![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
fc3f4224aba5b9a4f64ca09ff11edfa2bada9b95
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief ACL management plugin */
24 class acl extends plugin
25 {
26 /* Definitions */
27 var $plHeadline= "Access control";
28 var $plDescription= "Manage access control lists";
30 /* attribute list for save action */
31 var $attributes= array('gosaAclEntry');
32 var $objectclasses= array('gosaAcl');
34 /* Helpers */
35 var $dialogState= "head";
36 var $gosaAclEntry= array();
37 var $aclType= "";
38 var $aclObject= "";
39 var $aclContents= array();
40 var $target= "group";
41 var $aclTypes= array();
42 var $aclObjects= array();
43 var $aclFilter= "";
44 var $aclMyObjects= array();
45 var $users= array();
46 var $roles= array();
47 var $groups= array();
48 var $recipients= array();
49 var $isContainer= FALSE;
50 var $currentIndex= 0;
51 var $wasNewEntry= FALSE;
52 var $ocMapping= array();
53 var $savedAclContents= array();
54 var $myAclObjects = array();
55 var $acl_category = "acl/";
57 var $list =NULL;
59 var $sectionList = NULL;
61 function acl (&$config, $parent, $dn= NULL)
62 {
63 /* Include config object */
64 plugin::plugin($config, $dn);
66 /* Load ACL's */
67 $this->gosaAclEntry= array();
68 if (isset($this->attrs['gosaAclEntry'])){
69 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
70 $acl= $this->attrs['gosaAclEntry'][$i];
71 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
72 }
73 }
74 ksort($this->gosaAclEntry);
76 /* Save parent - we've to know more about it than other plugins... */
77 $this->parent= &$parent;
79 /* Container? */
80 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
81 $this->isContainer= TRUE;
82 }
84 /* Users */
85 $ui= get_userinfo();
86 $tag= $ui->gosaUnitTag;
87 $ldap= $config->get_ldap_link();
88 $ldap->cd($config->current['BASE']);
89 if ($tag == ""){
90 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
91 } else {
92 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
93 }
94 while ($attrs= $ldap->fetch()){
96 // Allow objects without cn to be listed without causing an error.
97 if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
98 $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
99 }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
100 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
101 }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
102 $this->users['U:'.$attrs['dn']]= $attrs['dn'];
103 }else{
104 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
105 }
107 }
108 ksort($this->users);
110 /* Groups */
111 $ldap->cd($config->current['BASE']);
112 # if ($tag == ""){
113 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
114 # } else {
115 # $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
116 # }
117 while ($attrs= $ldap->fetch()){
118 $dsc= "";
119 if (isset($attrs['description'][0])){
120 $dsc= $attrs['description'][0];
121 }
122 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
123 }
124 $this->groups['G:*']= _("All users");
125 ksort($this->groups);
127 /* Roles */
128 $ldap->cd($config->current['BASE']);
129 # if ($tag == ""){
130 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
131 # } else {
132 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
133 # }
134 while ($attrs= $ldap->fetch()){
135 $dsc= "";
136 if (isset($attrs['description'][0])){
137 $dsc= $attrs['description'][0];
138 }
140 $role_id = $attrs['dn'];
142 $this->roles[$role_id]['acls'] =array();
143 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
144 $acl= $attrs['gosaAclTemplate'][$i];
145 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
146 }
147 $this->roles[$role_id]['description'] = $dsc;
148 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
149 }
151 /* Objects */
152 $tmp= session::global_get('plist');
153 $plist= $tmp->info;
154 $cats = array();
155 if (isset($this->parent) && $this->parent !== NULL){
156 $oc= array();
157 foreach ($this->parent->by_object as $key => $obj){
158 $oc= array_merge($oc, $obj->objectclasses);
159 if(isset($obj->acl_category)){
160 $tmp= str_replace("/","",$obj->acl_category);
161 $cats[$tmp] = $tmp;
162 }
163 }
164 if (in_array_ics('organizationalUnit', $oc)){
165 $this->isContainer= TRUE;
166 }
167 } else {
168 $oc= $this->attrs['objectClass'];
169 }
171 /* Extract available categories from plugin info list */
172 foreach ($plist as $class => $acls){
174 /* Only feed categories */
175 if (isset($acls['plCategory'])){
