1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class acl extends plugin
24 {
25 /* Definitions */
26 var $plHeadline= "Access control";
27 var $plDescription= "Manage access control lists";
29 /* attribute list for save action */
30 var $attributes= array('gosaAclEntry');
31 var $objectclasses= array('gosaAcl');
33 /* Helpers */
34 var $dialogState= "head";
35 var $gosaAclEntry= array();
36 var $aclType= "";
37 var $aclObject= "";
38 var $aclContents= array();
39 var $target= "group";
40 var $aclTypes= array();
41 var $aclObjects= array();
42 var $aclFilter= "";
43 var $aclMyObjects= array();
44 var $users= array();
45 var $roles= array();
46 var $groups= array();
47 var $recipients= array();
48 var $isContainer= FALSE;
49 var $currentIndex= 0;
50 var $wasNewEntry= FALSE;
51 var $ocMapping= array();
52 var $savedAclContents= array();
53 var $myAclObjects = array();
54 var $acl_category = "acl/";
56 function acl (&$config, $parent, $dn= NULL)
57 {
58 /* Include config object */
59 plugin::plugin($config, $dn);
61 /* Load ACL's */
62 $this->gosaAclEntry= array();
63 if (isset($this->attrs['gosaAclEntry'])){
64 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
65 $acl= $this->attrs['gosaAclEntry'][$i];
66 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
67 }
68 }
69 ksort($this->gosaAclEntry);
71 /* Save parent - we've to know more about it than other plugins... */
72 $this->parent= &$parent;
74 /* Container? */
75 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
76 $this->isContainer= TRUE;
77 }
79 /* Users */
80 $ui= get_userinfo();
81 $tag= $ui->gosaUnitTag;
82 $ldap= $config->get_ldap_link();
83 $ldap->cd($config->current['BASE']);
84 if ($tag == ""){
85 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
86 } else {
87 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
88 }
89 while ($attrs= $ldap->fetch()){
91 // Allow objects without cn to be listed without causing an error.
92 if(!isset($attrs['uid'][0])){
93 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
94 }else{
95 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
96 }
98 }
99 ksort($this->users);
101 /* Groups */
102 $ldap->cd($config->current['BASE']);
103 # if ($tag == ""){
104 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
105 # } else {
106 # $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
107 # }
108 while ($attrs= $ldap->fetch()){
109 $dsc= "";
110 if (isset($attrs['description'][0])){
111 $dsc= $attrs['description'][0];
112 }
113 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
114 }
115 ksort($this->groups);
117 /* Roles */
118 $ldap->cd($config->current['BASE']);
119 # if ($tag == ""){
120 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
121 # } else {
122 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
123 # }
124 while ($attrs= $ldap->fetch()){
125 $dsc= "";
126 if (isset($attrs['description'][0])){
127 $dsc= $attrs['description'][0];
128 }
130 $role_id = $attrs['dn'];
132 $this->roles[$role_id]['acls'] =array();
133 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
134 $acl= $attrs['gosaAclTemplate'][$i];
135 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
136 }
137 $this->roles[$role_id]['description'] = $dsc;
138 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
139 }
141 /* Objects */
142 $tmp= session::global_get('plist');
143 $plist= $tmp->info;
144 $cats = array();
145 if (isset($this->parent) && $this->parent !== NULL){
146 $oc= array();
147 foreach ($this->parent->by_object as $key => $obj){
148 $oc= array_merge($oc, $obj->objectclasses);
149 if(isset($obj->acl_category)){
150 $tmp= str_replace("/","",$obj->acl_category);
151 $cats[$tmp] = $tmp;
152 }
153 }
154 if (in_array_ics('organizationalUnit', $oc)){
155 $this->isContainer= TRUE;
156 }
157 } else {
158 $oc= $this->attrs['objectClass'];
159 }
161 /* Extract available categories from plugin info list */
162 foreach ($plist as $class => $acls){
164 /* Only feed categories */
165 if (isset($acls['plCategory'])){
167 /* Walk through supplied list and feed only translated categories */
168 foreach($acls['plCategory'] as $idx => $data){
170 /* Non numeric index means -> base object containing more informations */
171 if (preg_match('/^[0-9]+$/', $idx)){
173 if (!isset($this->ocMapping[$data])){
174 $this->ocMapping[$data]= array();
175 $this->ocMapping[$data][]= '0';
176 }
178 if(isset($cats[$data])){
179 $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
180 }
181 $this->ocMapping[$data][]= $class;
