Code

a3283dfa26e43deb868ee6aa7f3421b8edff474d
[gosa.git] / gosa-core / include / class_acl.inc
1 <?php
2 /*
3  * This code is part of GOsa (http://www.gosa-project.org)
4  * Copyright (C) 2003-2008 GONICUS GmbH
5  *
6  * ID: $$Id$$
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  */
23 /*! \brief ACL management plugin */ 
24 class acl extends plugin
25 {
26   /* Definitions */
27   var $plHeadline= "Access control";
28   var $plDescription= "Manage access control lists";
30   /* attribute list for save action */
31   var $attributes= array('gosaAclEntry');
32   var $objectclasses= array('gosaAcl');
34   /* Helpers */
35   var $dialogState= "head";
36   var $gosaAclEntry= array();
37   var $aclType= "";
38   var $aclObject= "";
39   var $aclContents= array();
40   var $target= "group";
41   var $aclTypes= array();
42   var $aclObjects= array();
43   var $aclFilter= "";
44   var $aclMyObjects= array();
45   var $users= array();
46   var $roles= array();
47   var $groups= array();
48   var $recipients= array();
49   var $isContainer= FALSE;
50   var $currentIndex= 0;
51   var $wasNewEntry= FALSE;
52   var $ocMapping= array();
53   var $savedAclContents= array();
54   var $myAclObjects = array();
55   var $acl_category = "acl/";
57   var $list =NULL;
59   var $sectionList = NULL;
61   function acl (&$config, $parent, $dn= NULL)
62   {
63     /* Include config object */
64     plugin::plugin($config, $dn);
66     /* Load ACL's */
67     $this->gosaAclEntry= array();
68     if (isset($this->attrs['gosaAclEntry'])){
69       for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
70         $acl= $this->attrs['gosaAclEntry'][$i];
71         $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
72       }
73     }
74     ksort($this->gosaAclEntry);
76     /* Save parent - we've to know more about it than other plugins... */
77     $this->parent= &$parent;
79     /* Container? */
80     if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
81       $this->isContainer= TRUE;
82     }
84     /* Users */
85     $ui= get_userinfo();
86     $tag= $ui->gosaUnitTag;
87     $ldap= $config->get_ldap_link();
88     $ldap->cd($config->current['BASE']);
89     if ($tag == ""){
90       $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
91     } else {
92       $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
93     }
94     while ($attrs= $ldap->fetch()){
96       // Allow objects without cn to be listed without causing an error.
97       if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
98         $this->users['U:'.$attrs['dn']]=  $attrs['uid'][0];
99       }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
100         $this->users['U:'.$attrs['dn']]=  $attrs['cn'][0];
101       }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
102         $this->users['U:'.$attrs['dn']]= $attrs['dn'];
103       }else{
104         $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
105       }
107     }
108     ksort($this->users);
110     /* Groups */
111     $ldap->cd($config->current['BASE']);
112 #    if ($tag == ""){
113       $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
114 #    } else {
115 #      $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
116 #    }
117     while ($attrs= $ldap->fetch()){
118       $dsc= "";
119       if (isset($attrs['description'][0])){
120         $dsc= $attrs['description'][0];
121       }
122       $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
123     }
124     $this->groups['G:*']= _("All users");
125     ksort($this->groups);
127     /* Roles */
128     $ldap->cd($config->current['BASE']);
129 #    if ($tag == ""){
130       $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
131 #    } else {
132 #     $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
133 #    }
134     while ($attrs= $ldap->fetch()){
135       $dsc= "";
136       if (isset($attrs['description'][0])){
137         $dsc= $attrs['description'][0];
138       }
140       $role_id = $attrs['dn'];
142       $this->roles[$role_id]['acls'] =array();
143       for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
144         $acl= $attrs['gosaAclTemplate'][$i];
145         $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
146       }
147       $this->roles[$role_id]['description'] = $dsc;
148       $this->roles[$role_id]['cn'] = $attrs['cn'][0];
149     }
151     /* Objects */
152     $tmp= session::global_get('plist');
153     $plist= $tmp->info;
154     $cats = array();
155     if (isset($this->parent) && $this->parent !== NULL){
156       $oc= array();
157       foreach ($this->parent->by_object as $key => $obj){
158         $oc= array_merge($oc, $obj->objectclasses);
159         if(isset($obj->acl_category)){
160                                         $tmp= str_replace("/","",$obj->acl_category);
161           $cats[$tmp] = $tmp;
162         }
163       }
164       if (in_array_ics('organizationalUnit', $oc)){
165         $this->isContainer= TRUE;
166       }
167     } else {
168       $oc=  $this->attrs['objectClass'];
169     }
171     /* Extract available categories from plugin info list */
172     foreach ($plist as $class => $acls){
174       /* Only feed categories */
175       if (isset($acls['plCategory'])){
177         /* Walk through supplied list and feed only translated categories */
178         foreach($acls['plCategory'] as $idx => $data){
