1 <?php
2 /*
3 This code is part of GOsa (https://gosa.gonicus.de)
4 Copyright (C) 2003-2006 - Cajus Pollmeier <pollmeier@gonicus.de>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
22 class aclManagement extends plugin
23 {
24 /* Plugin definitions */
25 var $plHeadline = "ACLs";
26 var $plDescription = "This does something";
28 /* Dialog attributes */
29 var $acltabs = NULL;
30 var $ui = NULL;
31 var $acl = "";
32 var $DivListACL = NULL;
35 function aclManagement($config, $ui)
36 {
37 /* Save configuration for internal use */
38 $this->config = $config;
39 $this->ui = $ui;
41 /* Creat dialog object */
42 $this->DivListACL = new divListACL($this->config,$this);
43 }
46 function execute()
47 {
48 /* Call parent execute */
49 plugin::execute();
51 $_SESSION['LOCK_VARS_TO_USE'] = array("/^list_acl_edit/","/^list_acl_del/","/list_edit_entry/","/^id_/");
53 $smarty = get_smarty(); // Smarty instance
54 $s_action = ""; // Contains the action to be taken
55 $s_entry = ""; // The value for s_action
57 /* Edit entry button pressed? */
58 if( isset($_GET['act']) && $_GET['act'] == "list_edit_entry" ){
59 $s_action= "edit";
60 $s_entry= validate($_GET['id']);
61 }
63 $types = array("del"=>"^list_acl_del","edit"=>"^list_acl_edit");
65 /* Test relevant POST values */
66 foreach($_POST as $key => $val){
68 /* Get every possible POST combination and set s_action/s_entry accordingly */
69 foreach($types as $act => $name){
71 if (preg_match("/".$name.".*/", $key)){
72 $s_action= $act;
73 $s_entry= preg_replace("/".$name."_/i", "", $key);
74 }
75 }
76 }
78 /* Remove coordinate prefix from POST, required by some browsers */
79 $s_entry= preg_replace("/_.$/", "", $s_entry);
81 /* Seperate possibly encoded tab and entry, default to tab "acl" */
82 if(preg_match("/.*-.*/", $s_entry)){
83 $s_tab= preg_replace("/^[^-]*-/i", "" ,$s_entry);
84 $s_entry= preg_replace("/-[^-]*$/i", "", $s_entry);
85 }else{
86 $s_tab= "generic";
87 }
90 /********************
91 Edit existing entry
92 ********************/
94 if (($s_action=="edit") && (!isset($this->acltabs->config))){
96 /* Get 'dn' from posted acl, must be unique */
97 $this->dn= $this->list[trim($s_entry)]['dn'];
99 /* Check permissions */
100 if(preg_match("/r/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){
102 /* Check locking, save current plugin in 'back_plugin', so
103 the dialog knows where to return. */
104 if (($acl= get_lock($this->dn)) != ""){
105 return(gen_locked_message ($acl, $this->dn));
106 }
108 /* Lock the current entry, so everyone will get the above dialog */
109 add_lock ($this->dn, $this->ui->dn);
111 /* Register acltabs to trigger edit dialog */
112 $this->acltabs= new acl($this->config, NULL,$this->dn);
113 $this->acltabs-> set_acl_base($this->dn);
114 $this->acltabs-> set_acl_category("acl");
116 /* Switch tab, if it was requested by user */
117 $this->acltabs->current = $s_tab;
119 /* Set ACL and move DN to the headline */
120 $_SESSION['objectinfo']= $this->dn;
121 }else{
122 print_red(_("You are not allowed to edit this acl."));
123 }
124 }
127 /********************
128 Edit canceled
129 ********************/
130 if(isset($_POST['delete_lock'])){
131 del_lock ($this->dn);
132 unset($_SESSION['objectinfo']);
133 }
135 /* Reset all relevant data, if we get a _cancel request */
136 if (isset($_POST['edit_cancel'])){
137 if (isset($this->acltabs)){
138 del_lock ($this->dn);
139 unset ($this->acltabs);
140 }
141 $this->acltabs= NULL;
142 unset ($_SESSION['objectinfo']);
143 }
146 /********************
147 Delete entry requested, display confirm dialog
148 ********************/
150 /* Remove acl was requested */
151 if ($s_action=="del"){
153 /* Get 'dn' from posted acl */
154 $this->dn= $this->list[trim($s_entry)]['dn'];
156 /* Check permissions */
157 if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){
158 /* Check locking, save current plugin in 'back_plugin', so
159 the dialog knows where to return. */
160 if (($acl= get_lock($this->dn)) != ""){
161 $_SESSION['LOCK_VARS_TO_USE'] = array("/^list_acl_edit/","/^list_acl_del/","/^id_/");
162 return(gen_locked_message ($acl, $this->dn));
163 }
165 /* Lock the current entry, so nobody will edit it during deletion */
166 add_lock ($this->dn, $this->ui->dn);
