1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class acl extends plugin
24 {
25 /* Definitions */
26 var $plHeadline= "Access control";
27 var $plDescription= "Manage access control lists";
29 /* attribute list for save action */
30 var $attributes= array('gosaAclEntry');
31 var $objectclasses= array('gosaAcl');
33 /* Helpers */
34 var $dialogState= "head";
35 var $gosaAclEntry= array();
36 var $aclType= "";
37 var $aclObject= "";
38 var $aclContents= array();
39 var $target= "group";
40 var $aclTypes= array();
41 var $aclObjects= array();
42 var $aclMyObjects= array();
43 var $users= array();
44 var $roles= array();
45 var $groups= array();
46 var $recipients= array();
47 var $isContainer= FALSE;
48 var $currentIndex= 0;
49 var $wasNewEntry= FALSE;
50 var $ocMapping= array();
51 var $savedAclContents= array();
52 var $myAclObjects = array();
54 function acl (&$config, $parent, $dn= NULL)
55 {
56 /* Include config object */
57 plugin::plugin($config, $dn);
59 /* Load ACL's */
60 $this->gosaAclEntry= array();
61 if (isset($this->attrs['gosaAclEntry'])){
62 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
63 $acl= $this->attrs['gosaAclEntry'][$i];
64 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
65 }
66 }
67 ksort($this->gosaAclEntry);
69 /* Save parent - we've to know more about it than other plugins... */
70 $this->parent= &$parent;
72 /* Container? */
73 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
74 $this->isContainer= TRUE;
75 }
77 /* Users */
78 $ui= get_userinfo();
79 $tag= $ui->gosaUnitTag;
80 $ldap= $config->get_ldap_link();
81 $ldap->cd($config->current['BASE']);
82 if ($tag == ""){
83 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
84 } else {
85 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
86 }
87 while ($attrs= $ldap->fetch()){
88 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
89 }
90 ksort($this->users);
92 /* Groups */
93 $ldap->cd($config->current['BASE']);
94 if ($tag == ""){
95 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
96 } else {
97 $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
98 }
99 while ($attrs= $ldap->fetch()){
100 $dsc= "";
101 if (isset($attrs['description'][0])){
102 $dsc= $attrs['description'][0];
103 }
104 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
105 }
106 ksort($this->groups);
108 /* Roles */
109 $ldap->cd($config->current['BASE']);
110 # if ($tag == ""){
111 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
112 # } else {
113 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
114 # }
115 while ($attrs= $ldap->fetch()){
116 $dsc= "";
117 if (isset($attrs['description'][0])){
118 $dsc= $attrs['description'][0];
119 }
121 $role_id = $attrs['dn'];
123 $this->roles[$role_id]['acls'] =array();
124 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
125 $acl= $attrs['gosaAclTemplate'][$i];
126 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
127 }
128 $this->roles[$role_id]['description'] = $dsc;
129 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
130 }
132 /* Objects */
133 $tmp= session::get('plist');
134 $plist= $tmp->info;
135 $cats = array();
136 if (isset($this->parent) && $this->parent !== NULL){
137 $oc= array();
138 foreach ($this->parent->by_object as $key => $obj){
139 $oc= array_merge($oc, $obj->objectclasses);
140 if(isset($obj->acl_category)){
141 $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
142 }
143 }
144 if (in_array_ics('organizationalUnit', $oc)){
145 $this->isContainer= TRUE;
146 }
147 } else {
148 $oc= $this->attrs['objectClass'];
149 }
151 /* Extract available categories from plugin info list */
152 foreach ($plist as $class => $acls){
154 /* Only feed categories */
155 if (isset($acls['plCategory'])){
157 /* Walk through supplied list and feed only translated categories */
158 foreach($acls['plCategory'] as $idx => $data){
160 /* Non numeric index means -> base object containing more informations */
161 if (preg_match('/^[0-9]+$/', $idx)){
162 if (!isset($this->ocMapping[$data])){
163 $this->ocMapping[$data]= array();
164 $this->ocMapping[$data][]= '0';
165 }
167 if(isset($cats[$data])){
168 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
169 }
170 $this->ocMapping[$data][]= $class;
171 } else {
172 if (!isset($this->ocMapping[$idx])){
173 $this->ocMapping[$idx]= array();
174 $this->ocMapping[$idx][]= '0';
175 }
176 $this->ocMapping[$idx][]= $class;
177 $this->aclObjects[$idx]= $data['description'];
179 /* Additionally filter the classes we're interested in in "self edit" mode */
180 if (is_array($data['objectClass'])){
