index f5b26e32f21effdef7c567bee067226cc8355290..0c3448e09f2a086c79025df542b1aa1eceec9de3 100644 (file)
<?php
<?php
-
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id$$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+/*! \brief ACL management plugin */
class acl extends plugin
{
/* Definitions */
var $plHeadline= "Access control";
class acl extends plugin
{
/* Definitions */
var $plHeadline= "Access control";
- var $plDescription= "This does something";
+ var $plDescription= "Manage access control lists";
/* attribute list for save action */
var $attributes= array('gosaAclEntry');
/* attribute list for save action */
var $attributes= array('gosaAclEntry');
var $target= "group";
var $aclTypes= array();
var $aclObjects= array();
var $target= "group";
var $aclTypes= array();
var $aclObjects= array();
+ var $aclFilter= "";
var $aclMyObjects= array();
var $users= array();
var $roles= array();
var $aclMyObjects= array();
var $users= array();
var $roles= array();
var $ocMapping= array();
var $savedAclContents= array();
var $myAclObjects = array();
var $ocMapping= array();
var $savedAclContents= array();
var $myAclObjects = array();
+ var $acl_category = "acl/";
+
+ var $list =NULL;
+
+ var $sectionList = NULL;
+ var $roleList = NULL;
function acl (&$config, $parent, $dn= NULL)
{
function acl (&$config, $parent, $dn= NULL)
{
$ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
}
while ($attrs= $ldap->fetch()){
$ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
}
while ($attrs= $ldap->fetch()){
- $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+
+ // Allow objects without cn to be listed without causing an error.
+ if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
+ }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
+ }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['dn'];
+ }else{
+ $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+ }
+
}
ksort($this->users);
/* Groups */
$ldap->cd($config->current['BASE']);
}
ksort($this->users);
/* Groups */
$ldap->cd($config->current['BASE']);
- if ($tag == ""){
+# if ($tag == ""){
$ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
$ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
- } else {
- $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
- }
+# } else {
+# $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
+# }
while ($attrs= $ldap->fetch()){
$dsc= "";
if (isset($attrs['description'][0])){
while ($attrs= $ldap->fetch()){
$dsc= "";
if (isset($attrs['description'][0])){
}
$this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
}
}
$this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
}
+ $this->groups['G:*']= _("All users");
ksort($this->groups);
/* Roles */
$ldap->cd($config->current['BASE']);
ksort($this->groups);
/* Roles */
$ldap->cd($config->current['BASE']);
- if ($tag == ""){
+# if ($tag == ""){
$ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
$ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
- } else {
- $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
- }
+# } else {
+# $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
+# }
while ($attrs= $ldap->fetch()){
$dsc= "";
if (isset($attrs['description'][0])){
while ($attrs= $ldap->fetch()){
$dsc= "";
if (isset($attrs['description'][0])){
}
/* Objects */
}
/* Objects */
- $tmp= get_global('plist');
+ $tmp= session::global_get('plist');
$plist= $tmp->info;
$cats = array();
if (isset($this->parent) && $this->parent !== NULL){
$plist= $tmp->info;
$cats = array();
if (isset($this->parent) && $this->parent !== NULL){
foreach ($this->parent->by_object as $key => $obj){
$oc= array_merge($oc, $obj->objectclasses);
if(isset($obj->acl_category)){
foreach ($this->parent->by_object as $key => $obj){
$oc= array_merge($oc, $obj->objectclasses);
if(isset($obj->acl_category)){
- $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
+ $tmp= str_replace("/","",$obj->acl_category);
+ $cats[$tmp] = $tmp;
}
}
if (in_array_ics('organizationalUnit', $oc)){
}
}
if (in_array_ics('organizationalUnit', $oc)){
/* Non numeric index means -> base object containing more informations */
if (preg_match('/^[0-9]+$/', $idx)){
/* Non numeric index means -> base object containing more informations */
if (preg_match('/^[0-9]+$/', $idx)){
+
if (!isset($this->ocMapping[$data])){
$this->ocMapping[$data]= array();
$this->ocMapping[$data][]= '0';
}
if(isset($cats[$data])){
if (!isset($this->ocMapping[$data])){
$this->ocMapping[$data]= array();
$this->ocMapping[$data][]= '0';
}
if(isset($cats[$data])){
- $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+ $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
}
$this->ocMapping[$data][]= $class;
} else {
}
$this->ocMapping[$data][]= $class;
} else {
/* Finally - we want to get saved... */
$this->is_account= TRUE;
/* Finally - we want to get saved... */
$this->is_account= TRUE;
+
+ $this->updateList();
+
+ // Prepare lists
+ $this->sectionList = new sortableListing();
+ $this->sectionList->setDeleteable(false);
+ $this->sectionList->setEditable(false);
+ $this->sectionList->setWidth("100%");
+ $this->sectionList->setHeight("120px");
+ $this->sectionList->setColspecs(array('200px','*'));
+ $this->sectionList->setHeader(array(_("Section"),_("Description")));