182 } else {
183 if (!isset($this->ocMapping[$idx])){
184 $this->ocMapping[$idx]= array();
185 $this->ocMapping[$idx][]= '0';
186 }
187 $this->ocMapping[$idx][]= $class;
188 $this->aclObjects[$idx]= $data['description'];
190 /* Additionally filter the classes we're interested in in "self edit" mode */
191 if (is_array($data['objectClass'])){
192 foreach($data['objectClass'] as $objectClass){
193 if (in_array_ics($objectClass, $oc)){
194 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
195 break;
196 }
197 }
198 } else {
199 if (in_array_ics($data['objectClass'], $oc)){
200 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
201 }
202 }
203 }
205 }
206 }
207 }
208 $this->aclObjects['all']= '* '._("All categories");
209 $this->ocMapping['all']= array('0' => 'all');
211 /* Sort categories */
212 asort($this->aclObjects);
214 /* Fill acl types */
215 if ($this->isContainer){
216 $this->aclTypes= array("reset" => _("Reset ACLs"),
217 "one" => _("One level"),
218 "base" => _("Current object"),
219 "sub" => _("Complete subtree"),
220 "psub" => _("Complete subtree (permanent)"),
221 "role" => _("Use ACL defined in role"));
222 } else {
223 $this->aclTypes= array("base" => _("Current object"),
224 "role" => _("Use ACL defined in role"));
225 }
226 asort($this->aclTypes);
227 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
228 asort($this->targets);
230 /* Finally - we want to get saved... */
231 $this->is_account= TRUE;
232 }
235 function execute()
236 {
237 /* Call parent execute */
238 plugin::execute();
240 $tmp= session::global_get('plist');
241 $plist= $tmp->info;
243 /* Handle posts */
244 if (isset($_POST['new_acl'])){
245 $this->dialogState= 'create';
246 $this->dialog= TRUE;
247 $this->currentIndex= count($this->gosaAclEntry);
248 $this->loadAclEntry(TRUE);
249 }
251 $new_acl= array();
252 $aclDialog= FALSE;
253 $firstedit= FALSE;
255 /* Act on HTML post and gets here.
256 */
257 if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
258 $id = trim($_GET['id']);
259 $this->dialogState= 'create';
260 $firstedit= TRUE;
261 $this->dialog= TRUE;
262 $this->currentIndex= $id;
263 $this->loadAclEntry();
264 }
266 foreach($_POST as $name => $post){
268 /* Actions... */
269 if (preg_match('/^acl_edit_.*_x/', $name)){
270 $this->dialogState= 'create';
271 $firstedit= TRUE;
272 $this->dialog= TRUE;
273 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
274 $this->loadAclEntry();
275 continue;
276 }
278 if (preg_match('/^cat_edit_.*_x/', $name)){
279 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
280 $this->dialogState= 'edit';
281 foreach ($this->ocMapping[$this->aclObject] as $oc){
282 if (isset($this->aclContents[$oc])){
283 $this->savedAclContents[$oc]= $this->aclContents[$oc];
284 }
285 }
286 continue;
287 }
289 /* Only handle posts, if we allowed to modify ACLs */
290 if(!$this->acl_is_writeable("")){
291 continue;
292 }
294 if (preg_match('/^acl_del_.*_x/', $name)){
295 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
296 continue;
297 }
299 if (preg_match('/^cat_del_.*_x/', $name)){
300 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
301 foreach ($this->ocMapping[$idx] as $key){
302 unset($this->aclContents["$idx/$key"]);
303 }
304 continue;
305 }
307 /* Sorting... */
308 if (preg_match('/^sortup_.*_x/', $name)){
309 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
310 if ($index > 0){
311 $tmp= $this->gosaAclEntry[$index];
312 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
313 $this->gosaAclEntry[$index-1]= $tmp;
314 }
315 continue;
316 }
317 if (preg_match('/^sortdown_.*_x/', $name)){
318 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
319 if ($index < count($this->gosaAclEntry)-1){
320 $tmp= $this->gosaAclEntry[$index];
321 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
322 $this->gosaAclEntry[$index+1]= $tmp;
323 }
324 continue;
325 }
327 /* ACL saving... */
328 if (preg_match('/^acl_.*_[^xy]$/', $name)){
329 list($dummy, $object, $attribute, $value)= split('_', $name);
331 /* Skip for detection entry */
332 if ($object == 'dummy') {
333 continue;
334 }
336 /* Ordinary ACLs */
337 if (!isset($new_acl[$object])){
338 $new_acl[$object]= array();
339 }
340 if (isset($new_acl[$object][$attribute])){
341 $new_acl[$object][$attribute].= $value;
342 } else {
343 $new_acl[$object][$attribute]= $value;
344 }
345 }
347 if(isset($_POST['selected_role'])){
348 $this->aclContents = "";
349 $this->aclContents = base64_decode($_POST['selected_role']);
350 }
351 }