180           /* Non numeric index means -> base object containing more informations */
181           if (preg_match('/^[0-9]+$/', $idx)){
183             if (!isset($this->ocMapping[$data])){
184               $this->ocMapping[$data]= array();
185               $this->ocMapping[$data][]= '0';
186             }
188             if(isset($cats[$data])){
189               $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
190             }
191             $this->ocMapping[$data][]= $class;
192           } else {
193             if (!isset($this->ocMapping[$idx])){
194               $this->ocMapping[$idx]= array();
195               $this->ocMapping[$idx][]= '0';
196             }
197             $this->ocMapping[$idx][]= $class;
198             $this->aclObjects[$idx]= $data['description'];
200             /* Additionally filter the classes we're interested in in "self edit" mode */
201             if (is_array($data['objectClass'])){
202               foreach($data['objectClass'] as $objectClass){
203                 if (in_array_ics($objectClass, $oc)){
204                   $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
205                   break;
206                 }
207               }
208             } else {
209               if (in_array_ics($data['objectClass'], $oc)){
210                 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
211               }
212             }
213           }
215         }
216       }
217     }
218     $this->aclObjects['all']= '*&nbsp;'._("All categories");
219     $this->ocMapping['all']= array('0' => 'all');
221     /* Sort categories */
222     asort($this->aclObjects);
224     /* Fill acl types */
225     if ($this->isContainer){
226       $this->aclTypes= array("reset" => _("Reset ACLs"),
227                              "one" => _("One level"),
228                              "base" => _("Current object"),
229                              "sub" => _("Complete subtree"),
230                              "psub" => _("Complete subtree (permanent)"),
231                              "role" => _("Use ACL defined in role"));
232     } else {
233       $this->aclTypes= array("base" => _("Current object"),
234           "role" => _("Use ACL defined in role"));
235     }
236     asort($this->aclTypes);
237     $this->targets= array("user" => _("Users"), "group" => _("Groups"));
238     asort($this->targets);
240     /* Finally - we want to get saved... */
241     $this->is_account= TRUE;
243     $this->updateList();
245     // Prepare lists 
246     $this->sectionList = new sortableListing();
247     $this->sectionList->setDeleteable(false);
248     $this->sectionList->setEditable(false);
249     $this->sectionList->setWidth("100%");
250     $this->sectionList->setHeight("120px");
251     $this->sectionList->setColspecs(array('200px','*'));
252     $this->sectionList->setHeader(array(_("Section"),_("Description")));
253     $this->sectionList->setDefaultSortColumn(1);
254     $this->sectionList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
256     $this->roleList = new sortableListing();
257     $this->roleList->setDeleteable(false);
258     $this->roleList->setEditable(false);
259     $this->roleList->setWidth("100%");
260     $this->roleList->setHeight("120px");
261     $this->roleList->setColspecs(array('20px','*','*'));
262     $this->roleList->setHeader(array(_("Used"),_("Name"),_("Description")));
263     $this->roleList->setDefaultSortColumn(1);
264     $this->roleList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
265   }
267     
268   function updateList()
269   {
270       if(!$this->list){ 
271           $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE);
272           $this->list->setDeleteable(true);
273           $this->list->setEditable(true);
274           $this->list->setColspecs(array('*'));
275           $this->list->setWidth("100%");
276           $this->list->setHeight("400px");
277           $this->list->setAcl("rwcdm");
278           $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type")));
279       }
281  
282     // Add ACL entries to the listing 
283     $lData = array();
284     foreach($this->gosaAclEntry as $id => $entry){
285        $lData[] = $this->convertForListing($entry);
286     }    
287     $this->list->setListData($this->gosaAclEntry, $lData);
288   }
289    
290     
291   function convertForListing($entry)
292   {
293     $member = implode($entry['members'],", ");
294     $acl = implode(array_keys($entry['acl']),", ");
295     $type = implode(array_keys($entry['acl']),", ");
296     return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']])));
297   }
299   
301   function execute()
302   {
303     /* Call parent execute */
304     plugin::execute();
306     $tmp= session::global_get('plist');
307     $plist= $tmp->info;
309     /* Handle posts */
310     if (isset($_POST['new_acl'])){
311       $this->dialogState= 'create';
312       $this->dialog= TRUE;
313       $this->currentIndex= count($this->gosaAclEntry);
314       $this->loadAclEntry(TRUE);
315     }
317     $new_acl= array();
318     $aclDialog= FALSE;
319     $firstedit= FALSE;
321     // Get listing actions. Delete or Edit.
322     $this->list->save_object();
323     $lAction = $this->list->getAction();
324     $this->gosaAclEntry = $this->list->getMaintainedData();
326     /* Act on HTML post and gets here.
