1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief ACL management plugin */
24 class acl extends plugin
25 {
26 /* Definitions */
27 var $plHeadline= "Access control";
28 var $plDescription= "Manage access control lists";
30 /* attribute list for save action */
31 var $attributes= array('gosaAclEntry');
32 var $objectclasses= array('gosaAcl');
34 /* Helpers */
35 var $dialogState= "head";
36 var $gosaAclEntry= array();
37 var $aclType= "";
38 var $aclObject= "";
39 var $aclContents= array();
40 var $target= "group";
41 var $aclTypes= array();
42 var $aclObjects= array();
43 var $aclFilter= "";
44 var $aclMyObjects= array();
45 var $users= array();
46 var $roles= array();
47 var $groups= array();
48 var $recipients= array();
49 var $isContainer= FALSE;
50 var $currentIndex= 0;
51 var $wasNewEntry= FALSE;
52 var $ocMapping= array();
53 var $savedAclContents= array();
54 var $myAclObjects = array();
55 var $acl_category = "acl/";
57 var $list =NULL;
59 function acl (&$config, $parent, $dn= NULL)
60 {
61 /* Include config object */
62 plugin::plugin($config, $dn);
64 /* Load ACL's */
65 $this->gosaAclEntry= array();
66 if (isset($this->attrs['gosaAclEntry'])){
67 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
68 $acl= $this->attrs['gosaAclEntry'][$i];
69 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
70 }
71 }
72 ksort($this->gosaAclEntry);
74 /* Save parent - we've to know more about it than other plugins... */
75 $this->parent= &$parent;
77 /* Container? */
78 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
79 $this->isContainer= TRUE;
80 }
82 /* Users */
83 $ui= get_userinfo();
84 $tag= $ui->gosaUnitTag;
85 $ldap= $config->get_ldap_link();
86 $ldap->cd($config->current['BASE']);
87 if ($tag == ""){
88 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
89 } else {
90 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
91 }
92 while ($attrs= $ldap->fetch()){
94 // Allow objects without cn to be listed without causing an error.
95 if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
96 $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
97 }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
98 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
99 }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
100 $this->users['U:'.$attrs['dn']]= $attrs['dn'];
101 }else{
102 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
103 }
105 }
106 ksort($this->users);
108 /* Groups */
109 $ldap->cd($config->current['BASE']);
110 # if ($tag == ""){
111 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
112 # } else {
113 # $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
114 # }
115 while ($attrs= $ldap->fetch()){
116 $dsc= "";
117 if (isset($attrs['description'][0])){
118 $dsc= $attrs['description'][0];
119 }
120 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
121 }
122 $this->groups['G:*']= _("All users");
123 ksort($this->groups);
125 /* Roles */
126 $ldap->cd($config->current['BASE']);
127 # if ($tag == ""){
128 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
129 # } else {
130 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
131 # }
132 while ($attrs= $ldap->fetch()){
133 $dsc= "";
134 if (isset($attrs['description'][0])){
135 $dsc= $attrs['description'][0];
136 }
138 $role_id = $attrs['dn'];
140 $this->roles[$role_id]['acls'] =array();
141 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
142 $acl= $attrs['gosaAclTemplate'][$i];
143 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
144 }
145 $this->roles[$role_id]['description'] = $dsc;
146 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
147 }
149 /* Objects */
150 $tmp= session::global_get('plist');
151 $plist= $tmp->info;
152 $cats = array();
153 if (isset($this->parent) && $this->parent !== NULL){
154 $oc= array();
155 foreach ($this->parent->by_object as $key => $obj){
156 $oc= array_merge($oc, $obj->objectclasses);
157 if(isset($obj->acl_category)){
158 $tmp= str_replace("/","",$obj->acl_category);
