this->aclContents[$oc]= $this->savedAclContents[$oc];
348 }
349 }
350 }
352 /* Save edit acl? */
353 if (isset($_POST['submit_edit_acl'])){
354 $this->dialogState= 'create';
355 }
357 /* Add acl? */
358 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
359 $this->dialogState= 'edit';
360 $this->savedAclContents= array();
361 foreach ($this->ocMapping[$this->aclObject] as $oc){
362 if (isset($this->aclContents[$oc])){
363 $this->savedAclContents[$oc]= $this->aclContents[$oc];
364 }
365 }
366 }
368 /* Add to list? */
369 if (isset($_POST['add']) && isset($_POST['source'])){
370 foreach ($_POST['source'] as $key){
371 if ($this->target == 'user'){
372 $this->recipients[$key]= $this->users[$key];
373 }
374 if ($this->target == 'group'){
375 $this->recipients[$key]= $this->groups[$key];
376 }
377 }
378 ksort($this->recipients);
379 }
381 /* Remove from list? */
382 if (isset($_POST['del']) && isset($_POST['recipient'])){
383 foreach ($_POST['recipient'] as $key){
384 unset($this->recipients[$key]);
385 }
386 }
388 /* Save common values */
389 foreach (array("aclType", "aclObject", "target") as $key){
390 if (isset($_POST[$key])){
391 $this->$key= validate($_POST[$key]);
392 }
393 }
395 /* Create templating instance */
396 $smarty= get_smarty();
398 if ($this->dialogState == 'head'){
399 /* Draw list */
400 $aclList= new divSelectBox("aclList");
401 $aclList->SetHeight(450);
403 /* Fill in entries */
404 foreach ($this->gosaAclEntry as $key => $entry){
405 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
406 $field2= array("string" => $this->assembleAclSummary($entry));
407 $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
408 $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
409 $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
410 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
412 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
413 $aclList->AddEntry(array($field1, $field2, $field3));
414 }
416 $smarty->assign("aclList", $aclList->DrawList());
417 }
419 if ($this->dialogState == 'create'){
420 /* Draw list */
421 $aclList= new divSelectBox("aclList");
422 $aclList->SetHeight(150);
424 /* Add settings for all categories to the (permanent) list */
425 foreach ($this->aclObjects as $section => $dsc){
426 $summary= "";
427 foreach($this->ocMapping[$section] as $oc){
428 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
429 $this->aclContents[$oc][0] != ""){
431 $summary.= "$oc, ";
432 continue;
433 }
434 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) &&
435 $this->aclContents["$section/$oc"][0] != ""){
437 $summary.= "$oc, ";
438 continue;
439 }
440 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
441 $summary.= "$oc, ";
442 }
443 }
445 /* Set summary... */
446 if ($summary == ""){
447 $summary= '<i>'._("No ACL settings for this category").'</i>';
448 } else {
449 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
450 }
452 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
453 $field2= array("string" => $summary);
454 $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$section' title='"._("Edit categories ACLs")."'>";
455 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$section' title='"._("Clear categories ACLs")."'>";
456 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
457 $aclList->AddEntry(array($field1, $field2, $field3));
458 }
460 $smarty->assign("aclList", $aclList->DrawList());
461 $smarty->assign("aclType", $this->aclType);
462 $smarty->assign("aclTypes", $this->aclTypes);
463 $smarty->assign("target", $this->target);
464 $smarty->assign("targets", $this->targets);
466 /* Assign possible target types */
467 $smarty->assign("targets", $this->targets);
468 foreach ($this->attributes as $attr){
469 $smarty->assign($attr, $this->$attr);
470 }
473 /* Generate list */
474 $tmp= array();
475 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
476 if ($this->target == $field){
477 foreach ($this->$arr as $key => $value){
478 if (!isset($this->recipients[$key])){
479 $tmp[$key]= $value;
480 }
481 }
482 }
483 }
484 $smarty->assign('sources', $tmp);
485 $smarty->assign('recipients', $this->recipients);
487 /* Acl selector if scope is base */
488 if ($this->aclType == 'base'){
489 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
490 }
492 /* Role selector if scope is base */
493 if ($this->aclType == 'role'){
494 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
495 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
496 }
497 }
499 if ($this->dialogState == 'edit'){
500 $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
502 /* Collect objects for selected category */
503 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
504 if ($idx == 0){
505 continue;
506 }
507 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
508 }
509 if ($this->aclObject == 'all'){
510 $aclObjects['all']= _("All objects in current subtree");
511 }
513 /* Role selector if scope is base */
514 if ($this->aclType == 'role'){
515 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
516 } else {
517 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
518 }
519 }
521 /* Show main page */
522 $smarty->assign("dialogState", $this->dialogState);
524 return ($smarty->fetch (get_template_path('acl.tpl')));
525 }
528 function sort_by_priority($list)
529 {
530 $tmp= session::get('plist');
531 $plist= $tmp->info;
532 asort($plist);
533 $newSort = array();
535 foreach($list as $name => $translation){
536 $na = preg_replace("/^.*\//","",$name);
537 $prio = 0;
538 if(isset($plist[$na]['plPriority'])){
539 $prio= $plist[$na]['plPriority'] ;
540 }
542 $newSort[$name] = $prio;
543 }
545 asort($newSort);
547 $ret = array();
548 foreach($newSort as $name => $prio){
549 $ret[$name] = $list[$name];
550 }
551 return($ret);
552 }
555 function buildRoleSelector($list)
556 {
557 $D_List =new divSelectBox("Acl_Roles");
559 $selected = $this->aclContents;
560 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
561 $selected = key($list);
562 }
564 $str ="";
565 foreach($list as $dn => $values){
