d51f84f9b1e7ffed65d2158111d6173873356cf9
1 <?php
3 class acl extends plugin
4 {
5 /* Definitions */
6 var $plHeadline= "Access control";
7 var $plDescription= "This does something";
9 /* attribute list for save action */
10 var $attributes= array('gosaAclEntry');
11 var $objectclasses= array('gosaAcl');
13 /* Helpers */
14 var $dialogState= "head";
15 var $gosaAclEntry= array();
16 var $aclType= "";
17 var $aclObject= "";
18 var $aclContents= array();
19 var $target= "group";
20 var $aclTypes= array();
21 var $aclObjects= array();
22 var $aclMyObjects= array();
23 var $users= array();
24 var $roles= array();
25 var $groups= array();
26 var $recipients= array();
27 var $isContainer= FALSE;
28 var $currentIndex= 0;
29 var $wasNewEntry= FALSE;
30 var $ocMapping= array();
31 var $savedAclContents= array();
32 var $myAclObjects = array();
34 function acl ($config, $parent, $dn= NULL)
35 {
36 /* Include config object */
37 plugin::plugin($config, $dn);
39 /* Load ACL's */
40 $this->gosaAclEntry= array();
41 if (isset($this->attrs['gosaAclEntry'])){
42 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
43 $acl= $this->attrs['gosaAclEntry'][$i];
44 $this->gosaAclEntry= array_merge($this->gosaAclEntry, $this->explodeACL($acl));
45 }
46 }
47 ksort($this->gosaAclEntry);
49 /* Save parent - we've to know more about it than other plugins... */
50 $this->parent= $parent;
52 /* Container? */
53 if (preg_match('/^(ou|c|l|dc)=/i', $dn)){
54 $this->isContainer= TRUE;
55 }
57 /* Users */
58 $ui= get_userinfo();
59 $tag= $ui->gosaUnitTag;
60 $ldap= $config->get_ldap_link();
61 $ldap->cd($config->current['BASE']);
62 if ($tag == ""){
63 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
64 } else {
65 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
66 }
67 while ($attrs= $ldap->fetch()){
68 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
69 }
70 ksort($this->users);
72 /* Groups */
73 $ldap->cd($config->current['BASE']);
74 if ($tag == ""){
75 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
76 } else {
77 $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
78 }
79 while ($attrs= $ldap->fetch()){
80 $dsc= "";
81 if (isset($attrs['description'][0])){
82 $dsc= $attrs['description'][0];
83 }
84 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
85 }
86 ksort($this->groups);
88 /* Roles */
89 $ldap->cd($config->current['BASE']);
90 if ($tag == ""){
91 $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
92 } else {
93 $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
94 }
95 while ($attrs= $ldap->fetch()){
96 $dsc= "";
97 if (isset($attrs['description'][0])){
98 $dsc= $attrs['description'][0];
99 }
101 $role_id = $attrs['dn'];
103 $this->roles[$role_id]['acls'] =array();
104 for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
105 $acl= $attrs['gosaAclTemplate'][$i];
106 $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],$this->explodeACL($acl));
107 }
108 $this->roles[$role_id]['description'] = $dsc;
109 $this->roles[$role_id]['cn'] = $attrs['cn'][0];
110 }
112 /* Objects */
113 $tmp= get_global('plist');
114 $plist= $tmp->info;
115 if (isset($this->parent) && $this->parent != NULL){
116 $oc= array();
117 foreach ($this->parent->by_object as $key => $obj){
118 $oc= array_merge($oc, $obj->objectclasses);
119 }
120 if (in_array_ics('organizationalUnit', $oc)){
121 $this->isContainer= TRUE;
122 }
123 } else {
124 $oc= $this->attrs['objectClass'];
125 }
128 /* Extract available categories from plugin info list */
129 foreach ($plist as $class => $acls){
131 /* Only feed categories */
132 if (isset($acls['plCategory'])){
134 /* Walk through supplied list and feed only translated categories */
135 foreach($acls['plCategory'] as $idx => $data){
137 /* Non numeric index means -> base object containing more informations */
138 if (preg_match('/^[0-9]+$/', $idx)){
139 if (!isset($this->ocMapping[$data])){
140 $this->ocMapping[$data]= array();
141 $this->ocMapping[$data][]= '0';
142 }
143 $this->ocMapping[$data][]= $class;
144 } else {
145 if (!isset($this->ocMapping[$idx])){
146 $this->ocMapping[$idx]= array();
147 $this->ocMapping[$idx][]= '0';
148 }
149 $this->ocMapping[$idx][]= $class;
150 $this->aclObjects[$idx]= $data['description'];
152 /* Additionally filter the classes we're interested in in "self edit" mode */
153 if (is_array($data['objectClass'])){
154 foreach($data['objectClass'] as $objectClass){
155 if (in_array_ics($objectClass, $oc)){
156 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
157 break;
158 }
159 }
160 } else {
161 if (in_array_ics($data['objectClass'], $oc)){
162 $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
163 }
164 }
165 }
167 }
168 }
169 }
