1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /*! \brief ACL management plugin */
24 class acl extends plugin
25 {
26 /* Definitions */
27 var $plHeadline= "Access control";
28 var $plDescription= "Manage access control lists";
30 /* attribute list for save action */
31 var $attributes= array('gosaAclEntry');
32 var $objectclasses= array('gosaAcl');
34 /* Helpers */
35 var $dialogState= "head";
36 var $gosaAclEntry= array();
37 var $aclType= "";
38 var $aclObject= "";
39 var $aclContents= array();
40 var $target= "group";
41 var $aclTypes= array();
42 var $aclObjects= array();
43 var $aclFilter= "";
44 var $aclMyObjects= array();
45 var $users= array();
46 var $roles= array();
47 var $groups= array();
48 var $recipients= array();
49 var $isContainer= FALSE;
50 var $currentIndex= 0;
51 var $wasNewEntry= FALSE;
52 var $ocMapping= array();
53 var $savedAclContents= array();
54 var $myAclObjects = array();
55 var $acl_category = "acl/";
57 function acl (&$config, $parent, $dn= NULL)
58 {
59 /* Include config object */
60 plugin::plugin($config, $dn);
62 /* Load ACL's */
63 $this->gosaAclEntry= array();
64 if (isset($this->attrs['gosaAclEntry'])){
65 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
66 $acl= $this->attrs['gosaAclEntry'][$i];
67 $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
68 }
69 }
70 ksort($this->gosaAclEntry);
72 /* Save parent - we've to know more about it than other plugins... */
73 $this->parent= &$parent;
75 /* Container? */
76 if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
77 $this->isContainer= TRUE;
78 }
80 /* Users */
81 $ui= get_userinfo();
82 $tag= $ui->gosaUnitTag;
83 $ldap= $config->get_ldap_link();
84 $ldap->cd($config->current['BASE']);
85 if ($tag == ""){
86 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
87 } else {
88 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
89 }
90 while ($attrs= $ldap->fetch()){
92 // Allow objects without cn to be listed without causing an error.
93 if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
94 $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
95 }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
96 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
97 }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
98 $this->users['U:'.$attrs['dn']]= $attrs['dn'];
99 }else{
100 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
101 }
103 }
104 ksort($this->users);
106 /* Groups */
107 $ldap->cd($config->current['BASE']);
108 # if ($tag == ""){
109 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
110 # } else {
111 # $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
112 # }
113 while ($attrs= $ldap->fetch()){
114 $dsc= "";
115 if (isset($attrs['description'][0])){
116 $dsc= $attrs['description'][0];
117 }
118 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
119 }
120 ksort($this->groups);
122 /* Roles */
123 $ldap->cd($config->current['BASE']);
124 # if ($tag == ""){
125 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
126 # } else {
127 # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
128 # }
129 while ($attrs= $ldap->fetch()){
130 $dsc= "";
131 if (isset($attrs['description'][0])){
132 $dsc= $attrs['description'][0];
133 }
135 $role_id = $attrs['dn'];
137 $this->roles[$role_id]['acls'] =array();
138 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
139 $acl= $attrs['gosaAclTemplate'][$i];
140 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
141 }
142 $this->roles[$role_id]['description'] = $dsc;
143 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
144 }
146 /* Objects */
147 $tmp= session::global_get('plist');
148 $plist= $tmp->info;
149 $cats = array();
150 if (isset($this->parent) && $this->parent !== NULL){
151 $oc= array();
152 foreach ($this->parent->by_object as $key => $obj){
153 $oc= array_merge($oc, $obj->objectclasses);
154 if(isset($obj->acl_category)){
155 $tmp= str_replace("/","",$obj->acl_category);
156 $cats[$tmp] = $tmp;
157 }
158 }
159 if (in_array_ics('organizationalUnit', $oc)){
160 $this->isContainer= TRUE;
161 }
162 } else {
163 $oc= $this->attrs['objectClass'];
164 }
166 /* Extract available categories from plugin info list */
167 foreach ($plist as $class => $acls){
169 /* Only feed categories */
170 if (isset($acls['plCategory'])){
172 /* Walk through supplied list and feed only translated categories */
173 foreach($acls['plCategory'] as $idx => $data){
175 /* Non numeric index means -> base object containing more informations */
176 if (preg_match('/^[0-9]+$/', $idx)){
178 if (!isset($this->ocMapping[$data])){
179 $this->ocMapping[$data]= array();
180 $this->ocMapping[$data][]= '0';
181 }
183 if(isset($cats[$data])){
