1 <?php
3 class acl extends plugin
4 {
5 /* Definitions */
6 var $plHeadline= "Access control";
7 var $plDescription= "This does something";
9 /* attribute list for save action */
10 var $attributes= array('gosaAclEntry');
11 var $objectclasses= array('gosaAcl');
13 /* Helpers */
14 var $dialogState= "head";
15 var $gosaAclEntry= array();
16 var $aclType= "";
17 var $aclObject= "";
18 var $aclContents= array();
19 var $target= "group";
20 var $aclTypes= array();
21 var $aclObjects= array();
22 var $aclMyObjects= array();
23 var $users= array();
24 var $groups= array();
25 var $recipients= array();
26 var $isContainer= FALSE;
27 var $currentIndex= 0;
28 var $wasNewEntry= FALSE;
29 var $ocMapping= array();
30 var $savedAclContents= array();
33 function acl ($config, $parent, $dn= NULL)
34 {
35 /* Include config object */
36 plugin::plugin($config, $dn);
38 /* Load ACL's */
39 $this->gosaAclEntry= array();
40 if (isset($this->attrs['gosaAclEntry'])){
41 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
42 $acl= $this->attrs['gosaAclEntry'][$i];
43 $this->gosaAclEntry= array_merge($this->gosaAclEntry, $this->explodeACL($acl));
44 }
45 }
46 ksort($this->gosaAclEntry);
48 /* Save parent - we've to know more about it than other plugins... */
49 $this->parent= $parent;
51 /* Container? */
52 if (preg_match('/^(ou|c|l|dc)=/i', $dn)){
53 $this->isContainer= TRUE;
54 }
56 /* Users */
57 $ui= get_userinfo();
58 $tag= $ui->gosaUnitTag;
59 $ldap= $config->get_ldap_link();
60 $ldap->cd($config->current['BASE']);
61 if ($tag == ""){
62 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
63 } else {
64 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
65 }
66 while ($attrs= $ldap->fetch()){
67 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
68 }
69 ksort($this->users);
71 /* Groups */
72 $ldap->cd($config->current['BASE']);
73 if ($tag == ""){
74 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
75 } else {
76 $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
77 }
78 while ($attrs= $ldap->fetch()){
79 $dsc= "";
80 if (isset($attrs['description'][0])){
81 $dsc= $attrs['description'][0];
82 }
83 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
84 }
85 ksort($this->groups);
87 /* Objects */
88 $tmp= get_global('plist');
89 $plist= $tmp->info;
90 if (isset($this->parent) && $this->parent != NULL){
91 $oc= array();
92 foreach ($this->parent->by_object as $key => $obj){
93 $oc= array_merge($oc, $obj->objectclasses);
94 }
95 if (in_array_ics('organizationalUnit', $oc)){
96 $this->isContainer= TRUE;
97 }
98 } else {
99 $oc= $this->attrs['objectClass'];
100 }
103 /* Extract available categories from plugin info list */
104 foreach ($plist as $class => $acls){
106 /* Only feed categories */
107 if (isset($acls['plCategory'])){
109 /* Walk through supplied list and feed only translated categories */
110 foreach($acls['plCategory'] as $idx => $data){
112 /* Non numeric index means -> base object containing more informations */
113 if (preg_match('/^[0-9]+$/', $idx)){
114 if (!isset($this->ocMapping[$data])){
115 $this->ocMapping[$data]= array();
116 $this->ocMapping[$data][]= '0';
117 }
118 $this->ocMapping[$data][]= $class;
119 } else {
120 if (!isset($this->ocMapping[$idx])){
121 $this->ocMapping[$idx]= array();
122 $this->ocMapping[$idx][]= '0';
123 }
124 $this->ocMapping[$idx][]= $class;
125 $this->aclObjects[$idx]= $data['description'];
127 /* Additionally filter the classes we're interested in in "self edit" mode */
128 if (is_array($data['objectClass'])){
129 foreach($data['objectClass'] as $objectClass){
130 if (in_array_ics($objectClass, $oc)){
131 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
132 break;
133 }
134 }
135 } else {
136 if (in_array_ics($data['objectClass'], $oc)){
137 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
138 }
139 }
140 }
142 }
143 }
144 }
145 $this->aclObjects['all']= '* '._("All categories");
146 $this->ocMapping['all']= array('0' => 'all');
148 /* Sort categories */
149 asort($this->aclObjects);
151 /* Fill acl types */
152 if ($this->isContainer){