327      */
328     if($lAction['action'] == "edit"){
329         $this->currentIndex = $this->list->getKey($lAction['targets'][0]);
330         $this->dialogState= 'create';
331         $firstedit= TRUE;
332         $this->dialog= TRUE;
333         $this->loadAclEntry();
334     }
336     foreach($_POST as $name => $post){
338       /* Actions... */
339       if (preg_match('/^acl_edit_[0-9]*$/', $name)){
340         $this->dialogState= 'create';
341         $firstedit= TRUE;
342         $this->dialog= TRUE;
343         $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
344         $this->loadAclEntry();
345         continue;
346       }
348       if (preg_match('/^cat_edit_.*$/', $name)){
349         $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
350         $this->dialogState= 'edit';
351         foreach ($this->ocMapping[$this->aclObject] as $oc){
352           if (isset($this->aclContents[$oc])){
353             $this->savedAclContents[$oc]= $this->aclContents[$oc];
354           }
355         }
356         continue;
357       }
359       /* Only handle posts, if we allowed to modify ACLs */
360       if(!$this->acl_is_writeable("")){
361         continue;
362       }
364       if (preg_match('/^acl_del_[0-9]*$/', $name)){
365         unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
366         continue;
367       }
369       if (preg_match('/^cat_del_.*$/', $name)){
370         $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
371         foreach ($this->ocMapping[$idx] as $key){
372           if(isset($this->aclContents[$idx]))
373             unset($this->aclContents[$idx]);
374           if(isset($this->aclContents["$idx/$key"]))
375             unset($this->aclContents["$idx/$key"]);
376         }
377         continue;
378       }
380       /* ACL saving... */
381       if (preg_match('/^acl_.*_[^xy]$/', $name)){
382         list($dummy, $object, $attribute, $value)= explode('_', $name);
384         /* Skip for detection entry */
385         if ($object == 'dummy') {
386           continue;
387         }
389         /* Ordinary ACLs */
390         if (!isset($new_acl[$object])){
391           $new_acl[$object]= array();
392         }
393         if (isset($new_acl[$object][$attribute])){
394           $new_acl[$object][$attribute].= $value;
395         } else {
396           $new_acl[$object][$attribute]= $value;
397         }
398       }
400       // Remember the selected ACL role.
401       if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
402         $this->aclContents = "";
403         $this->aclContents = base64_decode($_POST['selected_role']);
404       }
405     }
407     if(isset($_POST['acl_dummy_0_0_0'])){
408       $aclDialog= TRUE;
409     }
411     if($this->acl_is_writeable("")){
412       
413       /* Only be interested in new acl's, if we're in the right _POST place */
414       if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
416         foreach ($this->ocMapping[$this->aclObject] as $oc){
418           if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
419             unset($this->aclContents[$oc]);
420           }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
421             unset($this->aclContents[$this->aclObject.'/'.$oc]);
422           }else{
423 #          trigger_error("Huhm?");
424           }
425           if (isset($new_acl[$oc]) && is_array($new_acl)){
426             $this->aclContents[$oc]= $new_acl[$oc];
427           }
428           if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
429             $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
430           }
431         }
432       }
434       /* Save new acl in case of base edit mode */
435       if ($this->aclType == 'base' && !$firstedit){
436         $this->aclContents= $new_acl;
437       }
438     }
440     /* Cancel new acl? */
441     if (isset($_POST['cancel_new_acl'])){
442       $this->dialogState= 'head';
443       $this->dialog= FALSE;
444       if ($this->wasNewEntry){
445         unset ($this->gosaAclEntry[$this->currentIndex]);
446       }
447     }
449     /* Save common values */
450     if($this->acl_is_writeable("")){
451       foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
452         if (isset($_POST[$key])){
453           $this->$key= validate($_POST[$key]);
454         }
455       }
456     }
458     /* Store ACL in main object? */
459     if (isset($_POST['submit_new_acl'])){
460       $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
461       $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
462       $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
463       $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
464       $this->dialogState= 'head';
465       $this->dialog= FALSE;
466     }
468     /* Cancel edit acl? */
469     if (isset($_POST['cancel_edit_acl'])){
470       $this->dialogState= 'create';
471       foreach ($this->ocMapping[$this->aclObject] as $oc){
472         if (isset($this->savedAclContents[$oc])){
473           $this->aclContents[$oc]= $this->savedAclContents[$oc];
474         }
475       }
476     }
478     /* Save edit acl? */
479     if (isset($_POST['submit_edit_acl'])){
480       $this->dialogState= 'create';
481     }
483     /* Add acl? */
484     if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
485       $this->dialogState= 'edit';
486       $this->savedAclContents= array();
487       foreach ($this->ocMapping[$this->aclObject] as $oc){
488         if (isset($this->aclContents[$oc])){
489           $this->savedAclContents[$oc]= $this->aclContents[$oc];
490         }
491       }
492     }
494     /* Add to list? */
495     if (isset($_POST['add']) && isset($_POST['source'])){
496       foreach ($_POST['source'] as $key){
497         if ($this->target == 'user'){
498           $this->recipients[$key]= $this->users[$key];
499         }
500         if ($this->target == 'group'){
501           $this->recipients[$key]= $this->groups[$key];
502         }
503       }
504       ksort($this->recipients);
505     }
507     /* Remove from list? */
508     if (isset($_POST['del']) && isset($_POST['recipient'])){
509       foreach ($_POST['recipient'] as $key){
510           unset($this->recipients[$key]);
511       }
512     }
514     /* Create templating instance */
515     $smarty= get_smarty();
516     $smarty->assign("usePrototype", "true");
517     $smarty->assign("acl_readable",$this->acl_is_readable(""));
