config = &$config;
$this->dn = $dn;
$this->parent = $parent;
// Replace this with a user defined one later.
$ui = get_userinfo();
$this->validateUid = $ui->uid;
$this->validateDn = $ui->dn;
// Build class mapping - only once, will not change during session.
if(!session::is_set('aclConverter::classMapping')){
$tmp= session::global_get('plist');
$plist= $tmp->info;
$map = array();
foreach($plist as $class => $plInfo){
if(isset($plInfo['plCategory']) && is_array($plInfo['plCategory'])){
foreach($plInfo['plCategory'] as $category => $desc){
if(!is_numeric($category)){
$map[$category] = $desc['description'];
}
}
}
}
foreach($plist as $class => $plInfo){
if(isset($plInfo['plCategory']) && is_array($plInfo['plCategory'])){
foreach($plInfo['plCategory'] as $category => $desc){
if(!is_numeric($category)){
$map[$category."/".$class] = $map[$category]." - ".$plInfo['plDescription'];
}else{
$map[$desc."/".$class] = $map[$desc]." - ".$plInfo['plDescription'];
}
}
}
}
session::set('aclConverter::classMapping', $map);
}
$this->classMapping = session::get('aclConverter::classMapping');
// Define ACL type translations
$this->aclTypes= array("reset" => _("Reset ACLs"),
"one" => _("One level"),
"base" => _("Current object"),
"sub" => _("Complete subtree"),
"psub" => _("Complete subtree (permanent)"),
"role" => _("Use ACL defined in role"));
// Enforce to reload acl result
$this->renderedList = "";
}
function reload()
{
// Go through all ACLs and get those matching the objects dn.
$ui = get_userinfo();
$ui->reset_acl_cache();
$ui->loadACL();
// Get ACL category for the current object.
if(isset($this->parent->acl_category) && !empty($this->parent->acl_category)){
$this->acl_category = preg_replace("/\/$/","",$this->parent->acl_category);
}
foreach($ui->allACLs as $dn => $acls){
if(preg_match("/".preg_quote($dn,'/')."$/i", $this->dn)){
// Foreach dn there is a collection of ACLs indexed by their priority
foreach($acls as $prio => $acl){
if($acl['type'] == "reset"){
$this->affectingACLs[$dn][$prio] = $acl;
continue;
}else{
// Only get those entries with a relevant acl-category
foreach($acl['acl'] as $category => $attributes){
if(preg_match("/^all($|\/)/", $category) ||
preg_match("/^".$this->acl_category."($|\/)/", $category)){
$this->affectingACLs[$dn][$prio] = $acl;
continue;
}
}
}
}
}
}
}
/*! \brief Create a human readable HTML result
*/
function getReadableACL()
{
if(isset($_POST['aclTarget'])){
$d = get_post('aclTarget');
if(isset($this->userMap[$d])){
$this->validateDn = $this->userMap[$d]['dn'];
$this->validateUid = $this->userMap[$d]['uid'][0];
$this->renderedList = "";
}
}
if(empty($this->renderedList)){
$this->reload();
// Autocompleter template
$autocompleter ="
".image("images/lists/submit.png","aclTargetSubmit");
// Base template - each entry start with this
$tpl =
"\n ".
"\n %s ".
"\n %s %s
".
"\n %s";
// If the acl consists of a user-object-filter then this template is used.
$filter_tpl =
"\n ".
"\n "._("Filter")." ";
// Used to display ACL owner of type "group"
$gmem_tpl =
"\n ".
"\n "._("Groups")." ";
// Used to display ACL owner of type "user"
$umem_tpl =
"\n ".
"\n "._("Users")." ";
// Used to display the acl contents, except 'reset' and 'role'
$acl_tpl =
"\n ".
"\n "._("Acls")." ";
$user = "".sprintf(_("List of effective ACLs for '%s'"), $this->validateUid)." ";
$str = "";
$str .= " ".$user." ".$autocompleter."