159 $cats[$tmp] = $tmp;
160 }
161 }
162 if (in_array_ics('organizationalUnit', $oc)){
163 $this->isContainer= TRUE;
164 }
165 } else {
166 $oc= $this->attrs['objectClass'];
167 }
169 /* Extract available categories from plugin info list */
170 foreach ($plist as $class => $acls){
172 /* Only feed categories */
173 if (isset($acls['plCategory'])){
175 /* Walk through supplied list and feed only translated categories */
176 foreach($acls['plCategory'] as $idx => $data){
178 /* Non numeric index means -> base object containing more informations */
179 if (preg_match('/^[0-9]+$/', $idx)){
181 if (!isset($this->ocMapping[$data])){
182 $this->ocMapping[$data]= array();
183 $this->ocMapping[$data][]= '0';
184 }
186 if(isset($cats[$data])){
187 $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
188 }
189 $this->ocMapping[$data][]= $class;
190 } else {
191 if (!isset($this->ocMapping[$idx])){
192 $this->ocMapping[$idx]= array();
193 $this->ocMapping[$idx][]= '0';
194 }
195 $this->ocMapping[$idx][]= $class;
196 $this->aclObjects[$idx]= $data['description'];
198 /* Additionally filter the classes we're interested in in "self edit" mode */
199 if (is_array($data['objectClass'])){
200 foreach($data['objectClass'] as $objectClass){
201 if (in_array_ics($objectClass, $oc)){
202 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
203 break;
204 }
205 }
206 } else {
207 if (in_array_ics($data['objectClass'], $oc)){
208 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
209 }
210 }
211 }
213 }
214 }
215 }
216 $this->aclObjects['all']= '* '._("All categories");
217 $this->ocMapping['all']= array('0' => 'all');
219 /* Sort categories */
220 asort($this->aclObjects);
222 /* Fill acl types */
223 if ($this->isContainer){
224 $this->aclTypes= array("reset" => _("Reset ACLs"),
225 "one" => _("One level"),
226 "base" => _("Current object"),
227 "sub" => _("Complete subtree"),
228 "psub" => _("Complete subtree (permanent)"),
229 "role" => _("Use ACL defined in role"));
230 } else {
231 $this->aclTypes= array("base" => _("Current object"),
232 "role" => _("Use ACL defined in role"));
233 }
234 asort($this->aclTypes);
235 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
236 asort($this->targets);
238 /* Finally - we want to get saved... */
239 $this->is_account= TRUE;
241 $this->updateList();
242 }
245 function updateList()
246 {
247 if(!$this->list){
248 $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE);
249 $this->list->setDeleteable(true);
250 $this->list->setEditable(true);
251 $this->list->setColspecs(array('*'));
252 $this->list->setWidth("100%");
253 $this->list->setHeight("400px");
254 $this->list->setAcl("rwcdm");
255 $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type")));
256 }
259 // Add ACL entries to the listing
260 $lData = array();
261 foreach($this->gosaAclEntry as $id => $entry){
262 $lData[] = $this->convertForListing($entry);
263 }
264 $this->list->setListData($this->gosaAclEntry, $lData);
265 }
268 function convertForListing($entry)
269 {
270 $member = implode($entry['members'],", ");
271 $acl = implode(array_keys($entry['acl']),", ");
272 $type = implode(array_keys($entry['acl']),", ");
273 return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']])));
274 }
278 function execute()
279 {
280 /* Call parent execute */
281 plugin::execute();
283 $tmp= session::global_get('plist');
284 $plist= $tmp->info;
286 /* Handle posts */
287 if (isset($_POST['new_acl'])){
288 $this->dialogState= 'create';
289 $this->dialog= TRUE;
290 $this->currentIndex= count($this->gosaAclEntry);
291 $this->loadAclEntry(TRUE);
292 }
294 $new_acl= array();
295 $aclDialog= FALSE;
296 $firstedit= FALSE;
298 // Get listing actions. Delete or Edit.
299 $this->list->save_object();
300 $lAction = $this->list->getAction();
301 if($lAction['action'] == "reorder" || $lAction['action'] == "delete"){
302 $this->gosaAclEntry = $this->list->getMaintainedData();
303 }
305 /* Act on HTML post and gets here.
