plugins/admin/groups/class_groupAcl.inc

   1 <?php
   2
   3
   4 /* FIXME: the complete acl stuff will be redesigned to be more intuitive,
   5           which will be possible after introducing templates for html pages.
   6           just be patient. */
   7
   8
   9 class acl extends plugin
  10 {
  11   /* CLI vars */
  12   var $cli_summary= "Manage group ACL's";
  13   var $cli_description= "Some longer text\nfor help";
  14   var $cli_parameters= array("eins" => "Eins ist toll", "zwei" => "Zwei ist noch besser");
  15
  16   /* Helpers */
  17   var $department= "";
  18   var $objects= array();
  19   var $object= "";
  20   var $current_acl= "";
  21   var $selfflag= FALSE;
  22   var $tacl= "";
  23
  24   var $gosaSubtreeACL;
  25
  26   /* attribute list for save action */
  27   var $attributes= array("gosaSubtreeACL");
  28   var $objectclasses= array("gosaObject");
  29
  30   var $CopyPasteVars = array("current_acl");
  31
  32   function acl ($config, $dn= NULL, $parent= NULL)
  33   {
  34         plugin::plugin($config, $dn, $parent);
  35
  36         /* WorkAround */
  37         include "acl_definition.inc";
  38         $this->objects= $ACLD;
  39         $tmp= array_keys($this->objects);
  40         $this->object= reset($tmp);
  41
  42         $this->selfflag= FALSE;
  43         if (isset($this->attrs['gosaSubtreeACL'][0])){
  44                 $this->current_acl= preg_replace("/^[^:]*:/", "", $this->attrs['gosaSubtreeACL'][0]);
  45                 if (preg_match("/^!:/", $this->attrs['gosaSubtreeACL'][0])){
  46                         $this->selfflag= TRUE;
  47                 }
  48         }
  49
  50         /* This is allways true */
  51         $this->is_account= TRUE;
  52   }
  53
  54   function execute()
  55   {
  56         if (chkacl($this->acl, 'acl') != ""){
  57                 $display= "<b>"._("You have no permissions to view and edit ACLs.")."</b>";
  58
  59                 return ($display);
  60         }
  61
  62         /* Call parent execute */
  63         plugin::execute();
  64
  65         /* Do we represent a valid group? */
  66         if (!$this->is_account && $this->parent == NULL){
  67                 $display= "<img alt=\"\" src=\"images/stop.png\" align=\"middle\">&nbsp;<b>".
  68                 _("This 'dn' is no acl container.")."</b>";
  69                 return ($display);
  70         }
  71
  72         /* Show main page */
  73         $smarty= get_smarty();
  74         if ($_SESSION['js']==FALSE){
  75                 $smarty->assign("javascript", "false");
  76         } else {
  77                 $smarty->assign("javascript", "true");
  78         }
  79         $smarty->assign("object", $this->object);
  80         $obj= array();
  81         foreach($this->objects as $key => $value){
  82                 $obj[$key]= $key;
  83         }
  84         if ($this->selfflag){
  85                 $smarty->assign("selfflag", "checked");
  86         } else {
  87                 $smarty->assign("selfflag", "");
  88         }
  89         $smarty->assign("objects", $obj);
  90         $display= $smarty->fetch (get_template_path('acl.tpl', TRUE));
  91
  92         /* Show acl stuff */
  93         $this->tacl= get_module_permission (array($this->current_acl), $this->object, "");
  94         $display.= $this->print_attributes ($this->objects[$this->object]);
  95         return ($display);
  96   }
  97
  98
  99   function remove_from_parent()
 100   {
 101         plugin::remove_from_parent();
 102
 103         $this->attrs['gosaSubtreeACL']= array();
 104
 105         $ldap= $this->config->get_ldap_link();
 106         $ldap->cd($this->dn);
 107         $this->cleanup();
 108         $ldap->modify ($this->attrs);
 109         show_ldap_error($ldap->get_error(), _("Removing ACL information failed"));
 110   }
 111
 112
 113   /* Save data to object */
 114   function save_object()
 115   {
 116         if (chkacl($this->acl, 'acl') == ""){
 117                 plugin::save_object();
 118
 119                 if (!isset($_POST['object'])){
 120                         return;
 121                 }
 122
 123                 /* Strip of old information */
 124                 if ($this->object == "all"){
 125                         $this->current_acl= preg_replace ( "/[,]?all[,]?/", "", $this->current_acl);
 126                 }
 127                 $this->current_acl= preg_replace ( "/(^|[^a-z0-9A-Z])$this->object#[^,]*[,]?/", ",", $this->current_acl);
 128
 129                 /* assemble new attributes */
 130                 $attrs= "";
 131                 if (isset($_POST['all'])){
 132                         $attrs.= "#all";
 133                 }
 134                 if ($this->object != "all" && !isset($_POST['all']) && $this->object != ""){
 135                         foreach ($this->objects[$this->object] as $key => $val){
 136                                 if (is_integer($key)){