518     if(!$this->acl_is_readable("")){
519       return ($smarty->fetch (get_template_path('acl.tpl')));
520     }
522     if ($this->dialogState == 'head'){
523       $this->updateList();
524       $smarty->assign("aclList", $this->list->render());
525     }
527     if ($this->dialogState == 'create'){
529         // Create a map of all used sections, this allows us to simply hide the remove button 
530         //  if no acl is configured for the given section 
531         // e.g. ';all;department/country;users/user;
532         $usedList = ";".implode(array_keys($this->aclContents),';').";";
534         /* Add settings for all categories to the (permanent) list */
535         $data = $lData = array();
536         foreach ($this->aclObjects as $section => $dsc){
537             $summary= "";
538             foreach($this->ocMapping[$section] as $oc){
539                 if (isset($this->aclContents[$oc]) && 
540                         count($this->aclContents[$oc]) && 
541                         isset($this->aclContents[$oc][0]) &&
542                         $this->aclContents[$oc][0] != ""){
544                     $summary.= "$oc, ";
545                     continue;
546                 }
547                 if (isset($this->aclContents["$section/$oc"]) && 
548                         count($this->aclContents["$section/$oc"])){
549                     $summary.= "$oc, ";
550                     continue;
551                 }
552                 if (isset($this->aclContents[$oc]) && 
553                         !isset($this->aclContents[$oc][0]) && 
554                         count($this->aclContents[$oc])){
555                     $summary.= "$oc, ";
556                 }
557             }
559             /* Set summary... */
560             if ($summary == ""){
561                 $summary= '<i>'._("No ACL settings for this category!").'</i>';
562             } else {
563                 $summary= trim($summary,", ");
564                 $summary= " ".sprintf(_("Contains ACLs for these objects: %s"), $summary);
565             }
567             $actions ="";
568             if($this->acl_is_readable("")){
569                 $actions.= image('images/lists/edit.png','cat_edit_'.$section, 
570                         msgPool::editButton(_("category ACL")));
571             }
572             if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){
573                 $actions.= image('images/lists/trash.png','cat_del_'.$section, 
574                         msgPool::delButton(_("category ACL")));
575             }   
576             $data[] = $section;
577             $lData[] = array('data'=>array($dsc, $summary, $actions));
578         }
579         $this->sectionList->setListData($data,$lData);
580         $this->sectionList->update();
581         $smarty->assign("aclList", $this->sectionList->render());
582     
583       $smarty->assign("aclType", $this->aclType);
584       $smarty->assign("aclFilter", $this->aclFilter);
585       $smarty->assign("aclTypes", $this->aclTypes);
586       $smarty->assign("target", $this->target);
587       $smarty->assign("targets", $this->targets);
589       /* Assign possible target types */
590       $smarty->assign("targets", $this->targets);
591       foreach ($this->attributes as $attr){
592         $smarty->assign($attr, $this->$attr);
593       }
596       /* Generate list */
597       $tmp= array();
598       if ($this->target == "group" && !isset($this->recipients["G:*"])){
599         $tmp["G:*"]= _("All users");
600       }
601       foreach (array("user" => "users", "group" => "groups") as $field => $arr){
602         if ($this->target == $field){
603           foreach ($this->$arr as $key => $value){
604             if (!isset($this->recipients[$key])){
605               $tmp[$key]= $value;
606             }
607           }
608         }
609       }
610       $smarty->assign('sources', $tmp);
611       $smarty->assign('recipients', $this->recipients);
613       /* Acl selector if scope is base */
614       if ($this->aclType == 'base'){
615         $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
616       }
618       /* Role selector if scope is base */
619       if ($this->aclType == 'role'){
620         $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
621         $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
622       }
623     }
625     if ($this->dialogState == 'edit'){
626       $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
628       /* Collect objects for selected category */
629       foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
630         if ($idx == 0){
631           continue;
632         }
633         $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
634       }
635       if ($this->aclObject == 'all'){
636         $aclObjects['all']= _("All objects in current subtree");
637       }
639       /* Role selector if scope is base */
640       if ($this->aclType == 'role'){
641         $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
642       } else {
643         $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
644       }
645     }
647     /* Show main page */
648     $smarty->assign("dialogState", $this->dialogState);
649    
650     /* Assign acls */ 
651     $smarty->assign("acl_createable",$this->acl_is_createable());
652     $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
653     $smarty->assign("acl_readable"  ,$this->acl_is_readable(""));
654     $smarty->assign("acl_removeable",$this->acl_is_removeable());
656     return ($smarty->fetch (get_template_path('acl.tpl')));
657   }
660   function sort_by_priority($list)
661   {
662     $tmp= session::global_get('plist');
663     $plist= $tmp->info;
664     asort($plist);
665     $newSort = array();
667     foreach($list as $name => $translation){
668       $na  =  preg_replace("/^.*\//","",$name);
669       $prio = 0;
670       if(isset($plist[$na]['plPriority'])){
671         $prio=  $plist[$na]['plPriority'] ;
672       }
674       $newSort[$name] = $prio;
675     }
677     asort($newSort);
679     $ret = array();
680     foreach($newSort as $name => $prio){
681       $ret[$name] = $list[$name];
682     }
683     return($ret);
684   }
687   function buildRoleSelector($list)
688   {
689     $selected = $this->aclContents;
690     if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
691       $selected = key($list);
692     }