306 */
307 if($lAction['action'] == "edit"){
308 $this->currentIndex = $lAction['targets'][0];
309 $this->dialogState= 'create';
310 $firstedit= TRUE;
311 $this->dialog= TRUE;
312 $this->loadAclEntry();
313 }
315 foreach($_POST as $name => $post){
317 /* Actions... */
318 if (preg_match('/^acl_edit_[0-9]*$/', $name)){
319 $this->dialogState= 'create';
320 $firstedit= TRUE;
321 $this->dialog= TRUE;
322 $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
323 $this->loadAclEntry();
324 continue;
325 }
327 if (preg_match('/^cat_edit_.*$/', $name)){
328 $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
329 $this->dialogState= 'edit';
330 foreach ($this->ocMapping[$this->aclObject] as $oc){
331 if (isset($this->aclContents[$oc])){
332 $this->savedAclContents[$oc]= $this->aclContents[$oc];
333 }
334 }
335 continue;
336 }
338 /* Only handle posts, if we allowed to modify ACLs */
339 if(!$this->acl_is_writeable("")){
340 continue;
341 }
343 if (preg_match('/^acl_del_[0-9]*$/', $name)){
344 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
345 continue;
346 }
348 if (preg_match('/^cat_del_.*$/', $name)){
349 $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
350 foreach ($this->ocMapping[$idx] as $key){
351 if(isset($this->aclContents[$idx]))
352 unset($this->aclContents[$idx]);
353 if(isset($this->aclContents["$idx/$key"]))
354 unset($this->aclContents["$idx/$key"]);
355 }
356 continue;
357 }
359 /* ACL saving... */
360 if (preg_match('/^acl_.*_[^xy]$/', $name)){
361 list($dummy, $object, $attribute, $value)= explode('_', $name);
363 /* Skip for detection entry */
364 if ($object == 'dummy') {
365 continue;
366 }
368 /* Ordinary ACLs */
369 if (!isset($new_acl[$object])){
370 $new_acl[$object]= array();
371 }
372 if (isset($new_acl[$object][$attribute])){
373 $new_acl[$object][$attribute].= $value;
374 } else {
375 $new_acl[$object][$attribute]= $value;
376 }
377 }
379 // Remember the selected ACL role.
380 if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
381 $this->aclContents = "";
382 $this->aclContents = base64_decode($_POST['selected_role']);
383 }
384 }
386 if(isset($_POST['acl_dummy_0_0_0'])){
387 $aclDialog= TRUE;
388 }
390 if($this->acl_is_writeable("")){
392 /* Only be interested in new acl's, if we're in the right _POST place */
393 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
395 foreach ($this->ocMapping[$this->aclObject] as $oc){
397 if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
398 unset($this->aclContents[$oc]);
399 }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
400 unset($this->aclContents[$this->aclObject.'/'.$oc]);
401 }else{
402 # trigger_error("Huhm?");
403 }
404 if (isset($new_acl[$oc]) && is_array($new_acl)){
405 $this->aclContents[$oc]= $new_acl[$oc];
406 }
407 if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
408 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
409 }
410 }
411 }
413 /* Save new acl in case of base edit mode */
414 if ($this->aclType == 'base' && !$firstedit){
415 $this->aclContents= $new_acl;
416 }
417 }
419 /* Cancel new acl? */
420 if (isset($_POST['cancel_new_acl'])){
421 $this->dialogState= 'head';
422 $this->dialog= FALSE;
423 if ($this->wasNewEntry){
424 unset ($this->gosaAclEntry[$this->currentIndex]);
425 }
426 }
428 /* Save common values */
429 if($this->acl_is_writeable("")){
430 foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
431 if (isset($_POST[$key])){
432 $this->$key= validate($_POST[$key]);
433 }
434 }
435 }
437 /* Store ACL in main object? */
438 if (isset($_POST['submit_new_acl'])){
439 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
440 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
441 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
442 $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
443 $this->dialogState= 'head';
444 $this->dialog= FALSE;
445 }
447 /* Cancel edit acl? */
448 if (isset($_POST['cancel_edit_acl'])){
449 $this->dialogState= 'create';
450 foreach ($this->ocMapping[$this->aclObject] as $oc){
451 if (isset($this->savedAclContents[$oc])){
452 $this->aclContents[$oc]= $this->savedAclContents[$oc];
453 }
454 }
455 }
457 /* Save edit acl? */
458 if (isset($_POST['submit_edit_acl'])){
459 $this->dialogState= 'create';
460 }
462 /* Add acl? */
463 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
464 $this->dialogState= 'edit';
465 $this->savedAclContents= array();
466 foreach ($this->ocMapping[$this->aclObject] as $oc){
467 if (isset($this->aclContents[$oc])){
468 $this->savedAclContents[$oc]= $this->aclContents[$oc];
469 }
470 }
471 }
473 /* Add to list? */
474 if (isset($_POST['add']) && isset($_POST['source'])){
475 foreach ($_POST['source'] as $key){
476 if ($this->target == 'user'){
477 $this->recipients[$key]= $this->users[$key];
478 }
479 if ($this->target == 'group'){
480 $this->recipients[$key]= $this->groups[$key];
481 }
482 }
483 ksort($this->recipients);
484 }
486 /* Remove from list? */
487 if (isset($_POST['del']) && isset($_POST['recipient'])){
488 foreach ($_POST['recipient'] as $key){
489 unset($this->recipients[$key]);
490 }
491 }
493 /* Create templating instance */
494 $smarty= get_smarty();