153 $this->aclTypes= array("reset" => _("Reset ACLs"),
154 "one" => _("One level"),
155 "base" => _("Current object"),
156 "sub" => _("Complete subtree"),
157 "psub" => _("Complete subtree (permanent)"));
158 //"role" => _("Use ACL defined in role"));
159 } else {
160 $this->aclTypes= array("base" => _("Current object"),
161 "role" => _("Use ACL defined in role"));
162 }
163 asort($this->aclTypes);
164 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
165 asort($this->targets);
167 /* Finally - we want to get saved... */
168 $this->is_account= TRUE;
169 }
172 function execute()
173 {
174 /* Call parent execute */
175 plugin::execute();
177 $tmp= get_global('plist');
178 $plist= $tmp->info;
180 /* Handle posts */
181 if (isset($_POST['new_acl'])){
182 $this->dialogState= 'create';
183 $this->dialog= TRUE;
184 $this->currentIndex= count($this->gosaAclEntry);
185 $this->loadAclEntry(TRUE);
186 }
188 $new_acl= array();
189 $aclDialog= FALSE;
190 foreach($_POST as $name => $post){
192 /* Actions... */
193 if (preg_match('/^acl_edit_.*_x/', $name)){
194 $this->dialogState= 'create';
195 $this->dialog= TRUE;
196 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
197 $this->loadAclEntry();
198 continue;
199 }
200 if (preg_match('/^acl_del_.*_x/', $name)){
201 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
202 continue;
203 }
205 if (preg_match('/^cat_edit_.*_x/', $name)){
206 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
207 $this->dialogState= 'edit';
208 foreach ($this->ocMapping[$this->aclObject] as $oc){
209 if (isset($this->aclContents[$oc])){
210 $this->savedAclContents[$oc]= $this->aclContents[$oc];
211 }
212 }
213 continue;
214 }
215 if (preg_match('/^cat_del_.*_x/', $name)){
216 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
217 foreach ($this->ocMapping[$idx] as $key){
218 unset($this->aclContents["$idx/$key"]);
219 }
220 continue;
221 }
223 /* Sorting... */
224 if (preg_match('/^sortup_.*_x/', $name)){
225 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
226 if ($index > 0){
227 $tmp= $this->gosaAclEntry[$index];
228 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
229 $this->gosaAclEntry[$index-1]= $tmp;
230 }
231 continue;
232 }
233 if (preg_match('/^sortdown_.*_x/', $name)){
234 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
235 if ($index < count($this->gosaAclEntry)-1){
236 $tmp= $this->gosaAclEntry[$index];
237 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
238 $this->gosaAclEntry[$index+1]= $tmp;
239 }
240 continue;
241 }
243 /* ACL saving... */
244 if (preg_match('/^acl_.*_[^xy]$/', $name)){
245 $aclDialog= TRUE;
246 list($dummy, $object, $attribute, $value)= split('_', $name);
248 /* Skip for detection entry */
249 if ($object == 'dummy') {
250 continue;
251 }
253 /* Ordinary ACLs */
254 if (!isset($new_acl[$object])){
255 $new_acl[$object]= array();
256 }
257 if (isset($new_acl[$object][$attribute])){
258 $new_acl[$object][$attribute].= $value;
259 } else {
260 $new_acl[$object][$attribute]= $value;
261 }
262 }
263 }
265 /* Only be interested in new acl's, if we're in the right _POST place */
266 if ($aclDialog && is_array($this->ocMapping[$this->aclObject])){
268 foreach ($this->ocMapping[$this->aclObject] as $oc){
269 unset($this->aclContents[$oc]);
270 unset($this->aclContents[$this->aclObject.'/'.$oc]);
271 if (isset($new_acl[$oc])){
272 $this->aclContents[$oc]= $new_acl[$oc];
273 }
274 if (isset($new_acl[$this->aclObject.'/'.$oc])){
275 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
276 }
277 }
278 }
280 /* Save new acl in case of base edit mode */
281 if ($this->aclType == 'base'){
282 $this->aclContents= $new_acl;
283 }
285 /* Cancel new acl? */
286 if (isset($_POST['cancel_new_acl'])){
287 $this->dialogState= 'head';
288 $this->dialog= FALSE;
289 if ($this->wasNewEntry){
290 unset ($this->gosaAclEntry[$this->currentIndex]);
291 }
292 }
294 /* Store ACL in main object? */
295 if (isset($_POST['submit_new_acl'])){
296 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
297 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