177 /* Walk through supplied list and feed only translated categories */
178 foreach($acls['plCategory'] as $idx => $data){
180 /* Non numeric index means -> base object containing more informations */
181 if (preg_match('/^[0-9]+$/', $idx)){
183 if (!isset($this->ocMapping[$data])){
184 $this->ocMapping[$data]= array();
185 $this->ocMapping[$data][]= '0';
186 }
188 if(isset($cats[$data])){
189 $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
190 }
191 $this->ocMapping[$data][]= $class;
192 } else {
193 if (!isset($this->ocMapping[$idx])){
194 $this->ocMapping[$idx]= array();
195 $this->ocMapping[$idx][]= '0';
196 }
197 $this->ocMapping[$idx][]= $class;
198 $this->aclObjects[$idx]= $data['description'];
200 /* Additionally filter the classes we're interested in in "self edit" mode */
201 if (is_array($data['objectClass'])){
202 foreach($data['objectClass'] as $objectClass){
203 if (in_array_ics($objectClass, $oc)){
204 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
205 break;
206 }
207 }
208 } else {
209 if (in_array_ics($data['objectClass'], $oc)){
210 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
211 }
212 }
213 }
215 }
216 }
217 }
218 $this->aclObjects['all']= '* '._("All categories");
219 $this->ocMapping['all']= array('0' => 'all');
221 /* Sort categories */
222 asort($this->aclObjects);
224 /* Fill acl types */
225 if ($this->isContainer){
226 $this->aclTypes= array("reset" => _("Reset ACLs"),
227 "one" => _("One level"),
228 "base" => _("Current object"),
229 "sub" => _("Complete subtree"),
230 "psub" => _("Complete subtree (permanent)"),
231 "role" => _("Use ACL defined in role"));
232 } else {
233 $this->aclTypes= array("base" => _("Current object"),
234 "role" => _("Use ACL defined in role"));
235 }
236 asort($this->aclTypes);
237 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
238 asort($this->targets);
240 /* Finally - we want to get saved... */
241 $this->is_account= TRUE;
243 $this->updateList();
245 // Prepare lists
246 $this->sectionList = new sortableListing();
247 $this->sectionList->setDeleteable(false);
248 $this->sectionList->setEditable(false);
249 $this->sectionList->setWidth("100%");
250 $this->sectionList->setHeight("120px");
251 $this->sectionList->setColspecs(array('200px','*'));
252 $this->sectionList->setHeader(array(_("Section"),_("Description")));
253 $this->sectionList->setDefaultSortColumn(1);
254 $this->sectionList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
256 $this->roleList = new sortableListing();
257 $this->roleList->setDeleteable(false);
258 $this->roleList->setEditable(false);
259 $this->roleList->setWidth("100%");
260 $this->roleList->setHeight("120px");
261 $this->roleList->setColspecs(array('20px','*','*'));
262 $this->roleList->setHeader(array(_("Used"),_("Name"),_("Description")));
263 $this->roleList->setDefaultSortColumn(1);
264 $this->roleList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
265 }
268 function updateList()
269 {
270 if(!$this->list){
271 $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE);
272 $this->list->setDeleteable(true);
273 $this->list->setEditable(true);
274 $this->list->setColspecs(array('*'));
275 $this->list->setWidth("100%");
276 $this->list->setHeight("400px");
277 $this->list->setAcl("rwcdm");
278 $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type")));
279 }
282 // Add ACL entries to the listing
283 $lData = array();
284 foreach($this->gosaAclEntry as $id => $entry){
285 $lData[] = $this->convertForListing($entry);
286 }
287 $this->list->setListData($this->gosaAclEntry, $lData);
288 }
291 function convertForListing($entry)
292 {
293 $member = implode($entry['members'],", ");
294 $acl = implode(array_keys($entry['acl']),", ");
295 $type = implode(array_keys($entry['acl']),", ");
296 return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']])));
297 }
301 function execute()
302 {
303 /* Call parent execute */
304 plugin::execute();
306 $tmp= session::global_get('plist');
307 $plist= $tmp->info;
309 /* Handle posts */
310 if (isset($_POST['new_acl'])){
311 $this->dialogState= 'create';
312 $this->dialog= TRUE;
313 $this->currentIndex= count($this->gosaAclEntry);
314 $this->loadAclEntry(TRUE);
315 }
317 $new_acl= array();
318 $aclDialog= FALSE;
319 $firstedit= FALSE;
321 // Get listing actions. Delete or Edit.
322 $this->list->save_object();
323 $lAction = $this->list->getAction();
324 $this->gosaAclEntry = $this->list->getMaintainedData();
326 /* Act on HTML post and gets here.