694     $data = $lData = array();
695     foreach($list as $dn => $values){
696       if($dn == $selected){    
697         $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
698       }else{
699         $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
700       }
701       $data[] = postEncode($dn);
702       $lData[] = array('data'=>array($option, $values['cn'], $values['description']));
703     }
704     $this->roleList->setListData($data,$lData);
705     $this->roleList->update();
706     return($this->roleList->render());
707   } 
710   function buildAclSelector($list)
711   {
712     $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
713     $cols= 3;
714     $tmp= session::global_get('plist');
715     $plist= $tmp->info;
716     asort($plist);
718     /* Add select all/none buttons */
719     $style = "style='width:100px;'";
721     if($this->acl_is_writeable("")){
722       $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
723       $display .= "<button type='button' ".$style." name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
724       $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
725       $display .= "<button type='button' ".$style." name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
726       $display .= "<button type='button' ".$style." name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
728       $display .= "<button type='button' ".$style." name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
729       $display .= "<button type='button' ".$style." name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
731       $display .= "<br>";
733       $style = "style='width:50px;'";
734       $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
735       $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
736       $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
737       $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
738       $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
739       $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
740       $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
741       $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
742       $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
743       $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
745       $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
746       $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
747       $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
748       $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
749     }
751     /* Build general objects */
752     $list =$this->sort_by_priority($list);
753     foreach ($list as $key => $name){
755       /* Create sub acl if it does not exist */
756       if (!isset($this->aclContents[$key])){
757         $this->aclContents[$key]= array();
758       }
759       if(!isset($this->aclContents[$key][0])){
760         $this->aclContents[$key][0]= '';
761       }
763       $currentAcl= $this->aclContents[$key];
765       /* Get the overall plugin acls 
766        */
767       $overall_acl ="";
768       if(isset($currentAcl[0])){
769         $overall_acl = $currentAcl[0];
770       }
772       // Detect configured plugins
773       $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
775       /* Object header */
776                         $tname= preg_replace("/[^a-z0-9]/i","_",$name);
778       if($expand){
779         $back_color = "#C8C8FF";
780       }else{
781         $back_color = "#C8C8C8";
782       }
784       if(isset($_SERVER['HTTP_USER_AGENT']) && 
785           (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || 
786           (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
787         $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
788           "\n  <tr>".
789           "\n    <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
790           "\n    <td align='right' style='background-color:{$back_color};height:1.8em;'>".
791           "\n    <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
792           "\n  </tr>";
793       } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
794         $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
795           "\n  <tr>".
796           "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
797           "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
798           "\n    <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
799           "\n  </tr>";
800       } else {
801         $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
802           "\n  <tr>".
803           "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
804           "\n  </tr>";
805       }
807       /* Generate options */
808       $spc= "&nbsp;&nbsp;";
809       $options= $this->mkchkbx($key."_0_c",  _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
810       $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
811       $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
812       if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
813         $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
814       }
816       /* Global options */
817       $more_options= $this->mkchkbx($key."_0_r",  _("read"), preg_match('/r/', $overall_acl)).$spc;
818       $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
820       $display.= "\n  <tr>".
821                  "\n    <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
822                  "\n    <td style='background-color:#D4D4D4'>&nbsp;"._("Complete object").": $more_options</td>".
823                  "\n  </tr>";
825       /* Walk through the list of attributes */
826       $cnt= 1;
827       $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
828       if(session::global_get('js')) {
829         if(isset($_SERVER['HTTP_USER_AGENT']) && 
830             (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
831           $display.= "\n  <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
832                      "\n    <td colspan=".$cols.">".
833                      "\n      <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
834                      "\n        <table style='width:100%;' summary='{$name}'>";
835         } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
836           $display.= "\n  <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
837                      "\n    <td colspan=".$cols.">".
