![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class acl extends plugin
24 {
25 /* Definitions */
26 var $plHeadline= "Access control";
27 var $plDescription= "Manage access control lists";
29 /* attribute list for save action */
30 var $attributes= array('gosaAclEntry');
31 var $objectclasses= array('gosaAcl');
33 /* Helpers */
34 var $dialogState= "head";
35 var $gosaAclEntry= array();
36 var $aclType= "";
37 var $aclObject= "";
38 var $aclContents= array();
39 var $target= "group";
40 var $aclTypes= array();
41 var $aclObjects= array();
42 var $aclFilter= "";
43 var $aclMyObjects= array();
44 var $users= array();
45 var $roles= array();
46 var $groups= array();
47 var $recipients= array();
48 var $isContainer= FALSE;
49 var $currentIndex= 0;
50 var $wasNewEntry= FALSE;
51 var $ocMapping= array();
52 var $savedAclContents= array();
53 var $myAclObjects = array();
54 var $acl_category = "acl/";
56 function acl (&$config, $parent, $dn= NULL)
57 {
58 /* Include config object */
59 plugin::plugin($config, $dn);
61 /* Load ACL's */
62 $this->gosaAclEntry= array();
63 if (isset($this->attrs['gosaAclEntry'])){
64 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
65 $acl= $this->attrs['gosaAclEntry'][$i];
66 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
67 }
68 }
69 ksort($this->gosaAclEntry);
71 /* Save parent - we've to know more about it than other plugins... */
72 $this->parent= &$parent;
74 /* Container? */
75 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
76 $this->isContainer= TRUE;
77 }
79 /* Users */
80 $ui= get_userinfo();
81 $tag= $ui->gosaUnitTag;
82 $ldap= $config->get_ldap_link();
83 $ldap->cd($config->current['BASE']);
84 if ($tag == ""){
85 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
86 } else {
87 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
88 }
89 while ($attrs= $ldap->fetch()){
90 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
91 }
92 ksort($this->users);
94 /* Groups */
95 $ldap->cd($config->current['BASE']);
96 # if ($tag == ""){
97 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
98 # } else {
99 # $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
100 # }
101 while ($attrs= $ldap->fetch()){
102 $dsc= "";
103 if (isset($attrs['description'][0])){
104 $dsc= $attrs['description'][0];
105 }
106 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
107 }
108 ksort($this->groups);
110 /* Roles */
111 $ldap->cd($config->current['BASE']);
112 # if ($tag == ""){
113 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
114 # } else {
115 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
116 # }
117 while ($attrs= $ldap->fetch()){
118 $dsc= "";
119 if (isset($attrs['description'][0])){
120 $dsc= $attrs['description'][0];
121 }
123 $role_id = $attrs['dn'];
125 $this->roles[$role_id]['acls'] =array();
126 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
127 $acl= $attrs['gosaAclTemplate'][$i];
128 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
129 }
130 $this->roles[$role_id]['description'] = $dsc;
131 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
132 }
134 /* Objects */
135 $tmp= session::get('plist');
136 $plist= $tmp->info;
137 $cats = array();
138 if (isset($this->parent) && $this->parent !== NULL){
139 $oc= array();
140 foreach ($this->parent->by_object as $key => $obj){
141 $oc= array_merge($oc, $obj->objectclasses);
142 if(isset($obj->acl_category)){
143 $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
144 }
145 }
146 if (in_array_ics('organizationalUnit', $oc)){
147 $this->isContainer= TRUE;
148 }
149 } else {
150 $oc= $this->attrs['objectClass'];
151 }
153 /* Extract available categories from plugin info list */
154 foreach ($plist as $class => $acls){
156 /* Only feed categories */
157 if (isset($acls['plCategory'])){
159 /* Walk through supplied list and feed only translated categories */
160 foreach($acls['plCategory'] as $idx => $data){
162 /* Non numeric index means -> base object containing more informations */
163 if (preg_match('/^[0-9]+$/', $idx)){
165 if (!isset($this->ocMapping[$data])){
166 $this->ocMapping[$data]= array();
167 $this->ocMapping[$data][]= '0';
168 }
170 if(isset($cats[$data])){
171 $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
172 }
173 $this->ocMapping[$data][]= $class;
174 } else {
175 if (!isset($this->ocMapping[$idx])){
176 $this->ocMapping[$idx]= array();
177 $this->ocMapping[$idx][]= '0';
178 }
179 $this->ocMapping[$idx][]= $class;