327 */
328 if($lAction['action'] == "edit"){
329 $this->currentIndex = $this->list->getKey($lAction['targets'][0]);
330 $this->dialogState= 'create';
331 $firstedit= TRUE;
332 $this->dialog= TRUE;
333 $this->loadAclEntry();
334 }
336 foreach($_POST as $name => $post){
338 /* Actions... */
339 if (preg_match('/^acl_edit_[0-9]*$/', $name)){
340 $this->dialogState= 'create';
341 $firstedit= TRUE;
342 $this->dialog= TRUE;
343 $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
344 $this->loadAclEntry();
345 continue;
346 }
348 if (preg_match('/^cat_edit_.*$/', $name)){
349 $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
350 $this->dialogState= 'edit';
351 foreach ($this->ocMapping[$this->aclObject] as $oc){
352 if (isset($this->aclContents[$oc])){
353 $this->savedAclContents[$oc]= $this->aclContents[$oc];
354 }
355 }
356 continue;
357 }
359 /* Only handle posts, if we allowed to modify ACLs */
360 if(!$this->acl_is_writeable("")){
361 continue;
362 }
364 if (preg_match('/^acl_del_[0-9]*$/', $name)){
365 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
366 continue;
367 }
369 if (preg_match('/^cat_del_.*$/', $name)){
370 $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
371 foreach ($this->ocMapping[$idx] as $key){
372 if(isset($this->aclContents[$idx]))
373 unset($this->aclContents[$idx]);
374 if(isset($this->aclContents["$idx/$key"]))
375 unset($this->aclContents["$idx/$key"]);
376 }
377 continue;
378 }
380 /* ACL saving... */
381 if (preg_match('/^acl_.*_[^xy]$/', $name)){
382 list($dummy, $object, $attribute, $value)= explode('_', $name);
384 /* Skip for detection entry */
385 if ($object == 'dummy') {
386 continue;
387 }
389 /* Ordinary ACLs */
390 if (!isset($new_acl[$object])){
391 $new_acl[$object]= array();
392 }
393 if (isset($new_acl[$object][$attribute])){
394 $new_acl[$object][$attribute].= $value;
395 } else {
396 $new_acl[$object][$attribute]= $value;
397 }
398 }
400 // Remember the selected ACL role.
401 if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
402 $this->aclContents = "";
403 $this->aclContents = base64_decode($_POST['selected_role']);
404 }
405 }
407 if(isset($_POST['acl_dummy_0_0_0'])){
408 $aclDialog= TRUE;
409 }
411 if($this->acl_is_writeable("")){
413 /* Only be interested in new acl's, if we're in the right _POST place */
414 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
416 foreach ($this->ocMapping[$this->aclObject] as $oc){
418 if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
419 unset($this->aclContents[$oc]);
420 }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
421 unset($this->aclContents[$this->aclObject.'/'.$oc]);
422 }else{
423 # trigger_error("Huhm?");
424 }
425 if (isset($new_acl[$oc]) && is_array($new_acl)){
426 $this->aclContents[$oc]= $new_acl[$oc];
427 }
428 if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
429 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
430 }
431 }
432 }
434 /* Save new acl in case of base edit mode */
435 if ($this->aclType == 'base' && !$firstedit){
436 $this->aclContents= $new_acl;
437 }
438 }
440 /* Cancel new acl? */
441 if (isset($_POST['cancel_new_acl'])){
442 $this->dialogState= 'head';
443 $this->dialog= FALSE;
444 if ($this->wasNewEntry){
445 unset ($this->gosaAclEntry[$this->currentIndex]);
446 }
447 }
449 /* Save common values */
450 if($this->acl_is_writeable("")){
451 foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
452 if (isset($_POST[$key])){
453 $this->$key= validate($_POST[$key]);
454 }
455 }
456 }
458 /* Store ACL in main object? */
459 if (isset($_POST['submit_new_acl'])){
460 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
461 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
462 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
463 $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
464 $this->dialogState= 'head';
465 $this->dialog= FALSE;
466 }
468 /* Cancel edit acl? */
469 if (isset($_POST['cancel_edit_acl'])){
470 $this->dialogState= 'create';
471 foreach ($this->ocMapping[$this->aclObject] as $oc){
472 if (isset($this->savedAclContents[$oc])){
473 $this->aclContents[$oc]= $this->savedAclContents[$oc];
474 }
475 }
476 }
478 /* Save edit acl? */
479 if (isset($_POST['submit_edit_acl'])){
480 $this->dialogState= 'create';
481 }
483 /* Add acl? */
484 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
485 $this->dialogState= 'edit';
486 $this->savedAclContents= array();
487 foreach ($this->ocMapping[$this->aclObject] as $oc){
488 if (isset($this->aclContents[$oc])){
489 $this->savedAclContents[$oc]= $this->aclContents[$oc];
490 }
491 }
492 }
494 /* Add to list? */
495 if (isset($_POST['add']) && isset($_POST['source'])){
496 foreach ($_POST['source'] as $key){
497 if ($this->target == 'user'){
498 $this->recipients[$key]= $this->users[$key];
499 }
500 if ($this->target == 'group'){
501 $this->recipients[$key]= $this->groups[$key];
502 }
503 }
504 ksort($this->recipients);
505 }
507 /* Remove from list? */
