1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief ACL management plugin */
24 class acl extends plugin
25 {
26 /* Definitions */
27 var $plHeadline= "Access control";
28 var $plDescription= "Manage access control lists";
30 /* attribute list for save action */
31 var $attributes= array('gosaAclEntry');
32 var $objectclasses= array('gosaAcl');
34 /* Helpers */
35 var $dialogState= "head";
36 var $gosaAclEntry= array();
37 var $aclType= "";
38 var $aclObject= "";
39 var $aclContents= array();
40 var $target= "group";
41 var $aclTypes= array();
42 var $aclObjects= array();
43 var $aclFilter= "";
44 var $aclMyObjects= array();
45 var $users= array();
46 var $roles= array();
47 var $groups= array();
48 var $recipients= array();
49 var $isContainer= FALSE;
50 var $currentIndex= 0;
51 var $wasNewEntry= FALSE;
52 var $ocMapping= array();
53 var $savedAclContents= array();
54 var $myAclObjects = array();
55 var $acl_category = "acl/";
57 var $list =NULL;
59 var $sectionList = NULL;
60 var $roleList = NULL;
62 function acl (&$config, $parent, $dn= NULL)
63 {
64 /* Include config object */
65 plugin::plugin($config, $dn);
67 /* Load ACL's */
68 $this->gosaAclEntry= array();
69 if (isset($this->attrs['gosaAclEntry'])){
70 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
71 $acl= $this->attrs['gosaAclEntry'][$i];
72 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
73 }
74 }
75 ksort($this->gosaAclEntry);
77 /* Save parent - we've to know more about it than other plugins... */
78 $this->parent= &$parent;
80 /* Container? */
81 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
82 $this->isContainer= TRUE;
83 }
85 /* Users */
86 $ui= get_userinfo();
87 $tag= $ui->gosaUnitTag;
88 $ldap= $config->get_ldap_link();
89 $ldap->cd($config->current['BASE']);
90 if ($tag == ""){
91 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
92 } else {
93 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
94 }
95 while ($attrs= $ldap->fetch()){
97 // Allow objects without cn to be listed without causing an error.
98 if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
99 $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
100 }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
101 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
102 }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
103 $this->users['U:'.$attrs['dn']]= $attrs['dn'];
104 }else{
105 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
106 }
108 }
109 ksort($this->users);
111 /* Groups */
112 $ldap->cd($config->current['BASE']);
113 # if ($tag == ""){
114 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
115 # } else {
116 # $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
117 # }
118 while ($attrs= $ldap->fetch()){
119 $dsc= "";
120 if (isset($attrs['description'][0])){
121 $dsc= $attrs['description'][0];
122 }
123 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
124 }
125 $this->groups['G:*']= _("All users");
126 ksort($this->groups);
128 /* Roles */
129 $ldap->cd($config->current['BASE']);
130 # if ($tag == ""){
131 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
132 # } else {
133 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
134 # }
135 while ($attrs= $ldap->fetch()){
136 $dsc= "";
137 if (isset($attrs['description'][0])){
138 $dsc= $attrs['description'][0];
139 }
141 $role_id = $attrs['dn'];
143 $this->roles[$role_id]['acls'] =array();
144 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
145 $acl= $attrs['gosaAclTemplate'][$i];
146 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
147 }
148 $this->roles[$role_id]['description'] = $dsc;
149 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
150 }
152 /* Objects */
153 $tmp= session::global_get('plist');
154 $plist= $tmp->info;
155 $cats = array();
156 if (isset($this->parent) && $this->parent !== NULL){
157 $oc= array();
158 foreach ($this->parent->by_object as $key => $obj){
159 $oc= array_merge($oc, $obj->objectclasses);
160 if(isset($obj->acl_category)){
161 $tmp= str_replace("/","",$obj->acl_category);
162 $cats[$tmp] = $tmp;
163 }
164 }
165 if (in_array_ics('organizationalUnit', $oc)){
166 $this->isContainer= TRUE;
167 }
168 } else {
169 $oc= $this->attrs['objectClass'];
170 }
172 /* Extract available categories from plugin info list */
173 foreach ($plist as $class => $acls){
175 /* Only feed categories */
176 if (isset($acls['plCategory'])){
178 /* Walk through supplied list and feed only translated categories */