+ $this->sectionList->setDefaultSortColumn(1);
+ $this->sectionList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
+
+ $this->roleList = new sortableListing();
+ $this->roleList->setDeleteable(false);
+ $this->roleList->setEditable(false);
+ $this->roleList->setWidth("100%");
+ $this->roleList->setHeight("120px");
+ $this->roleList->setColspecs(array('20px','*','*'));
+ $this->roleList->setHeader(array(_("Used"),_("Name"),_("Description")));
+ $this->roleList->setDefaultSortColumn(1);
+ $this->roleList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
}
}
+
+ function updateList()
+ {
+ if(!$this->list){
+ $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE);
+ $this->list->setDeleteable(true);
+ $this->list->setEditable(true);
+ $this->list->setColspecs(array('*'));
+ $this->list->setWidth("100%");
+ $this->list->setHeight("400px");
+ $this->list->setAcl("rwcdm");
+ $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type")));
+ }
+
+
+ // Add ACL entries to the listing
+ $lData = array();
+ foreach($this->gosaAclEntry as $id => $entry){
+ $lData[] = $this->convertForListing($entry);
+ }
+ $this->list->setListData($this->gosaAclEntry, $lData);
+ }
+
+
+ function convertForListing($entry)
+ {
+ $member = implode($entry['members'],", ");
+ if(isset($entry['acl']) && is_array($entry['acl'])){
+ $acl = implode(array_keys($entry['acl']),", ");
+ }else{
+ $acl="";
+ }
+ return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']])));
+ }
+
+
function execute()
{
/* Call parent execute */
plugin::execute();
function execute()
{
/* Call parent execute */
plugin::execute();
-
- $tmp= get_global('plist');
+
+ $tmp= session::global_get('plist');
$plist= $tmp->info;
/* Handle posts */
$plist= $tmp->info;
/* Handle posts */
$new_acl= array();
$aclDialog= FALSE;
$firstedit= FALSE;
$new_acl= array();
$aclDialog= FALSE;
$firstedit= FALSE;
+
+ // Get listing actions. Delete or Edit.
+ $this->list->save_object();
+ $lAction = $this->list->getAction();
+ $this->gosaAclEntry = array_values($this->list->getMaintainedData());
+
+ /* Act on HTML post and gets here.
+ */
+ if($lAction['action'] == "edit"){
+ $this->currentIndex = $this->list->getKey($lAction['targets'][0]);
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->loadAclEntry();
+ }
+
foreach($_POST as $name => $post){
/* Actions... */
foreach($_POST as $name => $post){
/* Actions... */
- if (preg_match('/^acl_edit_.*_x/', $name)){
+ if (preg_match('/^acl_edit_[0-9]*$/', $name)){
$this->dialogState= 'create';
$firstedit= TRUE;
$this->dialog= TRUE;
$this->dialogState= 'create';
$firstedit= TRUE;
$this->dialog= TRUE;
- $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
+ $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
$this->loadAclEntry();
continue;
}
$this->loadAclEntry();
continue;
}
- if (preg_match('/^acl_del_.*_x/', $name)){
- unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
- continue;
- }
- if (preg_match('/^cat_edit_.*_x/', $name)){
- $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
+ if (preg_match('/^cat_edit_.*$/', $name)){
+ $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
$this->dialogState= 'edit';
foreach ($this->ocMapping[$this->aclObject] as $oc){
if (isset($this->aclContents[$oc])){
$this->dialogState= 'edit';
foreach ($this->ocMapping[$this->aclObject] as $oc){
if (isset($this->aclContents[$oc])){
}
continue;
}
}
continue;
}
- if (preg_match('/^cat_del_.*_x/', $name)){
- $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
- foreach ($this->ocMapping[$idx] as $key){
- unset($this->aclContents["$idx/$key"]);
- }
+
+ /* Only handle posts, if we allowed to modify ACLs */
+ if(!$this->acl_is_writeable("")){
continue;
}
continue;
}
- /* Sorting... */
- if (preg_match('/^sortup_.*_x/', $name)){
- $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
- if ($index > 0){
- $tmp= $this->gosaAclEntry[$index];
- $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
- $this->gosaAclEntry[$index-1]= $tmp;
- }
+ if (preg_match('/^acl_del_[0-9]*$/', $name)){
+ unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
continue;
}
continue;
}
- if (preg_match('/^sortdown_.*_x/', $name)){
- $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
- if ($index < count($this->gosaAclEntry)-1){
- $tmp= $this->gosaAclEntry[$index];
- $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
- $this->gosaAclEntry[$index+1]= $tmp;
+
+ if (preg_match('/^cat_del_.*$/', $name)){
+ $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
+ foreach ($this->ocMapping[$idx] as $key){
+ if(isset($this->aclContents[$idx]))
+ unset($this->aclContents[$idx]);
+ if(isset($this->aclContents["$idx/$key"]))
+ unset($this->aclContents["$idx/$key"]);
}
continue;
}
/* ACL saving... */
if (preg_match('/^acl_.*_[^xy]$/', $name)){
}
continue;
}
/* ACL saving... */
if (preg_match('/^acl_.*_[^xy]$/', $name)){
- $aclDialog= TRUE;
- list($dummy, $object, $attribute, $value)= split('_', $name);
+ list($dummy, $object, $attribute, $value)= explode('_', $name);
/* Skip for detection entry */
if ($object == 'dummy') {
/* Skip for detection entry */
if ($object == 'dummy') {
}
}
}
}
- if(isset($_POST['selected_role'])){
+ // Remember the selected ACL role.
