![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class acl extends plugin
24 {
25 /* Definitions */
26 var $plHeadline= "Access control";
27 var $plDescription= "Manage access control lists";
29 /* attribute list for save action */
30 var $attributes= array('gosaAclEntry');
31 var $objectclasses= array('gosaAcl');
33 /* Helpers */
34 var $dialogState= "head";
35 var $gosaAclEntry= array();
36 var $aclType= "";
37 var $aclObject= "";
38 var $aclContents= array();
39 var $target= "group";
40 var $aclTypes= array();
41 var $aclObjects= array();
42 var $aclFilter= "";
43 var $aclMyObjects= array();
44 var $users= array();
45 var $roles= array();
46 var $groups= array();
47 var $recipients= array();
48 var $isContainer= FALSE;
49 var $currentIndex= 0;
50 var $wasNewEntry= FALSE;
51 var $ocMapping= array();
52 var $savedAclContents= array();
53 var $myAclObjects = array();
54 var $acl_category = "acl/";
56 function acl (&$config, $parent, $dn= NULL)
57 {
58 /* Include config object */
59 plugin::plugin($config, $dn);
61 /* Load ACL's */
62 $this->gosaAclEntry= array();
63 if (isset($this->attrs['gosaAclEntry'])){
64 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
65 $acl= $this->attrs['gosaAclEntry'][$i];
66 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
67 }
68 }
69 ksort($this->gosaAclEntry);
71 /* Save parent - we've to know more about it than other plugins... */
72 $this->parent= &$parent;
74 /* Container? */
75 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
76 $this->isContainer= TRUE;
77 }
79 /* Users */
80 $ui= get_userinfo();
81 $tag= $ui->gosaUnitTag;
82 $ldap= $config->get_ldap_link();
83 $ldap->cd($config->current['BASE']);
84 if ($tag == ""){
85 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
86 } else {
87 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
88 }
89 while ($attrs= $ldap->fetch()){
90 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
91 }
92 ksort($this->users);
94 /* Groups */
95 $ldap->cd($config->current['BASE']);
96 # if ($tag == ""){
97 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
98 # } else {
99 # $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
100 # }
101 while ($attrs= $ldap->fetch()){
102 $dsc= "";
103 if (isset($attrs['description'][0])){
104 $dsc= $attrs['description'][0];
105 }
106 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
107 }
108 ksort($this->groups);
110 /* Roles */
111 $ldap->cd($config->current['BASE']);
112 # if ($tag == ""){
113 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
114 # } else {
115 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
116 # }
117 while ($attrs= $ldap->fetch()){
118 $dsc= "";
119 if (isset($attrs['description'][0])){
120 $dsc= $attrs['description'][0];
121 }
123 $role_id = $attrs['dn'];
125 $this->roles[$role_id]['acls'] =array();
126 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
127 $acl= $attrs['gosaAclTemplate'][$i];
128 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
129 }
130 $this->roles[$role_id]['description'] = $dsc;
131 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
132 }
134 /* Objects */
135 $tmp= session::global_get('plist');
136 $plist= $tmp->info;
137 $cats = array();
138 if (isset($this->parent) && $this->parent !== NULL){
139 $oc= array();
140 foreach ($this->parent->by_object as $key => $obj){
141 $oc= array_merge($oc, $obj->objectclasses);
142 if(isset($obj->acl_category)){
143 $tmp= str_replace("/","",$obj->acl_category);
144 $cats[$tmp] = $tmp;
145 }
146 }
147 if (in_array_ics('organizationalUnit', $oc)){
148 $this->isContainer= TRUE;
149 }
150 } else {
151 $oc= $this->attrs['objectClass'];
152 }
154 /* Extract available categories from plugin info list */
155 foreach ($plist as $class => $acls){
157 /* Only feed categories */
158 if (isset($acls['plCategory'])){
160 /* Walk through supplied list and feed only translated categories */
161 foreach($acls['plCategory'] as $idx => $data){
163 /* Non numeric index means -> base object containing more informations */
164 if (preg_match('/^[0-9]+$/', $idx)){
166 if (!isset($this->ocMapping[$data])){
167 $this->ocMapping[$data]= array();
168 $this->ocMapping[$data][]= '0';
169 }
171 if(isset($cats[$data])){
172 $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
173 }
174 $this->ocMapping[$data][]= $class;
175 } else {
176 if (!isset($this->ocMapping[$idx])){
177 $this->ocMapping[$idx]= array();
178 $this->ocMapping[$idx][]= '0';
179 }
180 $this->ocMapping[$idx][]= $class;
181 $this->aclObjects[$idx]= $data['description'];