179 foreach($acls['plCategory'] as $idx => $data){
181 /* Non numeric index means -> base object containing more informations */
182 if (preg_match('/^[0-9]+$/', $idx)){
184 if (!isset($this->ocMapping[$data])){
185 $this->ocMapping[$data]= array();
186 $this->ocMapping[$data][]= '0';
187 }
189 if(isset($cats[$data])){
190 $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
191 }
192 $this->ocMapping[$data][]= $class;
193 } else {
194 if (!isset($this->ocMapping[$idx])){
195 $this->ocMapping[$idx]= array();
196 $this->ocMapping[$idx][]= '0';
197 }
198 $this->ocMapping[$idx][]= $class;
199 $this->aclObjects[$idx]= $data['description'];
201 /* Additionally filter the classes we're interested in in "self edit" mode */
202 if (is_array($data['objectClass'])){
203 foreach($data['objectClass'] as $objectClass){
204 if (in_array_ics($objectClass, $oc)){
205 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
206 break;
207 }
208 }
209 } else {
210 if (in_array_ics($data['objectClass'], $oc)){
211 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
212 }
213 }
214 }
216 }
217 }
218 }
219 $this->aclObjects['all']= '* '._("All categories");
220 $this->ocMapping['all']= array('0' => 'all');
222 /* Sort categories */
223 asort($this->aclObjects);
225 /* Fill acl types */
226 if ($this->isContainer){
227 $this->aclTypes= array("reset" => _("Reset ACLs"),
228 "one" => _("One level"),
229 "base" => _("Current object"),
230 "sub" => _("Complete subtree"),
231 "psub" => _("Complete subtree (permanent)"),
232 "role" => _("Use ACL defined in role"));
233 } else {
234 $this->aclTypes= array("base" => _("Current object"),
235 "role" => _("Use ACL defined in role"));
236 }
237 asort($this->aclTypes);
238 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
239 asort($this->targets);
241 /* Finally - we want to get saved... */
242 $this->is_account= TRUE;
244 $this->updateList();
246 // Prepare lists
247 $this->sectionList = new sortableListing();
248 $this->sectionList->setDeleteable(false);
249 $this->sectionList->setEditable(false);
250 $this->sectionList->setWidth("100%");
251 $this->sectionList->setHeight("120px");
252 $this->sectionList->setColspecs(array('200px','*'));
253 $this->sectionList->setHeader(array(_("Section"),_("Description")));
254 $this->sectionList->setDefaultSortColumn(1);
255 $this->sectionList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
257 $this->roleList = new sortableListing();
258 $this->roleList->setDeleteable(false);
259 $this->roleList->setEditable(false);
260 $this->roleList->setWidth("100%");
261 $this->roleList->setHeight("120px");
262 $this->roleList->setColspecs(array('20px','*','*'));
263 $this->roleList->setHeader(array(_("Used"),_("Name"),_("Description")));
264 $this->roleList->setDefaultSortColumn(1);
265 $this->roleList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
266 }
269 function updateList()
270 {
271 if(!$this->list){
272 $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE);
273 $this->list->setDeleteable(true);
274 $this->list->setEditable(true);
275 $this->list->setColspecs(array('*'));
276 $this->list->setWidth("100%");
277 $this->list->setHeight("400px");
278 $this->list->setAcl("rwcdm");
279 $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type")));
280 }
283 // Add ACL entries to the listing
284 $lData = array();
285 foreach($this->gosaAclEntry as $id => $entry){
286 $lData[] = $this->convertForListing($entry);
287 }
288 $this->list->setListData($this->gosaAclEntry, $lData);
289 }
292 function convertForListing($entry)
293 {
294 $member = implode($entry['members'],", ");
295 if(isset($entry['acl']) && is_array($entry['acl'])){
296 $acl = implode(array_keys($entry['acl']),", ");
297 }else{
298 $acl="";
299 }
300 return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']])));
301 }
305 function execute()
306 {
307 /* Call parent execute */
308 plugin::execute();
310 $tmp= session::global_get('plist');
311 $plist= $tmp->info;
313 /* Handle posts */
314 if (isset($_POST['new_acl'])){
315 $this->dialogState= 'create';
316 $this->dialog= TRUE;
317 $this->currentIndex= count($this->gosaAclEntry);
318 $this->loadAclEntry(TRUE);
319 }
321 $new_acl= array();
322 $aclDialog= FALSE;
323 $firstedit= FALSE;
325 // Get listing actions. Delete or Edit.
326 $this->list->save_object();
327 $lAction = $this->list->getAction();
328 $this->gosaAclEntry = array_values($this->list->getMaintainedData());
330 /* Act on HTML post and gets here.