+ if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
$this->aclContents = "";
$this->aclContents = base64_decode($_POST['selected_role']);
$this->aclContents = "";
$this->aclContents = base64_decode($_POST['selected_role']);
+ }else{
+ if(is_string($this->aclContents))
+ $this->aclContents = array();
}
}
}
}
-
- /* Only be interested in new acl's, if we're in the right _POST place */
- if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
- foreach ($this->ocMapping[$this->aclObject] as $oc){
- unset($this->aclContents[$oc]);
- unset($this->aclContents[$this->aclObject.'/'.$oc]);
- if (isset($new_acl[$oc])){
- $this->aclContents[$oc]= $new_acl[$oc];
- }
- if (isset($new_acl[$this->aclObject.'/'.$oc])){
- $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
+ if(isset($_POST['acl_dummy_0_0_0'])){
+ $aclDialog= TRUE;
+ }
+
+ if($this->acl_is_writeable("")){
+
+ /* Only be interested in new acl's, if we're in the right _POST place */
+ if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
+
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
+
+ if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
+ unset($this->aclContents[$oc]);
+ }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
+ unset($this->aclContents[$this->aclObject.'/'.$oc]);
+ }else{
+# trigger_error("Huhm?");
+ }
+ if (isset($new_acl[$oc]) && is_array($new_acl)){
+ $this->aclContents[$oc]= $new_acl[$oc];
+ }
+ if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
+ $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
+ }
}
}
}
}
- }
- /* Save new acl in case of base edit mode */
- if ($this->aclType == 'base' && !$firstedit){
- $this->aclContents= $new_acl;
+ /* Save new acl in case of base edit mode */
+ if ($this->aclType == 'base' && !$firstedit){
+ $this->aclContents= $new_acl;
+ }
}
/* Cancel new acl? */
}
/* Cancel new acl? */
}
}
}
}
+ /* Save common values */
+ if($this->acl_is_writeable("")){
+ foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
+ if (isset($_POST[$key])){
+ $this->$key= validate($_POST[$key]);
+ }
+ }
+ }
+
/* Store ACL in main object? */
if (isset($_POST['submit_new_acl'])){
$this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
$this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
$this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
/* Store ACL in main object? */
if (isset($_POST['submit_new_acl'])){
$this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
$this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
$this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
+ $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
$this->dialogState= 'head';
$this->dialog= FALSE;
}
$this->dialogState= 'head';
$this->dialog= FALSE;
}
}
}
}
}
- /* Save common values */
- foreach (array("aclType", "aclObject", "target") as $key){
- if (isset($_POST[$key])){
- $this->$key= validate($_POST[$key]);
- }
- }
-
/* Create templating instance */
$smarty= get_smarty();
/* Create templating instance */
$smarty= get_smarty();
- if ($this->dialogState == 'head'){
- /* Draw list */
- $aclList= new divSelectBox("aclList");
- $aclList->SetHeight(450);
-
- /* Fill in entries */
- foreach ($this->gosaAclEntry as $key => $entry){
- $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
- $field2= array("string" => $this->assembleAclSummary($entry));
- $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
- $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
- $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
-
- $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
- $aclList->AddEntry(array($field1, $field2, $field3));
- }
+ $smarty->assign("acl_readable",$this->acl_is_readable(""));
+ if(!$this->acl_is_readable("")){
+ return ($smarty->fetch (get_template_path('acl.tpl')));
+ }
- $smarty->assign("aclList", $aclList->DrawList());
+ if ($this->dialogState == 'head'){
+ $this->updateList();
+ $smarty->assign("aclList", $this->list->render());
}
if ($this->dialogState == 'create'){
}
if ($this->dialogState == 'create'){
- /* Draw list */
- $aclList= new divSelectBox("aclList");
- $aclList->SetHeight(150);
-
- /* Add settings for all categories to the (permanent) list */
- foreach ($this->aclObjects as $section => $dsc){
- $summary= "";
- foreach($this->ocMapping[$section] as $oc){
- if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
- $this->aclContents[$oc][0] != ""){
-
- $summary.= "$oc, ";
- continue;
- }
- if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) &&
- $this->aclContents["$section/$oc"][0] != ""){
- $summary.= "$oc, ";
- continue;
- }
- if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
- $summary.= "$oc, ";
- }
- }
- /* Set summary... */
- if ($summary == ""){
- $summary= '<i>'._("No ACL settings for this category").'</i>';
- } else {
- $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
- }
+ if($this->aclType != 'role'){
+
+ // Create a map of all used sections, this allows us to simply hide the remove button
+ // if no acl is configured for the given section
+ // e.g. ';all;department/country;users/user;