184 $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
185 }
186 $this->ocMapping[$data][]= $class;
187 } else {
188 if (!isset($this->ocMapping[$idx])){
189 $this->ocMapping[$idx]= array();
190 $this->ocMapping[$idx][]= '0';
191 }
192 $this->ocMapping[$idx][]= $class;
193 $this->aclObjects[$idx]= $data['description'];
195 /* Additionally filter the classes we're interested in in "self edit" mode */
196 if (is_array($data['objectClass'])){
197 foreach($data['objectClass'] as $objectClass){
198 if (in_array_ics($objectClass, $oc)){
199 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
200 break;
201 }
202 }
203 } else {
204 if (in_array_ics($data['objectClass'], $oc)){
205 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
206 }
207 }
208 }
210 }
211 }
212 }
213 $this->aclObjects['all']= '* '._("All categories");
214 $this->ocMapping['all']= array('0' => 'all');
216 /* Sort categories */
217 asort($this->aclObjects);
219 /* Fill acl types */
220 if ($this->isContainer){
221 $this->aclTypes= array("reset" => _("Reset ACLs"),
222 "one" => _("One level"),
223 "base" => _("Current object"),
224 "sub" => _("Complete subtree"),
225 "psub" => _("Complete subtree (permanent)"),
226 "role" => _("Use ACL defined in role"));
227 } else {
228 $this->aclTypes= array("base" => _("Current object"),
229 "role" => _("Use ACL defined in role"));
230 }
231 asort($this->aclTypes);
232 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
233 asort($this->targets);
235 /* Finally - we want to get saved... */
236 $this->is_account= TRUE;
237 }
240 function execute()
241 {
242 /* Call parent execute */
243 plugin::execute();
245 $tmp= session::global_get('plist');
246 $plist= $tmp->info;
248 /* Handle posts */
249 if (isset($_POST['new_acl'])){
250 $this->dialogState= 'create';
251 $this->dialog= TRUE;
252 $this->currentIndex= count($this->gosaAclEntry);
253 $this->loadAclEntry(TRUE);
254 }
256 $new_acl= array();
257 $aclDialog= FALSE;
258 $firstedit= FALSE;
260 /* Act on HTML post and gets here.
261 */
262 if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
263 $id = trim($_GET['id']);
264 $this->dialogState= 'create';
265 $firstedit= TRUE;
266 $this->dialog= TRUE;
267 $this->currentIndex= $id;
268 $this->loadAclEntry();
269 }
271 foreach($_POST as $name => $post){
273 /* Actions... */
274 if (preg_match('/^acl_edit_.*_x/', $name)){
275 $this->dialogState= 'create';
276 $firstedit= TRUE;
277 $this->dialog= TRUE;
278 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
279 $this->loadAclEntry();
280 continue;
281 }
283 if (preg_match('/^cat_edit_.*_x/', $name)){
284 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
285 $this->dialogState= 'edit';
286 foreach ($this->ocMapping[$this->aclObject] as $oc){
287 if (isset($this->aclContents[$oc])){
288 $this->savedAclContents[$oc]= $this->aclContents[$oc];
289 }
290 }
291 continue;
292 }
294 /* Only handle posts, if we allowed to modify ACLs */
295 if(!$this->acl_is_writeable("")){
296 continue;
297 }
299 if (preg_match('/^acl_del_.*_x/', $name)){
300 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
301 continue;
302 }
304 if (preg_match('/^cat_del_.*_x/', $name)){
305 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
306 foreach ($this->ocMapping[$idx] as $key){
307 unset($this->aclContents["$idx/$key"]);
308 }
309 continue;
310 }
312 /* Sorting... */
313 if (preg_match('/^sortup_.*_x/', $name)){
314 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
315 if ($index > 0){
316 $tmp= $this->gosaAclEntry[$index];
317 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
318 $this->gosaAclEntry[$index-1]= $tmp;
319 }
320 continue;
321 }
322 if (preg_match('/^sortdown_.*_x/', $name)){
323 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
324 if ($index < count($this->gosaAclEntry)-1){
325 $tmp= $this->gosaAclEntry[$index];
326 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
327 $this->gosaAclEntry[$index+1]= $tmp;
328 }
329 continue;
330 }
332 /* ACL saving... */
333 if (preg_match('/^acl_.*_[^xy]$/', $name)){
334 list($dummy, $object, $attribute, $value)= explode('_', $name);
336 /* Skip for detection entry */
337 if ($object == 'dummy') {
338 continue;
339 }
341 /* Ordinary ACLs */
342 if (!isset($new_acl[$object])){
343 $new_acl[$object]= array();
344 }
345 if (isset($new_acl[$object][$attribute])){
346 $new_acl[$object][$attribute].= $value;
347 } else {
348 $new_acl[$object][$attribute]= $value;
349 }
350 }
352 if(isset($_POST['selected_role'])){
353 $this->aclContents = "";
354 $this->aclContents = base64_decode($_POST['selected_role']);
355 }
356 }
358 if(isset($_POST['acl_dummy_0_0_0'])){
359 $aclDialog= TRUE;
360 }
362 if($this->acl_is_writeable("")){
