![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
bbfdefc4ba027ef02c1c16c384b36b0386e49f7f
1 <?php
3 class acl extends plugin
4 {
5 /* Definitions */
6 var $plHeadline= "Access control";
7 var $plDescription= "This does something";
9 /* attribute list for save action */
10 var $attributes= array('gosaAclEntry');
11 var $objectclasses= array('gosaAcl');
13 /* Helpers */
14 var $dialogState= "head";
15 var $gosaAclEntry= array();
16 var $aclType= "";
17 var $aclObject= "";
18 var $aclContents= array();
19 var $target= "group";
20 var $aclTypes= array();
21 var $aclObjects= array();
22 var $aclMyObjects= array();
23 var $users= array();
24 var $groups= array();
25 var $recipients= array();
26 var $isContainer= FALSE;
27 var $currentIndex= 0;
28 var $wasNewEntry= FALSE;
29 var $ocMapping= array();
30 var $savedAclContents= array();
33 function acl ($config, $dn= NULL)
34 {
35 /* Include config object */
36 plugin::plugin($config, $dn);
38 /* Load ACL's */
39 $this->gosaAclEntry= array();
40 if (isset($this->attrs['gosaAclEntry'])){
41 for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
42 $acl= $this->attrs['gosaAclEntry'][$i];
43 $this->gosaAclEntry= array_merge($this->gosaAclEntry, $this->explodeACL($acl));
44 }
45 }
46 ksort($this->gosaAclEntry);
48 /* Container? */
49 if (preg_match('/^(ou|c|l|dc)=/i', $dn)){
50 $this->isContainer= TRUE;
51 }
53 /* Fill acl types */
54 if ($this->isContainer){
55 $this->aclTypes= array("reset" => _("Reset ACLs"),
56 "one" => _("One level"),
57 "base" => _("Current object"),
58 "sub" => _("Complete subtree"),
59 "psub" => _("Complete subtree (permanent)"),
60 "role" => _("Use ACL defined in role"));
61 } else {
62 $this->aclTypes= array("base" => _("Current object"),
63 "role" => _("Use ACL defined in role"));
64 }
65 asort($this->aclTypes);
66 $this->targets= array("user" => _("Users"), "group" => _("Groups"));
67 asort($this->targets);
69 /* Users */
70 $ui= get_userinfo();
71 $tag= $ui->gosaUnitTag;
72 $ldap= $config->get_ldap_link();
73 $ldap->cd($config->current['BASE']);
74 if ($tag == ""){
75 $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
76 } else {
77 $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
78 }
79 while ($attrs= $ldap->fetch()){
80 $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
81 }
82 ksort($this->users);
84 /* Groups */
85 $ldap->cd($config->current['BASE']);
86 if ($tag == ""){
87 $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
88 } else {
89 $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
90 }
91 while ($attrs= $ldap->fetch()){
92 $dsc= "";
93 if (isset($attrs['description'][0])){
94 $dsc= $attrs['description'][0];
95 }
96 $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
97 }
98 ksort($this->groups);
100 /* Objects */
101 $tmp= get_global('plist');
102 $plist= $tmp->info;
103 foreach ($plist as $class => $acls){
104 if (isset($acls['plDescription'])){
105 /* Only feed categories */
106 if (isset($acls['plDepends']['description'])){
107 $this->aclObjects[$acls['plDepends']['objectClass']]= $acls['plDepends']['description'];
108 }
110 /* Additionally filter the classes we're interested in in "self edit" mode */
111 if (in_array_ics($acls['plDepends']['objectClass'], $this->attrs['objectClass'])){
112 $this->myAclObjects[$class]= $acls['plDescription'];
113 }
114 }
115 }
116 asort($this->aclObjects);
118 /* Generate mapping object */
119 foreach ($plist as $oc => $pl){
120 if (isset($pl['plDepends']['objectClass'])){
121 $class= $pl['plDepends']['objectClass'];
122 if (!isset($this->ocMapping[$class])){
123 $this->ocMapping[$class]= array();
124 }
125 $this->ocMapping[$class][]= $oc;
126 }
127 }
128 }
131 function execute()
132 {
133 /* Call parent execute */
134 plugin::execute();
136 $tmp= get_global('plist');
137 $plist= $tmp->info;
139 /* Handle posts */
140 if (isset($_POST['new_acl'])){
141 $this->dialogState= 'create';
142 $this->currentIndex= count($this->gosaAclEntry);
143 $this->loadAclEntry(TRUE);
144 }
146 $new_acl= array();
147 $aclDialog= FALSE;
148 foreach($_POST as $name => $post){
