1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 class aclrole extends acl
24 {
25 /* Definitions */
26 var $plHeadline= "Access control roles";
27 var $plDescription= "Edit AC roles";
29 /* attribute list for save action */
30 var $attributes= array('gosaAclTemplate',"cn","description");
31 var $objectclasses= array('top','gosaRole');
33 /* Helpers */
34 var $dialogState= "head";
35 var $aclType= "";
36 var $aclObject= "";
37 var $aclContents= array();
38 var $target= "group";
39 var $aclTypes= array();
40 var $aclObjects= array();
41 var $recipients= array();
42 var $isContainer= TRUE;
43 var $currentIndex= 0;
44 var $wasNewEntry= FALSE;
45 var $ocMapping= array();
46 var $savedAclContents= array();
47 var $myAclObjects = array();
49 /* Role attributes */
50 var $gosaAclTemplate= "";
51 var $cn = "";
52 var $orig_cn = "";
53 var $description = "";
54 var $orig_dn;
55 var $orig_base;
56 var $base ="";
57 var $baseSelector;
59 function aclrole (&$config, $dn= NULL)
60 {
61 /* Include config object */
62 plugin::plugin($config, $dn);
64 if($this->dn == "new"){
65 $ui = get_userinfo();
66 $this->base= dn2base(session::global_is_set("CurrentMainBase")?"cn=test,".session::global_get("CurrentMainBase"):$ui->dn);
67 }else{
68 $this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn);
69 new log("view","acl/".get_class($this),$this->dn);
70 }
72 /* Load ACL's */
73 $this->gosaAclTemplate= array();
74 if (isset($this->attrs["gosaAclTemplate"])){
75 for ($i= 0; $i<$this->attrs["gosaAclTemplate"]['count']; $i++){
76 $acl= $this->attrs["gosaAclTemplate"][$i];
77 $this->gosaAclTemplate= array_merge($this->gosaAclTemplate, $this->explodeACL($acl));
78 }
79 }
80 ksort($this->gosaAclTemplate);
82 /* Extract available categories from plugin info list */
83 $tmp= session::get('plist');
84 $plist= $tmp->info;
85 $oc = array();
86 foreach ($plist as $class => $acls){
88 /* Only feed categories */
89 if (isset($acls['plCategory'])){
91 /* Walk through supplied list and feed only translated categories */
92 foreach($acls['plCategory'] as $idx => $data){
94 /* Non numeric index means -> base object containing more informations */
95 if (preg_match('/^[0-9]+$/', $idx)){
96 if (!isset($this->ocMapping[$data])){
97 $this->ocMapping[$data]= array();
98 $this->ocMapping[$data][]= '0';
99 }
100 $this->ocMapping[$data][]= $class;
101 } else {
102 if (!isset($this->ocMapping[$idx])){
103 $this->ocMapping[$idx]= array();
104 $this->ocMapping[$idx][]= '0';
105 }
106 $this->ocMapping[$idx][]= $class;
107 $this->aclObjects[$idx]= $data['description'];
109 /* Additionally filter the classes we're interested in in "self edit" mode */
110 if (is_array($data['objectClass'])){
111 foreach($data['objectClass'] as $objectClass){
112 if (in_array_ics($objectClass, $oc)){
113 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
114 break;
115 }
116 }
117 } else {
118 if (in_array_ics($data['objectClass'], $oc)){
119 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
120 }
121 }
122 }
124 }
125 }
126 }
127 $this->aclObjects['all']= '* '._("All categories");
128 $this->ocMapping['all']= array('0' => 'all');
130 /* Sort categories */
131 asort($this->aclObjects);
133 /* Fill acl types */
134 $this->aclTypes= array( "reset" => _("Reset ACL"),
135 "one" => _("One level"),
136 "base" => _("Current object"),
137 "sub" => _("Complete subtree"),
138 "psub" => _("Complete subtree (permanent)"));
139 asort($this->aclTypes);
141 /* Finally - we want to get saved... */
142 $this->is_account= TRUE;
143 $this->orig_base = $this->base;
144 $this->orig_dn = $this->dn;
145 $this->orig_cn = $this->cn;
147 /* Instanciate base selector */
148 $this->baseSelector= new baseSelector($this->get_allowed_bases(), $this->base);
149 $this->baseSelector->setSubmitButton(false);
150 $this->baseSelector->setHeight(300);
151 $this->baseSelector->update(true);
152 }
155 function execute()
156 {
157 /* Call parent execute */
158 plugin::execute();
160 $tmp= session::get('plist');
161 $plist= $tmp->info;
163 /* Handle posts */
164 if (isset($_POST['new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
165 $this->dialogState= 'create';
166 $this->dialog= TRUE;
167 $this->currentIndex= count($this->gosaAclTemplate);
168 $this->loadAclEntry(TRUE);
169 }
171 $new_acl= array();
172 $aclDialog= FALSE;
173 $firstedit= FALSE;
175 /* Act on HTML post and gets here.