180 $this->aclObjects[$idx]= $data['description'];
182 /* Additionally filter the classes we're interested in in "self edit" mode */
183 if (is_array($data['objectClass'])){
184 foreach($data['objectClass'] as $objectClass){
185 if (in_array_ics($objectClass, $oc)){
186 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
187 break;
188 }
189 }
190 } else {
191 if (in_array_ics($data['objectClass'], $oc)){
192 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
193 }
194 }
195 }
197 }
198 }
199 }
200 $this->aclObjects['all']= '* '._("All categories");
201 $this->ocMapping['all']= array('0' => 'all');
203 /* Sort categories */
204 asort($this->aclObjects);
206 /* Fill acl types */
207 if ($this->isContainer){
208 $this->aclTypes= array("reset" => _("Reset ACLs"),
209 "one" => _("One level"),
210 "base" => _("Current object"),
211 "sub" => _("Complete subtree"),
212 "psub" => _("Complete subtree (permanent)"),
213 "role" => _("Use ACL defined in role"));
214 } else {
215 $this->aclTypes= array("base" => _("Current object"),
216 "role" => _("Use ACL defined in role"));
217 }
218 asort($this->aclTypes);
219 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
220 asort($this->targets);
222 /* Finally - we want to get saved... */
223 $this->is_account= TRUE;
224 }
227 function execute()
228 {
229 /* Call parent execute */
230 plugin::execute();
232 $tmp= session::get('plist');
233 $plist= $tmp->info;
235 /* Handle posts */
236 if (isset($_POST['new_acl'])){
237 $this->dialogState= 'create';
238 $this->dialog= TRUE;
239 $this->currentIndex= count($this->gosaAclEntry);
240 $this->loadAclEntry(TRUE);
241 }
243 $new_acl= array();
244 $aclDialog= FALSE;
245 $firstedit= FALSE;
247 foreach($_POST as $name => $post){
249 /* Actions... */
250 if (preg_match('/^acl_edit_.*_x/', $name)){
251 $this->dialogState= 'create';
252 $firstedit= TRUE;
253 $this->dialog= TRUE;
254 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
255 $this->loadAclEntry();
256 continue;
257 }
259 if (preg_match('/^cat_edit_.*_x/', $name)){
260 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
261 $this->dialogState= 'edit';
262 foreach ($this->ocMapping[$this->aclObject] as $oc){
263 if (isset($this->aclContents[$oc])){
264 $this->savedAclContents[$oc]= $this->aclContents[$oc];
265 }
266 }
267 continue;
268 }
270 /* Only handle posts, if we allowed to modify ACLs
271 */
272 if(!$this->acl_is_writeable("")){
273 continue;
274 }
276 if (preg_match('/^acl_del_.*_x/', $name)){
277 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
278 continue;
279 }
281 if (preg_match('/^cat_del_.*_x/', $name)){
282 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
283 foreach ($this->ocMapping[$idx] as $key){
284 unset($this->aclContents["$idx/$key"]);
285 }
286 continue;
287 }
289 /* Sorting... */
290 if (preg_match('/^sortup_.*_x/', $name)){
291 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
292 if ($index > 0){
293 $tmp= $this->gosaAclEntry[$index];
294 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
295 $this->gosaAclEntry[$index-1]= $tmp;
296 }
297 continue;
298 }
299 if (preg_match('/^sortdown_.*_x/', $name)){
300 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
301 if ($index < count($this->gosaAclEntry)-1){
302 $tmp= $this->gosaAclEntry[$index];
303 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
304 $this->gosaAclEntry[$index+1]= $tmp;
305 }
306 continue;
307 }
309 /* ACL saving... */
310 if (preg_match('/^acl_.*_[^xy]$/', $name)){
311 list($dummy, $object, $attribute, $value)= split('_', $name);
313 /* Skip for detection entry */
314 if ($object == 'dummy') {
315 continue;
316 }
318 /* Ordinary ACLs */
319 if (!isset($new_acl[$object])){
320 $new_acl[$object]= array();
321 }
322 if (isset($new_acl[$object][$attribute])){
323 $new_acl[$object][$attribute].= $value;
324 } else {
325 $new_acl[$object][$attribute]= $value;
326 }
327 }
329 if(isset($_POST['selected_role'])){
330 $this->aclContents = "";
331 $this->aclContents = base64_decode($_POST['selected_role']);
332 }
333 }
335 if(isset($_POST['acl_dummy_0_0_0'])){
336 $aclDialog= TRUE;
337 }
339 if($this->acl_is_writeable("")){
341 /* Only be interested in new acl's, if we're in the right _POST place */
342 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
344 foreach ($this->ocMapping[$this->aclObject] as $oc){
346 if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
347 unset($this->aclContents[$oc]);