353 if(isset($_POST['acl_dummy_0_0_0'])){
354 $aclDialog= TRUE;
355 }
357 if($this->acl_is_writeable("")){
359 /* Only be interested in new acl's, if we're in the right _POST place */
360 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
362 foreach ($this->ocMapping[$this->aclObject] as $oc){
364 if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
365 unset($this->aclContents[$oc]);
366 }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
367 unset($this->aclContents[$this->aclObject.'/'.$oc]);
368 }else{
369 # trigger_error("Huhm?");
370 }
371 if (isset($new_acl[$oc]) && is_array($new_acl)){
372 $this->aclContents[$oc]= $new_acl[$oc];
373 }
374 if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
375 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
376 }
377 }
378 }
380 /* Save new acl in case of base edit mode */
381 if ($this->aclType == 'base' && !$firstedit){
382 $this->aclContents= $new_acl;
383 }
384 }
386 /* Cancel new acl? */
387 if (isset($_POST['cancel_new_acl'])){
388 $this->dialogState= 'head';
389 $this->dialog= FALSE;
390 if ($this->wasNewEntry){
391 unset ($this->gosaAclEntry[$this->currentIndex]);
392 }
393 }
395 /* Save common values */
396 if($this->acl_is_writeable("")){
397 foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
398 if (isset($_POST[$key])){
399 $this->$key= validate($_POST[$key]);
400 }
401 }
402 }
404 /* Store ACL in main object? */
405 if (isset($_POST['submit_new_acl'])){
406 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
407 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
408 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
409 $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
410 $this->dialogState= 'head';
411 $this->dialog= FALSE;
412 }
414 /* Cancel edit acl? */
415 if (isset($_POST['cancel_edit_acl'])){
416 $this->dialogState= 'create';
417 foreach ($this->ocMapping[$this->aclObject] as $oc){
418 if (isset($this->savedAclContents[$oc])){
419 $this->aclContents[$oc]= $this->savedAclContents[$oc];
420 }
421 }
422 }
424 /* Save edit acl? */
425 if (isset($_POST['submit_edit_acl'])){
426 $this->dialogState= 'create';
427 }
429 /* Add acl? */
430 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
431 $this->dialogState= 'edit';
432 $this->savedAclContents= array();
433 foreach ($this->ocMapping[$this->aclObject] as $oc){
434 if (isset($this->aclContents[$oc])){
435 $this->savedAclContents[$oc]= $this->aclContents[$oc];
436 }
437 }
438 }
440 /* Add to list? */
441 if (isset($_POST['add']) && isset($_POST['source'])){
442 foreach ($_POST['source'] as $key){
443 if ($this->target == 'user'){
444 $this->recipients[$key]= $this->users[$key];
445 }
446 if ($this->target == 'group'){
447 $this->recipients[$key]= $this->groups[$key];
448 }
449 }
450 ksort($this->recipients);
451 }
453 /* Remove from list? */
454 if (isset($_POST['del']) && isset($_POST['recipient'])){
455 foreach ($_POST['recipient'] as $key){
456 unset($this->recipients[$key]);
457 }
458 }
460 /* Create templating instance */
461 $smarty= get_smarty();
462 $smarty->assign("acl_readable",$this->acl_is_readable(""));
463 if(!$this->acl_is_readable("")){
464 return ($smarty->fetch (get_template_path('acl.tpl')));
465 }
467 if ($this->dialogState == 'head'){
468 /* Draw list */
469 $aclList= new divSelectBox("aclList");
470 $aclList->SetHeight(450);
472 /* Fill in entries */
473 foreach ($this->gosaAclEntry as $key => $entry){
474 if(!$this->acl_is_readable("")) continue;
476 $action ="";
478 if($this->acl_is_readable("")){
479 $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
480 }else{
481 $link = $this->assembleAclSummary($entry);
482 }
484 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
485 $field2= array("string" => $link);
487 if($this->acl_is_writeable("")){
488 $action.= "<input type='image' name='sortup_$key' alt='up'
489 title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
490 $action.= "<input type='image' name='sortdown_$key' alt='down'
491 title='"._("Down")."' src='images/lists/sort-down.png'>";
492 }
494 if($this->acl_is_readable("")){
495 $action.= "<input class='center' type='image' src='images/lists/edit.png'
496 alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
497 }
498 if($this->acl_is_removeable("")){
499 $action.= "<input class='center' type='image' src='images/lists/trash.png'
500 alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
501 }
503 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
504 $aclList->AddEntry(array($field1, $field2, $field3));