364 /* Only be interested in new acl's, if we're in the right _POST place */
365 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
367 foreach ($this->ocMapping[$this->aclObject] as $oc){
369 if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
370 unset($this->aclContents[$oc]);
371 }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
372 unset($this->aclContents[$this->aclObject.'/'.$oc]);
373 }else{
374 # trigger_error("Huhm?");
375 }
376 if (isset($new_acl[$oc]) && is_array($new_acl)){
377 $this->aclContents[$oc]= $new_acl[$oc];
378 }
379 if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
380 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
381 }
382 }
383 }
385 /* Save new acl in case of base edit mode */
386 if ($this->aclType == 'base' && !$firstedit){
387 $this->aclContents= $new_acl;
388 }
389 }
391 /* Cancel new acl? */
392 if (isset($_POST['cancel_new_acl'])){
393 $this->dialogState= 'head';
394 $this->dialog= FALSE;
395 if ($this->wasNewEntry){
396 unset ($this->gosaAclEntry[$this->currentIndex]);
397 }
398 }
400 /* Save common values */
401 if($this->acl_is_writeable("")){
402 foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
403 if (isset($_POST[$key])){
404 $this->$key= validate($_POST[$key]);
405 }
406 }
407 }
409 /* Store ACL in main object? */
410 if (isset($_POST['submit_new_acl'])){
411 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
412 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
413 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
414 $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
415 $this->dialogState= 'head';
416 $this->dialog= FALSE;
417 }
419 /* Cancel edit acl? */
420 if (isset($_POST['cancel_edit_acl'])){
421 $this->dialogState= 'create';
422 foreach ($this->ocMapping[$this->aclObject] as $oc){
423 if (isset($this->savedAclContents[$oc])){
424 $this->aclContents[$oc]= $this->savedAclContents[$oc];
425 }
426 }
427 }
429 /* Save edit acl? */
430 if (isset($_POST['submit_edit_acl'])){
431 $this->dialogState= 'create';
432 }
434 /* Add acl? */
435 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
436 $this->dialogState= 'edit';
437 $this->savedAclContents= array();
438 foreach ($this->ocMapping[$this->aclObject] as $oc){
439 if (isset($this->aclContents[$oc])){
440 $this->savedAclContents[$oc]= $this->aclContents[$oc];
441 }
442 }
443 }
445 /* Add to list? */
446 if (isset($_POST['add']) && isset($_POST['source'])){
447 foreach ($_POST['source'] as $key){
448 if ($this->target == 'user'){
449 $this->recipients[$key]= $this->users[$key];
450 }
451 if ($this->target == 'group'){
452 $this->recipients[$key]= $this->groups[$key];
453 }
454 }
455 ksort($this->recipients);
456 }
458 /* Remove from list? */
459 if (isset($_POST['del']) && isset($_POST['recipient'])){
460 foreach ($_POST['recipient'] as $key){
461 unset($this->recipients[$key]);
462 }
463 }
465 /* Create templating instance */
466 $smarty= get_smarty();
467 $smarty->assign("acl_readable",$this->acl_is_readable(""));
468 if(!$this->acl_is_readable("")){
469 return ($smarty->fetch (get_template_path('acl.tpl')));
470 }
472 if ($this->dialogState == 'head'){
473 /* Draw list */
474 $aclList= new divSelectBox("aclList");
475 $aclList->SetHeight(450);
477 /* Fill in entries */
478 foreach ($this->gosaAclEntry as $key => $entry){
479 if(!$this->acl_is_readable("")) continue;
481 $action ="";
483 if($this->acl_is_readable("")){
484 $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
485 }else{
486 $link = $this->assembleAclSummary($entry);
487 }
489 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
490 $field2= array("string" => $link);
492 if($this->acl_is_writeable("")){
493 $action.= "<input type='image' name='sortup_$key' alt='up'
494 title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
495 $action.= "<input type='image' name='sortdown_$key' alt='down'
496 title='"._("Down")."' src='images/lists/sort-down.png'>";
497 }
499 if($this->acl_is_readable("")){
500 $action.= "<input class='center' type='image' src='images/lists/edit.png'
501 alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
502 }
503 if($this->acl_is_removeable("")){
504 $action.= "<input class='center' type='image' src='images/lists/trash.png'
505 alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
506 }
508 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
509 $aclList->AddEntry(array($field1, $field2, $field3));
510 }
512 $smarty->assign("aclList", $aclList->DrawList());
513 }
515 if ($this->dialogState == 'create'){
516 /* Draw list */
517 $aclList= new divSelectBox("aclList");
518 $aclList->SetHeight(150);
520 /* Add settings for all categories to the (permanent) list */
521 foreach ($this->aclObjects as $section => $dsc){