 137                                         $aname= $val;
 138                                 } else {
 139                                         $aname= $key;
 140                                 }
 141                                 if (isset($_POST[$aname])){
 142                                         $attrs.= "#$aname";
 143                                 }
 144                         }
 145                 }
 146
 147                 /* append information */
 148                 if ($attrs != ""){
 149                         $tmp= $this->object;
 150                         $attrs= $tmp.$attrs;
 151                 }
 152                 if ($this->current_acl != "" && $attrs != ""){
 153                         $this->current_acl.= ",";
 154                 }
 155                 $this->current_acl.= $attrs;
 156                 if (preg_match("/all#all/", $this->current_acl)){
 157                         $this->current_acl= "all";
 158                 }
 159                 if (preg_match("/^all,/", $this->current_acl)){
 160                         $this->current_acl= "all";
 161                 }
 162
 163                 /* Save current object selection */
 164                 if (isset($_POST['object'])){
 165                         $this->object= $_POST['object'];
 166                 }
 167                 if (isset($_POST['selfflag'])){
 168                         $this->selfflag= TRUE;
 169                 } else {
 170                         $this->selfflag= FALSE;
 171                 }
 172
 173                 /* Remove double colons, strip trailing colon... */
 174                 $this->current_acl= preg_replace("/,,/", ",", $this->current_acl);
 175                 $this->current_acl= preg_replace("/,$/", "", $this->current_acl);
 176                 $this->current_acl= preg_replace("/^,/", "", $this->current_acl);
 177         }
 178   }
 179
 180
 181   /* Save to LDAP */
 182   function save()
 183   {
 184         /* Write back to LDAP */
 185         $ldap= $this->config->get_ldap_link();
 186
 187         /* Read stuff and only modify subtreeACL entries */
 188         plugin::save();
 189
 190         if ($this->current_acl != ""){
 191                 if ($this->selfflag){
 192                         $this->attrs['gosaSubtreeACL']= "!:".$this->current_acl;
 193                 } else {
 194                         $this->attrs['gosaSubtreeACL']= ":".$this->current_acl;
 195                 }
 196         } else {
 197                 $objectclasses= array();
 198                 foreach ($this->attrs['objectClass'] as $oc){
 199                         if (!preg_match('/gosaObject/i', $oc)){
 200                                 $objectclasses[]= $oc;
 201                         }
 202                 }
 203                 $this->attrs['objectClass']= $objectclasses;
 204                 $this->attrs['gosaSubtreeACL']= array();
 205         }
 206
 207         /* Modify class */
 208         $ldap->cd($this->dn);
 209         $this->cleanup();
 210         $ldap->modify ($this->attrs);
 211
 212         show_ldap_error($ldap->get_error(), _("Saving ACL information failed"));
 213   }
 214
 215
 216   function print_attributes ($name)
 217   {
 218         $display= "<input type=checkbox name=\"all\" value=\"1\"";
 219         if (chkacl ($this->tacl, "all") == ""){
 220                 $display.= " checked";
 221         }
 222         $display.= "><b>"._("All fields are writeable")."</b><br>";
 223
 224         # Put strings in right order
 225         asort ($name);
 226
 227         # Generate checklist
 228         $display.= "<table summary=\"\" style=\"width:100%;\">\n";
 229         $switch= 0;
 230         foreach ($name as $key => $val){
 231                 if ($switch == 0){
 232                         $display.= " <tr>\n";
 233                 }
 234
 235                 if (is_integer($key)){
 236                         $display.= "<td><input type=checkbox name=\"$val\" value=\"1\" ";
 237                         if (chkacl ($this->tacl, "$val") == ""){
 238                                 $display.= "checked";
 239                         }
 240                         $display.= ">$val</td>";
 241                 } else {
 242                         $display.= "<td><input type=checkbox name=\"$key\" value=\"1\"";
 243                         if (chkacl ($this->tacl, "$key") == ""){
 244                                 $display.= "checked";
 245                         }
 246                         $display.= ">"._($val)."</td>";
 247                 }
 248
 249                 if ($switch++ == 1){
 250                         $display.= " </tr>\n";
 251                         $switch= 0;
 252                 }
 253         }
 254
 255         if ($switch == 1){
 256                 $display.= "<td></td></tr>";
 257         }
 258         $display.= "</table>\n";
 259
 260         return ($display);
 261   }
 262
 263 }
 264
 265 ?>