170 $this->aclObjects['all']= '* '._("All categories");
171 $this->ocMapping['all']= array('0' => 'all');
173 /* Sort categories */
174 asort($this->aclObjects);
176 /* Fill acl types */
177 if ($this->isContainer){
178 $this->aclTypes= array("reset" => _("Reset ACLs"),
179 "one" => _("One level"),
180 "base" => _("Current object"),
181 "sub" => _("Complete subtree"),
182 "psub" => _("Complete subtree (permanent)"),
183 "role" => _("Use ACL defined in role"));
184 } else {
185 $this->aclTypes= array("base" => _("Current object"),
186 "role" => _("Use ACL defined in role"));
187 }
188 asort($this->aclTypes);
189 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
190 asort($this->targets);
192 /* Finally - we want to get saved... */
193 $this->is_account= TRUE;
194 }
197 function execute()
198 {
199 /* Call parent execute */
200 plugin::execute();
202 $tmp= get_global('plist');
203 $plist= $tmp->info;
205 /* Handle posts */
206 if (isset($_POST['new_acl'])){
207 $this->dialogState= 'create';
208 $this->dialog= TRUE;
209 $this->currentIndex= count($this->gosaAclEntry);
210 $this->loadAclEntry(TRUE);
211 }
213 $new_acl= array();
214 $aclDialog= FALSE;
215 $firstedit= FALSE;
216 foreach($_POST as $name => $post){
218 /* Actions... */
219 if (preg_match('/^acl_edit_.*_x/', $name)){
220 $this->dialogState= 'create';
221 $firstedit= TRUE;
222 $this->dialog= TRUE;
223 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
224 $this->loadAclEntry();
225 continue;
226 }
227 if (preg_match('/^acl_del_.*_x/', $name)){
228 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
229 continue;
230 }
232 if (preg_match('/^cat_edit_.*_x/', $name)){
233 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
234 $this->dialogState= 'edit';
235 foreach ($this->ocMapping[$this->aclObject] as $oc){
236 if (isset($this->aclContents[$oc])){
237 $this->savedAclContents[$oc]= $this->aclContents[$oc];
238 }
239 }
240 continue;
241 }
242 if (preg_match('/^cat_del_.*_x/', $name)){
243 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
244 foreach ($this->ocMapping[$idx] as $key){
245 unset($this->aclContents["$idx/$key"]);
246 }
247 continue;
248 }
250 /* Sorting... */
251 if (preg_match('/^sortup_.*_x/', $name)){
252 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
253 if ($index > 0){
254 $tmp= $this->gosaAclEntry[$index];
255 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
256 $this->gosaAclEntry[$index-1]= $tmp;
257 }
258 continue;
259 }
260 if (preg_match('/^sortdown_.*_x/', $name)){
261 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
262 if ($index < count($this->gosaAclEntry)-1){
263 $tmp= $this->gosaAclEntry[$index];
264 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
265 $this->gosaAclEntry[$index+1]= $tmp;
266 }
267 continue;
268 }
270 /* ACL saving... */
271 if (preg_match('/^acl_.*_[^xy]$/', $name)){
272 $aclDialog= TRUE;
273 list($dummy, $object, $attribute, $value)= split('_', $name);
275 /* Skip for detection entry */
276 if ($object == 'dummy') {
277 continue;
278 }
280 /* Ordinary ACLs */
281 if (!isset($new_acl[$object])){
282 $new_acl[$object]= array();
283 }
284 if (isset($new_acl[$object][$attribute])){
285 $new_acl[$object][$attribute].= $value;
286 } else {
287 $new_acl[$object][$attribute]= $value;
288 }
289 }
291 if(isset($_POST['selected_role'])){
292 $this->aclContents = base64_decode($_POST['selected_role']);
293 }
294 }
296 /* Only be interested in new acl's, if we're in the right _POST place */
297 if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
299 foreach ($this->ocMapping[$this->aclObject] as $oc){
300 unset($this->aclContents[$oc]);
301 unset($this->aclContents[$this->aclObject.'/'.$oc]);
302 if (isset($new_acl[$oc])){
303 $this->aclContents[$oc]= $new_acl[$oc];
304 }
305 if (isset($new_acl[$this->aclObject.'/'.$oc])){
306 $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
307 }
308 }
309 }
311 /* Save new acl in case of base edit mode */
312 if ($this->aclType == 'base' && !$firstedit){
313 $this->aclContents= $new_acl;
314 }
316 /* Cancel new acl? */
317 if (isset($_POST['cancel_new_acl'])){
318 $this->dialogState= 'head';
319 $this->dialog= FALSE;
320 if ($this->wasNewEntry){
321 unset ($this->gosaAclEntry[$this->currentIndex]);
322 }
323 }
325 /* Store ACL in main object? */
326 if (isset($_POST['submit_new_acl'])){
327 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
328 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
329 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
330 $this->dialogState= 'head';
331 $this->dialog= FALSE;
332 }
334 /* Cancel edit acl? */
335 if (isset($_POST['cancel_edit_acl'])){
336 $this->dialogState= 'create';
337 foreach ($this->ocMapping[$this->aclObject] as $oc){
