![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
89d443ab571b659e60fc4eacc69a5a36f01d85a0
1 <?php
3 class acl extends plugin
4 {
5 /* Definitions */
6 var $plHeadline= "Access control";
7 var $plDescription= "This does something";
9 /* attribute list for save action */
10 var $attributes= array('gosaAclEntry');
11 var $objectclasses= array('gosaAcl');
13 /* Helpers */
14 var $dialogState= "head";
15 var $gosaAclEntry= array();
16 var $aclType= "";
17 var $aclObject= "";
18 var $aclContents= array();
19 var $target= "group";
20 var $aclTypes= array();
21 var $aclObjects= array();
22 var $aclMyObjects= array();
23 var $users= array();
24 var $groups= array();
25 var $recipients= array();
26 var $isContainer= FALSE;
27 var $currentIndex= 0;
28 var $wasNewEntry= FALSE;
29 var $ocMapping= array();
30 var $savedAclContents= array();
33 function acl ($config, $parent, $dn= NULL)
34 {
35 /* Include config object */
36 plugin::plugin($config, $dn);
38 /* Load ACL's */
39 $this->gosaAclEntry= array();
40 if (isset($this->attrs['gosaAclEntry'])){
41 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
42 $acl= $this->attrs['gosaAclEntry'][$i];
43 $this->gosaAclEntry= array_merge($this->gosaAclEntry, $this->explodeACL($acl));
44 }
45 }
46 ksort($this->gosaAclEntry);
48 /* Save parent - we've to know more about it than other plugins... */
49 $this->parent= $parent;
51 /* Container? */
52 if (preg_match('/^(ou|c|l|dc)=/i', $dn)){
53 $this->isContainer= TRUE;
54 }
56 /* Users */
57 $ui= get_userinfo();
58 $tag= $ui->gosaUnitTag;
59 $ldap= $config->get_ldap_link();
60 $ldap->cd($config->current['BASE']);
61 if ($tag == ""){
62 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
63 } else {
64 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
65 }
66 while ($attrs= $ldap->fetch()){
67 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
68 }
69 ksort($this->users);
71 /* Groups */
72 $ldap->cd($config->current['BASE']);
73 if ($tag == ""){
74 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
75 } else {
76 $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
77 }
78 while ($attrs= $ldap->fetch()){
79 $dsc= "";
80 if (isset($attrs['description'][0])){
81 $dsc= $attrs['description'][0];
82 }
83 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
84 }
85 ksort($this->groups);
87 /* Objects */
88 $tmp= get_global('plist');
89 $plist= $tmp->info;
90 if (isset($this->parent)){
91 $oc= array();
92 foreach ($this->parent->by_object as $key => $obj){
93 $oc= array_merge($oc, $obj->objectclasses);
94 }
95 if (in_array_ics('organizationalUnit', $oc)){
96 $this->isContainer= TRUE;
97 }
98 } else {
99 $oc= $this->attrs['objectClass'];
100 }
101 foreach ($plist as $class => $acls){
102 if (isset($acls['plDescription'])){
103 /* Only feed categories */
104 if (isset($acls['plDepends']['description'])){
105 $this->aclObjects[$acls['plDepends']['objectClass']]= $acls['plDepends']['description'];
106 }
108 /* Additionally filter the classes we're interested in in "self edit" mode */
109 if (in_array_ics($acls['plDepends']['objectClass'], $oc)){
110 $this->myAclObjects[$class]= $acls['plDescription'];
111 }
112 }
113 }
114 asort($this->aclObjects);
116 /* Generate mapping object */
117 foreach ($plist as $oc => $pl){
118 if (isset($pl['plDepends']['objectClass'])){
119 $class= $pl['plDepends']['objectClass'];
120 if (!isset($this->ocMapping[$class])){
121 $this->ocMapping[$class]= array();
122 }
123 $this->ocMapping[$class][]= $oc;
124 }
125 }
127 /* Fill acl types */
128 if ($this->isContainer){
129 $this->aclTypes= array("reset" => _("Reset ACLs"),
130 "one" => _("One level"),
131 "base" => _("Current object"),
132 "sub" => _("Complete subtree"),
133 "psub" => _("Complete subtree (permanent)"));
134 //"role" => _("Use ACL defined in role"));
135 } else {
136 $this->aclTypes= array("base" => _("Current object"),
137 "role" => _("Use ACL defined in role"));
138 }
139 asort($this->aclTypes);
140 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
141 asort($this->targets);
143 /* Finally - we want to get saved... */
144 $this->is_account= TRUE;
145 }
148 function execute()
149 {
150 /* Call parent execute */
151 plugin::execute();
153 $tmp= get_global('plist');
154 $plist= $tmp->info;