522 $summary= "";
523 foreach($this->ocMapping[$section] as $oc){
524 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
525 $this->aclContents[$oc][0] != ""){
527 $summary.= "$oc, ";
528 continue;
529 }
530 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
531 $summary.= "$oc, ";
532 continue;
533 }
534 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
535 $summary.= "$oc, ";
536 }
537 }
539 /* Set summary... */
540 if ($summary == ""){
541 $summary= '<i>'._("No ACL settings for this category!").'</i>';
542 } else {
543 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
544 }
546 $actions ="";
547 if($this->acl_is_readable("")){
548 $actions= "<input class='center' type='image' src='images/lists/edit.png'
549 alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
550 }
551 if($this->acl_is_removeable()){
552 $actions.= "<input class='center' type='image' src='images/lists/trash.png'
553 alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
554 }
556 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
557 $field2= array("string" => $summary);
558 $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'");
559 $aclList->AddEntry(array($field1, $field2, $field3));
560 }
562 $smarty->assign("aclList", $aclList->DrawList());
563 $smarty->assign("aclType", $this->aclType);
564 $smarty->assign("aclFilter", $this->aclFilter);
565 $smarty->assign("aclTypes", $this->aclTypes);
566 $smarty->assign("target", $this->target);
567 $smarty->assign("targets", $this->targets);
569 /* Assign possible target types */
570 $smarty->assign("targets", $this->targets);
571 foreach ($this->attributes as $attr){
572 $smarty->assign($attr, $this->$attr);
573 }
576 /* Generate list */
577 $tmp= array();
578 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
579 if ($this->target == $field){
580 foreach ($this->$arr as $key => $value){
581 if (!isset($this->recipients[$key])){
582 $tmp[$key]= $value;
583 }
584 }
585 }
586 }
587 $smarty->assign('sources', $tmp);
588 $smarty->assign('recipients', $this->recipients);
590 /* Acl selector if scope is base */
591 if ($this->aclType == 'base'){
592 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
593 }
595 /* Role selector if scope is base */
596 if ($this->aclType == 'role'){
597 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
598 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
599 }
600 }
602 if ($this->dialogState == 'edit'){
603 $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
605 /* Collect objects for selected category */
606 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
607 if ($idx == 0){
608 continue;
609 }
610 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
611 }
612 if ($this->aclObject == 'all'){
613 $aclObjects['all']= _("All objects in current subtree");
614 }
616 /* Role selector if scope is base */
617 if ($this->aclType == 'role'){
618 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
619 } else {
620 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
621 }
622 }
624 /* Show main page */
625 $smarty->assign("dialogState", $this->dialogState);
627 /* Assign acls */
628 $smarty->assign("acl_createable",$this->acl_is_createable());
629 $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
630 $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
631 $smarty->assign("acl_removeable",$this->acl_is_removeable());
633 return ($smarty->fetch (get_template_path('acl.tpl')));
634 }
637 function sort_by_priority($list)
638 {
639 $tmp= session::global_get('plist');
640 $plist= $tmp->info;
641 asort($plist);
642 $newSort = array();
644 foreach($list as $name => $translation){
645 $na = preg_replace("/^.*\//","",$name);
646 $prio = 0;
647 if(isset($plist[$na]['plPriority'])){
648 $prio= $plist[$na]['plPriority'] ;
649 }
651 $newSort[$name] = $prio;
652 }
654 asort($newSort);
656 $ret = array();
657 foreach($newSort as $name => $prio){
658 $ret[$name] = $list[$name];
659 }
660 return($ret);
661 }
664 function buildRoleSelector($list)
665 {
666 $D_List =new divSelectBox("Acl_Roles");
668 $selected = $this->aclContents;
669 if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
670 $selected = key($list);
671 }
673 $str ="";
674 foreach($list as $dn => $values){
676 if($dn == $selected){
677 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
678 }else{
679 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
680 }
682 $field1 = array("string" => $option) ;
683 $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
684 $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
686 $D_List->AddEntry(array($field1,$field2,$field3));
687 }
688 return($D_List->DrawList());
689 }
692 function buildAclSelector($list)
693 {