338 if (isset($this->savedAclContents[$oc])){
339 $this->aclContents[$oc]= $this->savedAclContents[$oc];
340 }
341 }
342 }
344 /* Save edit acl? */
345 if (isset($_POST['submit_edit_acl'])){
346 $this->dialogState= 'create';
347 }
349 /* Add acl? */
350 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
351 $this->dialogState= 'edit';
352 $this->savedAclContents= array();
353 foreach ($this->ocMapping[$this->aclObject] as $oc){
354 if (isset($this->aclContents[$oc])){
355 $this->savedAclContents[$oc]= $this->aclContents[$oc];
356 }
357 }
358 }
360 /* Add to list? */
361 if (isset($_POST['add']) && isset($_POST['source'])){
362 foreach ($_POST['source'] as $key){
363 if ($this->target == 'user'){
364 $this->recipients[$key]= $this->users[$key];
365 }
366 if ($this->target == 'group'){
367 $this->recipients[$key]= $this->groups[$key];
368 }
369 }
370 ksort($this->recipients);
371 }
373 /* Remove from list? */
374 if (isset($_POST['del']) && isset($_POST['recipient'])){
375 foreach ($_POST['recipient'] as $key){
376 unset($this->recipients[$key]);
377 }
378 }
380 /* Save common values */
381 foreach (array("aclType", "aclObject", "target") as $key){
382 if (isset($_POST[$key])){
383 $this->$key= validate($_POST[$key]);
384 }
385 }
387 /* Create templating instance */
388 $smarty= get_smarty();
390 if ($this->dialogState == 'head'){
391 /* Draw list */
392 $aclList= new DivSelectBox("aclList");
393 $aclList->SetHeight(450);
395 /* Fill in entries */
396 foreach ($this->gosaAclEntry as $key => $entry){
397 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
398 $field2= array("string" => $this->assembleAclSummary($entry));
399 $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
400 $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
401 $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
402 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
404 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
405 $aclList->AddEntry(array($field1, $field2, $field3));
406 }
408 $smarty->assign("aclList", $aclList->DrawList());
409 }
411 if ($this->dialogState == 'create'){
412 /* Draw list */
413 $aclList= new DivSelectBox("aclList");
414 $aclList->SetHeight(150);
416 /* Add settings for all categories to the (permanent) list */
417 foreach ($this->aclObjects as $section => $dsc){
418 $summary= "";
419 foreach($this->ocMapping[$section] as $oc){
420 if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
421 $this->aclContents[$oc][0] != ""){
423 $summary.= "$oc, ";
424 continue;
425 }
426 if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) &&
427 $this->aclContents["$section/$oc"][0] != ""){
429 $summary.= "$oc, ";
430 continue;
431 }
432 if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
433 $summary.= "$oc, ";
434 }
435 }
437 /* Set summary... */
438 if ($summary == ""){
439 $summary= '<i>'._("No ACL settings for this category").'</i>';
440 } else {
441 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
442 }
444 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
445 $field2= array("string" => $summary);
446 $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$section' title='"._("Edit categories ACLs")."'>";
447 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$section' title='"._("Clear categories ACLs")."'>";
448 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
449 $aclList->AddEntry(array($field1, $field2, $field3));
450 }
452 $smarty->assign("aclList", $aclList->DrawList());
453 $smarty->assign("aclType", $this->aclType);
454 $smarty->assign("aclTypes", $this->aclTypes);
455 $smarty->assign("target", $this->target);
456 $smarty->assign("targets", $this->targets);
458 /* Assign possible target types */
459 $smarty->assign("targets", $this->targets);
460 foreach ($this->attributes as $attr){
461 $smarty->assign($attr, $this->$attr);
462 }
465 /* Generate list */
466 $tmp= array();
467 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
468 if ($this->target == $field){
469 foreach ($this->$arr as $key => $value){
470 if (!isset($this->recipients[$key])){
471 $tmp[$key]= $value;
472 }
473 }
474 }
475 }
476 $smarty->assign('sources', $tmp);
477 $smarty->assign('recipients', $this->recipients);
479 /* Acl selector if scope is base */
480 if ($this->aclType == 'base'){
481 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
482 }
484 /* Role selector if scope is base */
485 if ($this->aclType == 'role'){
486 $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
487 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
488 }
489 }
491 if ($this->dialogState == 'edit'){
492 $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
494 /* Collect objects for selected category */