331 */
332 if($lAction['action'] == "edit"){
333 $this->currentIndex = $this->list->getKey($lAction['targets'][0]);
334 $this->dialogState= 'create';
335 $firstedit= TRUE;
336 $this->dialog= TRUE;
337 $this->loadAclEntry();
338 }
340 foreach($_POST as $name => $post){
342 /* Actions... */
343 if (preg_match('/^acl_edit_[0-9]*$/', $name)){
344 $this->dialogState= 'create';
345 $firstedit= TRUE;
346 $this->dialog= TRUE;
347 $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
348 $this->loadAclEntry();
349 continue;
350 }
352 if (preg_match('/^cat_edit_.*$/', $name)){
353 $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
354 $this->dialogState= 'edit';
355 foreach ($this->ocMapping[$this->aclObject] as $oc){
356 if (isset($this->aclContents[$oc])){
357 $this->savedAclContents[$oc]= $this->aclContents[$oc];
358 }
359 }
360 continue;
361 }
363 /* Only handle posts, if we allowed to modify ACLs */
364 if(!$this->acl_is_writeable("")){
365 continue;
366 }
368 if (preg_match('/^acl_del_[0-9]*$/', $name)){
369 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
370 continue;
371 }
373 if (preg_match('/^cat_del_.*$/', $name)){
374 $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
375 foreach ($this->ocMapping[$idx] as $key){
376 if(isset($this->aclContents[$idx]))
377 unset($this->aclContents[$idx]);
378 if(isset($this->aclContents["$idx/$key"]))
379 unset($this->aclContents["$idx/$key"]);
380 }
381 continue;
382 }
384 /* ACL saving... */
385 if (preg_match('/^acl_.*_[^xy]$/', $name)){
386 list($dummy, $object, $attribute, $value)= explode('_', $name);
388 /* Skip for detection entry */
389 if ($object == 'dummy') {
390 continue;
391 }
393 /* Ordinary ACLs */
394 if (!isset($new_acl[$object])){
395 $new_acl[$object]= array();
396 }
397 if (isset($new_acl[$object][$attribute])){
398 $new_acl[$object][$attribute].= $value;
399 } else {
400 $new_acl[$object][$attribute]= $value;
401 }
402 }
404 // Remember the selected ACL role.
405 if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
406 $this->aclContents = "";
407 $this->aclContents = base64_decode($_POST['selected_role']);
408 }else{
409 if(is_string($this->aclContents))
410 $this->aclContents = array();
411 }
412 }
414 if(isset($_POST['acl_dummy_0_0_0'])){
415 $aclDialog= TRUE;
416 }
418 if($this->acl_is_writeable("")){
420 /* Only be interested in new acl's, if we're in the right _POST place */
421 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
423 foreach ($this->ocMapping[$this->aclObject] as $oc){
425 if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
426 unset($this->aclContents[$oc]);
427 }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
428 unset($this->aclContents[$this->aclObject.'/'.$oc]);
429 }else{
430 # trigger_error("Huhm?");
431 }
432 if (isset($new_acl[$oc]) && is_array($new_acl)){
433 $this->aclContents[$oc]= $new_acl[$oc];
434 }
435 if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
436 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
437 }
438 }
439 }
441 /* Save new acl in case of base edit mode */
442 if ($this->aclType == 'base' && !$firstedit){
443 $this->aclContents= $new_acl;
444 }
445 }
447 /* Cancel new acl? */
448 if (isset($_POST['cancel_new_acl'])){
449 $this->dialogState= 'head';
450 $this->dialog= FALSE;
451 if ($this->wasNewEntry){
452 unset ($this->gosaAclEntry[$this->currentIndex]);
453 }
454 }
456 /* Save common values */
457 if($this->acl_is_writeable("")){
458 foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
459 if (isset($_POST[$key])){
460 $this->$key= validate($_POST[$key]);
461 }
462 }
463 }
465 /* Store ACL in main object? */
466 if (isset($_POST['submit_new_acl'])){
467 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
468 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
469 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
470 $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
471 $this->dialogState= 'head';
472 $this->dialog= FALSE;
473 }
475 /* Cancel edit acl? */
476 if (isset($_POST['cancel_edit_acl'])){
477 $this->dialogState= 'create';
478 foreach ($this->ocMapping[$this->aclObject] as $oc){
479 if (isset($this->savedAclContents[$oc])){
480 $this->aclContents[$oc]= $this->savedAclContents[$oc];
481 }
482 }
483 }
485 /* Save edit acl? */
486 if (isset($_POST['submit_edit_acl'])){
487 $this->dialogState= 'create';
488 }
490 /* Add acl? */
491 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
492 $this->dialogState= 'edit';
493 $this->savedAclContents= array();
494 foreach ($this->ocMapping[$this->aclObject] as $oc){
495 if (isset($this->aclContents[$oc])){
496 $this->savedAclContents[$oc]= $this->aclContents[$oc];
497 }
498 }
499 }
501 /* Add to list? */
502 if (isset($_POST['add']) && isset($_POST['source'])){
503 foreach ($_POST['source'] as $key){
504 if ($this->target == 'user'){
505 $this->recipients[$key]= $this->users[$key];
506 }
507 if ($this->target == 'group'){
508 $this->recipients[$key]= $this->groups[$key];
509 }
510 }
511 ksort($this->recipients);
512 }
514 /* Remove from list? */
515 if (isset($_POST['del']) && isset($_POST['recipient'])){
516 foreach ($_POST['recipient'] as $key){
