![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
3 class aclResolver
4 {
5 private $classMapping = array();
6 private $aclTypes = array();
7 private $affectingACLs = array();
9 private $renderedList = "";
11 function __construct($config, $dn, $parent)
12 {
13 $this->config = &$config;
14 $this->dn = $dn;
16 // Get ACL category for the current object.
17 if(isset($parent->acl_category) && !empty($parent->acl_category)){
18 $this->acl_category = preg_replace("/\/$/","",$parent->acl_category);
19 }
21 // Build class mapping - only once, will not change during session.
22 if(!session::is_set('aclConverter::classMapping')){
23 $tmp= session::global_get('plist');
24 $plist= $tmp->info;
25 $map = array();
26 $map['all']= _("All categories");
27 foreach($plist as $class => $plInfo){
28 if(isset($plInfo['plCategory']) && is_array($plInfo['plCategory'])){
29 foreach($plInfo['plCategory'] as $category => $desc){
30 if(!is_numeric($category)){
31 $map[$category] = $desc['description'];
32 }
33 }
34 }
35 }
36 foreach($plist as $class => $plInfo){
37 if(isset($plInfo['plCategory']) && is_array($plInfo['plCategory'])){
38 foreach($plInfo['plCategory'] as $category => $desc){
39 if(!is_numeric($category)){
40 $map[$category."/".$class] = $map[$category]." - ".$plInfo['plDescription'];
41 }else{
42 $map[$desc."/".$class] = $map[$desc]." - ".$plInfo['plDescription'];
43 }
44 }
46 }
47 }
48 session::set('aclConverter::classMapping', $map);
49 }
50 $this->classMapping = session::get('aclConverter::classMapping');
52 // Define ACL type translations
53 $this->aclTypes= array("reset" => _("Reset ACLs"),
54 "one" => _("One level"),
55 "base" => _("Current object"),
56 "sub" => _("Complete subtree"),
57 "psub" => _("Complete subtree (permanent)"),
58 "role" => _("Use ACL defined in role"));
60 $this->reload();
61 }
64 function reload()
65 {
67 // Go through all ACLs and get those matching out DN.
68 $ui = get_userinfo();
69 $ui->reset_acl_cache();
70 $ui->loadACL();
72 foreach($ui->allACLs as $dn => $acls){
73 if(preg_match("/".preg_quote($dn,'/')."$/i", $this->dn)){
74 foreach($acls as $prio => $acl){
75 if($acl['type'] == "reset"){
76 $this->affectingACLs[$dn][$prio] = $acl;
77 continue;
78 }else{
79 foreach($acl['acl'] as $category => $attributes){
80 if(preg_match("/^all($|\/)/", $category) ||
81 preg_match("/^".$this->acl_category."($|\/)/", $category)){
82 $this->affectingACLs[$dn][$prio] = $acl;
83 continue;
84 }
85 }
86 }
87 }
88 }
89 }
91 // Enforce to reload acl result
92 $this->renderedList = "";
93 }
97 /*! \brief Create a human readable HTML result
98 */
99 function getReadableACL()
100 {
101 if(empty($this->renderedList)){
103 $tpl =
104 "\n <tr class='acl-viewer-head %s'>".
105 "\n <td>%s</td>".
106 "\n <td colspan=2><b>%s</b> - %s</td>".
107 "\n </tr>".
108 "\n %s".
109 "\n <tr>".
110 "\n <td colspan=3><hr></td>".
111 "\n </tr>";
113 $filter_tpl =
114 "\n <tr class='%s'>".
115 "\n <td></td>".
116 "\n <td><b>"._("Filter")."</b></td>".
117 "\n <td><ul><li>%s</li></ul></td>".
118 "\n </tr>";
120 $gmem_tpl =
121 "\n <tr class='%s'>".
122 "\n <td></td>".
123 "\n <td><b>"._("Group members")."</b></td>".
124 "\n <td><ul>%s</ul></td>".
125 "\n </tr>";
127 $umem_tpl =
128 "\n <tr class='%s'>".
129 "\n <td></td>".
130 "\n <td><b>"._("Members")."</b></td>".
131 "\n <td><ul>%s</ul></td>".