508 if (isset($_POST['del']) && isset($_POST['recipient'])){
509 foreach ($_POST['recipient'] as $key){
510 unset($this->recipients[$key]);
511 }
512 }
514 /* Create templating instance */
515 $smarty= get_smarty();
516 $smarty->assign("usePrototype", "true");
517 $smarty->assign("acl_readable",$this->acl_is_readable(""));
518 if(!$this->acl_is_readable("")){
519 return ($smarty->fetch (get_template_path('acl.tpl')));
520 }
522 if ($this->dialogState == 'head'){
523 $this->updateList();
524 $smarty->assign("aclList", $this->list->render());
525 }
527 if ($this->dialogState == 'create'){
529 // Create a map of all used sections, this allows us to simply hide the remove button
530 // if no acl is configured for the given section
531 // e.g. ';all;department/country;users/user;
532 $usedList = ";".implode(array_keys($this->aclContents),';').";";
534 /* Add settings for all categories to the (permanent) list */
535 $data = $lData = array();
536 foreach ($this->aclObjects as $section => $dsc){
537 $summary= "";
538 foreach($this->ocMapping[$section] as $oc){
539 if (isset($this->aclContents[$oc]) &&
540 count($this->aclContents[$oc]) &&
541 isset($this->aclContents[$oc][0]) &&
542 $this->aclContents[$oc][0] != ""){
544 $summary.= "$oc, ";
545 continue;
546 }
547 if (isset($this->aclContents["$section/$oc"]) &&
548 count($this->aclContents["$section/$oc"])){
549 $summary.= "$oc, ";
550 continue;
551 }
552 if (isset($this->aclContents[$oc]) &&
553 !isset($this->aclContents[$oc][0]) &&
554 count($this->aclContents[$oc])){
555 $summary.= "$oc, ";
556 }
557 }
559 /* Set summary... */
560 if ($summary == ""){
561 $summary= '<i>'._("No ACL settings for this category!").'</i>';
562 } else {
563 $summary= trim($summary,", ");
564 $summary= " ".sprintf(_("Contains ACLs for these objects: %s"), $summary);
565 }
567 $actions ="";
568 if($this->acl_is_readable("")){
569 $actions.= image('images/lists/edit.png','cat_edit_'.$section,
570 msgPool::editButton(_("category ACL")));
571 }
572 if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){
573 $actions.= image('images/lists/trash.png','cat_del_'.$section,
574 msgPool::delButton(_("category ACL")));
575 }
576 $data[] = $section;
577 $lData[] = array('data'=>array($dsc, $summary, $actions));
578 }
579 $this->sectionList->setListData($data,$lData);
580 $this->sectionList->update();
581 $smarty->assign("aclList", $this->sectionList->render());
583 $smarty->assign("aclType", $this->aclType);
584 $smarty->assign("aclFilter", $this->aclFilter);
585 $smarty->assign("aclTypes", $this->aclTypes);
586 $smarty->assign("target", $this->target);
587 $smarty->assign("targets", $this->targets);
589 /* Assign possible target types */
590 $smarty->assign("targets", $this->targets);
591 foreach ($this->attributes as $attr){
592 $smarty->assign($attr, $this->$attr);
593 }
596 /* Generate list */
597 $tmp= array();
598 if ($this->target == "group" && !isset($this->recipients["G:*"])){
599 $tmp["G:*"]= _("All users");
600 }
601 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
602 if ($this->target == $field){
603 foreach ($this->$arr as $key => $value){
604 if (!isset($this->recipients[$key])){
605 $tmp[$key]= $value;
606 }
607 }
608 }
609 }
610 $smarty->assign('sources', $tmp);
611 $smarty->assign('recipients', $this->recipients);
613 /* Acl selector if scope is base */
614 if ($this->aclType == 'base'){
615 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
616 }
618 /* Role selector if scope is base */
619 if ($this->aclType == 'role'){
620 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
621 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
622 }
623 }
625 if ($this->dialogState == 'edit'){
626 $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
628 /* Collect objects for selected category */
629 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
630 if ($idx == 0){
631 continue;
632 }
633 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
634 }
635 if ($this->aclObject == 'all'){
636 $aclObjects['all']= _("All objects in current subtree");
637 }
639 /* Role selector if scope is base */
640 if ($this->aclType == 'role'){
641 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
642 } else {
643 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
644 }
645 }
647 /* Show main page */
648 $smarty->assign("dialogState", $this->dialogState);
650 /* Assign acls */
651 $smarty->assign("acl_createable",$this->acl_is_createable());
652 $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
653 $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
654 $smarty->assign("acl_removeable",$this->acl_is_removeable());
656 return ($smarty->fetch (get_template_path('acl.tpl')));
657 }
660 function sort_by_priority($list)
661 {
662 $tmp= session::global_get('plist');
663 $plist= $tmp->info;
664 asort($plist);
665 $newSort = array();
667 foreach($list as $name => $translation){
668 $na = preg_replace("/^.*\//","",$name);
669 $prio = 0;