+ $usedList = ";".implode(array_keys($this->aclContents),';').";";
+
+ /* Add settings for all categories to the (permanent) list */
+ $data = $lData = array();
+ foreach ($this->aclObjects as $section => $dsc){
+ $summary= "";
+ foreach($this->ocMapping[$section] as $oc){
+ if (isset($this->aclContents[$oc]) &&
+ count($this->aclContents[$oc]) &&
+ isset($this->aclContents[$oc][0]) &&
+ $this->aclContents[$oc][0] != ""){
+
+ $summary.= "$oc, ";
+ continue;
+ }
+ if (isset($this->aclContents["$section/$oc"]) &&
+ count($this->aclContents["$section/$oc"])){
+ $summary.= "$oc, ";
+ continue;
+ }
+ if (isset($this->aclContents[$oc]) &&
+ !isset($this->aclContents[$oc][0]) &&
+ count($this->aclContents[$oc])){
+ $summary.= "$oc, ";
+ }
+ }
- $field1= array("string" => $dsc, "attach" => "style='width:100px'");
- $field2= array("string" => $summary);
- $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$section' title='"._("Edit categories ACLs")."'>";
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$section' title='"._("Clear categories ACLs")."'>";
- $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
- $aclList->AddEntry(array($field1, $field2, $field3));
- }
+ /* Set summary... */
+ if ($summary == ""){
+ $summary= '<i>'._("No ACL settings for this category!").'</i>';
+ } else {
+ $summary= trim($summary,", ");
+ $summary= " ".sprintf(_("ACLs for: %s"), $summary);
+ }
- $smarty->assign("aclList", $aclList->DrawList());
+ $actions ="";
+ if($this->acl_is_readable("")){
+ $actions.= image('images/lists/edit.png','cat_edit_'.$section,
+ msgPool::editButton(_("category ACL")));
+ }
+ if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){
+ $actions.= image('images/lists/trash.png','cat_del_'.$section,
+ msgPool::delButton(_("category ACL")));
+ }
+ $data[] = $section;
+ $lData[] = array('data'=>array($dsc, $summary, $actions));
+ }
+ $this->sectionList->setListData($data,$lData);
+ $this->sectionList->update();
+ $smarty->assign("aclList", $this->sectionList->render());
+ }
+
$smarty->assign("aclType", $this->aclType);
$smarty->assign("aclType", $this->aclType);
+ $smarty->assign("aclFilter", $this->aclFilter);
$smarty->assign("aclTypes", $this->aclTypes);
$smarty->assign("target", $this->target);
$smarty->assign("targets", $this->targets);
$smarty->assign("aclTypes", $this->aclTypes);
$smarty->assign("target", $this->target);
$smarty->assign("targets", $this->targets);
/* Generate list */
$tmp= array();
/* Generate list */
$tmp= array();
+ if ($this->target == "group" && !isset($this->recipients["G:*"])){
+ $tmp["G:*"]= _("All users");
+ }
foreach (array("user" => "users", "group" => "groups") as $field => $arr){
if ($this->target == $field){
foreach ($this->$arr as $key => $value){
foreach (array("user" => "users", "group" => "groups") as $field => $arr){
if ($this->target == $field){
foreach ($this->$arr as $key => $value){
/* Role selector if scope is base */
if ($this->aclType == 'role'){
/* Role selector if scope is base */
if ($this->aclType == 'role'){
- $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
$smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
}
}
if ($this->dialogState == 'edit'){
$smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
}
}
if ($this->dialogState == 'edit'){
- $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
+ $smarty->assign('headline', sprintf(_("Edit ACL for '%s' with scope '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
/* Collect objects for selected category */
foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
/* Collect objects for selected category */
foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
/* Show main page */
$smarty->assign("dialogState", $this->dialogState);
/* Show main page */
$smarty->assign("dialogState", $this->dialogState);
+
+ /* Assign acls */
+ $smarty->assign("acl_createable",$this->acl_is_createable());
+ $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
+ $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
+ $smarty->assign("acl_removeable",$this->acl_is_removeable());
return ($smarty->fetch (get_template_path('acl.tpl')));
}
return ($smarty->fetch (get_template_path('acl.tpl')));
}
function sort_by_priority($list)
{
function sort_by_priority($list)
{
- $tmp= get_global('plist');
+ $tmp= session::global_get('plist');
$plist= $tmp->info;
asort($plist);
$newSort = array();
$plist= $tmp->info;
asort($plist);
$newSort = array();
function buildRoleSelector($list)
{
function buildRoleSelector($list)
{
- $D_List =new divSelectBox("Acl_Roles");
-
$selected = $this->aclContents;
if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
$selected = key($list);
}
$selected = $this->aclContents;
if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
$selected = key($list);
}
- $str ="";
+ $data = $lData = array();
foreach($list as $dn => $values){
foreach($list as $dn => $values){
-
if($dn == $selected){
$option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
}else{
$option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