495 $smarty->assign("usePrototype", "true");
496 $smarty->assign("acl_readable",$this->acl_is_readable(""));
497 if(!$this->acl_is_readable("")){
498 return ($smarty->fetch (get_template_path('acl.tpl')));
499 }
501 if ($this->dialogState == 'head'){
502 $this->updateList();
503 $smarty->assign("aclList", $this->list->render());
504 }
506 if ($this->dialogState == 'create'){
507 /* Draw list */
508 $aclList= new divSelectBox("aclList");
509 $aclList->SetHeight(150);
511 // Create a map of all used sections, this allows us to simply hide the remove button
512 // if no acl is configured for the given section
513 // e.g. ';all;department/country;users/user;
514 $usedList = ";".implode(array_keys($this->aclContents),';').";";
516 /* Add settings for all categories to the (permanent) list */
517 foreach ($this->aclObjects as $section => $dsc){
518 $summary= "";
519 foreach($this->ocMapping[$section] as $oc){
520 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
521 $this->aclContents[$oc][0] != ""){
523 $summary.= "$oc, ";
524 continue;
525 }
526 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
527 $summary.= "$oc, ";
528 continue;
529 }
530 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
531 $summary.= "$oc, ";
532 }
533 }
535 /* Set summary... */
536 if ($summary == ""){
537 $summary= '<i>'._("No ACL settings for this category!").'</i>';
538 } else {
539 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
540 }
542 $actions ="";
543 if($this->acl_is_readable("")){
544 $actions.= image('images/lists/edit.png','cat_edit_'.$section, msgPool::editButton(_("category ACL")));
545 }
546 if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){
547 $actions.= image('images/lists/trash.png','cat_del_'.$section, msgPool::delButton(_("category ACL")));
548 }
550 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
551 $field2= array("string" => $summary);
552 $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'");
553 $aclList->AddEntry(array($field1, $field2, $field3));
554 }
556 $smarty->assign("aclList", $aclList->DrawList());
557 $smarty->assign("aclType", $this->aclType);
558 $smarty->assign("aclFilter", $this->aclFilter);
559 $smarty->assign("aclTypes", $this->aclTypes);
560 $smarty->assign("target", $this->target);
561 $smarty->assign("targets", $this->targets);
563 /* Assign possible target types */
564 $smarty->assign("targets", $this->targets);
565 foreach ($this->attributes as $attr){
566 $smarty->assign($attr, $this->$attr);
567 }
570 /* Generate list */
571 $tmp= array();
572 if ($this->target == "group" && !isset($this->recipients["G:*"])){
573 $tmp["G:*"]= _("All users");
574 }
575 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
576 if ($this->target == $field){
577 foreach ($this->$arr as $key => $value){
578 if (!isset($this->recipients[$key])){
579 $tmp[$key]= $value;
580 }
581 }
582 }
583 }
584 $smarty->assign('sources', $tmp);
585 $smarty->assign('recipients', $this->recipients);
587 /* Acl selector if scope is base */
588 if ($this->aclType == 'base'){
589 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
590 }
592 /* Role selector if scope is base */
593 if ($this->aclType == 'role'){
594 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
595 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
596 }
597 }
599 if ($this->dialogState == 'edit'){
600 $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
602 /* Collect objects for selected category */
603 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
604 if ($idx == 0){
605 continue;
606 }
607 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
608 }
609 if ($this->aclObject == 'all'){
610 $aclObjects['all']= _("All objects in current subtree");
611 }
613 /* Role selector if scope is base */
614 if ($this->aclType == 'role'){
615 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
616 } else {
617 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
618 }
619 }
621 /* Show main page */
622 $smarty->assign("dialogState", $this->dialogState);
624 /* Assign acls */
625 $smarty->assign("acl_createable",$this->acl_is_createable());
626 $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
627 $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
628 $smarty->assign("acl_removeable",$this->acl_is_removeable());
630 return ($smarty->fetch (get_template_path('acl.tpl')));
631 }
634 function sort_by_priority($list)
635 {
636 $tmp= session::global_get('plist');
637 $plist= $tmp->info;
638 asort($plist);
639 $newSort = array();
641 foreach($list as $name => $translation){
642 $na = preg_replace("/^.*\//","",$name);
643 $prio = 0;
644 if(isset($plist[$na]['plPriority'])){
645 $prio= $plist[$na]['plPriority'] ;
646 }
648 $newSort[$name] = $prio;
649 }
651 asort($newSort);
653 $ret = array();
654 foreach($newSort as $name => $prio){
655 $ret[$name] = $list[$name];
656 }
657 return($ret);
658 }
661 function buildRoleSelector($list)
662 {
663 $D_List =new divSelectBox("Acl_Roles");
665 $selected = $this->aclContents;
666 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
667 $selected = key($list);
668 }
670 $str ="";
671 foreach($list as $dn => $values){
673 if($dn == $selected){