670 if(isset($plist[$na]['plPriority'])){
671 $prio= $plist[$na]['plPriority'] ;
672 }
674 $newSort[$name] = $prio;
675 }
677 asort($newSort);
679 $ret = array();
680 foreach($newSort as $name => $prio){
681 $ret[$name] = $list[$name];
682 }
683 return($ret);
684 }
687 function buildRoleSelector($list)
688 {
689 $selected = $this->aclContents;
690 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
691 $selected = key($list);
692 }
694 $data = $lData = array();
695 foreach($list as $dn => $values){
696 if($dn == $selected){
697 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
698 }else{
699 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
700 }
701 $data[] = postEncode($dn);
702 $lData[] = array('data'=>array($option, $values['cn'], $values['description']));
703 }
704 print_a($list);
705 $this->roleList->setListData($data,$lData);
706 $this->roleList->update();
707 return($this->roleList->render());
708 }
711 function buildAclSelector($list)
712 {
713 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
714 $cols= 3;
715 $tmp= session::global_get('plist');
716 $plist= $tmp->info;
717 asort($plist);
719 /* Add select all/none buttons */
720 $style = "style='width:100px;'";
722 if($this->acl_is_writeable("")){
723 $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
724 $display .= "<button type='button' ".$style." name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
725 $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
726 $display .= "<button type='button' ".$style." name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
727 $display .= "<button type='button' ".$style." name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
729 $display .= "<button type='button' ".$style." name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
730 $display .= "<button type='button' ".$style." name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
732 $display .= "<br>";
734 $style = "style='width:50px;'";
735 $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
736 $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
737 $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
738 $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
739 $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
740 $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
741 $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
742 $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
743 $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
744 $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
746 $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
747 $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
748 $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
749 $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
750 }
752 /* Build general objects */
753 $list =$this->sort_by_priority($list);
754 foreach ($list as $key => $name){
756 /* Create sub acl if it does not exist */
757 if (!isset($this->aclContents[$key])){
758 $this->aclContents[$key]= array();
759 }
760 if(!isset($this->aclContents[$key][0])){
761 $this->aclContents[$key][0]= '';
762 }
764 $currentAcl= $this->aclContents[$key];
766 /* Get the overall plugin acls
767 */
768 $overall_acl ="";
769 if(isset($currentAcl[0])){
770 $overall_acl = $currentAcl[0];
771 }
773 // Detect configured plugins
774 $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
776 /* Object header */
777 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
779 if($expand){
780 $back_color = "#C8C8FF";
781 }else{
782 $back_color = "#C8C8C8";
783 }
785 if(isset($_SERVER['HTTP_USER_AGENT']) &&
786 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
787 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
788 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
789 "\n <tr>".
790 "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
791 "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
792 "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
793 "\n </tr>";
794 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
795 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
796 "\n <tr>".
797 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
798 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
799 "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
800 "\n </tr>";
801 } else {
802 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
803 "\n <tr>".
804 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
805 "\n </tr>";
806 }
808 /* Generate options */
809 $spc= " ";
810 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
811 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
812 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
813 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
814 $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
815 }
817 /* Global options */
818 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
819 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
821 $display.= "\n <tr>".