156 /* Handle posts */
157 if (isset($_POST['new_acl'])){
158 $this->dialogState= 'create';
159 $this->dialog= TRUE;
160 $this->currentIndex= count($this->gosaAclEntry);
161 $this->loadAclEntry(TRUE);
162 }
164 $new_acl= array();
165 $aclDialog= FALSE;
166 foreach($_POST as $name => $post){
168 /* Actions... */
169 if (preg_match('/^acl_edit_.*_x/', $name)){
170 $this->dialogState= 'create';
171 $this->dialog= TRUE;
172 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
173 $this->loadAclEntry();
174 continue;
175 }
176 if (preg_match('/^acl_del_.*_x/', $name)){
177 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
178 continue;
179 }
181 if (preg_match('/^cat_edit_.*_x/', $name)){
182 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
183 $this->dialogState= 'edit';
184 foreach ($this->ocMapping[$this->aclObject] as $oc){
185 if (isset($this->aclContents[$oc])){
186 $this->savedAclContents[$oc]= $this->aclContents[$oc];
187 }
188 }
189 continue;
190 }
191 if (preg_match('/^cat_del_.*_x/', $name)){
192 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
193 foreach ($this->ocMapping[$idx] as $key){
194 unset($this->aclContents[$key]);
195 }
196 continue;
197 }
199 /* Sorting... */
200 if (preg_match('/^sortup_.*_x/', $name)){
201 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
202 if ($index > 0){
203 $tmp= $this->gosaAclEntry[$index];
204 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
205 $this->gosaAclEntry[$index-1]= $tmp;
206 }
207 continue;
208 }
209 if (preg_match('/^sortdown_.*_x/', $name)){
210 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
211 if ($index < count($this->gosaAclEntry)-1){
212 $tmp= $this->gosaAclEntry[$index];
213 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
214 $this->gosaAclEntry[$index+1]= $tmp;
215 }
216 continue;
217 }
219 /* ACL saving... */
220 if (preg_match('/^acl_.*_[^xy]$/', $name)){
221 $aclDialog= TRUE;
222 list($dummy, $object, $attribute, $value)= split('_', $name);
224 /* Ordinary ACLs */
225 if (!isset($new_acl[$object])){
226 $new_acl[$object]= array();
227 }
228 if (isset($new_acl[$object][$attribute])){
229 $new_acl[$object][$attribute].= $value;
230 } else {
231 $new_acl[$object][$attribute]= $value;
232 }
233 }
235 }
237 /* Only be interested in new acl's, if we're in the right _POST place */
238 if ($aclDialog && isset($this->ocMapping[$this->aclObject])){
239 foreach ($this->ocMapping[$this->aclObject] as $oc){
240 unset($this->aclContents[$oc]);
241 if (isset($new_acl[$oc])){
242 $this->aclContents[$oc]= $new_acl[$oc];
243 }
244 }
245 }
247 /* Cancel new acl? */
248 if (isset($_POST['cancel_new_acl'])){
249 $this->dialogState= 'head';
250 $this->dialog= FALSE;
251 if ($this->wasNewEntry){
252 unset ($this->gosaAclEntry[$this->currentIndex]);
253 }
254 }
256 /* Store ACL in main object? */
257 if (isset($_POST['submit_new_acl'])){
258 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
259 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
260 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
261 $this->dialogState= 'head';
262 $this->dialog= FALSE;
263 }
265 /* Cancel edit acl? */
266 if (isset($_POST['cancel_edit_acl'])){
267 $this->dialogState= 'create';
268 foreach ($this->ocMapping[$this->aclObject] as $oc){
269 if (isset($this->savedAclContents[$oc])){
270 $this->aclContents[$oc]= $this->savedAclContents[$oc];
271 }
272 }
273 }
275 /* Save edit acl? */
276 if (isset($_POST['submit_edit_acl'])){
277 $this->dialogState= 'create';
278 }
280 /* Add acl? */
281 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
282 $this->dialogState= 'edit';
283 $this->savedAclContents= array();
284 foreach ($this->ocMapping[$this->aclObject] as $oc){
285 if (isset($this->aclContents[$oc])){
286 $this->savedAclContents[$oc]= $this->aclContents[$oc];
287 }
288 }
289 }
291 /* Add to list? */
292 if (isset($_POST['add']) && isset($_POST['source'])){
293 foreach ($_POST['source'] as $key){
294 if ($this->target == 'user'){
295 $this->recipients[$key]= $this->users[$key];
296 }
297 if ($this->target == 'group'){
298 $this->recipients[$key]= $this->groups[$key];
299 }
300 }
301 ksort($this->recipients);
302 }
304 /* Remove from list? */
305 if (isset($_POST['del']) && isset($_POST['recipient'])){