181 foreach($data['objectClass'] as $objectClass){
182 if (in_array_ics($objectClass, $oc)){
183 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
184 break;
185 }
186 }
187 } else {
188 if (in_array_ics($data['objectClass'], $oc)){
189 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
190 }
191 }
192 }
194 }
195 }
196 }
197 $this->aclObjects['all']= '* '._("All categories");
198 $this->ocMapping['all']= array('0' => 'all');
200 /* Sort categories */
201 asort($this->aclObjects);
203 /* Fill acl types */
204 if ($this->isContainer){
205 $this->aclTypes= array("reset" => _("Reset ACLs"),
206 "one" => _("One level"),
207 "base" => _("Current object"),
208 "sub" => _("Complete subtree"),
209 "psub" => _("Complete subtree (permanent)"),
210 "role" => _("Use ACL defined in role"));
211 } else {
212 $this->aclTypes= array("base" => _("Current object"),
213 "role" => _("Use ACL defined in role"));
214 }
215 asort($this->aclTypes);
216 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
217 asort($this->targets);
219 /* Finally - we want to get saved... */
220 $this->is_account= TRUE;
221 }
224 function execute()
225 {
226 /* Call parent execute */
227 plugin::execute();
229 $tmp= session::get('plist');
230 $plist= $tmp->info;
232 /* Handle posts */
233 if (isset($_POST['new_acl'])){
234 $this->dialogState= 'create';
235 $this->dialog= TRUE;
236 $this->currentIndex= count($this->gosaAclEntry);
237 $this->loadAclEntry(TRUE);
238 }
240 $new_acl= array();
241 $aclDialog= FALSE;
242 $firstedit= FALSE;
243 foreach($_POST as $name => $post){
245 /* Actions... */
246 if (preg_match('/^acl_edit_.*_x/', $name)){
247 $this->dialogState= 'create';
248 $firstedit= TRUE;
249 $this->dialog= TRUE;
250 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
251 $this->loadAclEntry();
252 continue;
253 }
254 if (preg_match('/^acl_del_.*_x/', $name)){
255 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
256 continue;
257 }
259 if (preg_match('/^cat_edit_.*_x/', $name)){
260 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
261 $this->dialogState= 'edit';
262 foreach ($this->ocMapping[$this->aclObject] as $oc){
263 if (isset($this->aclContents[$oc])){
264 $this->savedAclContents[$oc]= $this->aclContents[$oc];
265 }
266 }
267 continue;
268 }
269 if (preg_match('/^cat_del_.*_x/', $name)){
270 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
271 foreach ($this->ocMapping[$idx] as $key){
272 unset($this->aclContents["$idx/$key"]);
273 }
274 continue;
275 }
277 /* Sorting... */
278 if (preg_match('/^sortup_.*_x/', $name)){
279 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
280 if ($index > 0){
281 $tmp= $this->gosaAclEntry[$index];
282 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
283 $this->gosaAclEntry[$index-1]= $tmp;
284 }
285 continue;
286 }
287 if (preg_match('/^sortdown_.*_x/', $name)){
288 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
289 if ($index < count($this->gosaAclEntry)-1){
290 $tmp= $this->gosaAclEntry[$index];
291 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
292 $this->gosaAclEntry[$index+1]= $tmp;
293 }
294 continue;
295 }
297 /* ACL saving... */
298 if (preg_match('/^acl_.*_[^xy]$/', $name)){
299 $aclDialog= TRUE;
300 list($dummy, $object, $attribute, $value)= split('_', $name);
302 /* Skip for detection entry */
303 if ($object == 'dummy') {
304 continue;
305 }
307 /* Ordinary ACLs */
308 if (!isset($new_acl[$object])){
309 $new_acl[$object]= array();
310 }
311 if (isset($new_acl[$object][$attribute])){
312 $new_acl[$object][$attribute].= $value;
313 } else {
314 $new_acl[$object][$attribute]= $value;
315 }
316 }
318 if(isset($_POST['selected_role'])){
319 $this->aclContents = "";
320 $this->aclContents = base64_decode($_POST['selected_role']);
321 }
322 }
324 /* Only be interested in new acl's, if we're in the right _POST place */
325 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
327 foreach ($this->ocMapping[$this->aclObject] as $oc){
328 unset($this->aclContents[$oc]);
329 unset($this->aclContents[$this->aclObject.'/'.$oc]);
330 if (isset($new_acl[$oc])){
331 $this->aclContents[$oc]= $new_acl[$oc];
332 }
333 if (isset($new_acl[$this->aclObject.'/'.$oc])){
334 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
335 }
336 }
337 }
339 /* Save new acl in case of base edit mode */
340 if ($this->aclType == 'base' && !$firstedit){
341 $this->aclContents= $new_acl;
342 }
344 /* Cancel new acl? */
345 if (isset($_POST['cancel_new_acl'])){
346 $this->dialogState= 'head';
347 $this->dialog= FALSE;
348 if ($this->wasNewEntry){
349 unset ($this->gosaAclEntry[$this->currentIndex]);