150 /* Actions... */
151 if (preg_match('/^acl_edit_.*_x/', $name)){
152 $this->dialogState= 'create';
153 $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
154 $this->loadAclEntry();
155 continue;
156 }
157 if (preg_match('/^acl_del_.*_x/', $name)){
158 unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
159 continue;
160 }
162 if (preg_match('/^cat_edit_.*_x/', $name)){
163 $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
164 $this->dialogState= 'edit';
165 foreach ($this->ocMapping[$this->aclObject] as $oc){
166 if (isset($this->aclContents[$oc])){
167 $this->savedAclContents[$oc]= $this->aclContents[$oc];
168 }
169 }
170 continue;
171 }
172 if (preg_match('/^cat_del_.*_x/', $name)){
173 $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
174 foreach ($this->ocMapping[$idx] as $key){
175 unset($this->aclContents[$key]);
176 }
177 continue;
178 }
180 /* Sorting... */
181 if (preg_match('/^sortup_.*_x/', $name)){
182 $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
183 if ($index > 0){
184 $tmp= $this->gosaAclEntry[$index];
185 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
186 $this->gosaAclEntry[$index-1]= $tmp;
187 }
188 continue;
189 }
190 if (preg_match('/^sortdown_.*_x/', $name)){
191 $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
192 if ($index < count($this->gosaAclEntry)-1){
193 $tmp= $this->gosaAclEntry[$index];
194 $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
195 $this->gosaAclEntry[$index+1]= $tmp;
196 }
197 continue;
198 }
200 /* ACL saving... */
201 if (preg_match('/^acl_.*_[^xy]$/', $name)){
202 $aclDialog= TRUE;
203 list($dummy, $object, $attribute, $value)= split('_', $name);
205 /* Ordinary ACLs */
206 if (!isset($new_acl[$object])){
207 $new_acl[$object]= array();
208 }
209 if (isset($new_acl[$object][$attribute])){
210 $new_acl[$object][$attribute].= $value;
211 } else {
212 $new_acl[$object][$attribute]= $value;
213 }
214 }
216 }
218 /* Only be interested in new acl's, if we're in the right _POST place */
219 if ($aclDialog && isset($this->ocMapping[$this->aclObject])){
220 foreach ($this->ocMapping[$this->aclObject] as $oc){
221 unset($this->aclContents[$oc]);
222 if (isset($new_acl[$oc])){
223 $this->aclContents[$oc]= $new_acl[$oc];
224 }
225 }
226 }
228 /* Cancel new acl? */
229 if (isset($_POST['cancel_new_acl'])){
230 $this->dialogState= 'head';
231 if ($this->wasNewEntry){
232 unset ($this->gosaAclEntry[$this->currentIndex]);
233 }
234 }
236 /* Store ACL in mail object? */
237 if (isset($_POST['submit_new_acl'])){
238 $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
239 $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
240 $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
241 $this->dialogState= 'head';
242 }
244 /* Cancel edit acl? */
245 if (isset($_POST['cancel_edit_acl'])){
246 $this->dialogState= 'create';
247 foreach ($this->ocMapping[$this->aclObject] as $oc){
248 if (isset($this->savedAclContents[$oc])){
249 $this->aclContents[$oc]= $this->savedAclContents[$oc];
250 }
251 }
252 }
254 /* Save edit acl? */
255 if (isset($_POST['submit_edit_acl'])){
256 $this->dialogState= 'create';
257 }
259 /* Add acl? */
260 if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
261 $this->dialogState= 'edit';
262 $this->savedAclContents= array();
263 foreach ($this->ocMapping[$this->aclObject] as $oc){
264 if (isset($this->aclContents[$oc])){
265 $this->savedAclContents[$oc]= $this->aclContents[$oc];
266 }
267 }
268 }
270 /* Add to list? */
271 if (isset($_POST['add']) && isset($_POST['source'])){
272 foreach ($_POST['source'] as $key){
273 if ($this->target == 'user'){
274 $this->recipients[$key]= $this->users[$key];
275 }
276 if ($this->target == 'group'){
277 $this->recipients[$key]= $this->groups[$key];
278 }
279 }
280 ksort($this->recipients);
281 }
283 /* Remove from list? */
284 if (isset($_POST['del']) && isset($_POST['recipient'])){
285 foreach ($_POST['recipient'] as $key){
286 unset($this->recipients[$key]);
287 }
288 }
290 /* Save common values */
291 foreach (array("aclType", "aclObject", "target") as $key){