306 foreach ($_POST['recipient'] as $key){
307 unset($this->recipients[$key]);
308 }
309 }
311 /* Save common values */
312 foreach (array("aclType", "aclObject", "target") as $key){
313 if (isset($_POST[$key])){
314 $this->$key= validate($_POST[$key]);
315 }
316 }
318 /* Create templating instance */
319 $smarty= get_smarty();
321 if ($this->dialogState == 'head'){
322 /* Draw list */
323 $aclList= new DivSelectBox("aclList");
324 $aclList->SetHeight(450);
326 /* Fill in entries */
327 foreach ($this->gosaAclEntry as $key => $entry){
328 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
329 $field2= array("string" => $this->assembleAclSummary($entry));
330 $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
331 $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
332 $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
333 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
335 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px';text-align:right");
336 $aclList->AddEntry(array($field1, $field2, $field3));
337 }
339 $smarty->assign("aclList", $aclList->DrawList());
340 }
342 if ($this->dialogState == 'create'){
343 /* Draw list */
344 $aclList= new DivSelectBox("aclList");
345 $aclList->SetHeight(150);
347 /* Add settings for all categories to the (permanent) list */
348 foreach ($this->aclObjects as $oc => $dsc){
349 $summary= "";
350 foreach ($plist as $key => $plugin){
351 if (isset($plugin['plDepends']['objectClass']) && $plugin['plDepends']['objectClass'] == $oc &&
352 isset($this->aclContents[$key])){
353 if (count($this->aclContents[$key]) && isset($this->aclContents[$key][0]) &&
354 $this->aclContents[$key][0] != ""){
355 $summary.= "$key, ";
356 continue;
357 }
358 if (!isset($this->aclContents[$key][0]) && count($this->aclContents[$key])){
359 $summary.= "$key, ";
360 }
361 }
362 }
364 /* Set summary... */
365 if ($summary == ""){
366 $summary= _("No ACL settings for this category");
367 } else {
368 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
369 }
371 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
372 $field2= array("string" => $summary);
373 $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$oc' title='"._("Edit categories ACLs")."'>";
374 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$oc' title='"._("Clear categories ACLs")."'>";
375 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
376 $aclList->AddEntry(array($field1, $field2, $field3));
377 }
379 $smarty->assign("aclList", $aclList->DrawList());
380 $smarty->assign("aclType", $this->aclType);
381 $smarty->assign("aclTypes", $this->aclTypes);
382 $smarty->assign("target", $this->target);
383 $smarty->assign("targets", $this->targets);
385 /* Assign possible target types */
386 $smarty->assign("targets", $this->targets);
387 foreach ($this->attributes as $attr){
388 $smarty->assign($attr, $this->$attr);
389 }
392 /* Generate list */
393 $tmp= array();
394 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
395 if ($this->target == $field){
396 foreach ($this->$arr as $key => $value){
397 if (!isset($this->recipients[$key])){
398 $tmp[$key]= $value;
399 }
400 }
401 }
402 }
403 $smarty->assign('sources', $tmp);
404 $smarty->assign('recipients', $this->recipients);
406 /* Acl selector if scope is base */
407 if ($this->aclType == 'base'){
408 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
409 }
410 }
412 if ($this->dialogState == 'edit'){
413 $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
415 /* Collect objects for selected category */
416 $aclObjects= array();
417 foreach ($plist as $class => $acls){
418 if (isset($acls['plDepends']['objectClass']) && $acls['plDepends']['objectClass'] == $this->aclObject){
419 $aclObjects[$class]= $acls['plDescription'];
420 }
421 }
423 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
424 }
426 /* Show main page */
427 $smarty->assign("dialogState", $this->dialogState);
429 return ($smarty->fetch (get_template_path('acl.tpl')));
430 }
433 function buildAclSelector($list)
434 {
435 $display= "";
436 $cols= 4;
437 $tmp= get_global('plist');
438 $plist= $tmp->info;
439 asort($plist);
441 foreach ($list as $key => $name){
443 /* Create sub acl if it does not exist */