505 }
507 $smarty->assign("aclList", $aclList->DrawList());
508 }
510 if ($this->dialogState == 'create'){
511 /* Draw list */
512 $aclList= new divSelectBox("aclList");
513 $aclList->SetHeight(150);
515 /* Add settings for all categories to the (permanent) list */
516 foreach ($this->aclObjects as $section => $dsc){
517 $summary= "";
518 foreach($this->ocMapping[$section] as $oc){
519 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
520 $this->aclContents[$oc][0] != ""){
522 $summary.= "$oc, ";
523 continue;
524 }
525 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
526 $summary.= "$oc, ";
527 continue;
528 }
529 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
530 $summary.= "$oc, ";
531 }
532 }
534 /* Set summary... */
535 if ($summary == ""){
536 $summary= '<i>'._("No ACL settings for this category!").'</i>';
537 } else {
538 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
539 }
541 $actions ="";
542 if($this->acl_is_readable("")){
543 $actions= "<input class='center' type='image' src='images/lists/edit.png'
544 alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
545 }
546 if($this->acl_is_removeable()){
547 $actions.= "<input class='center' type='image' src='images/lists/trash.png'
548 alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
549 }
551 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
552 $field2= array("string" => $summary);
553 $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'");
554 $aclList->AddEntry(array($field1, $field2, $field3));
555 }
557 $smarty->assign("aclList", $aclList->DrawList());
558 $smarty->assign("aclType", $this->aclType);
559 $smarty->assign("aclFilter", $this->aclFilter);
560 $smarty->assign("aclTypes", $this->aclTypes);
561 $smarty->assign("target", $this->target);
562 $smarty->assign("targets", $this->targets);
564 /* Assign possible target types */
565 $smarty->assign("targets", $this->targets);
566 foreach ($this->attributes as $attr){
567 $smarty->assign($attr, $this->$attr);
568 }
571 /* Generate list */
572 $tmp= array();
573 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
574 if ($this->target == $field){
575 foreach ($this->$arr as $key => $value){
576 if (!isset($this->recipients[$key])){
577 $tmp[$key]= $value;
578 }
579 }
580 }
581 }
582 $smarty->assign('sources', $tmp);
583 $smarty->assign('recipients', $this->recipients);
585 /* Acl selector if scope is base */
586 if ($this->aclType == 'base'){
587 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
588 }
590 /* Role selector if scope is base */
591 if ($this->aclType == 'role'){
592 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
593 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
594 }
595 }
597 if ($this->dialogState == 'edit'){
598 $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
600 /* Collect objects for selected category */
601 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
602 if ($idx == 0){
603 continue;
604 }
605 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
606 }
607 if ($this->aclObject == 'all'){
608 $aclObjects['all']= _("All objects in current subtree");
609 }
611 /* Role selector if scope is base */
612 if ($this->aclType == 'role'){
613 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
614 } else {
615 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
616 }
617 }
619 /* Show main page */
620 $smarty->assign("dialogState", $this->dialogState);
622 /* Assign acls */
623 $smarty->assign("acl_createable",$this->acl_is_createable());
624 $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
625 $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
626 $smarty->assign("acl_removeable",$this->acl_is_removeable());
628 return ($smarty->fetch (get_template_path('acl.tpl')));
629 }
632 function sort_by_priority($list)
633 {
634 $tmp= session::global_get('plist');
635 $plist= $tmp->info;
636 asort($plist);
637 $newSort = array();
639 foreach($list as $name => $translation){
640 $na = preg_replace("/^.*\//","",$name);
641 $prio = 0;
642 if(isset($plist[$na]['plPriority'])){
643 $prio= $plist[$na]['plPriority'] ;
644 }
646 $newSort[$name] = $prio;
647 }
649 asort($newSort);
651 $ret = array();
652 foreach($newSort as $name => $prio){
653 $ret[$name] = $list[$name];
654 }
655 return($ret);
656 }
659 function buildRoleSelector($list)
660 {
661 $D_List =new divSelectBox("Acl_Roles");
663 $selected = $this->aclContents;
664 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
665 $selected = key($list);