167 $smarty->assign("info", sprintf(_("You're about to delete the acl %s."), @LDAP::fix($this->dn)));
168 return($smarty->fetch(get_template_path('remove.tpl', TRUE)));
169 } else {
171 /* Obviously the acl isn't allowed to delete. Show message and
172 clean session. */
173 print_red (_("You are not allowed to delete this acl!"));
174 }
175 }
178 /********************
179 Delete entry confirmed
180 ********************/
182 /* Confirmation for deletion has been passed. Acl should be deleted. */
183 if (isset($_POST['delete_acl_confirmed'])){
185 /* Check permissions */
186 if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){
188 /* Delete request is permitted, perform LDAP action */
189 $this->acltabs= new acl($this->config, NULL,$this->dn);
190 $this->acltabs->delete ();
191 gosa_log ("ACL object '".$this->dn."' has been removed");
192 unset ($this->acltabs);
193 $this->acltabs= NULL;
194 } else {
196 /* Normally this shouldn't be reached, send some extra
197 logs to notify the administrator */
198 print_red (_("You are not allowed to delete this acl!"));
200 if(isset($this->ui->uid)){
201 gosa_log ("Warning: '".$this->ui->uid."' tried to trick acl deletion.");
202 }
203 }
205 /* Remove lock file after successfull deletion */
206 del_lock ($this->dn);
207 }
210 /********************
211 Delete entry Canceled
212 ********************/
214 /* Delete acl canceled? */
215 if (isset($_POST['delete_cancel'])){
216 del_lock ($this->dn);
217 }
220 /********************
221 Edit entry finished (Save)
222 ********************/
224 /* Finish acl edit is triggered by the tabulator dialog, so
225 the acl wants to save edited data. Check and save at this
226 point. */
227 if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->acltabs->config))){
229 /* Check tabs, will feed message array */
230 $this->acltabs->last= $this->acltabs->current;
231 $this->acltabs->save_object();
232 $message= $this->acltabs->check();
234 /* Save, or display error message? */
235 if (count($message) == 0){
237 /* Save acl data to ldap */
238 if($this->acltabs->save() == 1){
239 gosa_log ("ACL object '".$this->dn."' saving failed.");
240 return;
241 }
242 gosa_log ("ACL object '".$this->dn."' has been saved");
244 if (!isset($_POST['edit_apply'])){
246 /* ACl has been saved successfully, remove lock from LDAP. */
247 if ($this->dn != "new"){
248 del_lock ($this->dn);
249 }
251 unset ($this->acltabs);
252 $this->acltabs= NULL;
253 unset ($_SESSION['objectinfo']);
254 }
255 } else {
256 /* Ok. There seem to be errors regarding to the tab data,
257 show message and continue as usual. */
258 show_errors($message);
259 }
260 }
263 /********************
264 Display subdialog
265 ********************/
267 /* Show tab dialog if object is present */
268 if(isset($this->acltabs->config)){
270 /* Save object */
271 $this->acltabs->save_object();
272 $display= $this->acltabs->execute();
274 /* Don't show buttons if tab dialog requests this */
275 if(isset($this->acltabs)){
277 /* Skip displaying save/cancel if there is a sub dialog open */
278 if (!$this->acltabs->dialog){
279 $display.= "<p style=\"text-align:right\">\n";
280 $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\""._("Ok")."\">\n";
281 $display.= " \n";
283 /* Skip Apply if it is a new entry */
284 #if ($this->dn != "new"){
285 # $display.= "<input type=submit name=\"edit_apply\" value=\""._("Apply")."\">\n";
286 # $display.= " \n";
287 #}
289 $display.= "<input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
290 $display.= "</p>";
291 }
292 }
293 return ($display);
294 }
296 /* Check if there is a snapshot dialog open */
297 $base = $this->DivListACL->selectedBase;
298 if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases())){
299 return($str);
300 }
302 /* Return rendered main page */
303 /* Display dialog with system list */
304 $this->DivListACL->parent = $this;
305 $this->DivListACL->execute();
307 /* Add departments if subsearch is disabled */
308 if(!$this->DivListACL->SubSearch){
309 $this->DivListACL->AddDepartments($this->DivListACL->selectedBase,3);
310 }
311 $this->reload();
312 $this->DivListACL->setEntries($this->list);
313 return($this->DivListACL->Draw());
314 }
317 function reload()
318 {
319 #FIXME Implement regex objectClass and so on ...