674 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
675 }else{
676 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
677 }
679 $field1 = array("string" => $option) ;
680 $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
681 $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
683 $D_List->AddEntry(array($field1,$field2,$field3));
684 }
685 return($D_List->DrawList());
686 }
689 function buildAclSelector($list)
690 {
691 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
692 $cols= 3;
693 $tmp= session::global_get('plist');
694 $plist= $tmp->info;
695 asort($plist);
697 /* Add select all/none buttons */
698 $style = "style='width:100px;'";
700 if($this->acl_is_writeable("")){
701 $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
702 $display .= "<button type='button' ".$style." name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
703 $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
704 $display .= "<button type='button' ".$style." name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
705 $display .= "<button type='button' ".$style." name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
707 $display .= "<button type='button' ".$style." name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
708 $display .= "<button type='button' ".$style." name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
710 $display .= "<br>";
712 $style = "style='width:50px;'";
713 $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
714 $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
715 $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
716 $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
717 $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
718 $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
719 $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
720 $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
721 $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
722 $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
724 $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
725 $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
726 $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
727 $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
728 }
730 /* Build general objects */
731 $list =$this->sort_by_priority($list);
732 foreach ($list as $key => $name){
734 /* Create sub acl if it does not exist */
735 if (!isset($this->aclContents[$key])){
736 $this->aclContents[$key]= array();
737 }
738 if(!isset($this->aclContents[$key][0])){
739 $this->aclContents[$key][0]= '';
740 }
742 $currentAcl= $this->aclContents[$key];
744 /* Get the overall plugin acls
745 */
746 $overall_acl ="";
747 if(isset($currentAcl[0])){
748 $overall_acl = $currentAcl[0];
749 }
751 // Detect configured plugins
752 $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
754 /* Object header */
755 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
757 if($expand){
758 $back_color = "#C8C8FF";
759 }else{
760 $back_color = "#C8C8C8";
761 }
763 if(isset($_SERVER['HTTP_USER_AGENT']) &&
764 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
765 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
766 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
767 "\n <tr>".
768 "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
769 "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
770 "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
771 "\n </tr>";
772 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
773 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
774 "\n <tr>".
775 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
776 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
777 "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
778 "\n </tr>";
779 } else {
780 $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
781 "\n <tr>".
782 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
783 "\n </tr>";
784 }
786 /* Generate options */
787 $spc= " ";
788 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
789 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
790 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
791 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
792 $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
793 }
795 /* Global options */
796 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
797 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
799 $display.= "\n <tr>".
800 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
801 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
802 "\n </tr>";
804 /* Walk through the list of attributes */
805 $cnt= 1;
806 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
807 if(session::global_get('js')) {
808 if(isset($_SERVER['HTTP_USER_AGENT']) &&
809 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
810 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
811 "\n <td colspan=".$cols.">".
812 "\n <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
813 "\n <table style='width:100%;' summary='{$name}'>";
814 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
815 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
816 "\n <td colspan=".$cols.">".