176 */
177 if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
178 $id = trim($_GET['id']);
179 $this->dialogState= 'create';
180 $firstedit= TRUE;
181 $this->dialog= TRUE;
182 $this->currentIndex= $id;
183 $this->loadAclEntry();
184 }
186 foreach($_POST as $name => $post){
188 /* Actions... */
189 if (preg_match('/^acl_edit_.*_x/', $name)){
190 $this->dialogState= 'create';
191 $firstedit= TRUE;
192 $this->dialog= TRUE;
193 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
194 $this->loadAclEntry();
195 continue;
196 }
197 if (preg_match('/^cat_edit_.*_x/', $name)){
198 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
199 $this->dialogState= 'edit';
200 foreach ($this->ocMapping[$this->aclObject] as $oc){
201 if (isset($this->aclContents[$oc])){
202 $this->savedAclContents[$oc]= $this->aclContents[$oc];
203 }
204 }
205 continue;
206 }
208 if(!$this->acl_is_writeable("gosaAclEntry")){
209 continue;
210 }
212 if (preg_match('/^acl_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
213 unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
214 continue;
215 }
217 if (preg_match('/^cat_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
218 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
219 foreach ($this->ocMapping[$idx] as $key){
220 unset($this->aclContents["$idx/$key"]);
221 }
222 continue;
223 }
225 /* Sorting... */
226 if (preg_match('/^sortup_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
227 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
228 if ($index > 0){
229 $tmp= $this->gosaAclTemplate[$index];
230 $this->gosaAclTemplate[$index]= $this->gosaAclTemplate[$index-1];
231 $this->gosaAclTemplate[$index-1]= $tmp;
232 }
233 continue;
234 }
235 if (preg_match('/^sortdown_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
236 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
237 if ($index < count($this->gosaAclTemplate)-1){
238 $tmp= $this->gosaAclTemplate[$index];
239 $this->gosaAclTemplate[$index]= $this->gosaAclTemplate[$index+1];
240 $this->gosaAclTemplate[$index+1]= $tmp;
241 }
242 continue;
243 }
245 /* ACL saving... */
246 if (preg_match('/^acl_.*_[^xy]$/', $name) && $this->acl_is_writeable("gosaAclEntry")){
247 list($dummy, $object, $attribute, $value)= explode('_', $name);
249 /* Skip for detection entry */
250 if ($object == 'dummy') {
251 continue;
252 }
254 /* Ordinary ACL */
255 if (!isset($new_acl[$object])){
256 $new_acl[$object]= array();
257 }
258 if (isset($new_acl[$object][$attribute])){
259 $new_acl[$object][$attribute].= $value;
260 } else {
261 $new_acl[$object][$attribute]= $value;
262 }
263 }
264 }
266 if(isset($_POST['acl_dummy_0_0_0'])){
267 $aclDialog= TRUE;
268 }
270 /* Only be interested in new acl's, if we're in the right _POST place */
271 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
273 foreach ($this->ocMapping[$this->aclObject] as $oc){
274 unset($this->aclContents[$oc]);
275 unset($this->aclContents[$this->aclObject.'/'.$oc]);
276 if (isset($new_acl[$oc])){
277 $this->aclContents[$oc]= $new_acl[$oc];
278 }
279 if (isset($new_acl[$this->aclObject.'/'.$oc])){
280 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
281 }
282 }
283 }
285 /* Save new acl in case of base edit mode */
286 if (1 == 0 && $this->aclType == 'base' && !$firstedit){
287 $this->aclContents= $new_acl;
288 }
290 /* Cancel new acl? */
291 if (isset($_POST['cancel_new_acl'])){