183 /* Additionally filter the classes we're interested in in "self edit" mode */
184 if (is_array($data['objectClass'])){
185 foreach($data['objectClass'] as $objectClass){
186 if (in_array_ics($objectClass, $oc)){
187 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
188 break;
189 }
190 }
191 } else {
192 if (in_array_ics($data['objectClass'], $oc)){
193 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
194 }
195 }
196 }
198 }
199 }
200 }
201 $this->aclObjects['all']= '* '._("All categories");
202 $this->ocMapping['all']= array('0' => 'all');
204 /* Sort categories */
205 asort($this->aclObjects);
207 /* Fill acl types */
208 if ($this->isContainer){
209 $this->aclTypes= array("reset" => _("Reset ACLs"),
210 "one" => _("One level"),
211 "base" => _("Current object"),
212 "sub" => _("Complete subtree"),
213 "psub" => _("Complete subtree (permanent)"),
214 "role" => _("Use ACL defined in role"));
215 } else {
216 $this->aclTypes= array("base" => _("Current object"),
217 "role" => _("Use ACL defined in role"));
218 }
219 asort($this->aclTypes);
220 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
221 asort($this->targets);
223 /* Finally - we want to get saved... */
224 $this->is_account= TRUE;
225 }
228 function execute()
229 {
230 /* Call parent execute */
231 plugin::execute();
233 $tmp= session::global_get('plist');
234 $plist= $tmp->info;
236 /* Handle posts */
237 if (isset($_POST['new_acl'])){
238 $this->dialogState= 'create';
239 $this->dialog= TRUE;
240 $this->currentIndex= count($this->gosaAclEntry);
241 $this->loadAclEntry(TRUE);
242 }
244 $new_acl= array();
245 $aclDialog= FALSE;
246 $firstedit= FALSE;
248 /* Act on HTML post and gets here.
249 */
250 if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
251 $id = trim($_GET['id']);
252 $this->dialogState= 'create';
253 $firstedit= TRUE;
254 $this->dialog= TRUE;
255 $this->currentIndex= $id;
256 $this->loadAclEntry();
257 }
259 foreach($_POST as $name => $post){
261 /* Actions... */
262 if (preg_match('/^acl_edit_.*_x/', $name)){
263 $this->dialogState= 'create';
264 $firstedit= TRUE;
265 $this->dialog= TRUE;
266 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
267 $this->loadAclEntry();
268 continue;
269 }
271 if (preg_match('/^cat_edit_.*_x/', $name)){
272 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
273 $this->dialogState= 'edit';
274 foreach ($this->ocMapping[$this->aclObject] as $oc){
275 if (isset($this->aclContents[$oc])){
276 $this->savedAclContents[$oc]= $this->aclContents[$oc];
277 }
278 }
279 continue;
280 }
282 /* Only handle posts, if we allowed to modify ACLs */
283 if(!$this->acl_is_writeable("")){
284 continue;
285 }
287 if (preg_match('/^acl_del_.*_x/', $name)){
288 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
289 continue;
290 }
292 if (preg_match('/^cat_del_.*_x/', $name)){
293 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
294 foreach ($this->ocMapping[$idx] as $key){
295 unset($this->aclContents["$idx/$key"]);
296 }
297 continue;
298 }
300 /* Sorting... */
301 if (preg_match('/^sortup_.*_x/', $name)){
302 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
303 if ($index > 0){
304 $tmp= $this->gosaAclEntry[$index];
305 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
306 $this->gosaAclEntry[$index-1]= $tmp;
307 }
308 continue;
309 }
310 if (preg_match('/^sortdown_.*_x/', $name)){
311 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
312 if ($index < count($this->gosaAclEntry)-1){
313 $tmp= $this->gosaAclEntry[$index];
314 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
315 $this->gosaAclEntry[$index+1]= $tmp;
316 }
317 continue;
318 }
320 /* ACL saving... */
321 if (preg_match('/^acl_.*_[^xy]$/', $name)){
322 list($dummy, $object, $attribute, $value)= split('_', $name);
324 /* Skip for detection entry */
325 if ($object == 'dummy') {
326 continue;
327 }
329 /* Ordinary ACLs */
330 if (!isset($new_acl[$object])){
331 $new_acl[$object]= array();
332 }
333 if (isset($new_acl[$object][$attribute])){
334 $new_acl[$object][$attribute].= $value;
335 } else {
336 $new_acl[$object][$attribute]= $value;
337 }
338 }
340 if(isset($_POST['selected_role'])){
341 $this->aclContents = "";
342 $this->aclContents = base64_decode($_POST['selected_role']);
343 }
344 }
346 if(isset($_POST['acl_dummy_0_0_0'])){
347 $aclDialog= TRUE;
348 }
350 if($this->acl_is_writeable("")){
352 /* Only be interested in new acl's, if we're in the right _POST place */
353 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
355 foreach ($this->ocMapping[$this->aclObject] as $oc){