292 if (isset($_POST[$key])){
293 $this->$key= validate($_POST[$key]);
294 }
295 }
297 /* Create templating instance */
298 $smarty= get_smarty();
300 if ($this->dialogState == 'head'){
301 /* Draw list */
302 $aclList= new DivSelectBox("aclList");
303 $aclList->SetHeight(450);
305 /* Fill in entries */
306 foreach ($this->gosaAclEntry as $key => $entry){
307 $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
308 $field2= array("string" => $this->assembleAclSummary($entry));
309 $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
310 $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
311 $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
312 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
314 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px';text-align:right");
315 $aclList->AddEntry(array($field1, $field2, $field3));
316 }
318 $smarty->assign("aclList", $aclList->DrawList());
319 }
321 if ($this->dialogState == 'create'){
322 /* Draw list */
323 $aclList= new DivSelectBox("aclList");
324 $aclList->SetHeight(150);
326 /* Add settings for all categories to the (permanent) list */
327 foreach ($this->aclObjects as $oc => $dsc){
328 $summary= "";
329 foreach ($plist as $key => $plugin){
330 if (isset($plugin['plDepends']['objectClass']) && $plugin['plDepends']['objectClass'] == $oc &&
331 isset($this->aclContents[$key])){
332 if (count($this->aclContents[$key]) && isset($this->aclContents[$key][0]) &&
333 $this->aclContents[$key][0] != ""){
334 $summary.= "$key, ";
335 }
336 }
337 }
339 /* Set summary... */
340 if ($summary == ""){
341 $summary= _("No ACL settings for this category");
342 } else {
343 $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
344 }
346 $field1= array("string" => $dsc, "attach" => "style='width:100px'");
347 $field2= array("string" => $summary);
348 $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$oc' title='"._("Edit categories ACLs")."'>";
349 $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$oc' title='"._("Clear categories ACLs")."'>";
350 $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
351 $aclList->AddEntry(array($field1, $field2, $field3));
352 }
354 $smarty->assign("aclList", $aclList->DrawList());
355 $smarty->assign("aclType", $this->aclType);
356 $smarty->assign("aclTypes", $this->aclTypes);
357 $smarty->assign("target", $this->target);
358 $smarty->assign("targets", $this->targets);
360 /* Assign possible target types */
361 $smarty->assign("targets", $this->targets);
362 foreach ($this->attributes as $attr){
363 $smarty->assign($attr, $this->$attr);
364 }
367 /* Generate list */
368 $tmp= array();
369 foreach (array("user" => "users", "group" => "groups") as $field => $arr){
370 if ($this->target == $field){
371 foreach ($this->$arr as $key => $value){
372 if (!isset($this->recipients[$key])){
373 $tmp[$key]= $value;
374 }
375 }
376 }
377 }
378 $smarty->assign('sources', $tmp);
379 $smarty->assign('recipients', $this->recipients);
381 /* Acl selector if scope is base */
382 if ($this->aclType == 'base'){
383 $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
384 }
385 }
387 if ($this->dialogState == 'edit'){
388 $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
390 /* Collect objects for selected category */
391 $aclObjects= array();
392 foreach ($plist as $class => $acls){
393 if (isset($acls['plDepends']['objectClass']) && $acls['plDepends']['objectClass'] == $this->aclObject){
394 $aclObjects[$class]= $acls['plDescription'];
395 }
396 }
398 $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
399 }
401 /* Show main page */
402 $smarty->assign("dialogState", $this->dialogState);
403 return ($smarty->fetch (get_template_path('contents.tpl', TRUE)));
404 }
407 function buildAclSelector($list)
408 {
409 $display= "";
410 $cols= 4;
411 $tmp= get_global('plist');
412 $plist= $tmp->info;
413 asort($plist);
415 foreach ($list as $key => $name){
417 /* Create sub acl if it does not exist */
418 if (!isset($this->aclContents[$key])){
419 $this->aclContents[$key]= array();
420 }