292 $this->dialogState= 'head';
293 $this->dialog= FALSE;
294 if ($this->wasNewEntry){
295 unset ($this->gosaAclTemplate[$this->currentIndex]);
296 }
297 }
299 /* Store ACL in main object? */
300 if (isset($_POST['submit_new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
301 $this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType;
302 $this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients;
303 $this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents;
304 $this->dialogState= 'head';
305 $this->dialog= FALSE;
306 }
308 /* Cancel edit acl? */
309 if (isset($_POST['cancel_edit_acl'])){
310 $this->dialogState= 'create';
311 foreach ($this->ocMapping[$this->aclObject] as $oc){
312 if (isset($this->savedAclContents[$oc])){
313 $this->aclContents[$oc]= $this->savedAclContents[$oc];
314 }
315 }
316 }
318 /* Save edit acl? */
319 if (isset($_POST['submit_edit_acl']) && $this->acl_is_writeable("gosaAclEntry")){
320 $this->dialogState= 'create';
321 }
323 /* Add acl? */
324 if (isset($_POST['add_acl']) && $_POST['aclObject'] != "" && $this->acl_is_writeable("gosaAclEntry")){
325 $this->dialogState= 'edit';
326 $this->savedAclContents= array();
327 foreach ($this->ocMapping[$this->aclObject] as $oc){
328 if (isset($this->aclContents[$oc])){
329 $this->savedAclContents[$oc]= $this->aclContents[$oc];
330 }
331 }
332 }
334 /* Save common values */
335 foreach (array("aclType", "aclObject", "target") as $key){
336 if (isset($_POST[$key]) && $this->acl_is_writeable("gosaAclEntry")){
337 $this->$key= validate($_POST[$key]);
338 }
339 }
341 /* Create templating instance */
342 $smarty= get_smarty();
343 $smarty->assign("usePrototype", "true");
345 $smarty->assign("base", $this->baseSelector->render());
347 $tmp = $this->plInfo();
348 foreach($tmp['plProvidedAcls'] as $name => $translation){
349 $smarty->assign($name."ACL",$this->getacl($name));
350 }
352 if ($this->dialogState == 'head'){
353 /* Draw list */
354 $aclList= new divSelectBox("aclList");
355 $aclList->SetHeight(350);
357 /* Fill in entries */
358 foreach ($this->gosaAclTemplate as $key => $entry){
360 if($this->acl_is_readable("")){
361 $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
362 }else{
363 $link = $this->assembleAclSummary($entry);
364 }
366 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
367 $field2= array("string" => $link);
369 $action ="";
370 if($this->acl_is_writeable("gosaAclEntry")){
371 $action.= "<input type='image' name='sortup_$key' alt='up'
372 title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
373 $action.= "<input type='image' name='sortdown_$key' alt='down'
374 title='"._("Down")."' src='images/lists/sort-down.png'>";
375 }
376 if($this->acl_is_readable("gosaAclEntry")){
377 $action.= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='acl_edit_$key'
378 title='".msgPool::editButton(_("ACL"))."'>";
379 }
380 if($this->acl_is_writeable("gosaAclEntry")){
381 $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key'
382 title='".msgPool::delButton(_("ACL"))."'>";
383 }
385 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
386 $aclList->AddEntry(array($field1, $field2, $field3));
387 }
389 $smarty->assign("aclList", $aclList->DrawList());
390 }
392 if ($this->dialogState == 'create'){
393 /* Draw list */
394 $aclList= new divSelectBox("aclList");
395 $aclList->SetHeight(450);
397 /* Add settings for all categories to the (permanent) list */