357 if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
358 unset($this->aclContents[$oc]);
359 }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
360 unset($this->aclContents[$this->aclObject.'/'.$oc]);
361 }else{
362 # trigger_error("Huhm?");
363 }
364 if (isset($new_acl[$oc]) && is_array($new_acl)){
365 $this->aclContents[$oc]= $new_acl[$oc];
366 }
367 if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
368 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
369 }
370 }
371 }
373 /* Save new acl in case of base edit mode */
374 if ($this->aclType == 'base' && !$firstedit){
375 $this->aclContents= $new_acl;
376 }
377 }
379 /* Cancel new acl? */
380 if (isset($_POST['cancel_new_acl'])){
381 $this->dialogState= 'head';
382 $this->dialog= FALSE;
383 if ($this->wasNewEntry){
384 unset ($this->gosaAclEntry[$this->currentIndex]);
385 }
386 }
388 /* Save common values */
389 if($this->acl_is_writeable("")){
390 foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
391 if (isset($_POST[$key])){
392 $this->$key= validate($_POST[$key]);
393 }
394 }
395 }
397 /* Store ACL in main object? */
398 if (isset($_POST['submit_new_acl'])){
399 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
400 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
401 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
402 $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
403 $this->dialogState= 'head';
404 $this->dialog= FALSE;
405 }
407 /* Cancel edit acl? */
408 if (isset($_POST['cancel_edit_acl'])){
409 $this->dialogState= 'create';
410 foreach ($this->ocMapping[$this->aclObject] as $oc){
411 if (isset($this->savedAclContents[$oc])){
412 $this->aclContents[$oc]= $this->savedAclContents[$oc];
413 }
414 }
415 }
417 /* Save edit acl? */
418 if (isset($_POST['submit_edit_acl'])){
419 $this->dialogState= 'create';
420 }
422 /* Add acl? */
423 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
424 $this->dialogState= 'edit';
425 $this->savedAclContents= array();
426 foreach ($this->ocMapping[$this->aclObject] as $oc){
427 if (isset($this->aclContents[$oc])){
428 $this->savedAclContents[$oc]= $this->aclContents[$oc];
429 }
430 }
431 }
433 /* Add to list? */
434 if (isset($_POST['add']) && isset($_POST['source'])){
435 foreach ($_POST['source'] as $key){
436 if ($this->target == 'user'){
437 $this->recipients[$key]= $this->users[$key];
438 }
439 if ($this->target == 'group'){
440 $this->recipients[$key]= $this->groups[$key];
441 }
442 }
443 ksort($this->recipients);
444 }
446 /* Remove from list? */
447 if (isset($_POST['del']) && isset($_POST['recipient'])){
448 foreach ($_POST['recipient'] as $key){
449 unset($this->recipients[$key]);
450 }
451 }
453 /* Create templating instance */
454 $smarty= get_smarty();
455 $smarty->assign("acl_readable",$this->acl_is_readable(""));
456 if(!$this->acl_is_readable("")){
457 return ($smarty->fetch (get_template_path('acl.tpl')));
458 }
460 if ($this->dialogState == 'head'){
461 /* Draw list */
462 $aclList= new divSelectBox("aclList");
463 $aclList->SetHeight(450);
465 /* Fill in entries */
466 foreach ($this->gosaAclEntry as $key => $entry){
467 if(!$this->acl_is_readable("")) continue;
469 $action ="";
471 if($this->acl_is_readable("")){
472 $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
473 }else{
474 $link = $this->assembleAclSummary($entry);
475 }
477 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
478 $field2= array("string" => $link);
480 if($this->acl_is_writeable("")){
481 $action.= "<input type='image' name='sortup_$key' alt='up'
482 title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
483 $action.= "<input type='image' name='sortdown_$key' alt='down'
484 title='"._("Down")."' src='images/lists/sort-down.png'>";
485 }
487 if($this->acl_is_readable("")){
488 $action.= "<input class='center' type='image' src='images/lists/edit.png'
489 alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
490 }
491 if($this->acl_is_removeable("")){
492 $action.= "<input class='center' type='image' src='images/lists/trash.png'
493 alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
494 }
496 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
497 $aclList->AddEntry(array($field1, $field2, $field3));
498 }
500 $smarty->assign("aclList", $aclList->DrawList());
501 }
503 if ($this->dialogState == 'create'){
504 /* Draw list */
505 $aclList= new divSelectBox("aclList");
506 $aclList->SetHeight(150);
508 /* Add settings for all categories to the (permanent) list */
509 foreach ($this->aclObjects as $section => $dsc){
510 $summary= "";