350 }
351 }
353 /* Store ACL in main object? */
354 if (isset($_POST['submit_new_acl'])){
355 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
356 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
357 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
358 $this->dialogState= 'head';
359 $this->dialog= FALSE;
360 }
362 /* Cancel edit acl? */
363 if (isset($_POST['cancel_edit_acl'])){
364 $this->dialogState= 'create';
365 foreach ($this->ocMapping[$this->aclObject] as $oc){
366 if (isset($this->savedAclContents[$oc])){
367 $this->aclContents[$oc]= $this->savedAclContents[$oc];
368 }
369 }
370 }
372 /* Save edit acl? */
373 if (isset($_POST['submit_edit_acl'])){
374 $this->dialogState= 'create';
375 }
377 /* Add acl? */
378 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
379 $this->dialogState= 'edit';
380 $this->savedAclContents= array();
381 foreach ($this->ocMapping[$this->aclObject] as $oc){
382 if (isset($this->aclContents[$oc])){
383 $this->savedAclContents[$oc]= $this->aclContents[$oc];
384 }
385 }
386 }
388 /* Add to list? */
389 if (isset($_POST['add']) && isset($_POST['source'])){
390 foreach ($_POST['source'] as $key){
391 if ($this->target == 'user'){
392 $this->recipients[$key]= $this->users[$key];
393 }
394 if ($this->target == 'group'){
395 $this->recipients[$key]= $this->groups[$key];
396 }
397 }
398 ksort($this->recipients);
399 }
401 /* Remove from list? */
402 if (isset($_POST['del']) && isset($_POST['recipient'])){
403 foreach ($_POST['recipient'] as $key){
404 unset($this->recipients[$key]);
405 }
406 }
408 /* Save common values */
409 foreach (array("aclType", "aclObject", "target") as $key){
410 if (isset($_POST[$key])){
411 $this->$key= validate($_POST[$key]);
412 }
413 }
415 /* Create templating instance */
416 $smarty= get_smarty();
418 if ($this->dialogState == 'head'){
419 /* Draw list */
420 $aclList= new divSelectBox("aclList");
421 $aclList->SetHeight(450);
423 /* Fill in entries */
424 foreach ($this->gosaAclEntry as $key => $entry){
425 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
426 $field2= array("string" => $this->assembleAclSummary($entry));
427 $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
428 $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
429 $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
430 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
432 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
433 $aclList->AddEntry(array($field1, $field2, $field3));
434 }
436 $smarty->assign("aclList", $aclList->DrawList());
437 }
439 if ($this->dialogState == 'create'){
440 /* Draw list */
441 $aclList= new divSelectBox("aclList");
442 $aclList->SetHeight(150);
444 /* Add settings for all categories to the (permanent) list */
445 foreach ($this->aclObjects as $section => $dsc){
446 $summary= "";
447 foreach($this->ocMapping[$section] as $oc){
448 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
449 $this->aclContents[$oc][0] != ""){
451 $summary.= "$oc, ";
452 continue;
453 }
454 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
455 $summary.= "$oc, ";
456 continue;
457 }
458 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
459 $summary.= "$oc, ";
460 }
461 }
463 /* Set summary... */
464 if ($summary == ""){
465 $summary= '<i>'._("No ACL settings for this category").'</i>';
466 } else {
467 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
468 }
470 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
471 $field2= array("string" => $summary);
472 $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$section' title='"._("Edit categories ACLs")."'>";
473 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$section' title='"._("Clear categories ACLs")."'>";
474 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
475 $aclList->AddEntry(array($field1, $field2, $field3));
476 }
478 $smarty->assign("aclList", $aclList->DrawList());
479 $smarty->assign("aclType", $this->aclType);
480 $smarty->assign("aclTypes", $this->aclTypes);
481 $smarty->assign("target", $this->target);
482 $smarty->assign("targets", $this->targets);
484 /* Assign possible target types */
485 $smarty->assign("targets", $this->targets);
486 foreach ($this->attributes as $attr){
487 $smarty->assign($attr, $this->$attr);
488 }
491 /* Generate list */
492 $tmp= array();
493 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
494 if ($this->target == $field){
495 foreach ($this->$arr as $key => $value){
496 if (!isset($this->recipients[$key])){
497 $tmp[$key]= $value;
498 }
499 }
500 }
501 }
502 $smarty->assign('sources', $tmp);