398 foreach ($this->aclObjects as $section => $dsc){
399 $summary= "";
400 foreach($this->ocMapping[$section] as $oc){
401 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
402 $this->aclContents[$oc][0] != ""){
404 $summary.= "$oc, ";
405 continue;
406 }
407 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
408 $summary.= "$oc, ";
409 continue;
410 }
411 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
412 $summary.= "$oc, ";
413 }
414 }
416 /* Set summary... */
417 if ($summary == ""){
418 $summary= '<i>'._("No ACL settings for this category").'</i>';
419 } else {
420 $summary= sprintf(_("ACL for these objects: %s"), preg_replace('/, $/', '', $summary));
421 }
423 $action = "";
424 if($this->acl_is_readable("gosaAclEntry")){
425 $action.= "<input class='center' type='image' src='images/lists/edit.png'
426 alt='"._("Edit")."' name='cat_edit_$section' title='"._("Edit category ACL")."'>";
427 }
428 if($this->acl_is_writeable("gosaAclEntry")){
429 $action.= "<input class='center' type='image' src='images/lists/trash.png'
430 alt='"._("Delete")."' name='cat_del_$section' title='"._("Reset category ACL")."'>";
431 }
433 $field1= array("string" => $dsc, "attach" => "style='width:140px'");
434 $field2= array("string" => $summary);
435 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
436 $aclList->AddEntry(array($field1, $field2, $field3));
437 }
439 $smarty->assign("aclList", $aclList->DrawList());
440 $smarty->assign("aclType", $this->aclType);
441 $smarty->assign("aclTypes", $this->aclTypes);
442 $smarty->assign("target", $this->target);
444 if ($this->aclType == 'base'){
445 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
446 }
447 }
449 if ($this->dialogState == 'edit'){
450 $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
452 /* Collect objects for selected category */
453 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
454 if ($idx == 0){
455 continue;
456 }
457 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
458 }
459 if ($this->aclObject == 'all'){
460 $aclObjects['all']= _("All objects in current subtree");
461 }
462 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
463 }
465 /* Show main page */
466 $smarty->assign("dialogState", $this->dialogState);
468 /* Assign cn and decription if this is a role */
469 foreach(array("cn","description") as $name){
470 $smarty->assign($name,$this->$name);
471 }
472 return ($smarty->fetch (get_template_path('acl_role.tpl',dirname(__FILE__))));
473 }
475 function sort_by_priority($list)
476 {
477 $tmp= session::get('plist');
478 $plist= $tmp->info;
479 asort($plist);
480 $newSort = array();
482 foreach($list as $name => $translation){
483 $na = preg_replace("/^.*\//","",$name);
484 if (!isset($plist[$na]['plPriority'])){
485 $prio= 0;
486 } else {
487 $prio= $plist[$na]['plPriority'] ;
488 }
490 $newSort[$name] = $prio;
491 }
493 asort($newSort);
495 $ret = array();
496 foreach($newSort as $name => $prio){
497 $ret[$name] = $list[$name];
498 }
499 return($ret);
500 }
502 function loadAclEntry($new= FALSE)
503 {
504 /* New entry gets presets... */
505 if ($new){
506 $this->aclType= 'sub';
507 $this->recipients= array();
508 $this->aclContents= array();
509 } else {
510 $acl= $this->gosaAclTemplate[$this->currentIndex];
511 $this->aclType= $acl['type'];
512 $this->recipients= $acl['members'];
513 $this->aclContents= $acl['acl'];