817 "\n <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
818 "\n <table style='width:100%;' summary='{$name}'>";
819 }else{
820 }
821 }
824 foreach($splist as $attr => $dsc){
826 /* Skip pl* attributes, they are internal... */
827 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
828 continue;
829 }
831 /* Open table row */
832 if ($cnt == 1){
833 $display.= "\n <tr>";
834 }
836 /* Close table row */
837 if ($cnt == $cols){
838 $cnt= 1;
839 $rb= "";
840 $end= "\n </tr>";
841 } else {
842 $cnt++;
843 $rb= "border-right:1px solid #A0A0A0;";
844 $end= "";
845 }
847 /* Collect list of attributes */
848 $state= "";
849 if (isset($currentAcl[$attr])){
850 $state= $currentAcl[$attr];
851 }
852 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
853 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
854 }
856 /* Fill missing td's if needed */
857 if (--$cnt != $cols && $cnt != 0){
858 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
859 }
861 if(session::global_get('js')) {
862 if(isset($_SERVER['HTTP_USER_AGENT']) &&
863 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
864 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
865 (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
866 $display.= "\n </table>".
867 "\n </div>".
868 "\n </td>".
869 "\n </tr>";
870 }
871 }
873 $display.= "\n</table><br />\n";
874 }
876 return ($display);
877 }
880 function mkchkbx($name, $text, $state= FALSE)
881 {
882 $state= $state?"checked":"";
883 if($this->acl_is_writeable("")){
884 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
885 return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
886 "\n <label for='acl_$tname'>$text</label>";
887 }else{
888 return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
889 }
890 }
893 function mkrwbx($name, $state= "")
894 {
895 $rstate= preg_match('/r/', $state)?'checked':'';
896 $wstate= preg_match('/w/', $state)?'checked':'';
897 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
899 if($this->acl_is_writeable("")){
900 return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
901 "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
902 "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
903 "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
904 }else{
905 return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
906 "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
907 }
908 }
911 static function explodeACL($acl)
912 {
914 $list= explode(':', $acl);
915 if(count($list) == 5){
916 list($index, $type,$member,$permission,$filter)= $list;
917 $filter = base64_decode($filter);
918 }else{
919 $filter = "";
920 list($index, $type,$member,$permission)= $list;
921 }
923 $a= array( $index => array("type" => $type,
924 "filter"=> $filter,
925 "members" => acl::extractMembers($acl,$type == "role")));
927 /* Handle different types */
928 switch ($type){
930 case 'psub':
931 case 'sub':
932 case 'one':
933 case 'base':
934 $a[$index]['acl']= acl::extractACL($acl);
935 break;
937 case 'role':
938 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
939 break;
941 case 'reset':
942 break;
944 default:
945 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
946 $a= array();
947 }
948 return ($a);
949 }
952 static function extractMembers($acl,$role = FALSE)
953 {
954 global $config;
955 $a= array();
957 /* Rip acl off the string, seperate by ',' and place it in an array */
958 if($role){
959 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
960 }else{
961 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
962 }
963 if ($ms == $acl){
964 return $a;
965 }
966 $ma= explode(',', $ms);
968 /* Decode dn's, fill with informations from LDAP */
969 $ldap= $config->get_ldap_link();
970 foreach ($ma as $memberdn){
971 // Check for wildcard here
972 $dn= base64_decode($memberdn);
973 if ($dn != "*") {
974 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
976 /* Found entry... */
977 if ($ldap->count()){
978 $attrs= $ldap->fetch();
979 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
980 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
981 } else {
982 $a['G:'.$dn]= $attrs['cn'][0];
983 if (isset($attrs['description'][0])){
984 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
985 }
986 }
988 /* ... or not */
989 } else {
990 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
991 }
993 } else {
994 $a['G:*']= sprintf(_("All users"));