298 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
299 $this->dialogState= 'head';
300 $this->dialog= FALSE;
301 }
303 /* Cancel edit acl? */
304 if (isset($_POST['cancel_edit_acl'])){
305 $this->dialogState= 'create';
306 foreach ($this->ocMapping[$this->aclObject] as $oc){
307 if (isset($this->savedAclContents[$oc])){
308 $this->aclContents[$oc]= $this->savedAclContents[$oc];
309 }
310 }
311 }
313 /* Save edit acl? */
314 if (isset($_POST['submit_edit_acl'])){
315 $this->dialogState= 'create';
316 }
318 /* Add acl? */
319 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
320 $this->dialogState= 'edit';
321 $this->savedAclContents= array();
322 foreach ($this->ocMapping[$this->aclObject] as $oc){
323 if (isset($this->aclContents[$oc])){
324 $this->savedAclContents[$oc]= $this->aclContents[$oc];
325 }
326 }
327 }
329 /* Add to list? */
330 if (isset($_POST['add']) && isset($_POST['source'])){
331 foreach ($_POST['source'] as $key){
332 if ($this->target == 'user'){
333 $this->recipients[$key]= $this->users[$key];
334 }
335 if ($this->target == 'group'){
336 $this->recipients[$key]= $this->groups[$key];
337 }
338 }
339 ksort($this->recipients);
340 }
342 /* Remove from list? */
343 if (isset($_POST['del']) && isset($_POST['recipient'])){
344 foreach ($_POST['recipient'] as $key){
345 unset($this->recipients[$key]);
346 }
347 }
349 /* Save common values */
350 foreach (array("aclType", "aclObject", "target") as $key){
351 if (isset($_POST[$key])){
352 $this->$key= validate($_POST[$key]);
353 }
354 }
356 /* Create templating instance */
357 $smarty= get_smarty();
359 if ($this->dialogState == 'head'){
360 /* Draw list */
361 $aclList= new DivSelectBox("aclList");
362 $aclList->SetHeight(450);
364 /* Fill in entries */
365 foreach ($this->gosaAclEntry as $key => $entry){
366 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
367 $field2= array("string" => $this->assembleAclSummary($entry));
368 $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
369 $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
370 $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
371 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
373 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
374 $aclList->AddEntry(array($field1, $field2, $field3));
375 }
377 $smarty->assign("aclList", $aclList->DrawList());
378 }
380 if ($this->dialogState == 'create'){
381 /* Draw list */
382 $aclList= new DivSelectBox("aclList");
383 $aclList->SetHeight(150);
385 /* Add settings for all categories to the (permanent) list */
386 foreach ($this->aclObjects as $section => $dsc){
387 $summary= "";
388 foreach($this->ocMapping[$section] as $oc){
389 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
390 $this->aclContents[$oc][0] != ""){
392 $summary.= "$oc, ";
393 continue;
394 }
395 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) &&
396 $this->aclContents["$section/$oc"][0] != ""){
398 $summary.= "$oc, ";
399 continue;
400 }
401 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
402 $summary.= "$oc, ";
403 }
404 }
406 /* Set summary... */
407 if ($summary == ""){
408 $summary= '<i>'._("No ACL settings for this category").'</i>';
409 } else {
410 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
411 }
413 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
414 $field2= array("string" => $summary);
415 $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$section' title='"._("Edit categories ACLs")."'>";
416 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$section' title='"._("Clear categories ACLs")."'>";
417 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
418 $aclList->AddEntry(array($field1, $field2, $field3));
419 }
421 $smarty->assign("aclList", $aclList->DrawList());
422 $smarty->assign("aclType", $this->aclType);
423 $smarty->assign("aclTypes", $this->aclTypes);
424 $smarty->assign("target", $this->target);
425 $smarty->assign("targets", $this->targets);
427 /* Assign possible target types */
428 $smarty->assign("targets", $this->targets);
429 foreach ($this->attributes as $attr){
430 $smarty->assign($attr, $this->$attr);