320 /* Get divlist informations from filter part */
321 $Regex = $this->DivListACL -> Regex;
322 $SubSearch = $this->DivListACL -> SubSearch;
323 $base = $_SESSION['CurrentMainBase'];
324 $Attrs = array("ou","gosaAclEntry","objectClass");
325 $res = $tmp = array(); // Will contain temporary results
326 $ldap = $this->config->get_ldap_link();
327 $Filter = "(&(objectClass=gosaACL)(gosaAclEntry=*))";
329 /* Fetch following structures, this will be used if !$SubSearch */
330 $fetch_this = array(
331 "ME" => array("TYPE" => "cat" , "FLAGS" => GL_SIZELIMIT ,"BASE"=>""),
332 "SYSTEMS" => array("TYPE" => "search" , "FLAGS" => GL_SIZELIMIT | GL_SUBSEARCH ,"BASE"=>"ou=systems,"),
333 "APPS" => array("TYPE" => "search" , "FLAGS" => GL_SIZELIMIT | GL_SUBSEARCH ,"BASE"=>"ou=apps,"),
334 "PEOPLE" => array("TYPE" => "search" , "FLAGS" => GL_SIZELIMIT | GL_SUBSEARCH ,"BASE"=>get_people_ou()),
335 "GROUPS" => array("TYPE" => "search" , "FLAGS" => GL_SIZELIMIT | GL_SUBSEARCH ,"BASE"=>get_groups_ou()));
337 /* Subsearch ? */
338 if($SubSearch){
340 /* Get all object in this base */
341 $Flags = GL_SIZELIMIT | GL_SUBSEARCH;
342 $fetch_base = $base;
343 $res = get_list($Filter, "acl", $fetch_base, $Attrs, $Flags);
345 }else{
346 foreach($fetch_this as $type => $data){
348 /* Get requried attributes */
349 $Flags = $data['FLAGS'];
350 $fetch_base = $data['BASE'].$base;
351 $Type = $data['TYPE'];
353 /* Check if method is cat or search */
354 if($Type == "search"){
355 $tmp = get_list($Filter, "acl", $fetch_base, $Attrs, $Flags);
356 }else{
357 $ldap->cat($fetch_base,$Attrs);
358 $tmp = array($ldap->fetch());
359 }
360 $res = array_merge($res,$tmp);
361 }
362 }
363 $this->list = $res;
364 }
367 function remove_lock()
368 {
369 /* Remove acl lock if a DN is marked as "currently edited" */
370 if (isset($this->acltabs->dn)){
371 del_lock ($this->acltabs->dn);
372 }
373 }
376 function save_object()
377 {
378 /* Handle divlist filter && department selection*/
379 if(!is_object($this->acltabs)){
380 $this->DivListACL->save_object();
381 }
382 }
384 /* A set of disabled and therefore overloaded functions. They are
385 not needed in this class. */
386 function remove_from_parent() { }
387 function check() { }
389 function save() {
390 echo "SAVE ACL";
391 }
393 function adapt_from_template($dn) { }
394 function password_change_needed() { }
397 /* Return plugin informations for acl handling */
398 function plInfo()
399 {
400 return (array(
401 "plShortName" => _("ACL"),
402 "plDescription" => _("ACL")." - ("._("Access control list").")",
403 "plSelfModify" => FALSE,
404 "plDepends" => array(),
405 "plPriority" => 0,
406 "plSection" => array("administration"),
407 "plCategory" => array("acl" => array("description" => _("ACL")." "._("Access control list"),
408 "objectClass" => "gosaACL")),
409 "plProvidedAcls"=> array(
410 "Dummy" => _("I don't know Jack"))
412 ));
413 }
415 }
416 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
417 ?>