421 if (!isset($this->aclContents[$key][0])){
422 $this->aclContents[$key][0]= '';
423 }
424 $currentAcl= $this->aclContents[$key];
426 /* Object header */
427 $display.= "<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2><tr><td style='background-color:#C8C8C8;height:1.8em' colspan=$cols><b>"._("Object").":</b> $name</td></tr>";
429 /* Generate options */
430 $spc= " ";
431 if ($this->isContainer && $this->aclType != 'base'){
432 $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $currentAcl[0])).$spc;
433 $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $currentAcl[0])).$spc;
434 $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $currentAcl[0])).$spc;
435 if ($plist[$key]['plSelfModify']){
436 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
437 }
438 } else {
439 $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $currentAcl[0])).$spc;
440 $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $currentAcl[0])).$spc;
441 if ($plist[$key]['plSelfModify']){
442 $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
443 }
444 }
446 $display.= "<tr><td style='background-color:#E0E0E0' colspan=$cols>$options</td></tr>";
448 /* Walk through the list of attributes */
449 $cnt= 1;
450 $splist= $plist[$key];
451 asort($splist);
452 foreach($splist as $attr => $dsc){
454 /* Skip pl* attributes, they are internal... */
455 if (preg_match('/^pl[A-Z]+.*$/', $attr)){
456 continue;
457 }
459 /* Open table row */
460 if ($cnt == 1){
461 $display.= "<tr>";
462 }
464 /* Close table row */
465 if ($cnt == $cols){
466 $cnt= 1;
467 $rb= "";
468 $end= "</tr>";
469 } else {
470 $cnt++;
471 $rb= "border-right:1px solid #A0A0A0;";
472 $end= "";
473 }
475 /* Collect list of attributes */
476 $state= "";
477 if (isset($currentAcl[$attr])){
478 $state= $currentAcl[$attr];
479 }
480 $display.= "<td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'><b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
481 }
483 /* Fill missing td's if needed */
484 if (--$cnt != $cols){
485 $display.= str_repeat("<td style='border-top:1px solid #A0A0A0'> </td>", $cols-$cnt);
486 }
488 $display.= "</table><br>";
489 }
491 return ($display);
492 }
495 function mkchkbx($name, $text, $state= FALSE)
496 {
497 $state= $state?"checked":"";
498 return "<input id='acl_$name' type=checkbox name='acl_$name' $state><label for='acl_$name'>$text</label>";
499 }
502 function mkrwbx($name, $state= "")
503 {
504 $rstate= preg_match('/r/', $state)?'checked':'';
505 $wstate= preg_match('/w/', $state)?'checked':'';
506 return ("<input id='acl_${name}_r' type=checkbox name='acl_${name}_r' $rstate><label for='acl_${name}_r'>"._("read")."</label>".
507 "<input id='acl_${name}_w' type=checkbox name='acl_${name}_w' $wstate><label for='acl_${name}_w'>"._("write")."</label>");
508 }
511 function explodeACL($acl)
512 {
513 list($index, $type)= split(':', $acl);
514 $a= array( $index => array("type" => $type,
515 "members" => $this->extractMembers($acl)));
517 /* Handle different types */
518 switch ($type){
520 case 'psub':
521 case 'sub':
522 case 'one':
523 case 'base':
524 $a[$index]['acl']= $this->extractACL($acl);
525 break;
527 case 'role':
528 echo "Role";
529 break;
531 case 'reset':
532 break;
534 default:
535 print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
536 $a= array();
537 }
539 return ($a);
540 }
543 function extractMembers($acl)
544 {
545 $a= array();
547 /* Rip acl off the string, seperate by ',' and place it in an array */
548 $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
549 if ($ms == $acl){
550 return $a;
551 }
552 $ma= split(',', $ms);
554 /* Decode dn's, fill with informations from LDAP */
555 $ldap= $this->config->get_ldap_link();
556 foreach ($ma as $memberdn){
557 $dn= base64_decode($memberdn);
558 $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
560 /* Found entry... */
561 if ($ldap->count()){
562 $attrs= $ldap->fetch();
563 if (in_array_ics('gosaAccount', $attrs['objectClass'])){
564 $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
565 } else {
566 $a['G:'.$dn]= $attrs['cn'][0];