666 }
668 $str ="";
669 foreach($list as $dn => $values){
671 if($dn == $selected){
672 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
673 }else{
674 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
675 }
677 $field1 = array("string" => $option) ;
678 $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
679 $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
681 $D_List->AddEntry(array($field1,$field2,$field3));
682 }
683 return($D_List->DrawList());
684 }
687 function buildAclSelector($list)
688 {
689 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
690 $cols= 3;
691 $tmp= session::global_get('plist');
692 $plist= $tmp->info;
693 asort($plist);
695 /* Add select all/none buttons */
696 $style = "style='width:100px;'";
698 if($this->acl_is_writeable("")){
699 $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
700 $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
701 $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
702 $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
703 $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
705 $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
706 $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
708 $display .= "<br>";
710 $style = "style='width:50px;'";
711 $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
712 $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
713 $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
714 $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
715 $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
716 $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
717 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
718 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
719 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
720 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
722 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
723 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
724 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
725 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
726 }
728 /* Build general objects */
729 $list =$this->sort_by_priority($list);
730 foreach ($list as $key => $name){
732 /* Create sub acl if it does not exist */
733 if (!isset($this->aclContents[$key])){
734 $this->aclContents[$key]= array();
735 }
736 if(!isset($this->aclContents[$key][0])){
737 $this->aclContents[$key][0]= '';
738 }
740 $currentAcl= $this->aclContents[$key];
742 /* Get the overall plugin acls
743 */
744 $overall_acl ="";
745 if(isset($currentAcl[0])){
746 $overall_acl = $currentAcl[0];
747 }
749 // Detect configured plugins
750 $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
752 /* Object header */
753 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
755 if($expand){
756 $back_color = "#C8C8FF";
757 }else{
758 $back_color = "#C8C8C8";
759 }
761 if(session::global_get('js')) {
762 if(isset($_SERVER['HTTP_USER_AGENT']) &&
763 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
764 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
765 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
766 "\n <tr>".
767 "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
768 "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
769 "\n <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
770 "\n </tr>";
771 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
772 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
773 "\n <tr>".
774 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
775 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
776 "\n <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
777 "\n </tr>";
778 } else {
779 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
780 "\n <tr>".
781 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
782 "\n </tr>";
783 }
784 } else {
785 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
786 "\n <tr>".
787 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
788 "\n </tr>";
789 }
791 /* Generate options */
792 $spc= " ";
793 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
794 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
795 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
796 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
797 $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
798 }
800 /* Global options */
801 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
802 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
804 $display.= "\n <tr>".