}
if($dn == $selected){
$option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
}else{
$option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
}
-
- $field1 = array("string" => $option) ;
- $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
- $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
-
- $D_List->AddEntry(array($field1,$field2,$field3));
+ $data[] = postEncode($dn);
+ $lData[] = array('data'=>array($option, $values['cn'], $values['description']));
}
}
- return($D_List->DrawList());
+ $this->roleList->setListData($data,$lData);
+ $this->roleList->update();
+ return($this->roleList->render());
}
}
{
$display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
$cols= 3;
{
$display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
$cols= 3;
- $tmp= get_global('plist');
+ $tmp= session::global_get('plist');
$plist= $tmp->info;
asort($plist);
/* Add select all/none buttons */
$style = "style='width:100px;'";
$plist= $tmp->info;
asort($plist);
/* Add select all/none buttons */
$style = "style='width:100px;'";
- $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
- $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
- $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
- $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
- $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
-
- $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
- $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
-
- $display .= "<br>";
-
- $style = "style='width:50px;'";
- $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
- $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
- $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
- $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
- $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
- $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
- $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
- $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
- $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
- $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
-
- $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
- $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
- $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
- $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
+ if($this->acl_is_writeable("")){
+ $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
+ $display .= "<button type='button' ".$style." name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
+ $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
+ $display .= "<button type='button' ".$style." name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
+ $display .= "<button type='button' ".$style." name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
+
+ $display .= "<button type='button' ".$style." name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
+ $display .= "<button type='button' ".$style." name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
+
+ $display .= "<br>";
+
+ $style = "style='width:50px;'";
+ $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
+ $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
+ $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
+ $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
+ $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
+
+ $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
+ $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
+ }
/* Build general objects */
$list =$this->sort_by_priority($list);
/* Build general objects */
$list =$this->sort_by_priority($list);
/* Create sub acl if it does not exist */
if (!isset($this->aclContents[$key])){
$this->aclContents[$key]= array();
/* Create sub acl if it does not exist */
if (!isset($this->aclContents[$key])){
$this->aclContents[$key]= array();
+ }
+ if(!isset($this->aclContents[$key][0])){
$this->aclContents[$key][0]= '';
}
$this->aclContents[$key][0]= '';
}
+
$currentAcl= $this->aclContents[$key];
$currentAcl= $this->aclContents[$key];
+ /* Get the overall plugin acls
+ */
+ $overall_acl ="";
+ if(isset($currentAcl[0])){
+ $overall_acl = $currentAcl[0];
+ }
+
+ // Detect configured plugins
+ $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
+
/* Object header */
/* Object header */
- if($_SESSION['js']) {
- if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
- $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
- "\n <tr>".
- "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
- "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
- "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
- "\n </tr>";
- } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
- $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
- "\n <tr>".
- "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
- "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
- "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
- "\n </tr>";
- } else {
- $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
- "\n <tr>".