694 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
695 $cols= 3;
696 $tmp= session::global_get('plist');
697 $plist= $tmp->info;
698 asort($plist);
700 /* Add select all/none buttons */
701 $style = "style='width:100px;'";
703 if($this->acl_is_writeable("")){
704 $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
705 $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
706 $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
707 $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
708 $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
710 $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
711 $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
713 $display .= "<br>";
715 $style = "style='width:50px;'";
716 $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
717 $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
718 $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
719 $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
720 $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
721 $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
722 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
723 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
724 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
725 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
727 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
728 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
729 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
730 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
731 }
733 /* Build general objects */
734 $list =$this->sort_by_priority($list);
735 foreach ($list as $key => $name){
737 /* Create sub acl if it does not exist */
738 if (!isset($this->aclContents[$key])){
739 $this->aclContents[$key]= array();
740 }
741 if(!isset($this->aclContents[$key][0])){
742 $this->aclContents[$key][0]= '';
743 }
745 $currentAcl= $this->aclContents[$key];
747 /* Get the overall plugin acls
748 */
749 $overall_acl ="";
750 if(isset($currentAcl[0])){
751 $overall_acl = $currentAcl[0];
752 }
754 // Detect configured plugins
755 $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
757 /* Object header */
758 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
760 if($expand){
761 $back_color = "#C8C8FF";
762 }else{
763 $back_color = "#C8C8C8";
764 }
766 if(session::global_get('js')) {
767 if(isset($_SERVER['HTTP_USER_AGENT']) &&
768 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
769 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
770 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
771 "\n <tr>".
772 "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
773 "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
774 "\n <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
775 "\n </tr>";
776 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
777 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
778 "\n <tr>".
779 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
780 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
781 "\n <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
782 "\n </tr>";
783 } else {
784 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
785 "\n <tr>".
786 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
787 "\n </tr>";
788 }
789 } else {
790 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
791 "\n <tr>".
792 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
793 "\n </tr>";
794 }
796 /* Generate options */
797 $spc= " ";
798 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
799 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
800 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
801 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
802 $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
803 }
805 /* Global options */
806 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
807 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
809 $display.= "\n <tr>".
810 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
811 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
812 "\n </tr>";
814 /* Walk through the list of attributes */
815 $cnt= 1;
816 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
817 if(session::global_get('js')) {
818 if(isset($_SERVER['HTTP_USER_AGENT']) &&
819 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
820 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
821 "\n <td colspan=".$cols.">".
822 "\n <div id='$tname' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
823 "\n <table style='width:100%;'>";
824 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
825 $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
826 "\n <td colspan=".$cols.">".