431 }
434 /* Generate list */
435 $tmp= array();
436 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
437 if ($this->target == $field){
438 foreach ($this->$arr as $key => $value){
439 if (!isset($this->recipients[$key])){
440 $tmp[$key]= $value;
441 }
442 }
443 }
444 }
445 $smarty->assign('sources', $tmp);
446 $smarty->assign('recipients', $this->recipients);
448 /* Acl selector if scope is base */
449 if ($this->aclType == 'base'){
450 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
451 }
452 }
454 if ($this->dialogState == 'edit'){
455 $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
457 /* Collect objects for selected category */
458 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
459 if ($idx == 0){
460 continue;
461 }
462 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
463 }
464 if ($this->aclObject == 'all'){
465 $aclObjects['all']= _("All objects in current subtree");
466 }
467 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
468 }
470 /* Show main page */
471 $smarty->assign("dialogState", $this->dialogState);
473 return ($smarty->fetch (get_template_path('acl.tpl')));
474 }
477 function buildAclSelector($list)
478 {
479 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
480 $cols= 3;
481 $tmp= get_global('plist');
482 $plist= $tmp->info;
483 asort($plist);
485 /* Build general objects */
486 foreach ($list as $key => $name){
488 /* Create sub acl if it does not exist */
489 if (!isset($this->aclContents[$key])){
490 $this->aclContents[$key]= array();
491 $this->aclContents[$key][0]= '';
492 }
493 $currentAcl= $this->aclContents[$key];
495 /* Object header */
496 if($_SESSION['js']) {
497 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
498 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
499 "\n <tr>".
500 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
501 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
502 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
503 "\n </tr>";
504 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
505 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
506 "\n <tr>".
507 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
508 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
509 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
510 "\n </tr>";
511 } else {
512 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
513 "\n <tr>".
514 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
515 "\n </tr>";
516 }
517 } else {
518 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
519 "\n <tr>".
520 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
521 "\n </tr>";
522 }
524 /* Generate options */
525 $spc= " ";
526 if ($this->isContainer && $this->aclType != 'base'){
527 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $currentAcl[0])).$spc;
528 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $currentAcl[0])).$spc;
529 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $currentAcl[0])).$spc;
530 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
531 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
532 }
533 } else {
534 $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $currentAcl[0])).$spc;
535 $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $currentAcl[0])).$spc;
536 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
537 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
538 }
539 }
541 /* Global options */
542 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $currentAcl[0])).$spc;
543 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $currentAcl[0]));
545 $display.= "\n <tr>".
546 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
547 "\n <td style='background-color:#D4D4D4'> ".("Complete object:")." $more_options</td>".
548 "\n </tr>";
550 /* Walk through the list of attributes */
551 $cnt= 1;
552 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
553 asort($splist);
554 if($_SESSION['js']) {
555 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
556 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
557 "\n <td colspan=".$cols.">".