838                      "\n      <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
839                      "\n        <table style='width:100%;' summary='{$name}'>";
840         }else{
841         }
842       }
844   
845       foreach($splist as $attr => $dsc){
847         /* Skip pl* attributes, they are internal... */
848         if (preg_match('/^pl[A-Z]+.*$/', $attr)){
849           continue;
850         }
852         /* Open table row */
853         if ($cnt == 1){
854           $display.= "\n  <tr>";
855         }
857         /* Close table row */
858         if ($cnt == $cols){
859           $cnt= 1;
860           $rb= "";
861           $end= "\n  </tr>";
862         } else {
863           $cnt++;
864           $rb= "border-right:1px solid #A0A0A0;";
865           $end= "";
866         }
868         /* Collect list of attributes */
869         $state= "";
870         if (isset($currentAcl[$attr])){
871           $state= $currentAcl[$attr];
872         }
873         $display.= "\n    <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
874                    "\n      <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
875       }
876       
877       /* Fill missing td's if needed */
878       if (--$cnt != $cols && $cnt != 0){
879        $display.= str_repeat("\n    <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'>&nbsp;</td>", $cols-$cnt); 
880       }
882       if(session::global_get('js')) {
883         if(isset($_SERVER['HTTP_USER_AGENT']) && 
884             (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || 
885             (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) || 
886             (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
887           $display.= "\n        </table>".
888                      "\n      </div>".
889                      "\n    </td>".
890                      "\n  </tr>";
891         }
892       }
894       $display.= "\n</table><br />\n";
895     }
897     return ($display);
898   }
901   function mkchkbx($name, $text, $state= FALSE)
902   {
903     $state= $state?"checked":"";
904     if($this->acl_is_writeable("")){
905                         $tname= preg_replace("/[^a-z0-9]/i","_",$name);
906       return "\n      <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
907         "\n      <label for='acl_$tname'>$text</label>";
908     }else{
909       return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
910     }
911   }
914   function mkrwbx($name, $state= "")
915   {
916     $rstate= preg_match('/r/', $state)?'checked':'';
917     $wstate= preg_match('/w/', $state)?'checked':'';
918                 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
919       
920     if($this->acl_is_writeable("")){
921       return ("\n      <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
922           "\n      <label for='acl_".$tname."_r'>"._("read")."</label>".
923           "\n      <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
924           "\n      <label for='acl_".$tname."_w'>"._("write")."</label>");
925     }else{
926       return ("\n      <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
927           "\n      <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
928     }
929   }
932   static function explodeACL($acl)
933   {
935     $list= explode(':', $acl);
936     if(count($list) == 5){
937       list($index, $type,$member,$permission,$filter)= $list;
938       $filter = base64_decode($filter);
939     }else{
940       $filter = "";
941       list($index, $type,$member,$permission)= $list;
942     }
944     $a= array( $index => array("type" => $type,
945                                "filter"=> $filter,
946                                "members" => acl::extractMembers($acl,$type == "role")));
947    
948     /* Handle different types */
949     switch ($type){
951       case 'psub':
952       case 'sub':
953       case 'one':
954       case 'base':
955         $a[$index]['acl']= acl::extractACL($acl);
956         break;
957       
958       case 'role':
959         $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
960         break;
962       case 'reset':
963         break;
964       
965       default:
966         msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
967         $a= array();
968     }
969     return ($a);
970   }
973   static function extractMembers($acl,$role = FALSE)
974   {
975     global $config;
976     $a= array();
978     /* Rip acl off the string, seperate by ',' and place it in an array */
979     if($role){
980       $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
981     }else{
982       $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
983     }
984     if ($ms == $acl){
985       return $a;
986     }
987     $ma= explode(',', $ms);
989     /* Decode dn's, fill with informations from LDAP */
990     $ldap= $config->get_ldap_link();
991     foreach ($ma as $memberdn){
992       // Check for wildcard here
993       $dn= base64_decode($memberdn);
994       if ($dn != "*") {
995         $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
997         /* Found entry... */
998         if ($ldap->count()){
999           $attrs= $ldap->fetch();
1000           if (in_array_ics('gosaAccount', $attrs['objectClass'])){
1001             $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
1002           } else {
1003             $a['G:'.$dn]= $attrs['cn'][0];
1004             if (isset($attrs['description'][0])){
1005               $a['G:'.$dn].= " [".$attrs['description'][0]."]";
1006             }
1007           }
1009         /* ... or not */
1010         } else {
1011           $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
1012         }
1014       } else {
1015         $a['G:*']= sprintf(_("All users"));
1016       }
1017     }
1019     return ($a);
1020   }
1023   static function extractACL($acl)
1024   {
1025     /* Rip acl off the string, seperate by ',' and place it in an array */