827 "\n <div id='$tname' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
828 "\n <table style='width:100%;'>";
829 }else{
830 }
831 }
834 foreach($splist as $attr => $dsc){
836 /* Skip pl* attributes, they are internal... */
837 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
838 continue;
839 }
841 /* Open table row */
842 if ($cnt == 1){
843 $display.= "\n <tr>";
844 }
846 /* Close table row */
847 if ($cnt == $cols){
848 $cnt= 1;
849 $rb= "";
850 $end= "\n </tr>";
851 } else {
852 $cnt++;
853 $rb= "border-right:1px solid #A0A0A0;";
854 $end= "";
855 }
857 /* Collect list of attributes */
858 $state= "";
859 if (isset($currentAcl[$attr])){
860 $state= $currentAcl[$attr];
861 }
862 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
863 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
864 }
866 /* Fill missing td's if needed */
867 if (--$cnt != $cols && $cnt != 0){
868 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
869 }
871 if(session::global_get('js')) {
872 if(isset($_SERVER['HTTP_USER_AGENT']) &&
873 (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
874 (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
875 (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
876 $display.= "\n </table>".
877 "\n </div>".
878 "\n </td>".
879 "\n </tr>";
880 }
881 }
883 $display.= "\n</table><br />\n";
884 }
886 return ($display);
887 }
890 function mkchkbx($name, $text, $state= FALSE)
891 {
892 $state= $state?"checked":"";
893 if($this->acl_is_writeable("")){
894 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
895 return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
896 "\n <label for='acl_$tname'>$text</label>";
897 }else{
898 return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
899 }
900 }
903 function mkrwbx($name, $state= "")
904 {
905 $rstate= preg_match('/r/', $state)?'checked':'';
906 $wstate= preg_match('/w/', $state)?'checked':'';
907 $tname= preg_replace("/[^a-z0-9]/i","_",$name);
909 if($this->acl_is_writeable("")){
910 return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
911 "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
912 "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
913 "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
914 }else{
915 return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
916 "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
917 }
918 }
921 static function explodeACL($acl)
922 {
924 $list= explode(':', $acl);
925 if(count($list) == 5){
926 list($index, $type,$member,$permission,$filter)= $list;
927 $filter = base64_decode($filter);
928 }else{
929 $filter = "";
930 list($index, $type,$member,$permission)= $list;
931 }
933 $a= array( $index => array("type" => $type,
934 "filter"=> $filter,
935 "members" => acl::extractMembers($acl,$type == "role")));
937 /* Handle different types */
938 switch ($type){
940 case 'psub':
941 case 'sub':
942 case 'one':
943 case 'base':
944 $a[$index]['acl']= acl::extractACL($acl);
945 break;
947 case 'role':
948 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
949 break;
951 case 'reset':
952 break;
954 default:
955 msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
956 $a= array();
957 }
958 return ($a);
959 }
962 static function extractMembers($acl,$role = FALSE)
963 {
964 global $config;
965 $a= array();
967 /* Rip acl off the string, seperate by ',' and place it in an array */
968 if($role){
969 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
970 }else{
971 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
972 }
973 if ($ms == $acl){
974 return $a;
975 }
976 $ma= explode(',', $ms);
978 /* Decode dn's, fill with informations from LDAP */
979 $ldap= $config->get_ldap_link();
980 foreach ($ma as $memberdn){
981 $dn= base64_decode($memberdn);
982 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
984 /* Found entry... */
985 if ($ldap->count()){
986 $attrs= $ldap->fetch();
987 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
988 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
989 } else {
990 $a['G:'.$dn]= $attrs['cn'][0];
991 if (isset($attrs['description'][0])){
992 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
993 }
994 }
996 /* ... or not */
997 } else {
998 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
999 }
1000 }
1002 return ($a);