503 $smarty->assign('recipients', $this->recipients);
505 /* Acl selector if scope is base */
506 if ($this->aclType == 'base'){
507 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
508 }
510 /* Role selector if scope is base */
511 if ($this->aclType == 'role'){
512 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
513 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
514 }
515 }
517 if ($this->dialogState == 'edit'){
518 $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
520 /* Collect objects for selected category */
521 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
522 if ($idx == 0){
523 continue;
524 }
525 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
526 }
527 if ($this->aclObject == 'all'){
528 $aclObjects['all']= _("All objects in current subtree");
529 }
531 /* Role selector if scope is base */
532 if ($this->aclType == 'role'){
533 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
534 } else {
535 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
536 }
537 }
539 /* Show main page */
540 $smarty->assign("dialogState", $this->dialogState);
542 return ($smarty->fetch (get_template_path('acl.tpl')));
543 }
546 function sort_by_priority($list)
547 {
548 $tmp= session::get('plist');
549 $plist= $tmp->info;
550 asort($plist);
551 $newSort = array();
553 foreach($list as $name => $translation){
554 $na = preg_replace("/^.*\//","",$name);
555 $prio = 0;
556 if(isset($plist[$na]['plPriority'])){
557 $prio= $plist[$na]['plPriority'] ;
558 }
560 $newSort[$name] = $prio;
561 }
563 asort($newSort);
565 $ret = array();
566 foreach($newSort as $name => $prio){
567 $ret[$name] = $list[$name];
568 }
569 return($ret);
570 }
573 function buildRoleSelector($list)
574 {
575 $D_List =new divSelectBox("Acl_Roles");
577 $selected = $this->aclContents;
578 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
579 $selected = key($list);
580 }
582 $str ="";
583 foreach($list as $dn => $values){
585 if($dn == $selected){
586 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
587 }else{
588 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
589 }
591 $field1 = array("string" => $option) ;
592 $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
593 $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
595 $D_List->AddEntry(array($field1,$field2,$field3));
596 }
597 return($D_List->DrawList());
598 }
601 function buildAclSelector($list)
602 {
603 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
604 $cols= 3;
605 $tmp= session::get('plist');
606 $plist= $tmp->info;
607 asort($plist);
609 /* Add select all/none buttons */
610 $style = "style='width:100px;'";
612 $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
613 $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
614 $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
615 $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
616 $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
618 $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
619 $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
621 $display .= "<br>";
623 $style = "style='width:50px;'";
624 $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
625 $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
626 $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
627 $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
628 $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
629 $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
630 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
631 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
632 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
633 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
635 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
636 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
637 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
638 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
640 /* Build general objects */
641 $list =$this->sort_by_priority($list);
642 foreach ($list as $key => $name){
644 /* Create sub acl if it does not exist */
645 if (!isset($this->aclContents[$key])){
646 $this->aclContents[$key]= array();
647 $this->aclContents[$key][0]= '';
648 }
649 $currentAcl= $this->aclContents[$key];
651 /* Get the overall plugin acls
652 */
653 $overall_acl ="";
654 if(isset($currentAcl[0])){
655 $overall_acl = $currentAcl[0];
656 }
658 /* Object header */
659 if(session::get('js')) {
660 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
661 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
662 "\n <tr>".