567 if($dn == $selected){
568 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
569 }else{
570 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
571 }
573 $field1 = array("string" => $option) ;
574 $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
575 $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
577 $D_List->AddEntry(array($field1,$field2,$field3));
578 }
579 return($D_List->DrawList());
580 }
583 function buildAclSelector($list)
584 {
585 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
586 $cols= 3;
587 $tmp= session::get('plist');
588 $plist= $tmp->info;
589 asort($plist);
591 /* Add select all/none buttons */
592 $style = "style='width:100px;'";
594 $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
595 $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
596 $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
597 $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
598 $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
600 $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
601 $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
603 $display .= "<br>";
605 $style = "style='width:50px;'";
606 $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
607 $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
608 $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
609 $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
610 $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
611 $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
612 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
613 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
614 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
615 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
617 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
618 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
619 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
620 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
622 /* Build general objects */
623 $list =$this->sort_by_priority($list);
624 foreach ($list as $key => $name){
626 /* Create sub acl if it does not exist */
627 if (!isset($this->aclContents[$key])){
628 $this->aclContents[$key]= array();
629 $this->aclContents[$key][0]= '';
630 }
631 $currentAcl= $this->aclContents[$key];
633 /* Get the overall plugin acls
634 */
635 $overall_acl ="";
636 if(isset($currentAcl[0])){
637 $overall_acl = $currentAcl[0];
638 }
640 /* Object header */
641 if(session::get('js')) {
642 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
643 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
644 "\n <tr>".
645 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
646 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
647 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
648 "\n </tr>";
649 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
650 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
651 "\n <tr>".
652 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
653 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
654 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
655 "\n </tr>";
656 } else {
657 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
658 "\n <tr>".
659 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
660 "\n </tr>";
661 }
662 } else {
663 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
664 "\n <tr>".
665 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
666 "\n </tr>";
667 }
669 /* Generate options */
670 $spc= " ";
671 if ($this->isContainer && $this->aclType != 'base'){
672 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
673 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
674 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
675 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
676 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
677 }
678 } else {
679 $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc;
680 $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc;
681 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
682 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
683 }
684 }
686 /* Global options */
687 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
688 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
690 $display.= "\n <tr>".
691 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
692 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
693 "\n </tr>";
695 /* Walk through the list of attributes */
696 $cnt= 1;
697 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
698 asort($splist);
699 if(session::get('js')) {
700 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
701 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
702 "\n <td colspan=".$cols.">".
703 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
704 "\n <table style='width:100%;'>";
705 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
706 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
707 "\n <td colspan=".$cols.">".
708 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
709 "\n <table style='width:100%;'>";
710 }
711 }
712 foreach($splist as $attr => $dsc){
714 /* Skip pl* attributes, they are internal... */
715 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
716 continue;
717 }
719 /* Open table row */
720 if ($cnt == 1){
721 $display.= "\n <tr>";
722 }
724 /* Close table row */
725 if ($cnt == $cols){
726 $cnt= 1;
727 $rb= "";
728 $end= "\n </tr>";
729 } else {
730 $cnt++;
731 $rb= "border-right:1px solid #A0A0A0;";
732 $end= "";
733 }
735 /* Collect list of attributes */
736 $state= "";
737 if (isset($currentAcl[$attr])){
738 $state= $currentAcl[$attr];
739 }
740 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
741 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
742 }
744 /* Fill missing td's if needed */
745 if (--$cnt != $cols && $cnt != 0){
746 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
747 }
749 if(session::get('js')) {
750 if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
751 $display.= "\n </table>".
752 "\n </div>".
753 "\n </td>".