348 }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
349 unset($this->aclContents[$this->aclObject.'/'.$oc]);
350 }else{
351 # trigger_error("Huhm?");
352 }
353 if (isset($new_acl[$oc]) && is_array($new_acl)){
354 $this->aclContents[$oc]= $new_acl[$oc];
355 }
356 if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
357 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
358 }
359 }
360 }
362 /* Save new acl in case of base edit mode */
363 if ($this->aclType == 'base' && !$firstedit){
364 $this->aclContents= $new_acl;
365 }
366 }
368 /* Cancel new acl? */
369 if (isset($_POST['cancel_new_acl'])){
370 $this->dialogState= 'head';
371 $this->dialog= FALSE;
372 if ($this->wasNewEntry){
373 unset ($this->gosaAclEntry[$this->currentIndex]);
374 }
375 }
377 /* Save common values */
378 if($this->acl_is_writeable("")){
379 foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
380 if (isset($_POST[$key])){
381 $this->$key= validate($_POST[$key]);
382 }
383 }
384 }
386 /* Store ACL in main object? */
387 if (isset($_POST['submit_new_acl'])){
388 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
389 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
390 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
391 $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
392 $this->dialogState= 'head';
393 $this->dialog= FALSE;
394 }
396 /* Cancel edit acl? */
397 if (isset($_POST['cancel_edit_acl'])){
398 $this->dialogState= 'create';
399 foreach ($this->ocMapping[$this->aclObject] as $oc){
400 if (isset($this->savedAclContents[$oc])){
401 $this->aclContents[$oc]= $this->savedAclContents[$oc];
402 }
403 }
404 }
406 /* Save edit acl? */
407 if (isset($_POST['submit_edit_acl'])){
408 $this->dialogState= 'create';
409 }
411 /* Add acl? */
412 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
413 $this->dialogState= 'edit';
414 $this->savedAclContents= array();
415 foreach ($this->ocMapping[$this->aclObject] as $oc){
416 if (isset($this->aclContents[$oc])){
417 $this->savedAclContents[$oc]= $this->aclContents[$oc];
418 }
419 }
420 }
422 /* Add to list? */
423 if (isset($_POST['add']) && isset($_POST['source'])){
424 foreach ($_POST['source'] as $key){
425 if ($this->target == 'user'){
426 $this->recipients[$key]= $this->users[$key];
427 }
428 if ($this->target == 'group'){
429 $this->recipients[$key]= $this->groups[$key];
430 }
431 }
432 ksort($this->recipients);
433 }
435 /* Remove from list? */
436 if (isset($_POST['del']) && isset($_POST['recipient'])){
437 foreach ($_POST['recipient'] as $key){
438 unset($this->recipients[$key]);
439 }
440 }
442 /* Create templating instance */
443 $smarty= get_smarty();
444 $smarty->assign("acl_readable",$this->acl_is_readable(""));
445 if(!$this->acl_is_readable("")){
446 return ($smarty->fetch (get_template_path('acl.tpl')));
447 }
449 if ($this->dialogState == 'head'){
450 /* Draw list */
451 $aclList= new divSelectBox("aclList");
452 $aclList->SetHeight(450);
454 /* Fill in entries */
455 foreach ($this->gosaAclEntry as $key => $entry){
456 if(!$this->acl_is_readable("")) continue;
458 $action ="";
460 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
461 $field2= array("string" => $this->assembleAclSummary($entry));
463 if($this->acl_is_writeable("")){
464 $action.= "<input type='image' name='sortup_$key' alt='up'
465 title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
466 $action.= "<input type='image' name='sortdown_$key' alt='down'
467 title='"._("Down")."' src='images/lists/sort-down.png'>";
468 }
470 if($this->acl_is_readable("")){
471 $action.= "<input class='center' type='image' src='images/lists/edit.png'
472 alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
473 }
474 if($this->acl_is_removeable("")){
475 $action.= "<input class='center' type='image' src='images/lists/trash.png'
476 alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
477 }
479 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
480 $aclList->AddEntry(array($field1, $field2, $field3));
481 }
483 $smarty->assign("aclList", $aclList->DrawList());
484 }
486 if ($this->dialogState == 'create'){
487 /* Draw list */
488 $aclList= new divSelectBox("aclList");
489 $aclList->SetHeight(150);
491 /* Add settings for all categories to the (permanent) list */
492 foreach ($this->aclObjects as $section => $dsc){
493 $summary= "";
494 foreach($this->ocMapping[$section] as $oc){
495 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
496 $this->aclContents[$oc][0] != ""){