- "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
- "\n </tr>";
- }
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
+
+ if($expand){
+ $back_color = "#C8C8FF";
+ }else{
+ $back_color = "#C8C8C8";
+ }
+
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
+ $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+ "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
+ "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
+ "\n </tr>";
+ } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
+ $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+ "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
+ "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
+ "\n </tr>";
} else {
} else {
- $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
- "\n <tr>".
- "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
- "\n </tr>";
+ $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
+ "\n </tr>";
}
/* Generate options */
$spc= " ";
}
/* Generate options */
$spc= " ";
- if ($this->isContainer && $this->aclType != 'base'){
- $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $currentAcl[0])).$spc;
- $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $currentAcl[0])).$spc;
- $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $currentAcl[0])).$spc;
- if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
- $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
- }
- } else {
- $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $currentAcl[0])).$spc;
- $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $currentAcl[0])).$spc;
- if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
- $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
- }
+ $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
+ $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
+ $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
+ if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
+ $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
}
/* Global options */
}
/* Global options */
- $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $currentAcl[0])).$spc;
- $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $currentAcl[0]));
+ $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
+ $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
$display.= "\n <tr>".
"\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
$display.= "\n <tr>".
"\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
/* Walk through the list of attributes */
$cnt= 1;
$splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
/* Walk through the list of attributes */
$cnt= 1;
$splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
- asort($splist);
- if($_SESSION['js']) {
- if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
- $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
+ if(session::global_get('js')) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
+ $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
"\n <td colspan=".$cols.">".
"\n <td colspan=".$cols.">".
- "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
- "\n <table style='width:100%;'>";
+ "\n <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
+ "\n <table style='width:100%;' summary='{$name}'>";
} else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
} else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
- $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
+ $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
"\n <td colspan=".$cols.">".
"\n <td colspan=".$cols.">".
- "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
- "\n <table style='width:100%;'>";
+ "\n <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
+ "\n <table style='width:100%;' summary='{$name}'>";
+ }else{
}
}
}
}
+
+
foreach($splist as $attr => $dsc){
/* Skip pl* attributes, they are internal... */
foreach($splist as $attr => $dsc){
/* Skip pl* attributes, they are internal... */
$display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
}
$display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
}
- if($_SESSION['js']) {
- if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
+ if(session::global_get('js')) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
$display.= "\n </table>".
"\n </div>".
"\n </td>".
$display.= "\n </table>".
"\n </div>".
"\n </td>".
function mkchkbx($name, $text, $state= FALSE)
{
$state= $state?"checked":"";
function mkchkbx($name, $text, $state= FALSE)
{
$state= $state?"checked":"";
- return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
- "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
+ if($this->acl_is_writeable("")){
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
+ return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
+ "\n <label for='acl_$tname'>$text</label>";
+ }else{
+ return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
+ }
}
}
{
$rstate= preg_match('/r/', $state)?'checked':'';
$wstate= preg_match('/w/', $state)?'checked':'';
{
$rstate= preg_match('/r/', $state)?'checked':'';
$wstate= preg_match('/w/', $state)?'checked':'';
- return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