511 foreach($this->ocMapping[$section] as $oc){
512 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
513 $this->aclContents[$oc][0] != ""){
515 $summary.= "$oc, ";
516 continue;
517 }
518 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
519 $summary.= "$oc, ";
520 continue;
521 }
522 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
523 $summary.= "$oc, ";
524 }
525 }
527 /* Set summary... */
528 if ($summary == ""){
529 $summary= '<i>'._("No ACL settings for this category!").'</i>';
530 } else {
531 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
532 }
534 $actions ="";
535 if($this->acl_is_readable("")){
536 $actions= "<input class='center' type='image' src='images/lists/edit.png'
537 alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
538 }
539 if($this->acl_is_removeable()){
540 $actions.= "<input class='center' type='image' src='images/lists/trash.png'
541 alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
542 }
544 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
545 $field2= array("string" => $summary);
546 $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'");
547 $aclList->AddEntry(array($field1, $field2, $field3));
548 }
550 $smarty->assign("aclList", $aclList->DrawList());
551 $smarty->assign("aclType", $this->aclType);
552 $smarty->assign("aclFilter", $this->aclFilter);
553 $smarty->assign("aclTypes", $this->aclTypes);
554 $smarty->assign("target", $this->target);
555 $smarty->assign("targets", $this->targets);
557 /* Assign possible target types */
558 $smarty->assign("targets", $this->targets);
559 foreach ($this->attributes as $attr){
560 $smarty->assign($attr, $this->$attr);
561 }
564 /* Generate list */
565 $tmp= array();
566 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
567 if ($this->target == $field){
568 foreach ($this->$arr as $key => $value){
569 if (!isset($this->recipients[$key])){
570 $tmp[$key]= $value;
571 }
572 }
573 }
574 }
575 $smarty->assign('sources', $tmp);
576 $smarty->assign('recipients', $this->recipients);
578 /* Acl selector if scope is base */
579 if ($this->aclType == 'base'){
580 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
581 }
583 /* Role selector if scope is base */
584 if ($this->aclType == 'role'){
585 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
586 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
587 }
588 }
590 if ($this->dialogState == 'edit'){
591 $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
593 /* Collect objects for selected category */
594 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
595 if ($idx == 0){
596 continue;
597 }
598 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
599 }
600 if ($this->aclObject == 'all'){
601 $aclObjects['all']= _("All objects in current subtree");
602 }
604 /* Role selector if scope is base */
605 if ($this->aclType == 'role'){
606 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
607 } else {
608 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
609 }
610 }
612 /* Show main page */
613 $smarty->assign("dialogState", $this->dialogState);
615 /* Assign acls */
616 $smarty->assign("acl_createable",$this->acl_is_createable());
617 $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
618 $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
619 $smarty->assign("acl_removeable",$this->acl_is_removeable());
621 return ($smarty->fetch (get_template_path('acl.tpl')));
622 }
625 function sort_by_priority($list)
626 {
627 $tmp= session::global_get('plist');
628 $plist= $tmp->info;
629 asort($plist);
630 $newSort = array();
632 foreach($list as $name => $translation){
633 $na = preg_replace("/^.*\//","",$name);
634 $prio = 0;
635 if(isset($plist[$na]['plPriority'])){
636 $prio= $plist[$na]['plPriority'] ;
637 }
639 $newSort[$name] = $prio;
640 }
642 asort($newSort);
644 $ret = array();
645 foreach($newSort as $name => $prio){
646 $ret[$name] = $list[$name];
647 }
648 return($ret);
649 }
652 function buildRoleSelector($list)
653 {
654 $D_List =new divSelectBox("Acl_Roles");
656 $selected = $this->aclContents;
657 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
658 $selected = key($list);
659 }
661 $str ="";
662 foreach($list as $dn => $values){
664 if($dn == $selected){
665 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
666 }else{
667 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
668 }
670 $field1 = array("string" => $option) ;
671 $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
672 $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
674 $D_List->AddEntry(array($field1,$field2,$field3));