498 $summary.= "$oc, ";
499 continue;
500 }
501 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
502 $summary.= "$oc, ";
503 continue;
504 }
505 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
506 $summary.= "$oc, ";
507 }
508 }
510 /* Set summary... */
511 if ($summary == ""){
512 $summary= '<i>'._("No ACL settings for this category!").'</i>';
513 } else {
514 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
515 }
517 $actions ="";
518 if($this->acl_is_readable("")){
519 $actions= "<input class='center' type='image' src='images/lists/edit.png'
520 alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
521 }
522 if($this->acl_is_removeable()){
523 $actions.= "<input class='center' type='image' src='images/lists/trash.png'
524 alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
525 }
527 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
528 $field2= array("string" => $summary);
529 $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'");
530 $aclList->AddEntry(array($field1, $field2, $field3));
531 }
533 $smarty->assign("aclList", $aclList->DrawList());
534 $smarty->assign("aclType", $this->aclType);
535 $smarty->assign("aclFilter", $this->aclFilter);
536 $smarty->assign("aclTypes", $this->aclTypes);
537 $smarty->assign("target", $this->target);
538 $smarty->assign("targets", $this->targets);
540 /* Assign possible target types */
541 $smarty->assign("targets", $this->targets);
542 foreach ($this->attributes as $attr){
543 $smarty->assign($attr, $this->$attr);
544 }
547 /* Generate list */
548 $tmp= array();
549 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
550 if ($this->target == $field){
551 foreach ($this->$arr as $key => $value){
552 if (!isset($this->recipients[$key])){
553 $tmp[$key]= $value;
554 }
555 }
556 }
557 }
558 $smarty->assign('sources', $tmp);
559 $smarty->assign('recipients', $this->recipients);
561 /* Acl selector if scope is base */
562 if ($this->aclType == 'base'){
563 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
564 }
566 /* Role selector if scope is base */
567 if ($this->aclType == 'role'){
568 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
569 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
570 }
571 }
573 if ($this->dialogState == 'edit'){
574 $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
576 /* Collect objects for selected category */
577 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
578 if ($idx == 0){
579 continue;
580 }
581 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
582 }
583 if ($this->aclObject == 'all'){
584 $aclObjects['all']= _("All objects in current subtree");
585 }
587 /* Role selector if scope is base */
588 if ($this->aclType == 'role'){
589 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
590 } else {
591 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
592 }
593 }
595 /* Show main page */
596 $smarty->assign("dialogState", $this->dialogState);
598 /* Assign acls */
599 $smarty->assign("acl_createable",$this->acl_is_createable());
600 $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
601 $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
602 $smarty->assign("acl_removeable",$this->acl_is_removeable());
604 return ($smarty->fetch (get_template_path('acl.tpl')));
605 }
608 function sort_by_priority($list)
609 {
610 $tmp= session::get('plist');
611 $plist= $tmp->info;
612 asort($plist);
613 $newSort = array();
615 foreach($list as $name => $translation){
616 $na = preg_replace("/^.*\//","",$name);
617 $prio = 0;
618 if(isset($plist[$na]['plPriority'])){
619 $prio= $plist[$na]['plPriority'] ;
620 }
622 $newSort[$name] = $prio;
623 }
625 asort($newSort);
627 $ret = array();
628 foreach($newSort as $name => $prio){
629 $ret[$name] = $list[$name];
630 }
631 return($ret);
632 }
635 function buildRoleSelector($list)
636 {
637 $D_List =new divSelectBox("Acl_Roles");
639 $selected = $this->aclContents;
640 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
641 $selected = key($list);
642 }
644 $str ="";
645 foreach($list as $dn => $values){
647 if($dn == $selected){
648 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
649 }else{
650 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
651 }
653 $field1 = array("string" => $option) ;
654 $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
655 $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
657 $D_List->AddEntry(array($field1,$field2,$field3));
658 }
659 return($D_List->DrawList());