663 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
664 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
665 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
666 "\n </tr>";
667 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
668 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
669 "\n <tr>".
670 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
671 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
672 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
673 "\n </tr>";
674 } else {
675 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
676 "\n <tr>".
677 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
678 "\n </tr>";
679 }
680 } else {
681 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
682 "\n <tr>".
683 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
684 "\n </tr>";
685 }
687 /* Generate options */
688 $spc= " ";
689 if ($this->isContainer && $this->aclType != 'base'){
690 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
691 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
692 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
693 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
694 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
695 }
696 } else {
697 $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc;
698 $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc;
699 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
700 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
701 }
702 }
704 /* Global options */
705 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
706 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
708 $display.= "\n <tr>".
709 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
710 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
711 "\n </tr>";
713 /* Walk through the list of attributes */
714 $cnt= 1;
715 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
716 asort($splist);
717 if(session::get('js')) {
718 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
719 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
720 "\n <td colspan=".$cols.">".
721 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
722 "\n <table style='width:100%;'>";
723 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
724 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
725 "\n <td colspan=".$cols.">".
726 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
727 "\n <table style='width:100%;'>";
728 }
729 }
730 foreach($splist as $attr => $dsc){
732 /* Skip pl* attributes, they are internal... */
733 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
734 continue;
735 }
737 /* Open table row */
738 if ($cnt == 1){
739 $display.= "\n <tr>";
740 }
742 /* Close table row */
743 if ($cnt == $cols){
744 $cnt= 1;
745 $rb= "";
746 $end= "\n </tr>";
747 } else {
748 $cnt++;
749 $rb= "border-right:1px solid #A0A0A0;";
750 $end= "";
751 }
753 /* Collect list of attributes */
754 $state= "";
755 if (isset($currentAcl[$attr])){
756 $state= $currentAcl[$attr];
757 }
758 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
759 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
760 }
762 /* Fill missing td's if needed */
763 if (--$cnt != $cols && $cnt != 0){
764 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
765 }
767 if(session::get('js')) {
768 if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
769 $display.= "\n </table>".
770 "\n </div>".
771 "\n </td>".
772 "\n </tr>";
773 }
774 }
776 $display.= "\n</table><br />\n";
777 }
779 return ($display);
780 }
783 function mkchkbx($name, $text, $state= FALSE)
784 {
785 $state= $state?"checked":"";
786 return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
787 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
788 }
791 function mkrwbx($name, $state= "")
792 {
793 $rstate= preg_match('/r/', $state)?'checked':'';
794 $wstate= preg_match('/w/', $state)?'checked':'';
795 return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
796 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
797 "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
798 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
799 }
802 static function explodeACL($acl)
803 {
804 list($index, $type)= split(':', $acl);
805 $a= array( $index => array("type" => $type,
806 "members" => acl::extractMembers($acl,$type == "role")));
808 /* Handle different types */
809 switch ($type){
811 case 'psub':
812 case 'sub':
813 case 'one':
814 case 'base':
815 $a[$index]['acl']= acl::extractACL($acl);
816 break;
818 case 'role':