444 if (!isset($this->aclContents[$key])){
445 $this->aclContents[$key]= array();
446 }
447 if (!isset($this->aclContents[$key][0])){
448 $this->aclContents[$key][0]= '';
449 }
450 $currentAcl= $this->aclContents[$key];
452 /* Object header */
453 $display.= "<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2><tr><td style='background-color:#C8C8C8;height:1.8em' colspan=$cols><b>"._("Object").":</b> $name</td></tr>";
455 /* Generate options */
456 $spc= " ";
457 if ($this->isContainer && $this->aclType != 'base'){
458 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $currentAcl[0])).$spc;
459 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $currentAcl[0])).$spc;
460 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $currentAcl[0])).$spc;
461 if ($plist[$key]['plSelfModify']){
462 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
463 }
464 } else {
465 $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $currentAcl[0])).$spc;
466 $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $currentAcl[0])).$spc;
467 if ($plist[$key]['plSelfModify']){
468 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
469 }
470 }
472 $display.= "<tr><td style='background-color:#E0E0E0' colspan=$cols>$options</td></tr>";
474 /* Walk through the list of attributes */
475 $cnt= 1;
476 $splist= $plist[$key];
477 asort($splist);
478 foreach($splist as $attr => $dsc){
480 /* Skip pl* attributes, they are internal... */
481 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
482 continue;
483 }
485 /* Open table row */
486 if ($cnt == 1){
487 $display.= "<tr>";
488 }
490 /* Close table row */
491 if ($cnt == $cols){
492 $cnt= 1;
493 $rb= "";
494 $end= "</tr>";
495 } else {
496 $cnt++;
497 $rb= "border-right:1px solid #A0A0A0;";
498 $end= "";
499 }
501 /* Collect list of attributes */
502 $state= "";
503 if (isset($currentAcl[$attr])){
504 $state= $currentAcl[$attr];
505 }
506 $display.= "<td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'><b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
507 }
509 /* Fill missing td's if needed */
510 if (--$cnt != $cols){
511 $display.= str_repeat("<td style='border-top:1px solid #A0A0A0'> </td>", $cols-$cnt);
512 }
514 $display.= "</table><br>";
515 }
517 return ($display);
518 }
521 function mkchkbx($name, $text, $state= FALSE)
522 {
523 $state= $state?"checked":"";
524 return "<input id='acl_$name' type=checkbox name='acl_$name' $state><label for='acl_$name'>$text</label>";
525 }
528 function mkrwbx($name, $state= "")
529 {
530 $rstate= preg_match('/r/', $state)?'checked':'';
531 $wstate= preg_match('/w/', $state)?'checked':'';
532 return ("<input id='acl_${name}_r' type=checkbox name='acl_${name}_r' $rstate><label for='acl_${name}_r'>"._("read")."</label>".
533 "<input id='acl_${name}_w' type=checkbox name='acl_${name}_w' $wstate><label for='acl_${name}_w'>"._("write")."</label>");
534 }
537 function explodeACL($acl)
538 {
539 list($index, $type)= split(':', $acl);
540 $a= array( $index => array("type" => $type,
541 "members" => acl::extractMembers($acl)));
543 /* Handle different types */
544 switch ($type){
546 case 'psub':
547 case 'sub':
548 case 'one':
549 case 'base':
550 $a[$index]['acl']= acl::extractACL($acl);
551 break;
553 case 'role':
554 echo "Role";
555 break;
557 case 'reset':
558 break;
560 default:
561 print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
562 $a= array();
563 }
565 return ($a);
566 }
569 function extractMembers($acl)
570 {
571 global $config;
572 $a= array();
574 /* Rip acl off the string, seperate by ',' and place it in an array */
575 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
576 if ($ms == $acl){
577 return $a;
578 }
579 $ma= split(',', $ms);
581 /* Decode dn's, fill with informations from LDAP */
582 $ldap= $config->get_ldap_link();
583 foreach ($ma as $memberdn){
584 $dn= base64_decode($memberdn);
585 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
587 /* Found entry... */
588 if ($ldap->count()){
589 $attrs= $ldap->fetch();
590 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
591 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
592 } else {
593 $a['G:'.$dn]= $attrs['cn'][0];
594 if (isset($attrs['description'][0])){
595 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