1026     $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
1027     $aa= explode(',', $as);
1028     $a= array();
1030     /* Dis-assemble single ACLs */
1031     foreach($aa as $sacl){
1032       
1033       /* Dis-assemble field ACLs */
1034       $ao= explode('#', $sacl);
1035       $gobject= "";
1036       foreach($ao as $idx => $ssacl){
1038         /* First is department with global acl */
1039         $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
1040         $gacl=   preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
1041         if ($idx == 0){
1042           /* Create hash for this object */
1043           $gobject= $object;
1044           $a[$gobject]= array();
1046           /* Append ACL if set */
1047           if ($gacl != ""){
1048             $a[$gobject]= array($gacl);
1049           }
1050         } else {
1052           /* All other entries get appended... */
1053           list($field, $facl)= explode(';', $ssacl);
1054           $a[$gobject][$field]= $facl;
1055         }
1057       }
1058     }
1060     return ($a);
1061   }
1063   
1064   function assembleAclSummary($entry)
1065   {
1066     $summary= "";
1068     /* Summarize ACL */
1069     if (isset($entry['acl'])){
1070       $acl= "";
1072       if($entry['type'] == "role"){
1074         if(isset($this->roles[$entry['acl']])){  
1075           $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
1076         }else{
1077           $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
1078         }
1079       }else{
1080         foreach ($entry['acl'] as $name => $object){
1081           if (count($object)){
1082             $acl.= "$name, ";
1083           }
1084         }
1085         $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1086       }
1087     }
1090     /* Summarize members */
1091     if(!($this instanceOf aclrole)){
1092       if ($summary != ""){
1093         $summary.= ", ";
1094       }
1095       if (count($entry['members'])){
1096         $summary.= _("Members").": ";
1097         foreach ($entry['members'] as $cn){
1098           $cn= preg_replace('/ \[.*$/', '', $cn);
1099           $summary.= $cn.", ";
1100         }
1101       } else {
1102         $summary.= "<font color='red'><i>"._("inactive")."&nbsp;-&nbsp;"._("No members")."</i></font>";
1103       }
1104     }
1105     return (preg_replace('/, $/', '', $summary));
1106   }
1109   function loadAclEntry($new= FALSE)
1110   {
1111     /* New entry gets presets... */
1112     if ($new){
1113       $this->aclType= 'base';
1114       $this->aclFilter= "";
1115       $this->recipients= array();
1116       $this->aclContents= array();
1117     } else {
1118       $acl= $this->gosaAclEntry[$this->currentIndex];
1119       $this->aclType= $acl['type'];
1120       $this->recipients= $acl['members'];
1121       $this->aclContents= $acl['acl'];
1122       $this->aclFilter= $acl['filter'];
1123     }
1125     $this->wasNewEntry= $new;
1126   }
1129   function aclPostHandler()
1130   {
1131     if (isset($_POST['save_acl'])){
1132       $this->save();
1133       return TRUE;
1134     }
1136     return FALSE;
1137   }
1139   
1140   function PrepareForCopyPaste($source)
1141   {
1142     plugin::PrepareForCopyPaste($source);
1143     
1144     $dn = $source['dn'];
1145     $acl_c = new acl($this->config, $this->parent,$dn);
1146     $this->gosaAclEntry = $acl_c->gosaAclEntry;
1147   }
1150   function save()
1151   {
1152     /* Assemble ACL's */
1153     $tmp_acl= array();
1154   
1155     foreach ($this->gosaAclEntry as $prio => $entry){
1156       $final= "";
1157       $members= "";
1158       if (isset($entry['members'])){
1159         foreach ($entry['members'] as $key => $dummy){
1160           $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1161         }
1162       }
1164       if($entry['type'] != "role"){
1165         $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1166       }else{
1167         $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1168       }
1170       /* ACL's if needed */
1171       if ($entry['type'] != "reset" && $entry['type'] != "role"){
1172         $acl= ":";
1173         if (isset($entry['acl'])){
1174           foreach ($entry['acl'] as $object => $contents){
1176             /* Only save, if we've some contents in there... */
1177             if (count($contents)){
1178               $acl.= $object.";";
1180               foreach($contents as $attr => $permission){
1182                 /* First entry? Its the one for global settings... */
1183                 if ($attr == '0'){
1184                   $acl.= $permission;
1185                 } else {
1186                   $acl.= '#'.$attr.';'.$permission;
1187                 }
1189               }
1190               $acl.= ',';
1191             }
1192             
1193           }
1194         }
1195         $final.= preg_replace('/,$/', '', $acl);
1196       }
1198       /* Append additional filter options 
1199        */
1200       if(!empty($entry['filter'])){
1201         $final .= ":".base64_encode($entry['filter']);
1202       }
1204       $tmp_acl[]= $final;
1205     } 
1207     /* Call main method */
1208     plugin::save();
1210     /* Finally (re-)assign it... */
1211     $this->attrs['gosaAclEntry']= $tmp_acl;
1213     /* Remove acl from this entry if it is empty... */
1214     if (!count($tmp_acl)){
1215       /* Remove attribute */
1216       if ($this->initially_was_account){
1217         $this->attrs['gosaAclEntry']= array();
1218       } else {
1219         if (isset($this->attrs['gosaAclEntry'])){
1220           unset($this->attrs['gosaAclEntry']);
1221         }
1222       }
1224       /* Remove object class */
1225       $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1226     }    
1228     /* Do LDAP modifications */
1229     $ldap= $this->config->get_ldap_link();
1230     $ldap->cd($this->dn);
1231     $this->cleanup();