495 foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
496 if ($idx == 0){
497 continue;
498 }
499 $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
500 }
501 if ($this->aclObject == 'all'){
502 $aclObjects['all']= _("All objects in current subtree");
503 }
505 /* Role selector if scope is base */
506 if ($this->aclType == 'role'){
507 $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
508 } else {
509 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
510 }
511 }
513 /* Show main page */
514 $smarty->assign("dialogState", $this->dialogState);
516 return ($smarty->fetch (get_template_path('acl.tpl')));
517 }
520 function sort_by_priority($list)
521 {
522 $tmp= get_global('plist');
523 $plist= $tmp->info;
524 asort($plist);
525 $newSort = array();
527 foreach($list as $name => $translation){
528 $na = preg_replace("/^.*\//","",$name);
529 $prio = 0;
530 if(isset($plist[$na]['plPriority'])){
531 $prio= $plist[$na]['plPriority'] ;
532 }
534 $newSort[$name] = $prio;
535 }
537 asort($newSort);
539 $ret = array();
540 foreach($newSort as $name => $prio){
541 $ret[$name] = $list[$name];
542 }
543 return($ret);
544 }
547 function buildRoleSelector($list)
548 {
549 $D_List =new DivSelectBox("Acl_Roles");
551 $selected = $this->aclContents;
552 if(!isset($list[$this->aclContents])){
553 $selected = key($list);
554 }
556 $str ="";
557 foreach($list as $dn => $values){
559 if($dn == $selected){
560 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
561 }else{
562 $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
563 }
565 $field1 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
566 $field2 = array("string" => $values['description']) ;
567 $field3 = array("string" => $option, "attach" => "style='border-right:0px;'") ;
569 $D_List->AddEntry(array($field1,$field2,$field3));
570 }
571 return($D_List->DrawList());
572 }
575 function buildAclSelector($list)
576 {
577 $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
578 $cols= 3;
579 $tmp= get_global('plist');
580 $plist= $tmp->info;
581 asort($plist);
583 /* Add select all/none buttons */
584 $style = "style='width:100px;'";
586 $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
587 $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
588 $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
589 $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
590 $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
592 $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
593 $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
595 $display .= "<br>";
597 $style = "style='width:50px;'";
598 $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
599 $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
600 $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
601 $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
602 $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
603 $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
604 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
605 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
606 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
607 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
609 $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
610 $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
611 $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
612 $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
614 /* Build general objects */
615 $list =$this->sort_by_priority($list);
616 foreach ($list as $key => $name){
618 /* Create sub acl if it does not exist */
619 if (!isset($this->aclContents[$key])){
620 $this->aclContents[$key]= array();
621 $this->aclContents[$key][0]= '';
622 }
623 $currentAcl= $this->aclContents[$key];
625 /* Object header */
626 if($_SESSION['js']) {
627 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
628 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
629 "\n <tr>".
630 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
631 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
632 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
633 "\n </tr>";
634 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
635 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
636 "\n <tr>".
637 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
638 "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
639 "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
640 "\n </tr>";
641 } else {
642 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
643 "\n <tr>".
644 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
645 "\n </tr>";
646 }
647 } else {
648 $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
649 "\n <tr>".