596 }
597 }
599 /* ... or not */
600 } else {
601 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
602 }
603 }
605 return ($a);
606 }
609 function extractACL($acl)
610 {
611 /* Rip acl off the string, seperate by ',' and place it in an array */
612 $as= preg_replace('/^[^:]+:[^:]+:[^:]+:(.*)$/', '\1', $acl);
613 $aa= split(',', $as);
614 $a= array();
616 /* Dis-assemble single ACLs */
617 foreach($aa as $sacl){
619 /* Dis-assemble field ACLs */
620 $ao= split('#', $sacl);
621 $gobject= "";
622 foreach($ao as $idx => $ssacl){
624 /* First is department with global acl */
625 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
626 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
627 if ($idx == 0){
628 /* Create hash for this object */
629 $gobject= $object;
630 $a[$gobject]= array();
632 /* Append ACL if set */
633 if ($gacl != ""){
634 $a[$gobject]= array($gacl);
635 }
636 } else {
638 /* All other entries get appended... */
639 list($field, $facl)= split(';', $ssacl);
640 $a[$gobject][$field]= $facl;
641 }
643 }
644 }
646 return ($a);
647 }
650 function assembleAclSummary($entry)
651 {
652 $summary= "";
654 /* Summarize ACL */
655 if (isset($entry['acl'])){
656 $acl= "";
657 foreach ($entry['acl'] as $name => $object){
658 if (count($object)){
659 $acl.= "$name, ";
660 }
661 }
662 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
663 }
665 /* Summarize members */
666 if ($summary != ""){
667 $summary.= ", ";
668 }
669 if (count($entry['members'])){
670 $summary.= _("Members:")." ";
671 foreach ($entry['members'] as $cn){
672 $cn= preg_replace('/ \[.*$/', '', $cn);
673 $summary.= $cn.", ";
674 }
675 } else {
676 $summary.= _("ACL is valid for all users");
677 }
679 return (preg_replace('/, $/', '', $summary));
680 }
683 function loadAclEntry($new= FALSE)
684 {
685 /* New entry gets presets... */
686 if ($new){
687 $this->aclType= 'base';
688 $this->recipients= array();
689 $this->aclContents= array();
690 } else {
691 $acl= $this->gosaAclEntry[$this->currentIndex];
692 $this->aclType= $acl['type'];
693 $this->recipients= $acl['members'];
694 $this->aclContents= $acl['acl'];
695 }
697 $this->wasNewEntry= $new;
698 }
701 function aclPostHandler()
702 {
703 if (isset($_POST['save_acl'])){
704 $this->save();
705 return TRUE;
706 }
708 return FALSE;
709 }
712 function save()
713 {
714 /* Assemble ACL's */
715 $tmp_acl= array();
716 foreach ($this->gosaAclEntry as $prio => $entry){
717 $final= "";
718 $members= "";
719 if (isset($entry['members'])){
720 foreach ($entry['members'] as $key => $dummy){
721 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
722 }
723 }
724 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
726 /* ACL's if needed */
727 if ($entry['type'] != "reset" && $entry['type'] != "role"){
728 $acl= ":";
729 if (isset($entry['acl'])){
730 foreach ($entry['acl'] as $object => $contents){
732 /* Only save, if we've some contents in there... */
733 if (count($contents)){
734 $acl.= $object.";";
736 foreach($contents as $attr => $permission){
738 /* First entry? Its the one for global settings... */
739 if ($attr == '0'){
740 $acl.= $permission;
741 } else {
742 $acl.= '#'.$attr.';'.$permission;
743 }
745 }
746 $acl.= ',';
747 }
749 }
750 }
751 $final.= preg_replace('/,$/', '', $acl);
752 }
754 $tmp_acl[]= $final;
755 }
757 /* Call main method */
758 plugin::save();
760 /* Finally (re-)assign it... */
761 $this->attrs['gosaAclEntry']= $tmp_acl;
763 /* Remove acl from this entry if it is empty... */
764 if (!count($tmp_acl)){
765 /* Remove attribute */
766 if ($this->initially_was_account){
767 $this->attrs['gosaAclEntry']= array();
768 } else {
769 if (isset($this->attrs['gosaAclEntry'])){
770 unset($this->attrs['gosaAclEntry']);
771 }
772 }
774 /* Remove object class */
775 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
776 }
778 /* Do LDAP modifications */
779 $ldap= $this->config->get_ldap_link();
780 $ldap->cd($this->dn);
781 $this->cleanup();
782 $ldap->modify ($this->attrs);
784 show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
785 }
788 function remove_from_parent()
789 {
790 echo "remove_from_parent() called";
791 }
793 }
795 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
796 ?>