132 "\n </tr>";
134 $acl_tpl =
135 "\n <tr class='%s'>".
136 "\n <td></td>".
137 "\n <td><b>"._("Acls")."</b></td>".
138 "\n <td><ul>%s</ul></td>".
139 "\n </tr>";
142 $str = "<table summary='"._("Object permissions")."' class='acl-viewer'>";
143 $ldap = $this->config->get_ldap_link();
144 $ldap->cd($this->config->current['BASE']);
145 $ui = get_userinfo();
146 foreach($this->affectingACLs as $dn => $acls){
147 foreach($acls as $acl){
148 $gmem = $umem = $defs = "";
149 $image = (isset($this->config->idepartments[$dn]))? "images/select_department.png":"images/lists/element.png";
150 $aclType = $this->aclTypes[$acl['type']];
152 // Does the filter match for us?
153 $filter ="";
154 $match = TRUE;
155 if(!empty($acl['filter'])){
156 $match = $ldap->object_match_filter($ui->dn,$acl['filter']);
157 $filter= $acl['filter'];
158 if(!$match){
159 $filter= "<span>".$filter."</span>";
160 }
161 }
163 // Check if we are part of the member list
164 if($match){
165 $found = FALSE;
166 foreach($acl['members'] as $mem => $desc){
167 if($mem == "U:{$ui->dn}"){
168 $found = TRUE;
169 break;
170 }
171 if($mem == "G:*"){
172 $found = TRUE;
173 break;
174 }
175 if(preg_match("/^G:/", $mem)){
176 $gdn = preg_replace("/^G:/","",$mem);
177 $ldap->cat($gdn,array('memberUid'));
178 if($ldap->count()){
179 $attrs = $ldap->fetch();
180 if(isset($attrs['memberUid']) && in_array($ui->uid, $attrs['memberUid'])){
181 $found = TRUE;
182 }
183 }
184 break;
185 }
186 }
187 $match = $found;
188 }
190 $class = "";
191 if(!$match){
192 $class = "acl-viewer-blocked";
193 }
195 if(!empty($filter)) $filter =sprintf($filter_tpl,$class,$filter);
197 foreach($acl['members'] as $type => $name){
198 if(preg_match("/^G/", $type))
199 $gmem .= "\n <li>".$name."</li>";
200 }
201 if(!empty($gmem)) $gmem =sprintf($gmem_tpl,$class,$gmem);
203 foreach($acl['members'] as $type => $name){
204 if(!preg_match("/^G/", $type))
205 $umem .= "\n <li>".$name."</li>";
206 }
207 if(!empty($umem)) $umem = sprintf($umem_tpl,$class,$umem);
209 if($acl['type']!='reset'){
210 foreach($acl['acl'] as $type => $acl){
211 if(isset($this->classMapping[$type])){
212 $defs .= "<li>".$this->classMapping[$type].": ".$this->aclToString($acl)."</li>";
213 }else{
214 $defs .= "<li>".$type.": ".$this->aclToString($acl)."</li>";
215 }
216 }
217 if(!empty($defs)) $defs = sprintf($acl_tpl, $class,$defs);
218 }
219 $str.= sprintf($tpl,$class, image($image), $dn, $aclType, $filter.$gmem.$umem.$defs);
220 }
221 }
222 $str .= "</table>";
223 $this->renderedList = $str;
224 }
225 return($this->renderedList);
226 }
228 function aclToString($acls)
229 {
230 $str ="<ul>";
231 foreach($acls as $name => $acl){
233 if($name == "0") $name = _("All");
235 $str .= "<li>".$name.": <i>";
237 if(preg_match("/r/", $acl)) $str.= _("read").', ';
238 if(preg_match("/w/", $acl)) $str.= _("write").', ';
239 if(preg_match("/c/", $acl)) $str.= _("Create").', ';
240 if(preg_match("/d/", $acl)) $str.= _("Remove").', ';
241 if(preg_match("/m/", $acl)) $str.= _("Move").', ';
242 if(preg_match("/s/", $acl)) $str.= _("Owner").', ';
243 $str = trim($str,', ');
244 $str.= "</i></li>";
245 }
246 return($str."</ul>");
247 }
248 }
250 ?>