660 }
663 function buildAclSelector($list)
664 {
665 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
666 $cols= 3;
667 $tmp= session::get('plist');
668 $plist= $tmp->info;
669 asort($plist);
671 /* Add select all/none buttons */
672 $style = "style='width:100px;'";
674 if($this->acl_is_writeable("")){
675 $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
676 $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
677 $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
678 $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
679 $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
681 $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
682 $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
684 $display .= "<br>";
686 $style = "style='width:50px;'";
687 $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
688 $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
689 $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
690 $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
691 $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
692 $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
693 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
694 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
695 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
696 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
698 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
699 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
700 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
701 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
702 }
704 /* Build general objects */
705 $list =$this->sort_by_priority($list);
706 foreach ($list as $key => $name){
708 /* Create sub acl if it does not exist */
709 if (!isset($this->aclContents[$key])){
710 $this->aclContents[$key]= array();
711 $this->aclContents[$key][0]= '';
712 }
713 $currentAcl= $this->aclContents[$key];
715 /* Get the overall plugin acls
716 */
717 $overall_acl ="";
718 if(isset($currentAcl[0])){
719 $overall_acl = $currentAcl[0];
720 }
722 /* Object header */
723 if(session::get('js')) {
724 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
725 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
726 "\n <tr>".
727 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
728 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
729 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/hide advanced settings")."' /></td>".
730 "\n </tr>";
731 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
732 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
733 "\n <tr>".
734 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
735 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
736 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/hide advanced settings")."' /></td>".
737 "\n </tr>";
738 } else {
739 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
740 "\n <tr>".
741 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
742 "\n </tr>";
743 }
744 } else {
745 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
746 "\n <tr>".
747 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
748 "\n </tr>";
749 }
751 /* Generate options */
752 $spc= " ";
753 # if ($this->isContainer && $this->aclType != 'base'){
754 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
755 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
756 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
757 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
758 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
759 }
760 # } else {
761 # $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc;
762 # $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc;
763 # if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
764 # $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
765 # }
766 # }
768 /* Global options */
769 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
770 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
772 $display.= "\n <tr>".
773 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
774 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
775 "\n </tr>";
777 /* Walk through the list of attributes */
778 $cnt= 1;
779 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
780 # asort($splist);
781 if(session::get('js')) {
782 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
783 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
784 "\n <td colspan=".$cols.">".