650 "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
651 "\n </tr>";
652 }
654 /* Generate options */
655 $spc= " ";
656 if ($this->isContainer && $this->aclType != 'base'){
657 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $currentAcl[0])).$spc;
658 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $currentAcl[0])).$spc;
659 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $currentAcl[0])).$spc;
660 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
661 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
662 }
663 } else {
664 $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $currentAcl[0])).$spc;
665 $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $currentAcl[0])).$spc;
666 if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
667 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
668 }
669 }
671 /* Global options */
672 $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $currentAcl[0])).$spc;
673 $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $currentAcl[0]));
675 $display.= "\n <tr>".
676 "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
677 "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
678 "\n </tr>";
680 /* Walk through the list of attributes */
681 $cnt= 1;
682 $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
683 asort($splist);
684 if($_SESSION['js']) {
685 if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
686 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
687 "\n <td colspan=".$cols.">".
688 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
689 "\n <table style='width:100%;'>";
690 } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
691 $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
692 "\n <td colspan=".$cols.">".
693 "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
694 "\n <table style='width:100%;'>";
695 }
696 }
697 foreach($splist as $attr => $dsc){
699 /* Skip pl* attributes, they are internal... */
700 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
701 continue;
702 }
704 /* Open table row */
705 if ($cnt == 1){
706 $display.= "\n <tr>";
707 }
709 /* Close table row */
710 if ($cnt == $cols){
711 $cnt= 1;
712 $rb= "";
713 $end= "\n </tr>";
714 } else {
715 $cnt++;
716 $rb= "border-right:1px solid #A0A0A0;";
717 $end= "";
718 }
720 /* Collect list of attributes */
721 $state= "";
722 if (isset($currentAcl[$attr])){
723 $state= $currentAcl[$attr];
724 }
725 $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
726 "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
727 }
729 /* Fill missing td's if needed */
730 if (--$cnt != $cols && $cnt != 0){
731 $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
732 }
734 if($_SESSION['js']) {
735 if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
736 $display.= "\n </table>".
737 "\n </div>".
738 "\n </td>".
739 "\n </tr>";
740 }
741 }
743 $display.= "\n</table><br />\n";
744 }
746 return ($display);
747 }
750 function mkchkbx($name, $text, $state= FALSE)
751 {
752 $state= $state?"checked":"";
753 return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
754 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
755 }
758 function mkrwbx($name, $state= "")
759 {
760 $rstate= preg_match('/r/', $state)?'checked':'';
761 $wstate= preg_match('/w/', $state)?'checked':'';
762 return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
763 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
764 "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
765 "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
766 }
769 function explodeACL($acl)
770 {
771 list($index, $type)= split(':', $acl);
772 $a= array( $index => array("type" => $type,
773 "members" => acl::extractMembers($acl,$type == "role")));
775 /* Handle different types */
776 switch ($type){
778 case 'psub':
779 case 'sub':
780 case 'one':
781 case 'base':
782 $a[$index]['acl']= acl::extractACL($acl);
783 break;
785 case 'role':
786 $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
787 break;
789 case 'reset':
790 break;
792 default:
793 print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
794 $a= array();
795 }
796 return ($a);
797 }
800 function extractMembers($acl,$role = FALSE)
801 {
802 global $config;
803 $a= array();
805 /* Rip acl off the string, seperate by ',' and place it in an array */
806 if($role){
807 $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
808 }else{
809 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
810 }
811 if ($ms == $acl){
812 return $a;
813 }
814 $ma= split(',', $ms);
816 /* Decode dn's, fill with informations from LDAP */
817 $ldap= $config->get_ldap_link();
818 foreach ($ma as $memberdn){
819 $dn= base64_decode($memberdn);
820 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
822 /* Found entry... */
823 if ($ldap->count()){
824 $attrs= $ldap->fetch();
825 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
