1 <?php
3 class filterACL {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result=array();
11 $result= array_merge($result,filterACL::get_list($base, $filter, $attributes, $category, array(), $flag | GL_SIZELIMIT, "search"));
12 $result= array_merge($result,filterACL::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT, ""));
13 return(filterACL::unifyResult($result));
14 }
16 static function unifyResult($result)
17 {
18 $res=array();
19 foreach($result as $entry){
20 if(!isset($res[$entry['dn']])){
21 $res[$entry['dn']]=$entry;
22 }
23 }
24 return(array_values($res));
25 }
27 static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH, $method= "")
28 {
29 $ui= session::global_get('ui');
30 $config= session::global_get('config');
32 // Move to arrays for category and objectStorage
33 if (!is_array($category)) {
34 $category= array($category);
35 }
36 if (!is_array($objectStorage)) {
37 $objectStorage= array($objectStorage);
38 }
40 if(empty($method)){
41 $method= (empty($objectStorage) && !($flags & GL_SUBSEARCH))?"ls":"search";
42 }
44 // Initialize search bases
45 $bases= array();
47 // Get list of sub bases to search on
48 if (count($objectStorage) == 0) {
49 $bases[$base]= "";
50 } else {
51 foreach ($objectStorage as $oc) {
52 $oc= preg_replace('/,$/', '', $oc);
53 $tmp= split(',', $oc);
54 if (count($tmp) == 1) {
55 preg_match('/([^=]+)=(.*)$/', $oc, $m);
56 if ($flags & GL_SUBSEARCH) {
57 $bases[$base][]= $m[1].":dn:=".$m[2];
58 } else {
59 $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
60 }
61 } else {
62 // No, there's no \, in pre defined RDN values
63 preg_match('/^([^,]+),(.*)$/', $oc, $matches);
64 preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
65 if ($flags & GL_SUBSEARCH) {
66 $bases[$base][]= $m[1].":dn:=".$m[2];
67 } else {
68 $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
69 }
70 }
71 }
72 }
74 // Get LDAP link
75 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
77 // Do search for every base
78 $result= array();
79 $limit_exceeded = FALSE;
80 foreach($bases as $base => $dnFilters) {
82 // Break if the size limit is exceeded
83 if($limit_exceeded){
84 return($result);
85 }
87 // Switch to new base and search
88 if (is_array($dnFilters)){
89 $dnFilter= "(|";
90 foreach ($dnFilters as $df) {
91 $dnFilter.= "($df)";
92 }
93 $dnFilter.= ")";
94 } else {
95 $dnFilter= "";
96 }
97 $ldap->cd($base);
98 if ($method == "ls") {
99 $ldap->ls("(&$filter$dnFilter)", $base, $attributes);
100 } else {
101 $ldap->search("(&$filter$dnFilter)", $attributes);
102 }
104 // Check for size limit exceeded messages for GUI feedback
105 if (preg_match("/size limit/i", $ldap->get_error())){
106 session::set('limit_exceeded', TRUE);
107 $limit_exceeded = TRUE;
108 }
110 /* Crawl through result entries and perform the migration to the
111 result array */
112 while($attrs = $ldap->fetch()) {
113 $dn= $ldap->getDN();
115 /* Convert dn into a printable format */
116 if ($flags & GL_CONVERT){
117 $attrs["dn"]= convert_department_dn($dn);
118 } else {
119 $attrs["dn"]= $dn;
120 }
122 /* Skip ACL checks if we are forced to skip those checks */
123 if($flags & GL_NO_ACL_CHECK){
124 $result[]= $attrs;
125 }else{
127 /* Sort in every value that fits the permissions */
128 foreach ($category as $o){
129 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
130 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
131 $result[]= $attrs;
132 break;
133 }
134 }
135 }
136 }
138 }
140 return $result;
141 }
144 }
146 ?>