![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
c10c3fa409ffa25647302602d69639accc98ae73
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief ACL management plugin */
24 class acl extends plugin
25 {
26 /* Definitions */
27 var $plHeadline= "Access control";
28 var $plDescription= "Manage access control lists";
30 /* attribute list for save action */
31 var $attributes= array('gosaAclEntry');
32 var $objectclasses= array('gosaAcl');
34 /* Helpers */
35 var $dialogState= "head";
36 var $gosaAclEntry= array();
37 var $aclType= "";
38 var $aclObject= "";
39 var $aclContents= array();
40 var $target= "group";
41 var $aclTypes= array();
42 var $aclObjects= array();
43 var $aclFilter= "";
44 var $aclMyObjects= array();
45 var $users= array();
46 var $roles= array();
47 var $groups= array();
48 var $recipients= array();
49 var $isContainer= FALSE;
50 var $currentIndex= 0;
51 var $wasNewEntry= FALSE;
52 var $ocMapping= array();
53 var $savedAclContents= array();
54 var $myAclObjects = array();
55 var $acl_category = "acl/";
57 function acl (&$config, $parent, $dn= NULL)
58 {
59 /* Include config object */
60 plugin::plugin($config, $dn);
62 /* Load ACL's */
63 $this->gosaAclEntry= array();
64 if (isset($this->attrs['gosaAclEntry'])){
65 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
66 $acl= $this->attrs['gosaAclEntry'][$i];
67 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
68 }
69 }
70 ksort($this->gosaAclEntry);
72 /* Save parent - we've to know more about it than other plugins... */
73 $this->parent= &$parent;
75 /* Container? */
76 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
77 $this->isContainer= TRUE;
78 }
80 /* Users */
81 $ui= get_userinfo();
82 $tag= $ui->gosaUnitTag;
83 $ldap= $config->get_ldap_link();
84 $ldap->cd($config->current['BASE']);
85 if ($tag == ""){
86 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
87 } else {
88 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
89 }
90 while ($attrs= $ldap->fetch()){
92 // Allow objects without cn to be listed without causing an error.
93 if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
94 $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
95 }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
96 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
97 }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
98 $this->users['U:'.$attrs['dn']]= $attrs['dn'];
99 }else{
100 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
101 }
103 }
104 ksort($this->users);
106 /* Groups */
107 $ldap->cd($config->current['BASE']);
108 # if ($tag == ""){
109 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
110 # } else {
111 # $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
112 # }
113 while ($attrs= $ldap->fetch()){
114 $dsc= "";
115 if (isset($attrs['description'][0])){
116 $dsc= $attrs['description'][0];
117 }
118 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
119 }
120 $this->groups['G:*']= _("All users");
121 ksort($this->groups);
123 /* Roles */
124 $ldap->cd($config->current['BASE']);
125 # if ($tag == ""){
126 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
127 # } else {
128 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
129 # }
130 while ($attrs= $ldap->fetch()){
131 $dsc= "";
132 if (isset($attrs['description'][0])){
133 $dsc= $attrs['description'][0];
134 }
136 $role_id = $attrs['dn'];
138 $this->roles[$role_id]['acls'] =array();
139 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
140 $acl= $attrs['gosaAclTemplate'][$i];
141 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
142 }
143 $this->roles[$role_id]['description'] = $dsc;
144 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
145 }
147 /* Objects */
148 $tmp= session::global_get('plist');
149 $plist= $tmp->info;
150 $cats = array();
151 if (isset($this->parent) && $this->parent !== NULL){
152 $oc= array();
153 foreach ($this->parent->by_object as $key => $obj){
154 $oc= array_merge($oc, $obj->objectclasses);
155 if(isset($obj->acl_category)){
156 $tmp= str_replace("/","",$obj->acl_category);
157 $cats[$tmp] = $tmp;
158 }
159 }
160 if (in_array_ics('organizationalUnit', $oc)){
161 $this->isContainer= TRUE;
162 }
163 } else {
164 $oc= $this->attrs['objectClass'];
165 }
167 /* Extract available categories from plugin info list */
168 foreach ($plist as $class => $acls){
170 /* Only feed categories */
171 if (isset($acls['plCategory'])){
173 /* Walk through supplied list and feed only translated categories */
174 foreach($acls['plCategory'] as $idx => $data){
176 /* Non numeric index means -> base object containing more informations */
177 if (preg_match('/^[0-9]+$/', $idx)){
179 if (!isset($this->ocMapping[$data])){
180 $this->ocMapping[$data]= array();