995 }
996 }
998 return ($a);
999 }
1002 static function extractACL($acl)
1003 {
1004 /* Rip acl off the string, seperate by ',' and place it in an array */
1005 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
1006 $aa= explode(',', $as);
1007 $a= array();
1009 /* Dis-assemble single ACLs */
1010 foreach($aa as $sacl){
1012 /* Dis-assemble field ACLs */
1013 $ao= explode('#', $sacl);
1014 $gobject= "";
1015 foreach($ao as $idx => $ssacl){
1017 /* First is department with global acl */
1018 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
1019 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
1020 if ($idx == 0){
1021 /* Create hash for this object */
1022 $gobject= $object;
1023 $a[$gobject]= array();
1025 /* Append ACL if set */
1026 if ($gacl != ""){
1027 $a[$gobject]= array($gacl);
1028 }
1029 } else {
1031 /* All other entries get appended... */
1032 list($field, $facl)= explode(';', $ssacl);
1033 $a[$gobject][$field]= $facl;
1034 }
1036 }
1037 }
1039 return ($a);
1040 }
1043 function assembleAclSummary($entry)
1044 {
1045 $summary= "";
1047 /* Summarize ACL */
1048 if (isset($entry['acl'])){
1049 $acl= "";
1051 if($entry['type'] == "role"){
1053 if(isset($this->roles[$entry['acl']])){
1054 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
1055 }else{
1056 $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
1057 }
1058 }else{
1059 foreach ($entry['acl'] as $name => $object){
1060 if (count($object)){
1061 $acl.= "$name, ";
1062 }
1063 }
1064 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1065 }
1066 }
1069 /* Summarize members */
1070 if(!($this instanceOf aclrole)){
1071 if ($summary != ""){
1072 $summary.= ", ";
1073 }
1074 if (count($entry['members'])){
1075 $summary.= _("Members").": ";
1076 foreach ($entry['members'] as $cn){
1077 $cn= preg_replace('/ \[.*$/', '', $cn);
1078 $summary.= $cn.", ";
1079 }
1080 } else {
1081 $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
1082 }
1083 }
1084 return (preg_replace('/, $/', '', $summary));
1085 }
1088 function loadAclEntry($new= FALSE)
1089 {
1090 /* New entry gets presets... */
1091 if ($new){
1092 $this->aclType= 'base';
1093 $this->aclFilter= "";
1094 $this->recipients= array();
1095 $this->aclContents= array();
1096 } else {
1097 $acl= $this->gosaAclEntry[$this->currentIndex];
1098 $this->aclType= $acl['type'];
1099 $this->recipients= $acl['members'];
1100 $this->aclContents= $acl['acl'];
1101 $this->aclFilter= $acl['filter'];
1102 }
1104 $this->wasNewEntry= $new;
1105 }
1108 function aclPostHandler()
1109 {
1110 if (isset($_POST['save_acl'])){
1111 $this->save();
1112 return TRUE;
1113 }
1115 return FALSE;
1116 }
1119 function PrepareForCopyPaste($source)
1120 {
1121 plugin::PrepareForCopyPaste($source);
1123 $dn = $source['dn'];
1124 $acl_c = new acl($this->config, $this->parent,$dn);
1125 $this->gosaAclEntry = $acl_c->gosaAclEntry;
1126 }
1129 function save()
1130 {
1131 /* Assemble ACL's */
1132 $tmp_acl= array();
1134 foreach ($this->gosaAclEntry as $prio => $entry){
1135 $final= "";
1136 $members= "";
1137 if (isset($entry['members'])){
1138 foreach ($entry['members'] as $key => $dummy){
1139 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1140 }
1141 }
1143 if($entry['type'] != "role"){
1144 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1145 }else{
1146 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1147 }
1149 /* ACL's if needed */
1150 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1151 $acl= ":";
1152 if (isset($entry['acl'])){
1153 foreach ($entry['acl'] as $object => $contents){
1155 /* Only save, if we've some contents in there... */
1156 if (count($contents)){
1157 $acl.= $object.";";
1159 foreach($contents as $attr => $permission){
1161 /* First entry? Its the one for global settings... */
1162 if ($attr == '0'){
1163 $acl.= $permission;
1164 } else {
1165 $acl.= '#'.$attr.';'.$permission;
1166 }
1168 }
1169 $acl.= ',';
1170 }
1172 }
1173 }
1174 $final.= preg_replace('/,$/', '', $acl);
1175 }
1177 /* Append additional filter options
1178 */
1179 if(!empty($entry['filter'])){
1180 $final .= ":".base64_encode($entry['filter']);
1181 }
1183 $tmp_acl[]= $final;
1184 }
1186 /* Call main method */
1187 plugin::save();
1189 /* Finally (re-)assign it... */
1190 $this->attrs['gosaAclEntry']= $tmp_acl;
1192 /* Remove acl from this entry if it is empty... */
1193 if (!count($tmp_acl)){