558 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
559 "\n <table style='width:100%;'>";
560 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
561 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
562 "\n <td colspan=".$cols.">".
563 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
564 "\n <table style='width:100%;'>";
565 }
566 }
567 foreach($splist as $attr => $dsc){
569 /* Skip pl* attributes, they are internal... */
570 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
571 continue;
572 }
574 /* Open table row */
575 if ($cnt == 1){
576 $display.= "\n <tr>";
577 }
579 /* Close table row */
580 if ($cnt == $cols){
581 $cnt= 1;
582 $rb= "";
583 $end= "\n </tr>";
584 } else {
585 $cnt++;
586 $rb= "border-right:1px solid #A0A0A0;";
587 $end= "";
588 }
590 /* Collect list of attributes */
591 $state= "";
592 if (isset($currentAcl[$attr])){
593 $state= $currentAcl[$attr];
594 }
595 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
596 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
597 }
599 /* Fill missing td's if needed */
600 if (--$cnt != $cols && $cnt != 0){
601 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
602 }
604 if($_SESSION['js']) {
605 if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
606 $display.= "\n </table>".
607 "\n </div>".
608 "\n </td>".
609 "\n </tr>";
610 }
611 }
613 $display.= "\n</table><br />\n";
614 }
616 return ($display);
617 }
620 function mkchkbx($name, $text, $state= FALSE)
621 {
622 $state= $state?"checked":"";
623 return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
624 "\n <label for='acl_$name'>$text</label>";
625 }
628 function mkrwbx($name, $state= "")
629 {
630 $rstate= preg_match('/r/', $state)?'checked':'';
631 $wstate= preg_match('/w/', $state)?'checked':'';
632 return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
633 "\n <label for='acl_${name}_r'>"._("read")."</label>".
634 "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
635 "\n <label for='acl_${name}_w'>"._("write")."</label>");
636 }
639 function explodeACL($acl)
640 {
641 list($index, $type)= split(':', $acl);
642 $a= array( $index => array("type" => $type,
643 "members" => acl::extractMembers($acl)));
645 /* Handle different types */
646 switch ($type){
648 case 'psub':
649 case 'sub':
650 case 'one':
651 case 'base':
652 $a[$index]['acl']= acl::extractACL($acl);
653 break;
655 case 'role':
656 echo "Role";
657 break;
659 case 'reset':
660 break;
662 default:
663 print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
664 $a= array();
665 }
667 return ($a);
668 }
671 function extractMembers($acl)
672 {
673 global $config;
674 $a= array();
676 /* Rip acl off the string, seperate by ',' and place it in an array */
677 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
678 if ($ms == $acl){
679 return $a;
680 }
681 $ma= split(',', $ms);
683 /* Decode dn's, fill with informations from LDAP */
684 $ldap= $config->get_ldap_link();
685 foreach ($ma as $memberdn){
686 $dn= base64_decode($memberdn);
687 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
689 /* Found entry... */
690 if ($ldap->count()){
691 $attrs= $ldap->fetch();
692 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
693 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
694 } else {
695 $a['G:'.$dn]= $attrs['cn'][0];
696 if (isset($attrs['description'][0])){
697 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
698 }
699 }
701 /* ... or not */
702 } else {
703 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
704 }
705 }
707 return ($a);
708 }
711 function extractACL($acl)
712 {
713 /* Rip acl off the string, seperate by ',' and place it in an array */
714 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
715 $aa= split(',', $as);
716 $a= array();
718 /* Dis-assemble single ACLs */
719 foreach($aa as $sacl){