675 }
676 return($D_List->DrawList());
677 }
680 function buildAclSelector($list)
681 {
682 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
683 $cols= 3;
684 $tmp= session::global_get('plist');
685 $plist= $tmp->info;
686 asort($plist);
688 /* Add select all/none buttons */
689 $style = "style='width:100px;'";
691 if($this->acl_is_writeable("")){
692 $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
693 $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
694 $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
695 $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
696 $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
698 $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
699 $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
701 $display .= "<br>";
703 $style = "style='width:50px;'";
704 $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
705 $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
706 $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
707 $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
708 $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
709 $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
710 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
711 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
712 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
713 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
715 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
716 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
717 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
718 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
719 }
721 /* Build general objects */
722 $list =$this->sort_by_priority($list);
723 foreach ($list as $key => $name){
725 /* Create sub acl if it does not exist */
726 if (!isset($this->aclContents[$key])){
727 $this->aclContents[$key]= array();
728 $this->aclContents[$key][0]= '';
729 }
730 $currentAcl= $this->aclContents[$key];
732 /* Get the overall plugin acls
733 */
734 $overall_acl ="";
735 if(isset($currentAcl[0])){
736 $overall_acl = $currentAcl[0];
737 }
739 // Detect configured plugins
740 $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
742 /* Object header */
743 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
745 if($expand){
746 $back_color = "#C8C8FF";
747 }else{
748 $back_color = "#C8C8C8";
749 }
751 if(session::global_get('js')) {
752 if(isset($_SERVER['HTTP_USER_AGENT']) &&
753 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
754 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
755 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
756 "\n <tr>".
757 "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
758 "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
759 "\n <input type='button' onclick='divtoggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
760 "\n </tr>";
761 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
762 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
763 "\n <tr>".
764 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
765 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
766 "\n <input type='button' onclick='divtoggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
767 "\n </tr>";
768 } else {
769 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
770 "\n <tr>".
771 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
772 "\n </tr>";
773 }
774 } else {
775 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
776 "\n <tr>".
777 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
778 "\n </tr>";
779 }
781 /* Generate options */
782 $spc= " ";
783 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
784 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
785 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
786 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
787 $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
788 }
790 /* Global options */
791 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
792 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
794 $display.= "\n <tr>".
795 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
796 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
797 "\n </tr>";
799 /* Walk through the list of attributes */
800 $cnt= 1;
801 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
802 if(session::global_get('js')) {
803 if(isset($_SERVER['HTTP_USER_AGENT']) &&
804 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
805 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
806 "\n <td colspan=".$cols.">".