- "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
- "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
- "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
+
+ if($this->acl_is_writeable("")){
+ return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
+ "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
+ "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
+ "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
+ }else{
+ return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
+ "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
+ }
}
static function explodeACL($acl)
{
}
static function explodeACL($acl)
{
- list($index, $type)= split(':', $acl);
+
+ $list= explode(':', $acl);
+ if(count($list) == 5){
+ list($index, $type,$member,$permission,$filter)= $list;
+ $filter = base64_decode($filter);
+ }elseif(count($list) == 4){
+ $filter = "";
+ list($index, $type,$member,$permission)= $list;
+ }else{
+ $permission = "";
+ $filter = "";
+ list($index, $type,$member)= $list;
+ }
+
$a= array( $index => array("type" => $type,
$a= array( $index => array("type" => $type,
+ "filter"=> $filter,
"members" => acl::extractMembers($acl,$type == "role")));
/* Handle different types */
"members" => acl::extractMembers($acl,$type == "role")));
/* Handle different types */
break;
default:
break;
default:
- print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
+ msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
$a= array();
}
return ($a);
$a= array();
}
return ($a);
if ($ms == $acl){
return $a;
}
if ($ms == $acl){
return $a;
}
- $ma= split(',', $ms);
+ $ma= explode(',', $ms);
/* Decode dn's, fill with informations from LDAP */
$ldap= $config->get_ldap_link();
foreach ($ma as $memberdn){
/* Decode dn's, fill with informations from LDAP */
$ldap= $config->get_ldap_link();
foreach ($ma as $memberdn){
+ // Check for wildcard here
$dn= base64_decode($memberdn);
$dn= base64_decode($memberdn);
- $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
+ if ($dn != "*") {
+ $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
+
+ /* Found entry... */
+ if ($ldap->count()){
+ $attrs= $ldap->fetch();
+ if (in_array_ics('gosaAccount', $attrs['objectClass'])){
+ $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+ } else {
+ $a['G:'.$dn]= $attrs['cn'][0];
+ if (isset($attrs['description'][0])){
+ $a['G:'.$dn].= " [".$attrs['description'][0]."]";
+ }
+ }
- /* Found entry... */
- if ($ldap->count()){
- $attrs= $ldap->fetch();
- if (in_array_ics('gosaAccount', $attrs['objectClass'])){
- $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+ /* ... or not */
} else {
} else {
- $a['G:'.$dn]= $attrs['cn'][0];
- if (isset($attrs['description'][0])){
- $a['G:'.$dn].= " [".$attrs['description'][0]."]";
- }
+ $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
}
}
- /* ... or not */
} else {
} else {
- $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
+ $a['G:*']= sprintf(_("All users"));
}
}
}
}
static function extractACL($acl)
{
/* Rip acl off the string, seperate by ',' and place it in an array */
static function extractACL($acl)
{
/* Rip acl off the string, seperate by ',' and place it in an array */
- $as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
- $aa= split(',', $as);
+ $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
+ $aa= explode(',', $as);
$a= array();
/* Dis-assemble single ACLs */
foreach($aa as $sacl){
/* Dis-assemble field ACLs */
$a= array();
/* Dis-assemble single ACLs */
foreach($aa as $sacl){
/* Dis-assemble field ACLs */
- $ao= split('#', $sacl);
+ $ao= explode('#', $sacl);
$gobject= "";
foreach($ao as $idx => $ssacl){
$gobject= "";
foreach($ao as $idx => $ssacl){
} else {
/* All other entries get appended... */
} else {
/* All other entries get appended... */
- list($field, $facl)= split(';', $ssacl);
+ list($field, $facl)= explode(';', $ssacl);
$a[$gobject][$field]= $facl;
}
$a[$gobject][$field]= $facl;
}
if($entry['type'] == "role"){
if(isset($this->roles[$entry['acl']])){
if($entry['type'] == "role"){
if(isset($this->roles[$entry['acl']])){
- $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
+ $summary.= sprintf(_("ACL role: %s"), $this->roles[$entry['acl']]['cn']);
}else{
}else{
- $summary.= sprintf(_("Role: %s"), "<i>"._("Unknown role, possibly removed")."</i>");
+ $summary.= sprintf(_("ACL role: %s"), "<i>"._("unknown ACL role")."</i>");
}
}else{
foreach ($entry['acl'] as $name => $object){
}
}else{
foreach ($entry['acl'] as $name => $object){
}
}
}
}
+
/* Summarize members */
/* Summarize members */
- if ($summary != ""){
- $summary.= ", ";
- }
- if (count($entry['members'])){
- $summary.= _("Members:")." ";
- foreach ($entry['members'] as $cn){
- $cn= preg_replace('/ \[.*$/', '', $cn);
- $summary.= $cn.", ";
+ if(!($this instanceOf aclrole)){
+ if ($summary != ""){
+ $summary.= ", ";
+ }
+ if (count($entry['members'])){
+ $summary.= _("Members").": ";
+ foreach ($entry['members'] as $cn){
+ $cn= preg_replace('/ \[.*$/', '', $cn);
+ $summary.= $cn.", ";
+ }
+ } else {
+ $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
}
}
- } else {