785 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
786 "\n <table style='width:100%;'>";
787 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
788 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
789 "\n <td colspan=".$cols.">".
790 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
791 "\n <table style='width:100%;'>";
792 }
793 }
794 foreach($splist as $attr => $dsc){
796 /* Skip pl* attributes, they are internal... */
797 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
798 continue;
799 }
801 /* Open table row */
802 if ($cnt == 1){
803 $display.= "\n <tr>";
804 }
806 /* Close table row */
807 if ($cnt == $cols){
808 $cnt= 1;
809 $rb= "";
810 $end= "\n </tr>";
811 } else {
812 $cnt++;
813 $rb= "border-right:1px solid #A0A0A0;";
814 $end= "";
815 }
817 /* Collect list of attributes */
818 $state= "";
819 if (isset($currentAcl[$attr])){
820 $state= $currentAcl[$attr];
821 }
822 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
823 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
824 }
826 /* Fill missing td's if needed */
827 if (--$cnt != $cols && $cnt != 0){
828 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
829 }
831 if(session::get('js')) {
832 if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
833 $display.= "\n </table>".
834 "\n </div>".
835 "\n </td>".
836 "\n </tr>";
837 }
838 }
840 $display.= "\n</table><br />\n";
841 }
843 return ($display);
844 }
847 function mkchkbx($name, $text, $state= FALSE)
848 {
849 $state= $state?"checked":"";
850 if($this->acl_is_writeable("")){
851 return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
852 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
853 }else{
854 return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
855 }
856 }
859 function mkrwbx($name, $state= "")
860 {
861 $rstate= preg_match('/r/', $state)?'checked':'';
862 $wstate= preg_match('/w/', $state)?'checked':'';
864 if($this->acl_is_writeable("")){
865 return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
866 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
867 "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
868 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
869 }else{
870 return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
871 "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
872 }
873 }
876 static function explodeACL($acl)
877 {
879 $list= split(':', $acl);
880 if(count($list) == 5){
881 list($index, $type,$member,$permission,$filter)= $list;
882 $filter = base64_decode($filter);
883 }else{
884 $filter = "";
885 list($index, $type,$member,$permission)= $list;
886 }
888 $a= array( $index => array("type" => $type,
889 "filter"=> $filter,
890 "members" => acl::extractMembers($acl,$type == "role")));
892 /* Handle different types */
893 switch ($type){
895 case 'psub':
896 case 'sub':
897 case 'one':
898 case 'base':
899 $a[$index]['acl']= acl::extractACL($acl);
900 break;
902 case 'role':
903 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
904 break;
906 case 'reset':
907 break;
909 default:
910 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
911 $a= array();
912 }
913 return ($a);
914 }
917 static function extractMembers($acl,$role = FALSE)
918 {
919 global $config;
920 $a= array();
922 /* Rip acl off the string, seperate by ',' and place it in an array */
923 if($role){
924 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
925 }else{
926 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
927 }
928 if ($ms == $acl){
929 return $a;
930 }
931 $ma= split(',', $ms);
933 /* Decode dn's, fill with informations from LDAP */
934 $ldap= $config->get_ldap_link();
935 foreach ($ma as $memberdn){
936 $dn= base64_decode($memberdn);
937 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
939 /* Found entry... */
940 if ($ldap->count()){
941 $attrs= $ldap->fetch();
942 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
943 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
944 } else {
945 $a['G:'.$dn]= $attrs['cn'][0];
946 if (isset($attrs['description'][0])){
947 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