807 "\n <div id='$tname' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
808 "\n <table style='width:100%;'>";
809 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
810 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
811 "\n <td colspan=".$cols.">".
812 "\n <div id='$tname' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
813 "\n <table style='width:100%;'>";
814 }else{
815 }
816 }
819 foreach($splist as $attr => $dsc){
821 /* Skip pl* attributes, they are internal... */
822 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
823 continue;
824 }
826 /* Open table row */
827 if ($cnt == 1){
828 $display.= "\n <tr>";
829 }
831 /* Close table row */
832 if ($cnt == $cols){
833 $cnt= 1;
834 $rb= "";
835 $end= "\n </tr>";
836 } else {
837 $cnt++;
838 $rb= "border-right:1px solid #A0A0A0;";
839 $end= "";
840 }
842 /* Collect list of attributes */
843 $state= "";
844 if (isset($currentAcl[$attr])){
845 $state= $currentAcl[$attr];
846 }
847 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
848 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
849 }
851 /* Fill missing td's if needed */
852 if (--$cnt != $cols && $cnt != 0){
853 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
854 }
856 if(session::global_get('js')) {
857 if(isset($_SERVER['HTTP_USER_AGENT']) &&
858 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
859 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
860 (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
861 $display.= "\n </table>".
862 "\n </div>".
863 "\n </td>".
864 "\n </tr>";
865 }
866 }
868 $display.= "\n</table><br />\n";
869 }
871 return ($display);
872 }
875 function mkchkbx($name, $text, $state= FALSE)
876 {
877 $state= $state?"checked":"";
878 if($this->acl_is_writeable("")){
879 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
880 return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
881 "\n <label for='acl_$tname'>$text</label>";
882 }else{
883 return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
884 }
885 }
888 function mkrwbx($name, $state= "")
889 {
890 $rstate= preg_match('/r/', $state)?'checked':'';
891 $wstate= preg_match('/w/', $state)?'checked':'';
892 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
894 if($this->acl_is_writeable("")){
895 return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
896 "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
897 "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
898 "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
899 }else{
900 return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
901 "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
902 }
903 }
906 static function explodeACL($acl)
907 {
909 $list= split(':', $acl);
910 if(count($list) == 5){
911 list($index, $type,$member,$permission,$filter)= $list;
912 $filter = base64_decode($filter);
913 }else{
914 $filter = "";
915 list($index, $type,$member,$permission)= $list;
916 }
918 $a= array( $index => array("type" => $type,
919 "filter"=> $filter,
920 "members" => acl::extractMembers($acl,$type == "role")));
922 /* Handle different types */
923 switch ($type){
925 case 'psub':
926 case 'sub':
927 case 'one':
928 case 'base':
929 $a[$index]['acl']= acl::extractACL($acl);
930 break;
932 case 'role':
933 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
934 break;
936 case 'reset':
937 break;
939 default:
940 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
941 $a= array();
942 }
943 return ($a);
944 }
947 static function extractMembers($acl,$role = FALSE)
948 {
949 global $config;
950 $a= array();
952 /* Rip acl off the string, seperate by ',' and place it in an array */
953 if($role){
954 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
955 }else{
956 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
957 }
958 if ($ms == $acl){
959 return $a;
960 }
961 $ma= split(',', $ms);
963 /* Decode dn's, fill with informations from LDAP */
964 $ldap= $config->get_ldap_link();
965 foreach ($ma as $memberdn){
966 $dn= base64_decode($memberdn);
967 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
969 /* Found entry... */
970 if ($ldap->count()){
971 $attrs= $ldap->fetch();
972 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