721 /* Dis-assemble field ACLs */
722 $ao= split('#', $sacl);
723 $gobject= "";
724 foreach($ao as $idx => $ssacl){
726 /* First is department with global acl */
727 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
728 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
729 if ($idx == 0){
730 /* Create hash for this object */
731 $gobject= $object;
732 $a[$gobject]= array();
734 /* Append ACL if set */
735 if ($gacl != ""){
736 $a[$gobject]= array($gacl);
737 }
738 } else {
740 /* All other entries get appended... */
741 list($field, $facl)= split(';', $ssacl);
742 $a[$gobject][$field]= $facl;
743 }
745 }
746 }
748 return ($a);
749 }
752 function assembleAclSummary($entry)
753 {
754 $summary= "";
756 /* Summarize ACL */
757 if (isset($entry['acl'])){
758 $acl= "";
759 foreach ($entry['acl'] as $name => $object){
760 if (count($object)){
761 $acl.= "$name, ";
762 }
763 }
764 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
765 }
767 /* Summarize members */
768 if ($summary != ""){
769 $summary.= ", ";
770 }
771 if (count($entry['members'])){
772 $summary.= _("Members:")." ";
773 foreach ($entry['members'] as $cn){
774 $cn= preg_replace('/ \[.*$/', '', $cn);
775 $summary.= $cn.", ";
776 }
777 } else {
778 $summary.= _("ACL is valid for all users");
779 }
781 return (preg_replace('/, $/', '', $summary));
782 }
785 function loadAclEntry($new= FALSE)
786 {
787 /* New entry gets presets... */
788 if ($new){
789 $this->aclType= 'base';
790 $this->recipients= array();
791 $this->aclContents= array();
792 } else {
793 $acl= $this->gosaAclEntry[$this->currentIndex];
794 $this->aclType= $acl['type'];
795 $this->recipients= $acl['members'];
796 $this->aclContents= $acl['acl'];
797 }
799 $this->wasNewEntry= $new;
800 }
803 function aclPostHandler()
804 {
805 if (isset($_POST['save_acl'])){
806 $this->save();
807 return TRUE;
808 }
810 return FALSE;
811 }
814 function save()
815 {
816 /* Assemble ACL's */
817 $tmp_acl= array();
818 foreach ($this->gosaAclEntry as $prio => $entry){
819 $final= "";
820 $members= "";
821 if (isset($entry['members'])){
822 foreach ($entry['members'] as $key => $dummy){
823 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
824 }
825 }
826 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
828 /* ACL's if needed */
829 if ($entry['type'] != "reset" && $entry['type'] != "role"){
830 $acl= ":";
831 if (isset($entry['acl'])){
832 foreach ($entry['acl'] as $object => $contents){
834 /* Only save, if we've some contents in there... */
835 if (count($contents)){
836 $acl.= $object.";";
838 foreach($contents as $attr => $permission){
840 /* First entry? Its the one for global settings... */
841 if ($attr == '0'){
842 $acl.= $permission;
843 } else {
844 $acl.= '#'.$attr.';'.$permission;
845 }
847 }
848 $acl.= ',';
849 }
851 }
852 }
853 $final.= preg_replace('/,$/', '', $acl);
854 }
856 $tmp_acl[]= $final;
857 }
859 /* Call main method */
860 plugin::save();
862 /* Finally (re-)assign it... */
863 $this->attrs['gosaAclEntry']= $tmp_acl;
865 /* Remove acl from this entry if it is empty... */
866 if (!count($tmp_acl)){
867 /* Remove attribute */
868 if ($this->initially_was_account){
869 $this->attrs['gosaAclEntry']= array();
870 } else {
871 if (isset($this->attrs['gosaAclEntry'])){
872 unset($this->attrs['gosaAclEntry']);
873 }
874 }
876 /* Remove object class */
877 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
878 }
880 /* Do LDAP modifications */
881 $ldap= $this->config->get_ldap_link();
882 $ldap->cd($this->dn);
883 $this->cleanup();
884 $ldap->modify ($this->attrs);
886 show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
888 /* Refresh users ACLs */
889 $ui= get_userinfo();
890 $ui->loadACL();
891 $_SESSION['ui']= $ui;
892 }
895 function remove_from_parent()
896 {
897 }
899 }
901 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
902 ?>