181 $this->ocMapping[$data][]= '0';
182 }
184 if(isset($cats[$data])){
185 $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
186 }
187 $this->ocMapping[$data][]= $class;
188 } else {
189 if (!isset($this->ocMapping[$idx])){
190 $this->ocMapping[$idx]= array();
191 $this->ocMapping[$idx][]= '0';
192 }
193 $this->ocMapping[$idx][]= $class;
194 $this->aclObjects[$idx]= $data['description'];
196 /* Additionally filter the classes we're interested in in "self edit" mode */
197 if (is_array($data['objectClass'])){
198 foreach($data['objectClass'] as $objectClass){
199 if (in_array_ics($objectClass, $oc)){
200 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
201 break;
202 }
203 }
204 } else {
205 if (in_array_ics($data['objectClass'], $oc)){
206 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
207 }
208 }
209 }
211 }
212 }
213 }
214 $this->aclObjects['all']= '* '._("All categories");
215 $this->ocMapping['all']= array('0' => 'all');
217 /* Sort categories */
218 asort($this->aclObjects);
220 /* Fill acl types */
221 if ($this->isContainer){
222 $this->aclTypes= array("reset" => _("Reset ACLs"),
223 "one" => _("One level"),
224 "base" => _("Current object"),
225 "sub" => _("Complete subtree"),
226 "psub" => _("Complete subtree (permanent)"),
227 "role" => _("Use ACL defined in role"));
228 } else {
229 $this->aclTypes= array("base" => _("Current object"),
230 "role" => _("Use ACL defined in role"));
231 }
232 asort($this->aclTypes);
233 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
234 asort($this->targets);
236 /* Finally - we want to get saved... */
237 $this->is_account= TRUE;
238 }
241 function execute()
242 {
243 /* Call parent execute */
244 plugin::execute();
246 $tmp= session::global_get('plist');
247 $plist= $tmp->info;
249 /* Handle posts */
250 if (isset($_POST['new_acl'])){
251 $this->dialogState= 'create';
252 $this->dialog= TRUE;
253 $this->currentIndex= count($this->gosaAclEntry);
254 $this->loadAclEntry(TRUE);
255 }
257 $new_acl= array();
258 $aclDialog= FALSE;
259 $firstedit= FALSE;
261 /* Act on HTML post and gets here.
262 */
263 if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
264 $id = trim($_GET['id']);
265 $this->dialogState= 'create';
266 $firstedit= TRUE;
267 $this->dialog= TRUE;
268 $this->currentIndex= $id;
269 $this->loadAclEntry();
270 }
272 foreach($_POST as $name => $post){
274 /* Actions... */
275 if (preg_match('/^acl_edit_[0-9]*$/', $name)){
276 $this->dialogState= 'create';
277 $firstedit= TRUE;
278 $this->dialog= TRUE;
279 $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
280 $this->loadAclEntry();
281 continue;
282 }
284 if (preg_match('/^cat_edit_.*$/', $name)){
285 $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
286 $this->dialogState= 'edit';
287 foreach ($this->ocMapping[$this->aclObject] as $oc){
288 if (isset($this->aclContents[$oc])){
289 $this->savedAclContents[$oc]= $this->aclContents[$oc];
290 }
291 }
292 continue;
293 }
295 /* Only handle posts, if we allowed to modify ACLs */
296 if(!$this->acl_is_writeable("")){
297 continue;
298 }
300 if (preg_match('/^acl_del_[0-9]*$/', $name)){
301 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
302 continue;
303 }
305 if (preg_match('/^cat_del_.*$/', $name)){
306 $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
307 foreach ($this->ocMapping[$idx] as $key){
308 if(isset($this->aclContents[$idx]))
309 unset($this->aclContents[$idx]);
310 if(isset($this->aclContents["$idx/$key"]))
311 unset($this->aclContents["$idx/$key"]);
312 }
313 continue;
314 }
316 /* Sorting... */
317 if (preg_match('/^sortup_[0-9]*$/', $name)){
318 $index= preg_replace('/^sortup_([0-9]*)$/', '\1', $name);
319 if ($index > 0){
320 $tmp= $this->gosaAclEntry[$index];
321 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
322 $this->gosaAclEntry[$index-1]= $tmp;
323 }
324 continue;
325 }
326 if (preg_match('/^sortdown_[0-9]*$/', $name)){
327 $index= preg_replace('/^sortdown_([0-9]*)$/', '\1', $name);
328 if ($index < count($this->gosaAclEntry)-1){
329 $tmp= $this->gosaAclEntry[$index];
330 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
331 $this->gosaAclEntry[$index+1]= $tmp;
332 }
333 continue;
334 }
336 /* ACL saving... */
337 if (preg_match('/^acl_.*_[^xy]$/', $name)){
338 list($dummy, $object, $attribute, $value)= explode('_', $name);
340 /* Skip for detection entry */
341 if ($object == 'dummy') {
342 continue;
343 }
345 /* Ordinary ACLs */
346 if (!isset($new_acl[$object])){
347 $new_acl[$object]= array();
348 }
349 if (isset($new_acl[$object][$attribute])){
350 $new_acl[$object][$attribute].= $value;
351 } else {
352 $new_acl[$object][$attribute]= $value;
353 }
354 }
356 // Remember the selected ACL role.