805 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
806 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
807 "\n </tr>";
809 /* Walk through the list of attributes */
810 $cnt= 1;
811 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
812 if(session::global_get('js')) {
813 if(isset($_SERVER['HTTP_USER_AGENT']) &&
814 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
815 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
816 "\n <td colspan=".$cols.">".
817 "\n <div id='$tname' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
818 "\n <table style='width:100%;'>";
819 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
820 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
821 "\n <td colspan=".$cols.">".
822 "\n <div id='$tname' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
823 "\n <table style='width:100%;'>";
824 }else{
825 }
826 }
829 foreach($splist as $attr => $dsc){
831 /* Skip pl* attributes, they are internal... */
832 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
833 continue;
834 }
836 /* Open table row */
837 if ($cnt == 1){
838 $display.= "\n <tr>";
839 }
841 /* Close table row */
842 if ($cnt == $cols){
843 $cnt= 1;
844 $rb= "";
845 $end= "\n </tr>";
846 } else {
847 $cnt++;
848 $rb= "border-right:1px solid #A0A0A0;";
849 $end= "";
850 }
852 /* Collect list of attributes */
853 $state= "";
854 if (isset($currentAcl[$attr])){
855 $state= $currentAcl[$attr];
856 }
857 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
858 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
859 }
861 /* Fill missing td's if needed */
862 if (--$cnt != $cols && $cnt != 0){
863 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
864 }
866 if(session::global_get('js')) {
867 if(isset($_SERVER['HTTP_USER_AGENT']) &&
868 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
869 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
870 (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
871 $display.= "\n </table>".
872 "\n </div>".
873 "\n </td>".
874 "\n </tr>";
875 }
876 }
878 $display.= "\n</table><br />\n";
879 }
881 return ($display);
882 }
885 function mkchkbx($name, $text, $state= FALSE)
886 {
887 $state= $state?"checked":"";
888 if($this->acl_is_writeable("")){
889 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
890 return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
891 "\n <label for='acl_$tname'>$text</label>";
892 }else{
893 return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
894 }
895 }
898 function mkrwbx($name, $state= "")
899 {
900 $rstate= preg_match('/r/', $state)?'checked':'';
901 $wstate= preg_match('/w/', $state)?'checked':'';
902 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
904 if($this->acl_is_writeable("")){
905 return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
906 "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
907 "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
908 "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
909 }else{
910 return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
911 "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
912 }
913 }
916 static function explodeACL($acl)
917 {
919 $list= split(':', $acl);
920 if(count($list) == 5){
921 list($index, $type,$member,$permission,$filter)= $list;
922 $filter = base64_decode($filter);
923 }else{
924 $filter = "";
925 list($index, $type,$member,$permission)= $list;
926 }
928 $a= array( $index => array("type" => $type,
929 "filter"=> $filter,
930 "members" => acl::extractMembers($acl,$type == "role")));
932 /* Handle different types */
933 switch ($type){
935 case 'psub':
936 case 'sub':
937 case 'one':
938 case 'base':
939 $a[$index]['acl']= acl::extractACL($acl);
940 break;
942 case 'role':
943 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
944 break;
946 case 'reset':
947 break;
949 default:
950 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
951 $a= array();
952 }
953 return ($a);
954 }
957 static function extractMembers($acl,$role = FALSE)
958 {
959 global $config;
960 $a= array();
962 /* Rip acl off the string, seperate by ',' and place it in an array */
963 if($role){
964 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
965 }else{
966 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
967 }
968 if ($ms == $acl){
969 return $a;
970 }
971 $ma= split(',', $ms);