819 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
820 break;
822 case 'reset':
823 break;
825 default:
826 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type), ERROR_DIALOG);
827 $a= array();
828 }
829 return ($a);
830 }
833 static function extractMembers($acl,$role = FALSE)
834 {
835 global $config;
836 $a= array();
838 /* Rip acl off the string, seperate by ',' and place it in an array */
839 if($role){
840 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
841 }else{
842 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
843 }
844 if ($ms == $acl){
845 return $a;
846 }
847 $ma= split(',', $ms);
849 /* Decode dn's, fill with informations from LDAP */
850 $ldap= $config->get_ldap_link();
851 foreach ($ma as $memberdn){
852 $dn= base64_decode($memberdn);
853 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
855 /* Found entry... */
856 if ($ldap->count()){
857 $attrs= $ldap->fetch();
858 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
859 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
860 } else {
861 $a['G:'.$dn]= $attrs['cn'][0];
862 if (isset($attrs['description'][0])){
863 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
864 }
865 }
867 /* ... or not */
868 } else {
869 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
870 }
871 }
873 return ($a);
874 }
877 static function extractACL($acl)
878 {
879 /* Rip acl off the string, seperate by ',' and place it in an array */
880 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
881 $aa= split(',', $as);
882 $a= array();
884 /* Dis-assemble single ACLs */
885 foreach($aa as $sacl){
887 /* Dis-assemble field ACLs */
888 $ao= split('#', $sacl);
889 $gobject= "";
890 foreach($ao as $idx => $ssacl){
892 /* First is department with global acl */
893 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
894 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
895 if ($idx == 0){
896 /* Create hash for this object */
897 $gobject= $object;
898 $a[$gobject]= array();
900 /* Append ACL if set */
901 if ($gacl != ""){
902 $a[$gobject]= array($gacl);
903 }
904 } else {
906 /* All other entries get appended... */
907 list($field, $facl)= split(';', $ssacl);
908 $a[$gobject][$field]= $facl;
909 }
911 }
912 }
914 return ($a);
915 }
918 function assembleAclSummary($entry)
919 {
920 $summary= "";
922 /* Summarize ACL */
923 if (isset($entry['acl'])){
924 $acl= "";
926 if($entry['type'] == "role"){
928 if(isset($this->roles[$entry['acl']])){
929 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
930 }else{
931 $summary.= sprintf(_("Role: %s"), "<i>"._("Unknown role, possibly removed")."</i>");
932 }
933 }else{
934 foreach ($entry['acl'] as $name => $object){
935 if (count($object)){
936 $acl.= "$name, ";
937 }
938 }
939 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
940 }
941 }
943 /* Summarize members */
944 if ($summary != ""){
945 $summary.= ", ";
946 }
947 if (count($entry['members'])){
948 $summary.= _("Members:")." ";
949 foreach ($entry['members'] as $cn){
950 $cn= preg_replace('/ \[.*$/', '', $cn);
951 $summary.= $cn.", ";
952 }
953 } else {
954 $summary.= _("ACL is valid for all users");
955 }
957 return (preg_replace('/, $/', '', $summary));
958 }
961 function loadAclEntry($new= FALSE)
962 {
963 /* New entry gets presets... */
964 if ($new){
965 $this->aclType= 'base';
966 $this->recipients= array();
967 $this->aclContents= array();
968 } else {
969 $acl= $this->gosaAclEntry[$this->currentIndex];
970 $this->aclType= $acl['type'];
971 $this->recipients= $acl['members'];
972 $this->aclContents= $acl['acl'];
973 }
975 $this->wasNewEntry= $new;
976 }
979 function aclPostHandler()
980 {
981 if (isset($_POST['save_acl'])){
982 $this->save();
983 return TRUE;
984 }
986 return FALSE;
987 }
990 function PrepareForCopyPaste($source)
991 {
992 plugin::PrepareForCopyPaste($source);
994 $dn = $source['dn'];
995 $acl_c = new acl($this->config, $this->parent,$dn);
996 $this->gosaAclEntry = $acl_c->gosaAclEntry;
997 }
1000 function save()
1001 {
1002 /* Assemble ACL's */
1003 $tmp_acl= array();
1004 foreach ($this->gosaAclEntry as $prio => $entry){
1005 $final= "";
1006 $members= "";
1007 if (isset($entry['members'])){
1008 foreach ($entry['members'] as $key => $dummy){
1009 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1010 }
1011 }
1013 if($entry['type'] != "role"){
1014 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1015 }else{
1016 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1017 }
1019 /* ACL's if needed */
1020 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1021 $acl= ":";