517 unset($this->recipients[$key]);
518 }
519 }
521 /* Create templating instance */
522 $smarty= get_smarty();
524 $smarty->assign("acl_readable",$this->acl_is_readable(""));
525 if(!$this->acl_is_readable("")){
526 return ($smarty->fetch (get_template_path('acl.tpl')));
527 }
529 if ($this->dialogState == 'head'){
530 $this->updateList();
531 $smarty->assign("aclList", $this->list->render());
532 }
534 if ($this->dialogState == 'create'){
537 if($this->aclType != 'role'){
539 // Create a map of all used sections, this allows us to simply hide the remove button
540 // if no acl is configured for the given section
541 // e.g. ';all;department/country;users/user;
542 $usedList = ";".implode(array_keys($this->aclContents),';').";";
544 /* Add settings for all categories to the (permanent) list */
545 $data = $lData = array();
546 foreach ($this->aclObjects as $section => $dsc){
547 $summary= "";
548 foreach($this->ocMapping[$section] as $oc){
549 if (isset($this->aclContents[$oc]) &&
550 count($this->aclContents[$oc]) &&
551 isset($this->aclContents[$oc][0]) &&
552 $this->aclContents[$oc][0] != ""){
554 $summary.= "$oc, ";
555 continue;
556 }
557 if (isset($this->aclContents["$section/$oc"]) &&
558 count($this->aclContents["$section/$oc"])){
559 $summary.= "$oc, ";
560 continue;
561 }
562 if (isset($this->aclContents[$oc]) &&
563 !isset($this->aclContents[$oc][0]) &&
564 count($this->aclContents[$oc])){
565 $summary.= "$oc, ";
566 }
567 }
569 /* Set summary... */
570 if ($summary == ""){
571 $summary= '<i>'._("No ACL settings for this category!").'</i>';
572 } else {
573 $summary= trim($summary,", ");
574 $summary= " ".sprintf(_("ACLs for: %s"), $summary);
575 }
577 $actions ="";
578 if($this->acl_is_readable("")){
579 $actions.= image('images/lists/edit.png','cat_edit_'.$section,
580 msgPool::editButton(_("category ACL")));
581 }
582 if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){
583 $actions.= image('images/lists/trash.png','cat_del_'.$section,
584 msgPool::delButton(_("category ACL")));
585 }
586 $data[] = $section;
587 $lData[] = array('data'=>array($dsc, $summary, $actions));
588 }
589 $this->sectionList->setListData($data,$lData);
590 $this->sectionList->update();
591 $smarty->assign("aclList", $this->sectionList->render());
592 }
594 $smarty->assign("aclType", $this->aclType);
595 $smarty->assign("aclFilter", $this->aclFilter);
596 $smarty->assign("aclTypes", $this->aclTypes);
597 $smarty->assign("target", $this->target);
598 $smarty->assign("targets", $this->targets);
600 /* Assign possible target types */
601 $smarty->assign("targets", $this->targets);
602 foreach ($this->attributes as $attr){
603 $smarty->assign($attr, $this->$attr);
604 }
607 /* Generate list */
608 $tmp= array();
609 if ($this->target == "group" && !isset($this->recipients["G:*"])){
610 $tmp["G:*"]= _("All users");
611 }
612 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
613 if ($this->target == $field){
614 foreach ($this->$arr as $key => $value){
615 if (!isset($this->recipients[$key])){
616 $tmp[$key]= $value;
617 }
618 }
619 }
620 }
621 $smarty->assign('sources', $tmp);
622 $smarty->assign('recipients', $this->recipients);
624 /* Acl selector if scope is base */
625 if ($this->aclType == 'base'){
626 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
627 }
629 /* Role selector if scope is base */
630 if ($this->aclType == 'role'){
631 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
632 }
633 }
635 if ($this->dialogState == 'edit'){
636 $smarty->assign('headline', sprintf(_("Edit ACL for '%s' with scope '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
638 /* Collect objects for selected category */
639 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
640 if ($idx == 0){
641 continue;
642 }
643 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
644 }
645 if ($this->aclObject == 'all'){
646 $aclObjects['all']= _("All objects in current subtree");
647 }
649 /* Role selector if scope is base */
650 if ($this->aclType == 'role'){
651 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
652 } else {
653 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
654 }
655 }
657 /* Show main page */
658 $smarty->assign("dialogState", $this->dialogState);
660 /* Assign acls */
661 $smarty->assign("acl_createable",$this->acl_is_createable());
662 $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
663 $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
664 $smarty->assign("acl_removeable",$this->acl_is_removeable());
666 return ($smarty->fetch (get_template_path('acl.tpl')));
667 }
670 function sort_by_priority($list)
671 {
672 $tmp= session::global_get('plist');
673 $plist= $tmp->info;
674 asort($plist);
675 $newSort = array();
677 foreach($list as $name => $translation){
678 $na = preg_replace("/^.*\//","",$name);
679 $prio = 0;
680 if(isset($plist[$na]['plPriority'])){
681 $prio= $plist[$na]['plPriority'] ;
682 }
684 $newSort[$name] = $prio;
685 }
687 asort($newSort);
689 $ret = array();
690 foreach($newSort as $name => $prio){
691 $ret[$name] = $list[$name];
692 }
693 return($ret);
694 }
697 function buildRoleSelector($list)
698 {
699 $selected = $this->aclContents;
700 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
701 $selected = key($list);
702 }
704 $data = $lData = array();
705 foreach($list as $dn => $values){
706 if($dn == $selected){
707 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
708 }else{
709 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
710 }
711 $data[] = postEncode($dn);
712 $lData[] = array('data'=>array($option, $values['cn'], $values['description']));
713 }
714 $this->roleList->setListData($data,$lData);
715 $this->roleList->update();
716 return($this->roleList->render());
717 }
720 function buildAclSelector($list)
721 {
722 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
723 $cols= 3;
724 $tmp= session::global_get('plist');
725 $plist= $tmp->info;
726 asort($plist);
728 /* Add select all/none buttons */
729 $style = "style='width:100px;'";
731 if($this->acl_is_writeable("")){
732 $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
733 $display .= "<button type='button' ".$style." name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
734 $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
735 $display .= "<button type='button' ".$style." name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
736 $display .= "<button type='button' ".$style." name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
738 $display .= "<button type='button' ".$style." name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
739 $display .= "<button type='button' ".$style." name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
741 $display .= "<br>";
743 $style = "style='width:50px;'";
744 $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
745 $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
746 $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
747 $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
748 $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
749 $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
750 $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
751 $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
752 $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
753 $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
755 $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
756 $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
757 $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
758 $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
759 }
761 /* Build general objects */
762 $list =$this->sort_by_priority($list);
763 foreach ($list as $key => $name){
765 /* Create sub acl if it does not exist */
766 if (!isset($this->aclContents[$key])){
767 $this->aclContents[$key]= array();
768 }
769 if(!isset($this->aclContents[$key][0])){
770 $this->aclContents[$key][0]= '';
771 }
773 $currentAcl= $this->aclContents[$key];
775 /* Get the overall plugin acls
776 */
777 $overall_acl ="";
778 if(isset($currentAcl[0])){
779 $overall_acl = $currentAcl[0];
780 }
782 // Detect configured plugins
783 $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
785 /* Object header */
786 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
788 if($expand){
789 $back_color = "#C8C8FF";
790 }else{
791 $back_color = "#C8C8C8";
792 }
794 if(isset($_SERVER['HTTP_USER_AGENT']) &&
795 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
796 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
797 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
798 "\n <tr>".
799 "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
800 "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
801 "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
802 "\n </tr>";
803 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
804 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
805 "\n <tr>".
806 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
807 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
808 "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
809 "\n </tr>";
810 } else {
811 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
812 "\n <tr>".
813 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
814 "\n </tr>";
815 }
817 /* Generate options */
818 $spc= " ";
819 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
820 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
821 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
822 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
823 $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
824 }
826 /* Global options */
827 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
828 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
830 $display.= "\n <tr>".
831 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
832 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
833 "\n </tr>";
835 /* Walk through the list of attributes */
836 $cnt= 1;
837 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
838 if(session::global_get('js')) {
839 if(isset($_SERVER['HTTP_USER_AGENT']) &&
840 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
841 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
842 "\n <td colspan=".$cols.">".