822 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
823 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
824 "\n </tr>";
826 /* Walk through the list of attributes */
827 $cnt= 1;
828 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
829 if(session::global_get('js')) {
830 if(isset($_SERVER['HTTP_USER_AGENT']) &&
831 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
832 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
833 "\n <td colspan=".$cols.">".
834 "\n <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
835 "\n <table style='width:100%;' summary='{$name}'>";
836 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
837 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
838 "\n <td colspan=".$cols.">".
839 "\n <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
840 "\n <table style='width:100%;' summary='{$name}'>";
841 }else{
842 }
843 }
846 foreach($splist as $attr => $dsc){
848 /* Skip pl* attributes, they are internal... */
849 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
850 continue;
851 }
853 /* Open table row */
854 if ($cnt == 1){
855 $display.= "\n <tr>";
856 }
858 /* Close table row */
859 if ($cnt == $cols){
860 $cnt= 1;
861 $rb= "";
862 $end= "\n </tr>";
863 } else {
864 $cnt++;
865 $rb= "border-right:1px solid #A0A0A0;";
866 $end= "";
867 }
869 /* Collect list of attributes */
870 $state= "";
871 if (isset($currentAcl[$attr])){
872 $state= $currentAcl[$attr];
873 }
874 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
875 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
876 }
878 /* Fill missing td's if needed */
879 if (--$cnt != $cols && $cnt != 0){
880 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
881 }
883 if(session::global_get('js')) {
884 if(isset($_SERVER['HTTP_USER_AGENT']) &&
885 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
886 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
887 (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
888 $display.= "\n </table>".
889 "\n </div>".
890 "\n </td>".
891 "\n </tr>";
892 }
893 }
895 $display.= "\n</table><br />\n";
896 }
898 return ($display);
899 }
902 function mkchkbx($name, $text, $state= FALSE)
903 {
904 $state= $state?"checked":"";
905 if($this->acl_is_writeable("")){
906 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
907 return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
908 "\n <label for='acl_$tname'>$text</label>";
909 }else{
910 return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
911 }
912 }
915 function mkrwbx($name, $state= "")
916 {
917 $rstate= preg_match('/r/', $state)?'checked':'';
918 $wstate= preg_match('/w/', $state)?'checked':'';
919 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
921 if($this->acl_is_writeable("")){
922 return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
923 "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
924 "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
925 "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
926 }else{
927 return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
928 "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
929 }
930 }
933 static function explodeACL($acl)
934 {
936 $list= explode(':', $acl);
937 if(count($list) == 5){
938 list($index, $type,$member,$permission,$filter)= $list;
939 $filter = base64_decode($filter);
940 }else{
941 $filter = "";
942 list($index, $type,$member,$permission)= $list;
943 }
945 $a= array( $index => array("type" => $type,
946 "filter"=> $filter,
947 "members" => acl::extractMembers($acl,$type == "role")));
949 /* Handle different types */
950 switch ($type){
952 case 'psub':
953 case 'sub':
954 case 'one':
955 case 'base':
956 $a[$index]['acl']= acl::extractACL($acl);
957 break;
959 case 'role':
960 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
961 break;
963 case 'reset':
964 break;
966 default:
967 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
968 $a= array();
969 }
970 return ($a);
971 }
974 static function extractMembers($acl,$role = FALSE)
975 {
976 global $config;
977 $a= array();
979 /* Rip acl off the string, seperate by ',' and place it in an array */
980 if($role){
981 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
982 }else{
983 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
984 }
985 if ($ms == $acl){
986 return $a;
987 }
988 $ma= explode(',', $ms);
990 /* Decode dn's, fill with informations from LDAP */
991 $ldap= $config->get_ldap_link();
992 foreach ($ma as $memberdn){
993 // Check for wildcard here
994 $dn= base64_decode($memberdn);
995 if ($dn != "*") {
996 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