948 }
949 }
951 /* ... or not */
952 } else {
953 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
954 }
955 }
957 return ($a);
958 }
961 static function extractACL($acl)
962 {
963 /* Rip acl off the string, seperate by ',' and place it in an array */
964 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
965 $aa= split(',', $as);
966 $a= array();
968 /* Dis-assemble single ACLs */
969 foreach($aa as $sacl){
971 /* Dis-assemble field ACLs */
972 $ao= split('#', $sacl);
973 $gobject= "";
974 foreach($ao as $idx => $ssacl){
976 /* First is department with global acl */
977 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
978 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
979 if ($idx == 0){
980 /* Create hash for this object */
981 $gobject= $object;
982 $a[$gobject]= array();
984 /* Append ACL if set */
985 if ($gacl != ""){
986 $a[$gobject]= array($gacl);
987 }
988 } else {
990 /* All other entries get appended... */
991 list($field, $facl)= split(';', $ssacl);
992 $a[$gobject][$field]= $facl;
993 }
995 }
996 }
998 return ($a);
999 }
1002 function assembleAclSummary($entry)
1003 {
1004 $summary= "";
1006 /* Summarize ACL */
1007 if (isset($entry['acl'])){
1008 $acl= "";
1010 if($entry['type'] == "role"){
1012 if(isset($this->roles[$entry['acl']])){
1013 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
1014 }else{
1015 $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
1016 }
1017 }else{
1018 foreach ($entry['acl'] as $name => $object){
1019 if (count($object)){
1020 $acl.= "$name, ";
1021 }
1022 }
1023 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1024 }
1025 }
1027 /* Summarize members */
1028 if ($summary != ""){
1029 $summary.= ", ";
1030 }
1031 if (count($entry['members'])){
1032 $summary.= _("Members").": ";
1033 foreach ($entry['members'] as $cn){
1034 $cn= preg_replace('/ \[.*$/', '', $cn);
1035 $summary.= $cn.", ";
1036 }
1037 } else {
1038 $summary.= _("ACL takes effect for all users");
1039 }
1041 return (preg_replace('/, $/', '', $summary));
1042 }
1045 function loadAclEntry($new= FALSE)
1046 {
1047 /* New entry gets presets... */
1048 if ($new){
1049 $this->aclType= 'base';
1050 $this->aclFilter= "";
1051 $this->recipients= array();
1052 $this->aclContents= array();
1053 } else {
1054 $acl= $this->gosaAclEntry[$this->currentIndex];
1055 $this->aclType= $acl['type'];
1056 $this->recipients= $acl['members'];
1057 $this->aclContents= $acl['acl'];
1058 $this->aclFilter= $acl['filter'];
1059 }
1061 $this->wasNewEntry= $new;
1062 }
1065 function aclPostHandler()
1066 {
1067 if (isset($_POST['save_acl'])){
1068 $this->save();
1069 return TRUE;
1070 }
1072 return FALSE;
1073 }
1076 function PrepareForCopyPaste($source)
1077 {
1078 plugin::PrepareForCopyPaste($source);
1080 $dn = $source['dn'];
1081 $acl_c = new acl($this->config, $this->parent,$dn);
1082 $this->gosaAclEntry = $acl_c->gosaAclEntry;
1083 }
1086 function save()
1087 {
1088 /* Assemble ACL's */
1089 $tmp_acl= array();
1091 foreach ($this->gosaAclEntry as $prio => $entry){
1092 $final= "";
1093 $members= "";
1094 if (isset($entry['members'])){
1095 foreach ($entry['members'] as $key => $dummy){
1096 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1097 }
1098 }
1100 if($entry['type'] != "role"){
1101 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1102 }else{
1103 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1104 }
1106 /* ACL's if needed */
1107 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1108 $acl= ":";
1109 if (isset($entry['acl'])){
1110 foreach ($entry['acl'] as $object => $contents){
1112 /* Only save, if we've some contents in there... */
1113 if (count($contents)){
1114 $acl.= $object.";";
1116 foreach($contents as $attr => $permission){
1118 /* First entry? Its the one for global settings... */
1119 if ($attr == '0'){
1120 $acl.= $permission;
1121 } else {
1122 $acl.= '#'.$attr.';'.$permission;
1123 }
1125 }
1126 $acl.= ',';
1127 }
1129 }
1130 }
1131 $final.= preg_replace('/,$/', '', $acl);
1132 }
1134 /* Append additional filter options
1135 */