357 if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
358 $this->aclContents = "";
359 $this->aclContents = base64_decode($_POST['selected_role']);
360 }
361 }
363 if(isset($_POST['acl_dummy_0_0_0'])){
364 $aclDialog= TRUE;
365 }
367 if($this->acl_is_writeable("")){
369 /* Only be interested in new acl's, if we're in the right _POST place */
370 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
372 foreach ($this->ocMapping[$this->aclObject] as $oc){
374 if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
375 unset($this->aclContents[$oc]);
376 }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
377 unset($this->aclContents[$this->aclObject.'/'.$oc]);
378 }else{
379 # trigger_error("Huhm?");
380 }
381 if (isset($new_acl[$oc]) && is_array($new_acl)){
382 $this->aclContents[$oc]= $new_acl[$oc];
383 }
384 if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
385 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
386 }
387 }
388 }
390 /* Save new acl in case of base edit mode */
391 if ($this->aclType == 'base' && !$firstedit){
392 $this->aclContents= $new_acl;
393 }
394 }
396 /* Cancel new acl? */
397 if (isset($_POST['cancel_new_acl'])){
398 $this->dialogState= 'head';
399 $this->dialog= FALSE;
400 if ($this->wasNewEntry){
401 unset ($this->gosaAclEntry[$this->currentIndex]);
402 }
403 }
405 /* Save common values */
406 if($this->acl_is_writeable("")){
407 foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
408 if (isset($_POST[$key])){
409 $this->$key= validate($_POST[$key]);
410 }
411 }
412 }
414 /* Store ACL in main object? */
415 if (isset($_POST['submit_new_acl'])){
416 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
417 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
418 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
419 $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
420 $this->dialogState= 'head';
421 $this->dialog= FALSE;
422 }
424 /* Cancel edit acl? */
425 if (isset($_POST['cancel_edit_acl'])){
426 $this->dialogState= 'create';
427 foreach ($this->ocMapping[$this->aclObject] as $oc){
428 if (isset($this->savedAclContents[$oc])){
429 $this->aclContents[$oc]= $this->savedAclContents[$oc];
430 }
431 }
432 }
434 /* Save edit acl? */
435 if (isset($_POST['submit_edit_acl'])){
436 $this->dialogState= 'create';
437 }
439 /* Add acl? */
440 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
441 $this->dialogState= 'edit';
442 $this->savedAclContents= array();
443 foreach ($this->ocMapping[$this->aclObject] as $oc){
444 if (isset($this->aclContents[$oc])){
445 $this->savedAclContents[$oc]= $this->aclContents[$oc];
446 }
447 }
448 }
450 /* Add to list? */
451 if (isset($_POST['add']) && isset($_POST['source'])){
452 foreach ($_POST['source'] as $key){
453 if ($this->target == 'user'){
454 $this->recipients[$key]= $this->users[$key];
455 }
456 if ($this->target == 'group'){
457 $this->recipients[$key]= $this->groups[$key];
458 }
459 }
460 ksort($this->recipients);
461 }
463 /* Remove from list? */
464 if (isset($_POST['del']) && isset($_POST['recipient'])){
465 foreach ($_POST['recipient'] as $key){
466 unset($this->recipients[$key]);
467 }
468 }
470 /* Create templating instance */
471 $smarty= get_smarty();
472 $smarty->assign("acl_readable",$this->acl_is_readable(""));
473 if(!$this->acl_is_readable("")){
474 return ($smarty->fetch (get_template_path('acl.tpl')));
475 }
477 if ($this->dialogState == 'head'){
478 /* Draw list */
479 $aclList= new divSelectBox("aclList");
480 $aclList->SetHeight(450);
482 /* Fill in entries */
483 foreach ($this->gosaAclEntry as $key => $entry){
484 if(!$this->acl_is_readable("")) continue;
486 $action ="";
488 if($this->acl_is_readable("")){
489 $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
490 }else{
491 $link = $this->assembleAclSummary($entry);
492 }
494 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
495 $field2= array("string" => $link);
497 if($this->acl_is_writeable("")){
498 $action.= image('images/lists/sort-up.png', 'sortup_'.$key);
499 $action.= image('images/lists/sort-down.png', 'sortdown_'.$key);
500 }
502 if($this->acl_is_readable("")){
503 $action.= image('images/lists/edit.png','acl_edit_'.$key,msgPool::editButton(_("ACL")));
504 }
505 if($this->acl_is_removeable("")){
506 $action.= image('images/lists/trash.png','acl_del_'.$key,msgPool::delButton(_("ACL")));
507 }
509 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
510 $aclList->AddEntry(array($field1, $field2, $field3));
511 }
513 $smarty->assign("aclList", $aclList->DrawList());
514 }
516 if ($this->dialogState == 'create'){
517 /* Draw list */
518 $aclList= new divSelectBox("aclList");
519 $aclList->SetHeight(150);