514 }
516 $this->wasNewEntry= $new;
517 }
520 function aclPostHandler()
521 {
522 if (isset($_POST['save_acl']) && $this->acl_is_writeable("gosaAclEntry")){
523 $this->save();
524 return TRUE;
525 }
527 return FALSE;
528 }
531 function save()
532 {
533 /* Assemble ACL's */
534 $tmp_acl= array();
535 foreach ($this->gosaAclTemplate as $prio => $entry){
536 $final= "";
537 $members= "";
538 if (isset($entry['members'])){
539 foreach ($entry['members'] as $key => $dummy){
540 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
541 }
542 }
543 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
545 /* ACL's if needed */
546 if ($entry['type'] != "reset" && $entry['type'] != "role"){
547 $acl= ":";
548 if (isset($entry['acl'])){
549 foreach ($entry['acl'] as $object => $contents){
551 /* Only save, if we've some contents in there... */
552 if (count($contents)){
553 $acl.= $object.";";
555 foreach($contents as $attr => $permission){
557 /* First entry? Its the one for global settings... */
558 if ($attr == '0'){
559 $acl.= $permission;
560 } else {
561 $acl.= '#'.$attr.';'.$permission;
562 }
564 }
565 $acl.= ',';
566 }
568 }
569 }
570 $final.= preg_replace('/,$/', '', $acl);
571 }
573 $tmp_acl[]= $final;
574 }
576 /* Call main method */
577 plugin::save();
579 /* Finally (re-)assign it... */
580 $this->attrs["gosaAclTemplate"]= $tmp_acl;
582 /* Remove acl from this entry if it is empty... */
583 if (!count($tmp_acl)){
584 /* Remove attribute */
585 if ($this->initially_was_account){
586 $this->attrs["gosaAclTempalte"]= array();
587 } else {
588 if (isset($this->attrs["gosaAclTemplate"])){
589 unset($this->attrs["gosaAclTemplate"]);
590 }
591 }
592 }
594 /* Do LDAP modifications */
595 $ldap= $this->config->get_ldap_link();
597 /* Check if object already exists */
598 $ldap->cat($this->dn);
599 if($ldap->count()){
600 $ldap->cd($this->dn);
601 $this->cleanup();
602 $ldap->modify ($this->attrs);
603 new log("modify","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
604 }else{
605 $ldap->cd($this->config->current['BASE']);
606 $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$this->dn));
607 $ldap->cd($this->dn);
608 $ldap->add($this->attrs);
609 new log("create","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
610 }
612 if (!$ldap->success()){
613 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
614 }
616 /* Refresh users ACL */
617 $ui= get_userinfo();
618 $ui->loadACL();
619 session::set('ui',$ui);
620 }
623 function remove_from_parent()
624 {
625 $ldap = $this->config->get_ldap_link();
626 $serach_for = "*:role:".base64_encode($this->dn).":*";
627 $ldap->search ("(&(objectClass=gosaACL)(gosaAclEntry=".$serach_for."))",array('dn','cn','sn','givenName','uid'));
628 $all_names = "";
631 $cnt = 3;
632 while(($attrs = $ldap->fetch()) && $cnt){
633 $name = $attrs['dn'];
634 $name = preg_replace("/[ ]/"," ",$name);
635 $name = "<i>'".$name."'</i>";
636 $all_names .= $name.", ";
637 $cnt --;
638 }
640 if(!empty($all_names)){
641 $all_names = preg_replace("/, $/","",$all_names);
642 if(!$cnt){
643 $all_names .= ", ...";
644 }
645 $all_names = "<span style='text-align:left;'>".$all_names."</span>";
646 msg_dialog::display(_("Object in use"), sprintf(_("This role cannot be removed while it is in use by these objects:")."<br><br>%s", $all_names), WARNING_DIALOG);
647 return;
648 }
650 $ldap->rmDir($this->dn);