567 if (isset($attrs['description'][0])){
568 $a['G:'.$dn].= " [".$attrs['description'][0]."]";
569 }
570 }
572 /* ... or not */
573 } else {
574 $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
575 }
576 }
578 return ($a);
579 }
582 function extractACL($acl)
583 {
584 /* Rip acl off the string, seperate by ',' and place it in an array */
585 $as= preg_replace('/^[^:]+:[^:]+:[^:]+:(.*)$/', '\1', $acl);
586 $aa= split(',', $as);
587 $a= array();
589 /* Dis-assemble single ACLs */
590 foreach($aa as $sacl){
592 /* Dis-assemble field ACLs */
593 $ao= split('#', $sacl);
594 $gobject= "";
595 foreach($ao as $idx => $ssacl){
597 /* First is department with global acl */
598 $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
599 $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
600 if ($idx == 0){
601 /* Create hash for this object */
602 $gobject= $object;
603 $a[$gobject]= array();
605 /* Append ACL if set */
606 if ($gacl != ""){
607 $a[$gobject]= array($gacl);
608 }
609 } else {
611 /* All other entries get appended... */
612 list($field, $facl)= split(';', $ssacl);
613 $a[$gobject][$field]= $facl;
614 }
616 }
617 }
619 return ($a);
620 }
623 function assembleAclSummary($entry)
624 {
625 $summary= "";
627 /* Summarize ACL */
628 if (isset($entry['acl'])){
629 $acl= "";
630 foreach ($entry['acl'] as $name => $object){
631 $acl.= "$name, ";
632 }
633 $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
634 }
636 /* Summarize members */
637 if ($summary != ""){
638 $summary.= ", ";
639 }
640 if (count($entry['members'])){
641 $summary.= _("Members:")." ";
642 foreach ($entry['members'] as $cn){
643 $cn= preg_replace('/ \[.*$/', '', $cn);
644 $summary.= $cn.", ";
645 }
646 } else {
647 $summary.= _("ACLs is valid for all users");
648 }
650 return (preg_replace('/, $/', '', $summary));
651 }
654 function loadAclEntry($new= FALSE)
655 {
656 /* New entry gets presets... */
657 if ($new){
658 $this->aclType= 'base';
659 $this->recipients= array();
660 $this->aclContents= array();
661 } else {
662 $acl= $this->gosaAclEntry[$this->currentIndex];
663 $this->aclType= $acl['type'];
664 $this->recipients= $acl['members'];
665 $this->aclContents= $acl['acl'];
666 }
668 $this->wasNewEntry= $new;
669 }
672 function aclPostHandler()
673 {
674 if (isset($_POST['save_acl'])){
675 $this->save();
676 return TRUE;
677 }
679 return FALSE;
680 }
683 function save()
684 {
685 /* Assemble ACL's */
686 $tmp_acl= array();
687 foreach ($this->gosaAclEntry as $prio => $entry){
688 $final= "";
689 $members= "";
690 foreach ($entry['members'] as $key => $dummy){
691 $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
692 }
693 $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
695 /* ACL's if needed */
696 if ($entry['type'] != "reset" && $entry['type'] != "role"){
697 $acl= ":";
698 foreach ($entry['acl'] as $object => $contents){
699 $acl.= $object.";";
701 foreach($contents as $attr => $permission){
703 /* First entry? Its the one for global settings... */
704 if ($attr == '0'){
705 $acl.= $permission;
706 } else {
707 $acl.= '#'.$attr.';'.$permission;
708 }
710 }
711 $acl.= ',';
713 }
714 $final.= preg_replace('/,$/', '', $acl);
715 }
717 $tmp_acl[]= $final;
718 }
720 /* Finally (re-)assign it... */
721 $this->gosaAclEntry= $tmp_acl;
723 /* Call main method */
724 plugin::save();
726 /* Remove acl from this entry if it is empty... */
727 if (!count($this->gosaAclEntry)){
728 /* Remove attribute */
729 if ($this->initially_was_account){
730 $attrs['gosaAclEntry']= array();
731 } else {
732 unset($attrs['gosaAclEntry']);
733 }
735 /* Remove object class */
736 $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
737 }
739 /* Do LDAP modifications */
740 $ldap= $this->config->get_ldap_link();
741 $ldap->cd($this->dn);
742 $this->cleanup();
743 $ldap->modify ($this->attrs);
745 show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
746 }
749 function remove_from_parent()
750 {
751 echo "remove_from_parent() called";
752 }
754 }
756 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
757 ?>