843 "\n <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
844 "\n <table style='width:100%;' summary='{$name}'>";
845 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
846 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
847 "\n <td colspan=".$cols.">".
848 "\n <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
849 "\n <table style='width:100%;' summary='{$name}'>";
850 }else{
851 }
852 }
855 foreach($splist as $attr => $dsc){
857 /* Skip pl* attributes, they are internal... */
858 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
859 continue;
860 }
862 /* Open table row */
863 if ($cnt == 1){
864 $display.= "\n <tr>";
865 }
867 /* Close table row */
868 if ($cnt == $cols){
869 $cnt= 1;
870 $rb= "";
871 $end= "\n </tr>";
872 } else {
873 $cnt++;
874 $rb= "border-right:1px solid #A0A0A0;";
875 $end= "";
876 }
878 /* Collect list of attributes */
879 $state= "";
880 if (isset($currentAcl[$attr])){
881 $state= $currentAcl[$attr];
882 }
883 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
884 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
885 }
887 /* Fill missing td's if needed */
888 if (--$cnt != $cols && $cnt != 0){
889 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
890 }
892 if(session::global_get('js')) {
893 if(isset($_SERVER['HTTP_USER_AGENT']) &&
894 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
895 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
896 (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
897 $display.= "\n </table>".
898 "\n </div>".
899 "\n </td>".
900 "\n </tr>";
901 }
902 }
904 $display.= "\n</table><br />\n";
905 }
907 return ($display);
908 }
911 function mkchkbx($name, $text, $state= FALSE)
912 {
913 $state= $state?"checked":"";
914 if($this->acl_is_writeable("")){
915 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
916 return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
917 "\n <label for='acl_$tname'>$text</label>";
918 }else{
919 return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
920 }
921 }
924 function mkrwbx($name, $state= "")
925 {
926 $rstate= preg_match('/r/', $state)?'checked':'';
927 $wstate= preg_match('/w/', $state)?'checked':'';
928 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
930 if($this->acl_is_writeable("")){
931 return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
932 "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
933 "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
934 "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
935 }else{
936 return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
937 "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
938 }
939 }
942 static function explodeACL($acl)
943 {
945 $list= explode(':', $acl);
946 if(count($list) == 5){
947 list($index, $type,$member,$permission,$filter)= $list;
948 $filter = base64_decode($filter);
949 }elseif(count($list) == 4){
950 $filter = "";
951 list($index, $type,$member,$permission)= $list;
952 }else{
953 $permission = "";
954 $filter = "";
955 list($index, $type,$member)= $list;
956 }
958 $a= array( $index => array("type" => $type,
959 "filter"=> $filter,
960 "members" => acl::extractMembers($acl,$type == "role")));
962 /* Handle different types */
963 switch ($type){
965 case 'psub':
966 case 'sub':
967 case 'one':
968 case 'base':
969 $a[$index]['acl']= acl::extractACL($acl);
970 break;
972 case 'role':
973 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
974 break;
976 case 'reset':
977 break;
979 default:
980 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
981 $a= array();
982 }
983 return ($a);
984 }
987 static function extractMembers($acl,$role = FALSE)
988 {
989 global $config;
990 $a= array();
992 /* Rip acl off the string, seperate by ',' and place it in an array */
993 if($role){
994 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
995 }else{
996 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
997 }
998 if ($ms == $acl){
999 return $a;
1000 }
1001 $ma= explode(',', $ms);
1003 /* Decode dn's, fill with informations from LDAP */
1004 $ldap= $config->get_ldap_link();
1005 foreach ($ma as $memberdn){
1006 // Check for wildcard here
1007 $dn= base64_decode($memberdn);
1008 if ($dn != "*") {
1009 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
1011 /* Found entry... */
1012 if ($ldap->count()){
1013 $attrs= $ldap->fetch();
1014 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
1015 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
1016 } else {
1017 $a['G:'.$dn]= $attrs['cn'][0];