973 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
974 } else {
975 $a['G:'.$dn]= $attrs['cn'][0];
976 if (isset($attrs['description'][0])){
977 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
978 }
979 }
981 /* ... or not */
982 } else {
983 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
984 }
985 }
987 return ($a);
988 }
991 static function extractACL($acl)
992 {
993 /* Rip acl off the string, seperate by ',' and place it in an array */
994 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
995 $aa= split(',', $as);
996 $a= array();
998 /* Dis-assemble single ACLs */
999 foreach($aa as $sacl){
1001 /* Dis-assemble field ACLs */
1002 $ao= split('#', $sacl);
1003 $gobject= "";
1004 foreach($ao as $idx => $ssacl){
1006 /* First is department with global acl */
1007 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
1008 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
1009 if ($idx == 0){
1010 /* Create hash for this object */
1011 $gobject= $object;
1012 $a[$gobject]= array();
1014 /* Append ACL if set */
1015 if ($gacl != ""){
1016 $a[$gobject]= array($gacl);
1017 }
1018 } else {
1020 /* All other entries get appended... */
1021 list($field, $facl)= split(';', $ssacl);
1022 $a[$gobject][$field]= $facl;
1023 }
1025 }
1026 }
1028 return ($a);
1029 }
1032 function assembleAclSummary($entry)
1033 {
1034 $summary= "";
1036 /* Summarize ACL */
1037 if (isset($entry['acl'])){
1038 $acl= "";
1040 if($entry['type'] == "role"){
1042 if(isset($this->roles[$entry['acl']])){
1043 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
1044 }else{
1045 $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
1046 }
1047 }else{
1048 foreach ($entry['acl'] as $name => $object){
1049 if (count($object)){
1050 $acl.= "$name, ";
1051 }
1052 }
1053 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1054 }
1055 }
1057 /* Summarize members */
1058 if ($summary != ""){
1059 $summary.= ", ";
1060 }
1061 if (count($entry['members'])){
1062 $summary.= _("Members").": ";
1063 foreach ($entry['members'] as $cn){
1064 $cn= preg_replace('/ \[.*$/', '', $cn);
1065 $summary.= $cn.", ";
1066 }
1067 } else {
1068 $summary.= _("ACL takes effect for all users");
1069 }
1071 return (preg_replace('/, $/', '', $summary));
1072 }
1075 function loadAclEntry($new= FALSE)
1076 {
1077 /* New entry gets presets... */
1078 if ($new){
1079 $this->aclType= 'base';
1080 $this->aclFilter= "";
1081 $this->recipients= array();
1082 $this->aclContents= array();
1083 } else {
1084 $acl= $this->gosaAclEntry[$this->currentIndex];
1085 $this->aclType= $acl['type'];
1086 $this->recipients= $acl['members'];
1087 $this->aclContents= $acl['acl'];
1088 $this->aclFilter= $acl['filter'];
1089 }
1091 $this->wasNewEntry= $new;
1092 }
1095 function aclPostHandler()
1096 {
1097 if (isset($_POST['save_acl'])){
1098 $this->save();
1099 return TRUE;
1100 }
1102 return FALSE;
1103 }
1106 function PrepareForCopyPaste($source)
1107 {
1108 plugin::PrepareForCopyPaste($source);
1110 $dn = $source['dn'];
1111 $acl_c = new acl($this->config, $this->parent,$dn);
1112 $this->gosaAclEntry = $acl_c->gosaAclEntry;
1113 }
1116 function save()
1117 {
1118 /* Assemble ACL's */
1119 $tmp_acl= array();
1121 foreach ($this->gosaAclEntry as $prio => $entry){
1122 $final= "";
1123 $members= "";
1124 if (isset($entry['members'])){
1125 foreach ($entry['members'] as $key => $dummy){
1126 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1127 }
1128 }
1130 if($entry['type'] != "role"){
1131 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1132 }else{
1133 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1134 }
1136 /* ACL's if needed */
1137 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1138 $acl= ":";
1139 if (isset($entry['acl'])){
1140 foreach ($entry['acl'] as $object => $contents){
1142 /* Only save, if we've some contents in there... */
1143 if (count($contents)){
1144 $acl.= $object.";";
1146 foreach($contents as $attr => $permission){
1148 /* First entry? Its the one for global settings... */
1149 if ($attr == '0'){
1150 $acl.= $permission;
1151 } else {
1152 $acl.= '#'.$attr.';'.$permission;
1153 }
1155 }
1156 $acl.= ',';
1157 }
1159 }
1160 }