1232     $ldap->modify ($this->attrs);
1234     if(count($this->attrs)){
1235       new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1236     }
1238     if (!$ldap->success()){
1239       msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1240     }
1242     /* Refresh users ACLs */
1243     $ui= get_userinfo();
1244     $ui->loadACL();
1245     session::global_set('ui',$ui);
1246   }
1249   function remove_from_parent()
1250   {
1251     plugin::remove_from_parent();
1253     /* include global link_info */
1254     $ldap= $this->config->get_ldap_link();
1256     $ldap->cd($this->dn);
1257     $this->cleanup();
1258     $ldap->modify ($this->attrs);
1260     new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1262     /* Optionally execute a command after we're done */
1263     $this->handle_post_events("remove",array("uid" => $this->uid));
1264   }
1266   
1267   /* Return plugin informations for acl handling */
1268   static function plInfo()
1269   {
1270     return (array(
1271           "plShortName"   => _("ACL"),
1272           "plDescription" => _("ACL")."&nbsp;("._("Access control list").")",
1273           "plSelfModify"  => FALSE,
1274           "plDepends"     => array(),
1275           "plPriority"    => 0,
1276           "plSection"     => array("administration"),
1277           "plCategory"    => array("acl" => array("description"  => _("ACL")."&nbsp;&amp;&nbsp;"._("ACL roles"),
1278                                                           "objectClass"  => array("gosaAcl","gosaRole"))),
1279           "plProvidedAcls"=> array(
1280             "gosaAclEntry"          => _("Acl entries")
1281 //            "description" => _("Role description")
1282             )
1284           ));
1285   }
1288   /* Remove acls defined for $src */
1289   function remove_acl()
1290   {
1291     acl::remove_acl_for($this->dn);
1292   }
1295   /* Remove acls defined for $src */
1296   static function remove_acl_for($dn)
1297   {                                  
1298     global $config;                  
1300     $ldap = $config->get_ldap_link();
1301     $ldap->cd($config->current['BASE']);
1302     $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
1303     $new_entries= array();                                                                                      
1304     while($attrs = $ldap->fetch()){                                                                             
1305       if (!isset($attrs['gosaAclEntry'])) {                                                                     
1306         continue;                                                                                               
1307       }                                                                                                         
1308       unset($attrs['gosaAclEntry']['count']);                                                                   
1310       // Remove entry directly
1311       foreach($attrs['gosaAclEntry'] as $id => $entry){
1312         $parts= explode(':',$entry);                     
1313         $members= explode(',',$parts[2]);                
1314         $new_members= array();                         
1315         foreach($members as $member) {                 
1316           if (base64_decode($member) != $dn) {         
1317             $new_members[]= $member;                   
1318           } else {                                     
1319             gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
1320           }                                                                                                                  
1321         }                                                                                                                    
1323         /* We can completely remove the entry if there are no members anymore */
1324         if (count($new_members)) {                                              
1325           $parts[2]= implode(",", $new_members);                                
1326           $new_entries[]= implode(":", $parts);                                 
1327         }                                                                       
1328       }                                                                         
1330       // There should be a modification, so write it back
1331       $ldap->cd($attrs['dn']);
1332       $new_attrs= array("gosaAclEntry" => $new_entries);
1333       $ldap->modify($new_attrs);
1334       if (!$ldap->success()){
1335         msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1336       }
1337     }
1338   }
1341   function update_acl_membership($src,$dst)
1342   {
1343     $ldap = $this->config->get_ldap_link();
1344     $ldap->cd($this->config->current['BASE']);
1345     $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1346     while($attrs = $ldap->fetch()){
1347       $acl = new acl($this->config,$this->parent,$attrs['dn']);
1348       foreach($acl->gosaAclEntry as $id => $entry){
1349         foreach($entry['members'] as $m_id => $member){
1350           if($m_id == "U:".$src){
1351             unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1352             $new = "U:".$dst;
1353             $acl->gosaAclEntry[$id]['members'][$new] = $new;
1354             gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1355           }
1356           if($m_id == "G:".$src){
1357             unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1358             $new = "G:".$dst;
1359             $acl->gosaAclEntry[$id]['members'][$new] = $new;
1360             gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1361           }
1362         }
1363       }
1364       $acl -> save();
1365     }
1366   }
1368   
1369   // We are only interessted in our own acls ... 
1370   function set_acl_category($category)
1371   {
1372     plugin::set_acl_category("acl");
1373   }
1376 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1377 ?>