1136 if(!empty($entry['filter'])){
1137 $final .= ":".base64_encode($entry['filter']);
1138 }
1140 $tmp_acl[]= $final;
1141 }
1143 /* Call main method */
1144 plugin::save();
1146 /* Finally (re-)assign it... */
1147 $this->attrs['gosaAclEntry']= $tmp_acl;
1149 /* Remove acl from this entry if it is empty... */
1150 if (!count($tmp_acl)){
1151 /* Remove attribute */
1152 if ($this->initially_was_account){
1153 $this->attrs['gosaAclEntry']= array();
1154 } else {
1155 if (isset($this->attrs['gosaAclEntry'])){
1156 unset($this->attrs['gosaAclEntry']);
1157 }
1158 }
1160 /* Remove object class */
1161 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1162 }
1164 /* Do LDAP modifications */
1165 $ldap= $this->config->get_ldap_link();
1166 $ldap->cd($this->dn);
1167 $this->cleanup();
1168 $ldap->modify ($this->attrs);
1170 if(count($this->attrs)){
1171 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1172 }
1174 if (!$ldap->success()){
1175 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
1176 }
1178 /* Refresh users ACLs */
1179 $ui= get_userinfo();
1180 $ui->loadACL();
1181 session::set('ui',$ui);
1182 }
1185 function remove_from_parent()
1186 {
1187 plugin::remove_from_parent();
1189 /* include global link_info */
1190 $ldap= $this->config->get_ldap_link();
1192 $ldap->cd($this->dn);
1193 $this->cleanup();
1194 $ldap->modify ($this->attrs);
1196 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1198 /* Optionally execute a command after we're done */
1199 $this->handle_post_events("remove",array("uid" => $this->uid));
1200 }
1203 /* Return plugin informations for acl handling */
1204 static function plInfo()
1205 {
1206 return (array(
1207 "plShortName" => _("ACL"),
1208 "plDescription" => _("ACL")." ("._("Access control list").")",
1209 "plSelfModify" => FALSE,
1210 "plDepends" => array(),
1211 "plPriority" => 0,
1212 "plSection" => array("administration"),
1213 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1214 "objectClass" => array("gosaAcl","gosaRole"))),
1215 "plProvidedAcls"=> array(
1216 // "cn" => _("Role name"),
1217 // "description" => _("Role description")
1218 )
1220 ));
1221 }
1224 /* Remove acls defined for $src */
1225 function remove_acl()
1226 {
1227 $this->remove_acl_for_dn($this->dn);
1228 }
1231 /* Remove acls defined for $src */
1232 function remove_acl_for_dn($src = "")
1233 {
1234 if($src == ""){
1235 $src = $this->dn;
1236 }
1237 $ldap = $this->config->get_ldap_link();
1238 $ldap->cd($this->config->current['BASE']);
1239 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1240 while($attrs = $ldap->fetch()){
1241 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1242 foreach($acl->gosaAclEntry as $id => $entry){
1243 foreach($entry['members'] as $m_id => $member){
1244 if($m_id == "U:".$src){
1245 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1246 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
1247 }
1248 if($m_id == "G:".$src){
1249 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1250 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
1251 }
1252 }
1253 }
1254 $acl -> save();
1255 }
1256 }
1258 function update_acl_membership($src,$dst)
1259 {
1260 $ldap = $this->config->get_ldap_link();
1261 $ldap->cd($this->config->current['BASE']);
1262 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1263 while($attrs = $ldap->fetch()){
1264 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1265 foreach($acl->gosaAclEntry as $id => $entry){
1266 foreach($entry['members'] as $m_id => $member){
1267 if($m_id == "U:".$src){
1268 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1269 $new = "U:".$dst;
1270 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1271 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1272 }
1273 if($m_id == "G:".$src){
1274 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1275 $new = "G:".$dst;
1276 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1277 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1278 }
1279 }
1280 }
1281 $acl -> save();
1282 }
1283 }
1285 }
1287 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1288 ?>