754 "\n </tr>";
755 }
756 }
758 $display.= "\n</table><br />\n";
759 }
761 return ($display);
762 }
765 function mkchkbx($name, $text, $state= FALSE)
766 {
767 $state= $state?"checked":"";
768 return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
769 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
770 }
773 function mkrwbx($name, $state= "")
774 {
775 $rstate= preg_match('/r/', $state)?'checked':'';
776 $wstate= preg_match('/w/', $state)?'checked':'';
777 return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
778 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
779 "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
780 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
781 }
784 static function explodeACL($acl)
785 {
786 list($index, $type)= split(':', $acl);
787 $a= array( $index => array("type" => $type,
788 "members" => acl::extractMembers($acl,$type == "role")));
790 /* Handle different types */
791 switch ($type){
793 case 'psub':
794 case 'sub':
795 case 'one':
796 case 'base':
797 $a[$index]['acl']= acl::extractACL($acl);
798 break;
800 case 'role':
801 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
802 break;
804 case 'reset':
805 break;
807 default:
808 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type), ERROR_DIALOG);
809 $a= array();
810 }
811 return ($a);
812 }
815 static function extractMembers($acl,$role = FALSE)
816 {
817 global $config;
818 $a= array();
820 /* Rip acl off the string, seperate by ',' and place it in an array */
821 if($role){
822 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
823 }else{
824 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
825 }
826 if ($ms == $acl){
827 return $a;
828 }
829 $ma= split(',', $ms);
831 /* Decode dn's, fill with informations from LDAP */
832 $ldap= $config->get_ldap_link();
833 foreach ($ma as $memberdn){
834 $dn= base64_decode($memberdn);
835 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
837 /* Found entry... */
838 if ($ldap->count()){
839 $attrs= $ldap->fetch();
840 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
841 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
842 } else {
843 $a['G:'.$dn]= $attrs['cn'][0];
844 if (isset($attrs['description'][0])){
845 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
846 }
847 }
849 /* ... or not */
850 } else {
851 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
852 }
853 }
855 return ($a);
856 }
859 static function extractACL($acl)
860 {
861 /* Rip acl off the string, seperate by ',' and place it in an array */
862 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
863 $aa= split(',', $as);
864 $a= array();
866 /* Dis-assemble single ACLs */
867 foreach($aa as $sacl){
869 /* Dis-assemble field ACLs */
870 $ao= split('#', $sacl);
871 $gobject= "";
872 foreach($ao as $idx => $ssacl){
874 /* First is department with global acl */
875 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
876 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
877 if ($idx == 0){
878 /* Create hash for this object */
879 $gobject= $object;
880 $a[$gobject]= array();
882 /* Append ACL if set */
883 if ($gacl != ""){
884 $a[$gobject]= array($gacl);
885 }
886 } else {
888 /* All other entries get appended... */
889 list($field, $facl)= split(';', $ssacl);
890 $a[$gobject][$field]= $facl;
891 }
893 }
894 }
896 return ($a);
897 }
900 function assembleAclSummary($entry)
901 {
902 $summary= "";
904 /* Summarize ACL */
905 if (isset($entry['acl'])){
906 $acl= "";
908 if($entry['type'] == "role"){
910 if(isset($this->roles[$entry['acl']])){
911 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
912 }else{
913 $summary.= sprintf(_("Role: %s"), "<i>"._("Unknown role, possibly removed")."</i>");
914 }
915 }else{
916 foreach ($entry['acl'] as $name => $object){
917 if (count($object)){
918 $acl.= "$name, ";
919 }
920 }
921 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
922 }
923 }
925 /* Summarize members */
926 if ($summary != ""){
927 $summary.= ", ";
928 }
929 if (count($entry['members'])){
930 $summary.= _("Members:")." ";
931 foreach ($entry['members'] as $cn){
932 $cn= preg_replace('/ \[.*$/', '', $cn);
933 $summary.= $cn.", ";
934 }
935 } else {
936 $summary.= _("ACL is valid for all users");
937 }
939 return (preg_replace('/, $/', '', $summary));
940 }
943 function loadAclEntry($new= FALSE)
944 {
945 /* New entry gets presets... */
946 if ($new){
947 $this->aclType= 'base';
948 $this->recipients= array();
949 $this->aclContents= array();
950 } else {
951 $acl= $this->gosaAclEntry[$this->currentIndex];
952 $this->aclType= $acl['type'];
953 $this->recipients= $acl['members'];
954 $this->aclContents= $acl['acl'];
955 }
957 $this->wasNewEntry= $new;
958 }
961 function aclPostHandler()
962 {
963 if (isset($_POST['save_acl'])){
964 $this->save();
965 return TRUE;
966 }
968 return FALSE;
969 }
972 function PrepareForCopyPaste($source)
973 {
974 plugin::PrepareForCopyPaste($source);
976 $dn = $source['dn'];
977 $acl_c = new acl($this->config, $this->parent,$dn);
978 $this->gosaAclEntry = $acl_c->gosaAclEntry;