1018 if (isset($attrs['description'][0])){
1019 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
1020 }
1021 }
1023 /* ... or not */
1024 } else {
1025 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
1026 }
1028 } else {
1029 $a['G:*']= sprintf(_("All users"));
1030 }
1031 }
1033 return ($a);
1034 }
1037 static function extractACL($acl)
1038 {
1039 /* Rip acl off the string, seperate by ',' and place it in an array */
1040 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
1041 $aa= explode(',', $as);
1042 $a= array();
1044 /* Dis-assemble single ACLs */
1045 foreach($aa as $sacl){
1047 /* Dis-assemble field ACLs */
1048 $ao= explode('#', $sacl);
1049 $gobject= "";
1050 foreach($ao as $idx => $ssacl){
1052 /* First is department with global acl */
1053 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
1054 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
1055 if ($idx == 0){
1056 /* Create hash for this object */
1057 $gobject= $object;
1058 $a[$gobject]= array();
1060 /* Append ACL if set */
1061 if ($gacl != ""){
1062 $a[$gobject]= array($gacl);
1063 }
1064 } else {
1066 /* All other entries get appended... */
1067 list($field, $facl)= explode(';', $ssacl);
1068 $a[$gobject][$field]= $facl;
1069 }
1071 }
1072 }
1074 return ($a);
1075 }
1078 function assembleAclSummary($entry)
1079 {
1080 $summary= "";
1082 /* Summarize ACL */
1083 if (isset($entry['acl'])){
1084 $acl= "";
1086 if($entry['type'] == "role"){
1088 if(isset($this->roles[$entry['acl']])){
1089 $summary.= sprintf(_("ACL role: %s"), $this->roles[$entry['acl']]['cn']);
1090 }else{
1091 $summary.= sprintf(_("ACL role: %s"), "<i>"._("unknown ACL role")."</i>");
1092 }
1093 }else{
1094 foreach ($entry['acl'] as $name => $object){
1095 if (count($object)){
1096 $acl.= "$name, ";
1097 }
1098 }
1099 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1100 }
1101 }
1104 /* Summarize members */
1105 if(!($this instanceOf aclrole)){
1106 if ($summary != ""){
1107 $summary.= ", ";
1108 }
1109 if (count($entry['members'])){
1110 $summary.= _("Members").": ";
1111 foreach ($entry['members'] as $cn){
1112 $cn= preg_replace('/ \[.*$/', '', $cn);
1113 $summary.= $cn.", ";
1114 }
1115 } else {
1116 $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
1117 }
1118 }
1119 return (preg_replace('/, $/', '', $summary));
1120 }
1123 function loadAclEntry($new= FALSE)
1124 {
1125 /* New entry gets presets... */
1126 if ($new){
1127 $this->aclType= 'base';
1128 $this->aclFilter= "";
1129 $this->recipients= array();
1130 $this->aclContents= array();
1131 } else {
1132 $acl= $this->gosaAclEntry[$this->currentIndex];
1133 $this->aclType= $acl['type'];
1134 $this->recipients= $acl['members'];
1135 $this->aclContents= (isset($acl['acl'])) ? $acl['acl'] :"";
1136 $this->aclFilter= $acl['filter'];
1137 }
1139 $this->wasNewEntry= $new;
1140 }
1143 function aclPostHandler()
1144 {
1145 if (isset($_POST['save_acl'])){
1146 $this->save();
1147 return TRUE;
1148 }
1150 return FALSE;
1151 }
1154 function PrepareForCopyPaste($source)
1155 {
1156 plugin::PrepareForCopyPaste($source);
1158 $dn = $source['dn'];
1159 $acl_c = new acl($this->config, $this->parent,$dn);
1160 $this->gosaAclEntry = $acl_c->gosaAclEntry;
1161 }
1164 function save()
1165 {
1166 /* Assemble ACL's */
1167 $tmp_acl= array();
1169 foreach ($this->gosaAclEntry as $prio => $entry){
1170 $final= "";
1171 $members= "";
1172 if (isset($entry['members'])){
1173 foreach ($entry['members'] as $key => $dummy){
1174 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1175 }
1176 }
1178 if($entry['type'] != "role"){
1179 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1180 }else{
1181 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1182 }
1184 /* ACL's if needed */
1185 $final.= ":";
1186 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1187 $acl = "";
1188 if (isset($entry['acl'])){
1189 foreach ($entry['acl'] as $object => $contents){
1191 /* Only save, if we've some contents in there... */
1192 if (count($contents)){
1193 $acl.= $object.";";
1195 foreach($contents as $attr => $permission){
1197 /* First entry? Its the one for global settings... */
1198 if ($attr == '0'){
1199 $acl.= $permission;
1200 } else {
1201 $acl.= '#'.$attr.';'.$permission;
1202 }
1204 }
1205 $acl.= ',';
1206 }
1208 }
1209 }
1210 $final.= preg_replace('/,$/', '', $acl);
1211 }
1213 /* Append additional filter options
1214 */
1215 if(!empty($entry['filter'])){
1216 $final .= ":".base64_encode($entry['filter']);
1217 }
1219 $tmp_acl[]= $final;
1220 }