826 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
827 } else {
828 $a['G:'.$dn]= $attrs['cn'][0];
829 if (isset($attrs['description'][0])){
830 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
831 }
832 }
834 /* ... or not */
835 } else {
836 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
837 }
838 }
840 return ($a);
841 }
844 function extractACL($acl)
845 {
846 /* Rip acl off the string, seperate by ',' and place it in an array */
847 $as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
848 $aa= split(',', $as);
849 $a= array();
851 /* Dis-assemble single ACLs */
852 foreach($aa as $sacl){
854 /* Dis-assemble field ACLs */
855 $ao= split('#', $sacl);
856 $gobject= "";
857 foreach($ao as $idx => $ssacl){
859 /* First is department with global acl */
860 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
861 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
862 if ($idx == 0){
863 /* Create hash for this object */
864 $gobject= $object;
865 $a[$gobject]= array();
867 /* Append ACL if set */
868 if ($gacl != ""){
869 $a[$gobject]= array($gacl);
870 }
871 } else {
873 /* All other entries get appended... */
874 list($field, $facl)= split(';', $ssacl);
875 $a[$gobject][$field]= $facl;
876 }
878 }
879 }
881 return ($a);
882 }
885 function assembleAclSummary($entry)
886 {
887 $summary= "";
889 /* Summarize ACL */
890 if (isset($entry['acl'])){
891 $acl= "";
893 if($entry['type'] == "role"){
895 if(isset($this->roles[$entry['acl']])){
896 $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
897 }else{
898 $summary.= sprintf(_("Role: %s"), "<i>"._("Unknown role, possibly removed")."</i>");
899 }
900 }else{
901 foreach ($entry['acl'] as $name => $object){
902 if (count($object)){
903 $acl.= "$name, ";
904 }
905 }
906 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
907 }
908 }
910 /* Summarize members */
911 if ($summary != ""){
912 $summary.= ", ";
913 }
914 if (count($entry['members'])){
915 $summary.= _("Members:")." ";
916 foreach ($entry['members'] as $cn){
917 $cn= preg_replace('/ \[.*$/', '', $cn);
918 $summary.= $cn.", ";
919 }
920 } else {
921 $summary.= _("ACL is valid for all users");
922 }
924 return (preg_replace('/, $/', '', $summary));
925 }
928 function loadAclEntry($new= FALSE)
929 {
930 /* New entry gets presets... */
931 if ($new){
932 $this->aclType= 'base';
933 $this->recipients= array();
934 $this->aclContents= array();
935 } else {
936 $acl= $this->gosaAclEntry[$this->currentIndex];
937 $this->aclType= $acl['type'];
938 $this->recipients= $acl['members'];
939 $this->aclContents= $acl['acl'];
940 }
942 $this->wasNewEntry= $new;
943 }
946 function aclPostHandler()
947 {
948 if (isset($_POST['save_acl'])){
949 $this->save();
950 return TRUE;
951 }
953 return FALSE;
954 }
957 function save()
958 {
959 /* Assemble ACL's */
960 $tmp_acl= array();
961 foreach ($this->gosaAclEntry as $prio => $entry){
962 $final= "";
963 $members= "";
964 if (isset($entry['members'])){
965 foreach ($entry['members'] as $key => $dummy){
966 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
967 }
968 }
970 if($entry['type'] != "role"){
971 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
972 }else{
973 $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
974 }
976 /* ACL's if needed */
977 if ($entry['type'] != "reset" && $entry['type'] != "role"){
978 $acl= ":";
979 if (isset($entry['acl'])){
980 foreach ($entry['acl'] as $object => $contents){
982 /* Only save, if we've some contents in there... */
983 if (count($contents)){
984 $acl.= $object.";";
986 foreach($contents as $attr => $permission){
988 /* First entry? Its the one for global settings... */
989 if ($attr == '0'){
990 $acl.= $permission;
991 } else {
992 $acl.= '#'.$attr.';'.$permission;
993 }
995 }
996 $acl.= ',';
997 }
999 }
1000 }
1001 $final.= preg_replace('/,$/', '', $acl);
1002 }
1004 $tmp_acl[]= $final;
1005 }
1007 /* Call main method */
1008 plugin::save();
1010 /* Finally (re-)assign it... */
1011 $this->attrs['gosaAclEntry']= $tmp_acl;
1013 /* Remove acl from this entry if it is empty... */
1014 if (!count($tmp_acl)){
1015 /* Remove attribute */
1016 if ($this->initially_was_account){
1017 $this->attrs['gosaAclEntry']= array();
1018 } else {
1019 if (isset($this->attrs['gosaAclEntry'])){
1020 unset($this->attrs['gosaAclEntry']);
1021 }
1022 }
1024 /* Remove object class */
1025 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
1026 }
1028 /* Do LDAP modifications */
1029 $ldap= $this->config->get_ldap_link();
1030 $ldap->cd($this->dn);
1031 $this->cleanup();
1032 $ldap->modify ($this->attrs);
1034 show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
1036 /* Refresh users ACLs */
1037 $ui= get_userinfo();
1038 $ui->loadACL();
1039 $_SESSION['ui']= $ui;
1040 }
1043 function remove_from_parent()
1044 {
1045 }
1047 }
1049 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1050 ?>