521 /* Add settings for all categories to the (permanent) list */
522 foreach ($this->aclObjects as $section => $dsc){
523 $summary= "";
524 foreach($this->ocMapping[$section] as $oc){
525 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
526 $this->aclContents[$oc][0] != ""){
528 $summary.= "$oc, ";
529 continue;
530 }
531 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
532 $summary.= "$oc, ";
533 continue;
534 }
535 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
536 $summary.= "$oc, ";
537 }
538 }
540 /* Set summary... */
541 if ($summary == ""){
542 $summary= '<i>'._("No ACL settings for this category!").'</i>';
543 } else {
544 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
545 }
547 $actions ="";
548 if($this->acl_is_readable("")){
549 $actions.= image('images/lists/edit.png','cat_edit_'.$section, msgPool::editButton(_("category ACL")));
550 }
551 if($this->acl_is_removeable()){
552 $actions.= image('images/lists/trash.png','cat_del_'.$section, msgPool::delButton(_("category ACL")));
553 }
555 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
556 $field2= array("string" => $summary);
557 $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'");
558 $aclList->AddEntry(array($field1, $field2, $field3));
559 }
561 $smarty->assign("aclList", $aclList->DrawList());
562 $smarty->assign("aclType", $this->aclType);
563 $smarty->assign("aclFilter", $this->aclFilter);
564 $smarty->assign("aclTypes", $this->aclTypes);
565 $smarty->assign("target", $this->target);
566 $smarty->assign("targets", $this->targets);
568 /* Assign possible target types */
569 $smarty->assign("targets", $this->targets);
570 foreach ($this->attributes as $attr){
571 $smarty->assign($attr, $this->$attr);
572 }
575 /* Generate list */
576 $tmp= array();
577 if ($this->target == "group" && !isset($this->recipients["G:*"])){
578 $tmp["G:*"]= _("All users");
579 }
580 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
581 if ($this->target == $field){
582 foreach ($this->$arr as $key => $value){
583 if (!isset($this->recipients[$key])){
584 $tmp[$key]= $value;
585 }
586 }
587 }
588 }
589 $smarty->assign('sources', $tmp);
590 $smarty->assign('recipients', $this->recipients);
592 /* Acl selector if scope is base */
593 if ($this->aclType == 'base'){
594 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
595 }
597 /* Role selector if scope is base */
598 if ($this->aclType == 'role'){
599 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
600 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
601 }
602 }
604 if ($this->dialogState == 'edit'){
605 $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
607 /* Collect objects for selected category */
608 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
609 if ($idx == 0){
610 continue;
611 }
612 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
613 }
614 if ($this->aclObject == 'all'){
615 $aclObjects['all']= _("All objects in current subtree");
616 }
618 /* Role selector if scope is base */
619 if ($this->aclType == 'role'){
620 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
621 } else {
622 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
623 }
624 }
626 /* Show main page */
627 $smarty->assign("dialogState", $this->dialogState);
629 /* Assign acls */
630 $smarty->assign("acl_createable",$this->acl_is_createable());
631 $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
632 $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
633 $smarty->assign("acl_removeable",$this->acl_is_removeable());
635 return ($smarty->fetch (get_template_path('acl.tpl')));
636 }
639 function sort_by_priority($list)
640 {
641 $tmp= session::global_get('plist');
642 $plist= $tmp->info;
643 asort($plist);
644 $newSort = array();
646 foreach($list as $name => $translation){
647 $na = preg_replace("/^.*\//","",$name);
648 $prio = 0;
649 if(isset($plist[$na]['plPriority'])){
650 $prio= $plist[$na]['plPriority'] ;
651 }
653 $newSort[$name] = $prio;
654 }
656 asort($newSort);
658 $ret = array();
659 foreach($newSort as $name => $prio){
660 $ret[$name] = $list[$name];
661 }
662 return($ret);
663 }
666 function buildRoleSelector($list)
667 {
668 $D_List =new divSelectBox("Acl_Roles");
670 $selected = $this->aclContents;
671 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
672 $selected = key($list);
673 }
675 $str ="";
676 foreach($list as $dn => $values){
678 if($dn == $selected){
679 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
680 }else{
681 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
682 }
684 $field1 = array("string" => $option) ;
685 $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
686 $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