";
$str .= "";
$str .= "
";
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ui = get_userinfo();
foreach($this->affectingACLs as $dn => $acls){
foreach($acls as $acl){
// Prepare entry icon (department or element?)
$image = (isset($this->config->idepartments[$dn]))? "images/select_department.png":"images/lists/element.png";
// The acl type (sub,psub,reset...)
$aclType = $this->aclTypes[$acl['type']];
// Does the filter match for current object?
$filter ="";
$match = TRUE;
if(!empty($acl['filter'])){
$match = $ldap->object_match_filter($this->dn,$acl['filter']);
$filter= $acl['filter'];
if(!$match){
$filter= "".$filter." ";
}
}
// Check membership
$gmem = $umem = "";
$users = $groups = array();
$found = FALSE;
foreach($acl['members'] as $type => $name){
// Check if we're part of the members
if(preg_match("/^U:/", $type)){
if(preg_match("/^U:".preg_quote($this->validateDn,'/')."/", $type)){
$users[] = $name;
$found = TRUE;
continue;
}
$users[] = "".$name." ";
}
// Check if we're part of the group members
if(preg_match("/^G/", $type)){
if($type == "G:*"){
$found = TRUE;
$groups[] = $name;
continue;
}
if(preg_match("/^G:/", $type)){
$gdn = preg_replace("/^G:/","",$type);
$ldap->cat($gdn,array('memberUid'));
if($ldap->count()){
$attrs = $ldap->fetch();
if(isset($attrs['memberUid']) && in_array($this->validateUid, $attrs['memberUid'])){
$found = TRUE;
$groups[] = $name;
continue;
}
}
}
// Mark groups that doesn't match
$groups[] = "".$name." ";
}
}
// Build up ACL definition list
$defs ="";
if($acl['type']!='reset'){
foreach($acl['acl'] as $type => $acl){
if(isset($this->classMapping[$type])){
$defs .= "".$this->classMapping[$type].": ".$this->aclToString($acl)." ";
}else{
$defs .= "".$type.": ".$this->aclToString($acl)." ";
}
}
}
// Display the acl block in a special color if its not matching
$class="";
if(!$found || !$match){
$class = "acl-viewer-blocked";
}
if(!empty($filter)) $filter =sprintf($filter_tpl,$class,$filter);
if(!empty($defs)) $defs = sprintf($acl_tpl,$class,$defs);
if(count($users)) $umem = sprintf($umem_tpl,$class,"".implode($users,' ')." ");
if(count($groups)) $gmem = sprintf($gmem_tpl,$class,"".implode($groups,' ')." ");
$str.= sprintf($tpl,$class, image($image), $dn, $aclType, $filter.$gmem.$umem.$defs);
}
}
$str .= "
";
$str .= "
";
foreach($acls as $name => $acl){
if($name == "0") $name = _("All");
$str .= "".$name.": ";
$str .= "";
if(preg_match("/s/", $acl)){
$str.=""._("Restrict changes to user's own object").' "._("read").' ';
if(preg_match("/w/", $acl)) $str.=""._("write").' ';
if(preg_match("/c/", $acl)) $str.=""._("create").' ';
if(preg_match("/d/", $acl)) $str.=""._("remove").' ';
if(preg_match("/m/", $acl)) $str.=""._("move").' ';
$str.= " ";
}
return($str." ");
}
function processAutocomplete()
{
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
$ldap->search("(&(objectClass=gosaAccount)(|(sn=*".get_post('aclTarget')."*)".
"(uid=*".get_post('aclTarget')."*)(givenName=*".get_post('aclTarget')."*)))",
array('uid','dn','sn','givenName'));
echo "";
while($attrs = $ldap->fetch()){
$display = $attrs['givenName'][0]." ".$attrs['sn'][0]." [".$attrs['uid'][0]."]";
echo "{$display} ";
$this->userMap[$display] = $attrs;
}
echo " ";
}
}
?>