- $summary.= _("ACL is valid for all users");
}
}
-
return (preg_replace('/, $/', '', $summary));
}
return (preg_replace('/, $/', '', $summary));
}
/* New entry gets presets... */
if ($new){
$this->aclType= 'base';
/* New entry gets presets... */
if ($new){
$this->aclType= 'base';
+ $this->aclFilter= "";
$this->recipients= array();
$this->aclContents= array();
} else {
$acl= $this->gosaAclEntry[$this->currentIndex];
$this->aclType= $acl['type'];
$this->recipients= $acl['members'];
$this->recipients= array();
$this->aclContents= array();
} else {
$acl= $this->gosaAclEntry[$this->currentIndex];
$this->aclType= $acl['type'];
$this->recipients= $acl['members'];
- $this->aclContents= $acl['acl'];
+ $this->aclContents= (isset($acl['acl'])) ? $acl['acl'] :"";
+ $this->aclFilter= $acl['filter'];
}
$this->wasNewEntry= $new;
}
$this->wasNewEntry= $new;
{
/* Assemble ACL's */
$tmp_acl= array();
{
/* Assemble ACL's */
$tmp_acl= array();
+
foreach ($this->gosaAclEntry as $prio => $entry){
$final= "";
$members= "";
foreach ($this->gosaAclEntry as $prio => $entry){
$final= "";
$members= "";
}
/* ACL's if needed */
}
/* ACL's if needed */
+ $final.= ":";
if ($entry['type'] != "reset" && $entry['type'] != "role"){
if ($entry['type'] != "reset" && $entry['type'] != "role"){
- $acl= ":";
+ $acl = "";
if (isset($entry['acl'])){
foreach ($entry['acl'] as $object => $contents){
if (isset($entry['acl'])){
foreach ($entry['acl'] as $object => $contents){
$final.= preg_replace('/,$/', '', $acl);
}
$final.= preg_replace('/,$/', '', $acl);
}
+ /* Append additional filter options
+ */
+ if(!empty($entry['filter'])){
+ $final .= ":".base64_encode($entry['filter']);
+ }
+
$tmp_acl[]= $final;
$tmp_acl[]= $final;
- }
+ }
/* Call main method */
plugin::save();
/* Call main method */
plugin::save();
new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
- show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
+ }
/* Refresh users ACLs */
$ui= get_userinfo();
$ui->loadACL();
/* Refresh users ACLs */
$ui= get_userinfo();
$ui->loadACL();
- $_SESSION['ui']= $ui;
+ session::global_set('ui',$ui);
}
}
{
return (array(
"plShortName" => _("ACL"),
{
return (array(
"plShortName" => _("ACL"),
- "plDescription" => _("ACL")._("Access control list").")",
+ "plDescription" => _("ACL")." ("._("Access control list").")",
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
"plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
"objectClass" => array("gosaAcl","gosaRole"))),
"plProvidedAcls"=> array(
"plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
"objectClass" => array("gosaAcl","gosaRole"))),
"plProvidedAcls"=> array(
- "cn" => _("Role name"),
- "description" => _("Role description"))
+ "gosaAclEntry" => _("ACL Entries")
+ )
));
}
));
}
/* Remove acls defined for $src */
function remove_acl()
{
/* Remove acls defined for $src */
function remove_acl()
{
- $this->remove_acl_for_dn($this->dn);
+ acl::remove_acl_for($this->dn);
}
/* Remove acls defined for $src */
}
/* Remove acls defined for $src */
- function remove_acl_for_dn($src = "")
- {
- if($src == ""){
- $src = $this->dn;
- }
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
- while($attrs = $ldap->fetch()){
- $acl = new acl($this->config,$this->parent,$attrs['dn']);
- foreach($acl->gosaAclEntry as $id => $entry){
- foreach($entry['members'] as $m_id => $member){
- if($m_id == "U:".$src){
- unset($acl->gosaAclEntry[$id]['members'][$m_id]);
- gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
- }
- if($m_id == "G:".$src){
- unset($acl->gosaAclEntry[$id]['members'][$m_id]);
- gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
- }
- }
+ static function remove_acl_for($dn)
+ {
+ global $config;
+
+ $ldap = $config->get_ldap_link();
+ $ldap->cd($config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
+ $new_entries= array();
+ while($attrs = $ldap->fetch()){
+ if (!isset($attrs['gosaAclEntry'])) {
+ continue;
+ }
+ unset($attrs['gosaAclEntry']['count']);
+
+ // Remove entry directly
+ foreach($attrs['gosaAclEntry'] as $id => $entry){
+ $parts= explode(':',$entry);
+ $members= explode(',',$parts[2]);
+ $new_members= array();
+ foreach($members as $member) {
+ if (base64_decode($member) != $dn) {
+ $new_members[]= $member;
+ } else {
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
+ }
+ }
+
+ /* We can completely remove the entry if there are no members anymore */
+ if (count($new_members)) {
+ $parts[2]= implode(",", $new_members);
+ $new_entries[]= implode(":", $parts);
+ }
+ }
+
+ // There should be a modification, so write it back
+ $ldap->cd($attrs['dn']);
+ $new_attrs= array("gosaAclEntry" => $new_entries);
+ $ldap->modify($new_attrs);
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
}
}
- $acl -> save();
}
}
}
}
+
function update_acl_membership($src,$dst)
{
$ldap = $this->config->get_ldap_link();
function update_acl_membership($src,$dst)
{
$ldap = $this->config->get_ldap_link();
$acl -> save();
}
}
$acl -> save();
}
}
+
+
+ // We are only interessted in our own acls ...
+ function set_acl_category($category)
+ {
+ plugin::set_acl_category("acl");
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: