1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003-2006 - Cajus Pollmeier <pollmeier@gonicus.de>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
22 class aclManagement extends plugin
23 {
24 /* Plugin definitions */
25 var $plHeadline = "ACLs";
26 var $plDescription = "This does something";
28 /* Dialog attributes */
29 var $acltabs = NULL;
30 var $ui = NULL;
31 var $acl = "";
32 var $DivListACL = NULL;
34 function aclManagement($config, $ui)
35 {
36 /* Save configuration for internal use */
37 $this->config = $config;
38 $this->ui = $ui;
40 /* Creat dialog object */
41 $this->DivListACL = new divListACL($this->config,$this);
42 }
45 function execute()
46 {
47 /* Call parent execute */
48 plugin::execute();
50 $smarty = get_smarty(); // Smarty instance
51 $s_action = ""; // Contains the action to be taken
52 $s_entry = ""; // The value for s_action
54 /* Edit entry button pressed? */
55 if( isset($_GET['act']) && $_GET['act'] == "edit_entry" ){
56 $s_action= "edit";
57 $s_entry= validate($_GET['id']);
58 }
60 $types = array("del"=>"acl_del","edit"=>"acl_edit");
62 /* Test relevant POST values */
63 foreach($_POST as $key => $val){
65 /* Get every possible POST combination and set s_action/s_entry accordingly */
66 foreach($types as $act => $name){
68 if (preg_match("/".$name.".*/", $key)){
69 $s_action= $act;
70 $s_entry= preg_replace("/".$name."_/i", "", $key);
71 }
72 }
73 }
75 /* Remove coordinate prefix from POST, required by some browsers */
76 $s_entry= preg_replace("/_.$/", "", $s_entry);
78 /* Seperate possibly encoded tab and entry, default to tab "acl" */
79 if(preg_match("/.*-.*/", $s_entry)){
80 $s_tab= preg_replace("/^[^-]*-/i", "" ,$s_entry);
81 $s_entry= preg_replace("/-[^-]*$/i", "", $s_entry);
82 }else{
83 $s_tab= "generic";
84 }
86 /********************
87 Edit existing entry
88 ********************/
90 if (($s_action=="edit") && (!isset($this->acltabs->config))){
92 /* Get 'dn' from posted acl, must be unique */
93 $this->dn= $this->list[trim($s_entry)]['dn'];
95 /* Check locking, save current plugin in 'back_plugin', so
96 the dialog knows where to return. */
97 if (($acl= get_lock($this->dn)) != ""){
98 $_SESSION['LOCK_VARS_TO_USE'] = array("/^acl_edit/","/^acl_del/","/^id_/");
99 return(gen_locked_message ($acl, $this->dn));
100 }
102 /* Lock the current entry, so everyone will get the above dialog */
103 add_lock ($this->dn, $this->ui->dn);
105 /* Set up the ACL's for this 'dn' */
106 $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
108 /* Register acltabs to trigger edit dialog */
109 $this->acltabs= new acl($this->config, $this->dn);
111 /* Switch tab, if it was requested by user */
112 $this->acltabs->current = $s_tab;
114 /* Set ACL and move DN to the headline */
115 $_SESSION['objectinfo']= $this->dn;
116 }
119 /********************
120 Edit canceled
121 ********************/
123 /* Reset all relevant data, if we get a _cancel request */
124 if (isset($_POST['edit_cancel']) || isset($_POST['cancel_new_acl'])){
125 if (isset($this->acltabs)){
126 del_lock ($this->dn);
127 unset ($this->acltabs);
128 }
129 $this->acltabs= NULL;
130 unset ($_SESSION['objectinfo']);
131 }
134 /********************
135 Delete entry requested, display confirm dialog
136 ********************/
138 /* Remove acl was requested */
139 if ($s_action=="del"){
141 /* Get 'dn' from posted acl */
142 $this->dn= $this->list[trim($s_entry)]['dn'];
144 /* Load permissions for selected 'dn' and check if
145 we're allowed to remove this 'dn' */
146 $acl = get_permissions ($this->dn, $this->ui->subtreeACL);
147 $this->acl= get_module_permission($acl, "acl", $this->dn);
148 if (chkacl($this->acl, "delete") == ""){
150 /* Check locking, save current plugin in 'back_plugin', so
151 the dialog knows where to return. */
152 if (($acl= get_lock($this->dn)) != ""){
153 $_SESSION['LOCK_VARS_TO_USE'] = array("/^acl_edit/","/^acl_del/","/^id_/");
154 return(gen_locked_message ($acl, $this->dn));
155 }
157 /* Lock the current entry, so nobody will edit it during deletion */
158 add_lock ($this->dn, $this->ui->dn);
159 $smarty->assign("info", sprintf(_("You're about to delete the acl %s."), @LDAP::fix($this->dn)));
160 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
161 } else {
163 /* Obviously the acl isn't allowed to delete. Show message and
164 clean session. */
165 print_red (_("You are not allowed to delete this acl!"));
166 }
167 }
170 /********************
171 Delete entry confirmed
172 ********************/
174 /* Confirmation for deletion has been passed. Acl should be deleted. */
175 if (isset($_POST['delete_acl_confirmed'])){
177 /* Some nice guy may send this as POST, so we've to check
178 for the permissions again. */
179 if (chkacl($this->acl, "delete") == ""){
181 /* Delete request is permitted, perform LDAP action */
182 $this->acltabs= new acl($this->config, $this->dn);
183 $this->acltabs->delete ();
184 gosa_log ("ACL object '".$this->dn."' has been removed");
185 unset ($this->acltabs);
186 $this->acltabs= NULL;
187 } else {
189 /* Normally this shouldn't be reached, send some extra
190 logs to notify the administrator */
191 print_red (_("You are not allowed to delete this acl!"));
193 if(isset($this->ui->uid)){
194 gosa_log ("Warning: '".$this->ui->uid."' tried to trick acl deletion.");
195 }
196 }
198 /* Remove lock file after successfull deletion */
199 del_lock ($this->dn);
200 }
203 /********************
204 Delete entry Canceled
205 ********************/
207 /* Delete acl canceled? */
208 if (isset($_POST['delete_cancel'])){
209 del_lock ($this->dn);
210 }
213 /********************
214 Edit entry finished (Save)
215 ********************/
217 /* Finish acl edit is triggered by the tabulator dialog, so
218 the acl wants to save edited data. Check and save at this
219 point. */
220 if ((isset($_POST['submit_new_acl']) || isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->acltabs->config))){
222 /* Check tabs, will feed message array */
223 $this->acltabs->last= $this->acltabs->current;
224 $this->acltabs->save_object();
225 $message= $this->acltabs->check();
227 /* Save, or display error message? */
228 if (count($message) == 0){
230 /* Save acl data to ldap */
231 if($this->acltabs->save() == 1){
232 gosa_log ("ACL object '".$this->dn."' saving failed.");
233 return;
234 }
235 gosa_log ("ACL object '".$this->dn."' has been saved");
237 if (!isset($_POST['edit_apply'])){
239 /* ACl has been saved successfully, remove lock from LDAP. */
240 if ($this->dn != "new"){
241 del_lock ($this->dn);
242 }
244 unset ($this->acltabs);
245 $this->acltabs= NULL;
246 unset ($_SESSION['objectinfo']);
247 }
248 } else {
249 /* Ok. There seem to be errors regarding to the tab data,
250 show message and continue as usual. */
251 show_errors($message);
252 }
253 }
256 /********************
257 Display subdialog
258 ********************/
260 /* Show tab dialog if object is present */
261 if(isset($this->acltabs->config)){
262 $display= $this->acltabs->execute();
264 /* Don't show buttons if tab dialog requests this */
265 # if(isset($this->acltabs->by_object)){
266 # if (!$this->acltabs->dialog){
267 # $display.= "<p style=\"text-align:right\">\n";
268 # $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\""._("Ok")."\">\n";
269 # $display.= " \n";
270 # if ($this->dn != "new"){
271 # $display.= "<input type=submit name=\"edit_apply\" value=\""._("Apply")."\">\n";
272 # $display.= " \n";
273 # }
274 # $display.= "<input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
275 # $display.= "</p>";
276 # }
277 # }
278 return ($display);
279 }
281 /* Check if there is a snapshot dialog open */
282 $base = $this->DivListACL->selectedBase;
283 if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases())){
284 return($str);
285 }
287 /* Return rendered main page */
288 /* Display dialog with system list */
289 $this->DivListACL->parent = $this;
290 $this->DivListACL->execute();
292 /* Add departments if subsearch is disabled */
293 if(!$this->DivListACL->SubSearch){
294 $this->DivListACL->AddDepartments($this->DivListACL->selectedBase,3);
295 }
296 $this->reload();
297 $this->DivListACL->setEntries($this->list);
298 return($this->DivListACL->Draw());
299 }
302 /* Return departments, that will be included within snapshot detection */
303 function get_used_snapshot_bases()
304 {
305 return(array(get_people_ou().$this->DivListACL->selectedBase));
306 }
309 function reload()
310 {
311 #FIXME Implement regex objectClass and so on ...
312 /* Get divlist informations from filter part */
313 $Regex = $this->DivListACL -> Regex;
314 $SubSearch = $this->DivListACL -> SubSearch;
315 $base = $_SESSION['CurrentMainBase'];
316 $Attrs = array("ou","gosaAclEntry","objectClass");
318 /* Get ldap connection */
319 $ldap = $this->config->get_ldap_link();
320 $ldap->cd($base);
322 /* Create filter */
323 $Filter = "objectClass=gosaACL";
324 $Flags = GL_SIZELIMIT;
326 /* Subserach ? */
327 if($SubSearch){
328 $Flags |= GL_SUBSEARCH;
329 }
331 /* Get objects */
332 $res= get_list($Filter, $this->ui->subtreeACL,$base, $Attrs, $Flags);
334 $this->list = $res;
335 }
338 function remove_lock()
339 {
340 /* Remove acl lock if a DN is marked as "currently edited" */
341 if (isset($this->acltabs->dn)){
342 del_lock ($this->acltabs->dn);
343 }
344 }
347 function save_object()
348 {
349 /* Handle divlist filter && department selection*/
350 if(!is_object($this->acltabs)){
351 $this->DivListACL->save_object();
352 }
353 }
355 /* A set of disabled and therefore overloaded functions. They are
356 not needed in this class. */
357 function remove_from_parent() { }
358 function check() { }
359 function save() { }
360 function adapt_from_template($dn) { }
361 function password_change_needed() { }
362 function show_header($button_text, $text, $disabled= FALSE) { }
364 }
365 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
366 ?>