1003 }
1006 static function extractACL($acl)
1007 {
1008 /* Rip acl off the string, seperate by ',' and place it in an array */
1009 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
1010 $aa= explode(',', $as);
1011 $a= array();
1013 /* Dis-assemble single ACLs */
1014 foreach($aa as $sacl){
1016 /* Dis-assemble field ACLs */
1017 $ao= explode('#', $sacl);
1018 $gobject= "";
1019 foreach($ao as $idx => $ssacl){
1021 /* First is department with global acl */
1022 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
1023 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
1024 if ($idx == 0){
1025 /* Create hash for this object */
1026 $gobject= $object;
1027 $a[$gobject]= array();
1029 /* Append ACL if set */
1030 if ($gacl != ""){
1031 $a[$gobject]= array($gacl);
1032 }
1033 } else {
1035 /* All other entries get appended... */
1036 list($field, $facl)= explode(';', $ssacl);
1037 $a[$gobject][$field]= $facl;
1038 }
1040 }
1041 }
1043 return ($a);
1044 }
1047 function assembleAclSummary($entry)
1048 {
1049 $summary= "";
1051 /* Summarize ACL */
1052 if (isset($entry['acl'])){
1053 $acl= "";
1055 if($entry['type'] == "role"){
1057 if(isset($this->roles[$entry['acl']])){
1058 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
1059 }else{
1060 $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
1061 }
1062 }else{
1063 foreach ($entry['acl'] as $name => $object){
1064 if (count($object)){
1065 $acl.= "$name, ";
1066 }
1067 }
1068 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
1069 }
1070 }
1073 /* Summarize members */
1074 if(!($this instanceOf aclrole)){
1075 if ($summary != ""){
1076 $summary.= ", ";
1077 }
1078 if (count($entry['members'])){
1079 $summary.= _("Members").": ";
1080 foreach ($entry['members'] as $cn){
1081 $cn= preg_replace('/ \[.*$/', '', $cn);
1082 $summary.= $cn.", ";
1083 }
1084 } else {
1085 $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
1086 }
1087 }
1088 return (preg_replace('/, $/', '', $summary));
1089 }
1092 function loadAclEntry($new= FALSE)
1093 {
1094 /* New entry gets presets... */
1095 if ($new){
1096 $this->aclType= 'base';
1097 $this->aclFilter= "";
1098 $this->recipients= array();
1099 $this->aclContents= array();
1100 } else {
1101 $acl= $this->gosaAclEntry[$this->currentIndex];
1102 $this->aclType= $acl['type'];
1103 $this->recipients= $acl['members'];
1104 $this->aclContents= $acl['acl'];
1105 $this->aclFilter= $acl['filter'];
1106 }
1108 $this->wasNewEntry= $new;
1109 }
1112 function aclPostHandler()
1113 {
1114 if (isset($_POST['save_acl'])){
1115 $this->save();
1116 return TRUE;
1117 }
1119 return FALSE;
1120 }
1123 function PrepareForCopyPaste($source)
1124 {
1125 plugin::PrepareForCopyPaste($source);
1127 $dn = $source['dn'];
1128 $acl_c = new acl($this->config, $this->parent,$dn);
1129 $this->gosaAclEntry = $acl_c->gosaAclEntry;
1130 }
1133 function save()
1134 {
1135 /* Assemble ACL's */
1136 $tmp_acl= array();
1138 foreach ($this->gosaAclEntry as $prio => $entry){
1139 $final= "";
1140 $members= "";
1141 if (isset($entry['members'])){
1142 foreach ($entry['members'] as $key => $dummy){
1143 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
1144 }
1145 }
1147 if($entry['type'] != "role"){
1148 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
1149 }else{
1150 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
1151 }
1153 /* ACL's if needed */
1154 if ($entry['type'] != "reset" && $entry['type'] != "role"){
1155 $acl= ":";
1156 if (isset($entry['acl'])){
1157 foreach ($entry['acl'] as $object => $contents){
1159 /* Only save, if we've some contents in there... */
1160 if (count($contents)){
1161 $acl.= $object.";";
1163 foreach($contents as $attr => $permission){
1165 /* First entry? Its the one for global settings... */
1166 if ($attr == '0'){
1167 $acl.= $permission;
1168 } else {
1169 $acl.= '#'.$attr.';'.$permission;
1170 }
1172 }
1173 $acl.= ',';
1174 }
1176 }
1177 }
1178 $final.= preg_replace('/,$/', '', $acl);
1179 }
1181 /* Append additional filter options
1182 */
1183 if(!empty($entry['filter'])){
1184 $final .= ":".base64_encode($entry['filter']);
1185 }
1187 $tmp_acl[]= $final;
1188 }
1190 /* Call main method */
1191 plugin::save();
1193 /* Finally (re-)assign it... */
1194 $this->attrs['gosaAclEntry']= $tmp_acl;