688 $D_List->AddEntry(array($field1,$field2,$field3));
689 }
690 return($D_List->DrawList());
691 }
694 function buildAclSelector($list)
695 {
696 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
697 $cols= 3;
698 $tmp= session::global_get('plist');
699 $plist= $tmp->info;
700 asort($plist);
702 /* Add select all/none buttons */
703 $style = "style='width:100px;'";
705 if($this->acl_is_writeable("")){
706 $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
707 $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
708 $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
709 $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
710 $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
712 $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
713 $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
715 $display .= "<br>";
717 $style = "style='width:50px;'";
718 $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
719 $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
720 $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
721 $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
722 $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
723 $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
724 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
725 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
726 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
727 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
729 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
730 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
731 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
732 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
733 }
735 /* Build general objects */
736 $list =$this->sort_by_priority($list);
737 foreach ($list as $key => $name){
739 /* Create sub acl if it does not exist */
740 if (!isset($this->aclContents[$key])){
741 $this->aclContents[$key]= array();
742 }
743 if(!isset($this->aclContents[$key][0])){
744 $this->aclContents[$key][0]= '';
745 }
747 $currentAcl= $this->aclContents[$key];
749 /* Get the overall plugin acls
750 */
751 $overall_acl ="";
752 if(isset($currentAcl[0])){
753 $overall_acl = $currentAcl[0];
754 }
756 // Detect configured plugins
757 $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
759 /* Object header */
760 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
762 if($expand){
763 $back_color = "#C8C8FF";
764 }else{
765 $back_color = "#C8C8C8";
766 }
768 if(session::global_get('js')) {
769 if(isset($_SERVER['HTTP_USER_AGENT']) &&
770 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
771 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
772 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
773 "\n <tr>".
774 "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
775 "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
776 "\n <input type='button' onclick=\"$('{$tname}').toggle();\" value='"._("Show/hide advanced settings")."' /></td>".
777 "\n </tr>";
778 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
779 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
780 "\n <tr>".
781 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
782 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
783 "\n <input type='button' onclick=\"$('{$tname}').toggle();\" value='"._("Show/hide advanced settings")."' /></td>".
784 "\n </tr>";
785 } else {
786 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
787 "\n <tr>".
788 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
789 "\n </tr>";
790 }
791 } else {
792 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
793 "\n <tr>".
794 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
795 "\n </tr>";
796 }
798 /* Generate options */
799 $spc= " ";
800 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
801 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
802 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
803 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
804 $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
805 }
807 /* Global options */
808 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
809 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
811 $display.= "\n <tr>".
812 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
813 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
814 "\n </tr>";
816 /* Walk through the list of attributes */
817 $cnt= 1;
818 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
819 if(session::global_get('js')) {
820 if(isset($_SERVER['HTTP_USER_AGENT']) &&
821 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
822 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
823 "\n <td colspan=".$cols.">".
824 "\n <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
825 "\n <table style='width:100%;'>";
826 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
827 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
828 "\n <td colspan=".$cols.">".
829 "\n <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
830 "\n <table style='width:100%;'>";
831 }else{
832 }
833 }
836 foreach($splist as $attr => $dsc){
838 /* Skip pl* attributes, they are internal... */
839 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
840 continue;
841 }
843 /* Open table row */
844 if ($cnt == 1){
845 $display.= "\n <tr>";
846 }
848 /* Close table row */
849 if ($cnt == $cols){
850 $cnt= 1;
851 $rb= "";
852 $end= "\n </tr>";
853 } else {
854 $cnt++;
855 $rb= "border-right:1px solid #A0A0A0;";
856 $end= "";
857 }
859 /* Collect list of attributes */
860 $state= "";
861 if (isset($currentAcl[$attr])){
862 $state= $currentAcl[$attr];
863 }
864 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
865 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
866 }
868 /* Fill missing td's if needed */
869 if (--$cnt != $cols && $cnt != 0){
870 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
871 }
873 if(session::global_get('js')) {
874 if(isset($_SERVER['HTTP_USER_AGENT']) &&
875 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
876 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
877 (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
878 $display.= "\n </table>".
879 "\n </div>".
880 "\n </td>".
881 "\n </tr>";
882 }
883 }
885 $display.= "\n</table><br />\n";
886 }
888 return ($display);
889 }
892 function mkchkbx($name, $text, $state= FALSE)
893 {
894 $state= $state?"checked":"";
895 if($this->acl_is_writeable("")){
896 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
897 return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
898 "\n <label for='acl_$tname'>$text</label>";
899 }else{
900 return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
901 }
902 }
905 function mkrwbx($name, $state= "")
906 {
907 $rstate= preg_match('/r/', $state)?'checked':'';
908 $wstate= preg_match('/w/', $state)?'checked':'';
909 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
911 if($this->acl_is_writeable("")){
912 return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
913 "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
914 "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
915 "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
916 }else{
917 return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
918 "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
919 }
920 }
923 static function explodeACL($acl)
924 {
926 $list= explode(':', $acl);
927 if(count($list) == 5){
928 list($index, $type,$member,$permission,$filter)= $list;
929 $filter = base64_decode($filter);
930 }else{
931 $filter = "";
932 list($index, $type,$member,$permission)= $list;
933 }
935 $a= array( $index => array("type" => $type,
936 "filter"=> $filter,
937 "members" => acl::extractMembers($acl,$type == "role")));
939 /* Handle different types */
940 switch ($type){
942 case 'psub':
943 case 'sub':
944 case 'one':
945 case 'base':
946 $a[$index]['acl']= acl::extractACL($acl);
947 break;
949 case 'role':
950 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
951 break;
953 case 'reset':
954 break;
956 default:
957 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
958 $a= array();
959 }
960 return ($a);
961 }
964 static function extractMembers($acl,$role = FALSE)
965 {
966 global $config;
967 $a= array();
969 /* Rip acl off the string, seperate by ',' and place it in an array */
970 if($role){
971 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
972 }else{
973 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
974 }
975 if ($ms == $acl){
976 return $a;
977 }
978 $ma= explode(',', $ms);
980 /* Decode dn's, fill with informations from LDAP */
981 $ldap= $config->get_ldap_link();
982 foreach ($ma as $memberdn){
983 // Check for wildcard here
984 $dn= base64_decode($memberdn);
985 if ($dn != "*") {
986 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
988 /* Found entry... */
989 if ($ldap->count()){
990 $attrs= $ldap->fetch();
991 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
992 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
993 } else {
994 $a['G:'.$dn]= $attrs['cn'][0];
995 if (isset($attrs['description'][0])){
996 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
997 }
998 }
1000 /* ... or not */
1001 } else {
1002 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
1003 }
1005 } else {
1006 $a['G:*']= sprintf(_("All users"));
1007 }
1008 }
1010 return ($a);
1011 }
1014 static function extractACL($acl)
1015 {
1016 /* Rip acl off the string, seperate by ',' and place it in an array */
1017 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
1018 $aa= explode(',', $as);
1019 $a= array();
1021 /* Dis-assemble single ACLs */
1022 foreach($aa as $sacl){
1024 /* Dis-assemble field ACLs */
1025 $ao= explode('#', $sacl);
1026 $gobject= "";
1027 foreach($ao as $idx => $ssacl){
1029 /* First is department with global acl */
1030 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
1031 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
1032 if ($idx == 0){
1033 /* Create hash for this object */
1034 $gobject= $object;
1035 $a[$gobject]= array();
1037 /* Append ACL if set */
1038 if ($gacl != ""){
1039 $a[$gobject]= array($gacl);
1040 }
1041 } else {
1043 /* All other entries get appended... */
1044 list($field, $facl)= explode(';', $ssacl);
1045 $a[$gobject][$field]= $facl;
1046 }
1048 }
1049 }
1051 return ($a);
1052 }
1055 function assembleAclSummary($entry)
1056 {
1057 $summary= "";
1059 /* Summarize ACL */
1060 if (isset($entry['acl'])){
1061 $acl= "";
1063 if($entry['type'] == "role"){
1065 if(isset($this->roles[$entry['acl']])){
1066 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
1067 }else{
1068 $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
1069 }
1070 }else{
1071 foreach ($entry['acl'] as $name => $object){
1072 if (count($object)){
1073 $acl.= "$name, ";
1074 }
1075 }
1076 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1077 }
1078 }
1081 /* Summarize members */
1082 if(!($this instanceOf aclrole)){
1083 if ($summary != ""){
1084 $summary.= ", ";
1085 }
1086 if (count($entry['members'])){
1087 $summary.= _("Members").": ";
1088 foreach ($entry['members'] as $cn){
1089 $cn= preg_replace('/ \[.*$/', '', $cn);
1090 $summary.= $cn.", ";
1091 }
1092 } else {
1093 $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
1094 }
1095 }
1096 return (preg_replace('/, $/', '', $summary));
1097 }
1100 function loadAclEntry($new= FALSE)
1101 {
1102 /* New entry gets presets... */
1103 if ($new){
1104 $this->aclType= 'base';
1105 $this->aclFilter= "";
1106 $this->recipients= array();
1107 $this->aclContents= array();
1108 } else {
1109 $acl= $this->gosaAclEntry[$this->currentIndex];
1110 $this->aclType= $acl['type'];
1111 $this->recipients= $acl['members'];
1112 $this->aclContents= $acl['acl'];
1113 $this->aclFilter= $acl['filter'];
1114 }
1116 $this->wasNewEntry= $new;
1117 }
1120 function aclPostHandler()
1121 {
1122 if (isset($_POST['save_acl'])){
1123 $this->save();
1124 return TRUE;
1125 }
1127 return FALSE;
1128 }
1131 function PrepareForCopyPaste($source)
1132 {
1133 plugin::PrepareForCopyPaste($source);
1135 $dn = $source['dn'];
1136 $acl_c = new acl($this->config, $this->parent,$dn);
1137 $this->gosaAclEntry = $acl_c->gosaAclEntry;
1138 }
1141 function save()
1142 {
1143 /* Assemble ACL's */
1144 $tmp_acl= array();
1146 foreach ($this->gosaAclEntry as $prio => $entry){
1147 $final= "";
1148 $members= "";
1149 if (isset($entry['members'])){
1150 foreach ($entry['members'] as $key => $dummy){
1151 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1152 }
1153 }
1155 if($entry['type'] != "role"){
1156 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1157 }else{
1158 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1159 }
1161 /* ACL's if needed */
1162 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1163 $acl= ":";
1164 if (isset($entry['acl'])){
1165 foreach ($entry['acl'] as $object => $contents){
1167 /* Only save, if we've some contents in there... */
1168 if (count($contents)){
1169 $acl.= $object.";";
1171 foreach($contents as $attr => $permission){
1173 /* First entry? Its the one for global settings... */
1174 if ($attr == '0'){
1175 $acl.= $permission;
1176 } else {
1177 $acl.= '#'.$attr.';'.$permission;
1178 }
1180 }
1181 $acl.= ',';
1182 }
1184 }
1185 }
1186 $final.= preg_replace('/,$/', '', $acl);
1187 }
1189 /* Append additional filter options
1190 */
1191 if(!empty($entry['filter'])){
1192 $final .= ":".base64_encode($entry['filter']);
1193 }
1195 $tmp_acl[]= $final;
1196 }
1198 /* Call main method */
1199 plugin::save();
1201 /* Finally (re-)assign it... */
1202 $this->attrs['gosaAclEntry']= $tmp_acl;
1204 /* Remove acl from this entry if it is empty... */
1205 if (!count($tmp_acl)){
1206 /* Remove attribute */
1207 if ($this->initially_was_account){
1208 $this->attrs['gosaAclEntry']= array();
1209 } else {
1210 if (isset($this->attrs['gosaAclEntry'])){
1211 unset($this->attrs['gosaAclEntry']);
1212 }
1213 }
1215 /* Remove object class */
1216 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1217 }
1219 /* Do LDAP modifications */
1220 $ldap= $this->config->get_ldap_link();
1221 $ldap->cd($this->dn);
1222 $this->cleanup();
1223 $ldap->modify ($this->attrs);
1225 if(count($this->attrs)){
1226 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1227 }
1229 if (!$ldap->success()){
1230 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1231 }
1233 /* Refresh users ACLs */
1234 $ui= get_userinfo();
1235 $ui->loadACL();
1236 session::global_set('ui',$ui);
1237 }
1240 function remove_from_parent()
1241 {
1242 plugin::remove_from_parent();
1244 /* include global link_info */
1245 $ldap= $this->config->get_ldap_link();
1247 $ldap->cd($this->dn);
1248 $this->cleanup();
1249 $ldap->modify ($this->attrs);
1251 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1253 /* Optionally execute a command after we're done */
1254 $this->handle_post_events("remove",array("uid" => $this->uid));
1255 }
1258 /* Return plugin informations for acl handling */
1259 static function plInfo()
1260 {
1261 return (array(
1262 "plShortName" => _("ACL"),
1263 "plDescription" => _("ACL")." ("._("Access control list").")",
1264 "plSelfModify" => FALSE,
1265 "plDepends" => array(),
1266 "plPriority" => 0,
1267 "plSection" => array("administration"),
1268 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1269 "objectClass" => array("gosaAcl","gosaRole"))),
1270 "plProvidedAcls"=> array(
1271 // "cn" => _("Role name"),
1272 // "description" => _("Role description")
1273 )
1275 ));
1276 }
1279 /* Remove acls defined for $src */
1280 function remove_acl()
1281 {
1282 acl::remove_acl_for($this->dn);
1283 }
1286 /* Remove acls defined for $src */
1287 static function remove_acl_for($dn)
1288 {
1289 global $config;
1291 $ldap = $config->get_ldap_link();
1292 $ldap->cd($config->current['BASE']);
1293 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
1294 $new_entries= array();
1295 while($attrs = $ldap->fetch()){
1296 if (!isset($attrs['gosaAclEntry'])) {
1297 continue;
1298 }
1299 unset($attrs['gosaAclEntry']['count']);
1301 // Remove entry directly
1302 foreach($attrs['gosaAclEntry'] as $id => $entry){
1303 $parts= explode(':',$entry);
1304 $members= explode(',',$parts[2]);
1305 $new_members= array();
1306 foreach($members as $member) {
1307 if (base64_decode($member) != $dn) {
1308 $new_members[]= $member;
1309 } else {
1310 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
1311 }
1312 }
1314 /* We can completely remove the entry if there are no members anymore */
1315 if (count($new_members)) {
1316 $parts[2]= implode(",", $new_members);
1317 $new_entries[]= implode(":", $parts);
1318 }
1319 }
1321 // There should be a modification, so write it back
1322 $ldap->cd($attrs['dn']);
1323 $new_attrs= array("gosaAclEntry" => $new_entries);
1324 $ldap->modify($new_attrs);
1325 if (!$ldap->success()){
1326 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1327 }
1328 }
1329 }
1332 function update_acl_membership($src,$dst)
1333 {
1334 $ldap = $this->config->get_ldap_link();
1335 $ldap->cd($this->config->current['BASE']);
1336 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1337 while($attrs = $ldap->fetch()){
1338 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1339 foreach($acl->gosaAclEntry as $id => $entry){
1340 foreach($entry['members'] as $m_id => $member){
1341 if($m_id == "U:".$src){
1342 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1343 $new = "U:".$dst;
1344 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1345 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1346 }
1347 if($m_id == "G:".$src){
1348 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1349 $new = "G:".$dst;
1350 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1351 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1352 }
1353 }
1354 }
1355 $acl -> save();
1356 }
1357 }
1359 }
1361 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1362 ?>