1 <?php
3 class filterACL {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result=array();
11 $result= array_merge($result,filterACL::get_list($base, $filter, $attributes, $category, array(), $flag | GL_SIZELIMIT, "cat"));
12 if($scope == "sub"){
13 $result= array_merge($result,filterACL::get_list($base, $filter, $attributes, $category, array(), $flag | GL_SIZELIMIT, "search"));
14 }
15 $result= array_merge($result,filterACL::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT, ""));
16 return(filterACL::unifyResult($result));
17 }
19 static function unifyResult($result)
20 {
21 $res=array();
22 foreach($result as $entry){
23 if(!isset($res[$entry['dn']])){
24 $res[$entry['dn']]=$entry;
25 }
26 }
27 return(array_values($res));
28 }
30 static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH, $method= "")
31 {
32 $ui= session::global_get('ui');
33 $config= session::global_get('config');
35 // Move to arrays for category and objectStorage
36 if (!is_array($category)) {
37 $category= array($category);
38 }
39 if (!is_array($objectStorage)) {
40 $objectStorage= array($objectStorage);
41 }
43 if(empty($method)){
44 $method= (empty($objectStorage) && !($flags & GL_SUBSEARCH))?"ls":"search";
45 }
47 // Initialize search bases
48 $bases= array();
50 // Get list of sub bases to search on
51 if (count($objectStorage) == 0) {
52 $bases[$base]= "";
53 } else {
54 foreach ($objectStorage as $oc) {
55 $oc= preg_replace('/,$/', '', $oc);
56 $tmp= explode(',', $oc);
57 if (count($tmp) == 1) {
58 preg_match('/([^=]+)=(.*)$/', $oc, $m);
59 if ($flags & GL_SUBSEARCH) {
60 $bases[$base][]= $m[1].":dn:=".$m[2];
61 } else {
62 $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
63 }
64 } else {
65 // No, there's no \, in pre defined RDN values
66 preg_match('/^([^,]+),(.*)$/', $oc, $matches);
67 preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
68 if ($flags & GL_SUBSEARCH) {
69 $bases[$base][]= $m[1].":dn:=".$m[2];
70 } else {
71 $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
72 }
73 }
74 }
75 }
77 // Get LDAP link
78 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
80 // Do search for every base
81 $result= array();
82 $limit_exceeded = FALSE;
83 foreach($bases as $base => $dnFilters) {
85 // Break if the size limit is exceeded
86 if($limit_exceeded){
87 return($result);
88 }
90 // Switch to new base and search
91 if (is_array($dnFilters)){
92 $dnFilter= "(|";
93 foreach ($dnFilters as $df) {
94 $dnFilter.= "($df)";
95 }
96 $dnFilter.= ")";
97 } else {
98 $dnFilter= "";
99 }
100 $ldap->cd($base);
101 if ($method == "ls") {
102 $ldap->ls("(&$filter$dnFilter)", $base, $attributes);
103 } elseif ($method == "cat") {
104 $ldap->cat($base, $attributes, "(&$filter$dnFilter)");
105 } else {
106 $ldap->search("(&$filter$dnFilter)", $attributes);
107 }
109 // Check for size limit exceeded messages for GUI feedback
110 if (preg_match("/size limit/i", $ldap->get_error())){
111 session::set('limit_exceeded', TRUE);
112 $limit_exceeded = TRUE;
113 }
115 /* Crawl through result entries and perform the migration to the
116 result array */
117 while($attrs = $ldap->fetch()) {
118 $dn= $ldap->getDN();
120 /* Convert dn into a printable format */
121 if ($flags & GL_CONVERT){
122 $attrs["dn"]= convert_department_dn($dn);
123 } else {
124 $attrs["dn"]= $dn;
125 }
127 /* Skip ACL checks if we are forced to skip those checks */
128 if($flags & GL_NO_ACL_CHECK){
129 $result[]= $attrs;
130 }else{
132 /* Sort in every value that fits the permissions */
133 foreach ($category as $o){
134 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
135 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
136 $result[]= $attrs;
137 break;
138 }
139 }
140 }
141 }
143 }
145 return $result;
146 }
149 }
151 ?>