1196 /* Remove acl from this entry if it is empty... */
1197 if (!count($tmp_acl)){
1198 /* Remove attribute */
1199 if ($this->initially_was_account){
1200 $this->attrs['gosaAclEntry']= array();
1201 } else {
1202 if (isset($this->attrs['gosaAclEntry'])){
1203 unset($this->attrs['gosaAclEntry']);
1204 }
1205 }
1207 /* Remove object class */
1208 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1209 }
1211 /* Do LDAP modifications */
1212 $ldap= $this->config->get_ldap_link();
1213 $ldap->cd($this->dn);
1214 $this->cleanup();
1215 $ldap->modify ($this->attrs);
1217 if(count($this->attrs)){
1218 new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1219 }
1221 if (!$ldap->success()){
1222 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1223 }
1225 /* Refresh users ACLs */
1226 $ui= get_userinfo();
1227 $ui->loadACL();
1228 session::global_set('ui',$ui);
1229 }
1232 function remove_from_parent()
1233 {
1234 plugin::remove_from_parent();
1236 /* include global link_info */
1237 $ldap= $this->config->get_ldap_link();
1239 $ldap->cd($this->dn);
1240 $this->cleanup();
1241 $ldap->modify ($this->attrs);
1243 new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
1245 /* Optionally execute a command after we're done */
1246 $this->handle_post_events("remove",array("uid" => $this->uid));
1247 }
1250 /* Return plugin informations for acl handling */
1251 static function plInfo()
1252 {
1253 return (array(
1254 "plShortName" => _("ACL"),
1255 "plDescription" => _("ACL")." ("._("Access control list").")",
1256 "plSelfModify" => FALSE,
1257 "plDepends" => array(),
1258 "plPriority" => 0,
1259 "plSection" => array("administration"),
1260 "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
1261 "objectClass" => array("gosaAcl","gosaRole"))),
1262 "plProvidedAcls"=> array(
1263 // "cn" => _("Role name"),
1264 // "description" => _("Role description")
1265 )
1267 ));
1268 }
1271 /* Remove acls defined for $src */
1272 function remove_acl()
1273 {
1274 acl::remove_acl_for($this->dn);
1275 }
1278 /* Remove acls defined for $src */
1279 static function remove_acl_for($dn)
1280 {
1281 global $config;
1283 $ldap = $config->get_ldap_link();
1284 $ldap->cd($config->current['BASE']);
1285 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
1286 $new_entries= array();
1287 while($attrs = $ldap->fetch()){
1288 if (!isset($attrs['gosaAclEntry'])) {
1289 continue;
1290 }
1291 unset($attrs['gosaAclEntry']['count']);
1293 // Remove entry directly
1294 foreach($attrs['gosaAclEntry'] as $id => $entry){
1295 $parts= explode(':',$entry);
1296 $members= explode(',',$parts[2]);
1297 $new_members= array();
1298 foreach($members as $member) {
1299 if (base64_decode($member) != $dn) {
1300 $new_members[]= $member;
1301 } else {
1302 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
1303 }
1304 }
1306 /* We can completely remove the entry if there are no members anymore */
1307 if (count($new_members)) {
1308 $parts[2]= implode(",", $new_members);
1309 $new_entries[]= implode(":", $parts);
1310 }
1311 }
1313 // There should be a modification, so write it back
1314 $ldap->cd($attrs['dn']);
1315 $new_attrs= array("gosaAclEntry" => $new_entries);
1316 $ldap->modify($new_attrs);
1317 if (!$ldap->success()){
1318 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
1319 }
1320 }
1321 }
1324 function update_acl_membership($src,$dst)
1325 {
1326 $ldap = $this->config->get_ldap_link();
1327 $ldap->cd($this->config->current['BASE']);
1328 $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
1329 while($attrs = $ldap->fetch()){
1330 $acl = new acl($this->config,$this->parent,$attrs['dn']);
1331 foreach($acl->gosaAclEntry as $id => $entry){
1332 foreach($entry['members'] as $m_id => $member){
1333 if($m_id == "U:".$src){
1334 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1335 $new = "U:".$dst;
1336 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1337 gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
1338 }
1339 if($m_id == "G:".$src){
1340 unset($acl->gosaAclEntry[$id]['members'][$m_id]);
1341 $new = "G:".$dst;
1342 $acl->gosaAclEntry[$id]['members'][$new] = $new;
1343 gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
1344 }
1345 }
1346 }
1347 $acl -> save();
1348 }
1349 }
1351 }
1353 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1354 ?>