979 }
982 function save()
983 {
984 /* Assemble ACL's */
985 $tmp_acl= array();
986 foreach ($this->gosaAclEntry as $prio => $entry){
987 $final= "";
988 $members= "";
989 if (isset($entry['members'])){
990 foreach ($entry['members'] as $key => $dummy){
991 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
992 }
993 }
995 if($entry['type'] != "role"){
996 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
997 }else{
998 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
999 }
1001 /* ACL's if needed */
1002 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1003 $acl= ":";
1004 if (isset($entry['acl'])){
1005 foreach ($entry['acl'] as $object => $contents){
1007 /* Only save, if we've some contents in there... */
1008 if (count($contents)){
1009 $acl.= $object.";";
1011 foreach($contents as $attr => $permission){
1013 /* First entry? Its the one for global settings... */
1014 if ($attr == '0'){
1015 $acl.= $permission;
1016 } else {
1017 $acl.= '#'.$attr.';'.$permission;
1018 }
1020 }
1021 $acl.= ',';
1022 }
1024 }
1025 }
1026 $final.= preg_replace('/,$/', '', $acl);
1027 }
1029 $tmp_acl[]= $final;
1030 }
1032 /* Call main method */
1033 plugin::save();
1035 /* Finally (re-)assign it... */
1036 $this->attrs['gosaAclEntry']= $tmp_acl;
1038 /* Remove acl from this entry if it is empty... */
1039 if (!count($tmp_acl)){
1040 /* Remove attribute */
1041 if ($this->initially_was_account){
1042 $this->attrs['gosaAclEntry']= array();
1043 } else {
1044 if (isset($this->attrs['gosaAclEntry'])){
1045 unset($this->attrs['gosaAclEntry']);
1046 }
1047 }
1049 /* Remove object class */
1050 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1051 }
1053 /* Do LDAP modifications */
1054 $ldap= $this->config->get_ldap_link();
1055 $ldap->cd($this->dn);
1056 $this->cleanup();
1057 $ldap->modify ($this->attrs);
1059 if(count($this->attrs)){
1060 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1061 }
1063 show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
1065 /* Refresh users ACLs */
1066 $ui= get_userinfo();
1067 $ui->loadACL();
1068 session::set('ui',$ui);
1069 }
1072 function remove_from_parent()
1073 {
1074 plugin::remove_from_parent();
1076 /* include global link_info */
1077 $ldap= $this->config->get_ldap_link();
1079 $ldap->cd($this->dn);
1080 $this->cleanup();
1081 $ldap->modify ($this->attrs);
1083 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1085 /* Optionally execute a command after we're done */
1086 $this->handle_post_events("remove",array("uid" => $this->uid));
1087 }
1090 /* Return plugin informations for acl handling */
1091 static function plInfo()
1092 {
1093 return (array(
1094 "plShortName" => _("ACL"),
1095 "plDescription" => _("ACL")._("Access control list").")",
1096 "plSelfModify" => FALSE,
1097 "plDepends" => array(),
1098 "plPriority" => 0,
1099 "plSection" => array("administration"),
1100 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1101 "objectClass" => array("gosaAcl","gosaRole"))),
1102 "plProvidedAcls"=> array(
1103 "cn" => _("Role name"),
1104 "description" => _("Role description"))
1106 ));
1107 }
1110 /* Remove acls defined for $src */
1111 function remove_acl()
1112 {
1113 $this->remove_acl_for_dn($this->dn);
1114 }
1117 /* Remove acls defined for $src */
1118 function remove_acl_for_dn($src = "")
1119 {
1120 if($src == ""){
1121 $src = $this->dn;
1122 }
1123 $ldap = $this->config->get_ldap_link();
1124 $ldap->cd($this->config->current['BASE']);
1125 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1126 while($attrs = $ldap->fetch()){
1127 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1128 foreach($acl->gosaAclEntry as $id => $entry){
1129 foreach($entry['members'] as $m_id => $member){
1130 if($m_id == "U:".$src){
1131 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1132 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
1133 }
1134 if($m_id == "G:".$src){
1135 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1136 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
1137 }
1138 }
1139 }
1140 $acl -> save();
1141 }
1142 }
1144 function update_acl_membership($src,$dst)
1145 {
1146 $ldap = $this->config->get_ldap_link();
1147 $ldap->cd($this->config->current['BASE']);
1148 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1149 while($attrs = $ldap->fetch()){
1150 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1151 foreach($acl->gosaAclEntry as $id => $entry){
1152 foreach($entry['members'] as $m_id => $member){
1153 if($m_id == "U:".$src){
1154 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1155 $new = "U:".$dst;
1156 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1157 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1158 }
1159 if($m_id == "G:".$src){
1160 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1161 $new = "G:".$dst;
1162 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1163 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1164 }
1165 }
1166 }
1167 $acl -> save();
1168 }
1169 }
1170 }
1172 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1173 ?>