998 /* Found entry... */
999 if ($ldap->count()){
1000 $attrs= $ldap->fetch();
1001 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
1002 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
1003 } else {
1004 $a['G:'.$dn]= $attrs['cn'][0];
1005 if (isset($attrs['description'][0])){
1006 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
1007 }
1008 }
1010 /* ... or not */
1011 } else {
1012 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
1013 }
1015 } else {
1016 $a['G:*']= sprintf(_("All users"));
1017 }
1018 }
1020 return ($a);
1021 }
1024 static function extractACL($acl)
1025 {
1026 /* Rip acl off the string, seperate by ',' and place it in an array */
1027 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
1028 $aa= explode(',', $as);
1029 $a= array();
1031 /* Dis-assemble single ACLs */
1032 foreach($aa as $sacl){
1034 /* Dis-assemble field ACLs */
1035 $ao= explode('#', $sacl);
1036 $gobject= "";
1037 foreach($ao as $idx => $ssacl){
1039 /* First is department with global acl */
1040 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
1041 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
1042 if ($idx == 0){
1043 /* Create hash for this object */
1044 $gobject= $object;
1045 $a[$gobject]= array();
1047 /* Append ACL if set */
1048 if ($gacl != ""){
1049 $a[$gobject]= array($gacl);
1050 }
1051 } else {
1053 /* All other entries get appended... */
1054 list($field, $facl)= explode(';', $ssacl);
1055 $a[$gobject][$field]= $facl;
1056 }
1058 }
1059 }
1061 return ($a);
1062 }
1065 function assembleAclSummary($entry)
1066 {
1067 $summary= "";
1069 /* Summarize ACL */
1070 if (isset($entry['acl'])){
1071 $acl= "";
1073 if($entry['type'] == "role"){
1075 if(isset($this->roles[$entry['acl']])){
1076 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
1077 }else{
1078 $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
1079 }
1080 }else{
1081 foreach ($entry['acl'] as $name => $object){
1082 if (count($object)){
1083 $acl.= "$name, ";
1084 }
1085 }
1086 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1087 }
1088 }
1091 /* Summarize members */
1092 if(!($this instanceOf aclrole)){
1093 if ($summary != ""){
1094 $summary.= ", ";
1095 }
1096 if (count($entry['members'])){
1097 $summary.= _("Members").": ";
1098 foreach ($entry['members'] as $cn){
1099 $cn= preg_replace('/ \[.*$/', '', $cn);
1100 $summary.= $cn.", ";
1101 }
1102 } else {
1103 $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
1104 }
1105 }
1106 return (preg_replace('/, $/', '', $summary));
1107 }
1110 function loadAclEntry($new= FALSE)
1111 {
1112 /* New entry gets presets... */
1113 if ($new){
1114 $this->aclType= 'base';
1115 $this->aclFilter= "";
1116 $this->recipients= array();
1117 $this->aclContents= array();
1118 } else {
1119 $acl= $this->gosaAclEntry[$this->currentIndex];
1120 $this->aclType= $acl['type'];
1121 $this->recipients= $acl['members'];
1122 $this->aclContents= $acl['acl'];
1123 $this->aclFilter= $acl['filter'];
1124 }
1126 $this->wasNewEntry= $new;
1127 }
1130 function aclPostHandler()
1131 {
1132 if (isset($_POST['save_acl'])){
1133 $this->save();
1134 return TRUE;
1135 }
1137 return FALSE;
1138 }
1141 function PrepareForCopyPaste($source)
1142 {
1143 plugin::PrepareForCopyPaste($source);
1145 $dn = $source['dn'];
1146 $acl_c = new acl($this->config, $this->parent,$dn);
1147 $this->gosaAclEntry = $acl_c->gosaAclEntry;
1148 }
1151 function save()
1152 {
1153 /* Assemble ACL's */
1154 $tmp_acl= array();
1156 foreach ($this->gosaAclEntry as $prio => $entry){
1157 $final= "";
1158 $members= "";
1159 if (isset($entry['members'])){
1160 foreach ($entry['members'] as $key => $dummy){
1161 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1162 }
1163 }
1165 if($entry['type'] != "role"){
1166 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1167 }else{
1168 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1169 }
1171 /* ACL's if needed */
1172 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1173 $acl= ":";
1174 if (isset($entry['acl'])){
1175 foreach ($entry['acl'] as $object => $contents){
1177 /* Only save, if we've some contents in there... */
1178 if (count($contents)){
1179 $acl.= $object.";";
1181 foreach($contents as $attr => $permission){
1183 /* First entry? Its the one for global settings... */
1184 if ($attr == '0'){
1185 $acl.= $permission;
1186 } else {
1187 $acl.= '#'.$attr.';'.$permission;
1188 }
1190 }
1191 $acl.= ',';
1192 }
1194 }
1195 }
1196 $final.= preg_replace('/,$/', '', $acl);
1197 }
1199 /* Append additional filter options
1200 */
1201 if(!empty($entry['filter'])){
1202 $final .= ":".base64_encode($entry['filter']);