1161 $final.= preg_replace('/,$/', '', $acl);
1162 }
1164 /* Append additional filter options
1165 */
1166 if(!empty($entry['filter'])){
1167 $final .= ":".base64_encode($entry['filter']);
1168 }
1170 $tmp_acl[]= $final;
1171 }
1173 /* Call main method */
1174 plugin::save();
1176 /* Finally (re-)assign it... */
1177 $this->attrs['gosaAclEntry']= $tmp_acl;
1179 /* Remove acl from this entry if it is empty... */
1180 if (!count($tmp_acl)){
1181 /* Remove attribute */
1182 if ($this->initially_was_account){
1183 $this->attrs['gosaAclEntry']= array();
1184 } else {
1185 if (isset($this->attrs['gosaAclEntry'])){
1186 unset($this->attrs['gosaAclEntry']);
1187 }
1188 }
1190 /* Remove object class */
1191 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1192 }
1194 /* Do LDAP modifications */
1195 $ldap= $this->config->get_ldap_link();
1196 $ldap->cd($this->dn);
1197 $this->cleanup();
1198 $ldap->modify ($this->attrs);
1200 if(count($this->attrs)){
1201 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1202 }
1204 if (!$ldap->success()){
1205 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
1206 }
1208 /* Refresh users ACLs */
1209 $ui= get_userinfo();
1210 $ui->loadACL();
1211 session::global_set('ui',$ui);
1212 }
1215 function remove_from_parent()
1216 {
1217 plugin::remove_from_parent();
1219 /* include global link_info */
1220 $ldap= $this->config->get_ldap_link();
1222 $ldap->cd($this->dn);
1223 $this->cleanup();
1224 $ldap->modify ($this->attrs);
1226 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1228 /* Optionally execute a command after we're done */
1229 $this->handle_post_events("remove",array("uid" => $this->uid));
1230 }
1233 /* Return plugin informations for acl handling */
1234 static function plInfo()
1235 {
1236 return (array(
1237 "plShortName" => _("ACL"),
1238 "plDescription" => _("ACL")." ("._("Access control list").")",
1239 "plSelfModify" => FALSE,
1240 "plDepends" => array(),
1241 "plPriority" => 0,
1242 "plSection" => array("administration"),
1243 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1244 "objectClass" => array("gosaAcl","gosaRole"))),
1245 "plProvidedAcls"=> array(
1246 // "cn" => _("Role name"),
1247 // "description" => _("Role description")
1248 )
1250 ));
1251 }
1254 /* Remove acls defined for $src */
1255 function remove_acl()
1256 {
1257 $this->remove_acl_for_dn($this->dn);
1258 }
1261 /* Remove acls defined for $src */
1262 function remove_acl_for_dn($src = "")
1263 {
1264 if($src == ""){
1265 $src = $this->dn;
1266 }
1267 $ldap = $this->config->get_ldap_link();
1268 $ldap->cd($this->config->current['BASE']);
1269 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1270 while($attrs = $ldap->fetch()){
1271 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1272 foreach($acl->gosaAclEntry as $id => $entry){
1273 foreach($entry['members'] as $m_id => $member){
1274 if($m_id == "U:".$src){
1275 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1276 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
1277 }
1278 if($m_id == "G:".$src){
1279 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1280 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
1281 }
1282 }
1283 }
1284 $acl -> save();
1285 }
1286 }
1288 function update_acl_membership($src,$dst)
1289 {
1290 $ldap = $this->config->get_ldap_link();
1291 $ldap->cd($this->config->current['BASE']);
1292 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1293 while($attrs = $ldap->fetch()){
1294 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1295 foreach($acl->gosaAclEntry as $id => $entry){
1296 foreach($entry['members'] as $m_id => $member){
1297 if($m_id == "U:".$src){
1298 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1299 $new = "U:".$dst;
1300 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1301 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1302 }
1303 if($m_id == "G:".$src){
1304 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1305 $new = "G:".$dst;
1306 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1307 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1308 }
1309 }
1310 }
1311 $acl -> save();
1312 }
1313 }
1315 }
1317 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1318 ?>