1 <?php
3 class filterACL {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result= filterACL::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT, "cat");
11 $result= array_merge($result,filterACL::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT, ""));
12 return(filterACL::unifyResult($result));
13 }
15 static function unifyResult($result)
16 {
17 $res=array();
18 foreach($result as $entry){
19 if(!isset($res[$entry['dn']])){
20 $res[$entry['dn']]=$entry;
21 }
22 }
23 return(array_values($res));
24 }
26 static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH, $method= "")
27 {
28 $ui= session::global_get('ui');
29 $config= session::global_get('config');
31 // Move to arrays for category and objectStorage
32 if (!is_array($category)) {
33 $category= array($category);
34 }
35 if (!is_array($objectStorage)) {
36 $objectStorage= array($objectStorage);
37 }
39 if(empty($method)){
40 $method= (empty($objectStorage) && !($flags & GL_SUBSEARCH))?"ls":"search";
41 }
43 // Initialize search bases
44 $bases= array();
46 // Get list of sub bases to search on
47 if (count($objectStorage) == 0) {
48 $bases[$base]= "";
49 } else {
50 foreach ($objectStorage as $oc) {
51 $oc= preg_replace('/,$/', '', $oc);
52 $tmp= split(',', $oc);
53 if (count($tmp) == 1) {
54 preg_match('/([^=]+)=(.*)$/', $oc, $m);
55 if ($flags & GL_SUBSEARCH) {
56 $bases[$base][]= $m[1].":dn:=".$m[2];
57 } else {
58 $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
59 }
60 } else {
61 // No, there's no \, in pre defined RDN values
62 preg_match('/^([^,]+),(.*)$/', $oc, $matches);
63 preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
64 if ($flags & GL_SUBSEARCH) {
65 $bases[$base][]= $m[1].":dn:=".$m[2];
66 } else {
67 $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
68 }
69 }
70 }
71 }
73 // Get LDAP link
74 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
76 // Do search for every base
77 $result= array();
78 $limit_exceeded = FALSE;
79 foreach($bases as $base => $dnFilters) {
81 // Break if the size limit is exceeded
82 if($limit_exceeded){
83 return($result);
84 }
86 // Switch to new base and search
87 if (is_array($dnFilters)){
88 $dnFilter= "(|";
89 foreach ($dnFilters as $df) {
90 $dnFilter.= "($df)";
91 }
92 $dnFilter.= ")";
93 } else {
94 $dnFilter= "";
95 }
96 $ldap->cd($base);
97 if ($method == "ls") {
98 $ldap->ls("(&$filter$dnFilter)", $base, $attributes);
99 } elseif($method == "cat") {
100 $ldap->cat($base, $attributes);
101 } else {
102 $ldap->search("(&$filter$dnFilter)", $attributes);
103 }
105 // Check for size limit exceeded messages for GUI feedback
106 if (preg_match("/size limit/i", $ldap->get_error())){
107 session::set('limit_exceeded', TRUE);
108 $limit_exceeded = TRUE;
109 }
111 /* Crawl through result entries and perform the migration to the
112 result array */
113 while($attrs = $ldap->fetch()) {
114 $dn= $ldap->getDN();
116 /* Convert dn into a printable format */
117 if ($flags & GL_CONVERT){
118 $attrs["dn"]= convert_department_dn($dn);
119 } else {
120 $attrs["dn"]= $dn;
121 }
123 /* Skip ACL checks if we are forced to skip those checks */
124 if($flags & GL_NO_ACL_CHECK){
125 $result[]= $attrs;
126 }else{
128 /* Sort in every value that fits the permissions */
129 foreach ($category as $o){
130 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
131 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
132 $result[]= $attrs;
133 break;
134 }
135 }
136 }
137 }
139 }
141 return $result;
142 }
145 }
147 ?>