1194 /* Remove attribute */
1195 if ($this->initially_was_account){
1196 $this->attrs['gosaAclEntry']= array();
1197 } else {
1198 if (isset($this->attrs['gosaAclEntry'])){
1199 unset($this->attrs['gosaAclEntry']);
1200 }
1201 }
1203 /* Remove object class */
1204 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1205 }
1207 /* Do LDAP modifications */
1208 $ldap= $this->config->get_ldap_link();
1209 $ldap->cd($this->dn);
1210 $this->cleanup();
1211 $ldap->modify ($this->attrs);
1213 if(count($this->attrs)){
1214 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1215 }
1217 if (!$ldap->success()){
1218 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1219 }
1221 /* Refresh users ACLs */
1222 $ui= get_userinfo();
1223 $ui->loadACL();
1224 session::global_set('ui',$ui);
1225 }
1228 function remove_from_parent()
1229 {
1230 plugin::remove_from_parent();
1232 /* include global link_info */
1233 $ldap= $this->config->get_ldap_link();
1235 $ldap->cd($this->dn);
1236 $this->cleanup();
1237 $ldap->modify ($this->attrs);
1239 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1241 /* Optionally execute a command after we're done */
1242 $this->handle_post_events("remove",array("uid" => $this->uid));
1243 }
1246 /* Return plugin informations for acl handling */
1247 static function plInfo()
1248 {
1249 return (array(
1250 "plShortName" => _("ACL"),
1251 "plDescription" => _("ACL")." ("._("Access control list").")",
1252 "plSelfModify" => FALSE,
1253 "plDepends" => array(),
1254 "plPriority" => 0,
1255 "plSection" => array("administration"),
1256 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1257 "objectClass" => array("gosaAcl","gosaRole"))),
1258 "plProvidedAcls"=> array(
1259 "gosaAclEntry" => _("Acl entries")
1260 // "description" => _("Role description")
1261 )
1263 ));
1264 }
1267 /* Remove acls defined for $src */
1268 function remove_acl()
1269 {
1270 acl::remove_acl_for($this->dn);
1271 }
1274 /* Remove acls defined for $src */
1275 static function remove_acl_for($dn)
1276 {
1277 global $config;
1279 $ldap = $config->get_ldap_link();
1280 $ldap->cd($config->current['BASE']);
1281 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
1282 $new_entries= array();
1283 while($attrs = $ldap->fetch()){
1284 if (!isset($attrs['gosaAclEntry'])) {
1285 continue;
1286 }
1287 unset($attrs['gosaAclEntry']['count']);
1289 // Remove entry directly
1290 foreach($attrs['gosaAclEntry'] as $id => $entry){
1291 $parts= explode(':',$entry);
1292 $members= explode(',',$parts[2]);
1293 $new_members= array();
1294 foreach($members as $member) {
1295 if (base64_decode($member) != $dn) {
1296 $new_members[]= $member;
1297 } else {
1298 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
1299 }
1300 }
1302 /* We can completely remove the entry if there are no members anymore */
1303 if (count($new_members)) {
1304 $parts[2]= implode(",", $new_members);
1305 $new_entries[]= implode(":", $parts);
1306 }
1307 }
1309 // There should be a modification, so write it back
1310 $ldap->cd($attrs['dn']);
1311 $new_attrs= array("gosaAclEntry" => $new_entries);
1312 $ldap->modify($new_attrs);
1313 if (!$ldap->success()){
1314 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1315 }
1316 }
1317 }
1320 function update_acl_membership($src,$dst)
1321 {
1322 $ldap = $this->config->get_ldap_link();
1323 $ldap->cd($this->config->current['BASE']);
1324 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1325 while($attrs = $ldap->fetch()){
1326 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1327 foreach($acl->gosaAclEntry as $id => $entry){
1328 foreach($entry['members'] as $m_id => $member){
1329 if($m_id == "U:".$src){
1330 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1331 $new = "U:".$dst;
1332 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1333 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1334 }
1335 if($m_id == "G:".$src){
1336 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1337 $new = "G:".$dst;
1338 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1339 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1340 }
1341 }
1342 }
1343 $acl -> save();
1344 }
1345 }
1348 // We are only interessted in our own acls ...
1349 function set_acl_category($category)
1350 {
1351 plugin::set_acl_category("acl");
1352 }
1353 }
1355 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1356 ?>