1203 }
1205 $tmp_acl[]= $final;
1206 }
1208 /* Call main method */
1209 plugin::save();
1211 /* Finally (re-)assign it... */
1212 $this->attrs['gosaAclEntry']= $tmp_acl;
1214 /* Remove acl from this entry if it is empty... */
1215 if (!count($tmp_acl)){
1216 /* Remove attribute */
1217 if ($this->initially_was_account){
1218 $this->attrs['gosaAclEntry']= array();
1219 } else {
1220 if (isset($this->attrs['gosaAclEntry'])){
1221 unset($this->attrs['gosaAclEntry']);
1222 }
1223 }
1225 /* Remove object class */
1226 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1227 }
1229 /* Do LDAP modifications */
1230 $ldap= $this->config->get_ldap_link();
1231 $ldap->cd($this->dn);
1232 $this->cleanup();
1233 $ldap->modify ($this->attrs);
1235 if(count($this->attrs)){
1236 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1237 }
1239 if (!$ldap->success()){
1240 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1241 }
1243 /* Refresh users ACLs */
1244 $ui= get_userinfo();
1245 $ui->loadACL();
1246 session::global_set('ui',$ui);
1247 }
1250 function remove_from_parent()
1251 {
1252 plugin::remove_from_parent();
1254 /* include global link_info */
1255 $ldap= $this->config->get_ldap_link();
1257 $ldap->cd($this->dn);
1258 $this->cleanup();
1259 $ldap->modify ($this->attrs);
1261 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1263 /* Optionally execute a command after we're done */
1264 $this->handle_post_events("remove",array("uid" => $this->uid));
1265 }
1268 /* Return plugin informations for acl handling */
1269 static function plInfo()
1270 {
1271 return (array(
1272 "plShortName" => _("ACL"),
1273 "plDescription" => _("ACL")." ("._("Access control list").")",
1274 "plSelfModify" => FALSE,
1275 "plDepends" => array(),
1276 "plPriority" => 0,
1277 "plSection" => array("administration"),
1278 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1279 "objectClass" => array("gosaAcl","gosaRole"))),
1280 "plProvidedAcls"=> array(
1281 "gosaAclEntry" => _("Acl entries")
1282 // "description" => _("Role description")
1283 )
1285 ));
1286 }
1289 /* Remove acls defined for $src */
1290 function remove_acl()
1291 {
1292 acl::remove_acl_for($this->dn);
1293 }
1296 /* Remove acls defined for $src */
1297 static function remove_acl_for($dn)
1298 {
1299 global $config;
1301 $ldap = $config->get_ldap_link();
1302 $ldap->cd($config->current['BASE']);
1303 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
1304 $new_entries= array();
1305 while($attrs = $ldap->fetch()){
1306 if (!isset($attrs['gosaAclEntry'])) {
1307 continue;
1308 }
1309 unset($attrs['gosaAclEntry']['count']);
1311 // Remove entry directly
1312 foreach($attrs['gosaAclEntry'] as $id => $entry){
1313 $parts= explode(':',$entry);
1314 $members= explode(',',$parts[2]);
1315 $new_members= array();
1316 foreach($members as $member) {
1317 if (base64_decode($member) != $dn) {
1318 $new_members[]= $member;
1319 } else {
1320 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
1321 }
1322 }
1324 /* We can completely remove the entry if there are no members anymore */
1325 if (count($new_members)) {
1326 $parts[2]= implode(",", $new_members);
1327 $new_entries[]= implode(":", $parts);
1328 }
1329 }
1331 // There should be a modification, so write it back
1332 $ldap->cd($attrs['dn']);
1333 $new_attrs= array("gosaAclEntry" => $new_entries);
1334 $ldap->modify($new_attrs);
1335 if (!$ldap->success()){
1336 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1337 }
1338 }
1339 }
1342 function update_acl_membership($src,$dst)
1343 {
1344 $ldap = $this->config->get_ldap_link();
1345 $ldap->cd($this->config->current['BASE']);
1346 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1347 while($attrs = $ldap->fetch()){
1348 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1349 foreach($acl->gosaAclEntry as $id => $entry){
1350 foreach($entry['members'] as $m_id => $member){
1351 if($m_id == "U:".$src){
1352 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1353 $new = "U:".$dst;
1354 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1355 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1356 }
1357 if($m_id == "G:".$src){
1358 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1359 $new = "G:".$dst;
1360 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1361 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1362 }
1363 }
1364 }
1365 $acl -> save();
1366 }
1367 }
1370 // We are only interessted in our own acls ...
1371 function set_acl_category($category)
1372 {
1373 plugin::set_acl_category("acl");
1374 }
1375 }
1377 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1378 ?>