651 new log("remove","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
652 if (!$ldap->success()){
653 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
654 }
656 /* Optionally execute a command after we're done */
657 $this->handle_post_events("remove");
659 /* Delete references to object groups */
660 $ldap->cd ($this->config->current['BASE']);
661 $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
662 while ($ldap->fetch()){
663 $og= new ogroup($this->config, $ldap->getDN());
664 unset($og->member[$this->dn]);
665 $og->save ();
666 if (!$ldap->success()){
667 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $og->dn, "", get_class()));
668 }
669 }
670 }
673 function save_object()
674 {
675 plugin::save_object();
676 if(isset($_POST['acl_role_posted'])){
678 /* Refresh base */
679 if ($this->acl_is_moveable($this->base)){
680 if (!$this->baseSelector->update()) {
681 msg_dialog::display(_("Error"), msgPool::permMove(), ERROR_DIALOG);
682 }
683 if ($this->base != $this->baseSelector->getBase()) {
684 $this->base= $this->baseSelector->getBase();
685 $this->is_modified= TRUE;
686 }
687 }
688 }
689 }
692 function saveCopyDialog()
693 {
694 if(isset($_POST['cn'])){
695 $this->cn = $_POST['cn'];
696 }
697 }
700 function getCopyDialog()
701 {
702 $smarty = get_smarty();
703 $smarty->assign("cn",$this->cn);
704 $str = $smarty->fetch(get_template_path("paste_role.tpl",TRUE,dirname(__FILE__)));
705 $ret = array();
706 $ret['string'] = $str;
707 $ret['status'] = "";
708 return($ret);
709 }
712 function PrepareForCopyPaste($source)
713 {
714 plugin::PrepareForCopyPaste($source);
716 $source_o = new aclrole($this->config,$source['dn']);
717 $this->gosaAclTemplate = $source_o->gosaAclTemplate;
718 }
721 /* Return plugin informations for acl handling */
722 static function plInfo()
723 {
724 return (array(
725 "plShortName" => _("Role"),
726 "plDescription" => _("Access control roles"),
727 "plSelfModify" => FALSE,
728 "plDepends" => array(),
729 "plPriority" => 0,
730 "plSection" => array("administration"),
731 "plCategory" => array("acl"),
732 "plProvidedAcls" => array(
733 "cn" => _("Name"),
734 "base" => _("Base"),
735 "description" => _("Description"),
736 "gosaAclEntry" => _("Permissions"))
737 ));
738 }
740 function check()
741 {
742 $message = plugin::check();
744 if(empty($this->cn)){
745 $message[] = msgPool::required(_("Name"));
746 }
748 $ldap = $this->config->get_ldap_link();
749 $ldap->cd($this->config->current['BASE']);
750 if($this->cn != $this->orig_cn){
751 $ldap->search("(&(objectClass=gosaRole)(cn=".$this->cn."))");
752 if($ldap->count()) {
753 while($attrs = $ldap->fetch()){
754 if($attrs['dn'] != $this->orig_dn){
755 $message[] = msgPool::duplicated(_("Name"));
756 }
757 }
758 }
759 }
761 if(!count($this->gosaAclTemplate)){
762 $message[] = msgPool::required(_("ACL"));
763 }
765 // Check if a wrong base was supplied
766 if(!$this->baseSelector->checkLastBaseUpdate()){
767 $message[]= msgPool::check_base();;
768 }
770 /* Check if we are allowed to create or move this object
771 */
772 if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
773 $message[] = msgPool::permCreate();
774 }elseif($this->orig_dn != "new" && $this->base != $this->orig_base && !$this->acl_is_moveable($this->base)){
775 $message[] = msgPool::permMove();
776 }
778 return($message);
779 }
781 }
783 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
784 ?>