1022 if (isset($entry['acl'])){
1023 foreach ($entry['acl'] as $object => $contents){
1025 /* Only save, if we've some contents in there... */
1026 if (count($contents)){
1027 $acl.= $object.";";
1029 foreach($contents as $attr => $permission){
1031 /* First entry? Its the one for global settings... */
1032 if ($attr == '0'){
1033 $acl.= $permission;
1034 } else {
1035 $acl.= '#'.$attr.';'.$permission;
1036 }
1038 }
1039 $acl.= ',';
1040 }
1042 }
1043 }
1044 $final.= preg_replace('/,$/', '', $acl);
1045 }
1047 $tmp_acl[]= $final;
1048 }
1050 /* Call main method */
1051 plugin::save();
1053 /* Finally (re-)assign it... */
1054 $this->attrs['gosaAclEntry']= $tmp_acl;
1056 /* Remove acl from this entry if it is empty... */
1057 if (!count($tmp_acl)){
1058 /* Remove attribute */
1059 if ($this->initially_was_account){
1060 $this->attrs['gosaAclEntry']= array();
1061 } else {
1062 if (isset($this->attrs['gosaAclEntry'])){
1063 unset($this->attrs['gosaAclEntry']);
1064 }
1065 }
1067 /* Remove object class */
1068 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1069 }
1071 /* Do LDAP modifications */
1072 $ldap= $this->config->get_ldap_link();
1073 $ldap->cd($this->dn);
1074 $this->cleanup();
1075 $ldap->modify ($this->attrs);
1077 if(count($this->attrs)){
1078 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1079 }
1081 if (!$ldap->success()){
1082 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
1083 }
1085 /* Refresh users ACLs */
1086 $ui= get_userinfo();
1087 $ui->loadACL();
1088 session::set('ui',$ui);
1089 }
1092 function remove_from_parent()
1093 {
1094 plugin::remove_from_parent();
1096 /* include global link_info */
1097 $ldap= $this->config->get_ldap_link();
1099 $ldap->cd($this->dn);
1100 $this->cleanup();
1101 $ldap->modify ($this->attrs);
1103 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1105 /* Optionally execute a command after we're done */
1106 $this->handle_post_events("remove",array("uid" => $this->uid));
1107 }
1110 /* Return plugin informations for acl handling */
1111 static function plInfo()
1112 {
1113 return (array(
1114 "plShortName" => _("ACL"),
1115 "plDescription" => _("ACL")._("Access control list").")",
1116 "plSelfModify" => FALSE,
1117 "plDepends" => array(),
1118 "plPriority" => 0,
1119 "plSection" => array("administration"),
1120 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1121 "objectClass" => array("gosaAcl","gosaRole"))),
1122 "plProvidedAcls"=> array(
1123 "cn" => _("Role name"),
1124 "description" => _("Role description"))
1126 ));
1127 }
1130 /* Remove acls defined for $src */
1131 function remove_acl()
1132 {
1133 $this->remove_acl_for_dn($this->dn);
1134 }
1137 /* Remove acls defined for $src */
1138 function remove_acl_for_dn($src = "")
1139 {
1140 if($src == ""){
1141 $src = $this->dn;
1142 }
1143 $ldap = $this->config->get_ldap_link();
1144 $ldap->cd($this->config->current['BASE']);
1145 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1146 while($attrs = $ldap->fetch()){
1147 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1148 foreach($acl->gosaAclEntry as $id => $entry){
1149 foreach($entry['members'] as $m_id => $member){
1150 if($m_id == "U:".$src){
1151 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1152 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
1153 }
1154 if($m_id == "G:".$src){
1155 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1156 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
1157 }
1158 }
1159 }
1160 $acl -> save();
1161 }
1162 }
1164 function update_acl_membership($src,$dst)
1165 {
1166 $ldap = $this->config->get_ldap_link();
1167 $ldap->cd($this->config->current['BASE']);
1168 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1169 while($attrs = $ldap->fetch()){
1170 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1171 foreach($acl->gosaAclEntry as $id => $entry){
1172 foreach($entry['members'] as $m_id => $member){
1173 if($m_id == "U:".$src){
1174 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1175 $new = "U:".$dst;
1176 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1177 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1178 }
1179 if($m_id == "G:".$src){
1180 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1181 $new = "G:".$dst;
1182 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1183 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1184 }
1185 }
1186 }
1187 $acl -> save();
1188 }
1189 }
1190 }
1192 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1193 ?>