1222 /* Call main method */
1223 plugin::save();
1225 /* Finally (re-)assign it... */
1226 $this->attrs['gosaAclEntry']= $tmp_acl;
1228 /* Remove acl from this entry if it is empty... */
1229 if (!count($tmp_acl)){
1230 /* Remove attribute */
1231 if ($this->initially_was_account){
1232 $this->attrs['gosaAclEntry']= array();
1233 } else {
1234 if (isset($this->attrs['gosaAclEntry'])){
1235 unset($this->attrs['gosaAclEntry']);
1236 }
1237 }
1239 /* Remove object class */
1240 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1241 }
1243 /* Do LDAP modifications */
1244 $ldap= $this->config->get_ldap_link();
1245 $ldap->cd($this->dn);
1246 $this->cleanup();
1247 $ldap->modify ($this->attrs);
1249 if(count($this->attrs)){
1250 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1251 }
1253 if (!$ldap->success()){
1254 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1255 }
1257 /* Refresh users ACLs */
1258 $ui= get_userinfo();
1259 $ui->loadACL();
1260 session::global_set('ui',$ui);
1261 }
1264 function remove_from_parent()
1265 {
1266 plugin::remove_from_parent();
1268 /* include global link_info */
1269 $ldap= $this->config->get_ldap_link();
1271 $ldap->cd($this->dn);
1272 $this->cleanup();
1273 $ldap->modify ($this->attrs);
1275 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1277 /* Optionally execute a command after we're done */
1278 $this->handle_post_events("remove",array("uid" => $this->uid));
1279 }
1282 /* Return plugin informations for acl handling */
1283 static function plInfo()
1284 {
1285 return (array(
1286 "plShortName" => _("ACL"),
1287 "plDescription" => _("ACL")." ("._("Access control list").")",
1288 "plSelfModify" => FALSE,
1289 "plDepends" => array(),
1290 "plPriority" => 0,
1291 "plSection" => array("administration"),
1292 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1293 "objectClass" => array("gosaAcl","gosaRole"))),
1294 "plProvidedAcls"=> array(
1295 "gosaAclEntry" => _("ACL Entries")
1296 )
1298 ));
1299 }
1302 /* Remove acls defined for $src */
1303 function remove_acl()
1304 {
1305 acl::remove_acl_for($this->dn);
1306 }
1309 /* Remove acls defined for $src */
1310 static function remove_acl_for($dn)
1311 {
1312 global $config;
1314 $ldap = $config->get_ldap_link();
1315 $ldap->cd($config->current['BASE']);
1316 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
1317 $new_entries= array();
1318 while($attrs = $ldap->fetch()){
1319 if (!isset($attrs['gosaAclEntry'])) {
1320 continue;
1321 }
1322 unset($attrs['gosaAclEntry']['count']);
1324 // Remove entry directly
1325 foreach($attrs['gosaAclEntry'] as $id => $entry){
1326 $parts= explode(':',$entry);
1327 $members= explode(',',$parts[2]);
1328 $new_members= array();
1329 foreach($members as $member) {
1330 if (base64_decode($member) != $dn) {
1331 $new_members[]= $member;
1332 } else {
1333 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
1334 }
1335 }
1337 /* We can completely remove the entry if there are no members anymore */
1338 if (count($new_members)) {
1339 $parts[2]= implode(",", $new_members);
1340 $new_entries[]= implode(":", $parts);
1341 }
1342 }
1344 // There should be a modification, so write it back
1345 $ldap->cd($attrs['dn']);
1346 $new_attrs= array("gosaAclEntry" => $new_entries);
1347 $ldap->modify($new_attrs);
1348 if (!$ldap->success()){
1349 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1350 }
1351 }
1352 }
1355 function update_acl_membership($src,$dst)
1356 {
1357 $ldap = $this->config->get_ldap_link();
1358 $ldap->cd($this->config->current['BASE']);
1359 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1360 while($attrs = $ldap->fetch()){
1361 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1362 foreach($acl->gosaAclEntry as $id => $entry){
1363 foreach($entry['members'] as $m_id => $member){
1364 if($m_id == "U:".$src){
1365 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1366 $new = "U:".$dst;
1367 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1368 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1369 }
1370 if($m_id == "G:".$src){
1371 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1372 $new = "G:".$dst;
1373 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1374 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1375 }
1376 }
1377 }
1378 $acl -> save();
1379 }
1380 }
1383 // We are only interessted in our own acls ...
1384 function set_acl_category($category)
1385 {
1386 plugin::set_acl_category("acl");
1387 }
1388 }
1390 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1391 ?>