973 /* Decode dn's, fill with informations from LDAP */
974 $ldap= $config->get_ldap_link();
975 foreach ($ma as $memberdn){
976 $dn= base64_decode($memberdn);
977 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
979 /* Found entry... */
980 if ($ldap->count()){
981 $attrs= $ldap->fetch();
982 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
983 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
984 } else {
985 $a['G:'.$dn]= $attrs['cn'][0];
986 if (isset($attrs['description'][0])){
987 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
988 }
989 }
991 /* ... or not */
992 } else {
993 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
994 }
995 }
997 return ($a);
998 }
1001 static function extractACL($acl)
1002 {
1003 /* Rip acl off the string, seperate by ',' and place it in an array */
1004 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
1005 $aa= split(',', $as);
1006 $a= array();
1008 /* Dis-assemble single ACLs */
1009 foreach($aa as $sacl){
1011 /* Dis-assemble field ACLs */
1012 $ao= split('#', $sacl);
1013 $gobject= "";
1014 foreach($ao as $idx => $ssacl){
1016 /* First is department with global acl */
1017 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
1018 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
1019 if ($idx == 0){
1020 /* Create hash for this object */
1021 $gobject= $object;
1022 $a[$gobject]= array();
1024 /* Append ACL if set */
1025 if ($gacl != ""){
1026 $a[$gobject]= array($gacl);
1027 }
1028 } else {
1030 /* All other entries get appended... */
1031 list($field, $facl)= split(';', $ssacl);
1032 $a[$gobject][$field]= $facl;
1033 }
1035 }
1036 }
1038 return ($a);
1039 }
1042 function assembleAclSummary($entry)
1043 {
1044 $summary= "";
1046 /* Summarize ACL */
1047 if (isset($entry['acl'])){
1048 $acl= "";
1050 if($entry['type'] == "role"){
1052 if(isset($this->roles[$entry['acl']])){
1053 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
1054 }else{
1055 $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
1056 }
1057 }else{
1058 foreach ($entry['acl'] as $name => $object){
1059 if (count($object)){
1060 $acl.= "$name, ";
1061 }
1062 }
1063 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1064 }
1065 }
1067 /* Summarize members */
1068 if ($summary != ""){
1069 $summary.= ", ";
1070 }
1071 if (count($entry['members'])){
1072 $summary.= _("Members").": ";
1073 foreach ($entry['members'] as $cn){
1074 $cn= preg_replace('/ \[.*$/', '', $cn);
1075 $summary.= $cn.", ";
1076 }
1077 } else {
1078 $summary.= _("ACL takes effect for all users");
1079 }
1081 return (preg_replace('/, $/', '', $summary));
1082 }
1085 function loadAclEntry($new= FALSE)
1086 {
1087 /* New entry gets presets... */
1088 if ($new){
1089 $this->aclType= 'base';
1090 $this->aclFilter= "";
1091 $this->recipients= array();
1092 $this->aclContents= array();
1093 } else {
1094 $acl= $this->gosaAclEntry[$this->currentIndex];
1095 $this->aclType= $acl['type'];
1096 $this->recipients= $acl['members'];
1097 $this->aclContents= $acl['acl'];
1098 $this->aclFilter= $acl['filter'];
1099 }
1101 $this->wasNewEntry= $new;
1102 }
1105 function aclPostHandler()
1106 {
1107 if (isset($_POST['save_acl'])){
1108 $this->save();
1109 return TRUE;
1110 }
1112 return FALSE;
1113 }
1116 function PrepareForCopyPaste($source)
1117 {
1118 plugin::PrepareForCopyPaste($source);
1120 $dn = $source['dn'];
1121 $acl_c = new acl($this->config, $this->parent,$dn);
1122 $this->gosaAclEntry = $acl_c->gosaAclEntry;
1123 }
1126 function save()
1127 {
1128 /* Assemble ACL's */
1129 $tmp_acl= array();
1131 foreach ($this->gosaAclEntry as $prio => $entry){
1132 $final= "";
1133 $members= "";
1134 if (isset($entry['members'])){
1135 foreach ($entry['members'] as $key => $dummy){
1136 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1137 }
1138 }
1140 if($entry['type'] != "role"){
1141 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1142 }else{
1143 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1144 }
1146 /* ACL's if needed */
1147 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1148 $acl= ":";
1149 if (isset($entry['acl'])){
1150 foreach ($entry['acl'] as $object => $contents){
1152 /* Only save, if we've some contents in there... */
1153 if (count($contents)){
1154 $acl.= $object.";";
1156 foreach($contents as $attr => $permission){
1158 /* First entry? Its the one for global settings... */
