1 <?php
4 /* FIXME: the complete acl stuff will be redesigned to be more intuitive,
5 which will be possible after introducing templates for html pages.
6 just be patient. */
9 class acl extends plugin
10 {
11 /* CLI vars */
12 var $cli_summary= "Manage group ACL's";
13 var $cli_description= "Some longer text\nfor help";
14 var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
16 /* Helpers */
17 var $department= "";
18 var $objects= array();
19 var $object= "";
20 var $current_acl= "";
21 var $selfflag= FALSE;
23 var $gosaSubtreeACL;
25 /* attribute list for save action */
26 var $attributes= array("gosaSubtreeACL");
27 var $objectclasses= array("gosaObject");
29 function acl ($config, $dn= NULL)
30 {
31 plugin::plugin($config, $dn);
33 /* WorkAround */
34 include "acl_definition.inc";
35 $this->objects= $ACLD;
36 $tmp= array_keys($this->objects);
37 $this->object= reset($tmp);
39 $this->selfflag= FALSE;
40 if (isset($this->attrs['gosaSubtreeACL'][0])){
41 $this->current_acl= preg_replace("/^[^:]*:/", "", $this->attrs['gosaSubtreeACL'][0]);
42 if (preg_match("/^!:/", $this->attrs['gosaSubtreeACL'][0])){
43 $this->selfflag= TRUE;
44 }
45 }
47 /* This is allways true */
48 $this->is_account= TRUE;
49 }
51 function execute()
52 {
53 /* Call parent execute */
54 plugin::execute();
56 /* Do we represent a valid group? */
57 if (!$this->is_account && $this->parent == NULL){
58 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\"> <b>".
59 _("This 'dn' is no acl container.")."</b>";
60 return ($display);
61 }
63 /* Show main page */
64 $smarty= get_smarty();
65 if ($_SESSION['js']==FALSE){
66 $smarty->assign("javascript", "false");
67 } else {
68 $smarty->assign("javascript", "true");
69 }
70 $smarty->assign("object", $this->object);
71 $obj= array();
72 foreach($this->objects as $key => $value){
73 $obj[$key]= $key;
74 }
75 if ($this->selfflag){
76 $smarty->assign("selfflag", "checked");
77 } else {
78 $smarty->assign("selfflag", "");
79 }
80 $smarty->assign("objects", $obj);
81 $display= $smarty->fetch (get_template_path('acl.tpl', TRUE));
83 /* Show acl stuff */
84 $this->acl= get_module_permission (array($this->current_acl), $this->object, "");
85 $display.= $this->print_attributes ($this->objects[$this->object]);
86 return ($display);
87 }
90 function remove_from_parent()
91 {
92 plugin::remove_from_parent();
94 $this->attrs['gosaSubtreeACL']= array();
96 $ldap= $this->config->get_ldap_link();
97 $ldap->cd($this->dn);
98 $this->cleanup();
99 $ldap->modify ($this->attrs);
101 show_ldap_error($ldap->get_error());
102 }
105 /* Save data to object */
106 function save_object()
107 {
108 plugin::save_object();
110 if (!isset($_POST['object'])){
111 return;
112 }
114 /* Strip of old information */
115 if ($this->object == "all"){
116 $this->current_acl= preg_replace ( "/[,]?all[,]?/", "", $this->current_acl);
117 }
118 $this->current_acl= preg_replace ( "/[^a-z0-9A-Z]$this->object#[^,]*[,]?/", "", $this->current_acl);
120 /* assemble new attributes */
121 $attrs= "";
122 if (isset($_POST['all'])){
123 $attrs.= "#all";
124 }
125 if ($this->object != "all" && !isset($_POST['all']) && $this->object != ""){
126 foreach ($this->objects[$this->object] as $key => $val){
127 if (is_integer($key)){
128 $aname= $val;
129 } else {
130 $aname= $key;
131 }
132 if (isset($_POST[$aname])){
133 $attrs.= "#$aname";
134 }
135 }
136 }
138 /* append information */
139 if ($this->current_acl != "" && $attrs != ""){
140 $this->current_acl.= ",";
141 }
142 if ($attrs != ""){
143 $tmp= $this->object;
144 $attrs= $tmp.$attrs;
145 }
146 $this->current_acl.= $attrs;
147 if (preg_match("/all#all/", $this->current_acl)){
148 $this->current_acl= "all";
149 }
150 if (preg_match("/^all,/", $this->current_acl)){
151 $this->current_acl= "all";
152 }
154 /* Save current object selection */
155 if (isset($_POST['object'])){
156 $this->object= $_POST['object'];
157 }
158 if (isset($_POST['selfflag'])){
159 $this->selfflag= TRUE;
160 } else {
161 $this->selfflag= FALSE;
162 }
164 }
167 /* Save to LDAP */
168 function save()
169 {
170 /* Write back to LDAP */
171 $ldap= $this->config->get_ldap_link();
173 /* Read stuff and only modify subtreeACL entries */
174 plugin::save();
176 if ($this->current_acl != ""){
177 if ($this->selfflag){
178 $this->attrs['gosaSubtreeACL']= "!:".$this->current_acl;
179 } else {
180 $this->attrs['gosaSubtreeACL']= ":".$this->current_acl;
181 }
182 } else {
183 $objectclasses= array();
184 foreach ($this->attrs['objectClass'] as $oc){
185 if (!preg_match('/gosaObject/i', $oc)){
186 $objectclasses[]= $oc;
187 }
188 }
189 $this->attrs['objectClass']= $objectclasses;
190 $this->attrs['gosaSubtreeACL']= array();
191 }
193 /* Modify class */
194 $ldap->cd($this->dn);
195 $this->cleanup();
196 $ldap->modify ($this->attrs);
198 show_ldap_error($ldap->get_error());
199 }
202 function print_attributes ($name)
203 {
204 $display= "<input type=checkbox name=\"all\" value=\"1\"";
205 if (chkacl ($this->acl, "all") == ""){
206 $display.= " checked";
207 }
208 $display.= "><b>"._("All fields are writeable")."</b><br>";
210 # Put strings in right order
211 asort ($name);
213 # Generate checklist
214 $display.= "<table summary=\"\" style=\"width:100%;\">\n";
215 $switch= 0;
216 foreach ($name as $key => $val){
217 if ($switch == 0){
218 $display.= " <tr>\n";
219 }
221 if (is_integer($key)){
222 $display.= "<td><input type=checkbox name=\"$val\" value=\"1\" ";
223 if (chkacl ($this->acl, "$val") == ""){
224 $display.= "checked";
225 }
226 $display.= ">$val</td>";
227 } else {
228 $display.= "<td><input type=checkbox name=\"$key\" value=\"1\"";
229 if (chkacl ($this->acl, "$key") == ""){
230 $display.= "checked";
231 }
232 $display.= ">"._($val)."</td>";
233 }
235 if ($switch++ == 1){
236 $display.= " </tr>\n";
237 $switch= 0;
238 }
239 }
241 if ($switch == 1){
242 $display.= "<td></td></tr>";
243 }
244 $display.= "</table>\n";
246 return ($display);
247 }
249 }
251 ?>