1159 if ($attr == '0'){
1160 $acl.= $permission;
1161 } else {
1162 $acl.= '#'.$attr.';'.$permission;
1163 }
1165 }
1166 $acl.= ',';
1167 }
1169 }
1170 }
1171 $final.= preg_replace('/,$/', '', $acl);
1172 }
1174 /* Append additional filter options
1175 */
1176 if(!empty($entry['filter'])){
1177 $final .= ":".base64_encode($entry['filter']);
1178 }
1180 $tmp_acl[]= $final;
1181 }
1183 /* Call main method */
1184 plugin::save();
1186 /* Finally (re-)assign it... */
1187 $this->attrs['gosaAclEntry']= $tmp_acl;
1189 /* Remove acl from this entry if it is empty... */
1190 if (!count($tmp_acl)){
1191 /* Remove attribute */
1192 if ($this->initially_was_account){
1193 $this->attrs['gosaAclEntry']= array();
1194 } else {
1195 if (isset($this->attrs['gosaAclEntry'])){
1196 unset($this->attrs['gosaAclEntry']);
1197 }
1198 }
1200 /* Remove object class */
1201 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1202 }
1204 /* Do LDAP modifications */
1205 $ldap= $this->config->get_ldap_link();
1206 $ldap->cd($this->dn);
1207 $this->cleanup();
1208 $ldap->modify ($this->attrs);
1210 if(count($this->attrs)){
1211 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1212 }
1214 if (!$ldap->success()){
1215 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1216 }
1218 /* Refresh users ACLs */
1219 $ui= get_userinfo();
1220 $ui->loadACL();
1221 session::global_set('ui',$ui);
1222 }
1225 function remove_from_parent()
1226 {
1227 plugin::remove_from_parent();
1229 /* include global link_info */
1230 $ldap= $this->config->get_ldap_link();
1232 $ldap->cd($this->dn);
1233 $this->cleanup();
1234 $ldap->modify ($this->attrs);
1236 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1238 /* Optionally execute a command after we're done */
1239 $this->handle_post_events("remove",array("uid" => $this->uid));
1240 }
1243 /* Return plugin informations for acl handling */
1244 static function plInfo()
1245 {
1246 return (array(
1247 "plShortName" => _("ACL"),
1248 "plDescription" => _("ACL")." ("._("Access control list").")",
1249 "plSelfModify" => FALSE,
1250 "plDepends" => array(),
1251 "plPriority" => 0,
1252 "plSection" => array("administration"),
1253 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1254 "objectClass" => array("gosaAcl","gosaRole"))),
1255 "plProvidedAcls"=> array(
1256 // "cn" => _("Role name"),
1257 // "description" => _("Role description")
1258 )
1260 ));
1261 }
1264 /* Remove acls defined for $src */
1265 function remove_acl()
1266 {
1267 $this->remove_acl_for_dn($this->dn);
1268 }
1271 /* Remove acls defined for $src */
1272 function remove_acl_for_dn($src = "")
1273 {
1274 if($src == ""){
1275 $src = $this->dn;
1276 }
1277 $ldap = $this->config->get_ldap_link();
1278 $ldap->cd($this->config->current['BASE']);
1279 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1280 while($attrs = $ldap->fetch()){
1281 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1282 foreach($acl->gosaAclEntry as $id => $entry){
1283 foreach($entry['members'] as $m_id => $member){
1284 if($m_id == "U:".$src){
1285 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1286 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
1287 }
1288 if($m_id == "G:".$src){
1289 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1290 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
1291 }
1292 }
1293 }
1294 $acl -> save();
1295 }
1296 }
1298 function update_acl_membership($src,$dst)
1299 {
1300 $ldap = $this->config->get_ldap_link();
1301 $ldap->cd($this->config->current['BASE']);
1302 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1303 while($attrs = $ldap->fetch()){
1304 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1305 foreach($acl->gosaAclEntry as $id => $entry){
1306 foreach($entry['members'] as $m_id => $member){
1307 if($m_id == "U:".$src){
1308 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1309 $new = "U:".$dst;
1310 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1311 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1312 }
1313 if($m_id == "G:".$src){
1314 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1315 $new = "G:".$dst;
1316 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1317 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1318 }
1319 }
1320 }
1321 $acl -> save();
1322 }
1323 }
1325 }
1327 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1328 ?>